Tag Archives: Website

One day, on a fine morning you woke up and want to see your website and suddenly you see a danger signal alarming that your website has been compromised. For a webmaster it will be the worst nightmare, do you have any such experiences? if so, who do you blame for this?. Security becomes one of the most essential part of the website management these days, as there are plenty of ways your website can get affected with any type of hacking, spamming or hijacking attacks. As a Host Department customer, you may be well protected over servers and network side, but are you really protected from your insides? That is the real question here.. how to secure your website internally?.

You may use the strongest locker in the world to protect your wealth, but what is the use if you left the doors open?. The same thing applies to your website too, we host thousands of websites and rarely receive few of such comprised website complaints. What do we do in such cases?, first we try to understand where is the loop hole and let me tell you something here, it is most of the time an application with an outdated version or some files which have full permissions (777) (read, write, execute), that means you are giving an open invitation to the hackers to compromise your website.We often try to warn our customers to update their CMSs or their blog applications such as WordPress, Joomla, Drupal etc but they ignore it and which ultimately results in to this kind of hacking attacks. Recently in a press release Joomla announced that they deprecated all the 1.x.x versions of Joomla. See this below note from their website..

Joomla! 1.0.x, 1.5.x, 1.7.x – these versions have been deprecated for a very long time and is no longer supported in any way, but there are still websites using it (shame on you!).  Generally denoted by a red stripe across the top of the page, you will find the version number at the bottom of the page.

But still there are lot of Joomla users who are using the same old versions, then how to rock solid your website security?, please read this below instructions to tighten your website security.

10 Ways to Secure your Website:

Step #1: Secure your Directory and File Permissions:

This is one of the most common cause for easily getting compromised, in lot of cases CMS type applications needs 777 permissions to execute few tasks. There is nothing wrong if you want to give full access temporarily but if you leave that file or folder with full permissions for a long time, that means that directory or file can be accessible and writable world wide by anyone. In such cases it is very easy for hackers to compromise and infect your pages. So, what is the solution?. What are the recommended file and folder permissions..?

777 permissions indicates Owner, Group and Public permissions respectively.

Directory Permissions

Recommended Folder and File Permissions:

Recommended directory permissions: 755 (rwx,rx,rx)

Recommended file permissions: 644 (rw,r,r).

Make sure that you always have these permissions assigned to the folders and files in your website, this is one of the important step to protect your website from malicious attacks.

Step #2: Use Strong FTP Passwords:

This is one of the most common blunder of the webmasters, they always use simple passwords for their FTP login, this is one of the worst mistake which can lead to some big problems. To avoid this always use secure passwords.

Secure Passwords

A strong password does NOT, in any way, use your personal information, such as name, phone number, Social Security number, birth date, address or names of anyone you know. You can make use of some great online tools to generate strong passwords, like Random password generator etc. You can also check the strengths of your present passwords using some tools like Microsoft password strength checker or password meter etc.

Also please make sure that you change your password in every week or at least in a month.

Step #3: Keep your Applications up to date:

Open source applications occupied a major part on the websites designing and development, these days a lot of people are hosting the open source CMS applications. We too encourage you to host them, but if you don’t keep them up to date, that means definitely you are in trouble. Several times we try to warn you guys on this, but most of the time webmasters ignore this.

We often try to send you email alerts about these security issues of using the old version of applications, but in mots of the cases customers ignore. We request you to keep your application up to date, there are thousands of people working on the open source projects to keep them up to date and make them secure, then why don’t you benefit out of those free and secure updates?.

Step #4: Secure your pages with SSL Certificate:

Do you have any eCommerce type website?, then do you know that having an SSL certificate for your SSL store is one of the most important thing to protect your customers valuable data and your reputation as well. Even if you have just a page which provide logins for your customers or members, then it is recommended to have an SSL certificate. This will ensure that all the information on your pages over the internet will be encrypted and almost impossible to read by any hackers.

Do you know that Host Department provides cheap SSL certificates?, our certificates starts from $11.95/month.

Cheap SSL Certificates

Step #5: Protect your .htaccess file:

.htaccess file is one of the most important yet most powerful file, which can control the behavior of your website and posses the power to even redirect your entire website to a different one. This type of attacks becomes more popular these days, in this attack a malicious hacker will inject a redirection code to a malicious website. Then, how to protect your htaccess file?, it is simple, as I said earlier do not assign full permissions to your htaccess file or you can write this below piece of code in your htaccess file which do not let any others access your htaccess file.

<Files ~ “^.*.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</Files>

The above code will protect your htaccess file from being accessed by others and will not let hackers inject any malicious code.

Step #6: Keep your home or office PC Secure:

You may ask that how keeping your system safe will protect your web pages?, in a recent survey it is disclosed that 30 to 40% of the malicious files are uploaded by the webmasters themselves, even our experience teaches the same. If your system is infected with the virus then obviously the next job of that virus to make sure that it will inject the malicious code in your web pages while you are trying to upload them or send your login credentials to the remote hacker so he can take care of the rest.

So always keep your PC clean and scan it daily with an updated antivirus program. Check for any unusual behavior before uploading yous files.

Step #7: Use Secure Passwords for your Emails IDs:

Email IDs getting compromised because of the weak passwords is one of the fastest raising issues in the hacking and spamming era. Once a hacker can manage to guess your password using the brute-force attack, he will simply start sending bulk mails to the various emails in the same server or even outsiders. Ultimately your mail server IP get black listed and you couldn’t able to send and receive emails, again you need to request for the delisting from the blacklist.

Emails

To avoid this kind of issues, it is recommended to use secure and strong passwords for your emails IDs. In our personal experience we have seen plenty of such cases, we often used send alerts on your email about the weak password usage, please do not ignore that and change your password to a secure one.

Step #8: Secure your Private and Admin areas with IP restrictions:

It is always recommended to secure your private areas with IP restrictions or at least with an SSL encryption. IP restriction is a bit way advanced yet effective method to stop the unauthorized personnel to access a particular area of your website. If you have a static IP at your home or office PC, it is recommend to set IP restrictions with .htaccess rule, so only your home or office PC can only access that particular area.

Here is an example htaccess code to IP restrict the access to a particular location.

# ALLOW USER BY IP
<Limit GET POST>
order deny,allow
deny from all
allow from 1.2.3.4
</Limit>

The above code restrict all other users from accessing a particular area except that allowed IP (ex: 1.2.3.4). You can replace that IP address with yours and place that htaccess in the folder which you want to restrict from public access.

Step #9: Change your database table prefix:

If you have a dynamic website with back-end database support, then it is recommended to use a different table prefix than a default one comes with your application. Also if you have a raw tables without any prefixes then it is important to add a prefix which hard to guess, this will ensure that no one can able to guess what is your database username, so there is no point of hacking the password.

Database Tables

We also recommend you to please use strong passwords for your database users, do not use same password for all the users. Make sure that each of your password is unique and absolutely strong.

Step #10: Try to have your own virtual private server:

Having your own virtual private server (VPS) is always an added advantage, you can define your own rules and you will have your own server with the choice of your own OS like Windows VPS and Linux VPS. This will enable additional layer of security and make all your data placed in your own server. This may not be a security measure, but worth trying. Because you will get a lot of advantages like writing your own rules installing all type of security applications etc.

Do you know that Host Department offer cheapest VPS hosting with free Plesk panel?, so you can manage most of your tasks using a powerful panel.

I hope you learned few important tips about your website security today, please do drop your comments, questions and suggestions in the comments section below, also if you like this post please consider sharing it with others.

In link building, blogs and articles are two of the most important strategies in building link back to your website. You write your blogs and articles, and then you submit them to article submission sites with back links to your original website. However, now the question is, when you blog or write, which one do you prioritize, quality or quantity?

Quality

For me, this is significant to prioritize. And I know some other bloggers and writers also say the same, that it is important to maintain quality in your blog or article content. Some people say, “No need to blog and write everyday. As long as you can maintain quality, few a week have been quite enough.” I believe it is definitely true. What’s writing everyday if you just write anything without quality?

I’ve experienced that it is sometimes hard to find a new fresh and interesting topic everyday to write. I am sure that although you cannot make it everyday and just make few in one week, it is still helping you in gaining traffic as long as you write with good quality content.

Quantity

As some people are sure it is better to maintain quality more than quantity, some others are sure that it is significant to write or blog everyday and submit everyday. They are still sure that the more you have for blogs and articles, the more back links you get to your website, which means the more traffic you drive to your site.

This is not a wrong idea. You can and should write everyday if you are sure that you can still maintain the quality of your blogs and articles. If you are able to do that, then I will tell you that both quality and quantity are important.

What’s Actually My Point?

From all these, I will conclude that the most important in writing and blogging is quality. However, when you can combine both quality and quantity in your articles and blogs, it is always a better idea.

~Gabrielle~

As it has been mentioned for so many uncountable times, SEO is something you can’t miss when you have a website. Every website owners must maximize their SEO strategy to succeed in online world. Unfortunately some still do not really care too much about this issue.

Some others put their own efforts to succeed their SEO strategies. And some others are sure that SEO is  too deep and complicated to do by their own. They prefer to either hire their own SEO consultant or use an SEO company service. But what’s the importance of using a third party SEO service?

The Difference when You Use an SEO Service Provider

Using an SEO service provider or SEO company or SEO consultant, they will ensure to keep updated with the latest trends in search engine industry. They will optimize your web pages or your campaign with the right strategies so you won’t lose rankings. This is an everlasting process that has no ending. It is a full time occupation that will always need their focus to work on.

Besides, with an SEO service provider, your site will be submitted wisely. There will be reports on ranking to show you site position in various search engine. If you have bad ranking or even no ranking at all, an SEO company will know how to adjust and resubmit your website. This submission is not just a blind submission. Instead, they will submit manually without automated softwares as many top search engines don’t like automated submission.

Even better, using an SEO service provider, you will have not only detailed ranking reports but also  web site traffic reporting to keep you updated with your website traffic. This helps you to see the traffic you receive and where they come from. It is really important for your website growth and profit measurement.

Additionally, they let you know the whole process during the entire process. This means they will explain the steps to you with the proper understandable terms. They will not only work for you to reach the success of your website SEO but also make you understand on how you get there.

And now, whether to use an SEO company/consultant or not is fully your own decision. You can either use any of them or do it yourself.

Previously, I talked about possible federal crime that might happen in online world, especially when you do not really pay attention to TOS you agree during registering an account in a website. Today, I’d like to discuss about another crime that also grows in online world, Cybersquatting – involving trademark infringement/violation.

Cybersquatting is actually also recognized as domain squatting, which is the act of registering or using a domain name owned by another party (person or organization) with bad intention to profit from the already well-known trademark. The cybersquatter usually tries to sell the domain to the person or company who owns the trademark at an inflated price (the prices are a lot higher).

What Are The Cybersquatters’ Strategies?
The first tactic is known as typosquatting – registering various domain names under popular trademarked names. Or, if the domain names have been registered, cybersquatters will wait until the domains have expired and if the owner doesn’t directly register yet, they will register the domain names so that the domain names become theirs.

Besides, cybersquatters also have another techniques called name-jacking – purchasing any famous individual’s name as second level domain names. And then, they will set up a website that allows them to capitalize on any searches done for that name. That means everytime internet browsers search for that name, they will find the cybersquatters’ website.

Usually this can happen to well-known people such as famous doctors, lawyers, financial professionals, actors, actresses, singers, or even real estate agents; whose jobs usually require interaction with the public in general. Why? It is because their potential clients will do some research on the internet about them before trying to contact them to do some business or jobs.

So, if the famous names have been name-jacked, when cybersquatters purchase a domain like for example famouspeoplename.com, the website will appear at the top lists of any searches for those famous people. This is clearly smart but cunning strategy because name-jacking is a very low cost traffic strategy and it will reduce the traffic to the name owner ‘s real website too.

How to Deal with These Cybersquatters?
Cybersquatting has been a common phenomenon in the internet. However, there have been some laws to take care of these cybersquatting issues. One of those is Anticybersquatting Consumer Protection Act (ACPA), which was legalized in November 1999. This ACPA inlcudes a policy in which cybersquatters must pay fine up to $100,000 for each domain name to be found under violation.

Besides, there is also Uniform Domain Name Resolution Policy (UDRP) process that was developed by the Internet Corporation for Assigned Names and Numbers (ICANN). With this policy, cybersquatters are assigned charge up to $2,000 to $3,000 in costs and fees around $10,000 or more. Usually, they will choose this one cause it sounds quicker and cheaper.

Not only that, there is also the international United Nations copyright agency called WIPO (World Intellectual Property Organization) that has been founded since 1999 – providing an arbitration system that allows the trademark holders to attempt to claim a squatted site.

With these policies, they will help us to fight with these cybersquatters for violating our trademarks and copyrights. So, let’s protect what we own with the best effort from now on as these cases keep growing in number and will keep doing so if we do not do something about them.

~Gabrielle~

Hello There! Just few months ago, we improved our affiliate program by perfecting the commission payout scheme. Do you still remember what that is? If it is almost out of our memory, the best thing to do now is to refresh the idea once again.

Recapping – our earlier Affiliate Program allowed commission payout after the new customers from the sales made by our affiliates confirmed to us that they did buy through the affiliates’ websites. However, we found that it is too hassling for our affiliates who’ve spent their time and provided some space for us in their websites to promote our products and services.

That is why we tweaked the scheme much better. No more confirmation needed from the new customers for affiliates to receive their commissions. Right after 45 days of the sales date, affiliates’ commissions of 25% from total web hosting sales are directly cashed out (minimumly $10) to affiliate PayPal account.

What More Have We Improved Recently to Move a Step Further?
Continuing from what we did to improve our Affiliate Program, we have now used the latest version of our Affiliate tracking tool, to ensure that everything runs perfect for our affiliates. Yes, we happily announce that we have upgraded our Affiliate tracking tool (IdevAffiliate) into version 6, with better features and reliability.

With version 6, affiliates can have better marketing features and more accurate statistics about commission and traffic statistics generated from the affiliates’ websites. The marketing features are also complete and help the affiliates to be able to generate sales better, meaning that to get them more commissions from the sales.

The marketing features include the various attractive banners with various designs and sizes that affiliates can use and place in their websites to attract more potential buyers to purchase Host Department products from their websites. The step is really easy as they just need to copy and paste the banners’ html codes in their websites.

There are also text ads that contain influencing words about Host Department quality products. Using these text ads, affiliates will be able to advertise our products with the right and suitable marketing words. Affiliates can copy and paste the text ads linking codes to integrate in their websites.

Additionally, there are also email templates that affiliates can use to offer Host Department products to their friends, families, or relatives. We have provided the right templates for affiliates to use if they’d like to offer our products to people they know through emails.

With these features included, IdevAffiliate 6 will be the most powerful and helpful tracking software for affiliates to be able to achieve more sales and commissions. So what are you waiting for? With better tool provided and huge amount of commission offered, joining Host Department Affiliate Program will be a success for you.

~Gabrielle~