Keep your email communication protected with SSL

SSL Certificate

One of a most common vector to attack a company is its email.  According to a recent study, there are about 2.5 billion email users worldwide.  And a huge volume of documents are shared over email. So, is email a secure way to share files? Probably not! In last two years 60% of companies have experienced a data breach, and reason for majority of attacks was poor email security practices. So, try keeping your email communication protected with SSL.

Continue reading Keep your email communication protected with SSL

5 Reasons why You must have Managed Services for Cloud

You probably heard about Amazon Web Services (AWS), Microsoft Azure, Google Cloud and you know all these function as cloud storage. Some of you might already purchase one of these cloud for your business purpose. But, who do you choose to manage it? By choosing the right people for managed cloud services can bring you a lot of advantages. Continue reading 5 Reasons why You must have Managed Services for Cloud

Virally growing attacks on unpatched WordPress sites affect ~2m pages

Recent Situation

Attacks on websites running an unpatched version of WordPress are increasing at a viral rate. Number of defaced pages is 2 million. The reason was a serious vulnerability in the content management system came to light nine days ago. The figure represents a 26 percent spike in the past 24 hours. Continue reading Virally growing attacks on unpatched WordPress sites affect ~2m pages

SSL certificate – Your key to E-commerce Security

We can imagine more entrepreneurs will join e-commerce because of its overall low entry barrier. So the growth rate of the industry will be remarkable in the next few years. It is worth noting that one of the major factors that will have a significant impact on the growth of e-commerce is SSL certificate. It can boost the confidence of customers. Since the security and as a result, traffic on your website will be automatically boost.

Continue reading SSL certificate – Your key to E-commerce Security

If you don’t use Web Application Firewall what more you deserve to be hacked

 

Web Application Firewall / WAF

It is a form of firewall which controls input, output, and/or access from, to, or by an application or service. The way it operates is;  monitoring and potentially blocking the input, output, or system service calls which do not meet the configured policy of the firewall. We can assess its capability by the functions like; controls applications or services specifically, unlike a network firewall which is – without additional software – unable to control network traffic regarding a specific application.
Web sites are becoming increasingly important for companies and organizations. Web site manage crucial information and business processes, therefore their reliability, usability and overall quality are central issues. Web security is therefore on the management agenda of most public and private organizations as these issues fall under IT-security.

Significance of Web Application Firewall / WAF

Web applications are basically software programs which are accessible from the Internet. They play a major part in the overall security of a web site. Even though companies install network firewalls , patch off-the-shelf software and protect communication  with heavy encryption, there are many ways to attack the logic of the custom-made application code itself. Web applications often access critical data sources and internal systems. Therefore the prime target for more serious attacks.

Web Application Firewall is a tool which we use to protect web applications from attacks. We deploy WAF in front of a web application (or a web server) and intercept the traffic between the clients and the applications in order to:

  • Prevent unwanted user input to reach the application.
  • Prevent unwanted content that an application can leak.
  • Monitor the application traffic flow.
  • Log transaction data.

WAF intercepts and monitors all incoming and outgoing application-layer traffic (OSI-layer 7)

How a Web Application Firewall / WAF works?

A WAF can be an appliance like a hardware device that you deploy in front of your web server or a server plugin that you install on your web server.

MORGANS

A WAF operates by using two main models:

  1. A blacklist or negative model that denies what is known to be bad: 
    For basic protection, similar with an IPS but with a greater level of application intelligence, a WAF can use generic signatures for preventing well known attacks. Further more specific signatures for attacks exploiting a particular web application’s vulnerabilities. A simple example: deny a certain malicious HTTP GET request and permit everything else.
  2. A whitelist or positive model that permits only what is known to be good:
    For advanced protection, in addition to the signatures, another type of logic that we use: rules that define what is explicitly allowed. A simple example: allow just HTTP GET requests for a specific URL and deny everything else

Benefits of Using Web Application Firewall / WAF

  • Preventing technical application attacks (e.g.:- XSS, SQL Injection etc.)
  • Prevent data leakage
  • Compliance with PCI DSS 6.6
  • Business logic attacks: Preventing flaws in the logic of a business application that abuses its functionality
  • Virtual Patching: fix the security vulnerabilities in your web applications without touching the application.
  • Web application hardening: reduce the attack surface.
  • Monitoring your web application and detecting when attack occur

What you get if you move from share to VPS?

VPS, also known as the Virtual Private Server hosting, is a plan that can provide you access to a private server. Moving from Shared to VPS has clear advantages as it offers a huge level of flexibility, without stretching your budget to a dedicated server It is widely used by small business because it is a cost effective solution. You can install, customize, configure and even manage your own server when using this hosting plan.

VPS can be a good choice because the control and security that is offered to you with VPS is just remarkable. It can provide you such control and customization facilities that you won’t find with any other hosting plan. Moreover, it is secure and it comes with features that are similar to dedicated server. Security and the server crashing issues are also rare. Indeed, there is no interruption from other websites in your server.

More RAM = Faster speed, Better Performance

Does your system suffer from issues such as slow speeds, lagging responsiveness, or inconsistent availability? Adding virtual RAM may be the right decision, but in what amount? Especially for companies starting new website or migrating their current websites from shared hosting accounts to virtual private servers, webmasters may wonder how much RAM they need.

When it comes to virtual RAM, no amount is “too much.” Understanding your company’s storage requirements can help you invest in the resources needed to run your website, application and other virtual operations. It will be efficient and effective as well. What happens when you possess less RAM than needed to run your applications and operating system features? It causes operating system to swap out extra memory data to your computer’s hard drive. This results in a compromising system performance and speed.

VPS in E-commerce

For example, you have an Ecommerce website with about 100 products and cPanel, then experts recommend to have 1GB RAM and above. While they have a 512MB minimum requirement, if your eCommerce site is running with Open Source Ecommerce Platforms (like OpenCart, Woocommerce, etc) you’re not going to get much mileage. With any of the main caching plugins given you’ll have a non cacheable cart/checkout process (and most likely a cart fragment on each page) you’ll need the extra RAM. Particularly if it’s a cPanel managed server. They highly recommend you to  get 2GB to 4GB RAM to get faster eCommerce experience.

Conclusion

VPS has clear advantages for website hosting as it offers a huge level of flexibility over shared website hosting. It is also noteworthy that you do not have to stretch your budget to a dedicated server. Ultimately, a VPS can be the perfect solution. Becuase you need more flexibility, security and customization than a shared hosting plan.

If you don’t want to wait to install your VPS servers for long hours, Instant VPS is a brighter solution. It takes just 1 minute to set up. More information about Instant VPS you can find from the given link below.

Instant VPS

You are new to this technology or confuse which VPS Host Plan to choose? I would recommended to do a Free VPS 30 days Trial before you buy one. A free VPS Trial gives customer confidence to make a right decision.

VPS technology, how much you know?

Virtual Private Server (VPS) is a technology that is designed for all those customers who look for more control than what they get in a shared web hosting account. VPS’s are like shared hosting, but with the power of a dedicated server so it is much more affordable and better performance. In addition, VPS technology provide you with the highest level of security. It is exactly like a dedicated server, complete with customizable firewall protection and it also secures isolated disk space.

More control

Root access permits you to install and configure any programs you wish. Do you want to run PHP with PostgreSQL instead of MySQL? Go ahead: Install it. Or, Want to try out Zope/Plone? Knock yourself out. Moreover, it’s free to host unlimited number of Websites through Apache’s Virtual Hosts. In addition, VPS host other services, such as a mail server, an FTP server, and you can use server for backup, file storage etc. Indeed, with more control over your OS you can reboot it or go for a system restart without affecting other users.

How secure is VPS?

When you have VPS hosting you will not have to worry about the security as much as you do with shared server hosting. This is because you can customize it to the needs you have and make sure you have the strong security. Apart from that, VPS servers aren’t so different from dedicated servers, security-wise. In order to segment the system properly, the host installs a layer of software that dedicates part of the server to you. This partition means that everything that makes the server run (besides electricity) is completely separated from the other customers. Not only will they not be able to crash your websites, they can’t accidentally install malicious code on your server either!

Some other benefits of VPS server hosting

  • VPS hosting offers power and control of dedicated hosting alongside with the affordability of shared hosting. Some of the more important benefits of VPS hosting are as following:
  • Increased Privacy – in VPS hosting you do not have to share your Operating System with other users neither are there websites that in any way has access to your files.
  • Dedicated resources – service providers guarantee you certain amount of resources and it is available to you anytime of the day or night.

Is there any Disadvantages of VPS?

Basically there are two main VPS hosting types – unmanaged (or self-managed) and fully managed. Unmanaged servers require technical skills to set up and a VPS is no different. You may stuck in configuration issues instead of passing the issue off to the server admin of a managed VPS. Most of the time it’s better to avoid the issue altogether and stick to managed hosting – especially non-technical users. Thus, most hosting providers will offer managed VPS’s with support and setup for your server 24/7 basis.

Conclusion

If you have a busy site you really do need at least a VPS. In nearly all cases they are, by design, faster and more reliable than shared hosting accounts. However, it’s able to handle significantly more users and greater complexity. VPS is a Secured Server System, Economically Feasible, and of course it ensures quality as well.

Data center – Backbone of web hosting

One of the most important things aside from knowing your disk space, bandwidth and the popularity of your web hosting is the backbone of your provider. It is a good start to find out what makes them thick and reliable by looking into their data center, the backbone of every web hosting provider that determines the effectiveness of uptime consistency.

This is something that you might rarely if not never consider to understand about what’s going on behind the scene of every web hosting, until your website experiences downtime. Your website might have experienced some downtime over some time, if not a planned downtime, but when you call up to the support center of your provider you often get responses like ‘the problems comes from our backbone and there’s nothing we can do but wait for a recovery’

From there you should understand the significance of their backbone (datacentre) that every web hosting replies on. The backbone is where all your servers of your website are being stored physically. It is located in a secure and redundant power supply to provide the perfect environment for servers to run all day long for non-stop.

For that, it is useful to understand how the physical environment of the data center works. Every data center must have a rigorous control system on the physical environment that include a well design architecture that can supply appropriate air conditioning, backup power, fire protection, and more importantly a good team of management.

The well functioning air conditioning is to maintain proper temperature, as all operating machines will emit heat that causes damage to the hardware and shorten their life-span. So the control of temperature and humidity must be managed with scrutiny.

Unlike any other personal office built data center, most do not have backup power to support electricity failure. But a well-fitted data center contains a few backup powers with one or two more uninterrupted power supplies and diesel generator as contingency. Other facilities such as fire protection system play an important role to safe guard the servers.

Other than that, physical security should also be well managed by the data center’s management that is by allowing only selected personnel to access the servers to prevent intellectual theft or cause any other unforeseen problems. Proactive measures should also be exercise by the management to solve any potential issue early on. Now that you know what other factors determine a reliable web hosting, you might as well do some research on the web hosting’s backbone the next time when you’re looking for one.

How to prevent emails from going into spam folder

There are approx 60 billions of emails transfer daily. About 90% of the billions are spam that includes 64% of spam server from Taiwan and 23% in the US. Email service providers are battling for new ways to deal with spam and legitimate emails more effectively.

Apart from the standard procedure to automatically filters spam emails, you may find your wanted emails or important emails that you sent out to be blocked by the provider and only to find it in the spam folder. As an average businessperson who receives about 25 emails daily on average, some wanted emails might accidentally be trashed out with other spam emails. That moment could sometimes trigger some understandable compulsion to throw some foul words at the computer.

Nonetheless, most email systems have been effective in its own ways to prevent daily spam email that you find annoying. So its guilt for being paranoid over every emails should be forgiven. On the other hand, you can also take some precaution or do some planning to ensure your wanted emails to reach your inbox safely or to reach your recipient’s inbox safely.

Turn off Spam filter.

There are a lots of hypocritical spam filters that are available on the market. Some that claimed to protect clients eventually spam them with their own advertisements or worst selling their database to a third party company. Despite that, there are many genuine ones that if worthy trying. Turning off the spam filters may help you momentarily to receive a specific email at a specific moment and you may turn it on again any sooner.

Scan your attachment

Most email providers have a built-in anti-virus, that means it becomes more sensitive with the content of your attachment. So be sure to scan the attachment yourself before attaching it to the email. Execution files format are more suspicion to anti-virus as most viruses e.g Wormholes and Trojans are created in such format. Try shrinking the file size too if possible and put it in a ZIP file.

Your highly graphic email is ugly

No, probably not because of this as email software does not have wisdom for a taste of design, but emails with graphic oriented are more likely to be mark as spam than emails that contain text as most graphic based emails are categorized as advertisement – spam.

Manual white listing

Another way to prevent wanted emails to go into a spam folder is to perform a manual white-list for the sender. This can be done easily through a few steps of setting the rules in your email services. Other email providers such as Webserver that offers Smartermail email service provides additional service to fulfill clients’ requests through a simple phone call to perform the white listing.

“Mark as not junk”

You’ve probably seen this similar sign many where similar, that by click at it, you instantly white-list the email and puts it back to the inbox. It’s a direct way, but may not be effective, as you would need to do it from time to time in your spam folder digging out your wanted email.

Add as friend

Another more effective way is to add your sender as a friend in your contact list before receiving it. That way, you’d be sure to receive the email from the sender.

Removing sensitive keywords

Some email software have message rules that sets specific keywords on the subject and body message to be marked automatically as a spam email. On the other hand, you can remove unwanted keywords or arrange wanted keywords in advance to have it in the inbox folder of your choice.

Reputation of IP

Aside from the above, it is important to understand that the prevention for emails to reach the spam folder should be done by two parties – sender and recipient. Both parties need to ensure the criteria above to make sure the prevention successful.  For that reason, it is also important to ensure that the IP address of the sender is not blacklisted. If your email is hosted in a large shared environment, your IP address can be on risk as you may suffer the same fate from those accounts who have been banned by email service. To avoid this, use a dedicated server.

How to create a good password

password

The proud profession of a hacker who used to work for the government or people that are considered to be righteous fighting against unethical organizations or governments has now become a daily mischievous activity that irritates and frights many individuals and organizations. They are now considered to be criminals and terrorist who hijacks online properties.

Despite the hackers who live among us, we continue to use the Internet to communicate, study, work, play and socialize. With that, we have so many chores of account to manage that some of us use just one password for all accounts for the sake of convenience. This is dangerous as it puts all accounts in jeopardy  making the hacker’s job easier.

“Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months.” – Clifford Stoll

Viruses are developing equally as fast as the Internet security because hackers are as hard working as the security developers probing for new accounts everyday. Admin who manages massive email accounts are able to witness the constant stream of unauthorized access everyday and new viruses can be detected periodically through anti-virus software.

Unless the Internet comes up with a state of the art technology that requires physical matches such as thumbprint and eye scanning (like those in sci-fi movies) the strength of the password would now would determine how much it could withstand the breach attempts by hackers. Following are some tips on how to create a good password:-


1. Use at least 6 characters or above. The logic is simple the longer it is the more guessing it takes.

2. Avoid picking words from dictionary. Determined hackers would go through dictionary hacking tools of different languages that can also be known as brute force attack.

3. Use combination of alphabets and numbers. The more complicated it seems the better it is.

4. For password with sensitive caps, try using variation of caps.

5. Avoid using same characters for username and password.

6. Try to look for sites that have SSL feature. This feature enhances security and protects information with encryption technology.

7. Use different passwords for all your online accounts.

8. Make it a habit to change password every 6 months.

Through constant change of password and safe practice, the risks are reduced tremendously. Aside from making sure all guidelines for better security is taken care from your side, your provider must also be doing its role to ensure security measures and technology updates from time to time. In Webserver, smartermail users would receive notification when 100 emails have been sent out to prevent emails from being falsified and misused by hackers. Suspicious emails would also be quarantined automatically to prevent recipients from receiving it, until the users have declared it as a safe email.

Technology and the open source of commercial world are leading many opportunities for the development of the internet (and hackers). Although none of the above guide is 100% guaranteed, it is enough to prolong the hacker’s efforts to months and even years.