Winhost blog

Don’t Fall for “I hacked your computer” Scam Emails

by Moises November 14th, 2019

First of all, I want you to understand this email message you received is nothing but a scam and you weren’t really hacked. I’ll explain in more details as you read on.

This is by far one of the best spam email messages I’ve seen since I started working here at Winhost. Not only is it creative but some people are really paying bitcoins to not get “exposed.” That’s why this scam is popular.

Why are people falling for this scam?

This scam is often effective because the email message may contain your real password that you are using. Or, it may contain part of a password that you used in the past.

The email states that the email message was sent from your email account to make you believe that your email was hacked. They may use the following text in their email message to you:

“I’m a programmer who cracked your email account and device about half year ago.
You entered a password on one of the insecure site you visited, and I catched it.”

“I have very bad news for you.
17/07/2019 – on this day I hacked your OS and got full access to your account YourEmailAddress@Yourdomain.com.
You can check it – I sent this message from your account.”

The hacker goes on to claim that they installed a Rat program on your computer and no matter what you do, you won’t be able to stop them unless you pay up. Don’t pay them anything. I’ll tell you why…

You might be asking… “well… How did they get my password?“

Well you probably heard of all of those nasty data breaches that have been reported on the news and all over the internet? If you were not aware or if you have no idea how anyone might have gotten your account information, there is a website that you can use to check your email address – or any known passwords you like to use and see if it’s part of a data breach. The website is called, “have i been pawned?“. This website’s main purpose is for ordinary people to visit and check if their information was part of any data breach. More about the creator can be found here.

Should I really use this website?

Well, the email message you received already contains your single plain text password. Your password has obviously been compromised before and checking how the hacker may have gotten it can’t hurt you at this point. The hackers also have the same tool to check your password. Hopefully, you are not using that password no more. If you are, change your password.

In the website, you enter the password that you received in the spam email. Their search will bring up what company or list contained that same password.

If your password was compromised, you will get the following message.

If your password has been discovered. It will also contain the **number** of times it’s been seen in breaches

“But, they sent me an email from my own email address. So how did they do that?”

Glad you asked. We need to check the email headers and check to see exactly where the email message come from. To get your email header we have the following knowledge base article that shows you how to retrieve this information. An email header may look ugly to a lot of people, but the coolest part is that it tells the story of how you received that email message. Email headers tell a story of the path the email took to get to your inbox.

The email header can be a little tricky to read but you can use some tools to decipher the email header.

The What’s my IP website has the ability to tell you the origin of the email message. Simply copy and paste the email header into the empty field.

Copy and Paste the email header into the empty box on What’s My IP’s email analyzer

Once you paste in the email header, click on the blue Analyze button. You will get the results of the originating IP number. This is the IP number of the mail server that sent out an email message.

You can check if the IP of the mail server is the same IP number or company that you’re using for your email service. If the IPs don’t match, then the email message has been spoofed – meaning someone just used an email system and changed the “From address” to use your email address. Email addresses are easily spoofed. Just YouTube “how to spoof an email address” if you are interested to learn more.

How do I prevent this from happening again? I hate seeing these damn emails!?

If the email messages you’re receiving are in fact being spoofed, then you have to set up an SPF record and DKIM for your domain name. If you’re using our email services we have the following knowledge base article that provides you with the correct SPF record you should use with our email service.

Is there anything else I can do to stop this email scam?

Yes, we also offer a spam filtering service that stops the bad email messages from ever touching our email systems. The spam filtering service starts to work at the MX level of the email service. This occurs when you change the MX record for your domain name to use the spam filtering service’s MX Records instead. The email messages that are sent to your domain users get routed to the spam filtering service first. Within their system the email messages get scrubbed and filtered and only the legitmate emails get sent to your inbox. Also, a nice feature that comes with our Spam Filtering service – if for some reason our mail server has an issue and can’t receive email messages for any reason – the Spam Filtering service holds on to the incoming email messages and sends it to the main mail server once the issue has resolved. Out of all of the services we offer, the Spam Filtering service is by far one of my favorite ones we provide to our customers.

If you have any questions or concerns about any email spam/scams, feel free to reach out to our technical support team.

Visit Winhost to learn more about our Windows hosting solution

Programming 101 Tips: 2 Ways to Add a Loading Icon “Spinner” to Your Website

by Rei Tu November 2nd, 2019

For budding new web developers, here are two ways to add a “spinner” icon to indicate that your website is busy loading data. The first method uses jQuery’s .ajax method and the second method uses Javascript’s new Fetch API. For the spinner icon, we will use an icon from Font Awesome. I prefer this method because it reduces load time. A well crafted css-styled .png/.gif icon would work as well.

First, install Font Awesome by downloading it (you can get the Free for Web version) and then follow the various instructions on their site to add it to your project (look on the right for Using Font Awesome With). Since I am developing with Visual Studio, I just use NuGet’s Package Manager to install it for me. To add it to your web page, add a stylesheet reference in the <head> element. Since I’m using Visual Studio, my reference looks like this:

<link rel="stylesheet" href="/Content/font-awesome.min.css" />

Next, you will also need to install jQuery and add a reference for it as well:

<script src="/Scripts/jquery-3.4.1.min.js"></script>

jQuery can also be installed via NuGet’s Package Manager in Visual Studio.

Now, add the spinner by adding this line to your page in the <body> element:

<div id="Spinner"><i class="fa fa-spinner fa-3x fa-spin"></i></div>

It can be placed anywhere in the <body> element, but I prefer to place it at the top for organization reasons (i.e. easy reference). The <i> element is used to create the font-awesome icon and the “Spinner” id will be used for further styling. Here is the markup for the “Spinner” css:

#Spinner {
    color: blue;
    left: 47%;
    position: fixed;
    top: 47%;
    visibility: hidden;
    z-index: 1;
}

This should place the spinner in the middle of the page and hides it initially until you activate it (i.e. make it visible) via jQuery. The z-index is used to overlay it over a page.

Now, when making your .ajax call, use the following format:

        $.ajax({
            type: "GET", // GET, POST, DELETE, etc.
            url: "https://www.mysite.com/api/dosomething", // some url
            beforeSend: function () {
                $("#Spinner").css("visibility", "visible");
            },
            complete: function () {
                $("#Spinner").css("visibility", "hidden");
            },
            success: function (response) {
                // do something with response data
            }
        });

By changing the value of css property “visibility” using jQuery, you’re turning the spinner on before the ajax call is made and off after it finishes which gives it the illusion that the site is processing data.

If you plan to use Javascript’s new Fetch API, here is the sample markup:

    $("#Spinner").css("visibility", "visible");
    fetch("https://www.mysite.com/api/dosomething") // some url
        .then(response => response.json())
        .then(function (response) {
            // do something with response data
            $("#Spinner").css("visibility", "hidden");            
        })
        .catch(err => {
           // handle error
           $("#Spinner").css("visibility", "hidden");
        });

The spinner is turned on right before the fetch call is made and then off when it completes. I also added it to the catch clause because the spinner would still remain active when it errors out since the code to deactivate it never executes.

Hope these tips help those young and upcoming rock-star developers. 🙂

Visit Winhost to learn more about our ASP.NET hosting solution

PHP 7.3 Running Faster on Windows Server

by Moises October 21st, 2019

PHP 7.3 that’s been recently installed on all of our IIS 8 and IIS 10 servers. One major difference is the speed of PHP sites running on PHP 7.3. Reading the buzz around the internet you’ll see claims that PHP 7.3 being 31% faster than PHP 7.0 and 3 times faster than PHP5.

Curious about this myself, I decided to check to see how much better the speed was for a based WordPress site running on our Windows 2012 IIS 8 Servers.

Users can easily change the PHP version of their site account within the Winhost control panel.

Sites > Site Account > PHP Version

I used Google’s PageSpeed Insights Too l to test a website. And sure enough, I got a lot better results while using 7.3. While just using a base WordPress install with the canned plugins it comes shipped with, 7.3 did in fact preform better than PHP 5.6.

Please note that your results will vary depending on how large your site is and what plugins and themes you are using.

If you’re using an older version of WordPress. Please be sure to update to the latest version before changing your PHP version within the control panel. You should also upgrade all plugins and themes your site is using as well. Otherwise, your WordPress site could break until you switch it back to the old PHP version you were using before. Contact our technical support team if you run into any issues.

If you’re still currently on our Windows 2008 IIS 7 servers. You can contact our support department and asked to be migrated to the newer servers.

Visit Winhost to learn more about our Windows hosting plans supporting PHP 7.3.

.NET Core 3 Hosting is Here

by Curtis October 15th, 2019

We’ve been getting many inquiries about .NET Core 3.0 and we are happy to let you know that we now support framework dependent deployment of .NET Core 3 projects at Winhost.

Some new features include general performance improvements, support for C# 8, support for .NET Standard 2.1, improvements for .NET Core Version APIs, tiered compilation, and ReadyToRun images.

We do maintain a list of the .NET Core versions that are supported on our ASP.NET hosting platform in our knowledge base. But remember, if you do not see the .NET Core version that you want to use on the list, you can always upload your application using a self-contained deployment. If you have any questions about deployment, please contact our Technical Support team.

Visit Winhost to learn more about our ASP.NET Core hosting solution

Fall App Installer Updates

by Rei Tu September 23rd, 2019

The latest version of these apps are now available through the control panel app installer:

DotNetNuke (DNN) 9.4.0 Platform
Joomla 3.9.11
mediaWiki 1.33.0
Moodle 3.7.2
nopCommerce 4.20
Orchard 1.10.3
phpBB 3.2.7
phpMyAdmin 4.9.0.1
SilverStripe 4.4.3
Umbraco CMS 8.1.4
WordPress 5.2.3

Visit Winhost to learn more about our application hosting solutions

Introducing the Winhost Power Plan

by MichaelT June 29th, 2019

In this post I wanted to discuss some background about our recent launch of our new Power Plan.

We receive a lot of customer comments on ways to improve our hosting services, as well as suggestions on features customers would like to see implemented. We try to take all this feedback into consideration and, when possible, work towards turning it into something real.

For example, we received feedback from customers whose sites outgrew the Ultimate Plan because their application required more resources. Applications growing in their resource usage requirement is a general trend we are seeing. Every year, each new version of an application has more features, which typically leads to its need for more server resources to run. We’ve seen this happen with applications like nopCommerce, where the older versions worked fine on our Max and Ultimate plans, but newer versions required more resources than our Max Plan. With its recent conversion to .NET Core and new features, we recommend running nopCommerce on our Ultimate Plan but active nop sites are now hitting the resource limit of the Ultimate Plan.

So we launched our new Power Plan to help resource intensive sites that outgrow the Ultimate Plan. We also built a separate high performance shared hosting infrastructure just for Power Plan users. The servers have less site density and are optimized to run resource intensive applications.

Now let’s dive into some of the Power Plan details. The table below shows some of the differences between the Ultimate Plan and the Power Plan. You’ll see that the you get double the resources on key hosting features.

	Ultimate Plan	Power Plan
Memory Allocation	500 MB	1 GB
Email Storage	5 GB	10 GB
SQL Database	5 GB	10 GB
mySQL Database	5 GB	10 GB
Idle Timeout	20 min	60 min

For a complete feature list for the Power Plan, vist our website. If you have any questions about the new plan feel free to contact us or open a support ticket.

Visit Winhost to learn more about all our Windows hosting solutions

New Power Plan is Here!

by Curtis June 26th, 2019

Today we launch a new fourth plan which we are calling the Power Plan. The new plan includes more resources than our Ultimate Plan.

The Power Plan is designed for extremely active sites, resource intensive applications and customers that need more database storage – basically, for the power users.

The Power Plan hosting platform is on a separate shared hosting environment solely dedicated for Power Plan sites. To optimize performance, we use high performance hardware and the servers have less site density. This also means that existing Winhost sites moving to the Power Plan will require a migration. Of course, if any existing customers upgrade to the Power Plan, we’ll take care of migrating your site.

For more information on the new Power Plan, check out our website: https://www.winhost.com/hosting-plans/power.aspx

We’ll be following up with another post to look at the Power Plan with more detail shortly.

Visit Winhost to learn more about our Windows hosting solutions

Why is my email so slow? Check the email header.

by Moises June 11th, 2019

Having an email message to take forever to arrive can be very annoying and sometimes it leaves people wondering why is this even happening. In this article I’ll show you how to analyze email headers of an email message.

What is an email header?

An email header is a timeline of where the email message went through to get to you and the different email systems it touched during the delivery process. It’s sort of like looking at the tracking information of your UPS delivery. The only way to find out where the slowness is happening is to review the email header of that sluggish email message.

Where can I find the email header?

First, the email message must arrive at the destination before you can review the headers. We have instructions on how to view email headers in our knowledge base. There are multiple ways of viewing the headers. Here is another list that can help you find your email headers.

How to analyze the email header

Email headers can look ugly and hard to understand. Luckily there is a email header analyzing tool provided by MxToolBox.com that can help with that.

Copy and paste that ugly looking email header into the empty field and click on Analyze Header.

In the results, the email server with the longest bar graph is going to be the email server that is causing the most delay.

Why is this occurring?

There are many different reasons why an email message could be slow. One common reason is that the email server that caused the most delay had a large amount of email messages to process. If you see that the latency is happening in one of our email servers, we will gladly check our system for you and the logs to see what might be happening. Please contact our support department via our support portal for assistance.

For the most part most email servers are temporarily handling large volume of emails and will go back to normal performance on their own. However, if you’re seeing this issue keeps happening at a particular email server, you can contact the email administrator of that email system and provide them with the email header as proof.

Visit Winhost to learn more about our Windows hosting solution