Knowledgebase

The Mail service on the new servers is current and there are differences that need to be taken into consideration once the new server is live.

 

Our recommendation is to setup a complete new email account on the Phone since updating the old email configuration may not work properly.

Add the new email address using either IMAP or POP. If you connect multiple devices / computers to an email account, IMAP is recommended since it will sync data with the server. It may be necessary to check with the IT person or your carrier in case there is a restriction for any of these protocols. Here are instructions on how to add the email account under Android Devices.

1. On your Android device go to settings and under Accounts look for “Add account”

 

2. On Next screen select IMAP:

 

 

3. Enter your Email address and password and touch over Next:

 

 

4. Fill in the form with the information provided by the Technical Support department. Make sure to set security to none, port to 143 and that username is the full email address, use the server name provided and the password for the account. Then, click on Next.

 

 

5. Enter your SMTP information, make sure security is set to none, port is set to 25 or 587 in case 25 is blocked, username will be the full email address, server would be the same as incoming server. Then, click on Next:

 

6 It will validate your information and will try to sign into the server:

 

7. Setup a description and what name you would like outgoing mails to show and click Next:

 

 

With this you have completed the setup of a new email account on your Android

 If you get any problem, please contact support@eapps.com

Email Migration process when moving from a VPS to a Cloud / Elastic VPS (Apple Mail)

Mail service on new servers is up current and there are differences that need to be taken into consideration once the new server is being live. 

Our best recommendation is to setup a completely new email profile on any email client that is being used.

 

Here are some considerations:

 

  1. Make a backup of your mail on your local computer.

To do this Open Mac mail right click the mailbox you want to export and click on export Mailbox:

This will open a new window, select the location where you want to export the mail to:

Click on choose

This will generate a file called INBOX.mbox

You will need to do the same process for any folder you want to save on your local computer. Remember, if your mail client is set not to save emails on the server, you need to make this local copy since we will not be able to move these emails to the new server and we do not have a way to recover them since they are locally saved on your computer.

 

 

  1. Add the new email address using either IMAP or POP. If you connect multiple devices / computers to an email account, IMAP is recommended since it will sync data with the server. It may be necessary to check with the IT person in case there is a restriction for any of these protocols. To add a new email account on Mac Mail follow this steps:

Open Mac Mail and go to Mail -- > Preferences

Go to Accounts:

 

Click on the + sign at the bottom of the screen and select Other Mail Account

Click on Continue

Enter your Name or description, the full email address and the password for it on the new server:

Click on sign-in

It will fail and show something like the following:

Fill in the username (full email address) along with incoming and outgoing server names as provided in an email from Technical Support. If you don’t know the server names, please contact support@eapps.com. The form would look like this:

Click on Sign In again

By default Mac Mail will attempt to connect using SSL, you will get a warning like this one: 

Click on Continue

Once it authenticates it will show you what you want to sync, select only Mail and click on Done:

With this you have added a new Email Account to your Mac Mail, you can now test sending emails.

 

If you have any problem, please contact support@eapps.com

 

Applicable Plans – All servers with ISPmanager 5

 

The migration process is as follows:

 

  1. We copy your websites, applications and mailboxes to the new server
  2. We provide you access to your new control panel so you can verify your service prior to the cut over
  3. Once you confirm all is good on the new server, we will schedule the cut over process.

 

There are certain items to take into consideration. We do not have access to your current email passwords. It is necessary to reset the passwords from your control panel if you cannot provide them. This guide provides you all the steps for resetting passwords.

 

For updating mailbox passwords, It is necessary to login to ISPmanager.   The owner of the account should have received an email with the URL and password. The email would look similar to this:

 

ISPManager at - https://YOURIP:1500/ispmgr

User: root

Password: YOURPASSWORD

 

You can find a full overview of ISPManager 5 at:

https://support.eapps.com/index.php?/Knowledgebase/Article/View/516/49/using-ispmanager-5-control-panel

 

When the link is opened, a warning would be displayed regarding the SSL. Please follow the guidelines below for these browsers: Safari, Firefox and Chrome.

 

Firefox:

A screen like the following will be presented:

 

This is the expected behavior since the control panel uses a self-signed certificate.   The warning means the certificate was not issued by a third party issuer. When this screen is presented click on advanced and it will show the following:

 

Now click on Add Exception and a new window will pop up:

 

Click on “Confirm Security Exception” once clicked it will automatically redirect you to the login page

 

Safari:

On safari a warning like the following will be displayed:

 

 

Click on Continue and it will take you to the Login Page

 

Chrome:

On chrome a warning like the following will show up:

 

Click on Advanced and it will show the following option:

 

 

Click on “Proceed to YOURIP (unsafe)” and it will take you to the login page.

 

For other browsers similar option will show up.

- - - -

 

The login page for ISPmanager will look like the following:

 

Please use the credentials that were provided.

 

Changing Mailbox passwords

Once logged as root it is possible to manage all mailboxes. Click on Users -- > Mailboxes on the left hand menu:

 

The right panel will show all mailboxes configured on the server:

 

 

In order to change the password for the account, double click on the email account you want to modify and following menu will show up:

 

You can see the current password by clicking on the little eye at the right of the password field. To change the password you need to type the new password on the field and click Ok.

 

 

Managing your own mailbox

 

ISPmanager also allows each mailbox user to login to ISPmanager using their own email address.   When logged in, they will be able to perform certain tasks that will only affect their email address. They cannot see any other section from ISPmanager, only tasks related to their email account.

 

Use the same process to get to ISPmanager as detailed previously on this guide. At the login page use the email address and it’s password instead of the root user:

 

 

Once logged in, they will see something like the following:

 

 

As you can see this is a limited access that will only allow them to perform following tasks:

  1. Setup email filters: It is possible to create filters such as moving mails to specific folders, etc. To do it just click on Email Filter under Mail menu and follow the wizard which will guide you over the process

 

  1. Auto-responder: This option lets you setup an automated response to any incoming email. Click on Auto-responder and you will be presented a field where you can enter the text you want to send as an automated response.

 

  1. Purge email: This will remove all mails from the email account. Please be very careful with this option since there is no way to recover the emails once they are removed!!

 

  1. If webmail client is available, you can access it by clicking on Additional app -- > Webmail client

 

  1. Manage Settings: Each user can manage their own settings by going to Settings --> User Settings, it will show the following screen:

 

The main option to review is resetting your password, the need to enter the new password and the confirmation for it. This is the only way a user can change their password.

 

If you see any problem or get any question please contact support@eapps.com

 

The mail service on the new server is current and there are differences that need to be taken into consideration once the new server is live.

Our recommendation is to setup a completly new email account in the iPhone since updating the old email configuration may not work properly.

Add the new email address using neither IMAP or POP. If you connect multiple devices / computers to an email account, IMAP is recommended since it will sync data with the server. It may be necessary to check with the IT person or your carrier in case there is a restriction for any of these protocols. Here are instructions on how to add the email account under IOS 10

 

Go to Settings on your phone and look for Mail:

Under Mail, you will find Accounts, touch on it:

 

 

 

Once you are in Accounts you will see a list of email accounts configured on the phone, at the end of the list touch on Add Account:

 

Select the last option (Other)

 

 

Select Add Mail Account

 

Enter the name, your full email address, the password and a description for it

Touch on Next at the right top. 

This will show you more options that you need to select. It will be similar to the following:

 

Touch Next at the right top, this will show you a new screen, enable only Mail and click on Save at the right top:

 

 

You have completed the setup of the email box in your iPhone

 

If you encounter any problem, please contact support@eapps.com

 

Email Migration process when moving from a VPS to a Cloud / Elastic VPS (General Recommendations)

Mail service on new servers is current and there are differences that need to be taken into consideration once the new server is live.

 

  1. As mentioned on the migration email, on the new server there is no concept of a multiple domains account. There will be only single domain accounts and, if needed, forwarding rules will be added to any email account on another domain that needs to be delivered to the main account.

 

  1. SMTP authentication must be configured on the new profile. The username will be the entire email address and it is necessary to set a new password from the ISPmanager control panel. You can find full details on how to manage mailboxes at:

 

https://support.eapps.com/index.php?/Knowledgebase/Article/View/518/54/managing-e-mail-in-ispmanager-5

 

  1. Test the new profile and make sure that sending email is possible. Confirm that the email arrived to the destination, it should be to an external domain such as gmail, outlook, etc.

 

  1. The new profile will not be able to receive new emails since mail is still being delivered to the old server. Once the cut over is completed, new emails will arrive to the new profile. Please confirm mails are being delivered once the cut over is completed.

 

  1. Since old emails are being moved, the new profile will have its own PST file, emails will be downloaded from new server and it would seem duplicated emails from the old PST, do not remove them, this is expected since both, old and new server are configured on the same email client. (I don’t understand what you are trying to tell them to do here or situation you are notifying them about)

 

  1. If there are special needs, for example an external application that connects to your email server, please contact the agent that is working on the migration and provide all the details.

 

  1. Once the cut over is completed and the new profile is working properly for receiving and sending emails, remove the old profile from outlook to avoid any problem.

 

  1. The setup process will need to be completed on any local email client that accesses an email account that is being migrated.

 

  1. Webmail is also available. Please ask our support team to provide the URL for webmail access.

Email Migration process when moving from a VPS to a Cloud / Elastic VPS (Outlook on Windows)

 

The Email service on the new servers is current and there are differences that need to be taken into consideration once the new server is live.

 

We recommend that you setup a completely new profile on any email client that is being used.

Here are some considerations:

 

1. Make a backup of your local PST file so that no emails are lost once the change is completed. The following document is for Outlook 2013:

At the top of your Outlook ribbon, choose File.


Choose Open & Export > Import/Export. 


Choose Export to a file.
 

Click Outlook Data File (.pst), and then click Next.

Select the name of the email account to export, as shown in the picture below. Only information for one account may be exported at a time.
Make sure that the Include subfolders check box is selected. This way everything in the account will be exported: Calendar, Contacts, and Inbox. Choose Next.


 

Click Browse to select where to save the Outlook Data File (.pst). Type a file name, and then click OK to continue.
NOTE: If you’ve used export before, the previous folder location and file name appear. Type a different file name before clicking OK.

If you are exporting to an existing Outlook Data File (.pst), under Options, specify what to do when exporting items that already exist in the target file.

Click Finish.

Outlook begins the export immediately unless a new Outlook Data File (.pst) is created or a password-protected file is used.

If you’re creating an Outlook Data File (.pst), an optional password can help protect the file. When the Create Outlook Data File dialog box appears, type the password in the Password and Verify Password boxes, and then click OK. In the Outlook Data File Password dialog box, type the password, and then click OK.

If you’re exporting to an existing Outlook Data File (.pst) that is password protected, in the Outlook Data File Password dialog box, type the password, and then click OK.

Now that your Outlook data is in a .pst file, it's portable. For example, you can save the .pst file to OneDrive, and then download it to your new computer. Or you can save it to a USB flash drive, plug the drive into your new computer, and then import your email, contacts, and calendar to Outlook.

 

This information was selected from Microsoft’s official site, If you are using a different version please check on the following:

https://support.office.com/en-us/article/Export-or-backup-email-contacts-and-calendar-to-an-Outlook-pst-file-14252b52-3075-4e9b-be4e-ff9ef1068f91?ui=en-US&rs=en-US&ad=US&fromAR=1

  1. Optional: Create a new profile that will connect to the new server. Outlook allows you to create multiple profiles. Please note that profiles are different from email accounts. A profile will contain configured email accounts. You can find details on how to add a new profile on windows at:

 

https://support.office.com/en-us/article/Overview-of-Outlook-e-mail-profiles-9073a8ac-c3d6-421d-b5b9-fcedff7642fc

 

  1. Add the new email address using neither IMAP or POP. If you connect multiple devices / computers to an email account, IMAP is recommended since it will sync data with the server. It may be necessary to check with your IT person in case there is a restriction for any of these protocols.
    1. Here are instructions on how to setup a new email account using IMAP or POP:

 

You'll need a variety of settings before you start, including incoming and outgoing mail server names, ports, and SSL settings.

 

Account type: IMAP / POP

  • Incoming mail server: mail.domain.com*
  • Outgoing mail server: mail.domain.com*
  • Incoming server port (IMAP): 143 (POP):110
  • No SSL
  • Outgoing server port (SMTP): 25 (if 25 is blocked from your ISP you can use 587.
  • No SSL
  • Server requires SMTP authentication, you can use the option: use same as incoming email.

 

*mail.domain.com should be replaced by the right domain, this information should have been provided by the technician that is handling the migration. If you have any question, please contact support@eapps.com

 

In Outlook Use the Manual setup or additional server types option to set up your account

  1. Choose Manual setup or additional server types > Next.


 

Choose POP or IMAP and then Next.

Enter the following information.

  • Your name and email address
  • Account type: This is usually IMAP
  • Incoming mail server: Enter information provided
  • Outgoing mail server: Enter information provided
  • User Name: This is your full email address
  • Password : Enter the password that was setup for the email account

 

Choose More Settings > Outgoing Server and check the box for My outgoing server (SMTP) requires authentication.

 

On the Advanced tab, enter the information you received. Settings should look like the following:

  • Incoming server (IMAP): 143 or (POP):110
  • No SSL
  • Outgoing server (SMTP): 25 or 587
  • No SSL, requires SMTP authentication, use same as incoming.

 

Choose OK > Next > Finish.

 

For more details, please refer to Microsoft’s official documentation at:

https://support.office.com/en-us/article/Outlook-email-setup-6e27792a-9267-4aa4-8bb6-c84ef146101b

 

If you also have an IT person available, they should be able to assist you on setting up your email account.

Email Migration process when moving from a VPS to a Cloud / Elastic VPS (Thunderbird)

The email service on new servers is current and there are differences that need to be taken into consideration once the new server is live.

Our best recommendation is to setup a completely new email profile on any email client that is being used.

 Here are some considerations:

  1. Make a backup of mails on your local computer. There is no direct option from Thunderbird to export your emails. You can find details on where to find the data files on your computer at: https://support.mozilla.org/en-US/kb/profiles-where-thunderbird-stores-user-data

 

Add the new email address using either IMAP or POP. If you connect multiple devices / computers to an email account, IMAP is recommended since it will sync data with the server. It may be necessary to check with your IT person in case there is a restriction for any of these protocols. To add a new email account in Thunderbird, follow these steps:

 

Open Thunderbird and go to File -- > New --> Existing Email account

Enter your information and click on Continue:

You will get a screen like the following:

 

Click on Manual config, this will enable the fields so that you can modify the values. The settings should look similar to the following:

 

Server hostname information should have been provided by the Technician that is working on your migration.

Please use the following settings:

SSL should be set to None, IMAP port: 143 (or if you prefer POP use 110), SMTP port can be 25 (if it is blocked use 587), authentication must be Normal Password, and username will be the full email address. Once configured click on Done

You may get a warning like the following:

 

Click I understand the risks and click Done

You have now successfully added a new account into Thunderbird.

 

If you have any problems, please contact support@eapps.com

One of the biggest challenges our Technical Support department faces is dealing with hacking incidents. In spite of our various levels of protection, hackers can still get through. They know how to target vulnerabilities in software and have ingenious ways to appear as legitimate users and site visitors. The more sophisticated hackers also do a good job of covering their tracks. This article discusses hacks to CMS systems, which comprise the majority of incidents, and offers some tips and techniques for preventing and dealing with WordPress hacks.

WordPress is the most popular software in the world for websites. Joomla! and Drupal are also very popular. Because of their open architecture, and widespread use, these three Content Management Systems (CMS) are the #1 target of hackers. The vulnerabilities of these CMS is usually not in the core software itself, but rather results from poor coding in third party add-ons (plugins, themes, etc). There have even been cases where bad actors purchased a popular plug-in, and then embedded a Trojan horse or vulnerability to be exploited later.

As mentioned earlier, hacking is often due to poor programming which leads to code that is vulnerable to exploits. Such exploits are known as backdoors.

A backdoor is commonly referred to as a method of bypassing normal authentication and the ability to remotely access the server while remaining undetected. Some backdoors will allow hackers to create hidden admin usernames that they can use to access the server. More complex backdoors can allow the hacker to upload and execute any PHP code sent from the browser. Some backdoors even have their own UI (user interface) which allows the hacker to impersonate the server. This level of access allows them to send emails, execute MySQL queries and perform other bad acts. What makes backdoors so dangerous is that the hacker can control the entire server.

Where is the backdoor code hidden?


There are several common locations where backdoors are hidden.


Themes –  It is possible that the backdoor is not even within the current used theme but maybe within an old theme that was not updated and left vulnerable. Site owners sometimes use cracked themes.

*** Word of advice - You should NEVER use cracked themes, as these are often “patched” with a backdoor.

Plugins – The plugins folder is one of the most used locations for hackers to keep their files in. The reason behind that is simple:

  • First, site owners do not look in this folder very often, as there is no need to pay close attention to it
  • Second, site owners neglect to upgrade their plugins. An out of date plugin can survive a WordPress upgrade. In many cases, upgrading an old or discontinued plugin may not be possible without a developer.
  • Third, many of the plugins we encounter are poorly coded and often lead to vulnerabilities.

*** Word of advice: Upgrade your WordPress plugins on a daily/weekly basis.

Upload Directory  - Another place to look for backdoors is the upload directory. Site owners rarely look in the upload directory. Site images and used in posts reside here. The upload directory can contain hundreds or thousands of images, making it the perfect hiding place. Another downside with the upload directory is that it is writable, making it the perfect target. A very large number of backdoors we find are in the upload directory.

*** Word of advice: Use a security monitoring plugin such as Sucuri. iThemes, or WordFence.

wp-config.php and wp-include - We also find infected code in the wp-config.php. This is a highly targeted file by hackers. The includes folder (wp-include) is also a good place to hide the backdoor.  Many hackers will not just leave one backdoor file, but will place them in more than one location. Once the initial backdoor was uploaded, hackers will add another one (or more) to ensure they still have access in case of a cleanup. We often find the backdoor to be disguised as a WordPress file. For example wp-users.php was uploaded in wp-includes. In the normal WordPress installation there is user.php but no wp-user.php in the wp-includes folder. Usually the infected code is after the first php opening tag and it has encrypted code.

*** Word of advice: When in doubt if your wp-config.php file is infected, you can use the wp-confing.php file from a clean WordPress install. Make sure to keep the database connection details.

Random Named PHP Files - We also find the backdoor as a PHP file with a random name generated such as wxshIjduoy.php, which is obviously not a word and without a meaning.

You may encounter such names wp-content.old.tmp, data.php, wp-app.php or php5.php. It does not necessarily have to be a PHP file. In some cases there was an application hidden within a GIF file and that GIF file was hidden within a legitimate image directory. Tracking down such incidents can be a little trickier and requires a lot of skills, including debugging and troubleshooting skills.

Recommendations in Dealing with WordPress Hacks

  1. Keep good backups of your WordPress. Make sure you have at least 7 days worth of backups for your WordPress sites. eApps offers an excellent Enterprise Backup service, which allows you to set up a retention schedule with sufficient recovery points.
  2. Since you can never be 100% sure that the hack is cleaned, we recommend that you delete the site and restore it to the point where you are sure it was not hacked. This does not fix your vulnerability so you still need to find and patch it.
  3. You don’t always need to restore the database. The hack is usually stored within the site files, so the content should not be lost. In some rare cases, the database is affected and requires a manual restore of the missing posts and data.
  4. In order to test if your site is hacked, you may need to run it in incognito mode to see if the hack comes back. Some of the hackers are smart, and it will not show the hack for the logged in users. Only logged out users will see the hack. Also try to change your browser’s user agent as Google. Sometimes hackers only want to target the hack to search engines.
  5. Disable the following PHP functions:
    "exec,passthru,shell_exec,system,proc_open,popen"
  6. Install security plugins, such as Wordfence or iThemes Security, to limit the number of logins. By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.
  7. Force strong passwords on your users. You can use a password managing utility such as 1Password, for example.
  8. Enable  “two step authentication”. Alternatively, you can use phone verification for users that want to login. If a password gets compromised, the user would still need to have the verification code from their phone.
  9. There is a WordPress exploit in GDPR plugin. Such a bug will allow a standard user to have administrator rights. This WordPress exploit affects WP GDPR Compliance versions up to and including 1.4.2. The patched version, 1.4.3, is now available within the WordPress plugin repository. The reported vulnerabilities allow unauthenticated attackers to achieve privilege escalation, allowing them to further infect vulnerable sites. Any sites making use of this plugin should make it an immediate priority to update to the latest version, or deactivate and remove it if updates are not possible.
  10. Stay up to date with both plugins and WordPress. The latest WordPress version should, in theory, have no vulnerability, until one is discovered.
  11. Do not use cracked/nulled themes, these will most likely contain infected/vulnerable code. Unless you are a PHP developer you will not know the difference between an infected and clean code.
  12. Configure the free eApps Web Application Firewall (WAF) and CDN Site Accelerator. This valuable service, powered by StackPath, can be activated from your eApps Portal > My Cloud menu. Once configured, the WAF will protect your WordPress sites against hacker bots. The Site Accelerator will help improve the speed of your static content. You can follow the setup wizard to configure the service or purchase our assistance service.

Introduction

To keep your server secure and up to date, it is important to update the OS packages on your server. This guide explains how you can perform these updates, depending on what OS and Control Panel is used by your server. If you have questions about the update process, contact support@eapps.com. If you would like eApps to perform these updates for you, contact sales@eapps.com.

Note that for severe security issues, eApps may apply patches to your server, or provide specific instructions to you about what you need to do to mitigate the security issues.

CentOS (with or without ISPmanager control panel)

Generating the Repository Cache

First, fetch the latest list of packages from the configured repositories. If you are using ISPmanager, this will include the ISPsystem repository as well as the eApps repository. All commands need to be done as root.

# yum makecache

After the repository cache is generated, you can apply updates to a single package or to all installed packages.

Updating A Single Package

You can update a single package using the following syntax:

# yum update <package_name>

For example, to update the openssl package:

# yum update openssl

You may be interested in updating a single package if you want to mitigate a recently discovered vulnerability. In CentOS, security patches may be "backported" to a package without updating the major version number. This is important to keep in mind when scanning your server for PCI compliance. Most PCI scan vendors tend to only look at the major version number of a package and not the security patches it has.

Note: eApps offers PCI Compliance assistance services on a request basis (quoted fee), as well as on a subscription basis (set, recurring quarterly fee). Our technicians will review your PCI scan report and perform software updates and advise you as to other actions that must be taken to pass the scan. See https://portal.eapps.com/order/index.php?pid=76 for information about our PCI Assistance subscription service.

You can check the ChangeLog of a package to determine if a security patch is applied using the following syntax:

# rpm -q --changelog <package_name> | grep <CVE_ID>

Here, we are checking if the openssl package has a patch to fix CVE-2018-5407:

# rpm -q --changelog openssl | grep CVE-2018-5407
- fix CVE-2018-5407 - EC signature local timing side-channel key extraction

The fix is included in this version of openssl.

Updating All Installed Packages

You can see a list of packages that have updates available with the following syntax:

# yum update

You will be presented with a list of packages that have available updates before they are applied so you can confirm.

Note: Updating all packages will also update ISPmanager packages and update the control panel to the latest version. Be sure to check the ChangeLog of the software you are using before applying updates. The ChangeLog for ISPmanager can be found here: https://www.ispsystem.com/software/ispmanager/changelog

CentOS (cPanel/WHM control panel)

cPanel provides their own repositories and update mechanism. While it is possible to use yum as with a regular CentOS install, it is strongly recommended to use the update method built into the control panel.

For instructions on how to update your cPanel & WHM server, see https://documentation.cpanel.net/display/CKB/How+to+Update+Your+System

CentOS (Plesk control panel)

Plesk can apply software updates through the control panel on Linux. For information on how to do this, see https://docs.plesk.com/en-US/onyx/administrator-guide/server-administration/system-updates-plesk-for-linux-only.75822/

Windows (Plesk control panel)

To apply updates to Plesk itself (on Windows and Linux), see https://docs.plesk.com/en-US/onyx/administrator-guide/70989/

Windows (no control panel)

Windows updates are enabled by default and will automatically be downloaded. They will not be applied until you confirm.

Manually Checking For Updates (Windows 2008, Windows 2012)

See Microsoft's official documentation for manual Windows Update checking: https://support.microsoft.com/en-us/help/3067639/how-to-get-an-update-through-windows-update 

Manually Checking For Updates (Windows 2016)

  1. Click on Start and open the Setting application
  2. Click on Update & Security
  3. Click Check for updates in the Update status section
Some updates may require a reboot. You can configure when this reboot occurs via Active Hours or Restart options

Active Hours

You can select a timeframe in which Windows will not automatically restart. Note that this timefrae can only be 12 hours.

Restart Options

You can select a custom date and time for an automatic reboot to occur.

Debian & Ubuntu (no control panel)

Generating the Repository Cache

As with CentOS, you need to fetch a list of available updates first. All commands need to be run as root

# apt-get update

After the repository cache is generated, you can apply updates to a single package or to all installed packages.

Updating A Single Package

You can update a single package using the following syntax:

# apt-get --only-upgrade install <package_name>

For example, to update the openssl package:

# apt-get --only-upgrade install openssl
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
openssl
1 upgraded, 0 newly installed, 0 to remove and 107 not upgraded.
Need to get 747 kB of archives.
After this operation, 72.7 kB of additional disk space will be used.
Get:1 http://security.debian.org/debian-security stretch/updates/main amd64 openssl amd64 1.1.0k-1~deb9u1 [747 kB]
Fetched 747 kB in 0s (14.5 MB/s)
Reading changelogs... Done
(Reading database ... 28570 files and directories currently installed.)
Preparing to unpack .../openssl_1.1.0k-1~deb9u1_amd64.deb ...
Unpacking openssl (1.1.0k-1~deb9u1) over (1.1.0f-3+deb9u1) ...
Setting up openssl (1.1.0k-1~deb9u1) ...
Processing triggers for man-db (2.7.6.1-2) ...

As with CentOS, You can get the ChangeLog of a package to determine if a certain security patch is applied using the following syntax:

# apt changelog openssl

You will be presented with the ChangeLog in your pager. To search through this document, you can scroll up and down or you can use the / character plus your query, such as:

/CVE-2019-1543

You will be taken to the search result and it will be highlighted.

openssl (1.1.0k-1~deb9u1) stretch-security; urgency=medium
* Import 1.1.0k
- CVE-2019-1543 (Prevent over long nonces in ChaCha20-Poly1305)

To exit, press q

Updating All Installed Packages

# apt-get upgrade

Applicable Plans - All Cloud Hosting Plans

Configuring Windows Update

Overview

Your Windows Virtual Server needs to run Windows Update in order to stay current with the latest security patches and software updates.

Microsoft configures Windows Update, by default, to download the updates only. An administrator would then need to log in and accept the updates, which usually requires a restart of the server to apply the updates. As a best practice for security, eApps configures Windows Update as Automatic by default. The update process will run every Saturday between 1 AM and 4 AM server time, US Eastern time (EDT/EST). However, if you change the server timezone, the updates will run based on the new timezone setting.

In order to minimize bandwidth usage, the exact time the update runs is randomly determined by a script. In most cases, your Virtual Server will be rebooted as part of the update process.

Having Windows Update set to Automatic is a best practice so that your Virtual Server is regularly updated with the latest security patches and software fixes. This helps keeps your Virtual Server secure and reduces the chances of it being compromised or taken hostage by ransomware pirates. The downside is that your server will be rebooted periodically for most updates.

You can change the Windows Update behavior back to the Microsoft default of Download Only, or to be totally Manual. If needed, you can also change the schedule for the Windows Update, including changing how often the update runs. This is done by making a change to Windows Update. 

More information about Windows Update can be found here - Microsoft - Windows Server Update Services (WSUS)


Changing the Windows Update Behavior

If you need to change the behavior of the Windows Update, you can do this by following the steps below. To make these changes, you will need to connect to the Windows Virtual Server using Remote Desktop as the Administrator user. More information about connecting to your Windows Virtual Server can be found at Connecting to your Windows Server using Remote Desktop

To change Automatic Update Settings, follow these steps:

1. Open CMD or PowerShell as Administrator and run the command 'sconfig'

2. From the SCONFIG screen press 5 (Windows Update Settings:) and then Enter. This will bring up the following options for you to choose from:

   (A)utomatic – This will configure your machine to automatically scan, download, install and reboot after applying any updates.

   (D)ownloadOnly – This will automatically scan, download and notify the admin if updates need to be installed. This is the default setting on Windows Server 2016.

   (M)anual -- This turns Automatic Updates off. Your system will never check for updates.

3. Press the letter specified in the "( )" and press Enter to apply.

4. When the tool applies the configuration you have selected, you will see a message pop-up similar to the one below. Click the OK button to dismiss the message. The tool will refresh the menu and option 5 will now show the new configuration.

Message popups :

   (A) Windows Update set to Automatic. System will check for and install updates every day at 3:00 AM.

   (D) Windows Update set to DownloadOnly. System will check for and download updates.

   (M) Windows Update set to Manual. System will never check for updates.


Changing the Windows Update Run Time

If you need to change the schedule for the Windows Update, you can do this by following the instructions below. To make these changes, you will need to connect to the Windows Virtual Server using Remote Desktop as the Administrator user. More information about connecting to your Windows Virtual Server can be found here: Connecting to your Windows Server using Remote Desktop.

The settings are located under ‘Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Windows Update’.

1. Open CMD or PowerShell as Administrator and run the command 'gpedit'.

2. In the Group Policy Management Console (GPMC) expand computer Configuration, expand Policies, expand Administrative Templates, expand Windows components, and then click Windows Update.

3. In the details pane, double-click Configure Automatic Updates. The Configure Automatic Updates policy opens.

4. Click Enabled, and then select one of the following options under the Configure automatic updating setting:

   - Notify for download and notify for install. This option notifies a logged-on administrative user before you download and install the updates.

   - Auto download and notify for install. This option automatically begins downloading updates and then notifies a logged-on administrative user before installing the updates. By default, this option is selected.

   - Auto download and schedule the install. This option automatically begins downloading updates and then installs the updates on the day and time that you specify.

   - Allow local admin to choose setting. This option lets local administrators to use Automatic Updates in Control Panel to select a configuration option. For example, they can choose a scheduled installation time. Local administrators cannot disable Automatic Updates.

5. Once it is Enabled, you have the option to set the two following options:

Scheduled install day: [default(0 - Every day)]

Scheduled install time: [default (03:00)]

6. Once you have made the changes, click on OK.

NOTE - We recommend that you use the automatic update option to keep your Windows server up to date. if you make changes to the Windows Update behavior or scheduling that results in your Virtual Server being compromised you will be responsible for consequences resulting from your server being compromised. This includes but is not limited to bandwidth overage charges, business interruption or damage, loss of data, and the time required by eApps Support to secure or assist you with your Virtual Server.

Applicable Plans - All Cloud Hosting Plans

Connecting to your Windows Virtual Server using Remote Desktop

Overview

In order to manage your Windows Virtual Server, you will need to connect to it using Remote Desktop Protocol, also called Remote Desktop or RDP. To use RDP, you must have a Remote Desktop Connection client. This is an application you will run on your local computer or handheld device, and connect to the desktop of your Windows Server.

There are Remote Desktop Connection clients available for most modern operating systems, including Windows XP Pro and above, Mac OS X, Linux/UNIX, iOS and Android. There is also a Console available in the Customer Portal.

To connect to your Windows Virtual Server using an RDP client, you will need to have Administrator access. You may also need to install an RDP client on your local PC computer or handheld device, or configure an existing RDP client if one is already installed.

Note Your Windows VS allows two concurrent Remote Desktop connections by default, one as Administrator and one as Guest. If you need more than two concurrent RDP connections to your Windows VS, you will need to purchase a license for EACH user connecting to the VS. Please contact eApps Sales for more information if needed.

Table of Contents

General Instructions

Using a Windows PC

Using a Mac OS X PC

Using a Windows, Android, or iOS Handheld Device

Using a Linux Device

Using the Console from your Customer Portal



General Instructions

The procedure for connecting to your Windows Server is the same on all PCs and devices you use, except for some differences in how to use the RDP Client for that device. The following general instructions apply to all devices.

1. Open your RDP client

2. Input your Server's IP address. e.g.(IP: '127.0.0.1')

3. Input your Credentials e.g.(user: 'Administrator', password: 'YourPasswordHere')

4. Connect to your Server.

5. (Optional) Dismiss the security prompt.

6. You are now connected to your server.


Using a Windows PC


The Windows Remote Desktop Client is available for all versions of Windows starting with Windows XP Professional SP3. The software is installed by default.

In the search box on the taskbar, type 'Remote Desktop Connection' or 'mstsc' and then select Remote Desktop Connection. In Remote Desktop Connection, type the IP of the server you want to connect to and then select Connect.

You will be asked for your credentials, which should be an account with Administrator privileges.

You might get a warning stating the following:

   "The identity of the remote computer cannot be verified. Do you want to connect anyway ?"

This warning can be ignored, you can tick the checkbox at the bottom:

   "Don't ask me again for connections to this computer"

Then you can click 'Yes' and you will be connected to your server.

Links:

How to use Remote Desktop: https://support.microsoft.com/en-us/windows/how-to-use-remote-desktop-5fe128d5-8fb1-7a23-3b8a-41e636865e8c


Using a Mac OS X PC

To connect to your Windows Virtual Server from Mac OS X, you will need to install a Remote Desktop Connection client. eApps recommends the official Remote Desktop Connection client from Microsoft, but other clients exist and can easily be found online.

Inside the Mac App Store, type "Microsoft Remote Desktop" into the search bar at the top right-hand portion of the window. The option you want is an orange icon with a computer monitor on it. It should be the first option listed.

To begin downloading Microsoft Remote Desktop, click the blue "Get" button. This app is free, so no price will be listed. Once you click on "Get," the button will turn green and say "Install app." Click the button again.

Once you open the App, click the "New" button at the top left of the Microsoft Remote Desktop screen. You'll be prompted to fill in a few fields.

Once you have filled in the 'PC Name' field with your server's IP address and your credentials under the corresponding fields and you are finished configuring your remote desktop, click the red close button at the top left of the dialog box and your new remote desktop will be added. To start a session with that desktop, simply double-click it to begin.

This logs you into the Windows VS and takes you to the desktop, where you can now manage your VS.

If you want to edit, duplicate, export, or delete that remote connection, right-click (control + click) on the desktop name to access those options.

Links:

Microsoft Remote Desktop in AppStore: https://apps.apple.com/us/app/microsoft-remote-desktop/id1295203466?mt=12

Official Microsoft documentation: https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-mac


Using a Windows, Android, or iOS handheld device

Open the Remote Desktop app (available for free from Microsoft Store, Google Play, and the Mac App Store), and add the IP of the server that you want to connect to.  Select the remote PC name or IP that you added, and then wait for the connection to complete.

Links:

Windows App: https://www.microsoft.com/en-US/p/microsoft-remote-desktop/9wzdncrfj3ps

Android App: https://play.google.com/store/apps/details?id=com.microsoft.rdc.androidx

iOS App: https://apps.apple.com/app/microsoft-remote-desktop/id714464092


Using a Linux/UNIX device

We recommend that you use the remote desktop client called Remmina. Note that this software only works on Linux distributions that have a graphical user interface.

Ubuntu has Remmina installed by default, to install it on other distros (CentOS, etc.), check the Link below.

To quickly start a remote access, select the RDP protocol, type the hostname or IP address of the computer you want to connect to (e.g. 10.0.0.251) and hit Enter.

If it’s the first time you connect to this Windows Server, Remmina asks whether to trust its certificate, click Yes.

On the next screen, enter your User name and Password on the remote computer. Also provide the Domain, if necessary. Optionally, you can choose to Save password. Click OK.

Now you are connected to your server.

Links:

Remmina RDP Client: https://remmina.org/how-to-install-remmina/


Using the Virtual Server Console in the Customer Portal

Your eApps Customer Portal has a built-in console to access your Windows Virtual Server. The console can be found on details page for your Windows Virtual Server. Click on the console link and login as Administrator.

Enter the Administrator password. This logs you into the Windows VS and takes you to the desktop, where you can now manage your Windows Virtual Server.