Don’t worry … it’s really quit simple. If you can use FTP (File Transfer Protocol), you can handle this bit of server management. Depending on the exact problem, we might instruct you to free up space by removing files in one of the following directories:

• /var/log
• /usr/local/cpanel
• /usr/local/apache/logs
• /usr/local/apache/domlogs

The reason these directories are usually overlooked is because they are not accessible by normal FTP users — users who only upload website content. When you upload website content to the server via FTP, the FTP user is limited to the directory structure for that website. Directories starting with “/var” and “/usr” cannot be accessed by these non-root users (The “root” user can access anything). And while root is a powerful user, for the sake of security, it is not normally allowed to log in over FTP because FTP is not secure … That’s where SFTP (Secure File Transfer Protocol) comes in.

Most FTP clients support SFTP, so you don’t have to learn a new environment to securely access any file on the server. Every FTP client is different, but I’ll illustrate with FileZilla because it’s free and available on Mac, Windows and Linux. If you don’t already have an FTP client, I highly recommend FileZilla. Because there are a few ways to use FileZilla to get an SFTP connection, I can share different options for you to try:

Quick Connect

The Quick Connect bar is the quickest way to connect to your server. Start FileZilla and look immediately under the toolbar for the Quick Connect bar:

Enter the hostname (IP address or domain name), “root” in the Username field, the root password in the Password field, and “22″ in the port field. Remember, port 22 is for SFTP, the same as SSH. Click the Quickconnect button to connect.

Using the Site Manager

The Site Manager lets you save your login details. Start FileZilla and you’ll see the following:

To open the Site Manager, click the left-most icon in tool bar or go to File >> Site Manager in the menu.

Enter an IP address or domain name for your server in the Host field, and select “SFTP” as your protocol. You’ll enter the root user’s login information, and you’re ready to connect by clicking the “Connect” button or you can click the “OK” button to save and close the dialog box.

If you just saved your settings and the Site Manager is not open, click the Site Manager icon again. From there, you can select the site under the “Select Entry” box, and you just have to click “Connect” to initiate the SFTP connection with your saved settings.

If you see a pop-up that warns of an “Unknown host key,” clicking the “Always trust this host, add this key to the cache” option will prevent this interruption from showing in the future. Once you click “OK” to complete the connection, your FileZilla screen should look like this:

Notice the “Remote site” section on the middle right of the FileZilla screen:

This area in FileZilla is the directory and file listing of the server. Navigate the server’s file structure here, and click “/” to access the top of the folder structure. You should see the “/usr” and “/var” directories, and you can explore the filesystem to delete the files technical support recommended to create space!

Message Log

If you have a problem connecting to your server by FTP or SFTP, the open area below the Quickconnect bar is the Message Log. If you can copy and paste this text into a ticket, you’ll help technical support troubleshoot your connection problems. Below is an example log of a successful FTP session:

Status: Connecting to server.example.com...
Response:   fzSftp started
Command:    open "root@server.example.com" 22
Command:    Trust new Hostkey: Once
Command:    Pass: **********
Status: Connected to server.example.com
Status: Retrieving directory listing...
Command:    pwd
Response:   Current directory is: "/root"
Command:    ls
Status: Listing directory /root
Status: Calculating timezone offset of server...
Command:    mtime ".lesshst"
Response:   1326387703
Status: Timezone offsets: Server: -21600 seconds. Local: -21600 seconds. Difference: 0 seconds.
Status: Directory listing successful

And here’s an example of a failed connection:

Status: Resolving address of example.com
Status: Connecting to 192.0.43.10:21...
Error:  Connection timed out
Error:  Could not connect to server
Status: Waiting to retry...
Status: Resolving address of example.com
Status: Connecting to 192.0.43.10:21...
Error:  Connection attempt interrupted by user

If you have any questions, leave them in a comment below. Enjoy your new-found SFTP powers!

-Lyndell

Move wp-config.php

The first thing I do is change the location of my wp-config.php. By default, it’s installed in the WordPress parent directory. If the config file is in the parent directory, it can be viewed and accessed by Apache, so I move it out of web/root. Because you’re changing the default location of a pretty significant file, you need to tell WordPress how to find it in wp-load.php. Let’s say my WordPress runs out of /webroot on my host … I’d need to make a change around Line 26:

if ( file_exists( ABSPATH . 'wp-config.php') ) {
 
        /** The config file resides in ABSPATH */
        require_once( ABSPATH . 'wp-config.php' );
 
} elseif ( file_exists( dirname(ABSPATH) . '/wp-config.php' ) && ! file_exists( dirname(ABSPATH) . '/wp-settings.php' ) ) {
 
        /** The config file resides one level above ABSPATH but is not part of another install*/
        require_once( dirname(ABSPATH) . '/wp-config.php' );

The code above is the default setup, and the code below is the version with my subtle update incorporated.

if ( file_exists( ABSPATH . 'wp-config.php') ) {
 
        /** The config file resides in ABSPATH */
        require_once( ABSPATH . '../wp-config.php' );
 
} elseif ( file_exists( dirname(ABSPATH) . '..//wp-config.php' ) && ! file_exists( dirname(ABSPATH) . '/wp-settings.php' ) ) {
 
        /** The config file resides one level above ABSPATH but is not part of another install*/
        require_once( dirname(ABSPATH) . '../wp-config.php' );

All we’re doing is telling the application that the wp-config.php file is one directory higher. By making this simple change, you ensure that only the application can see your wp-config.php script.

Turn Down Access to /wp-admin

After I make that change, I want to turn down access to /wp-admin. I allow users to contribute on some of my blogs, but I don’t want them to do so from /wp-admin; only users with admin rights should be able to access that panel. To limit access to /wp-admin, I recommend the plugin uCan Post. This plugin creates a page that allows users to write posts and submit them within your theme.

But won’t a user just be able to navigate to http://site.com/wp-admin? Yes … Until we add a simple function to our theme’s functions.php file to limit that access. At the bottom of your functions.php file, add this:

############ Disable admin access for users ############

add_action('admin_init', 'no_more_dashboard');
function no_more_dashboard() {
  if (!current_user_can('manage_options') && $_SERVER['DOING_AJAX'] != '/wp-admin/admin-ajax.php') {
  wp_redirect(site_url()); exit;
  }
}
 
###########################################################

Log in as a non-admin user, and you’ll get redirected to the blog’s home page if you try to access the admin panel. Voila!

Start Securing the WordPress Database

Before you go any further, you need to look at WordPress database security. This is the most important piece in my opinion, and it’s not just because I’m a DBA. WordPress never needs all permissions. The only permissions WordPress needs to function are ALTER, CREATE, CREATE TEMPORARY TABLES, DELETE, DROP, INDEX, INSERT, LOCK TABLES, SELECT and UPDATE.

If you run WordPress and MySQL on the same server the permissions grant would look something like:

GRANT ALTER, CREATE, CREATE TEMPORARY TABLES, DELETE, DROP, INDEX, INSERT, LOCK TABLES, SELECT, UPDATE ON <DATABASE>.* TO <USER>@'localhost' IDENTIFIED BY '<PASSWORD>';

If you have a separate database server, make sure the host of the webserver is allowed to connect to the database server:

GRANT ALTER, CREATE, CREATE TEMPORARY TABLES, DELETE, DROP, INDEX, INSERT, LOCK TABLES, SELECT, UPDATE ON <DATABASE>.* TO <USER>@'<ip of web server' IDENTIFIED BY '<PASSWORD>';

The password you use should be random, and you should not need to change this. DO NOT USE THE SAME PASSWORD AS YOUR ADMIN ACCOUNT.

By taking those quick steps, we’re able to go a long way to securing a default WordPress installation. There are other plugins out there that are great tools to enhance your blog’s security, and once you’ve got the fundamental security updates in place, you might want to check some of them out. Login LockDown is designed to stop brute force login attempts, and Secure WordPress has some great additional features.

What else do you do to secure your WordPress sites?

-Lee

I started thinking about the amazing speed with which we access information when I met with CTO Duke Skarda. He gave a few examples of our customers that piqued his interested, given to the innovative nature of their business, and one in particular made me realize how far we’ve come when I considered the availability and speed of our access to information:

The company facilitated advertisements on the Internet by customizing the advertising experience to each visitor by auctioning off ad space to companies that fit that particular visitor’s profile. In the simplest sense, a website has a blank area for an advertisment, the site sends non-sensitive information about the visitor to an advertising network. The advertising network then distributes that information to multiple advertisers who process it, generate targeted ads and place a bid to “purchase” the space for that visitor. The winner of the auction is determined, and the winner’s ad would be populated on the website.

All of this is done in under a second, before the visitor even knows the process took place.

We live in a time of instant access. We are only limited by the speed of light, a blazing 186,282.4 miles/second. That means you could, theoretically, send a message around the world in .03 milliseconds. Businesses use this speed to create and market products and services to the global market, I can’t wait to see what tomorrow holds … Maybe some kind of technology that prevents screwdrivers from piercing hands?

-Clayton

Accessing Desktop Apps Anytime, Anywhere, from Any Device

The computing world is changing rapidly – driven by the consumerization of applications, the demands for employees to be in an “always on” mode, and the revolution of mobile computing. End users have become App savvy and with the advent of the “there’s an app for that” generation applications that have become very easy for end users to install and run on their own. The computing platforms they use have become self-service in nature and new applications are now easy to find and no longer require IT to research, purchase, install, and manage. In fact, IT departments have lost control over what applications run on these devices posing a huge support problem and security threat.

In today’s economy organizations demand their employees to do more with smaller staffs forcing employees to be “always on” with e-mail and other work data now delivered to their desktops, smart phones, tablets, and home computers. People on average now access work data and applications from three devices with new choices of mobile devices available almost daily.

VDI Sticker Shock – With all of these changes many IT departments have considered virtual desktops as a solution to provide access to multiple platforms, remote access, and secured network stored data. Consultants and vendors have been trying to sell organizations virtual desktops as VDI, but most organizations suffer from sticker shock facing huge start-up costs and little or no economies of scale. Most organizations fail to see any potential ROI with VDI solutions and end up tabling the decision for next year’s budget.

Hosted Virtual Desktops – Hosted virtual desktops are cloud desktop services provided in the cloud by a service provider. Unlike typical VDI deployments, with these cloud desktop services, all of the infrastructure is provided by the service provider, and the client organization can purchase virtual desktops as they need them and are not subject to uncontrolled costs or continually expanding infrastructure.

Hosted virtual desktops are purchased from the service provider as a simple operations expense that can be budgeted as a per user per month cost and can even reduce their overall costs of Microsoft licensing and data storage compared to more expensive VDI solutions. Beyond the infrastructure cost benefits, the cloud desktop services provider centrally manages these virtual desktops – including mundane tasks like Windows and anti-virus updates. With the expertise of managing thousands of virtual desktops for many clients, a cloud desktop service provider delivers a consistent end user experience and a very high quality of service. These cloud desktop services are then accessed anytime, anywhere, and from any device. Outsourced desktop management is also a considerable cost savings to organizations that varies based on their internal support structure.

Bring your Own Device, BYOD/BYOC – Many organizations have considered “bring your own device/computer” programs as an employee benefit. BYO programs allow employees to select their own computing device or bring their own computer to work while accessing their employer’s supported desktop environment, applications and data through use of a virtual desktop.

Some of these programs have been driven from the top by executives who want to access corporate resources from their iPad or other personal device. Other BYO programs have been developed to attract and retain technically astute employees by giving these employees a choice of computing platforms as an employee benefit for hiring the brightest and most qualified and sought after job candidates. And some BYO programs exist to essentially create a controlled, secured, and legitimate way to allow employees to connect to their corporate resources without having employees’ rogue devices accessing the network.

Just as with any virtual desktop solution, hosted virtual desktops are often a better approach than VDI. ICC Global Hosting has worked with Citrix to provide a Hosted BYO program which specifically provides a service for quick BYOD proof of concepts or smaller scale BYOD deployments. These cloud desktop services are then delivered to virtually any device including PCs, Macs, thin clients, iPads, iPhones, Android tablets and phones, and other mobile devices.

Virtual Desktops on SoftLayer’s CloudLayer Platform – SoftLayer recently announced the availability of cloud desktop services managed by ICC Global Hosting. This partnership combines the scalability and security of SoftLayer’s CloudLayer Platform with ICC Global Hosting’s hosted virtual desktop expertise.

SoftLayer clients benefit from the enhanced performance and security of applications running along with hosted virtual desktops on the CloudLayer Platform. This solution lets clients obtain the all the features and benefits of VDI without the overhead and headaches of VDI. Organizations may now access cloud desktop services Anytime, Anywhere, and from Any Device with ICC and SoftLayer.

-Mark Moeller, ICC Global Hosting

As if our cutting-edge management portal and API weren’t enough, SoftLayer offers complimentary VPN access to the private network. This often-underestimated feature allows you to integrate your SoftLayer private network into your personal or corporate LAN, making it possible to access your servers with the same security and flexibility that a local network can offer.

Let’s look at a few of the many ways you can take advantage of your VPN connection:

1. Unmetered Bandwidth

Unlike the public network that connects your servers to the outside world, the traffic on your private network is unlimited. This allows you to transfer as much data as you wish from one server to another, as well as between your servers and SoftLayer’s backup and network storage devices – all for free.

When you use the VPN service to tap into the private network from your home or office, you can download and upload as much data as you want without having to worry about incurring additional charges.

2. Secure Data Transfer

Because your VPN connection is encrypted, all traffic between you and your private network is automatically secure — even when transferring data over unencrypted protocols like FTP.

3. Protect Sensitive Services

Even with strong passwords, leaving your databases and remote access services exposed to the outside world is asking for trouble. With SoftLayer, you don’t have to take these risks. Simply configure sensitive services to only listen for connections from your private network, and use your secure VPN to access them.

If you run Linux or BSD, securing your SSH daemon is as easy as adding the line ListenAddress a.b.c.d to your /etc/ssh/sshd_config file (replace a.b.c.d with the IP address assigned to your private network interface)

4. Lock Down Your Server in Case of Emergency

In the unfortunate event of a security breach or major software bug, SoftLayer allows you to virtually “pull the plug” on your server, effectively cutting off all communication with the outside world.

The difference with the competition? Because you have a private network, you can still access your server over the VPN to work on the problem – all with the peace of mind that your server is completely off-limits until you’re ready to bring it back online.

5. Remote Management

SoftLayer’s dedicated servers sport a neat IP management interface (IPMI) which takes remote management to a whole new level. From reboots to power supply control to serial console and keyboard-video-mouse (KVM) access, you can do anything yourself.

Using tools like SuperMicro’s IPMIView, you can connect to your server’s management interface over the VPN to perform a multitude of low-level management tasks, even when your server is otherwise unreachable. Has your server shut itself off? You can power it back on. Frozen system? Reboot from anywhere in the world. Major crash? Feeling adventurous? Mount a CD-ROM image and use the KVM interface to install a new operating system yourself.

This list is just the beginning. Once you’ve gotten a taste of the infinite possibilities that come with having out-of-band access to your hosted environment, you’ll never want to go back.

Now, go have some fun!

-Nick

I gathered all the netblocks assigned to Egypt (currently around 5.8 million unique IPv4 IP addresses), and I queried our customer portal access logs and API for records of those IPs. We saw a massive drop on 1/28/2011. This coincides with reports on most major news networks that Egypt’s Internet access had been crippled. Prior to the January 28, the traffic was fairly typical.

Then this happened:

Between January 28 and February 2, about 0.2% of the traffic we normally see from Egypt reached our network. That means 99.8% of traffic was stifled by the network shutdowns.

As the Wall Street Journal reported yesterday, the Egyptian government restored Internet service, and our logs clearly corroborate that report.

-Jason

GigaOm makes the point that new capacity in these markets, coupled with the happy marriage of wireless network and cheap handsets will continue to drive growth, pointing to some crazy stats on mobile social networking in India. It is estimated that 72 million Indians (that is only 6% of the estimated population in 2008) will be mobile social network users. What about China? Indonesia? Pretty soon we are considering some big numbers.

GigaOm is correct when talking about low cost devices as the availability of low cost devices has proven a key driver in other markets as well. Think about how traffic patterns have changed in North America in the past ten years given a) the ubiquity of network on the wide area and in the metro (Cable, DSL, FTTH, Fiber to the Node, 3G, 4G etc) and b) the relatively low device cost. At $229, I can get a Netbook from Best Buy for less money that I shelled out for 4 MEG of RAM for my 386 in 1993. For $0 I can get a mobile phone that will put me on the internet. Access to technology drives traffic.

The cool part is that these new users are going to drive an incredible amount of development work across the globe. There will be another Facebook and another Twitter – I think that it just a matter of time. Even cooler is the fact that Softlayer gets to play in the sandbox as well.

-@quigleymar

Enter KVM over IP. (Also known as Keyboard-Video-Mouse)

Yes boys and girls, this wonderful feature provided on all mid to high-performance multi-core servers can be your best friend in a time of need. While on a routine support call, a customer of mine stated the server was blocking not only himself but a lot of his customers. I kept a level head and told him it was no problem. He paused for a moment then let me know just how big a deal it was, while he was explaining I promptly used the KVM to login to his server and shutdown the firewall. All of a sudden he stopped talking and said “It’s working!”, “What did you do?” I explained to him how KVM works just as if you were hooking up a console to your server, and can be used even if your public Ethernet cable is unplugged. I went on to show him where it was in his home portal and how all of this was given to him for free. Also I explained the issue had been fixed from my desk without ever having access to either the public or private ports on his server. The customer had never heard of such a feature and was amazed at how easy it was to use.

The beauty of KVM over IP is it removes the one thing many server owners dread, not being able to be in the data center when issues arise with their standard connection methods (RDP, SSH). With KVM over IP we are giving the customer a solution to that problem. Via KVM you can login to the management interface card, which in most cases resides on an entirely different network, and within seconds you will have access to your terminal as if you were standing right there in the datacenter!!! Not only can you connect to your server, you can manually power it on/off and also reboot your server all within the same management screen. Beyond server access you can monitor temperature readings as well as fan speeds in the server. The KVM card is a HUGE tool in any Softlayer customers’ toolbox and one that we in the Operations Team use often.

Here at Softlayer we are always thinking about how to make your business easier to run, whether it be implementing global services such as CDN, or making sure our customers have basic access to their server in the event of a crisis. Since starting my career here at Softlayer and learning of the KVM feature I’ve made it a point to inform the customer of the KVM interface along with all features that are offered to them (and believe me they never stop coming!) so be sure and check our announcements page because you never know what we will come out with next!

-Romeo

After giving the smoke a few minutes to clear out, and my heart a few beats to find its way out of my throat and back into my chest, I got out and looked under the hood. Not because I know anything about what makes a car tick, but because looking under hoods is what guys do. Especially when people are watching. In fact, another guy nearby came over and looked under the hood too. And as soon as he opened his mouth I realized that like me, he was only looking under the hood because that is what guys do in these situations.

“I don’t think your battery is supposed to have a big crack down the middle like that,” he said to me.

“Me neither,” I mumbled. I suppressed the urge to ask Mr. Obvious where he went to automotive school.

“You try it again?” he asked me.

For a second I thought he was joking. Then I realized he wasn’t and more importantly that I didn’t have any better ideas. So I hunted around the engine block until I found where the top of the battery case had been propelled, just sort of laid it over the smoking remnants of the battery, then slid back into the car and tried the key. It didn’t start. When I turned the key all the lights came on, all the dials and gauges swung wildly from side to side, and then everything went dark. Lights out. I tried again. But this time there weren’t even any lights. My sporty Mazda 6 might as well have turned into a pumpkin for all the good it was going to be getting me home. So much for zoom, zoom, zoom.

“You might need to call for a tow,” said Nostradamus now standing by my car window with his hands in his pockets.

“Thanks again,” I said unenthusiastically, “I got it from here.” I hoped he’d take the hint.

He did.

I waited till I saw him drive off then tried the key one more time. Nothing. So I broke down and called the towing service. Rather than calling a friend or a taxi, I opted to walk the two miles home from the drug store. During which I had some time to think. It occurred to me that the idea I might start up my car and drive it to the nearest shop for diagnostics after it just got done blowing up in my face was pretty outlandish. And yet, that is exactly what we offer with the servers we sell at SoftLayer.

Lights Out Management (LOM) or Out Of Band Management (OOB) as it is sometimes called is a feature we include with all of our servers at SoftLayer. If you’re a current customer, you have probably noticed the “management ip address” noted for your servers in our portal. That’s exactly what I’m referring to. And while LOM is the stuff of science fiction in automobiles, in our world class servers it’s a reality. That’s right, with our OOB offerings you can:

• Cycle the power on a server even if the operating system has crashed, locked, or otherwise blown up.
• Start up a dead server with the push of a button.
• Get critical readings of system health indicators like processor temperature and fan speeds, regardless of what operating system or software you have installed on that server.
• Manipulate system BIOS and perform diagnostics remotely with full video, keyboard, and mouse support.
• And a whole slew of other things that will make your life much much easier.

In essence, SoftLayer’s OOB management features are the next best thing to driving to one of our data centers and plugging a keyboard into your server. Maybe even better, since you don’t have to fight the traffic. It’s the sort of thing a system administrator dreams of. The sort of thing that sets SoftLayer apart from the myriad of other hosting companies out there.

As for my car, two days and two hundred dollars later it was back in my driveway. Apparently the mechanic who worked on my vehicle went to the same school of engineering as the Good Samaritan who provided me so much insight two days prior. The diagnosis, according to the invoice, was: cracked battery. Then just to give me a warm and fuzzy written in big block letters at the bottom of the page was:

IF THIS HAPPENS AGAIN BRING IT BACK IN

I can’t wait till the automotive industry catches up to SoftLayer.

-William