Vadim Chobanu

Recently I had a task of streamlining the contacts and team collaboration workflow. As the business grows, the usual outlook contacts, tasks and appointments are running out of functionality, so the natural choice was a good CRM solution. A custom software was probably the best thing, however the budget didn’t allow for it, so I began my homework on researching the ready made solutions available, ideally a free one or not more than £10 per month per user. I came across SalesForce free, which was integrating nicely with outlook, however I didn’t like that all my outgoing emails sent from CRM had the ’sent by salesforce on behalf of’, plus a few more downsides. The paid version obviously didn’t have this, so I felt like doing a bit more research before making any decisions. I came across a few more ready made free solutions, out of which SugarCRM seemed the next best choice at the time as they have an open-source community version, which means that all I have to worry is about hosting it myself. Sounded very promising, so I installed it on my server and then moved on to making it work with the email. The Community version has a slight downside – they didnt provide outlook integration, however there are a few 3-rd party softwares that do the same job, so next thing was to obtain a trial for them. As I am running windows 7, 2 of these applications didn’t seem stable enough, so I was about to give up and go back to salesforce. Then I came across another 3-rd party application which was integrating the CRM with exchange server, however the problem with it was the actual price – from $1400. No budget for that, sorry. Next! was I just about to say, when I found one more 3-rd party soft which was integrating contacts, tasks and calendar with an exchange-like-server called Zarafa and was free for up to three users. How handy I thought – we are three partners in the business, so we will even save some money by not paying for a hosted exchange solution each month.

Read the rest of this entry

For the past month or so, I have wasted a lot of my time on dealing with hackers! That’s right. Firstly they found a way to exploit my tmp folder on the server and placed an IRC bot called emech. Thanks to Coreix - they noticed some unusual traffic and helped to stop it.

Then they managed to exploit one of my user’s site which had a weak password. I noticed that quickly as whatever they tried to do caused the apache to die.

The last part that got me furious is somehow they managed to write to my htaccess files a few lines of code that was telling google to go and index their site instead:

RewriteEngine On

RewriteBase /
RewriteCond %{HTTP_USER_AGENT} (Googlebot|Slurp|msnbot)
RewriteRule ^ http://dfsg.us/ [R=301,L]

Now that’s cheeky. I have no idea how they did it as the file is accessible for writing only by the owner. There is no way they know my password as if they did, they would have probably done more damage. I guess there is a new php/apache vulnerability which is yet to be reported and a patch made available for it.

For now, I disabled ftp access, installed a few programs to block IP addresses of users who attempt anything suspicious, changed all my passwords, installed a php patch for improved security and I am looking forward to wasting more of my time in due course!

Oh, the same issue has been reported by a guy over here - http://44px.net/blog/2009/02/28/napominayu-prosteyshee-pravilo-teper-i-iz-svoego-opyita

He thinks its the ftp details that got hacked – I looked through my ftp logs – nothing there on my end.

Update 05/03/2009 – Coreix was kind enough to do a audit on the server and suggested a few extra security measures that I gladly accepted to make the server extra secure. Now I can sleep at night

And once again I will comment on how good the Coreix support is – professional, knowledgeable, polite and not trying to rip anyone off! They worked to apply all the security measures and disable the services that were not necesary etc for a good part of the day and I got charged a very reasonable ammount of money for that!

I learned over the time to give the second chance, as things at times can go wrong. I learned it from customers. Yes, we did at occasions fail to provide to the expectations for one reason or another, but we had always been given the second chance and together with the personal touch, we took that chance and it eventually resulted in customer satisfaction. That exact customer patience and ‘niceness’ has always inspired me and given the strength to carry on at difficult times, for which i am thankful to all those that provided their support and believed in us. This ’second chance’ patience is not something I always possessed to be honest, as by nature I am someone who wants everything yesterday.

Why am i telling you this now? Well, my previous post mentions that my server was down for over 24 hours and this is how it all happened.

Back in July, I signed up for a dedicated server from webfusion.co.uk for quite cheap – £36.99 ex VAT

It was a ubuntu linux installation with some weird in-house developed CP that provided basic functions – add domains, subdomains, emails etc. We needed a bit more, so we requested the root access to perform other needed functions.

All was running ok innitially, but then in August-September my friend Roman (programmer) and I started work on a new project which required the latest php and apache version, so we tried via the command line to update them. A bit of googling and research didn’t help, so we thought – webfusion must know how to do it – I am sure they came across this before. So I opened a ticket and patiently waited. I was given some clue as to how to solve it, but I needed a bit more guidance, so after a few days of email exchange (normally they were taking 24 hours to reply) I am told – pay us £100 and we will do it for you! That is to update the PHP server version to the latest one! I believe it is a host’s responsibility to do these updates free of charge as they normally improve the security.

Read the rest of this entry

Unbelievable! If anyone has tried to access my sites for the past 24 hours, i guess there was no much success unfortunately.

My current hosting provider is (still) webfusion.co.uk and i had a dedicated ‘managed’ server from them with 24/7 support. Yep, managed if you keep the server as it is without updates and their first line support is so useless, they don’t know how to check DNS records or how to clear the DNS cache of a windows PC. I am not a command line guru by no means, but this is something any first line support should know! And this advertised 24/7 useless support is non existent after 8pm!

I was going mad today – no emails coming in, felt like disconnected from the rest of the world. We take emails for granted now, but they do indeed mean a lot in our modern lives.

Anyway, i just thought I will let you know why the website was down (probably for the 3rd time in the last 3 months) and soon I will make a full report on my experience with them. Oh, i think to sue them too, so I will do a bit of reading first if I go ahead.

For now, if anyone who thinks of getting a hosting from these companies, think twice and look forward to my full report on them. Absolute nightmare!