We’ve reached the top of Google’s search results for enterprise hosting (without cheating or advertising, mind you). This is pretty exciting, for me at least. Check out the image below for a screenshot, or see it for yourself here. I guess we’ve improved our Search Engine Optimization quite a bit, without doing all the “tricks” in the book.
Attention: Customers that use webmail for server-side hosted e-mail.
Due to a critical unknown vulnerability reported in Horde webmail by various web hosting companies, we will be DISABLING webmail completely. Effective immediately. Unfortunately, we don’t have any further information about this threat, but have been informed that hackers have been able to exploit Horde and gain root-level permissions (even in secure instances). We appologize for any inconvenience this may cause, and will update this post accordingly.
In the mean time, if you use e-mail services hosted on shared hosting servers, you will need to use IMAP or POP e-mail clients, webmail WILL NOT work at all.
Thanks for your understanding.
If you have any questions regarding this, please e-mail them to noc@sliqua.com.
UPDATE - 3/7/08 - After reporting this security hole to the InterWorx team, they looked into it further and provided a patch at 4 AM this morning. I would like to thank Paul from InterWorx for his hard work and dedication on this issue.
At this time, webmail has been re-enabled on all production web servers.
It’s been quite a while since we’ve posted anything. And because of that, I apologize. There has been a lot going on behind-the-scenes that will benefit every customer going forward. This post will discuss one of them, which is a new billing system. We will be posting more over the coming weeks in order to discuss two new services which are in beta, and are currently being tested by certain customers.
As many of you know, we have been a long time user of Ubersmith, which is a billing system designed for Web Hosts. Over the last year, they have released a single minor update. In addition, they have yet to address major issues such as PHP 4’s End of Life announcement. This put us into a pretty tough position, as both a customer and reseller, as we keep our customers’ credit card numbers on-file for processing and do not risk that trust with customers.
For this reason, and others, we have decided to switch billing systems. Our billing system of choice is Freshbooks.
We have been watching the development of the Freshbooks service over the last two years. They continue to innovate in every aspect of corporate billing, and offer services that make this process simple, for both merchants and customers.
Freshbooks has been analyzed and reviewed by The Usability Institute, CNET News, and Canadian Business. One recurring theme from every article that I’ve read about their service, is that it’s easy to use.
I’m very excited to start using Freshbooks as our billing system. Our goal is to make every aspect of your web hosting experience easy as pie, and this is one change that we hope will make your life a little easier!
Some annual pre-pay customers will notice invoices coming in the mail a few days prior to their due date. The invoices will be sent Business First Class, and include a pre-paid envelope if you choose to mail back a check. If you would like to pay online, a web address will be listed on the invoice, giving you instant access to pay your bill online. In addition, e-mails will be sent closer to the invoice due date, providing a single link to pay the invoice online.
As of today, our billing website has been moved to https://sliqua.billingarm.com. We ask that you update your records accordingly.
Our previous billing address, https://my.sliqua.com, will redirect to the new billing system as well.
All customer account information has been moved over to the new system. Please take a moment and attempt to login to the new billing system and verify that your contact information is still up-to-date.
If you have any questions about the change, please contact our support department by e-mailing support@sliqua.com.
I was recently interviewed on an episode of Mitch Keeler’s The Web Hosting Show. I’d like to take a moment to thank Mitch for having me on his show, and to urge you all to check out the episode if you haven’t already:
The Web Hosting Show - Episode 121
Download the Web Hosting Show, Episode 121!
Running Time: 5 minutes | File Size: 2.33 MB
This actually happened a few weeks ago, but we’ve been so unbelievably busy over here that we have neglected to put together a post until now. Most of our clients know this already, but a few weeks ago we completed our agreement with the InterWorx people, and we are proud to finally announce that we are a reseller. This should be no surprise to most of our clients, as we’ve used InterWorx as our preferred web control panel for years now, and have had absolutely no regrets.
We are proud to be among some of the biggest names in web hosting (voxel.net, steadfast networks, sago net, etc) as reseller-partners of the best control panel out there. It is just one more awesome product that we can add to the already impressive list of awesome products and services that we have chosen to partner with.
In other unrelated news, Alex McMillen (our President and CEO) was nominated for the 2007 Sysadmin of the Year award. We all congratulate him, while secretly trying to find out who the nimrod enlightened individual is that nominated him. Rob in Accounting has a $20.00 reward for any information pertaining to this anonymous nominee (no but seriously, congrats Alex).
Just a reminder to all business owners with IT folks on-staff.. Friday, July 27 is the 8th Annual Sysadmin Appreciation Day. Please do something nice for your companies’ system administrator as this is their one day to be appreciated.
If you can read this, thank your sysadmin
A sysadmin unpacked the server for this website from its box, installed an operating system, patched it for security, made sure the power and air conditioning was working in the server room, monitored it for stability, set up the software, and kept backups in case anything went wrong. All to serve this webpage.
A sysadmin installed the routers, laid the cables, configured the networks, set up the firewalls, and watched and guided the traffic for each hop of the network that runs over copper, fiber optic glass, and even the air itself to bring the Internet to your computer. All to make sure the webpage found its way from the server to your computer.
A sysadmin makes sure your network connection is safe, secure, open, and working. A sysadmin makes sure your computer is working in a healthy way on a healthy network. A sysadmin takes backups to guard against disaster both human and otherwise, holds the gates against security threats and crackers, and keeps the printers going no matter how many copies of the tax code someone from Accounting prints out.
A sysadmin worries about spam, viruses, spyware, but also power outages, fires and floods.
When the email server goes down at 2 AM on a Sunday, your sysadmin is paged, wakes up, and goes to work.
A sysadmin is a professional, who plans, worries, hacks, fixes, pushes, advocates, protects and creates good computer networks, to get you your data, to help you do work — to bring the potential of computing ever closer to reality.
So if you can read this, thank your sysadmin — and know she is only one of dozens or possibly hundreds whose work brings you the email from your aunt on the West Coast, the instant message from your son at college, the free phone call from the friend in Australia, and this webpage.
Mitch Keeler of The Web Hosting Show recently asked me to record the answer to a question for a listener. The question was about expanding a streaming video campaign. Listen to my response in the latest episode of the Web Hosting Show!
There is no doubt in my mind that a Web site does best when it listens to its users.
You have to learn how to roll with the punches and figure out which areas of your Web site are the best and the worst. If your a little confused, keep your pants on - because on this very podcast I am going to teach you how to put your ear to the ground and figure out what your visitors want. Episode 104 of the Web Hosting Show is now on the air.
Download the Web Hosting Show, Episode 104!
Running Time: 15 minutes | File Size: 6.99 MB
Here are just a few topics that we discussed on this week’s episode of the Web Hosting Show.
How to Get Visitor Feedback and Reviews
Get the Ping! Zine Magazine for Free!
Our Last in the Series of Hosting FAQs!
Learn to Change Content Due to Popularity!
Best Solution for Hosting a Video Server!
The mic is on, the headset is ready and I’ve had about ten cups of coffee. What does that mean? I am in full ready to podcast mode! From Tom Green to more of your hosting questions we have a lot of topics to cover on today’s hosting broadcast so why wait? Lets go ahead and get this geeky hosting party started.
Link of the Week: Sliqua Enterprise Hosting
We apologize for the delay on a new post, we had to fire the band of monkeys that write all our posts (something about a labor code violation). But that leaves the question, who am I?
The real reason for us not having new posts available is because we’ve been hard at work preparing for a luncheon on Security for our local Chamber of Commerce. On that note, we chose to write our article this week on an aspect of security that has gone mostly overlooked: Social Engineering.
What is it?
Social Engineering is a form of attack that takes on the human element of security, your employees, or you. The basic premise behind social engineering attacks is rather simple: pretend that you’re someone you aren’t; and lie, lie, lie. For instance, A hacker could call up a pizza place, say he was an unsatisfied customer, and want a replacement pizza. This type of attack hinges on two main points: the person answering the phone is dissatisfied enough with their job that they don’t care to look into the complaint, and it hinges on the ability for the person calling to obtain the trust of the person on the other end of the phone.
In a corporate setting, or even a small-to-medium sized business, the implications for this type of attack are huge. An attacker could easily call up your business, and they would get or try-to-get the lowest person in the company. Then, the attacker would need to establish trust with the person on the other end of the phone. The easiest way to do this, if you’re dealing with someone who knows little to nothing about technology, is to say you’re from the IT department/company or the companies ISP (note that you wouldn’t really need to say “I’m from XYZ company”, as the person on the other end of the phone probably doesn’t know who their ISP is anyway.
Once you’ve established trust with your “victim”, you can get them to do practically anything. The less they understand what they themselves are doing, the less likely they are to question your motives and the more likely they are to hand you the keys to the castle. It often takes less time and effort than people think, and it’s usually more successful than trying to break passwords or break through your firewall.
What can I do about it?
The first step toward protecting yourself against social engineering attacks is rather simple, yet no one seems to get it: don’t give information to someone who doesn’t need it. I’ll say it again: DON’T GIVE INFORMATION TO SOMEONE WHO DOESN’T NEED IT!. This could be your secretary, your children, your spouse, your mailroom guy, etc. None of them need to know your password, so don’t give it to them. None of them need administrative access on their computers, so don’t give it to them. The less information you give them, the less they have to give away. The CIA learned this a long time ago, time for you to learn it too.
Secondly, tell your employees, family members, etc. not to give out any network/computer-related information to anyone. It’s easier to make it that absolute than to try to define what is sensitive and what isn’t sensitive to someone who doesn’t know the difference between a mouse and a modem. Have a meeting and explain to them that social engineering attacks DO happen, and let them know that you can’t have any wiggle-room when it comes to security.
Finally, use common sense. If you get a call from someone claiming to be from your ISP and it’s from an “Unregistered” number, hang up, even if it looks legitimate, make them verify some details, such as their company name, your account number, and PIN, before you talk to them (the company name and account number are both printed on your bill, but the PIN won’t be). Asking a few questions before you trust someone will let you know whether they are for real or not, and if they are really are who they say they are, they will deal with the inconvenience.
That’s the security preach for this week, tune in next week to see if we got our monkeys back!
One of the most common complaints about an e-mail host isn’t the reliability of their systems (even Google’s mail service experiences downtime from time to time), but rather the amount of spam that ends up in users’ Inboxes.
With the development of new techniques to deceive mail filters such as SpamAssassin and DSPAM by Spammers, comes a very unique challenge to software developers, systems administrators, and end-users.
Over the past year, we have utilized the MailFoundry service to handle all inbound messages off-site, and a few months ago realized that it isn’t a truly scalable system. So this year, we went back to the drawing board and decided to continue offering MailFoundry service to our shared hosting customers free of charge, as the service is reliable enough for the average user. However, offer more reliable and scalable solution called Postini to businesses that require a mission-critical anti-spam and virus solution.
In this article we will cover the four anti-spam techniques that we currently utilize and their advantages/disadvantages. New hosting accounts at Sliqua are setup with DNS Blacklists, SpamAssassin, and MailFoundry. As an optional upgrade, we use DNS Blacklists, SpamAssassin (optional), and Postini Integrated Message Management.
DNS Blacklists - We currently only utilize a small number of DNS Blacklists because while they drop most spam attacks in real-time, they are known for causing a great number of False Positives. The DNS Blacklists we currently use are Spamhaus ZEN, SpamCop, and SurBL. These lists are known to be extremely accurate and well maintained.
SpamAssassin - This system is used by the majority of mail servers on the Internet. It processes mail on the same physical machine you receive your e-mail from. While it can be trained to be extremely accurate at detecting spam; in our opinion it simply doesn’t work that well unless you spend a lot of time keeping up with various spam techniques and come up with custom rule sets to handle incoming mail. While we utilize this system across the board, we only do so as a last resort in case there is any sort of problem with our MailFoundry service.
MailFoundry - This service is extremely accurate at detecting spam, however it is not a truly scalable solution. In addition, the only way for customers to check what is in their Quarantine is to wait for a daily digest e-mail. Based on the configuration of the appliance, it can hold messages from new senders for up to 30 minutes before delivering the messages to the designated Inbox. For most small businesses that don’t receive much e-mail, this solution is perfect as it provides the level of anti-spam service they require and doesn’t require much investment.
Postini Integrated Message Management - In addition to being a highly scalable and accurate, Postini analyzes over a billion e-mail messages a day, through its behavior analysis techniques, their system is able to detect new spam on its own in real-time. As a managed service, Postini handles all messages off-site from multiple Equinix Datacenter locations and delivers legitimate messages almost instantly. Most of the time, messages are processed as fast, if not faster than SpamAssassin running on the local machine.
While we have given you a little rundown of the different anti-spam techniques we currently utilize, there is are two ways that you can get involved in the spam war. If you receive spam in your inbox, and know how to view e-mail headers through your mail client, you can submit them to SpamCop for review. Spamcop will then send the logs you submitted to the Internet Service Providers (ISPs) and Hosting companies used by the spammers in order to deliver the spam messages to you. Spammers that do not remove your address from their lists are typically terminated by their ISPs.
Another way to assist is through Phishtank, a service offered by OpenDNS which analyzes the contents of Phishing e-mails. These types of messages are used to usernames/passwords for bank accounts, Social Security numbers, and other forms of personally identifiable information used for fraud.
As always, if you have any recommendations for topics to cover in the future or have questions/comments, feel free to e-mail blog-feedback@sliqua.com.
Unfortunately, there aren’t going to be any pretty pictures in this article- but this is because we’ve already explained the basic jist about what DNS is all about through the previous post, “OpenDNS is Awesome“. Assuming that you read that article, you *should* be able to keep up. If not, feel free to e-mail blog-feedback@sliqua.com or give us a call at 1-866-754-0856 and we’ll try to explain it to you. Without further delay… the post!
The last post was all about DNS and how speeding up DNS speeds up everything else. We mentioned OpenDNS, a company that offers a free service for users so that they don’t have to use their ISP’s often slow DNS servers. However, the visitors to websites aren’t the only people who use DNS servers. DNS servers also are used to hold records for a website, and answer when needed. Most web site owners use their host’s DNS servers as a part of their hosting deal, however this is less than ideal in many of the same respects as using your ISP’s DNS servers: they aren’t optimized, they are slower, and there are fewer servers to answer based on geographic location. This is why many people are looking into Managed DNS (and those that aren’t probably should). Basically, Managed DNS is a web of servers with the same information to resolve your domain to the ip address of your web server. This does three basic things that improve the quality of your DNS servers:
It adds redundancy. In many cases, the default DNS servers given to you by your host are on a single server, or maybe two servers on the same network. In the case of many smaller hosts, this could even mean your DNS is sharing a server with your website and email. If the server goes down, the network goes down, or there is some physical problem (perhaps the facility has a power outage, or fire), your DNS won’t be accessible. Without DNS, your entire domain won’t do anything, even if some servers are still up they will not be accessible because the translation from www.sliqua.com to the ip address won’t take place. Managed DNS services (good ones, at least) typically have multiple servers (5 or more per customer), each in different physical locations (dispersed across the country or around the world), and on different networks. This all means that it’s terribly unlikely that your DNS will ever totally go out, even if an absolute disaster strikes (this is, of course, barring major worldwide disasters of apocalyptic proportion; but at that point, you shouldn’t be worrying about your website anyway).
It speeds up response time. If you’re on the east cost, you have your website hosted on multiple servers across the globe, but your DNS servers are all in one place, that is going to slow down people accessing your server. If you have many different servers, all scattered at key points around the globe, then you will have universally fast response times, and the faster someone can load your site the better off you are.
Managed DNS is more resistant to hackers. I hate using the term hacker in that sense, but it gets through to people. One of the most common types of attacks against a website (or internet server in general) is to use what’s called a DDoS attack. This attempts to flood a server with bogus requests, so that it doesn’t have time (or bandwidth) to respond to legitimate requests, effectively taking the server offline. One of the common ways to do this is to flood a DNS server with requests for a domain name, so that it overpowers the server and makes it stop responding. If you have multiple servers, this makes this type of attack significantly harder to execute with success, as even if one server stops responding, the others will still be alive and kicking.
There are websites that simply do not need Managed DNS. Personal websites, project websites, etc, don’t really need to have the absolute fastest and ultra reliable DNS service that Managed DNS offers, but for businesses and e-commerce websites, it’s absolutely essential. We have all been looking around for something to buy and had the website we were trying to reach be down. I know you didn’t try particularly hard to contact that company either, just move on to someone else. Well, that company lost a sale, and they probably lost more than one sale. If you think you need Managed DNS, there are several providers. Sliqua does indeed offer a very high-caliber Managed DNS service, but there are others in all sorts of different price ranges. Many domain registrars will offer Managed DNS to their customers, as will many hosting companies. There are also standalone Managed DNS companies that specialize in Managed DNS. These tend to be more reliable, and the fastest, but also cost significantly more. Other companies worth mentioning are: DNS Made Easy, UltraDNS, and EasyDNS. Also, a quick google search for “Managed DNS” will turn up countless results. A good way to test their DNS services is to use a website that I absolutely love, called dnsstuff.com. This website has a whole bunch of tools that you can use to test DNS related things as well as general internet tools like IP lookup. The best tools to rate DNS servers is the DNS report tool and the DNS timing tool. The report will give you a detailed report about the DNS server, while the DNS timing tool will give you the time (in ms) that it took to receive a response from the DNS server. All you need to do for these tools is put in a domain name (Sliqua.com, to test the DNS servers we use) and hit go.
As a side note, thanks for all of the people who are subscribing to our blog, and we hope you’ll keep reading to learn how to make your internet experience awesome! We have an email address setup for blog feedback (in addition to comments) at blog-feedback@sliqua.com and we have a Facebook group for more personal interaction with the staff and supporters of this site. Thanks again, and I hope you’ll continue to support us.