Archive for the ‘Security’ category

Tips to Keep Your Digital Life Safe and Secured (Part 1)

October 2nd, 2013

It’s October, which is National Cyber Security Awareness Month (or NCSAM)! In honour of this month, we’ve written up a few tips for you to stay safe online.

Red Flags That You’ve Been Hacked

You see posts that you’ve never made on your social network page.

While you may wish that you lost 36 pounds in 2 weeks by using one secret ingredient, you don’t remember posting that information on your Facebook, Twitter, or any other social network page. If you see posts from your social network page that you’ve never made, especially ones that prompt your contacts to follow a link, you’ve been hacked!

Your friends mentions an email that you don’t remember sending.

If you’ve been unknowingly sending out spam to your email contacts, it’s never a good sign. Be quick to investigate your account security if a friend notifies you about an email that you’re unaware of being sent out.

So, How Can I Protect Myself?

As that old adage says, prevention is key!  Here are some ways to fortify yourself in the cyber world.

Use separate email accounts for separate purposes. 

The more you diversify, the less affected you’ll be if one account gets hacked.

Try using a disposable email.

For example, try out 10 Minute Mail. If you need an email to quickly retrieve a coupon code or sign up for a freebie, you can protect yourself from spam by using a temporary email address.

Don’t follow links in emails that ask you to sign into your account.

While you may get legit-looking emails from PayPal or eBay with links which tell you to log into your account, it’s best to avoid potential phishing. Go directly to the website and log in from there.

Beware of those sketchy-looking messages.

Trust your gut when it comes to suspicious looking emails. Be especially wary of links or attachments which come from contacts that you don’t speak to regularly, or if the message doesn’t look like something a contact would typically write. Remember that even if you know the sender, their account could have been hacked.

Use unique passwords for every site.

Once a hacker gets your account information on one site, they’ll be able to retrieve your login information for other accounts if you reused your password.

Delete services that are not in use.

The internet is full of exciting things, and chances are, you’ve tried a plethora of games, social networking accounts, and web apps. Once you’ve decided to stop using a service, it’s best to delete your account altogether. This way, if the service is hacked, you won’t have to worry about being impersonated or trying to remember your login information in order to quickly delete your account.

Regularly update your password.

Change your password at least once every three months. We’ll be coming out with a blog with tips on how to create strong passwords that you can actually remember, so remember to check back soon!

Protect your site the quick and easy way with Doteasy Auto Site Backup Service

June 20th, 2013

It takes numerous hours and effort to build a website. That’s why it is extremely important to safeguard your website files by performing backups on a regular basis.

For our cPanel web hosting clients, it is very easy to do backup. Simply log in to your cPanel and there is an option called “Backup Wizard”. Give it a click and you will have the option to either perform a partial backup or full backup.

Lack of time to do backups?

Doing a full site backup is pretty simple; however, everyone has a busy schedule and it often becomes a difficult task for us to remember to do this routine maintenance. May we suggest our Auto Site Backup Service. This automatic daily backup service features backup version control. With this feature, you can choose the version of the backup you want. Our service will even compare each backup and allow customers to download only the files that have changed, saving you valuable time. You also have the flexibility to restore entire MySQL databases or just individual tables. This option becomes handy if your databases gets corrupted or if you need to revert back to a pervious version. You can restore your website files with a simple click. This hassle-free backup system is only at $1.50/month. To learn more about our Auto Site Backup service, please visit our service page for full details.

Content Theft – What Can You Do?

May 3rd, 2013

In simple terms, content theft refers to the stealing or unauthorized usage of web content (both graphics and text) by another website. “Imitation is the sincerest form of flattery”? Certainly not in the case of content theft. Most content thieves steal content simply to fill space on their websites and attract traffic (think Google AdSense).

Content theft also damages your standings in search engines. Search engine consider duplicate content on multiple web sites spamming, which can result in a drop in placement on search listings or elimination from the search engine altogether.

To catch the thief

There are many tools available on the Internet that you can use to catch a content thief:

1. Google Alerts – Google Alerts are email reports of the latest relevant Google search results (including news, web, etc.) based on your choice of query or topic. You can setup an alert for your blog name or a unique phrase from your website.

2. Copyscape – Copyscape is a search engine to locate duplicated materials on the Internet. All you need to do is provide your URL and Copyscape will check whether text content found on the provided URL appears anywhere else on the Internet.

If you find a thief:

Once you have found a content thief, your next step is to preserve the evidence you have found. Often infringing sites are either altered or taken down once you attempt to contact the site owner, host or search engines, having a copy of the site for your records and to verify the infringing content will come in handy in case a dispute arises later.

As there are tools to help you catch the thief, there are tools to help you preserve evidence:

1. WebCite – WebCite is a service that archives web pages on demand and stores them in simple URL that you can easily access later without worrying whether the original web page is revised or removed.

2. Furl – Furl is a free social bookmarking website that allows members to store searchable copies of webpages and share them with others.

3. The Internet Archive – The Internet Archive preserve websites by taking regular “snapshots”.

Cease and Desist Letter:

Once you have caught the thief and preserved the evidence, your next step is to try and resolve the situation – contact the thief with a Cease and Desist Order.

A Cease and Desist Order is simply a “stop, or else face legal action” order. While a cease and desist letter can be sent by anyone, they are best written by lawyers.

Resources:

You can use Whois to find the site owner contact information.

Contact Host, Advertisers and Search Engine

A domain’s Whois data will also include the website’s nameserver, which you can use to look up the site’s web host.

You can send a copy of the Cease and Desist Letter to the site’s web host and advertisers. But to make a stronger case, you may also want to advise them of your attempts to resolve the situation with the site owner, including copies of the ignored Cease and Desist Letter. You may also wish to send a formal DMCA letter. The Digital Millennium Copyright Act requires hosts to remove infringing content once they have been properly notified.

DMCA Notice of Copyright Infringement – Sample Template

Contacting search engines:

Before you contact Google to report the infringing website, you have to make sure that it is indexed by Google. You can search a website if it is already indexed by visiting Google.com and type site:yourdomain.com. For example, if you want to see if Doteasy.com has been indexed, go to Google and type site:doteasy.com. If you see results, the website has been indexed.

Additional guidelines from Google:

10 ways to speed up WordPress load times

January 24th, 2013

The reason why you choose WordPress to build your website is because it is easy to use and you do not need any HTML background knowledge to create your website. So, when your website is done and completed, you work very hard to create more posts and content everyday. Your website traffic picks up and it starts to grow. To enhance your readers browsing experiences, you start using more WordPress plugins so that your website can have a few extra features (i.e. Social Media Share button, different language translators, etc). However, you start to realize that the more plugins and posts you make, the longer load time your website experiences. What should you do now?

Nobody likes slow websites. Nobody likes to wait around for websites to load every minute. Your (potential) readers will leave your website when it does not load for 10 seconds which means it is very important to optimize the load time of your WordPress website. Therefore, we have prepared a list with 10 easy tips to speed up your website.

1. Caching Plugin

Caching plugin helps your website improve its load speed because the plugin caches every aspect of your website. As a result, this will significantly reduce the download time. Among the different caching plugins available online, we recommend W3 Total Cache because it is very simple to use (and it’s FREE)!

2. Optimizing Image

Image file sizes are much larger than text files. If your website is image-oriented, it will take a much longer time to load your website. There is a free plugin called WP-Smushlt which can automatically help you reduce the file sizes of your website but does not reduce the quality of the image. Definitely check this out!

3. Another Image-related plugin: LazyLoad

This plugin will not only speed up your website load time but will also help your website lower the bandwidth by loading less data for your viewers who do not scroll down your website. For example, if your website is vertically long and requires readers to scroll down in order to view your entire page, with LazyLoad, the images on the lower side on your website will NOT load until your readers scroll down.

4. Optimizing databases

There are three plugins that we would like to recommend for optimizing your WordPress databases. The first one is WP-Optimize. This plugin, as the name suggests, optimizes your database by reducing the overhead of spams, drafts, tables, etc. Second, you can also consider installing WP-DBManger to help you schedule dates for database optimization.

Last, Revision Control is another great tool that can help you optimize your database. This plugin enables you to set the numbers of revisions you make for each post. WordPress, by default, stores all of your drafts indefinitely. By installing this powerful plugin, your database will be very lightweight compared to other websites without this plugin.

5. Removing unused plugins

The title says it all. If there are plugins that you do not use, simply delete them. Give it a try! Your site will load faster for sure!

6. Optimizing your home page

Your home page is the most important part that requires a quick load speed among all of your other pages because this is where your readers normally enter first. Here are a few tips to optimize your home page

  • – Show excerpts of your posts.
  • – Set fewer number of posts displayed on your home page (we recommend 5 posts)
  • – Set the Social Media Share plugins to only display on the actual post page instead of the home page.

Remember the key: less is MORE!!

7. Enabling hotlink protection

Hotlinking happens when external websites direct a link to the images on your websites making your server load increase. In cPanel, there is a function called “HotLink Protection”. Once you enable the protection, you can eliminate this form of “bandwidth theft”.

8. cPanel “Optimize Website” Feature

Another great feature of cPanel! There is a feature under “Software/Services” in cPanel which is called “Optimize Website”. By enabling this feature, cPanel tweaks the way Apache will handle requests and will compress content before sending it to the visitor’s browsers.

9. Making use of Google PageSpeed Insights

PageSpeed Insights, developed by Google, is a tool that analyzes the content of a web page and provides suggestions to make that page load faster. Check out their official page for full details.

10. Good web hosting service company

A good web host can provide not only stable uptime and connection but also professional solutions and support when needed. At Doteasy, our in-house Customer Support agents are resourceful web technicians and experts. We can provide speedy solutions for WordPress and other website builder programs. It’s our goal to keep our customers up-to-date with the latest web hosting trends through our blog, our Scripts Library, and our how-to video tutorials on the YouTube channel.

Lack of time to complete all these tips?

It takes a great amount of time to secure a website and maintain a quick load time. Therefore, we strongly recommend our customers to perform all of the above tips on your own. But, we understand that many of you do not have the time to do these tasks on your website. In this case, we can suggest to you our Managed Hosting plan which is an ideal solution for customers who need some extra help in maintaining their websites. Our Managed Hosting plan includes automated website backup as well as import, export, and optimization of your MySQL databases. To learn more, check out our Managed Hosting service feature page.

Suspicious Domain Renewal from an Unknown Firm

January 8th, 2013

We’re recently received a domain renewal notice for a domain registered with us. This suspicious renewal notice offers recipient 1-year domain renewal for $75 and “Lifetime” domain renewal for $499. The letter is wary due to the fact that the total of the maximum number of years for domain renewal is 10. Here is a snapshot of the letter:

It is our goal to help you prevent your domain name registration from being moved to another company by deception or misinformation. If you receive mail that appears to be an invoice, which is in fact a solicitation for business, you may be the target of a fraudulent or false invoicing scheme.

Which companies are making these solicitations?

There are a number of domain registration companies looking to grow their businesses by stealing business from other companies. While we welcome fair competition in the marketplace, some companies believe the best way to win business is to solicit existing domain name registrants from other companies. Wherever possible, these companies will target registrants and trick them into moving their domain registration business. Some companies recently reported to have been involved in this type of activity are:

Domain Registry of Canada (DROC)
Domain Registry of America (DROA)

Example of false invoices: https://member.doteasy.com/news/infopages/falseinvoice/

What should I do to avoid being tricked by the false invoices?

The best way to combat this is to simply contact us in regards to your domain renewal. Also, you may consider choosing Private Registration and Domain Locking when signing up a domain with us. With Doteasy’s Private Registration, we will replace your domain WHOIS record contact information with alternative contact information that we use specifically for this service. Private Registration can greatly reduce your chances of receiving spam mail and emails. As for Domain Locking, you have total control over the safety of your domain name. You can choose to lock your domain name to prevent unauthorized or accidental transfers, or you can unlock your domain name when you need to move it to another registrar. These two safety features can prevent your website from malicious domain transfers. For more info, please read these pages in regards to Doteasy’s Private Registration and Domain Locking.