CloudFlare Partnership

We are pleased to announce our partnership with CloudFlare.

We have chosen CloudFlare as a partner as they have developed an effective yet simple solution which protects and accelerates websites. Once your website is a part of the CloudFlare community, your users will experience faster page load-times and improved performance.

What is CloudFlare?

CloudFlare is a CDN (Content Delivery Network) with a security layer.

CDN is a collection of servers which are distributed across many global locations to deliver your website content faster and more efficiently to your users. Depending on the users location, CDN selects the server which is nearest to the user and loads your website content from that server.

It works in conjunction with your existing hosting service and caches static content for your site. This lowers the number of requests to your servers. There are several advantages in using the CloudFlare system.

Advantages of the CloudFlare system:

• Site Performance Improvement: CloudFlare has proxy servers located throughout the world. Proxy servers are located closer to your users, which means they will likely see page load speed improvements as the cached content is delivered from the closest caching box instead of directly from our server. There is a lot of research which shows that the faster the site, the longer a visitor stays
• Bot and Threat Protection: CloudFlare uses data from Project Honey Pot and other third party sources, as well as the data from its community to identify malicious threats online and stop the attacks before they get to your site. You can see which threats are being stopped through your CloudFlare dashboard https://www.cloudflare.com/your-websites.html.
• Spam Comments Protection: CloudFlare leverages data from third party resources to reduce the number of spam comments on your site
• Alerting Visitors of Infected Computers: CloudFlare alerts human visitors that have an infected computer that they need to take action to clean up the malware or virus on their machine
• Offline Browsing Mode: In the event that your server is unavailable, visitors should still be able to access your site since CloudFlare serves the visitor a page from its cache
• Lower CPU Usage: As fewer requests hit our server, this lowers the overall CPU usage of your account
• New Site Stats: You have good tools to evaluate human traffic coming to your site, but no insight into search engine crawlers and threats. With CloudFlare, now you do.

How does it work?

CloudFlare powered websites see a significant improvement in performance and a decrease in spam and other attacks. People view your site through an accelerated path that uses the shared security knowledge of thousands of other sites to automatically detect and block malicious traffic.

The end result being that your pages load faster and are more secure.

A reason to backup your backups

Australian domain registrar and web host Distribute.IT suffered an attack on Sat, 11th June. The company said: “The overall magnitude of the tragedy and the loss of our information and yours is simply incalculable; and we are distressed by the actions of the parties responsible for this reprehensible act.”

Unable to fulfil its role as an accredited registrar, auDA gave NetRegistry Pty Ltd its consent to acquire Distribute IT’s .au registrar accreditation and customer base on Wed, 22nd June.

The security attack was so sophisticated and calculated that customer data, emails and websites hosted on four of its servers were deemed by experts to be unrecoverable. Subsequently, Distribute.IT advised that 4800 accounts had been affected by the hack. The demise of Distribute.IT looks well and truly sealed.

Distribute.IT had always been a valuable supplier to Net Solutions. Alex, Carl and the rest of the team were always approachable, helpful and provided superb support. This is a devastating situation, and I sympathise with everybody who lost their content.

So what can we take away from this?

The domain names were largely under control with many resellers hitting the airwaves at whirlpool.net.au. Net Registry’s Larry Bloch and Brett Fenton were there to listen and offer support.

Some 4800 customer websites were totally wiped with no chance of recovery. Even though Distribute.IT had backed up data from their clients’ sites, all the backups were on-site and subsequently targeted by the attackers. Some customers found themselves scraping the ‘Way back machine’ to recover whatever they could.

What I can suggest is backup, backup and backup! Backup your data on the server, backup your data off-site and backup your data locally or to your computer. It’s not good enough that your only backup exists in the same place as your website does. Ask your web-host about backup options. It will more than likely cost you more money, but ask yourself what would it mean if you lost all your data and how much would you be prepared to pay to recover from a disaster such as Distribute.IT’s.

For CMS’s and Blogs use a tool like MarsEdit to write posts and duplicate them. There’s a lot of information and plugins out there to help you backup your data easily and seamlessly.

You cannot afford to be too over-protective of your data.

WordPress.org Security Alert

A few days ago WordPress.org announced another server-level security breech at the WordPress.com servers… WordPress quickly made moves to mitigate any security risks.

The original post is at http://wordpress.org/news/2011/06/passwords-reset/

“The WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavoury.

We’re still investigating what happened, but as a prophylactic measure we’ve decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plugin or theme, you’ll need to reset your password to a new one. (Same for bbPress.org and BuddyPress.org.)”

Some people have interpreted this to mean that WordPress itself has security problems which has caused concern from some of our users.

Please note that this exploit does NOT impact individual WordPress installations that individuals have installed through their cPanel or had Net Solutions install for them.

If, in the last week or so, you have installed updates for the WPTouch, AddThis or W3TotalCache I would suggest you check your copy from the repository (or plugin search) ASAP. The particular exploit gained access to WordPress.org and the plugin repository.

There are always risks associated in hosting any CMS but many of these risks you can mitigate through good password management, security updates and choosing a great web host that offers WordPress maintenance.

You also must not forget to do frequent off-site backups to deal with any potential catastrophe.

Why do websites need to be maintained?

There is a commin misconception that once your CMS website has been built, you don’t need to do anything more to it other than add content. This may be true if you have purchased a managed hosting account where someone looks after your website, but if you manage the website yourself, you have to maintain the software properly. There are four major reasons why websites must be maintained.

Updates

The only constant thing is change, so as Operating Systems and Virus definitionas get updated, Softwares must also be updated. The Internet is made up of the good, the bad and the ugly. People will attempt to break into your website on an hourly basis and if you fail to secure your website, they will get in. You have to take proactive measures to check and update all software used on your website.

Check

Despite all your attaempts to keep a site perfect some site errors are just inevitable. Broken links, slow page loads, codes or pieces of software that suddenly stop working. All these things can affect the browsing experience for your users. Aside from these, and perhaps even more important, is to check for security loopholes or areas where a website is vulnerable for malicious attacks. This is critical especially if important transactions are being conducted through the website.

Repair and Clean Up

if errors and other defects are found, they must be addressed right away. Installing security patches, new tools and softwares, removing unnecessary programs or even re-writing code maybe needed to keep the website in optimal state.

Back Up

E-commerce and business websites often keep a database of sensitive information. Nobody wants to lose such a valuable asset that’s why having a backup is a must. Websites run on servers and servers are not immune to disk crashes and other faults leaving the webmaster powerless. For this reason proper backups should be performed on a regular basis regardless of maintenance schedule. This is to ensure that when the unwanted happens, a backup will come in handy to save the day.

What is Website Maintenance?

Website maintenance is an activity that aims to keep a website maintained and running as expected. Regular maintenance is critical to the function of a website. Websites, like cars and computers, must be tuned-up and checked for errors to ensure that it will serve its purpose well. Ideally Website Maintenance should be performed on a regular basis.

What Goes On During Website Maintenance Period?

During website maintenance, any one or all of the following may be carried out:

• Check for errors and broken links
• Check for security holes
• Install new tools, plugins and functions
• Update contents
• Update back-end platfom and software patches
• Back up database and content

Because of this, a website may be required to temporarily shut down in order to facilitate these maintenance activities. If this is the case, a webmaster can send notifications to users and readers, put up a “maintenance page” whenever someone views the site, or redirect the visitors to another site or page providing them with limited but important functionalities to ensure that business or transactions will be not halted completely.

Why do websites need to be maintained?
The answer is obvious. A website needs regular website maintenance to function properly amidst update and changes on the internet, malicious attempts and attacks, data server crashes and other online issues.

SCAM Warning – Domain Renewal Group

We have received many complaints from our customers who have received letters from the Domain Renewal Group claiming to offer to renewal of their domain names they have registered.  They obtain information about individual domain names that are close to expiry.

It is not unusual for individuals who are busy with their day to day work to overlook which registrar the domain was registered with. The Domain Renewal Group try to take advantage of this fact. They feel it is quite legitimate to catch people off guard and scam them for money. A quick google search on their company turned up lots of information about this scam. In fact all the results I see in Google are complaints about this company rather than any services they provide.

If you read the letter carefully, you realise that they are using an approach called slamming, which tricks you into switching your domains to another company. Specifically, they are highlighting each domain that is due to expire and that I risks associated with losing the domain name unless you renew with them. They don’t highlight any risks such as losing all your email and website when you switch over to them.

Although the letter states that it is not a bill, it has been designed to look like an invoice. An interesting aside is that they offer other variants of your domain name in the hope they can SCAM you registered other domains too.

If you receive a letter like this from Domain Renewal Group or from anyone else contact your own registrar or the person who maintains your website before parting with any money.

Revealing Email Headers

When a fraudulent phishing e-mail or scam, arrives in your mailbox, there is no danger to you unless you reply to the message. The ACCC’s SCAMwatch website provides information on common scams. The website has tips on how to protect yourself from scams and report them to the relevant agencies.

We encourage all customers to forward any and all spam to ACMA. In order for ACMA to do anything about the spam you have received, you must include the full email headers in the email that you forward.

Full e-mail headers are needed to investigate any phishing attempt so that the source of a message can be revealed. To retrieve the full headers from a message, you will need to locate it within your e-mail client. Instructions for locating and copying e-mail headers in different e-mail clients can be found at: www.spamcop.net.

Below is a quick set of instructions in how to reveal email headers in Outlook 2003 and Outlook 2007

1. Open the offending email.
2. Click on the word View in the menu bar.
3. Select the option Options.
4. The Message Options dialog will apear.
5. Right-click on the text in the Internet Headerssection.
6. A submenu will appear.
7. Choose the option Select All.
8. The text will appear in inverse video, indicating that it is selected.
9. Right-click on the selected text.
10. A submenu will appear.
11. Choose the option Copy.
12. Click on the Close button.
13. The Message Options will disappear and you
    will return to the offending email. Now you have the message in your buffer.

A Sample phishing mail

Below is a more detailed look at email headers, it is not for the faint hearted.

Return-Path: <(Aktiviere JavaScript, um die Email-Adresse zu sehen)>
Envelope-To: (Aktiviere JavaScript, um die Email-Adresse zu sehen)
Received: from [84.120.132.215]
 (helo=84-120-132-215.onocable.ono.com)
 by example.com with smtp (NetMail-SMTP 1.16);
 Sun, 10 Oct 2004 03:40:32 +0200 (CEST)
Date: Sun, 10 Oct 2004 05:39:35 +0300
From: CitiBank <(Aktiviere JavaScript, um die Email-Adresse zu sehen)>
MIME-Version: 1.0
To: (Aktiviere JavaScript, um die Email-Adresse zu sehen)
Subject: CITIBANK REMINDER: UPDATE YOUR DATA

The sample above shows a very typical mail header. In this case it is even a so-called phishing e-mail, offering a link to a faked website which looks like the one of a bank, but then captures (fishes) your log-in data to use it for fraud. We have changed the recipient’s address to (Aktiviere JavaScript, um die Email-Adresse zu sehen) for privacy reasons. Let’s look at the header lines one by one.

Return-Path: This line is not created by the sender but inserted by the receiving e-mail server using the address behind MAIL FROM in the SMTP dialogue. It is not verified. In most cases (but not all) it is the same as in the From: header line which your e-mail client displays as the sender’s address. Since there is only one MAIL FROM during the SMTP dialogue, there should be only one Return-Path line. An empty address like <> is allowed if the mail is from a Mailer-Daemon or a similar automated sender which cannot receive answers.

Envelope-To: For routing the received e-mail to the intended recipient(s), many e-mail systems insert this line using the address(es) from RCPT TO in the SMTP dialogue. While this is not really necessary for mails where all recipients are behind To: or Cc:, it allows the correct routing even for a Bcc: addressed e-mail. Unfortunately, the syntax is not standardized. “X-Envelope-To:”, “Delivered-To:” or “X-Pop3-Rcpt:” are some alternative forms. Angle brackets around each address are optional.

Received: While our example shows only one Received line, two or more of them are typical for most e-mails. Each mail server the e-mail passes on its way from the sender to the recipient inserts its own. The topmost is the newest, created by the server nearest to you, and you should rely on this one only, since all following lines may be faked. If there is only one Received line in the header, the sender did not deliver it via the SMTP smarthost of his local provider, but sent it directly to your server or your provider, which is very typical for spam and viruses. The format of Received lines is not always exactly the same, but in most cases it consists of this information:

• IP address: If the topmost Received line is created by your local mail server or your provider, the true IP address of the sender is shown here (which is 84.120.132.215 in our sample above).


• HELO identification: The HELO command is used by the sending SMTP client to identify itself (…ono.com here, obviously an ISP in Spain). Note that HELO should display the reverse-DNS name of the IP, which surprisingly is the case in this phishing e-mail, but for many spam and virus mails it is just a fantasy name. If the IP address is not in your local LAN, a HELO name without dots is definitively faked. In the sample above, the sender apparently used a reverse DNS request to find out his local domain name in order to send a realistic HELO string.


• Mail server name and system: The line "by example.com with smtp (NetMail-SMTP 1.16)" shows the (or at least one) domain of the server receiving this e-mail, the protocol used (typically SMTP) and the server software (the NetMail SMTP module in this sample).


• Recipient (optional): The recipient’s address is sometimes given behind the keyword "for" in the Received line. This may be useful for BCC-addressed mails. If there is no Envelope-To line (or similar), then this may be the only place where the intended recipient address can be seen. However, this field is optional. Furthermore the SMTP standard only allows one address there, so this information is often suppressed for multi-addressed mails.


• Date and time: Assuming that the clocks of all systems involved are not too inaccurate, you can see when a specific server received this message. Note that the local time zones may be different. The difference to GMT/UTC is given as a signed 4-digit number. For instance, +0200 means 02 hours and 00 minutes earlier than UTC. Some systems add the name of the time zone in brackets for better readability. A few proprietary, typically American systems replace the number by the time zone name like EDT (Eastern
  Daylight Time), but this is a bad idea since it is often ambiguous: EDT is valid in the US (UTC+4) as well as in Australia (UTC+11).

Date: The date and time when this e-mail was created. It is not necessarily the time when the message was actually sent to the Internet. The format is the same as the one used in Received: lines described above. Since it depends on the client’s system clock, it may be more inaccurate than the times in the Received lines created by well-adjusted servers.

From: The alleged sender of this e-mail. If an answer is requested to a different address than the one behind From:, a Reply-To: line is added with the address where an answer should go to. Both may be completely faked. It is crystal-clear that citibank.com would never send their mails over a cable access of ono.com in Spain. For most normal mails, the From: line shows the same address as the Return-Path information in the header, but this is not required. Typical From lines are (comments added in brackets):

From: CitiBank <(Aktiviere JavaScript, um die Email-Adresse zu sehen)> (as in sample above)
From: "CitiBank" <(Aktiviere JavaScript, um die Email-Adresse zu sehen)> (quoted real name)
From: (Aktiviere JavaScript, um die Email-Adresse zu sehen) (no real name given)

The From: address in the sample above is faked, of course: The word “antifraud” and the name of the bank are simply intended to confuse the recipient.

To:, Cc: Displays the recipients except the ones sent as Bcc. Some badly implemented clients even send a Bcc line, but this does not conform to the standard since Bcc addresses should not be visible to other recipients. When sending an e-mail, the SMTP dialogue uses RCPT TO for all destination addresses, so the things behind To and Cc (just as all the other content of the message header and body) are completely irrelevant and may be even faked. The possible address formats are the same as for From (see above), multiple addresses can be separated by commas.

Subject: The subject of the e-mail. It is interesting that it is uppercase-only in this sample; this fact could add some percent to a probability value that an e-mail is unwanted spam.

Avoid Fraud and Scams

Almost everyone will be the target of a scam at some time – you may have been already. Some scams are easy to spot, while others can happen without you even knowing it. It is designed to trick you into giving away your money or your personal details. Scams succeed because they look like the real thing and are crafted to appeal to your needs and desires.

Common scam include:

• lottery and competition scams
• investment or ‘get rich quick’ scams
• money transfer requests or ‘Nigerian’ scams
• banking and online account scams
• employment scams

The people who run these scams (scammers) are imaginative and manipulative; they know how to push the right buttons to produce the response they want.

Many scams originate from outside Australia and once money is sent overseas it is virtually impossible to recover.

SCAMwatch is a website run by the Australian Competition & Consumer Commission (ACCC). The aim of SCAMwatch is to provide information to consumers and small business about how to recognise, avoid and report scams.

Scams that are reported to SCAMwatch will be analysed by the ACCC. Many scams originate overseas or take place over the internet, making them very difficult to track down and prosecute. If you lose money to a scam, it is unlikely that you will be able to recover your loss. The ACCC publishes this website to help consumers recognise scams because prevention is definitely a better option when it comes to scams.

Some tips for protecting yourself from phone scams

• Be suspicious of unexpected calls and text messages.
• Hang up. Or text ‘STOP’ to unwanted messages.
• Don’t give your number to just anyone.

Some tips for protecting yourself from internet scams

• Keep your protection software up-to-date
• Don’t respond in any way to unsolicited emails
• If in doubt, delete