Web Hosting Blog

• 17Jun

  Step-By-Step Procedure of SSL Certificate Installation

  E-Commerce Hosting, Internet Security, Web Hosting, cPanel Hosting No Comments

  First of all one must understand if your website needs an SSL certificate installed. SSL is an abbreviation of Secure Socket Layer. It is used for transfer of data through a secure channel i.e. between computers and the servers in an encrypted format. A website that involves online transactions, or share sensitive data, then it is highly recommended to install an SSL certificate onto the domain. A web hosting provider does offer SSL certificates or one can even purchase an SSL directly from the manufacturers. One thing to be highlighted is that, SSL is a third party offering, so the web hosting provider has nothing to do with it. They would just get the SSL installed as a part of customer service. Inorder to have an SSL certificate installed onto the domain, you require a dedicated IP. Depending on the web hosting service provider, they would offer it for free alongwith the SSL certificate.

  Prior to the installation of the SSL certificate, you are required to generate the key for SSL certificate and a CSR. If you haven’t done so, below are the steps for the same.

  Procedure to Generate Private Key for SSL Certificate

  You are required to have a Dedicated IP, inorder to generate a Key for SSL certificate. You cannot proceed further without the IP address known. Once you have it, below is the procedure to generate the key:

  1. Log into your control panel

  2. Click the SSL MANAGER Icon (or “SSL/TLS Manager”)

  3. Click the Private Key icon (or “Generate, view, upload or delete your private keys”) Scroll down to Generate a New Key and select the domain you wish to use with the SSL certificate.

  4. Make sure you enter “www” in the box preceding the domain name if you want the certificate to be on www.domainname.com, as a domain without www. is considered as a different domain altogether, and you would face errors.

  5. If you want the SSL Certificate to be on a subdomain, you are required to create it in cpanel, then enter the subdomain when generating the key.

  6. Once the selection of the domain you wish to use is done, click on “Generate” this would generate the public key file.

  7. You are required to save this information for future use. Though you can retrieve the Key file from the server whenever required, but in case somehow due to an unexpected error the information on the server is lost or the key file is lost, you may need to purchase a new SSL Certificate. Hence, to be on the safer side, it is advisable to save the information.

  The next stage is to generate the CSR. Below is the procedure for the same.

  Procedure to Generate CSR

  CSR is an abbreviation of Certificate Signing Request. Here again, a dedicated IP and the Key file is required.

  1. Click “SSL Manager” (or “SSL/TLS Manager”) to generate the CSR

  2. Click on Certificate Signing Requests (CSR) (or “Generate, view, or delete SSL certificate signing requests”)

  3. For the HOST, choose the domain name that you’ve generated the KEY for. Make sure that you select the www version if you wish to install the certificate using www.

  Note that, if you have made a key for www.domainname.com, you will need to include the www too. Its essential to enter the same domain name that was used for generation of the key file.

  Incase you are unable to select www.domainname.com from the list, it might be possible that you probably did not add (www) to the key you generated. If you need www in the certificate and can’t select your www.domain.com from the list, you are required to repeat the procedure of key generation, make sure you include www.

  4. Having done so, you are required to complete with filling the information in the form.

  5. Click on Generate

  Here again you must save this information.

  Once you have your SSL certificate, get your generated Key, CA bundle & CRT files, follow the below steps to Install the SSL Certificate.

  1. You must be logged in to your control panel of your domain.

  2. Click SSL Installer OR
  Click on SSL/TLS Manager icon (it various with the version of the control panel), then click Setup a SSL Certificate.

  3. Choose the domain name from the drop down menu at the top

  It is required to uninstall any previous certificate by clicking the Delete Host button for installing a new certificate.

  4. Now, you need to paste the CRT file provided to you by the company from whom you’ve purchased the SSL Certificate.

  5. The KEY file must have automatically appeared, incase its not, then click FETCH to import it. If it still does not appear, you should paste a copy of your KEY.

  6. The Certificate Authority (CA) file is the last step. Some SSL Companies provide this. You will need to paste the contents of the CA file now

  7. Now click the “Do It” button (or “Install Certificate”) and wait.

  This ends the process of your SSL Certificate on your desired domain.

  The web hosting provider can help you in the installation of the SSL certificate.

  For further information, you can check Steps to enable SSL for all customers Interacting with your Web site in Internet Information Services

  Tags: eCommerce, Internet Security, secure web hosting, SSL certificate, Web Hosting

• 13Nov

  Steps To Add an E-mail Filter (Blocking Spam).

  Customer Service, General, Internet Security, Micfo Web Hosting No Comments

  Internet users can block unwanted Spam mails using simple steps.

  Follow the below procedure to activate the E-mail filter.

  1. Select the E-mail filtering link in the mail area.
  2. Click on Add Filter
  3. From the drop down list select the header field. They are the different fields in any e-mail message’s.
  4. From the second drop down list select the required filter. The action will take effect on the text entered in the third field.

  • Equals- Match the text exactly
  • Matches regex- It matches the text based on regular expression rules. These expressions are powerful but complex.
  • Contains- It matches certain text in any circumstance. Example- porn would block pornography and porn.
  • Begins with- It matches the specified text in the beginning of the word.

  5. Now enter the filter text in the third field. Be careful as the text is case sensitive.

  6.  Now one needs to enter the destination for the filtered e-mail address in the Destination field. The destination fields are of three types :

  • Destroy the E-mail : In the field enter Discard.
  • Redirect To another address : Enter the email address where the spam needs to be directed.
  • Redirect to a script : Enter the complete script path on the machine that hosts the website.

  7. Click Activate tab.

  For any further assistance please feel free to mail us on support@micfo.com

  Tags: E-mail filter, Internet, spam, Spam Filter

• 03Nov

  New French Law against PIRACY of sharing of music, movies and online games.

  General, Internet Security, News & current Release No Comments

  French law almost to be decided for cancellation of internet connections of relentless pirates of music, movies and online games.

  

  

  The users who get caught for illegally sharing of any digital media will get warning e-mails before the disconnection of internet service.

  The new law is pending with the French National Assembly for the final approval. The new law has been liked by the French Senate. This law is introduced to tackle the increasing piracy of digital media over the internet.

  The law has been hovering since November 2007. The French expects a much more civilized internet usage in future.

  

  The plan includes appointment of net firms as watchdogs who would constantly monitor the consumers and if found guilty will be reported to the respective authority. The users would get two warnings and if yet found sharing copyrighted digital media then the internet connection will be cancelled. The French Senate also plans to encourage companies to install firewalls which would block content sharing by employees within the organization.

  Tags: Data Sharing, Digital Media, firewall, French National Assembly, Internet, movies, music, Net Firms, Online Games, Piracy

• 01Nov

  Computers Across the Globe Infected by a Trojan Virus.

  Computer, General, Internet Security, News & current Release, Server Security No Comments

  The virus is reported to steal online bank account details of almost 500,000 consumers. The virus has also affected credit card and debit card holders. This Trojan is expected to be the most advanced crimeware ever designed till date.

  

  The Trojan has been discovered by RSA. RSA expects that computers across the planet have been infected by this Trojan virus except for approximately 2000 domains have been left safe, as declared by RSA’s security division.

  RSA described that the Sinowal Trojan is one of the biggest threats for computers connected to the internet. The Trojan uses a very common infection method known as “drive-by-downloads”. The users cannot realise that their computer is getting infected as the process takes place at the backend of the computer processing. According to RSA authority, the Trojan has been operational since two and a half years and has been quietly collecting information. The group that has given birth to such a disastrous Trojan has been releasing variants of the virus periodically to keep it going.

  RSA said that they have been tracking this Trojan since 2006. But have not been able to determine the generators of the virus.

  Since April 2007 there have been a sudden attack explosion by various viruses over the internet, and many of the web pages have been infected.

  Inorder to counteract on this issue, some simple steps can be followed for protecting the information inspite of using security softwares. RSA has adviced users to “Think before you CLICK any web link”. A lot of web traffic means more money and which can prove to be a boon for the criminals. Users should also analyze if their bank showed a rise in any kind of online forms of authentication or have asked to provide different account details or any social security number in the recent past.

  Though not clicking on any web link might not keep the users 100% secure, but this can definitely reduce the chances of attacks.

  Various law enforcement agencies have been alerted for the same reasons.

  Tags: bank account, credit card, crimeware, debit card, Internet, Online, RSA security division, security software, Sinowal Trojan, Trojan, virus

• 24Oct

  Windows released an out-of-cycle patch on an URGENT basis.

  Computer, Exchange Server, General, Internet Security, News & current Release, Server Security No Comments

  Protect your computer system by applying the patch, released by Windows.

  

  Microsoft has found evidence of a RPC (Remote Procedure Call) attack which can infect almost all versions of Windows machines across the Net. The bug is able to pass through the Firewalls installed on your machine.
  Windows Server 2003, 2000, and XP (Service Pack 2 or 3 installed) are more vulnerable.

  

  Below are the links to the patches for different versions of Windows :

  1. Windows Server 2008 64-bit.
  2. Windows Server 2008 32-bit
  3. Windows Vista 64- bit edition
  4. Windows Vista
  5. Windows Server 64-bit edition
  6. Windows Server 2003 (With service pack 1&2)
  7. Windows XP 64- bit
  8. Windows XP (With service pack 2 or 3) 
  9. Windows 2000 (With Service Pack 4)

  These patches have been released by Windows.

  Tags: firewall, RPC, windows, Windows Protection, Windows Server, Windows Server 2000, Windows Server 2003, Windows Vista, Windows XP

• 17Oct

  Web Service Technology.

  Internet Security No Comments

  Today web services has become one of the major business tools to directly or indirectly communicate with the clients on with each other. Unlike the Web Server which operates on client/server architecture, web services operates through a programmatic interface across the network.

  

  Web services are designed using different technologies. They operate in a with combination with emerging standards to ensure security and manageability. Web services uses integrated Web based applications using XML, SOAP, WSDL and UDDI open standards over an Internet protocol backbone.

  • UDDI : (Universal Description Discovery and Integration) It provides a standardized method for publishing and discovering information about Web services

  • XML : (Extensible Markup Language) It is a human reliable way of describing structured data.

  • SOAP : (Simple Object Access Protocol) It is a XML based messaging protocol which is used to encode information in Web service request and respond to messages prior to sending them on the network. SOAP messages do not depend on any operating system or protocol. Messages can be transported using various Internet protocols and SMTP, MIME, and HTTP.
  • WSDL : (Web Services Description Language) It is a XML formatted language which describes Web service’s capabilities of communication end points capable of exchanging messages.

  Web Security

  Security is one of the prime factors for Web service’s in today’s web world with newer emerging online threats day by day. The most common security scheme now a days is SSL – Secure Sockets Layer, but this too has certain limitations with Web services.

  

  Web services technology is searching different options in XML based security schemes, as listed below.

  • XML digital signature : XML signatures provide integrity, message authentication and/or signer authentication services for data of any type.

  • XML Encryption : The issue of data confidentiality using encryption techniques is taken care by W3C`s XML encryption specification.

  • XKMS (XML Key Management Specification)
    The XML Key Management Specification (XKMS) comprises two parts - XML Key Information Service Specification (X-KISS) and the XML Key Registration Service Specification (X-KRSS). The X-KISS is a protocol for Trust service that resolves public key information contained in XML-SIG elements. The X-KISS protocol allows a client of such service to allot part or all of the tasks required to process elements. The X-KRSS specification defines a protocol for a web service which accepts registration of public key information. After getting registered, the public key can be used in combination with other web services including X-KISS.

  • SAML (Secure Assertion Markup Language)

  SAML is a XML-based framework for communicating user authentication, entitlement and attribute information. SAML allows business entities to make assertions regarding the identity, attributes, and entitlements of a subject (an entity that is often a human user) to other entities, such as a partner company or another enterprise application. The OASIS Security Services Technical Committee is in charge of defining, enhancing, and maintaining the specifications that define SAML.

  • WS-Security (Web Services Security)

  Security Assertion Markup Language (SAML) from OASIS provides a means for partner applications to share user authentication and authorization information. This is essentially the single sign-on (SSO) feature being offered by all major vendors in their e-commerce products. In the absence of any standard protocol on sharing authentication information, vendors normally use cookies in HTTP communication to implement SSO. With the advent of SAML, this same data can be wrapped inside XML in a standard way, so that cookies are not needed and interoperable SSO can be achieved.

  Tags: SOAP, UDDI registry, web security, Web service, WSDL, XML

• 16Oct

  DHCP.

  Computer, Database Hosting, General, Internet Security No Comments

  DHCP Short for Dynamic Host Configuration Protocol, a protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network. In some systems, the device’s IP address can even change while it is still connected. DHCP also supports a mix of static and dynamic IP addresses.

  Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather than requiring an administrator to manage the task. This means that a new computer can be added to a network without the hassle of manually assigning it a unique IP address. Many ISPs use dynamic IP addressing for dial-up users. This protocol reduces administrators workload which allows addition of devices to the network little or zero manual intervention.

  

  DHCP is a way of managing network parameter assignment from a single DHCP server or may be a group of DHCP servers arranged in a fault tolerant style. Using DHCP any new machine can be added to the local network. DHCP can be used to assign addresses directly to the desktop machines or servers.

  

  Technical Summary

  DHCP uses two IANA assigned ports as BOOTP: 67/udp for the server side, and 68/udp for the client side.

  DHCP works in four phases :

  1. IP Discovery ,
  2. IP Lease Offer,
  3. IP Request and
  4. IP lease acknowledgement.

  After the client gets an IP address, he may start an address resolution (ARP) query for preventing IP conflicts caused due to address pool overlapping of DHCP servers.

  

  Security

  The basic DHCP does not have any feature of security hence is susceptible to two types of attacks.

  1. Unauthorized DHCP Servers : One cannot specify the required server. Any unauthorized server may react to the clients request and send client network configuration to the hacker.
  2. Unauthorized DHCP clients : An unauthorized client can gain access to the network configuration and IP address by camouflaging itself as a legitimate client.

  RFC3118 introduced authentication information into DHCP messages to overcome these threats. Doing this enables the clients and servers to reject information from invalid or unknown sources.

  Tags: DHCP, DHCP server, IP address, ISP

• 16Oct

  Flash Player vulnerable to “Clickjacking”.

  Computer, Internet Security, News & current Release, Web Browser No Comments

  Flash Player products are prone to clickjacking attacks due to a security defect as addressed by Adobe Systems.

  

  

  Flash Player 10 was re-introduced into the market on Wednesday which has a fix for the flaw which was reported by Adobe systems.

  

  Due to the susceptibility to clickjacking attacks, Adobe Flash Player 9.0.124.0 and the other previous products has security defect that needs to be fixed as Flash Products alongwith various browsers like Internet explorer, Firefox, Opera and Safari are prone to the attacks.

  

  The new update can also prevent clickjacking attacks on users web cameras and microphones. The update contains four more security fixes which has improvement against clipboard attacks and a fix for port- scanning attacks.

  What is Clickjacking?

  Clickjacking is an exploit in which malicious coding is hidden beneath apparently legitimate buttons or other clickable content on a website. In technical terms it is also known as user-interface (UI) redressing and IFRAME overlay. The host website or a particular web page may be a genuine site which has been hacked. The attacker fools the user to visit a site via online links or e-mails.

  Tags: Adobe, clickjacking, Firefox, Flash Player, Internet Explorer, Opera, safari, security

• 11Oct

  SSL Certification.

  Internet Security No Comments

  SSL is an abbreviation of Secure Sockets Layer. It is a protocol developed by Netscape. It is helpful for securely transmitting documents through internet.

  

  One can encrypt data between server and the clients with a SSL certificate. SSL certificate is useful on billing systems, contact forms and e-commerce systems.

  

  The domain name gets assigned with a dedicated IP address. A dedicated IP address is essential for SSL Certificate as the URL accesses by someone gets encrypted with the public key which gets loaded in the users browser then the data gets decrypted on the web server using one record for SSL Certificate. Apache cannot share one certificate for multiple URL`s unless the Certificate is a wildcard SSL Certificate designed to work on multiple sub-domains of a single unique domain. Single SSL certificate cannot work for different multiple domains. Nobody can decrypt your data or SSL secured data unless they have your private key.

  Tags: SSL

• 11Oct

  Ways To Avoid SPAM mails.

  Internet Security No Comments

  There are many ways to avoid unsolicited e-mails or spam mails. But some of the most effective ways are given below.

  

  

  Spam Bot

  The e-mail address that you create should not be predictable. An e-mail address such as weblovers@domain.com can be easily spammed and then you start receiving the spam mails. Another way to avoid spam mails is by not submitting your e-mail address online or publicly. Doing so spam bots can easily find your e-mail address and your e-mail address easily gets added to the spam list.

  You can use a contact form instead of publishing your e-mail address online.

  It is always recommended that you have two e-mail addresses. If you sign-up for a service that requires you to submit your e-mail address and if you are not very sure of their e-mail policy, you can give your second mail address which would keep your primary mail account spam free. Then at a later stage if you are assured of the company, you can anytime give them your primary mail address.

  

  You allow spammers to spam your account in case you have turned On the Catchall option in the control panel. Doing so spammers will spam your catchall account all soon it will be filled with multiple spam mails. Many mail servers verify sender addresses before accepting any e-mails. If you find that the catchall setting is enabled then don’t forget to reset it and make it “Send all catchall e-mails to :fail:”. Doing so will not allow spammers to use your domain name in the spamming scripts.

  Another important way to avoid spam is having a spam protection on the server. Having a SpamAssasin is very effective in identifying and removing spam e-mails, before it reaches you mail box.

  Tags: e-mail, spam, spammers

« Previous Entries