July 3rd, 2009
Security becomes more of a challenge everyday for website owners and administrators. If it isn’t someone trying to deface your homepage and enrage your audience, it is another looking to commit more heinous acts such as stealing sensitive information or putting your identity in jeopardy. In order to keep yourself protected, it is a must that you stay aware of the emerging threats. Here are a few stirring up some of the most trouble in 2009.
Zombie Armies
Although zombie armies and DDoS attacks on large servers and networks is nothing new, this combined threat continues to be a major problem. Security experts are projecting that the issue will likely worsen as computer systems increasingly rely on wireless connections to the internet. Therefore, while this threat has been around for sometime, you should never get too relaxed and think your website or server is immune to exploitation. On a good note, there are a few methods you have at your disposal that have proven to effectively combat an attack should the enslaved army of computers come your way.
Click Jacking
Another security threat on the rise, click jacking is pretty much what it sounds like: the act of hijacking a click. A perfect example would be an intruder replacing the form button on your site with a button of their own. Doesn’t sound all that menacing? However, consider this - a new customer goes to enter their credit card information via the form on your website. When clicking the button, the user is redirected to a rogue site where they are prompted to enter their financial details. If they happen to fall for this trick, the customer could be out of their funds and you could possibly be out of business for allowing it to happen. Click jacking can be very difficult to detect as the visitor could end up on the fraudulent site without even realizing they have left your domain. Difficulty aside, this is one threat you need to learn how to prevent as it is becoming widespread at a disturbing rate.
Advanced Virus Strains
A number of security reports are showing that virus programs are growing more sophisticated and difficult to detect. Easy access to malicious tools have enabled code writers to create viruses that elude scanners, allowing them to do so with less skills and less effort. These findings give indication that more advanced virus scanning solutions are warranted. Experts are hinting that systems of the very near future may do away with the today’s signature-based scanning in favor of techniques such as application whitelisting or application heuristics. These methods could end up being integral parts of your virus defense mechanisms.
The clan of internet criminals are working overtime to wreak havoc in the year 2009 and beyond. What we have listed in this article are just a few of numerous threats you need to be aware of. In order to ensure an adequate level of protection, we recommend getting together with your administrator or hosting provider to discuss the areas and security issues that concern you the most.
Tags: click jacking, DDoS attack, malicious tools, security threat, virus, zombie armies
Posted in Security | No Comments »
July 2nd, 2009
The Apache vs IIS debate is just as old and intriguing as Linux vs. Windows. Because these are two of the most widely used web server applications on the market, making a choice is often difficult. If you have been struggling on which software to run on your server, the details in this article should be able to help you make a more informed decision.
Reliability and Performance
If you are worried about the reliability IIS offers vs. Apache, then your concerns are a bit outdated. IIS 6.0 offered a process model able to reliably host applications and monitor them for health and responsiveness. The main draw of this feature was its ability to proactively detect and recycle unhealthy applications. IIS 7.0 took the process model one step further by creating a dynamic architecture for the Windows platform, making it a high-performance, multi-threaded server that enables secure isolation of websites by default. With IIS, the Windows platform is agile enough to quickly respond to poor health conditions and recycle applications in a more efficient manner.
The Issue of PHP
If you are worried about IIS performance when running PHP vs Apache, then your concerns are definitely warranted. Until recently, there where two ways to run PHP in the Windows environment: the slow way with CGI, and the unreliable way with ISAPI. Because many PHP scripts are specifically written for Apache and Linux, running them on the Windows platform with ISAPI may cause them to crash and strip the IIS process serving the applications. On the brighter side of things, Microsoft’s partnership with Zend has brought forth answers to many of these issues in the form of compatibility and performance fixes. One of the most notable improvements is achieved through FastCGI, a feature that enables an IIS web server to deliver fast and reliable PHP hosting.
Ease of Use
One area in which IIS has always shined in comparison to Apache is user-friendly administrative tools. IIS 7 keeps up the tradition by providing a new management tool that is extremely powerful yet simple and very ease to use. Now feature-focused, the tool allows you to simply click on a web server, website or application to individually manage each element. It supports remote administration via HTTP, making it possible to maintain the server locally or over the internet. It also has configuration settings that make it easy to delegate administrators to specific websites and applications. The new IIS administrative tool is completely module and built on a highly extensible framework that allows it be enhanced with ease.
IIS 7.0 is a breath of fresh air in comparison to previous Microsoft web server applications. It offers rock-solid security along with the exceptional performance and reliability needed to run in demanding hosting environments. In addition, it delivers some powerful management and extensibility capabilities that exceed Apache. Both make an excellent choice, but IIS is growing more popular by the day. Even if you already have Apache installed on your server, you can check out what IIS has to offer as it integrated into versions of Windows Vista as a desktop application. If you are like most users, you will surely appreciate its power.
Tags: Apache, CGI, FastCGI, IIS 6.0, IIS 7.0, IIS Web Server, ISAPI, PHP, web server applications, Zend
Posted in Software | No Comments »
June 30th, 2009
In most cases, the first steps of establishing a web presence involve registering a domain name, then purchasing a web hosting plan and building your website. The next crucial step is making your web presence known to the community of internet users, preferably those whom may be interested in the products or services that you offer. There are a couple of ways to go about garnering exposure but two of the most effective methods are submitting your site to the popular search engines and making sure it is optimized to attract search spiders and increase your rankings. While these are tasks that you can accomplish yourself, there are also a few companies that may be able to do so in a more efficient and time effective manner. Here are three services to keep in mind:
CoffeeCup
CoffeeCup has a solution that can aid with your search engine submission and optimization needs. Known as FireFactor, its service offers a custom, detailed optimization report based on more than 90 factors, a comprehensive guide on how to improve and better understand your website structure, access to powerful website comparison tools, and a site submission to over a hundred popular search engines and directories. FireFactor examines factors such as keyword density and relevance, link popularity and ratios of website content to HTML code to determine how your site is actually viewed by the search engine spiders. From there, it provides detailed recommendations on what you should to do enhance your search engine optimization efforts and visibility. In addition to these features, the CofeeCup FireFactor service also offers a list of search engines you can manually submit your site to.
AddPro
The AddPro service gives you a free search engine submission to up to 18 of the top search engines. The company also has a professional site submission package, which includes manual submission to the major search engines along with general submission to more than 120 of the most widely used directories. AddPro offers an HTML guide that contains vital tips on how to optimize your website to achieve higher rankings in the search engine results as well as a detailed HTML submission report.
AddMe
AddMe offers you a free search engine submission tool that makes it easier to submit your website to up to 14 of the top search engines. It also has a complete search engine submission package where the company submits your site once a month or an on-demand basis for a period of one year. AddMe checks your website for a variety of issues that may prevent you from being listed, determines the best keywords for your site based on popularity as well as the lowest competition. This service goes one step further by generating search engine-friendly meta tags for your site, a critical yet often overlooked element of good SEO.
Submit Your Site
For a while now, there has been the debate on how much, or whether or not submitting your site to the search engine even matters. We are here to tell you that every effort helps and the tools mentioned in this article are worth looking into.
Tags: AddMe, AddPro, CoffeeCup, earch engine optimization, FireFactor, search engine submission, Search Engines, search spiders, web presence
Posted in Search Engines | No Comments »
June 29th, 2009
When big companies launch their new commercial software, they do so with press releases, conferences and other hoopla that adds to the hype. When new open-source products are introduced, even some of the popular ones are launched with far less fanfare. The community involved with this type of software are usually too busy developing and testing their projects to roll out all the bells and whistles that come along with a marketing campaign. This is often the case with some of the most remarkable programs. Although we have already zoomed through a good portion of 2009, there are still a number of big open-source projects that have yet to be released. We have gathered up some of the most notable in this article.
New Linux Platforms
Linux fans have a lot to look forward to as there are major plans in the works for this open-source operating system. Already launching Ubuntu 9.04 in April of this year, the Ubuntu development team is also looking to introduce 9.10 in October 2009. Some of the new features promised are integration with Amazon’s EC2 API, which will allow users to set up their own cloud with open tools, and a kernel mode for enabling a seamless, flicker-free startup. In addition, Red Hat is slated to release Fedora 11 sometime this summer, complete with many new updates. According to the developers, the system will boot up and shut down faster and also include improved support for fingerprint readers.
Scripting Tools and Languages
In December of 2008, the development communities of Merb and Ruby on Rails made an agreement to merge instead of maintain parallel development initiatives. Their goal was to preserve the advanced features and flexible configuration of Merb along with the ease of use and enhanced productivity that has made Rails such a hit among developers. Called Rails 3, the new project will incorporate various features and concepts of Merb, including its JavaScript libraries, object relational models and template languages. Although Rails 3 didn’t make its May 2009 beta release date, developers may want to keep their ear to the ground to see when it does hit the market.
More Open-Source Projects to Keep an Eye On
MariaDB - This project is a community-developed branch of MySQL. The brainchild of Michael “Monty” Widenius, MySQL AB and Monty Program AB founder, the database is said to be powered by the Maria storage engine.
CodeIgniter 2.0 - Designed for coders who desire a more user-friendly and elegant toolkit, CodeIgniter 2.0 is a PHP framework that leaves a minimal footprint and allows developers to create full-featured web-based applications.
Dojo 1.3 - This tool set is an all-in-one solution for developers who need to create dynamic web applications, particularly those who want to become masters at DHTML and JavaScript coding. Said to be released in the very near future, Dojo 1.3 offers a new lightning fast CSS selector query engine as well as all new widgets and components.
There is a slew of open-source software projects set to hit the market and we haven’t even scratched the surface. Others include software for mobile platforms, business apps, enterprise collaboration and many more. With so much on the plate, there is bound to be an open-source application you’ve been looking forward to coming very soon.
Tags: CodeIgniter 2.0, commercial software, Dojo 1.3, Fedora 11, JavaScript libraries, MariaDB, Merb, open-source product, open-source software, Rails 3, Red Hat, Ruby on Rails, Ubuntu 9.10
Posted in Software | No Comments »
June 26th, 2009
All websites reside on a web server, which makes them available to internet users for browsing. However, thanks to the web hosting industry, people don’t have worry about the complexities of setting up and maintaining their own. In fact, most website owners lease their web server space and associated resources from either an Internet Service Provider or web hosting provider at a very reasonable price. These companies offer a wide range of services that facilitate the hosting, development, design and promotion of your online presence.
Indeed, getting a website is easier and more affordable than it has ever been before. When considering all the features and services that can help to make your site successful, you should never forget about one of the most important aspects - security. If your plans involve creating a site that collectives sensitive information from visitors or customers, you need to know that this information is at great risk unless it is secured during the transmission phase. The internet provides anyone who has a method of connectivity with access to the World Wide Web, hackers and other cyber criminals included. Aware of all the scams and security breaches, customers are increasingly searching for signs of security before they decide to share sensitive data with a website. If you want to instill trust within your visitors to the point where they feel comfortable handing over their user names, passwords, contact details and credit card numbers and other confidential information, it is a must that you make sure your website transactions are secure. The solution - SSL encryption.
Why Verisign?
An SSL certificate is a security mechanism that provides website visitors with the ability to confirm that a particular site belongs to the organization or individual they intend to communicate with. Most importantly, it provides exceptional protection for the sensitive data they transmit over the internet. While there are a number of Certificate Authorities to choose from, Verisign is a leading provider and among the most reliable. Certificates produced by this internet security firm offer a strong level of encryption and its VeriSign Secured Seal has become the must trusted mark on the World Wide Web.
VeriSign Products
VeriSign offers a number of products to ensure the security of your website transactions. Two of its most popular offerings include:
Secure Site Pro with EV - You can give your customers the confidence they need to make purchases with VeriSign Secure Site Pro with EV, VeriSign’s most popular SSL product. EV (Extended Validation) displays a green address bar in the web browser indicating the legitimacy of the site while true 128-bit ensures that their personal information is completely secure.
Secure Site Pro SSL Certificates - With this VeriSign product, you can transmit sensitive data with protection from the strongest SSL encryption possible. Secure Site Pro SSL Certificates offers the option of 128 and 256-bit encryption to provide your customers with the utmost security.
You can get yourself an SSL certificate directly from VeriSign or request one from your web hosting provider. Either way, you will be rewarded with the most rigorous authentication and security methodology in the industry.
Tags: 128-bit encryption, 256-bit encryption, cyber criminals, eriSign Secure Site Pro, hackers, scams, security breach, SSL encryption, Verisign
Posted in Security | No Comments »
June 25th, 2009
Google has a terrific set of webmaster tools that cannot only help you analyze your site for SEO purposes, but also make it more efficient and easier to manage. The majority of these tools can be found in Google Webmaster Tools, an amazing package that contains a variety of very useful features. This toolkit gives you a lot of power, allowing you to upload your sitemap directly to Google , check to see when the search engine spiders last crawled your site, tell Google how you want the URLs for indexed pages to appear and much more. Let’s go over some of the key benefits and determine how they can aid in your analysis and optimization efforts.
Learn How the Spiders Work
Perhaps the most essential information Google Webmaster Tools provides you is a comprehensive section that details exactly how the search engine robots view your site and where you rank in terms of keywords. When a bot crawls and indexes your site, you can see what keywords led to its indexing and what order they are being ranked in. If your targeted keyword is nowhere near the top of the list, this gives indication that you have a little more work to do and might want to redesign your site for better optimization. Google Webmaster Tools also lets you see the percentage of your website traffic that originates from those keywords.
For example, let’s say Google detects that your primary keyword is “laptop computer.” You may think this is a good keyword to go after until seeing that you are ranked #500 and receiving very little traffic for it. However, when you notice that you ranked #7 for laptop notebook and are generating quality traffic for that keyword, you might then want to re-optimize to achieve even higher rankings. The information you get back from these tools can prove golden.
Identify Potential Problems
Google Webmaster Tools also offers a feature that allows you to check and see if any dead URLs exist on your site or web pages that the search engine spider can’t get to. There is another section that tells you if any potential problems related to your site have been found in the text or meta tags. The package also has a feature that lets you view data for both your internal and inbound links. This information will you identify the pages on your sites that have links coming in from other sites and what sites they are coming from as well as the pages within your website that have internal links.
Additional Tools and Traffic Boosters
The Tools section of Google Webmaster tools is an area that can help you create a robots.txt page, optimize for Google images, analyze different areas of your site, or remove URLs from the Google search results. These tools can really prove handy when it comes time to fine tune your site and boost traffic.
Google Webmaster Tools is a must-have for the serious webmaster. The package offers a number of great features and all of them are free to use. To get your hands on Google Webmaster Tools, you can purchase a web hosting plan from a host that offers it or simply get it directly from the search engine masters themselves.
Tags: bot, crawls, Google, Google Webmaster Tools, Meta Tags, search engine robots, SEO, sitemap, spiders, webmaster tools
Posted in Search Engines | No Comments »
June 24th, 2009
Whether you run a blog or e-commerce site, staying on top of all the management aspects can be a real challenge. This is especially true if you are running more than one website. There are several areas that must be tended to if you truly want your site to be a success. Lucky for you, there are also a number of software tools that can make your job as a website owner a lot easier. This article will introduce to a few programs that can help you manage your sites more effectively.
Search Engine Tool
If your site is already up and running, you are probably looking for a way to increase its visibility. If not, it is very likely that your audience will never even find out what you have to offer. One tool that can be very helpful at increasing your visibility is called the Cyber Fetch Website Submitter. This powerful application makes it easy to submit your site to all the major search engines. It can also aid in the process of managing your ads, that is, if your site is compatible with one of the three template sizes. You can the use Cyber Fetch Website Submitter tool free for up to 20 sites. After that you will have to pay for a $35 subscription. This is a pretty decent trade off when considering that 20 sites will provide you with more than enough time to evaluate the product before you are required to pay to use it.
Website Update Tool
When it comes time to perform some self-updating, you can turn to an efficient tool such as Website Manager. Now on version 5.3, this software is a powerful web publishing wizard that takes the pain out of updating a website. Not only does it allow you update individual files, but also the entire contents of your site. Website Manager is a great tool for owners of busy sites who want to save time when making minor or major adjustments.
Backup Tool
The more content you add to your site, the greater chance you stand of losing everything you worked so hard to build. Of course we don’t wish any disasters upon you, but web servers crash and get hacked all the time; it’s just the way of the web. Even if you have invested in what appears to be the most secure web hosting solution, it is still wise to employ a few security measures of your own and it all begins with backing up your website data. There are a number of tools available for the job, but one of the most user-friendly is Website Ripper Copier. This tool gives you the power to save individual files or backup your entire website. You can also choose to perform manual saves or automated backups at intervals of your choosing.
A Word of Advice
When relying on software tools, you should use them to simplify your administrative tasks, not completely replace them. If you become overly reliant on them, you just may end up with a site that has too much automation and doesn’t appeal to your visitors. Until computers take over the world, the hardware and its associated software components will never be able to replace humans and perform every single management task.
Tags: backup, Cyber Fetch, ripper, search engine submission, search engine tool, Software, software tools, Website Manager, website update
Posted in Software | No Comments »
June 23rd, 2009
CSRF is one of the latest weapons website hackers have added to their arsenal. Short for cross site request forging, CSRF is an exploit that basically works by abusing the trust of your website users. Let’s go over a few examples of this attack so you can better understand what it is and how to prevent it.
Manipulating the Client-Server Model
In the average scenario, the communications between a client web browser and web server go something like this:
- The client makes a request to the server
- The server sends back a response
- The client accepts the response and displays content to the user
Let’s say you have a thriving blog community and other users are allowed to post to your site. To create a new blog entry, a user would have to visit your site, sign in, post their content, click the “add entry” link and submit the resulting form. Now think about what would happen if a malicious user were to copy that same blog form and host it on their own site. They could easily hide the fields, modify the wording and much more to disguise it. Unfortunately, there isn’t much to stop them from taking your form, changing it, placing the modified version on their site serving it to other users. Now this is where the cross-site aspect comes into play. If the attacker can persuade or trick a user logged onto your site to submit the form, the request will be processed utilizing their credentials stored in the cache. Since they are trusted on the site and logged in, the request would be processed and the unknowing user would have posted a new blog entry they didn’t write or no nothing about.
CSRF in Action
Here is a step by step example how cross site request forging works:
- An attacker copies a form from your site.
- The attacker then persuades or tricks a user with login credentials to your site to submit the form.
- The server hosting your site receives the form request and processes it, unaware that the submission was made by a malicious remote source. In the eyes of the server, the logged in user has authorization, allowing the attacker to easily bypass authentication.
- When it is all said and done, the unknowing user has contributed to the attack and appears to be the source of the problem.
Solution to CSRF
The best solution to the problem of cross site request forgery is potentially invasive but quite simple. Instead of serving forms to clients and processing them without regard to source of submission, add a session token to the form . By doing so, when a form is submitted, the token will be analyzed. If it matches the token sent with the form, processing occurs. If not, you will know and should become immediately suspicious. This move prevents a CSRF attack because the remote server no longer has a way to serve a valid form. Since it cannot predict the secret session token, request for submissions will always fail.
Tags: cross site request forging, CSRF attack, hackers, malicious user, request forging, session token
Posted in Security | No Comments »
June 22nd, 2009
All you have to do is type the words “web hosting” into a Google or Yahoo search engine and you will literally receive millions of results. With so many choices, how can someone new to web hosting pick a solid company out of all these options? It can be a frustrating ordeal but keeping these four elements in mind should help you narrow the field.
1.) Responsive Technical Support
When it comes time to choosing a web host, support should be one of the first items on your list. This is especially true if you have no experience maintaining a website. Although some companies will try to sell you service wherein their only means of contact is a email address, don’t fall for that. Make sure a phone number is also available so that you can immediately address urgent issues. An ideal hosting solution comes attached with support 24 hours a day, 7 days a week. When considering that technical issues could occur at any give time, this is only practical. There is nothing worse than having a web that refuses to come through in your time of need.
2.) Track Record
You should also take the hosting company’s reputation into consideration. What is their status in the industry and what other customers saying about the service? While many web hosts often post testimonials on their website, you should never put all your faith into them. Instead, check around the web in message boards and forums to get an ideal about what real customers have to say. Even then, you want to take such feedback with a grain of salt as some negative comments are merely coming from disgruntled users. It is indeed a very fine line and truthfully, there is no surefire way to predict a company’s longevity. You can however, weed out the pretenders from the beginning and better the chances of landing yourself a reliable service.
3.) Useful Features
It is wise to make sure a particular web host as all the features and services you need before hitting that sign up button. You may only require a few web pages at the moment but what about the future? You need to plan ahead and seek out a flexible solution that can be easily scaled with the growing needs of your site. An experienced user will tell you that it can be a rather time-strenuous task trying to pack up your files and move to a new host that can offer what the last one couldn’t. Likewise, purchasing add-ons for features you overlooked can prove to be a cost prohibitive venture.
4. Reasonable Price
Though maybe not as important as the elements above, price remains very critical to your decision. On the hosting market, the prices range from cheap to astronomically high. For the most part, this all depends on the type of service you require. With that said, it is a good rule of thumb to never jump on a hosting plan merely because of a low price and do all you can to find one that is reasonably priced and inline with your budget.
Tags: flexilbe web hosting, new to web hosting, technical support, web hosting needs, web hosting track record
Posted in Introduction | No Comments »
