Plesk Acquired by Oakley Capital


Plesk receives pivotal investment from Oakley Capital and embraces the future of cloud, WordPress management, and DevOps

Today, I am excited to share with you that Plesk has completed the separation from Parallels Holdings Limited, having been acquired by Oakley Capital.

Fully focused and committed to the cloud and hosting industry

As an independent company backed by Oakley Capital’s experience and investment, Plesk will now expand beyond traditional web hosting into the hyperscale cloud. Evolving to become an all-in-one platform, we will offer web professionals push-button access to advanced tools like Docker, support for microservices, and simplified cloud management, and accelerate innovation to remain ahead of the market and our users’ needs.

As CEO, I’m personally extremely excited that, with Oakley’s investment, we are now in a position to further empower our existing channel of more than 2,500 strategic partners and accelerate deployments and go-to-market innovations. We will deliver simplified hyperscale cloud platforms for all businesses related to, and dependent on, hosting services!

Jan Löffler, our Chief Technology Officer, also shared with me his vision to supply the world’s 20 million cloud developers with a WordPress management tool that will enable scalability, artificial intelligence, machine learning, and security that can be deployed from anywhere to everywhere.

For us, this investment marks a step to advance with new acquisitions and engineer the Plesk platform for the future.

Strategic partnerships with the best and brightest

At the core of our growth strategy is to work alongside the best and most innovative in the industry. We’ve forged strategic partnerships with industry giants like Amazon Web Services, Microsoft Azure, Google Cloud, and Alibaba Cloud, and also innovation leaders like Docker, Symantec to provide Encryption Everywhere, and Kolab — the company behind Roundcube, the most popular open source webmail provider — to develop Plesk Premium Email that is focused on privacy.

Earlier this year, we signed a landmark partnership with Automattic, the people behind WordPress.com — the world’s most popular open-source, online publishing platform, currently powering more than 26% of the web — to co-develop the Plesk WordPress Toolkit. With more than 1 million WordPress installations already running on Plesk, our WordPress toolkit has been extremely well received by our users, and within the WordPress community.

In the words of Peter Dubens, Managing Partner at Oakley Capital: “We are delighted to be investing in Plesk, which is a widely used software platform with significant growth potential in a sector we know well. We are excited to be partnering with a strong management team and we believe that our combined experience will support the business as it moves into the next phase of its development”.


About Plesk

Plesk is the leading WebOps platform to run, automate and grow applications, websites and hosting businesses. Plesk is running more than 377,000 servers, automating over 11 million websites and 19 million mailboxes. Available in more than 32 languages across 140 countries, 50 percent of the top 100 service providers worldwide are partnering with Plesk. Plesk has simplified the life of SysAdmins and SMBs since the early 2000s and continues to add value across multiple cloud services.

About Oakley Capital

Oakley Capital comprises Oakley Capital Private Equity L.P. and its successor funds, Oakley Capital Private Equity II and Oakley Capital Private Equity III, which are unlisted mid-market private equity funds with the aim of providing investors with significant long term capital appreciation. The investment strategy of the funds is to focus on buy-out opportunities in industries with the potential for growth, consolidation and performance improvement.

Plesk media contact:

Lukas Hertig, CMO at Plesk
lhertig@plesk.com
+4179 601 19 89

Oakley media contact:

Oakley Capital
+44 20 7766 6900
Peter Dubens, Managing Partner

FTI Consulting LLP
+44 20 3727 1000

Edward Bridges / Stephanie Ellis

Liberum Capital Limited (Nominated Adviser & Broker)
+44 20 3100 2000

Steve Pearce / Henry Freeman / Jill Li

The post Plesk Acquired by Oakley Capital appeared first on Plesk.





Database Management Software: What to Look For?


In this era of evolution, there are several applications that have made our workplace lives easier. It might be due to a gaming app, health management app, social media app, chatting app etc. But the applications that help millions of people to keep everything under their eyes are the systems that stores, manage, retrieve and … Continue reading Database Management Software: What to Look For? >>

The post Database Management Software: What to Look For? appeared first on Lunarpages.





Imunify360 Security


Billed as “The Complete Six-Layer Security for Your Linux Web Server,” Imunify360 offers a next-generation security solution built for Linux VPS. The dashboard gives users a consolidated view and control over an advanced firewall, IDS/IPS, malware detection, sandboxing, patch management and reputation management. It enables centralized incident management.

IO Zoom customers can add Imunify360 to their VPS running starting at $6 per month up to $20. Imunify360 requires CentOS or CloudLinux operating systems with cPanel. Support for Plesk is coming soon.

Fore more information about Imunify360 visit https://imunify360.com/





Managed Optimized WordPress VPS Plans


We are exicited to launch our managed and optimized WordPress VPS plans. WordPress powers over 26% of the web and is by far the most popuar CMS with a 60% market share. IO Zoom makes it easy to power your WordPress websites with the fastest technology to make your sites fly.

With high performance SSD’s along with Nginx and caching technology including Memcached, OPcache, and Varnish, your WordPress site will be hosted on a highly optimized and tuned WordPress server stack. IO Zoom’s managed wordpress VPS come fully managed with cPanel and Softaculous included giving you the ability to install WordPress in one-click and start at $23/month.

For more details, plans and pricing, visit our Managed WordPress VPS page or contact us if you have any questions.





Varnish for WordPress in a Docker container


Is your website experiencing heavy traffic? Are you looking for a solution that will reduce server load and will improve website speed? Varnish might just be what you need. Varnish listens for duplicate requests and provides a cached version of your website pages, mediating between your users’ requests and your server.

So how do you activate Varnish? In this article, I will show you how you can easily increase your website speed by using Varnish as a one click Docker container. I will demonstrate how using a website caching solution like Varnish can easily improve both page response times and the maximum number of concurrent visitors on your website. To simulate real traffic and measure correct response times, I have used an external server similar to blitz.io, stormforger.com or loadstorm.com to generate lots of traffic and concurrent users to our site.

What is Varnish and why should you use it?

Varnish HTTP Cache is a software that helps reduce the load on your server by caching the output of the request into the virtual memory. It is a so-called HTTP accelerator and is focused on HTTP only. Varnish is open source and is used by high traffic websites such as Wikipedia.

If you have lots of daily visitors, we recommend using a cache mechanism. You’ll see your response time improving significantly because the server can send the already cached data, directly from the memory, back to the client, without the resource consuming process handling on the web server. Additionally, it reduces the load on the CPU so that the server is able to handle many more requests without getting overloaded. I will demonstrate this in the stress tests later.

Running Varnish in a Docker container

Docker is a great open source project that makes it incredibly simple to add Varnish to a running server. We don’t need to install Varnish on the production server, we simply use a ready-to-go Varnish Docker image. The main advantage is that if something goes wrong with the container, we can simply remove it and spin-up a new container within seconds. The way in which Docker containers are designed guarantees that Varnish will always run independently of our system environment. Do you want to know more about Docker containers? Read more about the 6 essentials on Docker containers!

For this tutorial, I will use the newly integrated Docker support on Plesk to activate Varnish. The Plesk interface makes it easy to get a Varnish instance running, only requiring small modifications of the Varnish configuration file to be done using the terminal.

A further improvement would be to rebuild the Varnish Docker image so that it takes our configuration as a parameter from the Plesk UI. For now, I’ll stick to the original Docker image and upload our configuration via shell.

Activate Varnish in Plesk and test on a static page

Okay, let’s try it first on the default static page of Plesk. In the default settings, Plesk uses Nginx as a reverse proxy server for Apache. This means that Nginx is listening to default port 80(443 for HTTPS) and Apache to an internal port (7080 HTTP, 7081 HTTPS) We will push our Varnish container in between of the two web servers. In this scenario, Varnish will get the request from Nginx and the content from Apache. Don’t worry, it’s easier than it sounds!

Go to Docker and search for the image million12/varnish in the Docker Image Catalog. Once found, click “run” and Plesk will download the image to your local machine. After the download, click “run (local)”, which will open the configuration page of the container. The only thing that we’ll change is the port mapping.

Varnish in Docker container on Plesk Onyx – Port mapping

Remove the tick at the option “Automatic port mapping” and set an external port (I will use port 32780 in this tutorial) for the option “Manual mapping”. This means that port 80 of the container is mapped to the external port 32780. By adding a proxy rule we can “talk” to the container through this external port. We will set the backend server in Varnish to the Apache port from where the data will be gathered if a “cache miss” occurred.

Test Varnish with a static page

Create a subdomain for testing our Varnish integration on a static page. After the subdomain was created, go to the “Hosting Settings” and deactivate the options “SSL/TLS support” and “Permanent SEO-safe 301 redirect from HTTP to HTTPS” because we want to test the Varnish functionality over HTTP first. Okay, but how do we redirect the requests to the Varnish container? This can be done easily with the option Docker Proxy Rules that you will find in the domain overview.

Varnish – Proxy rules for Docker container on Plesk Onyx

Click on “Add Rule” and select the previously created container and the port mapping that we entered manually. If you cannot make a selection, then your container is not running. In this case you should click on Docker in the menu and start the container first. If you open the subdomain after you’ve activated the proxy rule, you will see the error Error 503 Backend fetch failed. Don’t panic, this is an expected behavior. We did not configure the Varnish backend server yet!

Varnish – Error 503 Backend fetch failed

Configure Varnish properly in the Docker container using SSH

This is the only time when we need to access the server and the Varnish Docker container via SSH. Open your terminal and type

$ ssh root@111.222.333.444 // Replace with your user name and correct IP address

Enter your password if required to get access to the server. Tip: use a private / public key pair to improve the security of your server!

First of all, we need to find out the ID of our Docker container. To list all active container type into the command line

$ docker ps

Varnish – Running Docker containers – Plesk Onyx

Copy the Docker ID and use the following command to access the Docker container

$ docker exec -it ID bash // Replace ID with the correct container ID

Okay, the most important thing to do is change the host and port value for the default backend server in the file. /etc/varnish/default.vcl

For .host we will enter the IP address of the server where Plesk is executed (in our example 111.222.333.444) and for .port 7080. As mentioned before, this is the default Apache HTTP port in Plesk. We have to use this port because, internally ,Varnish can only speak over an unencrypted channel!

Tip: Do we have a cache hit or miss?

How do we see that the content was loaded from the memory and not from the Apache server? You will see that the request was processed by Varnish through a special header entry in the response, you will not know whether the data was loaded from the memory or was requested from the Apache server.

To achieve it without having to use varnishlog in the console, we can set another header value with the corresponding value (cache hit / cache miss). We have to use the function sub vcl_deliver that is the last exit point for almost all code paths (except vcl_pipe). Add the following code within the curly brackets of the function sub vcl_deliver

if (obj.hits > 0) {
set resp.http.X-Cache = "HIT";
} else {
set resp.http.X-Cache = "MISS";
}

Use the Developer Tools in your browser to examine the response

Save the modified file and exit the container. Switch to your Plesk UI again and restart the container in Docker with the “Restart” button. When you see the success message, go to the tab of the subdomain with the 503 error message. Do not reload the page yet but open the Developer Tools first (alt + cmd + i on a MacBook). Go to the “Network” tab and reload the page. Select the first entry (URL /) and take a closer look at the “Response headers”.

Varnish – Cache Miss

If everything was done properly, you will see some new header variables:

X-Cache – This is the variable that I’ve defined in the configuration file. After the first reload it should display a “MISS”.
X-Varnish: ID – The internal ID for this file in Varnish {more information required}
Via: "1.1 varnish-v4" – This shows that the request was redirected through the Varnish container.

Okay, it’s about time to see some Varnish magic! Click on the reload button in your browser to reload the page. This time it will be loaded from the virtual memory.

Varnish – Cache Hit

What about websites that are using HTTPS to encrypt the connection?

It also works and the best part of it is that you don’t have to change anything! Create an SSL certificate for the subdomain using the great Let’s encrypt extension. After the certificate was created and assigned (the extension does it automatically), go the the static page and reload it using https:// instead of http:// If you open your browser console, you will see a X-Cache: HIT in the response headers:

Activate Varnish caching on your WordPress website

We just saw that it’s technically possible to activate Varnish inside a Docker container with Plesk. Now let’s try it on a WordPress website!

The main difference is the configuration of the VLC configuration file within the Varnish container. WordPress is a dynamic CMS, thus we cannot cache everything without restricting the functionality of the system; the administration pages shouldn’t be cached since changes wouldn’t be possible any more for logged in users.

There are many pre-defined configuration files for WordPress available on the internet, from various developers. In most cases, you can use them right away without any modifications. For our test integration, we will take the configuration file created by HTPC Guides (with small adjustments – link below).

For this article and for the stress tests I’ve created a fully workable website with WordPress. I want to test under real conditions and not with a default WordPress installation. The website should also be secured with an SSL certificate and only callable over HTTPS. For this reason, I will also activate an SSL certificate with the help of the Let’s Encrypt extension for this installation.

Use a WordPress Plugin to activate support for HTTPS

Important: Do not use the option “Permanent SEO-safe 301 redirect from HTTP to HTTPS” within Plesk in “Hosting Settings” because this will lead to a redirect loop in our special environment constellation. Instead I will use a WordPress plugin to switch our installation completely to HTTPS. The name of the plugin is Really Simple SSL and can be downloaded from the official plugin repository.

Please make the same preparations like for the static page but add this time the additional required configuration data for WordPress to the default.vcl configuration file inside the Docker container. I’ve used the this Varnish configuration file (GitHub Gist) for my test installation. Don’t forget to adjust the backend server again like we already did for the static page!

Tip: Do not forget to restart the Docker container from the Plesk UI to reload the configuration information. If you forget to restart the container, then Varnish will not work properly with the WordPress website.

Now reload the front page of WordPress with the browser console open. The first loading process should throw an X-Cache: MISS but the second (and following) reloads will return an X-Cache: HIT.

Varnish in WordPress – Cache Hit

Let’s run some stress tests with Blitz.io!

We’ve seen that Varnish helps to improve the performance of the website. What is with the promised load reduction on the CPU? I can test it with the so-called stress testing which will load the website with many concurrent users per second for a certain time span. Without any security and overload protection, the server will start to respond steadily slower until the requests cannot be handled any more completely. With activated Varnish the server will be able to serve such intensive requests longer without throwing errors.

All right, it’s time to run load and performance tests with the external service provider Blitz.io.

Note: I used a very small server for this test instance (only 1 CPU and 500MB Memory), so the positive impact of Varnish should be much higher on a more powerful server!

Result WITHOUT Varnish:

Stress test – WordPress without Varnish

As you can see, I had to abort the stress test because the server already couldn’t handle the request after less than 5 seconds and less than 50 concurrent users. After just 15 seconds the server collapsed completely and no requests could be managed any more!

Result WITH Varnish:

Stress test – WordPress with Varnish

Varnish magic! As you can see, the Varnish cache allows us to keep the server stable even under heavy load. The small test server handled over 300 concurrent users and responded all requests over 30 seconds without any errors. After 30 seconds and over 300 concurrent users the server was overloaded and couldn’t accept further requests. With a more powerful server the numbers should be much higher! So, it’s also great to keep your website reactively if it suffers a DDoS attack, at least for a certain number of requests.

Summary: Varnish for WordPress within a Docker container on Plesk

Let me make a small checklist:

  • Varnish in Docker container? Yes.
  • Varnish in WordPress? Yes.
  • Varnish in Plesk? Yes.
  • Varnish for WordPress within Docker container in Plesk? Absolutely, yes!

Mission accomplished!

As you’ve seen, Varnish can greatly improve the performance of your WordPress website and reduce the CPU-load of your server. It’s relatively easy to setup a working environment using Varnish in a Docker container between Nginx and Apache within Plesk. The most important part is the correct configuration of Varnish for your specific CMS.

Thank you for reading. In the next blog post, I will take a look into another memory caching system, Memcached.

Stay tuned and stay Plesky!

The post Varnish for WordPress in a Docker container appeared first on Plesk.





Symantec Files Additional Patent Infringement Suit Against Zscaler, Inc.


Reaffirms Commitment to Safeguarding Symantec’s Valuable Intellectual Property

MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)– Symantec Corp. (NASDAQ:SYMC) today announced that it has filed a second patent infringement lawsuit against Zscaler, Inc. in the U.S. Federal District Court for the District of Delaware. Symantec previously filed a separate patent infringement complaint against Zscaler on December 12, 2016.

The lawsuit filed today asserts that Zscaler has been illegally using Symantec’s patented technology relating to a variety of network security technologies, including web security, security scanning, data loss prevention, intrusion prevention and intrusion signature analysis. The seven patents asserted in the lawsuit filed today pre-date the formation of Zscaler and include six patents that were obtained through Symantec’s acquisition of web security market leader Blue Coat Systems. This lawsuit is based on U.S. Patent Nos. 6,285,658; 7,360,249; 7,587,488; 8,316,429; 8,316,446; 8,402,540; and 9,525,696.

“We are taking this additional action because we believe that Zscaler is continuing to infringe the intellectual property of Symantec and Blue Coat,” said Scott Taylor, Symantec’s Executive Vice President, General Counsel and Secretary. “Symantec has a responsibility to its shareholders and customers to protect the Company’s investments in innovative technologies. Symantec will continue to vigorously defend its valuable portfolio of patents and other intellectual property assets.”

Symantec noted that it is continuing to investigate this matter and will file further claims if additional infringements are identified.

About Symantec

Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. Organizations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. Likewise, a global community of more than 50 million people and families rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home and across their devices. Symantec operates one of the world’s largest civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats. For additional information, please visit www.symantec.com or connect with us on Facebook, Twitter, and LinkedIn.

NOTE TO U.S. EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.

Symantec and the Symantec logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

Source: Symantec Corporation





Getting Rid of Malicious Adware


Cisco estimates that nearly 75% of organizations have suffered an adware infection. Adware, or advertising supported programs, are software with embedded advertising that automatically displays or downloads advertising material when a user is online. Have you ever tried to install Adobe Reader and found it offering to install an “optional” extra program, such as Google Chrome or a McAfee security solution? This is an example of adware from legitimate and respectable companies that can easily fool your security program because they appear as advertisers and not criminals. Then there are thousands of shady advertisers with junk programs that try every trick in the book to install something without your consent. For instance, a web page with a phony message warning you that your Adobe Flash needs to be updated comes up and you click OK without reading it too closely and you immediately get a host of new useless programs on your computer, eating up your resources or even spying on your browsing activities.

You can be one errant click away from your screen being inundated with web page pop-ups, links to ads, or your system being injected with malicious programs, browser extensions and add-ins. And that is just the beginning. When adwares are part of a malware cocktail comprising of rootkitsTrojans and more, then it can be an even more serious problem. Since malicious adware is designed to make its way onto your computer and stay there, slowly driving you insane, you are probably interested in learning the steps can you take to get rid of unwanted adware.

What to Do After the Infiltration of Adware 

Adware from malicious hackers that use unethical business practices are harder to remove by design and generally require the use of an adware cleaner or removal tool.

  1. Disconnect: To prevent the adware programs from sending out sensitive information or from opening more backdoors to your computer, you can disable your network connection or simply unplug the Internet cable from your computer.
  2. Remove Malicious Programs from Your System: There are two distinct methods that can be used to remove adware from the system, either through manual removal or automatic adware removal. After disconnecting from the Internet, you can quite simply remove any adware or spyware listed in Add/Remove Programs from Control Panel, and reboot the computer. Then run a full system scan using any up-to-date antivirus scanners, preferably in Safe Mode (to limit the adware’s access to your system components). If prompted, allow the scanner to clean, quarantine, or delete as necessary.  You won’t find adwares that install themselves within your browser as plugins or extensions, in the Control Panel. Therefore, take the following steps-
  • To remove adware in Chrome browsers, navigate to ‘Extensions’ under ‘Settings’.
  • For Firefox, open menu in the top right corner, and check ‘Extensions’ under ‘Add-ons’ to remove any suspicious extensions installed.
  • In Internet Explorer, access and uninstall adware serving extensions through ‘Add-ons’ under ‘Tools Manage.’
  1. Reset Your Setting: Adware can often modify your browser settings in order to change your homepage or redirect you to malicious websites. You will need to reset any such settings.
  • For Google Chrome, go to ‘Settings’ and check the pages present in the “On startup” section.  To remove any of them, click the “X” button next to a page. To change your search settings, go to ‘Manage Search Engines’ under ‘Settings’ and set up your default search engine.
  • For Firefox, press ‘Open Menu’ and go to the ‘General’ section and modify your homepage in the startup section. Then go to the ‘Search tab’ on the left side of the menu to set up your default search engine and add or remove search engines, according to your need.
  • In Internet Explorer, go to ‘Internet Options’ under the ‘Tools’ section and modify the URL you want in the homepage section.

You also need to ensure that your HOSTS file hasn’t been hijacked and any undesirable websites haven’t been added to your Trusted Sites Zone. Sometimes, manual adware removal may not do the trick because these programs contain various components that come in a pack and you can often unintentionally leave unwanted files and similar components on your computer.

Automatic Adware Removal

Thankfully there are other ways to remove and defend against malware-related adware too. Automatic adware removal is the most reliable way to eradicate adware and its components using legitimate anti spyware programs that have extensive parasite signature databases for easy detection and elimination.

Major operating systems have their own built-in removal tools, such as the “Malicious Software Removal Tool” from Windows, which scans and removes adware. Even Mac OS X can automatically scan and quarantine known threats. But your system has to be up-to-date, or these OS tools won’t work properly.

There are popular third-party security and anti-virus software, such as Norton, Kaspersky, Avast and McAfee that include adware detection and removal tools. Keep them updated with the latest patches and definitions. Run a scan if you think your computer is infected.

The Final Word on Adware

While adware may be a more manageable threat than rootkits or Trojans, they can still wreak havoc on your system and act as a gateway for other, more serious types of infection later. All you have to do is be more careful about the sites you visit, and watch what software you install.