web hosting

Use Captcha To Keep Spammers At Bay

One of the first and most annoying things that can happen to a new web site owner is being blasted with spam.  There is a dilemma presented when wanting to have potential customers or clients contact you or your company.  Either your email has to be publicly posted or you will need to enable a form to allow quick and easy contact.  When you do implement either choice, spammers will come and they will do as much damage as is possible.

Email link – bad idea

The first thing that should be done is to toss out the idea of publicly placing your email address in any form that can be clicked as a link.  Using a linked email address publicly is an open invitation to spammers.  Nothing can be more unpleasant than having to start off your business day wading through hundreds upon hundreds of spam content in your email in-box.  If you must use this route, simply place your email in text only – this will make it harder for a potential spammer as they will have to physically copy and paste your address into any email.  Inconvenience is the bane of the spammer.

Contact form – can be attacked

If you’ve decided to place a contact form anywhere within your web site, you’ll want to enable some type of security to ensure that an actual human is utilizing the form.  This sounds simple enough because, after all, the purpose of the form is to gather human information.  However, most email forms have a standard “name”, “email”,  “subject”, “content” style to them that is easily recognized and exploited by spammers.  Using this standard information, spammers use automated systems to attack a contact form – computer to computer.  What can stump them is requiring something that only a human can input or answer and that isn’t part of the standard email form.  This is where Captcha comes in.

Contact form with Captcha – better idea

Captcha is a type of test that is used to ensure human interaction.  The premise behind Captcha is that computers should not be able to solve something that requires human input.  The very early implementations of Captcha were simple generations of a word or series of letters with some small amount of warping.  However, spammers quickly adjusted to this warping and this initial Captcha implementation had to be abandoned.  Modern Captcha uses two to three regular words that are segmented and have lines through the words making it much more difficult to automatically guess via a computer system.

This all culminates into a small bit of either PHP or Javascript that is placed within your form before the submit button coding.  After filling out the rest of the form, a user must then enter the correct words generated within the Captcha coding.  You can set the form to lock out a user after a certain number of errors thus staving off the possible attack of spammers for yet another day.

Conclusion

Of course, the simplest way to avoid spammers at all is by not allowing any sort of email contact within your site.  But this is not a feasible option – after all, you have your web site online for the purpose of contacting new and old customers or clients.  So, before putting your email form online, use a bit of quick security and incorporate Captcha.

How Secure is Virtualization Technology?

A September 2009 survey released by Centrify revealed that the major barrier facing 46% of the respondents when it comes to adopting virtualization is security. In fact, only an estimated 20% of respondents said they were strongly confident in the security infrastructure of their virtualized environments. Professionals heavy into the technology sector are well aware of the security conundrum that surrounds virtualization. It has become such an issue that EMC recently assembled a panel of experts from its Ionix, RSA and Vmware divisions to put together some guidelines for adequately securing virtualized environments. What they came up with was “Security Compliance in a Virtual World,” a report that focuses on many key points that must be considered for ensuring virtualization security.

OS Hardening

The configuration for virtual machines and switches must be hardened just like your physical boxes and network switches. The underlying operating system must also be hardened through routine patches and updates, removal of unused components and maintaining secure settings. The EMC report suggests modeling virtual systems after the guidelines from the CIS (Center for Internet Security) and DISA (Defense Information Systems Agency) as they are viewed as well established security practices.

Configuration and Change Management

Since virtualization technology makes it simple to deploy new virtual machines and modify their set ups, it becomes very easy to fall into a chaotic state of configuration when it comes time to managing the environment. Even when systems are adequately hardened during installation, it is still important for organizations to stay on top of the environment to ensure a secure configuration. This means that when system settings are modified or new software applications are added, administrators are making sure the virtual system continues to meet what the EMA report calls the “gold standard” of configuration.

Access Control

Practical security polices such as least privilege and separation of duty should not be thrown to the wayside just because virtualization has come into the picture. Instead, such principles should become more essential than ever. The presence of virtualization results in increased density of all the systems and applications on your server. This is more convenient for your organization as well as the intruder who may be able to manipulate these systems if proper access control is not enforced and maintained. The report suggests that solution providers aid their staff and clients in understanding the importance of role-based access control both in and out of the virtual environment.

Network Security and Segmentation

Companies operating virtual servers lacking any sort of segmentation are far more vulnerable to exploit and exposure than organizations making use of virtual switches to incorporate those virtual machines into virtual local area networks like their physical counterparts. The security report explains that one of the most essential factors in compliance is ensuring that data is isolated and not mingled with or available to users on other virtual machines. Organizations that possess expertise in the network security field should put it to use in the virtualization environment. This can be done by obtaining virtual switches and other virtual security mechanisms such as firewalls and intrusion protection systems to protect network perimeters.

Windows Server 2003: Still Getting the Job Done

Microsoft is behind a number of technologies that suit the needs of home and business users in both the desktop and server environment.  In general, Microsoft separates its server operating systems into four main categories: Applications, Collaboration, IT Operations and Security, essentially covering all the vital aspects required to running a highly efficient network.

The Windows Server operating system represents a line of fully integrated software tools developed by Microsoft.  While functionality varies among version releases, each aims to form the solid infrastructure needed for operating with various network components.  In addition, most of the company’s server solutions provide support for the Visual Studio software package, helping designers and IT developers in the process of creating and managing web environments by utilizing their own custom set of programming tools.  This article will introduce you to one of Microsoft’s most popular and successful server operating systems: Windows Server 2003.

Why it’s Still Prevalent

Even though Microsoft released Windows Server 2008 only a short time ago, Windows Server 2003 is still widely used in hosting and network environments.  Why?  The answer is simple – it continues to be one of the most reliable hosting platforms available.  This server operating system made its debut in April of 2003.  Since then, it has been highly regarded as a more secure and powerful solution than its predecessor, Windows 2000 Server.  Because of its efficiency in the network setting and seamlessly compatibility with Microsoft .Net technologies, Windows Server 2003 was referred to as “the .Net Server” for a considerable amount of time.

Windows Server 2003 offers many enhancements over previous versions, including the ability to improve identity and access administration while reducing storage management expense at the same time.  It includes a highly competitive web platform, offering cost-efficient server management for enterprises and small businesses alike.  The software incorporates features and technological characteristics of past releases into a single package, offering a tightly integrated suite of tools that aid in development, data management and security.  With the launch of Windows Server 2003, Microsoft greatly simplified the task of network management and improved security and efficiency across a broad range of network environments.

Enhanced Data Management

What makes Windows Server 2003 so powerful is its seamless compatibility with various Microsoft technologies, mainly the SQL Server.  Released in November of 2004, Microsoft SQL Server is an RDBMS (relational database management system) that utilizes Transact-SQL as its primary query language.  Whereas most of the prevision versions of SQL Server were mainly used for small to medium sized databases, the 2005 release brought forth capabilities that made it ideal for large databases as well, making it a reliable solution for small businesses or large enterprises.  SQL Server 2005 provides for the easy management of data, integrating efficient security tools and enhanced access to business data.   The server offers a robust, state of the art, fully integrated management system that is relied on by businesses and organizations across the world.

While you can argue that Microsoft technologies are expensive, there is no denying the power they deliver.  Dynamic platforms such as the SQL Server make Windows 2003 a highly extensible networking tool capable of handling the simplest to the most complex needs.

Web Hosting Security at Risk: Are you?

It seems as if new web hosting companies are emerging on the scene everyday and almost all of them are trying to ease the rising fears of security breaches.  The efforts and reassurance are warranted when considering that any website is vulnerable to an attack.  Intruders are constantly on the prowl in search of sensitive information such as account numbers, invoice records, personally identifiable details and other confidential data.  The best way to ensure the protection of this information is a combination of proven security mechanisms and routine security practices employed by both the hosting provider and end-user.

Why Web Hosting?

You may wonder why the web hosting industry is such a big target of hackers?  The simple answer is that the market is tremendous, consisting of thousands of companies that power millions of websites throughout the world.  There are billions of dollars tied up in the business and hackers are willing to use every trick in the book to get a share of it.  If your site runs mission-critical operations, acts as the central source of information for your niche or enables you to make a living, it is imperative that you make security a priority.  Because your web host is in a better position to ensure reliable protection than yourself, you need to put security on the top of your list when sizing up potential hosting providers.

The Expanding Threat Model

A hacker’s arsenal is made up of numerous tools and techniques.  They typically combine various methods to compromise websites and turn the unsuspecting into victims.  Some blend into social networking sites, playing nice in hopes of enticing community users to visit an infected site and unknowingly execute malicious code on their system.  They trick users into downloading items that appear to be something desirable like a multimedia application or game but is only a deceptive Trojan horse in disguise.  Some utilize more destructive weapons that could result in the theft of one’s assets and identity.  The malicious keylogger is a prime example, a menacing program with the ability to capture every single character you type into your keyboard.  These threats and more, are the very reasons why web hosting providers across the world are increasing their efforts to deliver better security to their customers.

Put Security First

You don’t have to be a security expert in the IT field to keep yourself protected from hacking exploits.  However, your web host should be.  After all, if they are taking money from you and making a commitment to serve your pages over the internet, shouldn’t they also be on top of the security mechanisms and procedures needed to ensure the safety of your website and personal information?   Security is a must in the web hosting arena so you should take no excuses and never settle for less.  With that said, if you feel that your current hosting provider isn’t taking the necessary measures to keep you protected, don’t stand for it – move your files to a responsible server.

Intermedia.NET Unleashes New Exchange Solutions

Intermedia.NET has just launched a suite of new solutions designed to enable Microsoft Exchange deployments that provide higher availability and tighter security for its customers.  Although Exchanging hosting has become increasingly popular in recent times, many businesses still choose to maintain their server operations in-house.  Those who lack internal resources are vulnerable to numerous instances that pose a direct threat to critical business functions.

Intermedia CEO Serguei Sofinski explained that the company’s new offerings will help customers address two of the biggest problems faced by small to medium sized businesses today: excessive downtime and security issues.  Sofinski says the new solutions will allow its customers to effectively harvest the true value from their assets without the risk of loss productivity.

Here is a rundown on Intermedia’s new solutions:

Business Continuity

The Intermedia Business Continuity solution has been tailored to provide high availability by permitting customers with on-premise Exchange servers to use its servers to access their messages when the in-house servers go down.  Unlike standard dial-tone solutions, this offering is Exchange-based and allows complete access to user mailboxes.  This means that customers can enjoy 14 days of message history, contacts, calender appointments and more even if their server should fail.

ContentSync

A proprietary application developed by Intermedia, ContentSync is a software tool that synchronizes its Business Continuity Exchange servers with on-premise Exchange servers, providing customers with real-time access to their data in the event of a failure.  This solution doesn’t call for any software or hardware installations, configuration or management, making it possible for business customers to have the high availability that would normally be cost prohibitive at a more affordable price.

SpamStopper

SpamStopper is the second part of Intermedia’s Exchange solution.  This hosted service puts an emphasis on security with spam filtering, anti-virus and anti-phishing tools for small businesses with their own on-premise Exchange server.  Intermedia says that SpamStopper is able detect potentially harmful mail with an accuracy rating of greater than 99%.  The solution is also integrated with a feature called Zero-Hour Virus Outbreak Detection to protect networks from newly released strains of malware.  Thanks to SpamStopper, Intermedia customers can stay one step ahead of the unscrupulous coders writing infectious virus, worm and Trojan programs.

Price and Availability

Both of Intermedia’s new solutions have been made immediately available and can be easily incorporated into customers’ existing on-premise Exchange servers.  Business Continuity starts from $5 a month per user while the SpamStopper solution is available for $50.  The latter is a one-time fee for the first 50 users and an extra 50 cents a month for each additional user.

About Intermedia.NET

Intermedia.NET is a Microsoft Gold Certified partner that has been specializing in the hosting business for more than 10 years.  Its solutions are geared towards small to medium sized businesses looking for enterprise-class technology attached with low monthly fees, no up-front investment and industry-leading technical support.  Aside from Microsoft Exchange hosting, Intermedia provides a variety of traditional web hosting services designed for small and mid-sized companies.