Category Archives: News

WEB HOSTING 101

Starting last week we decided to launch a series of posts, here and on social media, regarding the basics of web hosting. We understand how confusing it might be, especially for the folks out there with limited technical understanding, to try and figure out what type of hosting they need for their website or what are the advantages and disadvantages.

Today’s topic is… VPS!

What is a VPS?

Short for Virtual Private Server, a VPS could be defined as a space on a server that has the characteristics of an entire server. A virtual hosting server holds it’s personal operating system, applications, resources and configurations, all of these contained in a single powerful server. Each server can have multiple VPS accounts on it.

Who uses VPS?

This type of hosting is generally used by people who have more traffic on their websites and shared hosting doesn’t suit them anymore. 

Also useful if you require to host your own services, such as: VoIP, XMPP or other services.

Advantages of VPS

It is a cost-effective option, compared to a dedicated server, for example.

You get to run your own configuration and services that might not work on shared hosting.

Fully managed services.

Good security, since your VPS is separated from other users, located on the same server.

Disadvantages of VPS

Configuring the server requires more technical experience.

Maintenance of services has to be done by yourself.

More expensive than shared hosting.

*A pro tip

Preboot encryption on a VPS is pointless as the RAM that contains your encryption key can be easily read.

If you want increased security we suggest a dedicated server.

So what do you think? Is a VPS the right choice for you?

Check out our VPS options at: https://billing.flokinet.is/index.php?rp=/store/virtual-private-server-iceland

A reached NEW STAGE: ICELAND

Our location in Iceland is how we always wanted a hosting location to be. Green energy, free natural cooling and great laws when it comes to privacy. But we always missed one thing that has become so important in the recent years: DDoS protection.

No DDoS protection was available and the setups we did for our customers could only be archived by expensive solutions only large budgets could afford. Not ideal, of course. Then, the following question arose: what if a customer with a small budget would be looking for a green hosting provider while also having privacy and security (like fridaysforfuture.org, for example) ?

As our Iceland location was growing we were searching for options to solve the problem. In the third quarter of 2020 we started to perform tests with filter options of traffic from one of our POPs in Amsterdam to avoid a delay in traffic routing and in the forth quarter we finished all major setups.

We think it should not be a matter of your budget to have DDoS protection. No one should be able to take down your project with a DDoS attack because you lack the resources to fight it.

That is why we include now free DDoS protection at our Iceland location.

With this update, more hardware options are coming. The specifications are the same as in Romania but come with an improved L7 filter (Beta). 

Another topic of importance regarding our upgrade in Iceland was the request for hardware at a lower price. While Iceland is, in general, not a low budget location, we wanted to explore options to lower the price for dedicated servers. For this we set up several blade centers so you can now get in Iceland the G7 and G8 blades that we usually offer in Romania.

More security was also one of our goals when the update was thought out. Our KVM network in Iceland is now secured behind a VPN to ensure an extra layer of security and that all data you enter is transmitted securely.

A short FAQ for you:

Q: Do I have to do anything to activate the protection?

A: There is nothing you need to do from your side, our DDoS sensor will detect any attack and filter the traffic before it reaches your server. Please keep in mind that such protection will just cover 99% and you still have to make sure your website and server is optimized to withstand attacks.

Q: Is Layer 7 protection included?

A: Yes, it is included. However, you will have to provide us your one year valid SSL certificate so we can install it into the filter. In our Beta setup, this is no longer required but it is not available yet for all customers.

Q: Can I have a personalized setup with optimized rules for my application?

A: Yes this is possible, please contact our support team for an offer.

Safer Internet Day

Let’s celebrate Safer Internet Day by… staying safe on the Internet! Here’s how you can protect yourself and your data in today’s digital times. 

1. Keep your device up to date. Don’t delay updates, install them as soon as possible. Your device is only secured once an update is installed and, if required, the device is restarted. The same for software that you have installed on your device: check regularly if you still need it and if not, remove it; also, it is important to keep in mind that you shouldn’t use software which is no longer updated.

2. Before you buy a device check for how long you will still receive updates. Older devices might not get any new security updates or a low budget provider might not even provide updates at all.

Your device doesn’t support the new version of Windows or Android or iOS? You can still use your old PC by installing Linux which requires less resources than Windows. For example, use Linux Mint on your old laptop and consider exchanging your old hard drive to a SSD.

As for mobile devices, you can install the LineageOS Android Distribution operating system (https://lineageos.org/) on older Android devices to still receive updates.

3. Use strong passwords. Many online users still use easy to guess passwords like “123456“,or  „password“ and this could seriously put their data at risk. For references and a laugh, see the following link: (https://www.pcmag.com/news/2020s-most-common-passwords-are-laughably-insecure)

Use a password manager like KeePass (https://keepass.info) for Windows or KeePass for Linux (https://www.keepassx.org/) so you can create a strong, unguessable password with a single click. Also, remember not to use a password twice.

4. Use two-factor authentication. You can enable on most services two-factor authentication. For example, with the help of a yubikey (a hardware authentication device manufactured by Yubico to protect access to computers, networks, and online services) or by using any software based tool like OTP for Android or SAASPASS for Iphone.

5. Check if one of the websites you are using got hacked and your data got leaked online on https://haveibeenpwned.com/

6. Backups. Imagine now, in this moment, that your hard drive breaks. Do you have a backup? Windows, Linux and also Mac have build in backup software to backup your device. You can also use a FlokiNET VPS or dedicated server to install Nextcloud and backup your data in your own secure cloud.

7. Safe browsing. You can use UBlock Origin to block ads in Firefox (https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/) and Chrome based browser (https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en).

You like Chrome but don’t want to use Google Chrome for privacy reasons? Then move to Brave (https://brave.com) with built in Adblocker (downside: not as strong as Ublock Origin) and Tor browser. For real privacy we suggest to use the Tor browser (https://www.torproject.org/download/).

You can also block ads in your whole network by using Pi-Hole, a Linux advertisement and Internet tracker blocking application (https://pi-hole.net/).

8. Hide your identity and IP. Anonymity can protect you and your family from online threats. The Tor browser is a good way to stay anonymous (https://www.torproject.org/download/) or using a VPN like https://vpn.ac which can be easily installed on your router to tunnel all traffic through a VPN. This includes the option to filter ads and malware by DNS blocking (https://vpn.ac/announcements/60/Introducing-new-feature-DNS-filtering.html).

Stay safe on the Internet!

Penetration Testing with FlokiNET

What’s penetration testing?

Penetration testing is all about evaluating your application’s security before malicious attackers do.

Understood, but why do I need that?

Well, it sucks to get hacked. Nobody likes losing revenue because somebody leaks your customer data on pastebin.com. Such an attack doesn’t only destroy the trust relationship to your clients but could also lead to serious GDPR fines.

Okay, but how are you testing then?

It depends on your environment, our international team can provide you with:

Do you’ve a testing methodology?

Yep! Our web application and API penetration tests focus on the OWASP Top 10 and the OWASP Application Security Verification Standard (ASVS), a detailed methodology can be provided on request.

Sounds good, but I heard hiring penetration testers is damn expensive?

That’s the reason why we’re doing it differently, you only pay if we find something. Furthermore existing FlokiNET clients get a 10% discount! Better get in touch soon, our capacity is limited! Contact us on info@flokinet.is or create a ticket.

New look with new services!

As you might have noticed already, we’ve redesigned our website & services! Now we’re not only offering state of the art hosting with great deals but also a lot more:

  • Tor hosting – host your website as a hidden service on the Tor network!
  • Penetration Testing – nobody likes to get hacked, test the security of your online shop, cryptocurrency exchange or company infrastructure!
  • Operational Security Consulting – train your staff to prevent social engineering attacks, install secure communication systems for your company or get your hidden service tested.
  • AutoScan – you’re running a popular CMS like WordPress, Drupal, Joomla? We’ll be running continuous scans to check if you’re vulnerable!
  • Web Design – Tired of looking at your boring website? Let’s build a new one with a fancy responsive design and SEO optimizing!

Don’t forget, you can reach us anytime at info@flokinet.is or open a ticket, if you’ve questions!

 

Bitcoin and other Cryptocurrencies

Bitcoin is a form of digital currency, created and held electronically. No one controls it. Bitcoins aren’t printed, like dollars or euros – they’re produced by people, and increasingly businesses, running computers all around the world, using software that solves mathematical problems.

 

Why i should use Bitcoin?

Bitcoin enables to option to pay fast and secure and without beeing limited by your bank or payment provider. Keep in mind that often payment provider doesent like Freedom of Speech and anonymity and block these kind of services from there network.

Some Payment Provider for example do not allow to pay for anonymous services or block the usage of VPN or Tor. These limits are not existing with Bitcoin.

1. It’s decentralized

The bitcoin network isn’t controlled by one central authority. Every machine that mines bitcoin and processes transactions makes up a part of the network, and the machines work together.

2. It’s easy to set up

Conventional banks make you jump through hoops simply to open a bank account. A Bitcoin Wallet can be created within 1 minute, no papers needed.

3. It’s anonymous

Well, kind of. Users can hold multiple bitcoin addresses, and they aren’t linked to names, addresses, or other personally identifying information. However…

4. It’s completely transparent

…bitcoin stores details of every single transaction that ever happened in the network in a huge version of a general ledger, called the blockchain.

If you have a publicly used bitcoin address, anyone can tell how many bitcoins are stored at that address. They just don’t know that it’s yours.

There are measures that people can take to make their activities more opaque on the bitcoin network, though, such as not using the same bitcoin addresses consistently, and not transferring lots of bitcoin to a single address. You can also use so called Bitcoin Mixer services.

5. Transaction fees are small

Your bank may charge you a 10 Euro fee for transfers.

Bitcoin doesn’t. There is a so called mining fee but this is most not more then a few cents (depending on the size of your transaction)

6. It’s fast

You can send money anywhere and it will arrive minutes later, as soon as the bitcoin network processes the payment.

The Bitcoin.org info page gives a short overview what you need to know.

For a short overview how it works you should look here

 

Wallets

The first thing you need is a wallet. You can get the standard Bitcoin Core or other wallets from the offical bitcoin.org website.

Besides that you can use online wallets:

Blockchain

A overview you can find here and here

Keep in mind that online walllets are never under your full control so you should not store large sums there for a longer time online.

Always backup your wallet in case you use a local Bitcoin wallet!

 

There are also hardware wallets existing, for example:

ledgerwallet.com

trezor.io

Exchanger:

To load your wallet with coins you need to buy them.

We list some exchangers per group so you can easy find a fitting exchanger.  A complete overview you can find here

Europe and US

Bitstamp

Bitcoin.de

Cex.io

BTC-E (also Russia and China)

Coinbase

Kraken

Bitbargain

South America:

mercadobitcoin.com.br

Foxbit

 

How to use Bitcoin anonymously:

We recommend this Blogpost

Let’s Encrypt

Since Snowden the usage of encryption is steady growing. One of the key points is to encrypt the daily web usage. Each website should run SSL, but for website starter installing an SSL cert and keep it up to date is often to complicated.

And of course it comes with a price, even a standard SSL cert will cost you at least 10 euro per year.

But why paying for an SSL cert when you can have it free?

All shared hosting server support Lets Encrypt certificates!

You dont have to do anything, your website will simply recive (or has already) a valid SSL certificate issued by Lets Encrypt. Try it out!

In case you have already an valid SSl certificate it wont be replaced. SSL certs installed within Cpanel have priority so there wont be overwritten.

The SSL cert will be automaticly installed and renewed by the system, there is nothing you need to do.

If you have any further questions please contact our support team via email or ticket system.

About Let’s Encrypt:

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.

The key principles behind Let’s Encrypt are:

  • Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
  • Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
  • Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
  • Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
  • Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
  • Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.

Let’s Encrypt is a trademark of the Internet Security Research Group. All rights reserved.

Shared hosting improvements 2016

We are always on the search to improve our services. As we added some time ago free ddos protection at our location Romania we are now taking on the shared hosting.

Within the past time we recived plenty of requests for shell access and now here we are:

All shared hosting clients now have shell access and can login via ssh.

How to use shell?

The first thing you need are a private and public key for the ssh login. Our server offer only key auth as an option for security reasons, password auth is not possible (if you try the password auth more then a few times in row your IP will get blocked)

Windows:

  1. Open the PuTTYgen program.
  2. For Type of key to generate, select SSH-2 RSA.
  3. Click the Generate button.
  4. Move your mouse in the area below the progress bar. …
  5. Type a passphrase in the Key passphrase field. …
  6. Click the Save private key button to save the private key.

You can download the tools here:

http://www.chiark.greenend.org.uk/~sgtatham/putty/

Linux:

  1. Open Terminal.
  2. Paste the text below, substituting in your GitHub email address.
    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
    # Creates a new ssh key, using the provided email as a label
    Generating public/private rsa key pair.
    
  3. When you’re prompted to “Enter a file in which to save the key,” press Enter. This accepts the default file location.
    Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]
    
  4. At the prompt, type a secure passphrase. For more information
    Enter passphrase (empty for no passphrase): [Type a passphrase]
    Enter same passphrase again: [Type passphrase again]

Login to your cpanel and click on “SSH Access”.

There you can upload your public key or also generate a pair. We recommend to generate the key localy and then only upload the public key.

Dont forget to enable your key within Cpanel.

You can watch the Cpanel how too video here:

https://www.cpanel.com/media/tutorials/ssh.htm

 

Git on shared hosting

Git makes admin lives easier and offer a wide range of options. So we got you git too. Just login via ssh and use the git command.

Be aware that you need to provide the full path:

/usr/local/cpanel/3rdparty/bin/git

Webserver tuning and more ram:

Our Cloudlinux ressources included within the packages are already quite large but we wanted to offer more. We set the php mem limit by default to 512mb and raised the max connections limit per package too.

Nginx:

all webserver running Nginx as proxy in front so that static and cached content can be delivered even faster.

PHP selector:

From time to time customers requesting special php settings and versions to get there software running. By default our php setup is optimized to secure for all user. This includes the usage of Suhosin and always up to date php versions.

But some customers need an own php version so we offer via PHP selector in Cpanel the option to set your php as you need it.

If you need further options please contact us.

phpselector_options

***SPAM*** Ransom request: DDoS Attack!

Dear valued customer,

yesterday we have recived a blackmailing from the so called “Armada Collective” (see email at the end of this post).

They demand 20BTC (around 8000 Euro), otherwise our networks in Iceland and Finland will be attacked by ddos.

To state it clear:

We are not going to pay any money to those persons, as blackmailer do not stop in such a case.

We informed immediately the Icelandic Police, the FBI (because there are already other cases active about it) and the local CERTS to be aware of it.

To avoid downtime for our customers, we are starting to implement protections, but we have to see how it works in case of such a strong attack.

Our network in Romania is not affected because our ddos protection can filter these size of attack.

In case of an attack which causes the downtime of your product, please stay calm and wait a moment until our protections can start to work.

Please be aware of the fact, that in case of a ddos attack, the whole network at the location can be affected.

We are working now on it, to prevent the worst case and we will continue, in case the attack starts. Please keep in mind, that such kind of danegeld extortion is a strike against freedom of the internet, which we are fighting for.
To comply with the demand would mean to give up the fight!

We hope to have all of you staying behind this decision, as it can affect you as well as it affects us.

We will update regulary our blog, Twitter

@flokinetehf
and our Network status page:
https://www.billing.flokinet.com/serverstatus.php

———————-

from:

to: info@flokinet.is

Subject: ***SPAM*** Ransom request: DDoS Attack!

Ransom request: DDoS Attack!

FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!

We are Armada Collective.

If you haven heard for us, use Google. Recently, we have launched some of the largest DDoS attacks in history.
Check this out, for example: https://twitter.com/optucker/status/665470164411023360 (and it was measured while we were DDoS-ing 3 other sites at the same time)
And this: https://twitter.com/optucker/status/666501788607098880

We will start DDoS-ing your network if you don’t pay 20 Bitcoins @ XYZ(modified by us)

Right now we will start small 30 minutes UDP attack on your site IP: 185.100.84.14. It will not be hard, just to prove that we are for real Armada Collective. Check your logs.

If you don’t pay by Wednesday, massive attack will start on your networks in Finland and Iceland, price to stop will increase to 40 BTC and will go up 2 BTC for every hour of attack.

In addition, we will be contacting affected customers to explain why they are down and recommend them to move to OVH. We will do the same on social networks.

Our attacks are extremely powerful – sometimes over 1 Tbps per second.

Prevent it all with just 20 BTC @ XYZ(modified by us)

Do not reply, we will not read. Pay and we will know its you. AND YOU WILL NEVER AGAIN HEAR FROM US!

And nobody will ever know you cooperated.


Armada Collective

IPv6 ready

Our network in Romania and Finland is now IPv6 ready, Iceland will follow soon.

What is IPv6?

What is IPv6?
IPv6 is the next generation Internet Protocol (IP) address standard intended to supplement and eventually replace IPv4, the protocol most Internet services use today. Every computer, mobile phone and any other device connected to the Internet needs a numerical IP address in order to communicate with other devices. The original IP address scheme, called IPv4, is running out of numbers.

What does Ipv6 offer me?

IPv6 offer besides solving the IPv4 shortage problem a lot of new functions.

  1. More Efficient Routing
    IPv6 reduces the size of routing tables and makes routing more efficient and hierarchical. IPv6 allows ISPs to aggregate the prefixes of their customers’ networks into a single prefix and announce this one prefix to the IPv6 Internet. In addition, in IPv6 networks, fragmentation is handled by the source device, rather than the router, using a protocol for discovery of the path’s maximum transmission unit (MTU).
  2. More Efficient Packet Processing
    IPv6’s simplified packet header makes packet processing more efficient. Compared with IPv4, IPv6 contains no IP-level checksum, so the checksum does not need to be recalculated at every router hop. Getting rid of the IP-level checksum was possible because most link-layer technologies already contain checksum and error-control capabilities. In addition, most transport layers, which handle end-to-end connectivity, have a checksum that enables error detection.
  3. Directed Data Flows
    IPv6 supports multicast rather than broadcast. Multicast allows bandwidth-intensive packet flows (like multimedia streams) to be sent to multiple destinations simultaneously, saving network bandwidth. Disinterested hosts no longer must process broadcast packets. In addition, the IPv6 header has a new field, named Flow Label, that can identify packets belonging to the same flow.
  4. Simplified Network Configuration
    Address auto-configuration (address assignment) is built in to IPv6. A router will send the prefix of the local link in its router advertisements. A host can generate its own IP address by appending its link-layer (MAC) address, converted into Extended Universal Identifier (EUI) 64-bit format, to the 64 bits of the local link prefix.
  5. Support For New Services
    By eliminating Network Address Translation (NAT), true end-to-end connectivity at the IP layer is restored, enabling new and valuable services. Peer-to-peer networks are easier to create and maintain, and services such as VoIP and Quality of Service (QoS) become more robust.
  6. Security
    IPSec, which provides confidentiality, authentication and data integrity, is baked into in IPv6. Because of their potential to carry malware, IPv4 ICMP packets are often blocked by corporate firewalls, but ICMPv6, the implementation of the Internet Control Message Protocol for IPv6, may be permitted because IPSec can be applied to the ICMPv6 packets