We have chosen CloudFlare as a partner as they have developed an effective yet simple solution which protects and accelerates websites. Once your website is a part of the CloudFlare community, your users will experience faster page load-times and improved performance.

What is CloudFlare?

CloudFlare is a CDN (Content Delivery Network) with a security layer.

CDN is a collection of servers which are distributed across many global locations to deliver your website content faster and more efficiently to your users. Depending on the users location, CDN selects the server which is nearest to the user and loads your website content from that server.

It works in conjunction with your existing hosting service and caches static content for your site. This lowers the number of requests to your servers. There are several advantages in using the CloudFlare system.

Advantages of the CloudFlare system:

• Site Performance Improvement: CloudFlare has proxy servers located throughout the world. Proxy servers are located closer to your users, which means they will likely see page load speed improvements as the cached content is delivered from the closest caching box instead of directly from our server. There is a lot of research which shows that the faster the site, the longer a visitor stays
• Bot and Threat Protection: CloudFlare uses data from Project Honey Pot and other third party sources, as well as the data from its community to identify malicious threats online and stop the attacks before they get to your site. You can see which threats are being stopped through your CloudFlare dashboard https://www.cloudflare.com/your-websites.html.
• Spam Comments Protection: CloudFlare leverages data from third party resources to reduce the number of spam comments on your site
• Alerting Visitors of Infected Computers: CloudFlare alerts human visitors that have an infected computer that they need to take action to clean up the malware or virus on their machine
• Offline Browsing Mode: In the event that your server is unavailable, visitors should still be able to access your site since CloudFlare serves the visitor a page from its cache
• Lower CPU Usage: As fewer requests hit our server, this lowers the overall CPU usage of your account
• New Site Stats: You have good tools to evaluate human traffic coming to your site, but no insight into search engine crawlers and threats. With CloudFlare, now you do.

How does it work?

CloudFlare powered websites see a significant improvement in performance and a decrease in spam and other attacks. People view your site through an accelerated path that uses the shared security knowledge of thousands of other sites to automatically detect and block malicious traffic.

The end result being that your pages load faster and are more secure.

Unable to fulfil its role as an accredited registrar, auDA gave NetRegistry Pty Ltd its consent to acquire Distribute IT’s .au registrar accreditation and customer base on Wed, 22nd June.

The security attack was so sophisticated and calculated that customer data, emails and websites hosted on four of its servers were deemed by experts to be unrecoverable. Subsequently, Distribute.IT advised that 4800 accounts had been affected by the hack. The demise of Distribute.IT looks well and truly sealed.

Distribute.IT had always been a valuable supplier to Net Solutions. Alex, Carl and the rest of the team were always approachable, helpful and provided superb support. This is a devastating situation, and I sympathise with everybody who lost their content.

So what can we take away from this?

The domain names were largely under control with many resellers hitting the airwaves at whirlpool.net.au. Net Registry’s Larry Bloch and Brett Fenton were there to listen and offer support.

Some 4800 customer websites were totally wiped with no chance of recovery. Even though Distribute.IT had backed up data from their clients’ sites, all the backups were on-site and subsequently targeted by the attackers. Some customers found themselves scraping the ‘Way back machine’ to recover whatever they could.

What I can suggest is backup, backup and backup! Backup your data on the server, backup your data off-site and backup your data locally or to your computer. It’s not good enough that your only backup exists in the same place as your website does. Ask your web-host about backup options. It will more than likely cost you more money, but ask yourself what would it mean if you lost all your data and how much would you be prepared to pay to recover from a disaster such as Distribute.IT’s.

For CMS’s and Blogs use a tool like MarsEdit to write posts and duplicate them. There’s a lot of information and plugins out there to help you backup your data easily and seamlessly.

You cannot afford to be too over-protective of your data.

The original post is at http://wordpress.org/news/2011/06/passwords-reset/

“The WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavoury.

We’re still investigating what happened, but as a prophylactic measure we’ve decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plugin or theme, you’ll need to reset your password to a new one. (Same for bbPress.org and BuddyPress.org.)”

Some people have interpreted this to mean that WordPress itself has security problems which has caused concern from some of our users.

Please note that this exploit does NOT impact individual WordPress installations that individuals have installed through their cPanel or had Net Solutions install for them.

If, in the last week or so, you have installed updates for the WPTouch, AddThis or W3TotalCache I would suggest you check your copy from the repository (or plugin search) ASAP. The particular exploit gained access to WordPress.org and the plugin repository.

There are always risks associated in hosting any CMS but many of these risks you can mitigate through good password management, security updates and choosing a great web host that offers WordPress maintenance.

You also must not forget to do frequent off-site backups to deal with any potential catastrophe.

Updates

The only constant thing is change, so as Operating Systems and Virus definitionas get updated, Softwares must also be updated. The Internet is made up of the good, the bad and the ugly. People will attempt to break into your website on an hourly basis and if you fail to secure your website, they will get in. You have to take proactive measures to check and update all software used on your website.

Check

Despite all your attaempts to keep a site perfect some site errors are just inevitable. Broken links, slow page loads, codes or pieces of software that suddenly stop working. All these things can affect the browsing experience for your users. Aside from these, and perhaps even more important, is to check for security loopholes or areas where a website is vulnerable for malicious attacks. This is critical especially if important transactions are being conducted through the website.

Repair and Clean Up

if errors and other defects are found, they must be addressed right away. Installing security patches, new tools and softwares, removing unnecessary programs or even re-writing code maybe needed to keep the website in optimal state.

Back Up

E-commerce and business websites often keep a database of sensitive information. Nobody wants to lose such a valuable asset that’s why having a backup is a must. Websites run on servers and servers are not immune to disk crashes and other faults leaving the webmaster powerless. For this reason proper backups should be performed on a regular basis regardless of maintenance schedule. This is to ensure that when the unwanted happens, a backup will come in handy to save the day.

What is Website Maintenance?

Website maintenance is an activity that aims to keep a website maintained and running as expected. Regular maintenance is critical to the function of a website. Websites, like cars and computers, must be tuned-up and checked for errors to ensure that it will serve its purpose well. Ideally Website Maintenance should be performed on a regular basis.

What Goes On During Website Maintenance Period?

During website maintenance, any one or all of the following may be carried out:

• Check for errors and broken links
• Check for security holes
• Install new tools, plugins and functions
• Update contents
• Update back-end platfom and software patches
• Back up database and content

Because of this, a website may be required to temporarily shut down in order to facilitate these maintenance activities. If this is the case, a webmaster can send notifications to users and readers, put up a “maintenance page” whenever someone views the site, or redirect the visitors to another site or page providing them with limited but important functionalities to ensure that business or transactions will be not halted completely.

Why do websites need to be maintained?
The answer is obvious. A website needs regular website maintenance to function properly amidst update and changes on the internet, malicious attempts and attacks, data server crashes and other online issues.

* jacky.yourdomain.com
* johnny.yourdomain.com
* harry.yourdomain.com

You may be installing WordPress 3 to use the Multi Site features that will require wildcard DNS hosting. In any case your domain should be functioning and propagated before you attempt setting up a wildcard subdomain.

In cPanel Login to your account and look for your subdomain control panel applet.

Now you want to add a subdomain that will point to the location of your content. For WordPress 3.0 install choosing the directory with your .htaccess file as your target. If you only have one domain and site on your account you can point to your base public_html directory.

Click Create and you are ready to add subdomain hosting including WordPress 3.0 Website.

If you have problems because you are hosting many addon domains meaning many domain names with independent sites then you should make sure that the wildcard is pointing to the directory with WordPress 3.0 in it.

You will need to go into WordPress and enable your Network Options after you add your wildcard.

Please also see the cPanel’s website and review documentation .

It is not unusual for individuals who are busy with their day to day work to overlook which registrar the domain was registered with. The Domain Renewal Group try to take advantage of this fact. They feel it is quite legitimate to catch people off guard and scam them for money. A quick google search on their company turned up lots of information about this scam. In fact all the results I see in Google are complaints about this company rather than any services they provide.

If you read the letter carefully, you realise that they are using an approach called slamming, which tricks you into switching your domains to another company. Specifically, they are highlighting each domain that is due to expire and that I risks associated with losing the domain name unless you renew with them. They don’t highlight any risks such as losing all your email and website when you switch over to them.

Although the letter states that it is not a bill, it has been designed to look like an invoice. An interesting aside is that they offer other variants of your domain name in the hope they can SCAM you registered other domains too.

If you receive a letter like this from Domain Renewal Group or from anyone else contact your own registrar or the person who maintains your website before parting with any money.

The existing geo-targeting practices for search and display media focus on targeting by country, state, region and city. This is all based on IP addresses many of which are dynamic or inaccurate.

You can however custom target by entering a street address and defining a radial boundary a mini Google Maps interface. Getting down to detail there is the option of using longitude/latitude coordinates which can be as accurate to within 100 meters.

So, how do you put in place an alternate solution bypassing the inherent limitations of IP targeting? In search, we often develop a second campaign, ideally with a larger targeting radius and implement geo-specific keywords. While the geo-targeted campaign may have the keyword “pizza” this may only hit a portion of the intended geo-targeted audience. To reach the remaining audience, we typically extend the geo-target radius within a completely new campaign with extended keywords such as “Fitzroy pizza”.

But let’s look at how this works when we use IP address location as the basis of location based targeting.

Google uses MaxMind’s database for mapping IP addresses to a geographical location. They claim it is 99% accurate. What is in the fine print, is that it is 99% accurate in determining the country. This figure will not improve, but drop dramatically with the rise in mobile devices, wireless connections.

Accuracy is also defined as being within 40km which means Melbourne and Frankston are local to each other. So searching for a local Pizza Hut while you are in Frankston might give you Universal Pizza in Lygon Street. Still, probably worth the drive as their pizzas are great.

But from an end user point of view, is this considered local? Well no, not to me, I consider local to be within 5km. Like the ads for local businesses in your local newspaper.

The real happening place for location-based targeted marketing is clearly in mobile and mobile applications; in particular, social media applications that emphasize check-ins and connect you to places and people nearby. There is a world of difference, opportunity, and data between marketing location to where a computer resides and marketing location to the person who self identifies, checks-in, and announces their preferences and next stops.

Google has emphasized that location is an immediate and important relevance enhancer. However as the technology continues to evolve it remains both a limiting factor and a promise. HTML5 can allow permission-based, location-targeted ad delivery to consumers browsing on the mobile Web. Currently, it is supported in Chrome and Firefox, but not in Internet Explorer. The use of location-based data remains a point of debate, and just last week Apple posted a warning in its developer forums that if they use location-based data primarily for targeting ads the app will be rejected. Many apps already ask your permission to use your GPS location for app functionality, like the Google toolbar and Foursquare. You can even optionally geotag your tweets.

Likewise, the sharp increase in smartphone adoption all over the world raises both opportunities and challenges. Not only are more people using smartphones, but the devices now cover more of their needs and their day with a multitude of rich, engaging applications – many GPS driven.

Today the database at MaxMind states that it is 83% accurate for the USA and 62% for Australia. I believe this number is overstated and will only get worse which is why the data has not been updated since 2008.

All this makes geographical location services based on IP address unpractical and obsolete.

Net Solutions uses cPHulk which enables a brute force password protection system. With cPHulk, you can set a threshold for authentication attempts on services like POP3, cPanel, WHM, FTP, etc. After a certain amount of attempts, the attacker will no longer be able to authenticate.

BFD Protection is necessary as, there are literally thousands of attempts made every day to gain access to peoples accounts. Users will never notice as cPHulk works in the background blocking access to IP addresses originating from China, Taiwan, Russia, etc.

So while BFD may be seen as an inconvenience if you get locked out, imagine the risks of allowing someone else to gain access to your account by password guessing. What would you have to lose?

Account Level Blocks

This will block access to a specific account for a period of time. If you find yourself blocked and continue to try and authenticate while you are blocked, the time will get extended.

IP Address Level Blocks

This will block your IP address. Block of this type will prevent you from having any access to the server including access to CPanel itself.

Thresholds

Account Level

• How long an account is locked out when it reaches the failure limit: 5min
• Maximum Failures by account: 15

IP Address

• Number of minutes a remote IP is locked out when it reaches the failure limit: 15min
• Maximum Failures by remote IP Address:5
• Maximum Falures by remote IP before IP is blocked for two weeks:30

I got blocked from my own server by BFD! Now what?

In most cases once you have been blocked by your server’s BFD system the easiest way to regain access is to simply create a Support Ticket with our support team. (No need to feel embarrassed. We fix issues like this all the time!)

The vast majority of cases that our support department handles involving customers who are blocked by their own servers are due to FTP clients that contain a saved password. If someone in your company, group, organization, or household changes the password to that FTP account and doesn’t notify you to update your saved password it is quite easy to end up blocked by the server. Most FTP clients automatically reconnect several times if the initial attempt fails, and once your FTP client with the bad password attempts to login several times and fails the server’s BFD system will kick in and block your IP address.

Customers in an office environment that utilize a private network connected to the internet may find their entire office blocked by their server. This happens (usually in a small/home office situation) when multiple computers are sharing a single internet connection, meaning they also share the same public facing IP address. Once a single computer on that local network gets blocked by the server all of the other local computers will find themselves blocked as well.

While this can cause some initial panic there is no need for concern. Even if you are temporarily blocked by your own server that does not mean it is down. It may be ignoring your requests for a short while but it is still working away, handling the tasks from other visitors to your web site(s).

Let’s say for example that a server hard drive is 80GB and has 1200GB of bandwidth. The hosting company has a look around and decides that to be competitive they need to offer plans with 2GB of disk space and 40GB bandwidth. With these figures they can only offer 30 hosting packages per server. This leaves quite a bit of wasted disk space and after a few months the company will probably notice that their users aren’t using all of the available bandwidth. Because of this the company then assumes that it can safely sell at least 10 more packages on the one server. If the original number of customers already covers general costs then the extra packages provided by overselling are pure profit.

The advantage of overselling for the host is that they make more money off each server than they otherwise normally would be able to. The advantage for the client is that this extra revenue is usually transferred on (at least in theory) by cheaper hosting packages with more features.

The problem is that these features are often ‘smoke and mirrors’. A few users would be able to use their entire allotment without any trouble, but if every single client were to build their website up to maximum capacity the host wouldn’t be able to handle the sudden increase in demand without adding extra hard drives, buying more bandwidth, or perhaps even another server. This would most likely lead to a fair amount of congestion and maybe even downtime.

Web hosts aren’t going to advertise the fact that they oversell. It’s not something that will gain them customers and it’s likely to drive away a few. In general however, they’re likely to get away with it without any real problems. The reason the idea even exists is that it is true that the majority of websites don’t use all of the space that’s allocated to them. The problem is that it’s not a particularly honest way of dealing with clients.

Overselling will generally not be a problem unless a host gets too greedy and ends up selling much more than they could possibly provide for. On the other hand, it’s not even necessary as the host can usually make enough money to make ends meet without overselling. It will generally be quite difficult for you to find out whether or not a host oversells unless they specifically advertise it, or they’re well known for having problems due to excessive overselling.

Just make sure you do some research and choose a reliable host, not necessarily the one that appears to offer ridiculous amounts of bandwidth or disk space for far too little money.

As my grandfather used to say, if something is too good to be true …, it usually is. First sniff and then review your choices.

What is FTP?

FTP stands for File Transfer Protocol.  Both HTTP and FTP protocols deal with transferring data across the Internet. FTP is used to upload and download files from your computer to a web server. Download http://fireftp.mozdev.org

Once downloaded follow the the on-screen intructions to install fireftp.

Using Fire FTP

1. Click on Tools the select FireFTP
2. Once FireFTP is open follow these steps to Connect to your Server.
3. Click on Manage Accounts
4. Select New…
5. Go to the "Account Name" field and enter the hostname (usually the website name, i.e cityofmonash.com)
6. Go to the "Host" field and enter the hostname (as above)
7. Go to the "Login" field and enter your FTP username as setup in VHCS2 (ie ftp [at] cityofmonash [dot] com)
8. Go to the "Password" field and enter your FTP password (please note this is case sensitive
9. Click OK to save the account information and to close the dialog.
10. Click on "Connect" to establish a connection.
11. Click OK on the FireFTP pop-up and fireftp will connect to the FTP server

Once you have Connected, you will  find that the local files are on your left and the remote files on your right. You can click on a local file and press the arrow pointing to the right to upload a file to the server.

Similarly, you can click on a file on the right side and press the arrow pointing to the left to
download a file from the server to your computer.

Where should I publish the website content?

All website content files need to be placed in the htdocs directory or folder.

What filename should I use as the default page for my Website?

The web server will look for the following files when no page in the URL is provided.

index.html index.cgi index.pl index.php index.xhtml (all files are case sensitive)

What file permissions should I use?

The UNIX security model allows you to set different levels of access to a file for different groups of people. This allows you to let the web server modify a file via a CGI script, for instance, while preventing other users from having normal access to the file. There are three groups in terms of file access, and three different permission types they can receive.

File Permissions And Groups

The groups are:

• User – the ‘user’ group consists only of the owner of the file (your account, in most cases)
• Group – the ‘group’ group consists of the other users on the server — you can usually remove their permissions entirely if you think it is necessary
• Other – the ‘other’ group consists of everyone else — most importantly, the web server falls into the ‘other’ category

The potential permissions are:

• Read – the ‘read’ permission allows a user or program the ability to read the data in a file
• Write – the ‘write’ permission allows a user or program the ability to write new data into a file, and to remove data from it
• Execute – the ‘execute’ permission allows a user or program the ability to execute a file, if it is a program or a script

Setting Permissions

You can set permissions via FTP by right-clicking (clicking and holding for Mac users) on the file and select Properties in fireftp.

Most of your html files will do fine with a permission of 644 (Owner=Read+Write Group=Read Other=Read). Most script files will need a permission of 755 (Owner=Read+Write+Execute Group=Read+Execute Other=Read+Execute).

Can FireFTP resume downloads?

Yes it can. If you lose your connection, FireFTP will automatically try to reconnect and resume downloading. After this, you can resume a file just by trying to download it again. FireFTP will notice that you have a partial file already downloaded and will ask you whether you want to resume from where you left off click "Resume".

How do I rename a file/make a directory/delete files?

Right-click on the file lists. A context menu will appear showing the available functions you have, along with related keyboard shortcuts.

What is the "View on the Web" feature and what do you put in "Host" and "Prefix" for it to work?

The "View on the Web" feature is primarily designed for web developers so that they can preview images and webpages within FireFTP (using Firefox's latest Canvas technology). It can be found on the "Account Manager" dialog, under the Advanced tab.

If experiencing problems with your connection, follow these steps.

• Do you have the latest versions of FireFTP and Firefox? The latest version can be found at http://fireftp.mozdev.org/
• Are you behind a firewall? Try turning it off temporarily to see if it is the source of your problem. If so, you might have to configure your software to allow FireFTP to access the Internet.
• Does your server allow only active mode? Try turning off "Passive Mode" in FireFTP under your account's configuration options. This is found on the "Account Manager" dialog, under the Connection tab.
• Do you use a proxy? Try setting the proxy under Preferences in the Connections sub menu.
• Have you been able to connect with other FTP clients? Please check to see if the problem is reproducible with other FTP clients.

This should allow your FTP client to establish a connection.