Pages

Wednesday, June 16, 2010

Online Backup Services

iOmega iStorage offers a 100% secure online data and photo storage. Automatic backup of your files and photos.

Mozy is a simple and safe way to back up your data on your computer. A copy of your data is stored in a secure, remote location for safekeeping.

MediaMaster - unlimited storage of your music collection.

Online File Folder -by GoDaddy.com gives you secure access to your files from any computer with an Internet connection. Whether you’re at home, in the office or on the road, Online File Folder is your easy and affordable file management solution. $5.99 a year for 50MB.

Steekr.com - Online backup of digital media, free up to 1GB, subscriptions for more. Stream your stored music for listening anywhere, share files with friends.

Omnidrive.com - backup anywhere from 1GB for free, use as backup you can access from anywhere, or use as a file host to use on other sites.

CrashPlan.com automatically notes changes to backup and then does so once per day. It gives you freedom in choosing your backup destinations. Back up your new Mac to your old PC, your laptop to a friend’s desktop, whichever you want.

Carbonite.com - automatic backup your entire hard drive . Installation is a snap. It works quietly and continuously in the background protecting your data. $49.95 per year for unlimited backup after your free trial.

IBackup - Anywhere from 5GB to 300GB of storage. Backup MS SQL Server databases to your IBackup account without interrupting the running MS SQL Server services.

Ironmountain.com provides professional backup solutions to small business as well as to government agencies.

Yuntaa.com is currently offering free registration for everyone. A free account comes with 1GB of storage will remain free even after it moves into production mode. Paid Accounts and Free Accounts both have complete access to the following features: Hard disk synchronisation, backup/restore functions, file sharing, photo, video and audio sharing, unlimited blogs, and more.

gDisk - is a software that turns your GMail account into a portable hard drive so you can always have your important files accessible accross the Internet.

MyOtherDrive.com - Store up to 5GB of files, use as backup or share.

Mp3Tunes.com - unlimited free storage of your music collection, streaming play of the songs from anywhere.

Orbitfiles.com - 6GB of storage for your files, automated backup, ability to share with family and friends.

ElephantDrive.com offers 1GB of free storage, automated backups.

Titanize.com - Online backup that allows you to snyc with other devices and share links to your files.

Egnyte.com - Backup your files, store them securely, export them back to your computer in a crash.

Datapreserve.com - Automated off-site remote backups.

Allmydata.com - unlimited storage and automated backup for $4.99 a month.

Angelbackup.com - $1.95 for 2GB of automated backup.

File123.com - 1GB of space for free, up to 10GB of backup for as low as $4.95 a month.

SOSOnlineBackup.com - Automated backup of your essential files.

Trueshare.com - Secure off-site data backup, packages as small as 3GB up to 1TB.

Sunday, June 13, 2010

5 best DNS Tools

DomainTools provides all the tools you need when it comes to choosing domain names and their registration. It provides detailed uptime reports on providers, whois history database, and more.

DynDNS - provides domain name system services with the highest levels of redundancy, service, and support in the industry.

DnsStuff empowers users with excellent tools and expertise to test, resolve and configure their DNS and Network. It includes DNS lookups, WHOIS/IPWHOIS, DNS hosting tests, IPv6, IP-to-country, and spam database lookups.

EveryDNS - provides free DNS and backup MX services. This includes Static DNS, Dynamic DNS and URL Redirection.

OpenDNS - offers static DNS services as well as other advanced services such as Secondary service, Dynamic DNS resolution, AXFR service. Of course, their primary service is free DNS. OpenDNS provides you with the tools to see what’s happening on your network.

How to protect your WordPress blog from web injection?

I have been thinking to write this post for long time, although, couldn’t get time to write details about this major security issue. From my experience, I have seen a big percentage of users are using WordPress and a certain percentage always face some sort of Web Injections (Iframe for example) with any shared hosting provider. This post would go into deep to study why these web injections are occurring and how can you protect your wordpress blog from these sort of issues.

Lets see why these web injections occur. There are couple of factors when someone can inject something in your blog pages. Two most common factors are javascript bugs and the bad permission bits. I have seen some people advise when someone complaints about the iframe injections, were done with hacked ftp password. I would probably say, if the person had the ftp password, why would he simply inject something instead of replacing? But, yes, it is not the same case all the time, but most of the time, those two factors play the vital role on web injections.

Now, one can say, he hasn’t done any change on the permission bit, he simply uploaded the theme and started using it. Eventually, that is what you are doing wrong. WordPress itself is a very secure system. People are not going to be able to inject codes using wordpress vulnerability. Rather, they are injecting codes/iframes using the vulnerability in your 3rd party theme or plugins. Most of the time, I have seen users nominating and selecting themes and plugins from publishers who are pretty amateur or have no well known presence on internet. These amateur developers are eventually leaving javascript bugs for you in their themes and plugins. Later on when you upload the files and allow the owner to write the files, those bugs get incorporated with the writing permission of suphp and injects craps. If the script which contains the bug is forced to use no write permission, then probably you are going to protect your wordpress blog from web injection along with those javascript bugs. I have always been suggesting users who are complaining this is a server issue, to make sure their scripts are not granted with write permission until it is essential for his script. You have to understand, if this is a server issue, then all the users pages in the server should be injected, it shouldn’t be just yours. Mellowhost maintains latest mod_security rules from gotroot (http://www.gotroot.com) although, new injections are developing every day, and simple mod_security can not really protect every sort of injections.

How can you protect your wordpress blog? Couple of things, one, try to make sure, scripts which don’t need write permission (Like configuration file/includes files) set with read & execute permit (555) only. You can do this using file manager or ftp with the “Change Permission” or “Chmod” option. If you see one your wordpress blog is injected, then you would probably want to change your theme first to see if it gets injected again. If it does, then the issue should relate to some plugin which you have to verify one by one.

This seems a pretty clumsy process to verify and work with the above options. There are couple of more investigations and solutions you can apply. There is a “Raw Access Log” option in your cpanel. You can check your last 24 hours access logs of your site if you download that file. But this would only work if you are certain that the injection was does within last 24 hours and aware of how the requests are being handled by your wordpress. But the last part can be concluded assuming you are at least able to understand the unusual requests to your blog (for example running javascript commands through the url).

Alternatives? Yes, there are 4 pretty important wordpress security plugins you would probably want to use. Here are they:

1. WordPress Firewall Plugin: http://wordpress.org/extend/plugins/wordpress-firewall/

2. WordPress Antivirus Plugin: http://wordpress.org/extend/plugins/antivirus/

3. Secure WordPress Plugin: http://wordpress.org/extend/plugins/secure-wordpress/

4. Wp-Malwatch Plugin: http://wordpress.org/extend/plugins/wp-malwatch/

All of them are perfectly working and the easiest way for a shared hosting user to detect and protect their wordpress blog from web injections automatically. What they do, is protecting your files from being written or watching how they are being edited. They are doing the very similar thing I suggested above but in realtime. I would probably recommend the wordpress firewall plugin, as you can configure it to load first out of your all other plugin and help you to test if one of your plugin is vulnerable.

Now, my readers will definitely ask, why didn’t I just let them know about those plugins which would help their blogs from web injection in the easiest and fastest way, I would probably say, it was my intention to let you understand how this is happening and what are the basic steps you can perform to prevent this. Merely using the plugin may not solve the issue, rare but not impossible :)

Just a quick reminder, we at CentrioHost maintains the best protective security for your blog. But everything has a limitation. These sort of injections are a part of limitations. It is pretty hard to understand developer’s mind and apply a patch to protect his fault at the server level. This is why, it is advised to to take precautionary measures all within your range. You should have no worries about the server as long as you are hosted with CentrioHost :)

Happy reading.

Thursday, June 10, 2010

How to Choose a Domain Name


A good domain name can guarantee success of your website while a domain chosen poorly can be a hurdle in the way of your website success.

Domain name content

Choosing a domain name means a name which should be unique but one who remains in the user’s memory for success. It should be thus, easy to remember. If you are up to some business site then be informed that domain name must have the business name in it.

Domain name variation

If you want to keep other people from capitalizing over your success, then you require registering with different extensions of your domain name. Check your domain name from miss-spellings, if it has some then register them and then point them to your web site. If your website is meant to be a mode of advertisement then generic domains can be very helpful.

Things to avoid in Domain Name

Here are few of the things which should be avoided with the domain name, as they can be confusing in a way or more. Let’s take a close look.
Numbers are quite confusing so in case you are using them you must register them with both types i.e. numeral and word. While you put 1 or 0 with your domain name you need special care to go with. 1 can look like letter “I” while 0 can be taken as “O”.
Pick a general name for your domain. Try avoiding hyphens in the domain name as far as possible; using them is not a good idea at all. Don’t pick a name which can be confused for “plural” or “singular”. If you have picked one then register with both singular and plural form.
Avoid picking a domain name which consists of double consonants.

What should be the length of the domain name?

Be informed that shortest names are registered already. But you need to consider the length of the domain name as it is most important a factor which can result in success or failure.
Keep these points in your mind then:
- Shorter domain name is easy to remember and also typing. This can be easy also as the chances for the errors are far low.
- Longer can also be beneficial as phrases are quite easy to be remembered.
- Don’t use more than three or four words in your domain name.

Do’s and don’ts for domain name selection

Here are few of the things which are listed for the “do’s and don’ts for selecting your domain name”. Try practicing them while you select your domain name.
- Don’t get your domain name registered from your Web Host, even if they offer you free service for the name registration.
- Keep renewing your domain names, before they are expired.
- Before signing up for some domain name, research and also read the registrar’s ToS.
- Don’t chargeback with domains in your account.
- Always use the registrar’s ticketing system for feedback, avoid emailing for this purpose.

Monday, June 7, 2010

Confusing server load average explained!

Server load average is a pretty big word in web hosting industry. Customers trust servers with least CPU load. Moreover, I have seen they feel very secure when they are on a server averaging a cpu load lesser than 1. I am very familiar with a question on live chat desk from the new customers saying, what is your average cpu load. Now let me go into deeper in this discussion and see if I can find something new for you.

There are many metrics, modern operating system provides to measure current system performance. CPU load average is one of such metrics. It is stored under the proc file system and readable from user space.

Now, lets come to what does this metric mean. I have found couple of articles explaining the definitions and they seem pretty good enough.

“Server load – just a number?


Well, yes, basically the server load is a number. This number is usually under the x.xx format and can have values starting from 0.00. It expresses how may processes are waiting in the queue to access the processor(s). Of course, this is calculated for a certain period of time and of course, the smaller the number, the better. A high number is often associated with a decrease in the performance of the server.”

So, it clearly states CPU load is going to let you know the amount of processes your server processor going to execute Or is it? Let me tell you something, it is a very wrong definition of CPU load. Let me show you something from the manual of “uptime” unix command:

“uptime gives a one line display of the following information. The current time, how long the system has been run- ning, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes.”

That means, the average you see, is not showing you the waiting processes, but the processes waited for past 1, 5 and 15 minutes.  (Solaris includes some runtime processes, but can not at all predict processes waiting for next 1 minute queue) So, if the cpu load is 4 and you have 4 cpus, does that mean 4 processes were waiting for cpu access in last 60 seconds? Does that seem pretty a lot for current RAID controlled hard drives and 4/8GB RAM servers? Just to note, linux kernel treats threads as a process. It is possible to improve the performance a lot using threads, this is why, most of the people are utilizing thread based models these days. So, the waiting 4 processes could be 4 threads as well when linux is concerned. And in some cases, threads can be served faster than processes.

We are done with the definition, now lets get into more deeper analysis of CPU load and CPU performance. I have seen people stating your CPU is using 100% or 200% CPU after seeing the past load average crossing the number of cpus. That is a completely wrong idea to measure the performance of CPU. You can never make 200% of your CPU. If that was possible, then, I highly doubt you could ever see any multi proc/core cpu. This metric is even not at all made to measure the performance of CPU. CPU performance depends on the time it remains idle. More idle CPU time means more stable CPU. Now, the question may come, how can I measure the idle cpu time. A system admin can do this using the “sysstat” software. Most of the linux distribution have it built in. You can also check the idle CPU using the top system command or sar. Now, how the system counts idle cpu time? It excludes the time it spent for user, system softwares or services and IO wait to count the idle CPU. Does the idle cpu time have any impact on Server Load? It may or may not. But you never know. One thing, I can assure you, more your Server load fluctuates means your idle CPU is getting more exhausted. So, you may measure the fluctuation of the CPU load to understand how your system is performing. So, let me tell you something what I believe on server/cpu load, more stable your server/cpu load, means more stable server you are on. You should find your sites loading pretty fast, and if not, its time to contact the hosting support. I have seen many good hosting companies would share the mpstat/sar output with their clients to make them feel free showing the right cpu usage for around 30 minutes or so.

Most of the system admins these days, tweak the server in a way to make sure it keeps more idle CPU time. I have seen CPU load of 10 on a 4 CPU systems with 60% idle cpu running a backup/log process with less priority. Less priority is causing lesser time slice for the backup/log process resulting more waiting CPU for the system, simple math. When the idle cpu time goes to 0-5% frequently, server becomes clumsy. It is not really a right idea to judge the cpu usage from server/cpu load average of linux system. Most importantly, misjudging this metric in determining CPU usage like 200% is what I don’t feel right!

Happy reading, and never feel guilty to ask explanation from your host, you put your most important data on their hard drives, so trust them!
 

Blogger news

Blogroll

About