web hosting

Staggering Numbers on Website Vulnerabilities

According to a recent study by Scott + Scott, a law firm based in Connecticut, 85% of businesses in the U.S. have experienced some sort of data breach, a factor that places the personal information of millions of consumers at great risk.  To no surprise, most of the companies involved in the study were exploited over the web with the leading cause being insecure servers and applications.  These vulnerabilities are what result in the lost of bank account numbers, credit card details and Social Security numbers while putting billions of dollars in jeopardy. Although there are various security mechanisms available to limit these exploits, the typical components such as firewalls and intrusions detection systems simply aren’t enough.

Intruders are just as aware of the critical information that can be accessed through an application as the webmaster.  In many cases, their entrance and overall success is attributed to numerous factors.  Those conscious of the roaming threats typically monitor network perimeters with firewalls and intrusion detection systems.  However, these components actually encourage exploits as they are required to keep ports 80 and 443 open to support SSL and protect online transactions.  To an intruder, these ports are open doors that enable website attacks in a number of different ways.  Most network firewalls are configured to secure only the internal perimeter, leaving the company open to a wide range of attacks.  And while both intrusion prevention and detection systems are somewhat more effective, they don’t perform complete analysis of a packet’s contents.  Without an additional layer of security, a knowledgeable intruder can penetrate a web application with relative ease.

An organization dedicated to improving the security of web-based applications, the OWASP (Open Web Application Security Project) recently composed a list of 10 of the most common vulnerabilities in today’s applications.  The potential threats are associated with the following:

1. Cross site scripting

2. Server-side scripting errors

3. The execution of malicious code

4. Insecure direct object reference

5. Cross site request forgery

6. Improper error handling and data leakage

7. Penetration of authentication and session management

8. Vulnerable cryptographic storage

9. Insecure web communications

10. Failure to restrict write permissions and URL access

The WASC Web Application Security Consortium have validated the OWASP’s top five application vulnerabilities with the testing of 31,373 sites.  Additionally, the Gartner Group reports that 97% of more than 300 sites studied in a survey were found to be vulnerable to application attacks.  The same study also revealed that 75% of today’s web attacks occur at the application level.

The numbers indicate that most E-commerce sites are easy targets for an array of attacks.  While proper coding is the key to prevention, one of the best methods of defense against application exploits is a web application scanner.   This type of mechanism protects both applications and servers from intruders by crawling through the site and analyzing every piece of content.  Such products conduct various tests along with simulated application attacks throughout the scanning process.  If genuine security holes are detected, reports are made and detail the severity of each vulnerability.  Security experts recommend using a scanner that offers a technical, in depth explanation of each vulnerability detected along with appropriate suggestions for eradicating them.

Should You Outsource SEM?

Search engine marketing and search engine optimization both require a bit of skill and a lot of effort.  Although succeeding at these techniques begins with website design, an experienced developer isn’t always the best person for the job.  With the steep costs charged by SEM firms, several businesses have resorted to outsourcing these efforts to save money and get better results.

Skills Needed

In order to determine if SEM should be cultivated in-house or outsourced, one must first understand the skills required for such as task.  When it comes to effective marketing, these skills are generally divided in the following categories.

Linguistic Aptitude: For the most part, SEM is a linguistic strategy that calls for the matching of the language used by web surfers as well as the language on your website and how it is interpreted by the search engines.  Because some of the most skilled web designers often used highly technical terms, many of them are not able to clearly present content to the visitor.

Research: Accepting the fact that you don’t know something and taking the initiative to learn is a key to effective SEM.  Extensive research will enable you to find out what keywords your niche market is using, how a search engine handles JavaScript, how Flash can be incorporated into an SEO campaign and much more.  When combined with a good knowledge of marketing, sound research can help you find all the answers you need to the burning questions of SEM.

Technical Experience: The more experience one has with web technologies, the better they will be at SEM.  This comes in handy when working with campaigns such as AdWords and Overture as search engines have a different system for the links used in these programs.  Additionally, someone with an understanding of the web should have knowledge on what type of URLs and redirects are SEO-friendly.    

SEM Experience: Although it goes without saying, the more experience SEM expert has, the more qualified they are for the job.  Don’t be fooled by someone that simply has a site or two under their belts.  Get definitive proof on a person’s SEM background before investing into their claim.  This can be done by obtaining WebPosition reports and server stats for the sites they have worked on.

Conclusion

There is so much that needs to be considered in terms of in-house or outsourced SEM activities, especially when the campaign involves more than keywords and link popularity.  You need to think about costs, turn around time, the firm’s experience and much more.  One way to make this determination is to hire an experienced SEM vendor to provide some insight.  A reputable vendor should be able to evaluate your ROI potential in the investment of an SEM venture.  This will give you a few ideas on how to improve the design of your website and optimize search engine traffic conversions.  Because such a move can help you decide on what an SEM investment is worth, it also works wonders on the decision of whether to outsource the operation.

cPanel for VPS Hosting

VPS hosting has taken off over the last few years and with its popularity stems greater demands.  In this environment, the average management tools usually do not cut it, rather this only present a new level of complexity.  One critical area providers can’t afford to slack in is the control panel. And with more people moving up to VPS hosting, it is no surprise that the leading control panel software would step up to meet the challenge.

A new version of cPanel was released earlier this year, a product specifically designed for the VPS platform.  Aptly named as cPanel VPS Optimized, this version comes with numerous improvements, optimized to consume a minimal amount of memory when the program is idle and not in use.  The new control panel offers many of the features you will find on the standard cPanel but is finely tuned for VPS hosting.  This optimization allows web hosting companies and end-users to comfortably host multiple domains per server as more memory will be available.

There have been many tests to rate the performance of the new cPanel.  In one particular test, a virtual private server with 500 MB RAM showed that the standard cPanel installation left 248 MB RAM free, even when the program is idle and not being used.  This means that cPanel claimed more than half the memory on the server.  The VPS version showed that when idle, cPanel uses no more than 90 MB RAM and leaving around 495 RAM to be used by other programs and services.

The developers of cPanel were able to optimize the control panel and ensure lower memory consumption by reconfiguring the Apache component associated with it.  The Apache server application is what serves the web pages from the virtual private server to the people who wish to view them.  While Apache is known to be a memory hog, the VPS version of cPanel was tweaked to keep things running at the same speed without consuming too many resources.  By reducing the amount of memory cPanel and its neighboring programs utilize, VPS hosts are able to effectively allocate their servers and offer a more affordable hosting solution.

Aside from the performance tuneup, the new cPanel still provides a simple user interface with an array of great features.  With this program, you can handle various tasks that cannot be performed with standard versions.  From creating email accounts and password protecting your directories to uploading files and installing software, it can all be done without using the command line.  The VPS version supports a number of add-ons which allows you to customize the appearance, enhance functionality and incorporate custom applications.  Combining extensive system management and an intuitive GUI, the new cPanel offers the flexibility you need to succeed in VPS hosting.

cPanel VPS Optimized is currently only available in Edge, Current and Release versions.  This control panel is however, available through partners and distributors who offer cPanel VPS licenses with their web hosting packages.  Because the program is still in testing stage, experts recommend getting hands on with a demo version before using it on a live VPS hosting account.

Outsourcing for E-Commerce

As your online business achieves success and continues to grow, it may get to a point where you are no longer able to physically package and distribute your products.  When this occurs, it is time to consider outsourcing order fulfillment to another company.  Order fulfillment centers are abundant and all generally serve the same purpose.  However, these companies vary widely in terms of costs and methods of processing.  This is why you need to give careful consideration to the factors in this article.

Location and Shipping

Order fulfillment centers are located throughout the world.  To save yourself money on shipping costs, you should choose a location that is in close range to your customer bases opposed to something overseas.  If you are targeting a specific demographic such as the Las Vegas, it would be smarter to find a center somewhere in the west coast rather than New York.

Most order fulfillment services offer an array of shipping options. Be sure to do business with a company that enables the flexibility needed for the shipping options you plan to incorporate now, as well as any changes in the future.

Turn Around

One of the most critical aspects of outsourcing is turn around time.  You will find that each company has its own time line in regard to order processing.  Some will ship every order that is sent before a certain time on the same business day.  If that deadline is missed, the order is typically shipped out on the next day.  The most important thing here is to be aware of the structure and make sure your customers understand as well.  If orders are made after 4 pm, your customers might receive the order in two days even though they paid for next-day shipping.

Order Entry

Order entry is another factor that needs to be considered before outsourcing your E-commerce tasks.  Some of the most popular options include the following:

• Forwarding individual orders to the fulfillment center

• Manually inputting orders on a web-based system owned by the fulfillment center

• Sending a spreadsheet of all orders everyday via email

Each of these methods will have a different impact on your E-commerce business.  While you can save money by inputting orders over a web-based system, this can become hectic if your business has grown to a point where time is of the essence.  Emailing each individual order to the company might cost a little extra, but may be worth it to have orders shipped out in time.  Use of the spreadsheet is more cost and time efficient but also limits you to next day shipping.

Costs

You will find that fulfillment centers offer numerous payment scales.  Some require that you sign a contract while others will charge on a per order basis with no contract.  Keep in mind that you will be charged something for the storage of your inventory among other fees.  Make sure you have an understanding of these fees along with the terms in any contract.

Before deciding on a company to handle order fulfillment, schedule a few interviews and check out the warehouse that will be housing your products.  Make sure it is up to par and can support the growth of your E-commerce business.  With a reliable company to handle the packaging, inventory management and shipping, you focus on promoting the business and reaching new heights online.

Someone Registered My Domain – What Now?

Everybody is after domain names these days whether its for a website or just an email address to demonstrate credibility.  A domain name shows ownership, helping to prove that you are independent of any free web hosting or email service.  If you have a domain name in mind for your business, it would be a wise move to secure it before someone else does.

So what can you do if someone already registered the domain name you want?  You generally have two options: come up with another name or try to purchase the domain from the owner.  The results you get with the latter largely depends on why the domain name was registered.  Domain speculators, more commonly known as cyber squatters, often purchase domains for the sole purpose of selling them off to the highest bidder.  Believe it or not, some have made a lucrative business out of this practice.  Companies have paid hundreds to millions of dollars for hot domain names.  One example is Pizza.com which sold for $2.6 million this past April.

In some cases, domain names are purchased because a company or individual wants to establish a legitimate online business.  The cold hard facts are that if someone has registered your ideal domain name, you may have no other choice but to go with something else.  There are however, instances where a third option can be exercised.  United States courts have mandated that trademark holders are able to claim specific domains even if someone else registered the name first.  Assuming Toys R Us has their name trademarked for instance, if they run across a site using this for a domain name, they would be able to take legal action and seize control of it.  If you experience something similar, you may be able to claim your domain which will also depend on what type of name it is and how its is being used by current owner.

Because .com reigns supreme on the internet, there is a good chance that your preferred name may not be available with this extension.  In this instance, you might want to consider another top-level domain such as .org or .net.  While these extensions don’t have the familiarity of .com, they still make solid alternatives.  You also have other options as several alternative TLDs have been approved over the last few years.  If you have to choose another TLD, be sure to read the accompanying explanations so you know just who qualifies for what extension.

Another option you have for registering your domain is to use an extension that associates with your country.  Two of the most popular extensions are .de in Germany and .ca in Canada.  The country of Montserrat sells its .ms domain for around $50 per year while domains in the United States can be registered with the .us extension at no cost.  These domains are more likely to be available yet are not well known.  Furthermore, domains with a us. extension are also required to include city and state extensions such as mycompany.detroit.michigan.us.  If you are looking for a catchy name that is easy to remember, this obviously wouldn’t be the way to go.

To find out if your domain has already been purchased, visit whois.com or a major registrar and perform a search.  If its still available, don’t hesitate to secure it.