Retiring PayPal

After many years of offering PayPal as a payment method, it’s time for us to retire it. We’ve spent the last year looking for alternative payment methods and settled on WorldPay which allows us to accept all major card types (MasterCard, Visa and AmEx) as well as offer ELV to our German customers.

We will stop sending out invoices with PayPal as payment method on the 01.05.2012 and stop accepting PayPal payments on 01.06.2012. If you have any questions regarding this, please contact our support team.

Tip: Do you want to get only 1 invoice a month for all your services?

No problem! Just contact our team, and we’ll align your services to a single date that’s convenient to you, so that you only have 1 invoice a month to pay.

Posted in News | 1 Comment

Remote vulnerability in Plesk Panel < 10.4

Hi,

A major vulnerability was discovered in Plesk, allowing full access to the panel. The versions from 7.6.1 to 10.3.1 are vulnerable. Versions 10.4 are not affected.

To find out if your server is vulnerable, see the following article: http://kb.parallels.com/en/113424

To apply the Plesk micro-updates, please follow this article: http://kb.parallels.com/en/9294

For more information: http://kb.parallels.com/en/113321

Important

It is strongly recommended to change all passwords for Plesk users and Admin account: http://kb.parallels.com/en/113391

Check and clean your server in case it would have been exploited:

1.) Delete the backdoor:

Delete all files in the /tmp directory on your server. You should see files named ‘u’ or ‘id’ for example.

2.) Locate cgi and perl scripts

Type the following command: ls -al /var/www/vhosts/*/cgi-bin/*.pl . You’ll see in each cgi-bin folder of the file. .pl or .cgi with different names.

Example: preaxiad.pl, dialuric.pl, fructuous.pl .

Delete all these scripts if they are not yours.

3.) Secure your site

Injections took place on wordpress, drupal and /or joomla. Make sure your sites use the very latest version of the CMS. Disable via plesk panel in the hosting section the CGI-BIN option for sites that do not use this option.

Also change the ftp/sql password of your sites.

4.) Locate the source IP

You can grep the name of script.pl in access_log of your site to find the IP that performed the injection.

For example:

zgrep 'preaxiad' /var/www/vhosts/YOURDOMAINHERE/statistics/logs/access_log*

It should return a line like:

12.34.56.78 - - [01/Mar/2012:02:37:55 +0100] "GET /cgi-bin/preaxiad.pl HTTP/1.1" 200 181 "" "Opera/7.21 (Windows NT 5.2; U)"

Use the IP at the beginning of this line to see if other sites are affected.

zgrep 'ip.in.question.here' /var/www/vhosts/*/statistics/logs/access_log*

This will then return the list of logs to sites the script have been called.

Need help? We’re here!

Our team can help you to verify and update your Plesk service. If you need help with any of the steps above, please contact our support. Depending on your service with us, this intervention might be charged (we will inform you of this in advance).

The intervention will include:

  • Removing scripts / backdoors
  • Check the presence of the fault
  • The microupdate and update of your plesk
Posted in Dedicated Servers, Security, VPS | Tagged , , | Leave a comment

Keeping it local – Flosoft.biz at MME_2

The Flosoft.biz Stand at MME_2

We at Flosoft are well aware of our social responsibilities. That’s why we started supporting cultural events of regional importance in Aichwald/Germany, where our HQ is based, MME_2 (Momente, Menschen, Emotionen) is one of the outstanding events this spring.

More than 800 spectators gathered at the market square and enjoyed a brilliant light show provided by internationally known artists Matthias Rapp and Wolfgang Steeb. In addition a 45-minutes fotoshow with the most interesting, funny and important pictures showing all aspects of life in the Swabian town proved fascinating. Our involvement was well worth the effort – we had invited a number of German clients, and quite a few showed up and enjoyed the evening with us. Another important point: The media liked us and printed some really pleasing pics, which you can find on our Facebook page.

It’s definite: We will support MME_3 in 2013!

Posted in News | Leave a comment

Behind the scenes of streaming TWiT.tv’s iPad special

Monitoring TWiT servers while waiting for the news

I guess everyone interested in technology, spent the last 2 hours following Apple’s iPad announcement. One of the leading media networks that have been covering the announcement live was TWiT.tv.

We’re happy to share with you that TWiT.tv’s iPad / iPhone and Roku stream is hosted on one of our servers using Wowza for HTTP Live Streaming.

Now handling a peak like that is normally a big challenge, with there being a substantial increase of live viewers, so we decided to keep an eye on the single fine tuned dedicated server, to make sure that no viewer would be left out. Here are some of the stats we saw:

Network Throughput

One of the challenges with video is that you continuously need a large amount of bandwidth in comparison to just serving web pages.

MRTG Graph

As you can see on the graph above, the single server had a peak network output of 1203.2Mbit/s. That’s more than a Gigabit per second!

CPU Load

The server boasting 2 quad core CPU’s didn’t even break a sweat. With Wowza being set up to share the load across the different CPUs and cores, it never broke a sweat while streaming the 720p stream to more than a thousand users simultaneously.

We’re looking forward to the next big event and breaking the 2Gbit/s mark! Oh, and in case you missed the live stream, you can watch the special here.

Posted in Case Studies | Tagged , | 1 Comment

Merry Christmas and a happy new year from Flosoft.biz!

What a year for Flosoft.biz! And what a great year for our clients around the world! You know that you can rely on our promise: we provide tailor-made solutions for a wide range of enterprises, we offer a personal, super-efficient service and – last but not least – we will continue our price policy. This means very competitve prices for our excellent range of products and services. Quite a few things happened at Flosoft.biz – we were involved in LeWeb11 and ensured the stable running of the website and were very proud to hear from the organizers that for the first time in the history of the conference there were no problems whatsoever with the website. This given the fact that the website was served to over 200.000 people!
We know where our roots are. That’s why we will continue to help small startups like Jottify to maintain a professional and scalable server infrastructure.

We would like to thank all of you out there for your incredible support. We are really looking forward to working for you in the future. By the way: You might have expected this anyway, but let’s make it official now. We have developped new and very exciting products which we will present early next year – so keep checking our website

We wish you a pleasant and relaxing festive season and a very successful year 2012!

Florian Jensen and Claus Kraemer

Posted in Uncategorized | Leave a comment

Flosoft.biz behind the scenes of LeWeb.net

It’s been an amazing week for us here at Flosoft.biz. We were happy and honoured to be a part of LeWeb 2011, Europe’s biggest IT conference with over 3.000 attendees in Paris and more than 200.000 participants online over the conference days.

Hosting the LeWeb.net website was a challenge for us. And we want to share some of the things that went on behind the scenes of the website and what it meant for us to host it with you. It’s not every day that you get to host the official website of Europe’s most influential IT conference.

We always like a challenge, so when we were approached by the LeWeb team about hosting their website, we didn’t think twice about it. We discussed with the organizers a custom configuration of our managed hosting solution that was optimized for the LeWeb website and deployed it on one of our dedicated servers. Our professional approach worked 100% for LeWeb. We also set up a few additional resources in case we needed them. This was based on our DedicatedCloud solution. We were basically using additional frontend servers that could be fired up.

The setup was:

Come December 7, the first day of the conference, we had a peak of over 200 requests per second! coming in on the single dedicated machine, yet the machine load didn’t go over 0.1. This just goes to show that we at Flosoft.biz can have a single dedicated server (and a fallback infrastructure that we didn’t need…) handle more or less anything if we optimize the website and the webserver.

Here are some graphs and numbers we’ve gathered over the course of this week:

Graph of Requests

Requests for the week of LeWeb

The server handled 226.564 unique IPs. That means that over 226.564 unique users visited the site between 07/Dec/2011 00:00:00 CET and 09/Dec/2011 23:59:59 CET, assuming that there’s quite a few people behind a single IP (NATing). This is a huge number, and we don’t dare to speculate.

We also had a peak of 20.1Mbit/s of outgoing traffic on that machine.

Network Traffic Graph

The LeWeb.net network traffic graph

It was a great week for all of us here at Flosoft.biz, and we’re really looking forward to next year. We’d like to thank Loïc and Geraldine and the entire LeWeb team for organizing the most professional IT event in Europe and getting together for open discussion many of the worlds leading thinkers of our time and letting Flosoft.biz be part of this.

We hope to see you next year!

Florian Jensen & Claus E. Kraemer

Note: Some numbers aren’t showing on the graphs, as the graphs show a 5 minute average, not 1 minute average. Figures are as stated in the text.

Posted in Case Studies | Tagged , , | 6 Comments

Flosoft.biz refreshed … finally!

A graph of the development.

It’s been a long long time in the works, but it’s finally here!

After nearly 6 months of intermittent work, we’re sharing the result. So you might ask, what’s new?

VPS Line-up

In 2008 we launched our VPS service. Our aim was to offer a low cost, high performance VPS that would offer you a great platform for initial developments and private use. This offer proved quite successful, so that we decided to do a small refresh in 2009 offering more memory and storage.

The new VPS Infrastructure

It’s been over 2 years now since that refresh and it’s time to bring something new to the market. So we went back to the drawing board and redesigned the complete infrastructure that hosts the VPS to offer you an amazing deal.

The new line-up still starts out at €9.99 / month but packs 1GB of RAM and 25GB of storage and kept the much beloved unlimited traffic. We also realized that the customization from the first VPS onwards was too complicated to understand, so we decided to build 5 basic VPS models where you can however still customize the largest offer to scale to whatever size you need.

So when are these launching? We’re preparing the new infrastructure for launch as we speak. The machines should be available from Monday the 12th of December for order. We’ll also offer upgrade deals for our existing VPS customers.

VPS Product Page

Dedicated Server Line-up

Flosoft.biz ❤ Dedicated Servers. We’ve updated the configurations of all models. Check them out, we’re sure there’ll be something in it for you.

We’ve now got 5 different series:

  • Eco
    The Eco series is perfect for private use or as a test environment. You can get a lot of power for little money, but you’re missing out on our additional features as well as RAID.
  • Startup
    The Startup series are great to get started in the world of Dedicated Servers. They offer a strong configuration with software RAID and 100Mbit/s switchport.
  • Pro
    The Pro series are powerful machines offering optional hardware RAID and a lossless 1Gbit/s uplink.
  • Pro+
    The Pro+ series are dual quad core machines with a high performance LSI RAID Card and a lossless 10Gbit/s uplink.
  • Ultra
    As usual, the Ultra series are THE solution for your mission criticial needs. With redundant power supplies, up to 2x 10Gbit/s uplink on our lossless network and lifetime upgradeable, these machines are the best of the best.

On top of that, we’ve got the bargain bin configurations. These will be available from next week on the website as well. All of these configurations are available now.

Dedicated Server Product Page

Cloud Solutions

A dedicated server not enough? We’ll give you control of your own Datacenter powered by VMWare!

If you are interested in this solution, please contact us.

Cloud Solutions page

Jabber / XMPP & Consulting

Are you looking to build a realtime app? Do you need help scaling your business? We’re here to help!

The new Flosoft.biz Website

And that’s it! It took a while, but it’s here. Flosoft.biz’s new website!

So head on over there, and check it out!

Flosoft.biz

Posted in News | Tagged , , | Leave a comment

Flosoft.biz at LeWeb

Flosoft.biz at LeWebLeWeb is Europe’s largest tech event with over 3000 participants from all around the world. A place filled with creative and innovative entrepreneurs, executives, investors, press and industry veterans.

We’re happy to say that we’ll be there with our team and we’re looking forward to meeting many inspiring entrepreneurs and helping them scale their web activities.

We’ll also be posting updates live from LeWeb here on our Blog and on Facebook/Twitter We’ve got some surprises lined up for the week so be sure to check back.

If you’re attending LeWeb, do let us know and get in touch either on Twitter or Facebook!

Twitter: @flosoftbiz
Facebook: /flosoft

Posted in News | Tagged , , , | Leave a comment

New Client Area and bye bye PayPal

Good evening!

it’s been a very busy few weeks here at Flosoft.biz, but many things on our seemingly endless todo list are finally nearing completion.

Tonight, we’re launching the new Manager (Client Area).

The new Manager sees the introduction of a brand new client area design, introducing a fresh, modern and clean new look, completely rewritten to take full advantage of all the developments and improvements that are coming to Flosoft.biz.

With the new design we started from scratch, making full use of includes and CSS to reduce code replication and make customisation simpler than ever. And built based on the Bootstrap CSS framework from Twitter, it has a solid base for both cross browser compatibility, and consistent styling.

We also updated the order form, to stop asking for Server Name, Root Password and NS1 / NS2, as these values have never ever been used.

We will be adding more features to the Panel in the coming weeks and months.

We have also finally activated WorldPay as a payment gateway, accepting MasterCard, Visa, AmEx and ELV (German Bank account).
Due to this, we will be phasing out PayPal (new orders can’t be placed using it – unless you contact support).

If you have any feedback regarding all of this, please feel free to tell us.

Greets,

Florian Jensen

Posted in News | Tagged , , | Leave a comment

Case Study: Stephen Fry tweets Jottify

About 1.5 months ago, Jottify, one of our Dedicated customers, got mentioned in a tweet by Stephen Fry. What’s the big deal you might ask? Well, Stephen Fry has nearly 3.3 million followers on his Twitter account, which makes him a force to be reckoned with. Add to that the fact that Jottify is a site that his followers would enjoy and you’ve got a recipe for disaster.


Budding author? Poet? Screenwriter? Or just part time scribbler? Check out Jottify: http://t.co/v7Zz3DS
@stephenfry
Stephen Fry

The Setup

Jottify was hosted on a small Eco C-2 (29.95€ / month) dedicated server which as you might expect would normally not be able to handle a sudden impact like this on it’s own.

So we set up a custom server in front of the Eco C-2 to act as a cache for static elements as well as the pages for non logged in users. This was done using a custom compiled version of nginx using the advanced caching features and reverse proxy options.

A few tips for nginx:

#Create a large proxy cache, use SSD if possible:

proxy_cache_path /var/flosoft/nginxcache levels=1:2 keys_zone=jottify:8m max_size=1000m inactive=600m;

#Make sure you only cache static content, so not logged in users' pages

if ($http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_") {
set $no_cache 1;
}

#Static files don't really change that often

if ($request_filename ~* \.(jpg|png|gif|css|js)$ ) {
set $no_cache 0;
expires 1d;
}

#Use Stale pages if there's a problem with the backend server

proxy_cache_use_stale           error timeout http_500 http_502 http_503 http_504;

 

The result

The tweet came and went, and the front-end server didn’t even break a sweat. The first minute we handled a peak of 18 Mbit/s (not shown in the graph above as it shows a 5 min avg.), which is a substantial amount of hits. We processed about 250.000 hits within 6 hours of the tweet going live.

This just goes to show that you can actually handle a tweet by Stephen Fry on a small Eco C-2 (kinda … ). With the Jottify community growing on a daily basis,  they have by now removed the “training wheels (the custom cache)”, and moved from the Eco series to one of our larger series to ensure that their community can grow without any hiccups in the months to come. All in all, it was a great challenge to handle such a huge peak on a small budget and we can’t wait for the next challenge!

About Jottify

Jottify is an online community which allows people to share, discuss and sell anything they have written.

The website comprises innovative tools for creating, organising and sharing literary works with the web-using world. It allows writers to categorise their works into chapters/scenes/sections and, incorporating some of the Internet’s finest open-source projects, it is a word processor tailored for writers, accessible from anywhere in the world.

http://jottify.com

Posted in Case Studies | Tagged , , , , , , | 2 Comments