How to Edit Your Hosts File in Windows 10

Reading Time: < 1 minute

Editing your \etc\hosts file is a common task for troubleshooting issues or for developing a site that you aren’t quite ready to launch.  By editing this file, you’ll be able to bypass DNS to view a site at a declared IP address.

In Windows 10, your hosts’ file is located at: C:\Windows\System32\drivers\etc\hosts. You will need to edit the file with administrative privileges.

  1. Click the Windows button and type Notepad in the search bar.
  2. Right click on Notepad and then Run as Administrator.
  3. You’ll be asked, “Do you want to allow this app to make changes to your device?”.
    Choose Yes.
  4. In Notepad, choose File then Open
  5. Navigate to C:\Windows\System32\drivers\etc\hosts or click the address bar at the top and paste in the path and choose Enter.  If you don’t readily see the host file in the /etc directory then select All files from the File name: drop-down list, then click on the hosts file.
  6. Add the appropriate IP and hostname at the end of your hosts’ file, select save and close the file.
  7. Finally, you will want to flush your DNS cache for your computer to recognize changes to the file. Click the Windows button and search command prompt.
  8. Right-click on Notepad and then Run as Administrator.
  9. You’ll be asked, “Do you want to allow this app to make changes to your device?”.
    Choose Yes.
  10. Type the following command in the terminal and press Enter

ipconfig /flushdns

How to Install React JS in Windows

Reading Time: 4 minutes

React.js (React) is an open-source JavaScript library useful in building user interfaces. React is a library so our main focus for this article is installing a JavaScript environment and a Package Manager so that we can download and install libraries including React.

When we are done, you will have a React environment you can use to start development on your Liquid Web server.

 

Install Node.js

The first step is to download the Node.js installer for Windows. Let’s use the latest Long Term Support (LTS) version for Windows and choose the 64-bit version, using the Windows Installer icon.

nodejs1

Once downloaded, we run the Node.js installer (.msi fuke) and follow the steps to complete the installation.

nodejs installationNow that we have Node.js installed, we can move on to the next step.

 

The Command Prompt Environment

We’ll need to use the command prompt (command line) to interact with Node.js and the Node Package Manager (NPM) to install React. Let’s take a few minutes to cover the commands we’ll need to use to get around. Here are the basic commands we will need to get around and create folders/directories:

nodejs_commands

 

Open a Command Prompt in Windows

Click the Start Menu (1), start typing the word command (2), then choose either Command Prompt or the Node.js command prompt (3) — either choice will work.

nodejs_commandprompt

A command prompt window will open with the path showing as C:\Users\<username> where the <username> on your system will be the user you are logged in as.

nodejs_commandprompt2

To execute a command, we type the command and any required options, then press Enter to execute it and see the results. Let’s walk through each of the commands listed above to see what happens:

dir

nodejs_commandprompt3

Let’s look at the contents of the downloads folder with this command:

dir downloads

nodejs_commandprompt4

The path shows we are still in the directory C:\Users\ReactUser>, however, we are looking at the contents of C:\Users\ReactUser\downloads and we see that it has one file. Let’s move to the downloads directory with this command:

cd downloads

nodejs_commandprompt5

We’ve changed to the downloads folder as the command prompt shows C:\Users\ReactUser\Downloads>. You can use the dir command to see the contents of this directory/folder. Next, let’s go back to the previous directory with this command:

cd..

nodejs_commandprompt6

Now we are back to where we started. Let’s create a new directory for our first project and name it reactproject1. We’ll use the command:

mkdir reactproject1

nodejs_commandprompt7

Again, we use the dir command to list the files within our current folder.

dir

nodejs_commandprompt8

If you want to learn more about commands, please check out these links:

 

Install React on Windows

There are two ways to install React for your projects. Let’s look at each approach so that you can decide which one you prefer to use.

 Option 1 

  • Create a project folder
  • Change to the project folder
  • Create a package.json file
  • Install React and other modules you choose

This install option allows you to full control over everything that is installed and defined as dependencies.

Step 1: To get started, we need to open a command prompt.

Step 2: Create a project folder named reactproject1:

mkdir reactproject1

Press Enter to execute the command, and we get a new directory called reactproject1. If you did this as part of the Command Prompt examples, you could skip this step as it will tell you that it already exists.

Step 3: Move to the project folder, using cd reactproject1, so we can install React into it.

cd reactproject1

At this point, you will see your prompt indicate C:\Users\ReactUser\reactproject1.

Step 4: Create a package.json file, the following command will walk you through creating a package.json file.

npm init

nodejs_commandprompt9

Step 5: Install React and other modules using npm install — save react, thiswill install React into your project and update the package.json file with dependencies.

npm install --save react

We can install additional packages using npm install — save and the name of the package we want to install. Here we are installing react-dom: npm install — save react-dom

npm install --save react-dom

 

 Option 2 

  • Install Create-React-App package to simplify the process of creating and installing React into your projects

 

 

Step 1: To get started, we need to open a command prompt and type npm install -g create-react-app. This installs the Create-React-App module which makes it very easy to create and deploy React into projects with a single command.

Note
When using create-react-app ensure you are in the desired directory/folder location as this command will create the project folder in the current path.

npm install -g create-react-appCreate-React-App is installed in the following location: C:\Users\<username>\AppData\Roaming\npm\node_modules\create-react-app\

Once Create-React-App is installed, we can use it to create a project folder and install React and dependencies automatically.

To make sure you are in the desired directory when creating a new project, you can use dir to see where you are, and cd <directory_name> or cd.. to get to the desired location.

Step 2: To create a new project and deploy React into it, we run create-react-app <project_name>. Let’s do this to create reactproject2.

create-react-app reactproject2

The entire process is automated and begins with creating a new React app folder for the project, then installs packages and dependencies. The default packages include react, react-dom, and react-scripts. The installation will take a few minutes.

nodejs_commandprompt10

Run a React Project Application

To run our new project, we need to use the command prompt to change to the project folder, then start it. The cd reactproject2  command will take us to the reactproject2 folder.

cd reactproject2

And npm start will run the project application.

nodejs_commandprompt11

The default browser will open and load the project:

localhostTo learn more about React, you may find these links helpful:

You now have your environment set for building out projects!  If you are running our lightning fast servers, our support team is at your disposal for any questions you may have.

Load Balancing Techniques and Optimizations

Reading Time: 8 minutes

The hosting world’s bread & butter solution for providing high availability and redundancy is load balancing. There are many different use cases for a Load Balancer (LB). It is important to know how to effectively manage your LB configuration so that it performs optimally in your environment.  The proceeding article will review some of the common practices that, when adhered to, provide a smooth and seamless high availability website/application through the use of load balancing. Continue reading “Load Balancing Techniques and Optimizations”

How To Set Up FTP isolation in CentOS or Ubuntu

Reading Time: 4 minutes

Configuring Multi-User FTP with User Isolation

This article is intended to give an overview of a chroot environment and configuring your FTP service for user isolation. This is done with a few lines within the main configuration file of the FTP service.

This article is also intended as a guide for our Core-Managed servers running CentOS or Ubuntu without a control panel. Our Fully Managed servers that utilize the cPanel software already have the FTP user isolation configured by default and also provide utilities for creating FTP users.

What is Chroot?

Chroot or change-root is the implementation of setting a new root directory for the environment that a user has access to. By doing this, from the user’s perspective, there will appear to be no higher directory that the user could escape to. They would be limited to the directory they start in and only see the contents inside of that directory.

If a user were to try and list the contents of the root (/) of the system, it would return the contents of their chroot environment and not the actual root of the server. Read more about this at the following link.

 

Installing ProFTPd

As there are many FTP options available, ProFTPd, Pure-FTPd, vsftpd, to name a few, this article will only focus on the use of ProFTPd for simplicity and brevity. This is also not intended to be a guide for installing an FTP service as it’s covered in our Knowledge Base articles below.

https://www.staging.liquidweb.com/kb/how-to-install-proftpd-on-centos-7/

https://www.staging.liquidweb.com/kb/how-to-install-and-configure-proftpd-on-ubuntu-14-04-lts/

 

User Isolation with ProFTPd

User Setup

By default, ProFTPd will read the system /etc/passwd file. These users in this file are the normal system users and are not required to be created outside of normal user creation. There are many ways to create additional FTP users, but this is one way to get started.

Here are some typical entries from the system passwd file. From left to right, you can see the username the user and group IDs, the home directory and the default shell configured for that user.

user1:x:506:521::/home/user1:/bin/bashuser2:x:505:520::/home/user2:/bin/bash

To create these users, you would use the useradd command from the command line or whatever other methods you would typically use to create users on the server.

Create the user

useradd -m -d /home/homedir newuser

Set the user password

passwd newuser

If you are setting up multiple users that all need to have access to the same directory, you will need to make sure that the users are all in the same group. Being in the same group means that each user can have group level access to the directory and allow everyone in the group to access the files that each user uploads. This level of user management is beyond the scope of this article, but be aware that things of this nature are possible.

ProFTPd User Configuration

To jail a user to their home directory within ProFTPd, you have to set the DefaultRoot value to ~.

vim /etc/proftpd.conf

DefaultRoot ~

With this set, it tells the FTP service to only allow the user to access their home directory. The ~ is a shortcut that tells the system to read whatever the user’s home directory is from the /etc/passwd file and use that value.

Using this functionality in ProFTPd, you can also define multiple DefaultRoot directives and have those restrictions match based on some criteria. You can jail some users, and not others, or jail a set of users all to the same directory if desired. This is done by matching the group that a user belongs to.

When a new user is created, as shown above, their default group will be the same as their username. You can, however, add or modify the group(s) assigned to the user after they are created if necessary.

Jail Everyone Not in the “Special-Group”

DefaultRoot ~ !special-group

Jail Group1 and Group2 to the Same Directory

DefaultRoot /path/to/uploads group1,group2

After making these changes to the proftpd.conf file you’ll need to restart the FTP service.

CentOS 6.x (init)

/etc/init.d/proftpd restart

CentOS 7.x (systemd)

systemctl restart proftpd

 

User Isolation with SFTP (SSH)

You can also isolate SFTP users or restrict a subset of SSH users to only have SFTP access. Again, this pertains to regular system users created using the useradd command.

While you can secure FTP communications using SSL, this is an extra level of setup and configuration. SFTP, by contrast, is used for file transfers over an SSH connection. SSH is an encrypted connection to the server and is secure by default. If you are concerned about security and are unsure about adding SSL to your FTP configuration, this may be another option to look into.

 

SFTP User Setup

Create the user and their home directory just like with the FTP user, but here we make sure to set the shell to not allow normal SSH login. We are presuming that you are looking for SFTP-only users and not just regular shell users, so we add the restriction on the shell to prevent non-SFTP logins.

useradd -m -d /home/homedir/ -s /sbin/nologin username

passwd username

We need to make sure that permissions and ownership are set for the home directory to be owned by root, and the upload directory is owned by the user.

chmod 755 /home/homedir/

chown root. /home/homedir/

mkdir -p /home/homedir/upload-dir/

chown username. /home/homedir/upload-dir/

 

SFTP Configuration

Hereby setting the ChrootDirectory to the %h variable, we are confining the user to their home directory as set up when the user was created. Using the ForceCommand directive also limits the commands the user is allowed to execute to only SFTP commands used for file transfers, again eliminating the possibility that the users will be able to break out of the jail and into a normal shell environment.

/etc/ssh/sshd_config
Subsystem sftp internal-sftp
Match User user1,user2,user3
ChrootDirectory %h
ForceCommand internal-sftp

Jail Multiple FTP Users to a Location

Alternatively, if you wanted to have multiple users all jailed to the same location, you can set them all to be in the same group, have the same home directory, and then use a Match Group directive within the SSH configuration.

vim /etc/ssh/sshd_config

Subsystem sftp internal-sftp
Match Group groupname
ChrootDirectory %h
ForceCommand internal-sftp

After making these changes to the sshd_config file, restart the SSH service. One of the following commands should work for you.

CentOS 6.x (init)

/etc/init.d/sshd restart

CentOS 7.x (systemd)

systemctl restart sshd

Further Reading can be found at:

 

How Do I Set System Variable Path for Python on Windows?

Reading Time: 2 minutes

Python is a powerful programming language that is scalable and uses code that is readable and clear for all types of projects. Python is also available across a number of operating systems, making it a popular choice for developers. If you are using Python on your Windows operating system, you may need to adjust your System Environment Variables to simplify utilizing Python on your server.

The latest installers for Python for Windows can set the System Environment Variable Path automatically if you choose that option during the installation. To verify if this setting is correct, open an administrative command prompt (right-click on the command prompt and choose “run as administrator”) and type the word python, then press Enter. If the System Variable Path is correctly set, you should receive output similar to what is shown below.

python output screen

Note:
Python software installation is considered Beyond Scope Support. This means it is not covered under our managed support, but we will do what we reasonably can to assist. It may take longer for us to assist as the SLA for Beyond Scope Support is different than our managed services. Find out more in our article What Is Beyond Scope Support?

If you receive an error indicating that the command is unknown, but you’ve confirmed that Python is installed and can be launched from its directory, you will probably need to add the Python variables to the System Environment Variables. By following these quick steps, you’ll be able to access Python from any command prompt.

  1. From the server desktop, click the Windows icon and search for “Environment Variables”. Press Enter to launch the System Properties dialog.
    system variables launch link
  2. This will open the System Properties dialog. Click Environment Variables to make the necessary changes.
    system properties screenshot
  3. Create a new User Variable named: Path and Variable value: C:\Users\*yourusername*\AppData\Local\Programs\Python\Python37 (change the variable value to match your actual installation path).
    new path link highlighted
  4. Next, find the System variable called Path and click Edit.

    system variables screen, edit button highlighted

  5. Create a New entry that matches the Path variable that you created. Add \Scripts to the end of the entry (the new entry should look like C:\Users\*yourusername*\AppData\Local\Programs\Python\Python37\Scripts\
    edit system variable path screenshot
  6. You can verify that you have completed this successfully by opening a new administrative command prompt from any location and typing “python” (without the quotes). You should receive a response similar to what is shown above.

HIPAA Compliant Hosting Checklist

Reading Time: 5 minutes

HIPAA Compliance

In this guide, we outline the essential requirements for HIPAA compliant servers and how Liquid Web helps fulfill these necessities.

 

HIPAA, or the Health Insurance Portability and Accountability Act of 1996, was passed by Congress to protect sensitive user information related to health insurance. This act helps to reduce health care fraud and mandates a standard for handling confidential healthcare information for consumers and businesses.

HIPAA compliance protects this sensitive information and specifies proper guidelines and standards for handling health insurance data. HIPAA also establishes rules for handling, administering, and maintaining electronic servers as well as the hosting of this Protected Health Information. Read more here.

Key Terms and Important Information:

  • HIPAA – Health Insurance Portability and Accountability Act of 1996
  • PHI – Protected Health Information
  • Access Control – To limit who can log in or access sensitive PHI data. Access control helps provide accountability for authorized usage and access to servers with confidential information. HIPAA requires that all users are uniquely identifiable and that the server hosting PHI data is only accessible to specifically authorized users and entities.
  • Audit Control – To log and record hardware, software and procedural work done to maintain and repair HIPAA compliant servers and data centers. HIPAA requires accurate and uniquely accountable logs for the type of work performed, what was accessed, and by whom. This notation is closely related to access control by limiting maintenance to authorized and uniquely identifiable persons or entities, but also refers explicitly to logging any maintenance of physical hardware or server software.  
  • Facility Access Control – To limit physical access to the data center from unauthorized or unaccountable persons. This control makes sure that only designated workers have access to physical servers containing PHI. Liquid Web’s data centers are HIPAA compliant and properly limit access to all servers.

 

To be HIPAA compliant, you must have firewalls in place. Most of the time, compliant hosting will implement hardware, software, and application level firewalls to protect the server from unauthorized users. This security applies to Access Control as well as Transmission Security, which protects PHI from unauthorized access.

HIPAA regulations state the firewalls must be system-wide. The firewall implementations are part of the requirements for limiting access to personal information stored on the server. Firewalls that are properly setup will limit or prevent accessibility from anyone who should not have access, often using explicit whitelists and blacklists. This setup prevents unauthorized employees, clients, or hackers logging into servers with sensitive data.

To be allowed through the firewall your users must have a uniquely identifiable username or identification that has been explicitly allowed access permission.  At Liquid Web, our networking team is at hand to secure your server with hardware firewalls, while our support team is ready to protect sensitive PHI data with software firewalls.

 

HIPAA compliance requires that remote access to the server through an encrypted VPN tunnel. This VPN protects data entering into the tunnel with an encrypted session that lasts only as long as the session exists. Work done between the remote workstation and the server is protected from interception via this encryption. At Liquid Web, our VPN services are automatically encrypted in order to protect your data.

 

Password management is an essential part of HIPAA compliance. Safeguarding passwords and isolating them to identifiable users is integral to the protection of sensitive data. Using multi-factor authentication is highly recommended for this process.

Multi-Factor Authentication forces users logging into the secured server system to use both a password and another form of authentication, such as a mobile device, verifying their identity for granting intended access. Authenticating makes it much more difficult for hackers and unauthorized users to use stolen or brute force-acquired login credentials to access the server, as the user will have to do a secondary verification from a device that is unique to them.

Many companies utilize Google Authenticator which allows your users to have a phone app to use as their secondary verification method. Multi-Factor Authentication falls under Access Control.

 

If you want to be HIPAA compliant, your server cannot be on shared hosting. You must have a server that cannot be accessed by any other business or entities, which means it needs to be private or dedicated to your business. This isolated includes requiring a private IP address that is not used by another entity.

By running on shared hosting, you are breaking HIPAA compliance by allowing non-authorized users access to the server. Hosting with Liquid Web gives you your own private, dedicated server strictly used by your business.

HIPAA requirements for limiting user access and having proper authentication. The server itself must also exist within a HIPAA compliant data center. Liquid Web has a high-security, HIPAA compliant data center that all of our clients are hosted within, falling under Facility Access Control.

 

An SSL certificate must protect any part of your website where sensitive information can be accessed.  An SSL provides end-to-end encryption for the accessed data and logins used, to further protect access to the server. HIPAA defines PHI as Protected Health Information and anywhere that a user can access PHI must be protected with SSL.

For more information about SSL and how it works, click here.

 

A BAA is necessary for HIPAA compliant hosting as it designates the role of the hosting company and defines responsibility for different parts of HIPAA compliance. It does not resolve your business of its HIPAA related duties, but it represents the roles that your business and the hosting company partake.

This Business Associate Agreement allows a hosting company the necessary access to servers to maintain them, while still preventing any other businesses’ unauthorized access to Protected Health Information.

See our HIPAA BAA policy here.

 

HIPAA compliance requires that all Protected Health Information must have an exact backup ready for restoration. These backups must also be located offsite and not on your server for recovery in the event of disaster or server malfunction. At Liquid Web we have two solutions for this, Guardian and DPM Backups.

By having an offsite backup, you are protecting the Protected Health Information and ensuring that no data loss will occur on restoration. Fully restoration is often achieved with continuous backups notating any changes of information on the server.

Read more about our different backup services here.

 

To be HIPAA compliant, the appropriate methods are necessary for getting rid of hardware. This disposal usually requires that the data be wiped entirely and destroyed in a manner that will not allow for restoration.

Data destruction is typically peer-reviewed and documented to state precisely the method of destruction. This process is to prevent any future use of the hardware from being able to recover sensitive PHI data.  Often called Integrity Control it ensures that data is properly altered or destroyed.

 

All logins and maintenance must be fully documented. Any repairs on the physical servers must be logged, especially those related to the security of the server and who logs in to servers for software maintenance and reviews and applies to Audit Control.

At Liquid Web, all of our work is logged and appropriately recorded with HIPAA compliant standards.

 

HIPAA compliance is an integral part of your business. While it can be confusing, our technicians at Liquid Web can ensure you that your Protected Health Information is appropriately handled and follows HIPAA compliant standards. While we have only reviewed a portion of the requirements of HIPAA compliance, feel free to reach out to our HIPAA Specialists for more information about how we handle our data centers and servers.

If you would like to speak with a HIPAA Specialist, start here.

An Overview of Managed WordPress

Reading Time: 3 minutes

WordPress is open source software for building unique and powerful websites! It is quickly becoming the easiest and most popular way to create blogs, business sites, portfolios, forums, memberships, and e-commerce websites. Continue reading “An Overview of Managed WordPress”