Why AISO.net is the greenest web hosting company on the planet


Back in 2001 AISO.net became the only 100% off the grid data center in the world. We installed solar panels next to our data center to power our clients websites.  As the power demand grew we had to come up with another solution to reduce power.  That is when we virtualized all of our servers which made them n+1 redundant.

  • Solar generation on site making AISO 100% off the grid data center
  • No green credits
  • 10,000 gallon rooftop water collection system
  • Hot and cold isle server room configuration
  • Hot isle containment that recycles the hot server air into our offices for winter warming
  • Thin client computers that use only 5 watts of power
  • Solar tubes to bring in outside natural light during the day
  • LED lighting for night time use
  • In business since 1997
  • Best green practices in the industry

Since 2001 other hosting companies showed up touting they are the greenest but in reality they purchase green credits.  AISO does not use green credits and will continue our efforts to stay off the grid while providing the greenest hosting company alive.

Thanks for reading



The CryptoPHP CMS backdoor

Fox-IT based in Delft in the Netherlands just published some amazing research regarding an increasing threat to content management systems they’ve named CryptoPHP. If you’re technically minded and want as much detail as possible, I recommend you skip this blog entry and head straight over to the Whitepaper that Fox-IT has published on the CryptoPHP backdoor (It’s 50 pages). I’ve summarized the details:

CryptoPHP is a threat that uses backdoored Joomla, WordPress and Drupal themes and plug-ins to compromise web servers. By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is social engineering site administrators into installing the included backdoor on their server.

Nulled scripts are being distributed via several websites as well with a sophisticated infection pre-installed. Nulled scripts are commercial web applications that you can obtain from pirate websites that have been modified to work without a license key. They are the web equivalent of pirated software. Fox-IT have dubbed it CryptoPHP because of the fact that it encrypts data before it sends it to command and control servers.

The infection is relatively simple: Inside the CMS software, either WordPress, Joomla or Drupal, there’s a little line of code that looks like this:

<?php include('assets/images/social.png'); ?

Or like this:

<?php include('images/social.png'); ?>

If you’re a PHP developer you will immediately recognize this as looking strange: It is a PHP directive to include an external file containing PHP source code, but the file is actually an image. Inside this image file is actual PHP and the code is obfuscated (hidden through scrambling) to try and hide the fact that it’s malicious.

Fox-IT has determined that the purpose of the malware is, currently, to engage in black-hat SEO by injecting links to other, presumably malicious, websites into your content. However this infection is sophisticated and it communicates with command and control servers that can instruct it to do a variety of tasks including the ability to upgrade itself. So this is a classic botnet infection which turns all infected websites into drones that can be instructed to do just about anything, from sending spam email to SEO spam to hosting illegal content to performing attacks on other websites.

The researchers think they may have identified the location of the author. Inside the code of the malware is a user-agent (browser) check that checks to see if the web browser user-agent equals ‘chishijen12′. If it does, then the application is instructed to output all PHP errors to the browser, presumably for debugging purposes. Fox-IT found an IP address that is associated with that user-agent and the IP is based in the state of Chisinau in Moldova. The name of the state is similar to the user-agent string, which gives their theory some credence.

The capabilities of the CryptoPHP backdoor include:

  • Integration into popular content management systems like WordPress, Drupal and Joomla
  • Ability to update itself
  • Public key encryption for communication between the compromised server and the command and control (C2) server
  • Backup mechanisms in place against C2 domain takedowns in the form of email communication
  • Manual control of the backdoor besides the C2 communication
  • An extensive infrastructure in terms of C2 domains and IP’s
  • Remote updating of the list of C2 servers
  • Viewing error logs and statistics of your web site

You can find the full white paper discussing this new threat here and it includes quite a bit of technical detail if you’re a developer or information security researcher.

Please help spread the word about the danger involved in downloading or distributing nulled scripts and help keep the community safe.

What We’ve Done For Our Customers

AISO.Net is always working to ensure maximum security for our customers.  Here’s what we’ve done since learning about the CryptoPHP backdoor.

  1. Our real-time web security rules (WAF) to protect against this security issue where updated November 21, 2014 automatically.
  2. Updated the IDS/IPS systems for security issue call to home to detect when and which server is infected.
  3.  The attackers are unable to compromise the server or any client sites’ besides the infected site due to our user level virtualization.

What You Can Do to Protect Against These Kinds of Infections

  1. Download & use plug-in’s that are from reputable & verified sources.
  2. Ensure the latest versions of plugins & core CMS code is up to date.
  3. Download security scanning tools such as iThemes Security or WordFence

Redundancy for our green hosting customers

When it comes to uptime, AISO takes things very serious. We start with multiple point to point connections from our green data center.   One of the point to point connections goes directly to the backbone at 1 Wilshire in Los Angeles, Ca.

We run BGP which re-routes all Internet traffic in case one of the bandwidth providers goes down. AISO also uses a device which routes all Internet traffic over the best internet route for the fastest connections.

We use the best equipment to ensure you are always online:

  • Cisco routers
  • Cisco firewalls
  • Cisco core switches
  • NetApp clustered SAN with 15k sas drives running raid 6 with dual parity
  • Internap middle mile to last mile routing
  • NAT (network address translation)
  • IDS (intrusion detection servers)
  • Application level firewalls on all servers
  • Hacking detection software installed on all servers
  • Hourly full backup of all server
All equipment have dual power supplies and each power supply is connected to a different PDU (power distribution unit). Each PDU is connected to a separate APC line conditioning and battery backup supply.

All servers and equipment is monitored both internally as well as several locations worldwide. This ensures that our support engineers know exactly what is going on with our network 24×7.

Cooling is provided by multiple redundant water cooled AC units. Behind our data center is (4) four 2,500 gallon water tanks. Nightly precipitation from the roof of the data center is collected down (4) four separate pipes that lead to an underground sump. This sump pumps the water collected each night into the storage tanks  when is then pumped back underground to our cooling systems. The cooling systems can take 110 degree air and cool it down to 60 degrees with no humidity. The cooling systems use an average of 200 watts of power so they are extremely efficient.

Approximately 50% of all water pumped into the cooling systems gets pumped back out and is used to water our landscaping

We hope you enjoy hearing about all the steps AISO does for our clients and for our precious environment.


Thanks for reading