20 Jun 2013 
Support Center » News » CNS SERVICE UPDATE for February 5, 2012
 Login  
Username:
Password:
Remember Me:
 
Reset Password
 Search
 News Options
 Add Comment
 Print
 PDF Version
 Add to Favorites
 CNS SERVICE UPDATE for February 5, 2012
Posted By: Barry Bahrami On: 05 Feb 2012 12:14 PM
Details .

[CNS Login]
RE: CNS SERVICE UPDATE - February 5, 2012
  • Securing your VPS from hackers: RDP hacking is increasing.  Learn how to prevent hackers and hacking worms from stealing valuable resources from your hosted applications, and how to keep our firewalls from interfering with your remote login.
  • New bundling brokers: Another broker has joined our VPS Bundling program – can you get a free or discounted CNS VPS?
  • Autoboot updates: Are you still running an older version of Autoboot? 3.0.22 is now available with the much requested "enable/disable all" feature.
Securing your VPS from hackers and hacking robots:

Please be advised we have detected a sharp increase in RDP hacking robots coming from the Internet.  RDP hacking robots are usually other machines on the Internet infected with a worm, but can also be a determined hacker simply looking for a host to hack into and exploit.  These RDP hacking robots will connect to another host on the Internet (your VM) and initiate a brute force password hack, testing hundreds of login attempts in just a few short seconds - over and over again.  This will often result in the targeted VM being starved for resources while it works hard to deny each and every login request, which can potentially impact the running application(s) inside your VM because it may not have all the resources it needs.  Even if you typically use another remote desktop technology, such as VNC or Team Viewer, RDP hacking robots can still affect your VM because the RDP port is open and your VM will respond to incoming login requests.  Sometimes these robots can crack a password and gain entry, resulting in an infection and/or allowing an anonymous criminal access into your VPS.

To combat the threat, we have always been throttling new RDP and VNC connection requests on default ports to about 3 new connections in a 15 second window.  This allows us to detect the repeat connections these hacking robots make and then block them from accessing our network until there are no more connection requests for at least 15 seconds.  While this works well, it is not a total solution because a robot only needs to make one connection to your VM in order to execute hundreds of login attempts.  It can also affect legitimate users who may be experiencing connection issues from reaching the VM because their multiple connection attempts in a short window will trigger these same edge firewall rules.  As a result of the increased activity, we have changed our edge firewall thresholds to 3 attempts in a 60 second window until the 'storm' passes.  While this is already stopping more of these robots from reaching subscriber VM's, it's not a 100% solution - we can't block all of them without interfering with your access to the remote desktop - but there is a way to resolve the problem completely and secure your VM from these threats.

Commercial Network Services is the only provider to offer RDP Randomizer and two-factor authentication free to all subscribers.  Each represents one layer of a total security solution.  RDP Randomizer will prevent robots from connecting to your VM, so they are unable to even attempt a login (and steal resources in the process).  And two-factor authentication makes sure that anyone connecting is indeed authorized because they must have your mobile device with them to enter the random PIN code.

We strongly recommend all subscribers install RDP Randomizer at a minimum, and ideally both RDP Randomzier and two-factor authentication.  RDP Randomizer will change the default RDP port your VM listens to, so remote threats can not connect to your VM without first scanning all TCP ports (which we can identify and stop very easily).   Installing RDP Randomizer will require a reboot of your VPS and a new RDP shortcut will be emailed to you.  You can then save the shortcut to your PC or laptop desktop and double click to connect.  If you login with a mobile device or another RDP application without using a RDP shortcut, then simply adding the new port to the IP will be all that is required (ip:port) to login after installing RDP Randomizer.

Two-factor authentication (2FA) combines something you have - your mobile phone - with something you know - your password - to complete a strong authentication solution.  When a subscriber logs into a system protected by CNS 2FA, they must first enter their regular user name and password. We then send the registered mobile device a random PIN code via SMS, and prompt for the same code on the login screen. The subscriber must enter the correct PIN code to complete the login procedure. PIN codes can also be sent to email addresses.  We will also be releasing applications for smartphones soon - eliminating the need to wait for a SMS because the random code will instead always be available from the mobile device.

How to install RDP Randomizer:

Installing RDP Randomizer is very easy and will require a reboot of the VPS.  To install RDP Randomizer, please download and run the installer from inside your VPS.  The installer can be found on our helpdesk, on the top page under the section "Popular files".  You will be prompted to enter an email address where a new RDP shortcut will be sent.  The VM will then reboot after you press the Randomize button, so close your RDP window and wait a few minutes.  You can then reconnect with the new RDP shortcut you received via email.

How to install 2FA:

Installing two-factor authentication is a little more involved.  Specifically, it requires adding the feature to your subscription, installing the 2FA client in the VPS and then registering your mobile devices.  To add the 2FA feature to your subscription, login to your CNS control panel and click "my products & services", then "view details" next to the subscription.  Click "upgrade/downgrade options" and add two-factor authentication.  Next, install the 2FA client software in the VPS.  The 2FA client software is available at our helpdesk by searching "2fa".  You will notice a new shortcut on the VPS desktop labeled "2FA Config".  Open it and add your mobile device.  We recommend the bottom two drop-downs are set to 'most secure' and that you enter a challenge question and answer.  The challenge question will be requested of you by CNS support if you lose your mobile device, and CNS support will expect the answer you have entered.

Please - open a support ticket if you require assistance.  We will be happy to assist you in securing your VPS.  Please login to your Client Area and click "Help Desk" near the top, then click "Submit a Ticket" to send a new support request to our technicians.
[TOP]

 New bundling brokers:

We are please to welcome BNFX Capital Ltd.  to our growing list of brokers sponsoring a CNS VPS for their traders. The CNS VPS Bundling program allows brokers to include a free or discounted CNS Trader’s VPS with their customer accounts by sponsoring all or part of the CNS subscription fee that is invoiced to the trader by CNS. The CNS VPS subscription remains the property of the trader while allowing the sponsoring broker to post credits directly to the subscribers renewal invoice to offset or pay the renewal fee in full. Each broker has their own program terms to qualify for sponsorship.

If you would like to apply your CNS VPS subscription to a brokers bundling program then please open a CNS support ticket and provide the coupon code as listed below. If your broker is not yet a member of our bundling program then please ask them to join! More information about our Broker Bundling program can be found here.

The following is a list of our Broker Bundling members and their respective program details. The most current list of brokers participating in our bundling program can always be found in this knowledge base article.

More brokers are on the way - stay tuned!
Broker Terms Coupon Code Datacenter/Latency
backbayfx

Introducing broker for: FXDD, Alpari, FXCM, Institutional Liquidity, FX Solutions, Forex.com, Pension, PFG Best, citi, MIG, AVAFX 		All BBFX clients Participating in the FREE VPS service will have their monthly service covered and will not be billed if they complete the Round Turn Standard lot requirement. Please contact Back Bay FX at 617-357-6100 / info@backbayfx.com with any questions or issues BBFX SEE LATENCY CHART
ibfx
 Each month, Interbank FX will credit up to $35 of the monthly CNS VPS fee for customers who have a minimum $5,000 average balance. IBFX NYC/2ms
ibfxau
 Each month, IBFX Australia will credit up to $35 of the monthly CNS VPS fee for customers who have a minimum $5,000 average balance. IBFXAU NYC/2ms
dcmfx
 Fully Sponsored Premium Trader’s VPS [Windows 2008 R2 1GB RAM AND 30GB DISK, US$47.80/month] by Direct Currency Markets – www.DCMForex.com for valued clients maintaining a minimum $5,000 average DCM Trading Account balance. Minimum trade volumes may be applied. Contact support@DCMforex.com for more information. DCM PRO NYC/2ms
eesfx
 EES FX will sponsor a VPS at CNS free for any trader that trades with EES FX meeting the following criteria:
  • Subscriber to EES FX ($99/month).
  • Live account holder with EES FX TE with $25,000 deposit that does at least 60 standard 100k r/t trades in 1 month.
  • Purchase any EA worth over $1,000 and receive a free VPS for 6 months.
 EESFX NYC/1ms

pepperstone		 Each month, Pepperstone will credit up to $35 of the monthly CNS VPS fee for customers who have a minimum $10,000 average balance. Must trade over 200 lots in a calendar month. Please contact Pepperstone at +61 3 9020 0155 / support@pepperstone.com with any questions or issues. PEPPERSTONE NYC/2ms
divisa
 Divisa Capital (www.divisafx.com) now offers FREE VPS hosting (up to a $47.80 value)! Any client who maintains an average balance of $5,000 and completes 25 standard lots per month is welcome to use this service. Please email support[at]divisacapital.com for additional information. DIVISA NYC/2ms
divisa EEach month, BNFX will credit up to $35 of the monthly fee for a CNS VPS for BNFX clients who maintain a minimum balance of $2500 USD (or equivalent) OR have traded more than 25 Standard Lots (round turn) per month. Please contact support (at) bestecnz.com for any questions on concerns.   BNFX NYC/1ms 

[TOP]
Autoboot updates:

Autoboot 3.0.21 is nAutoboot 3.0.22 is now available. The 3.0.22 release adds the much requested "enable/disable all" feature, and fixes bugs related to log monitoring.  A list of updates since 3.0.17 is included below. To upgrade your Autoboot, please download/install it from your CNS VPS.

Autoboot v3 features as of 3.0.22:
  • Use alerts to restart the application, the VPS/PC, or email you a message.
  • Global restart: Autoboot will restart all configured applications after a VM reboot
  • Resource alerts option: Trigger an alert if the VM runs low of RAM
  • House cleaning option: delete MT4 logs daily
  • API now available
Application Management - Autoboot will trigger an alert if:
  • CPU (used by the app) exceeds a preset amount
  • RAM (used by the app) exceeds a preset amount
  • application hang or crash
  • key words in MT4 or EA log files are found (it monitors both logs and you can pick the words to trigger an alert, such as 'trade context busy')

[TOP]

Changes in Autoboot 3.0.22:

* Reduced CPU usage when GUI is minimized into system tray near system clock.
* Added option to disable/enable all applications. In GUI it is in menu Edit, in AutobootCtrl (API) this is --enableAll and --disableAll options.
* Fixed 2 bugs with logs monitoring: 1) Sometimes it was missing the keywords when two logs used. 2) When log file busy it had possibility sometimes to miss keywords.

Changes in Autoboot 3.0.21:

* Improved API

Changes in Autoboot 3.0.20:

* Introduced Autoboot API: AutoBootCtrl.exe which allows to control Autoboot service from command line.
Currently supported commands: --list, --start, --stop. Please see Autoboot documentation for full details.

Changes in Autoboot 3.0.19:

* Option to delete log files is moved from global settings to settings per application.
* Added option to delete log files only when low disk space detected.
* Added event in global Autoboot settings to trigger when free disk space is below selected value.
* Fixed bug in installer resulting in speed improvement for new installs and upgrades

Changes in Autoboot 3.0.18:

 * Fixed bug where sometimes settings made to an application is not saved.
* Several internal fixes of settings (cpu and memory events).
* Added CPU indicato* Added CPU indicator for each app, showing percent of current CPU usage of selected application as Autoboot sees it. This will be helpful to precisely set CPU event for each application. Also added indicator showing CPU percents settings per CPU alongside existing settings of percent per core.
* Added the message "Information about CPU usage statistics" in settings. * Fixed bug when user disables an application and it unexpectedly switched back to enabled.

Autoboot is free for all CNS VPS subscribers for use in a CNS VPS. To upgrade, close Autoboot (if it is open) and run the installer from your CNS VPS. [Download Autoboot documentation]

Autoboot is also now available by subscription for use in PC’s and VPS’s not hosted by CNS. The subscription fee is US$5/month or US$36/year. A free first month is available by using the coupon code AUTOBOOTTRIAL at checkout.

Autoboot features arAutoboot features are a direct result of your feedback. Please – let us know if there is anything we can do to make Autoboot work better for you.

[TOP]

Getting Help:

Thank you for choosing Commercial Network Services. Please let us know if you have any questions or concerns. We are always here to help you. We maintain a ticketing system in order to effectively address and track your support issues. Please login to your Client Area and click "Help Desk" near the top, then click "Submit a Ticket" to send a new support request to our technicians.


NOTE: This message has been digitally signed. For your security, ALL electronic mail sent by CNS is digitally signed. If your eMail client is S/MIME compliant then you will see a digital certificate in the email message. This certificate proves the email was sent to you by CNS. If your email client is not S/MIME compliant, then you will find an attachment smime, which can be safely ignored.


CAN-SPAM: You have received this message because you have an open CNS account and this message contains information that may affect your services. If you no longer have any active CNS subscriptions and do not wish to receive further communication from us then please reply with "REMOVE" in the subject and we will close your CNS account. Please disregard the auto responder. -thank you



 User Comments Add a Comment
 Back
Home | Submit a Ticket | Knowledgebase | Troubleshooter | News | Downloads
Cloud Support
Language:

© 2012 Commercial Network Services. All rights reserved.
No content may be reproduced or redistributed without express written permission on CNS letterhead.
Only Commercial Network Services subscribers are authorized to use our content during their subscription period.
Permission to use our content may be revoked at any time, and at the sole discretion of Commercial Network Services.
Some content on this site is © by their respective owners.