We’ve spoken in the past about Hyperic monitoring, and the roll out of this application to our managed customers. I felt that Hyperic is so slick it deserved more lip service. Some of our customers have already been given access to our monitoring system, and from the feedback we’ve received it would appear they’re quite ecstatic with it. That’s not to say that there aren’t some kinks, because there are, but I must say the microscopic kinks are almost unnoticeable. Hyperic is always improving though, and we’re doing our best to exploit the very best of this application to better serve your infrastructure here at Contegix. The servers that have Hyperic configured on them have a wide range of monitoring options such as:

• CPU Monitoring
• Load Averages
• Filesystem Usage
• Database Monitoring (MySQL, PostgreSQL, EnterpriseDB, etc)
• HTTP Checks
• Zimbra 4.X
• IMAP, POP3, SMTP (on any obscure ports imaginable!)
• Memcached
• Tomcat
• Resin
• Apache HTTP
• And so many more options you would die reading the list

We receive well over a thousand emails a day from our monitoring system, letting us know when your servers are leaving the realm of acceptable levels in a wide variety of categories. This allows us to be proactive in regards to your server’s health, and attack trouble areas before services are impacted. For instance, if we see the load on your server climbing above the typically acceptable level of 5, and staying high, we know to investigate the server before services are impacted.

Most importantly though, you don’t have to deal with the awkward situation of your website’s visitors telling you your site is down, if you’re monitored by our system. If Hyperic is monitoring your site, then that site will be checked every 5 minutes, making sure it gets a response, and checking the site for a search string that should appear on your site. If the monitor fails, we’re alerted immediately, and respond to the situation. If you have special instructions for us, we make every effort to follow them to a tee, and if you don’t have special instructions we’ll handle the situation the best way we know how to return your site to working order. For instance, on typical Java applications, we’ll thread dump the instance, restart it, and notify you of the maintenance that was performed.

I do admit though, as much as we strive to be, we’re not always perfect. At times we do require assistance from you and your team to help us be the best that we can be. While many servers at Contegix follow the Contegix way of doing things, not everything follows exactly what we’re accustomed to. That’s okay though, we don’t mind it, after all these are your servers! However, for us to fully monitor your services to our fullest potential, we do encourage you to let us know what needs to be monitored. Even if you don’t have a special setup, we don’t mind you checking with us on what’s being monitored. In fact, I encourage that too! We want you to feel comfortable here, and if double checking with us that everything you need monitored, is monitored, then drop us a line. There’s absolutely no harm in that, as it ensures that nothing is missed, and that we’re serving you to the best of our ability. Please keep in mind though that running the Hyperic agent on your server will require a small amount of memory, as this is a Java application which means it requires some resources. If you already have a heavily taxed server, throwing the Hyperic agent into the mix may not be a good idea, but I believe this to be a very rare situation.

Finally, maybe the coolest part of Hyperic is that we can give you access to the system as well! This gives you the ability to see the metrics that are produced by the monitoring system for your servers. The access that is granted to you is read only access, so you can’t create sensors, but you can always ask for new ones (again, it’s encouraged!). This ability has already helped a few of our customers, by giving them insight into how their services were behaving, allowing them to clean up trouble spots in their applications and infrastructure. All you need to gain access is drop a line to support@contegix.com, and we’ll be happy to get it setup for you. Let’s take a look at Atlassian for a perfect use-case scenario in which Hyperic can be of great assistance.

Their documentation has a section for monitoring critical production systems. If you visit that section you’ll notice the power of Hyperic on display in the images shown. They go onto demonstrate in that article one particular scenario how the graphs enabled them to catch a critical issue with an instance of theirs, which gave them the nudge in the right direction towards correcting the problem. Furthermore, Hyperic themselves noticed Atlassian’s documentation, and hint at a potential pair of plugins for monitoring Confluence and JIRA in particular! Just remember, we’re here to help you improve in anyway possible. Drop us a line, and get more from your hosting environment with us with Hyperic access!

As a large hosting provider we use a lot of different applications, and we try to keep them all as secure as possible. Unfortunately, we can only win so many battles at any given time, and we do require help from you, the customer at times to ensure your system is safe. Wordpress, as great as it might be as a blogging platform, seems to find itself getting hacked more than most applications that we host. Now, I’m not saying that Wordpress is a bad application by any means, but with it being such a large platform it draws a lot of unwanted attention.

As such, there are quite a few hackers and script kiddies out there that will try to compromise your Wordpress based website. We’re hoping that with this article we can further educate Wordpress users on how to protect their sites. Here’s a few helpful tips we can provide, some of which you can have us do, and some things we’ll recommend that you do:

5. Please, please, please don’t use a user name of ‘admin’! I know that’s the Wordpress default, and it’s just easy to use it, but what user name do you think is in every brute force attack? You guessed it, ‘admin’. We’d recommend using a unique user name for administration purposes, like ‘mark.rogers’, or ‘mrogers’. Of course, you can use your own name if you don’t like mine I suppose.

4. Remove the Wordpress version number from any headers, footers, css, etc, etc. Leaving the version number in your page source is a dead giveaway to would be vandals to dig through google to find ways to exploit your specific version. Granted this is the equivalent of leaving your lights on at home while you’re away, but if it deters someone, then consider it a victory! It’s just too easy to use the version number to find exploits for your site, as Wordpress exploits become public knowledge too often.

3.Let us put basic Apache authorization on the /wp-admin section of your blog! We’d be more than happy to do it, and it’ll make every php file in the /wp-admin path even harder to get to. Granted it can be a bit of a nuisance to double login, but not nearly as big of a nuisance as restoring from that backup you took last week right? We can also limit access to the wp-content, and wp-includes directories as well. Plus we can lock it down by IP, or user name/password combos.

2. I know it should go without saying, but please choose hard, random passwords. I know a lot of blogs, my own included, started off really small, and I never worried about getting hacked. My blog never got big, but maybe yours will! Either way, play it safe, and go with a hard password from the get go. That way if your little playground gets bigger one day, or if you land on Digg by accident, you’ll be at least somewhat prepared.

1. While the above options are great for helping secure your instance of Wordpress, there’s one piece of the puzzle that is probably the most important. That piece? Keep Wordpress up to date at all costs! There isn’t an option that can replace this critical piece, because Wordpress being the giant of blogging that it is, is constantly being updated to fix security flaws. Staying up to date is a way of staying ahead of the game, and it’s generally a ten minute ordeal that we’ll take care of for you if you’re a customer of ours! Look at it this way, if you’re running a year old version of Wordpress then you’ve given vandals a year to figure out how to hack you. Why give them that edge? Most Wordpress upgrades are painless, and you know we’ll gladly work with you to schedule it for a time that’s best for your company’s needs as well.

Hopefully this helps answer some question on how to protect yourself from would-be hackers in regards to Wordpress. The fun part is that this applies to quite a few PHP applications in a general sense. Drupal, Simple Machine Forums, and so on can all benefit from these security tips, especially security tip #1! As always customers, drop us a line at support@contegix.com with any question you might have.

Did you know that right now, while you read this, there’s a sleeping giant sitting unopened in your Confluence instance? While your wiki might be a wealth of information for your enterprise business, for your project in development, or for whatever you might be using Confluence, it can also be used as a platform for an enterprise (maybe social?) networking. Now I know what you’re saying, “I don’t want my company’s Confluence instance to become a MySpace clone!” That’s understandable, and it doesn’t have to be; however, it can bring your team closer together with a variety of plugins found in your Plugin Repository. This means, your Confluence instance literally just a few clicks away from unleashing new functionality in your Confluence instance.

Just remember, happy employees that have fun together tend to work harder together. As an employee who wants to have fun while working hard, bias is in full effect:

5. IM Presence Plugin

This plugin is valid in all Confluence version from 2.0 up through 2.7.2. Plus, it’s an official Atlassian Supported Plugin. By adding this plugin, you enable a new macro which allows you to show a user’s status on a variety of instant messaging clients within Confluence. All you need to do is enable the plugin via the repository, create a dummy user for Confluence to use, and that dummy user will query the user found in a macro tag such as the following:

{im:my_username@hotmail.com|service=MSN}

Afterwards, the user, in this case ‘my_username@hotmail.com’, will receive a message from the newly created dummy user. After ‘my_username@hotmail.com’ accepts the request, you’ll be able to see that user’s status anywhere the above mentioned macro tag is placed!

4. Google Maps Plugin

Want to make sure nobody gets lost on their way to the big meeting coming up? Perhaps you’re having a company event soon? Well I can’t personally think of a better way to get everyone on the same page than the illustrious Google Maps! This plugin allows you to slap a map from Google right up on the Wiki, and even allows the Satellite image view as well.

3. Mail2News Plugin

Don’t feel like logging into Confluence? Have an email you want to turn into news? This plugin should do the trick for you, much the same way you can do with applications such as Wordpress. You setup an email account for Confluence to access, and keep it preferably hidden, install the plugin, and configure it to grab news from the email address you created. If the email address created supports wildcards, you can even direct the news via email straight to specific Confluence spaces!

2. Calendar Plugin

I would assume most people know about this plugin already, but it’s just too useful to ignore. With this you can create calendars, or subscribe to an iCalendar thus keeping everyone on the same schedule! I know you probably have other calendar applications you prefer to use, but accessing a global calendar with a few clicks is incredibly convenient.

1. Sudoku Plugin

Now, I’m completely incapable of playing Sudoku, it makes my head hurt. I’ll be happy to make sure this plugin gets installed for you, but we’re not your hint line when you get stuck alright? That aside, it is a fun a little diversion you can add to your wiki if you so please. Is it useful in any major way? Well, no, not really. At least they’ll be playing on the company site, rather than trying to get out to Yahoo Games right?

We’ll continue to keep you up to date with new plugins, macros, tricks, and other fun Confluence related information. If you have any hot tips you’d like to drop on us, feel free! We’re always in the hunt for improvements to our favorite wiki application, Confluence!