Site hosting news, tutorials, tips, How Tos and more

Archive for the ‘Internet’ category


Competition is the Sincerest Form of Flattery

insidewinhost

devproawards

You may remember that last year around this time we reported that we placed fourth in the DevProConnections Community Choice Awards.

Well I’m proud to announce that this year we placed – fourth!

Again.
And just like last year, we’ll take it, since the top three are the same behemoths that eclipsed us last year (Amazon, GoDaddy and DiscountASP.NET).

We feel pretty good about placing above Rackspace, another monster host that could lose more customers than we have and not even notice it.

babypageant

But next year – you’ll see – we’re going to crack that top three!

We’re working hard on some cool new stuff (if I tell you about it now, they’ll fire me), but suffice it to say that we’re always working to make Winhost the world’s best hosting platform, and the kind of place where your sites can be proud to live.

Here’s to fourth place, and nipping at the heels of the giants!

Image: Mary Ellen Mark, “Baby Beauty Pageant Winner,” California, 1992.


How did my email account get “hacked”?

howto

If you’re reading this it’s likely that your email account was recently hacked and now you’re wondering how it happened, why it happened to you. Or maybe you’re just wondering how you can prevent it from happening to you.

Let me start off by saying that there are many different ways an email account can be compromised. In this article I’ll cover three of those methods.

Also note that these aren’t the only way an email account can get compromised. People are always inventing new ways of compromising an email account/system. So by the time you finish reading this article, it’s likely that they will have come up with a few new techniques.

Now lets imagine you’re at the local coffee shop sipping on some hot coffee. You open your laptop and connect to the coffee shop’s WiFi. Why not, it’s free Internet, right?

Now it’s time to check your email messages because you are expecting important news. You open the email client on your computer and start browsing the Internet for, you know, important stuff. An hour passes by and you go on your way to work, home, or school. But did you notice the person sitting across from you with their laptop? He just took your email credentials while you weren’t looking. But how did it happen?

Did it happen while you were in the bathroom?

No.

Did it happen when you went for yet another cup of joe?

Nope.

So how did that person steal your email information with out even coming close to your computer?
Compare Winhost plansEver heard of a Man in the Middle attack? To put a MITM attack in simplest terms, some malicious so and so sets up their computer to act like a router and tricks your computer into thinking that the computer actually is the router. Then the router thinks the shady computer – in the middle of the connection – is your computer.

Think of it as someone tapping into your network connection. Once this starts happening they can view all kinds of fun packets coming from your computer to the mail server (or to any server). Each time you make a connection to the mail server you are sending your authentication credentials through the bad guy’s computer.

From there it’s easy to use a program to filter out all packets containing login credentials. This includes your Facebook, Twitter, and bank account login information as well. Everything.

So does that mean it would be better to just stay away from your local coffee shop?

Hey, no need to be drastic! You can still go and you can still surf the Internet but it may be best if you didn’t use the coffee shop’s Internet connection. Personally, I don’t trust any network that I don’t own or control.

A nice work-around would be to use the Internet connection on your smart phone. Most smart phones have the capability of turning into a password protected Wifi “hot spot.” They also have the capability to tether the smart phone to your laptop. But, of course you will be using your phone service provider’s data plan.

So if I protect myself from that shady “man in the middle,” I’m safe, right?

Not exactly.

Another way your email account could be compromised is with a virus/malware being installed on your computer without your knowledge. This method is the most common and likely way that your email account (and everything else on your computer) can be compromised. I’ve seen what some of these viruses and malware are capable of doing, and it’s scary stuff.

Some of the virus/malware infections come with a nice little tool called a keylogger. What it basically does it logs all your key strokes and sends them to a server controlled by whoever infected your computer with the virus/malware. So any time you enter a username and password, the keystrokes are logged before the login request is sent. It doesn’t matter that the connection from your computer to the mail server is encrypted.

So how did this software get onto your system, or how can you prevent it from being installed on your system?

You can start by practicing the following:

  1. Keep your system/software updated with the latest security patches.
  2. Update your Antivirus programs and run scans on a routine schedule.
  3. Avoid downloading files you don’t recognize.
  4. Don’t open any email messages you didn’t expect to receive. For example: You get an email message with the subject; “Your PayPal account has been limited,” but you don’t have a PayPal account.
  5. Avoid visiting web sites that have a bad reputation. A simple Google Search will sometimes display a warning message in the search results right below the domain name; “This site may harm your computer.

The third way an email account can be compromised is by social engineering. Some email systems come with a nifty “Forgot your password?” tool. So what’s the big deal about this feature? Well, when you were setting up your email account you weren’t thinking twice and just answered the security questions truthfully. For example the signup form has the following questions:

  1. What is your pet’s name?
  2. What is your mother’s maiden name?
  3. Which street did grow up on?
  4. Which school did you attend in the 5th grade?
  5. In which hospital were you born?

You had to pick two of them and answered the two question correctly. No harm done right?

Wrong. The question/answer that you’ve set up with your email account should actually be considered to be your second and third passwords. Why? Because the correct answers to these questions gains access to the email account.

It would be best to answer these questions kind of incorrectly. So, let’s say you chose Which street did grow up on? and What is your mother’s maiden name? and answer to the first question is Main St. and the answer to the next question is Smith.

Instead of using the correct answers, you can add a extra character befor the real answer. For example @Main St. and @Smith. If the system doesn’t allow these type of characters then you can also use a letter before the real answer. For example: QMain St. and QSmith . That way if the malicious person finds out the real information, they will still have a hard time getting into your email account.

You must be wondering how these people even get the information in order to gain access to your email account using the security questions method. The answer is very easy. In this day and age most of us use social media sites Facebook, Twitter, YouTube etc. What’s the problem with social media? Well, the problem is we like to give out to much information.

We all like to share share share. Sometimes we don’t realize it, but we give out too much information. So much information that it makes it easy for a malicious person to gain access to your email account using the security question method.

If you keep these things in mind and think about security in new ways, you will protect yourself from a lot of potential headaches.



What amazon.com looked like in 1969

We showed you The Internet as it was in 1996, but are you ready for the Internet circa 1969?

They were surprisingly accurate in their predictions (even if the film does suffer from mid-century gender stereotypes).



That @#$%&* adaptive spam!

howto

All of us have experienced spam. Spam is unsolicited and unwanted email that arrives in our inboxes. It can range from a minor annoyance to complete disruption of email accounts, or worse yet, can harbor malware, trojans, and viruses.

mailboxrow

Some of us go through a period of time where we do not get spam in our inbox, then are suddenly bombarded with it. Some of us even incorporate spam/content filters, often decreasing unwanted and unsolicited email, only to have a renewed surge of spam activity within a year or so.

While our first instinct may be to contact our email administrators to inform them of increased activity and find out if any email server settings have been modified, let’s not forget our own responsibilities to help prevent, diminish, and combat spam from infiltrating our email accounts.

I want to bring up four points that we all need to think about when we want to protect ourselves from these disruptive and intrusive emails.

First, whenever possible, try to avoid using your primary email address when filling out forms. We see it all the time, at the mall or shopping center a booth is offering a free entry to win a prize. We eagerly fill out all the information to win that car or vacation to the Bahamas, and one of the pieces of information they ask for is our email address.

For things like these, try to use an email address that is not your primary email address. Set up a Yahoo or Gmail account that is used solely for these events, and it will help to greatly reduce the amount of spam that arrives in your inbox.

You might think that creating an alternative email address on your primary email domain will solve the problem. For example, your primary email account is postmaster@domain.com, and you create junk@domain.com. The problem with this method is that you are disclosing your email domain, and spammers can now bombard @domain.com with “guessed” addresses (such as info@, webmaster@, or even entire dictionaries of usernames) which can eventually spill over to your primary email address.

Second, look at this one as a duty or responsibility: never respond to spam! Delete it, and whenever possible, mark it as spam in your email system so that you build a reputation for what is and isn’t spam. The next time you get a similar spam message it will automatically drop it in your “Trash” or “Junk” folder.

In SmarterMail, if you see an email in your inbox that is spam you can go to Actions/Mark/spam. The more you use this, the more you build up your definition of potential spam.

The third good practice is setting up account level spam and content filtering rules. Many email systems have this feature. In SmarterMail you can go to Settings/Filtering. There you can define your own content filtering and spam filtering rules.

Don’t forget Greylisting! When an email network “greylists” messages, they do not accept the initial incoming message, but rather instruct the sending mail server to try to delivery again later (which most servers will do every few minutes). The assumption being that spam servers will not attempt to send the message again, but legitimate servers will. Greylisting will delay legitimate emails though, so it’s up to you to decide to enable or disable this feature. For the most part, Greylisting is a valuable tool in helping keep your email account clean of unsolicited emails.

Finally, if at all possible, try to avoid “catch-all” email accounts. Catch-all accounts will allow any email address to come through. For example, if you have Catch-all enabled, email addresses that do not exist (email1@domain.com, email2@domain.com) will make it into your inbox. There may be a business need to have this activated, but this will greatly increase the likelihood of receiving spam, even with a strong spam filtering system.

The last thing that I would like to mention is the necessity of remaining diligent.

Many of us successfully implement the above practices, reducing or even eliminating spam from getting into our inboxes, only to relax our guard, even temporarily, exposing us to a new series of attacks on our email.

Keep in mind that spam is an ongoing threat, and that spam is adaptive and always evolving. Spammers know that they have to constantly update their procedures and techniques to get through to the greatest number of people.

One of the biggest mistakes that we can make is believing that once we have effective anti-spam measures in place, that we do not have to revisit and update those measures. If that were true, spam would have been eliminated a long time ago.

As spammers find new and more sophisticated ways to infiltrate your inbox, you have to remain vigilant and active in combating spam.



1983-era Jobs (the Steve kind, not the work kind)

Sitting here this morning, as I run through my daily routines of reviewing sales emails, marketing proposals, SEO reports, and general news, I ran across something that made me stop and pause for a good minute. It was a talk by Steve Jobs from 1983.jobsapple

This was pre-Macintosh Steve Jobs. This was still the bright eyed Steve Jobs that had yet to be “removed from his managerial duties” by the board of his own company only to come back as it’s long lost savior almost a decade later. A Steve Jobs that had yet to earn the labels of “Futurist” or “Visionary.” This was just Steve Job, a 28 year old kid talking to design conference… yes a design conference.

See, even back in 1983 Jobs saw that design was something that needed to be given equal attention when working with technology.  It seems something obvious now, but if you think about technology in 1983, design was the last thing on anyone’s mind. PC computers were large briefcase size things that were gray or tan in color.

Even in his talk Steve Jobs says “If you’ve looked at computers, they look like garbage. All the great product designers are off designing automobiles or they’re off designing buildings. But, hardly any of them are off designing computers.” Even in 1983 Steve was looking to change that.

After giving this a listen, I started thinking about 1983. I was 7 years old and already playing with my Dad’s new Commodore 64 typing out BASIC commands to play a game. And after some digging back, I noticed that 1983 was a big year for technology and the internet:

So, an argument can be made that 1983 was a hallmark year for technology and the internet as we know it today. But yet, with personal computing and the internet still in their infancies, Jobs could see what was about to come and where these things could lead.

Listening to the full talk, plus Q&A after, you can hear Jobs talk about ideas and concepts that can be traced forward 25 years later into truths about how we use technology today and every day products like tablet computers. At the end of the Q&A, Jobs even addresses language and voice recognition, which has only now been adopted by the general public with Siri.

So as I’m typing this we have reached the 1 year anniversary, if you will, of Steve Jobs’ passing. For all his flaws (and there were many) it is hard to deny his ability to see past technical limitations and look forward to what he knew was possible.

I was never an “Apple Fan Boy” growing up. In fact I hated Macintosh computers with a passion all through High School and College only using them when all other options had failed. But I did respect how Jobs saw the world in his eyes and was able to rally people around that vision. Listening to this talk only adds to that respect.



The Internet as it was in 1996

I know that when you woke up this morning you thought to yourself, “I wonder what a 1996 instructional video about the Internet would look like?”

Oh, you didn’t?

Well, we have one for you anyway.

Enjoy as a fake fancy archaeologist guides you through the fascinating online world that exists right at the tip of your virtual fingers. Wow!



SEO Hosting – Fact or Fiction?

howto

There are a number of companies that offer what they call “SEO Hosting.” Actually though, “SEO hosting” is a misnomer (that’s a polite way of saying “useless advertising gimmick”), because any site hosted at any hosting company has just as much a chance to be ranked well within a search engine as a site hosted with an “SEO Hosting” company.

SEO in its purest form is about optimizing the content on your site so you are found to be relevant by a search engine. So unless these SEO Hosting companies are writing the content for your site, they have no control over how your site is ranked. In fact, as you review the sites of many of these SEO companies you will find that many of the items they list for SEO hosting are actually SEO tips that are completely unrelated to the hosting of your site (i.e. links to your site, unique content).

The one server-side feature that all of these companies tout as an SEO “feature” is providing your site with a unique IP address. While it can be handy to have a unique IP, it doesn’t really address the issue that they provide it for. All search engines look for patterns across the web. These patterns are used to help decide how to rank sites. One pattern that is examined is IP blocks used by sites that have been penalized for shady SEO practices, are SPAM in nature, or contain malware.

When such a pattern is detected, the search engine will penalize an entire IP block, deeming that IP block a “bad neighborhood.” So even though a unique IP is nice, if the whole IP block is penalized, that unique IP can do you much more harm than good. This is less a tip for good SEO ranking and more a tip to avoid penalties.

If you ask Google and other search engines about this, they will tell you that it is very rare that they have to actually penalize IP blocks in this manner. Normally they are penalizing dedicated servers or VPS servers where one person has hosted a number of bad sites in one place.

At Winhost, many of our customers do their own SEO for their sites, with excellent results for their desired search terms. They have developed their own unique content and have received relevant links to their sites without paying for the links (good SEO rule of thumb; never pay for links!). They have properly tagged their sites, created sitemaps, and use the webmaster tools provided by the search engines (GoogleBing) to ensure that they can be crawled properly by the search engine bots. Doing these things—all of which are unrelated to the host or the server your site is on—will normally result in good SEO for your site.

Keep in mind that when a search engine does not rank your site well, it doesn’t mean that the search engine is making a mistake or penalizing you. What it typically means is that the search engine doesn’t currently find your site to be as relevant for a term as you may like. When this happens it is best to review your site and look for ways to improve the content, as “Content is King” when it comes to SEO. This is also where the above mentioned webmaster tools really come in handy. Search engines want to help you rank well for your terms and these tools are there to help you do this.

But there is no “magic bullet” to get your site a high search engine ranking, and—despite what they may tell you—there is no such thing as “SEO hosting.”



Master of Your Domain – Part 2 – Choosing a TLD (or, The Fall of King .com)

featureoftheweek

It used to be when choosing a TLD (Top Level Domain – the part of the domain name after the dot) you had very few choices, and most people went with .com. Originally .org and .net were reserved for organizations and networks. So your host or your ISP might have a .net domain, but few “normal” sites did. And if you wanted to register a .org domain you had to jump through hoops that involved actually mailing or faxing documents to the registrar.

options

But those weird dark ages passed pretty quickly, and in the early 90s people began registering .net and .org domains to use for their personal sites. In those days it was usually done in order to be different and stand out, as .com names were still widely available. When the common (and not-so-common) words were used up in the .com namespace, .net and .org registrations increased, and for several years, those three TLDs – known as generic TLDs – ruled the roost.

Two letter country code TLDs have been around for as long as .com, .net and .org, but in the early days they were typically reserved for residents of the countries they represented. Then a few of those countries struck on the idea of selling domains on their TLDs, so you saw TLDs like .cc and .tv enter the mainstream.

Now there are very few countries that still enforce resident-restrictions on thier TLDs, which is why we have domains like bit.ly and ma.tt. Country codes continue to open up, as we saw recently when .me opened up registration. And while a lot of startups and social media companies are fond of spelling words with country code TLDs, most people still gravitate toward one TLD: .com

For a personal site, or a small startup venture, most people want a .com domain name. And for good reason. Even though there are more than 250 TLDs that you can use to register a domain, the Internet and the web as we know it today still tends to stubbornly rotate around .com. Need proof? If you’re unsure of a company’s domain name, what’s the first thing you try? Okay, the first thing you try is a Google search, I know, but if you are typing a domain, you’ll try the .com.

So you may spend a week trying to brainstorm a .com name that someone else hasn’t thought of, and find yourself frustrated at every turn. It can seem as though every possible .com has been registered. They haven’t, and I’ll give you a tip for finding your .com in a minute, but first I want to blow the whole idea of a “choosing a TLD” post out for the water by saying:

The TLD that you use doesn’t matter.

Five years ago I may not have made that claim, but the trend is clearly toward search and away from typing domains, so as far as being found on the web (a monumental task in itself, and the subject of another post – or book), search rules, and search doesn’t care how your domain name ends. So if you can force yourself to look beyond king .com, it may be in your interest to do so.

It’s a wide world of TLDs out there. One of them may have your name on it. You may have marketing considerations to take into account, and you should always look at which country some of the more popular country code TLDs represent. For example, .ly is extremely popular, but it’s the Libyan country code, and not everyone necessarily wants to be associated with Libya. No offense Libyans.

You’re probably thinking, “Hey, Michael, you guys don’t even register all these different TLDs, why are you telling me to go to someone else?” It’s true, we only provide registration for a few generic TLDs. That’s because that small handful of TLDs are still far and away the ones that people want to use. This article is for those of you who don’t mind stepping out into the great vast void and seeing what there is to find. It’s cold out there, but I’m told the view is spectacular.

Oh, that tip for finding an available domain in the ever-desirable .com namespace? Join two unrelated words. I know it sounds simple and obvious, and it is. But it’s also an endless source of available domain names, and one most people overlook. If you’re creative, you can find a combination that works for your project in a few minutes. I’ve used that little trick to find dozens of domain names for people who thought they could never find a .com domain.

And when you find your .com (or .net, .org, .biz, .cloud, .club, .info, .name, .pro, .store or .xyz) domain, you can easily register it directly from your Winhost Control Panel.

Wikipedia has a useful list of all TLDs, along with information on country code TLD domain registration. If you want to register a country code TLD domain without a lot of research, sites like EuroDNS can be very useful.