Products and Services Posts | Neteron

Secure your infrastructure in one lecture

admin — Sun, 12 Jun 2022 08:40:03 +0000

Once your devices are exposed to the internet, you start worrying about how to maintain and secure your infrastructure. Get better sleep at night knowing you have done everything possible to keep your data safe from threats.

This is a post suitable for anybody who has services running on the internet.

Secure your Linux distribution

If you are planning to start your VPS or your dedicated server on a data center, and you already picked up your Linux distribution then you better have a key ready to be implemented as soon as the first start.

The idea is to connect for the first time using a secure shell and have all the initial traffic encrypted.

Most data centers offer the option to upload a secure key and be installed as soon as the operating system is built. Once this is done you can install another key that is going to replace the one you sent to the data center site. This is true for VPS and Dedicated servers.

Once your operating system is ready, another big step must be done for safety. We call it hardening your operating system. This is basically applying initial rules to make your system more secure.

Disable direct root login: meaning no one is able to use a root user for login. The only possible choice is to use a secure key. Do not worry, you can log in using a root password but from a secure console; similar to having the keyboard and screen connected to the server. This remote console is secure and only you can access the terminal through the data center control panel.
Create a Wheel user: this is a bogus user with low privileges, something like "myuser15", or "secure101". Make the name of the user something unique and not something that anybody can guess. Once you create the user make him part the wheel. This will allow you to switch to root using a password only after logging in using SSH with a secure key. The process is like this:
- Use the SSH with a key to log in using a "secure101" user, a user with a nonstandard name and low privilege.
- Once you are inside the shell, you switch to root user using the specific "Sudo" command and write the root password when requested.
- Only after that, you do have full rights as administrator. Do you see how this makes things hard for unauthorized users?. That is the idea.
Use strong passwords: no matter that you are using SSH keys, as a general rule always use strong passwords for standard users and applications that require it. It is better to combine numbers, letters, and special characters. This is one way to protect against brute force attacks.
Change the default SSH port number: everybody knows the standard port for SSH is 22, so let's make it a different number. For that, you would need to review the list of most common ports and pick up something that is not there. Do not use anything that other services will use, like port 20 or 21 as they are for FTP; or port 80 as this is an HTTP protocol. You can check Wikipedia for a good list. Pick up something in the thousand range, like 3230 or 152o.
Enable and configure your firewall: these are rules that allowed specific traffic to come and go to your server. As a general rule, you would block everything and allow only the knowing ports that your services are running. In this way, there won't be any application popping up and trying to use a port when it is not allowed.

Steps 1 to 5 will cover only the first and the basic security of any Linux distribution, similar can be done for any Microsft Windows Server located at the border of the abysm called the internet.

Secure by Hardening your Hosting Control Panel

It is up to you if you want to use a vanilla implementation and install manually all your services, or do what I recommend which is to use a web-based control panel like cPanel, Webmin, Webuzo, or any other. The idea is to facilitate the administration of your server or VPS, this is done through an easy-to-use graphical interface based on a web browser.

It is much easier and less time-consuming to click a check box than run a command line using SSH. Web Hosting Control Panel works perfectly not only for web hosting companies but for single users and definitely It will make your life easier.

There are all kinds of control panels, some of them are open source and free to use and some others have some cost. The paid version of them came with support from their developer which is not a bad idea to have. One of the famous is called cPanel and it is well known in the web hosting industry. They offer different plans and it is worth the effort to take them into consideration as an option.

cPanel has a security advisor with a list of suggestions to check for hardening your operating system. This makes the process very easy in comparison with a vanilla implementation. Only click and follow the instructions and voila.

This security advisor will inform you if your system is out of date and it will recommend updating, or if your SSH password authentication is enabled then it will recommend disabling it, and so on.

ConfigServer Security and Firewall (csf)

This is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection, and Security application for Linux servers. It works out of the box in almost every Linux distribution in the market. It does not matter if it is a VPS or a Dedicated Server, it will work.

We recommend the use of this in any Linux implementation, and it does not matter if you are using a Web Control Panel or a Vanilla. CSF will install an extension in some of the Web Control Panels like cPanel and the Control Web Panel. If you are not using a Web Panel, then you can use the command line.

The ConfigServer has a suite of scripts that provides (the next is a copy-paste from their website, click here to redirect to the original text).

Straight-forward SPI iptables firewall script.
Daemon process that checks for login authentication failures for:
- Courier IMAP, Dovecot, UW-IMAP, Kerio.
- OpenSSH.
  cPanel, WHM, Webmail (cPanel servers only).
- Pure-ftpd, vsftpd, Proftpd.
- Password-protected web pages (htpasswd).
- Mod_security failures (v1 and v2).
- Suhosin failures.
- Exim SMTP AUTH.
- Custom login failures with separate log files and regular expression matching.
POP3/IMAP login tracking to enforce logins per hour.
SSH login notification.
SU login notification.
Excessive connection blocking.
UI Integration for cPanel, DirectAdmin, InterWorx, CentOS Web Panel (CWP), VestaCP, CyberPanel, and Webmin.
Easy upgrade between versions from within the control panel.
Easy upgrade between versions from the shell.
Pre-configured to work on a cPanel server with all the standard cPanel ports open.
Pre-configured to work on a DirectAdmin server with all the standard DirectAdmin ports open.
Auto-configures the SSH port if it's non-standard on installation.
Block traffic on unused server IP addresses - helps reduce the risk to your server.
Alert when end-user scripts send excessive emails per hour - for identifying spamming scripts.
Suspicious process reporting - reports potential exploits running on the server.
Excessive user process reporting.
Excessive user process usage reporting and optional termination.
Suspicious file reporting - reports potential exploit files in /tmp and similar directories.
Directory and file watching - reports if a watched directory or file changes.
Block traffic on a variety of Block Lists including DShield Block List and Spamhaus DROP List.
BOGON packet protection.
Pre-configured settings for Low, Medium, or High firewall security (cPanel servers only).
Works with multiple ethernet devices.
Server Security Check - Performs a basic security and settings check on the server (via cPanel/DirectAdmin/Webmin UI).
Allow Dynamic DNS IP addresses - always allow your IP address even if it changes whenever you connect to the internet.
Alert sent if server load average remains high for a specified length of time.
mod_security log reporting (if installed).
Email relay tracking - tracks all emails sent through the server and issues alerts for excessive usage (cPanel servers only).
IDS (Intrusion Detection System) - the last line of detection alerts you to changes to system and application binaries.
SYN Flood protection.
Ping of death protection.
Port Scan tracking and blocking.
Permanent and Temporary (with TTL) IP blocking.
Exploit checks.
Account modification tracking - sends alerts if an account entry is modified, e.g. if the password is changed or the login shell.
Shared Syslog aware.
Messenger Service - This allows you to redirect connection requests from blocked IP addresses to preconfigured text and HTML pages to inform the visitor that they have been blocked in the firewall. This can be particularly useful for those with a large user base and help process support requests more efficiently.
Country Code blocking - This allows you to deny or allow access by ISO Country Code.
Port Flooding Detection - Per IP, per Port connection flooding detection and mitigation to help block DOS attacks.
WHM root access notification (cPanel servers only).
lfd Clustering - allows IP address blocks to be automatically propagated around a group of servers running lfd. It allows cluster-wide, removals and configuration changes.
Quick start csf - deferred startup by lfd for servers with large block and/or allow lists.
Distributed Login Failure Attack detection.
Temporary IP allows (with TTL).
IPv6 Support with ip6tables.
Integrated UI - no need for a separate Control Panel or Apache to use the csf configuration.
Integrated support for cse within the Integrated UI.
cPanel Reseller access to per reseller configurable options Unblock, Deny, Allow, and Search IP address blocks.
System Statistics - Basic graphs showing the performance of the server, e.g. Load Averages, CPU Usage, Memory Usage, etc.
ipset support for large IP lists.
Integrated with the CloudFlare Firewall.
...lots more!.

The copy-paste ends here.

You can't go wrong with the ConfigServer firewall.

Secure your Kernel. Ksplice, Kpatch, and Kernelcare

These are Linux kernel patching features built by different vendors. They all have similar features like the possibility of running live patching for running machines.

Once the feature is installed on your Linux machine, the kernel will get patches for vulnerabilities. One of the benefits is the application of patches in a reboot-less mode.

The machine will get the patches and continue the normal operation after that. Of course that in some cases you won't escape from a reboot but definitely it will increase the uptime of your services. You won't need to schedule any reboot or notified to any user about downtime coming.

Ksplice is an Oracle feature that is offered for distributions like Red Hat and Oracle Linux with Red Hat compatible kernels. Ksplice can patch glibc and openssl vulnerabilities without stopping applications and without interruption.

Kpatch is a Red Hat tool for Dynamic Kernel Patching in Red Hat distributions. This enables sysadmins to apply critical security patches to the kernel immediately, and the same as the rest of the vendors, without having to wait for long-running tasks to complete, users to log off, or scheduled reboot windows. It gives more control over uptime without sacrificing security or stability.

KernelCare, the last I mentioned from the list is the most used in the web hosting industry. It offers patching for the Linux kernel from almost all the distributions available on the market. AlmaLinux, CloudLinux, AWS, Centos, Debian, Oracle. Click here to see the complete list. Kernel care belongs to TuxCare and their whole business is related to security and extended life support for distributions that have reached the end of life.

From all these patching flavors we have our favorite and it is Kernelcare. They offer excellent support and it is very well known in the Web Hosting industry. It has been used and tested all around and it is a working feature with five stars.

CloudLinux for a secure shared environment

CloudLinux is a Linux distribution designed for a shared hosting environment and provides a modified Kernel based on OpenVZ. You probably have heard about VMware, KVM (Kernel-Based Virtual Machine)VirtualBox, Parallels, QEMU, Citrix, and others. These run the main OS as a Hypervisor.

The Hypervisor is the manager and administrator of virtual machines, and the virtual machines are like secure containers that run their own kernel and they have assigned resources, like memory and disc storage.

You can run different kernels inside the same Hypervisor but a difference between OpenVZ is that this will use replication of its own kernel to create containers. CloudLinux is an OpenVZ bases kernel and it will run at the top as any other operating system but with the advantage that it can run a Lightweight Virtual Environment (LVE) with its own resources like memory, CPU, input and output operations, and process without the overhead of a hypervisor.

It will create a secure and isolated environment for the users almost similar to a virtual machine. This environment is perfect for a shared hosting environment. You can assign memory, processor, and limit of the process to the users and create a very stable habitat for everybody.

As an example imagine you run a WordPress shared hosting with several accounts all having the same privileges. Every account uses the same quantity of processors and the same number of processes. Now imagine that one of these WordPress accounts is a successful one with an incredible amount of traffic, at some point this account will start eating all the resources, and a starving environment is then created. Other accounts start to feel the need for resources and everybody suffers the consequences.

With CloudLinux you will assign a limit to the resources an account can consume so there is no impact when one of them starts getting a hit of traffic. The only one who will be suffering is that specific account and not the whole community. The idea with this is that if an account is exceeding then we can place him in a different plan with more resources assigned to him if necessary but no one else will be affected during that time.

Another great plus for Cloulinux is the CageFS which is a virtualized, per-user file system that isolates all the accounts, preventing users from seeing each other and viewing sensitive information. With CageFS, Web Hosting providers avoid a large number of attacks, including privilege escalation and information disclosure attacks.

And for the last, CloudLinux works just wonderful with any Web Hosting Control Panel you decide to use.

Secure your data with a recovery plan against disasters

Things happen and some of us still remember the fire at the OVH data center in Strasbourg, France, where millions of websites went offline after the incidence and hundreds of terabytes went lost, forever.

Thousands of companies from all around the world were affected, including governments, banks, web stores, and the game industry. Apparently, a failure in a UPS system got overheated and went on fire that extend to the entire facility. 500 ms square of equipment went to hashes.

That is not the only one, in 2014 the Samsung data center cough a major fire in South Korea. Not all is for fire. There are other elements like a water flood or lightning that can cause huge damage to facilities.

In the last few years, we have seen a huge increase in ransomware attacks, and we have seen what a terrorist attack can cause. There are so many factors that make it almost impossible to calculate the impact on our modern lives.

The best way to be protected and secure is to build your own recovery system against a disaster. Whatever you think would help then probably it would so do it. Take into consideration:

How fast do you want to recover your data after an incident?
Make a list of steps to follow and select the roles for your personal.
Be able to identify the type of solution you require based on the type of disaster. If a war is coming, then it would be better to choose a different region or continent. Application failure, hardware failure, power failure, malware, ransomware, or natural disasters, just to mention some of them.
Do not have your backups in the same location as your live data. Backups are your plan B and you want to make them as secure as possible. Choose a different country or data center facility for this.
If possible make a double backup. A backup of your backup or a backup you can take with you to your fiscal storage place.
Build a cluster of your services if possible. This way if one is down the other will go up with no losing time.

There are different backup options and solutions that you can use like Neteron Web Site Backups that let you choose to restore the whole account or just part of your files. This backup is powered by CodeGuard, a well-known security company called Sectigo. Your backup will be secured and saved encrypted and stored on Amazon Web Services Simple Storage System which provides market-leading resilience and redundancy for your backups.

There are other options and Neteron.com can help you build your own custom backup and anti-disaster solution. But as a minimum Codeguard should be taken into consideration for all its features and because it is very easy to use and implement.

Secure your Linux account against Malware

Linux is well known as a very secure operating system, no matter the distro you choose, it is going to be more secure than your Windows machine. This is because of the way it manages privileges, users, and ownerships. But this does not mean it is immune, it is not.

Web Hosting companies line neteron.com protect their systems by enforcing the Kerner, applying the last patches that cover the last treats, and using CloudLinux OS which isolates data leaks between the users.

The protection does not end there and there are threats at the user level. The combination that web hosting companies have to secure their infrastructure makes it possible to isolate the root and administrator process against threats that affect only users, keeping the malware running only in that specific account within a jail shell mode.

It is a standard let the user run the software they want to run and manage their account as they please, as it is not the Web Hosting Company to intervene in the user's account. It is the responsibility of the customer to keep their accounts clean of malware. The responsibility of the Web Hosting Company is to provide the necessary tools that the customer can use and execute to keep their account clean.

Neteron.com uses a partnership from SiteLock which comes through the WHMC license. This makes it possible to offer its customers a secure tool for fighting malware. Normally malware enters the user account through an unknown module installed in WordPress, or because the user did not know how to manage the permissions of its files and folders and let the threat enters his premises.

SiteLock will scan your sites for malware and vulnerabilities and let you know if something is found. There is a free version that will let you know if there is a threat in your files and there are plans that will not only find the code but will remove it.

Depending on your website security package, you’ll receive daily website scans, automated malware removal, vulnerability/CMS patching, as well as a web application firewall to block harmful traffic before it ever reaches your site.

But what happens when your account is hacked?

We never expected to get haked and when this happened we usually get into a first panic stage, where we are trying to understand how this happened.

Do not panic. There are a couple of steps you can do to fix it.

If you get hacked because you installed some unknown software, you can always go back to an older backup, one that is clean.
Another solution is if your website has been attacked and compromised you can get immediate emergency assistance to quickly recover your site using SiteLock emergency response.
- Get the fastest response time with analysis and work to recover your site started within 30 minutes.
- If the automatic technology is unable to remove the malicious content then real people will perform manual cleaning.
- With the emergency package, you get fast-tracked straight to the top of the queue.
- SiteLock will continue to monitor your site for 7 days to ensure that your site remains malware-free post-recovery.
- The emergency service is available for a single one-off fee, there are no recurring fees or subscriptions.
If you are using WordPress you can use some of the secure WordFense premium protection plans which include Malware Removal, Incident Response, Blocklist Removal, and Search Cleanup. WordFense is a real deal in security for WordPress.

Keep your emails secure and free of spam

This happened to all of us, once we have our own email box configured everything looks just fine, but the time goes by and little to little we start getting spam, garbage, and some very dangerous emails from unknown senders and fishing content or malware in the attachments.

It was worse a few years ago but the industry has been fighting this and nowadays there lot of vendors and thousands of implementation of email security appliances everywhere, at all levels.

These appliances get database updates, new string sets, and new regular expressions that look for patterns and check the headers of the email for familiar matches and mark them as spam.

Email security starts from your domain records. Configuring the mail services is a little more complicated than just creating your first email account. You must secure it with the best practices and configure the next values:

DKIM (Domain Keys Identified Mail): is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain.
SPF (Sender Policy Framework): is an email authentication method designed to detect forging sender addresses during the delivery of the email.

One is used for senders and the other is used by receivers, and because emails send and receive then you must configure both of the.

You could use a Spam Filter engine, like SpamAssassin for your email accounts, this will help you to identify unsolicited bulk emails (spam), and send them to a separate folder (Spam Box) or automatically delete them (Auto-Delete) from your email account.

SpamAssassin uses a variety of security mechanisms including header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases. SpamAssassin runs on a server, and filters spam before it reaches your mailbox. The configuration can be tuned but it requires some effort from you.

Another very easy solution that you can deploy is called SpamExpert. This is the easiest way to keep clean your inbox from spam and more.

This security feature is very easy to configure and it will start working immediately, you will notice the difference. It will detect 99% of the unwanted emails and it will scan your emails for malware. This is a two-in-one feature, and for the price, it is worth it.

With SpamExpert your emails will be received in the correct inbox folder of your recipients, and your inbox will stay clean from unwanted emails. This technology is maintained and tuned all the time, no need for your intervention.

You will benefit from a rich array of features, via a user-friendly interface with multilevel control, live quarantine, and regular new releases. The solution offers multilevel control and additional email continuity via storing emails and retrying delivery during outages or downtime. This is a serious feature, at the same level as the major leagues in emails but for a very affordable price here.

Secure your access using a VPN

Here is nothing more uncomfortable than getting locked from your own server. This has happened to all of us and one of the options to work over this is using a VPN to re-connect and clean your IP from the firewall black list.

You can use any VPN service or you can get the cheapest Virtual Private Server and install OpenVPN there. This is a free-to-use, secure and open-source VPN solution. The free-to-use version is limited to two connections simultaneously.

If you use your own VPN application you will have the advantage that you can add the VPN IP address to the whitelist of your server firewall, and this IP won't change during the time you have the VPN.

This will give you secure access at any time and from anywhere. You establish a connection to your VPN and after that, your access to your server is always granted as the IP address is already whitelisted. This is useful when you have strict rules that are easily violated even by trustful networks. This can happen when your network uses a dynamic IP address to the internet.

Neteron.com has a secure VPN feature that you can get and encrypt your traffic with high speed, security, and easy to use with instant setup. This is an unlimited usage in a high-speed network. You won't be disappointed knowing that just one subscription covers and protects up to 5 devices simultaneously.

Conclusion

There are a lot of easy-to-deploy features that are made for securing your infrastructure. You should consider all the options and pick up the one that you need. Nowadays there are no excuses for having your infrastructure unprotected.

The End.

The post Secure your infrastructure in one lecture first appeared on Neteron.

What would be best, a Shared Hosting, a VPS, or a Dedicated Server?

admin — Thu, 09 Jun 2022 16:27:26 +0000

What would be best, a Shared Hosting, a VPS, or a Dedicated Server?. For some people, those concepts are pretty clear but for others are not so much. Even though you could reach the same goals using any of them, the path you take is different from one to the other.

Let's explain in this article which cases you would be better with what product.

Shared Hosting

It is considered Shared as you are not alone, you are sharing resources with other users on the server. As more users are sharing fewer free resources are available for you and vice versa. But that is not a bad thing, the standard for Shared Hostings is to host smaller sites or static pages that do not use many resources in comparison with bigger sites with front and backend development, for example.

Depending on the server, It is possible to host hundreds of users and all of them sharing the same resources and not having issues like slow pages or high latency if all the web pages and sites are just static pages which means no use for the database. Once you start using the database then a latency layer is been added to the time-consuming processing of the query.

Web Hosting companies like Neteron have different shared hosting plans for different cases, for example, with the Startup plan, you can share resources with other customers if all of them have similar needs like publishing static pages and or the use of the web builders to build their site that is going to be published. This is the best way to use the Startup plan, of course, if you are a geek probably can do a lot more like adding PHP code to execute your scripts.

Advanced and Ultimate Plans are for customers that use dynamic content. Dynamic content makes more use of the resources of the server, and that is the reason why it is more expensive as fewer people are been hosted as more resources are been consume.

As more affordable is the plan you are using as more people are been hosted, and as more expensive is the plan, as fewer people are been hosted. The idea is to have an equilibrium in the number of resources need it over the number of customers hosted, and the profit percent minus the cost of the server. The Ultimate plan is designed to host fewer customers with high needs in resources.

A Neteron rule is to host as fewer number of customers per server as possible and get some profit. This is a general rule followed by most web hosting companies but this is not true all the time. Some companies overcrowd their servers to make the most of the money. It is more noticeable when dynamic web site are been hosted and the huge delay when trying to open them in the navigator.

VPS or Virtual Private Server

This is the next step in web hosting and it provides the customer with virtualization technology for implementing his project. With a VPS your account is virtually isolated and you will have some resources assigned exclusively to you. Memory, storage space, and process power are for you to use in their capacity.

Even though this is a shared environment, the resources assigned to you are inside a virtual machine that you and only you have access to. For example, imagine a server with 32 core processor, 128Gb in Ram, and 1Tb of SSN storage.

You could get a decent started virtual machine when you have your container with 2 core processors, 8Gb ram, and 60Gb of storage assigned exclusively to you, leaving 30 core processors, 120Gb of ram, and 940Gb of storage to others; with the possibility to increase your resources as you grow.

But all these advantages come with disadvantages. You would need to know about operating systems and how to troubleshoot a virtual environment. VPS comes as a vanilla product, you need to install and configure the software you need like the operating system, the web server, the programming software, the email server software, the firewall, and so on.

You must know in what are you getting involved. Neteron offers a series of Managed VPS. Neteron will install the software you need and prepare your development environment so you do not need to do it yourself or hire anybody for that.

Another advantage of VPS is that you can add more resources as you need them, for example, if your site grows up and you need more space, then you can migrate to a higher plan without the need of rebuilding your software again. All of this is done in the background and in just a few seconds your virtual machine will have more storage space, memory, and processor power.

This is not true in the other way. Once you have a plan, it is not possible to go back as there is not possible to reduce the size of your container without losing your software. Be aware that this is only a one-way ticket.

Dedicated servers

This is the last, the ultimate, the best of the best of the web hosting services. It is a dedicated and exclusive server for you and only you. You can host web pages, you can have your virtual machines, and your software, and do everything that you are legally bound to.

This is the whole machine for your project. If your server has 32 cores, 128Gb in Ram, and 1TB in storage, then they are all yours.

Same as VPS, you would need to install the server with the operating system of your preference, same as the rest of the software. There are other caveats like you must know how to troubleshoot hardware remotely. Sounds contradictory but it is true. You must know how to detect faulty memory or hard disc, and you must know how to request revision and replacement of the parts to the data center support office. You are the eyes they are the hands.

In some cases, there is monitor software that is been reviewed by personnel from in site and they can intervene on the server depending on the SLA agreement you have with them. A server intervention will try to keep your services running or in the worse scenery, they will change the necessary parts.

Most of the interventions we have in Neteron servers are for example firmware updates, or the replacement of an old motherboard just because the data center is decommissioning the old one.

Another caveat is that once you have a server, it is not simple to add more resources when you need them. They are made as they are been offered. If you need more resources then you would need to get a bigger server and migrate your systems there.

In conclusion, the price factor

It is obvious that price is another point to take into consideration when deciding how to build your project. As you go the price are too. The cheapest Hosting is the Shared Hosting for reasons we have already discussed, followed by the VPS and the most expensive are the Servers.

Remember these are equipment located in a Datacenter, and data centers are points of connection to the most important autonomous system, which means the connection to the global network. For example, OVH offers a total of 32TB of global network capacity in 33 data centers within 4 continents and more than 34 reductants PoPs.

These PoPs are connections to other carriers, networks, data centers, public, and private Telcos from all around the world like Equinix, Paris Telehouse, Globalswitch, Verizon, Vodafone, Telefonica, AT&T, and Orange, just to mention some of them, the list is long,

It is not possible to compare the price of storage and processing power at home, with the price of storage and processing power located in a data center; if you have it, then you better make the most use of it. This is the most expensive of the options.

The End.

The post What would be best, a Shared Hosting, a VPS, or a Dedicated Server? first appeared on Neteron.

The Secrets Behind Starting a Web Hosting Company

admin — Sat, 04 Jun 2022 10:12:45 +0000

The Secrets Behind Starting a Web Hosting Company will give you an idea of what you need to know in order to start and be successful. Probably there are hundreds of Web Hosting Companies around the world and every single one has its own history of success and mistakes to tell.

History

It was around 1994 when GeoCities was launched and at that time they allowed users to create and publish their own web pages for free. At the same time they create a search index of the pages they were hosting that allows people to search content in their own systems based on interest. Not only the concept of Web Hosting was created but the Search Engine that we know are at the beginning of their invention.

Nowadays there are hundreds of web hosting and all of them have similitude and differences. We are not talking here about the monster cloud companies that own the biggest data centers in the world like Google, Azure, Oracle, or Amazon just to mention some of them. These are totally different classifications of services that happen to have the possibility of hosting websites.

I want to refer to hosting companies as those that offer exclusive products for hosting websites and the products related to creating, designing, maintaining, and securing these sites. Some of these companies use the monsters mentioned in the paragraph before to host and offer to customers a more simplified version of that infrastructure.

The similitude includes the type of products their all offers, and private space with public access. The difference is basically prices, quality of services, the Service-Level Agreement, and the technology they use for implementing those products, like operating systems, software, licensing, and so on.

Let's start with the biggest of The Secrets Behind Starting a Web Hosting Company:

1.- Billing System and Hosting Management: The center point of every single hosting company is the automatization platform that will automate their business. This will allow the registration of customers, the billing of the products, and the deployment of the services that have been acquired between others.

There are a few of these in the market and you need to review them and select the one you think would be the best and more suitable for you. Just to mention some of them: Whmcs, Blesta, Clientexec, and Hostbill. These are all good choices.

They all offer addons or plugins and integrations for the automatization of the hosting process. I will pick up as an example the Whmcs which is the one that neteron.com uses and it is probably the most used Billing System and Hosting Management for the web hosting companies around the world. Remember that they all offer similar advantages so the next points will refer not explosively to the Whmcs:

It manages the process of creating and terminating the account and automates the entire customer life cycle for web hosting.
The native support for the deployment of web accounts using the most important Web Control Panels on the market, like cPanel, Plesk, DirectAdmin, Interworx, Virtualmin, and others.
It also has native integration for domain reselling through eNoms, OpenSRS, and many more. You will be able to resell hundreds and hundreds of domain extensions through any of them.
Whmcs has the power of managing the recurring invoicing and payments, it has native integration to a very long list of payment gateway providers like Authorize, Stripe, PayPal, Skrill, eWay, CheckOut, etc. The list is really long.
It has out-of-the-box integration to a marketplace where you can sell and deploy security products like SSL, CDNs, Spam Protection, Marware Scanning, backups, and more.
Also, it offers the possibility to deploy dedicated servers in some data centers and/or virtual private machines, allowing the end customers to manage their product through an inside management console.
And for the last but not less important, it offers integration for messaging products, like Slack and Hipchat; the possibility to have your own licensing software that allowed you to sell and distribute your own PHP code securely.

All the billing and automatization software has similar products to offer, take a look at the links for more information about them.

Second of The Secrets Behind Starting a Web Hosting Company:

Most web hosting companies do not have ICCAN Accreditation or any other accreditation for selling or registering domain names. We are resellers of those who have the accreditation and we are legally bound and tied to their policies as we are affiliated with their reseller programs.

The reason why we are not accredited for the ICAAN is the money and the technicality. First, the license has a very high cost per year and you would need to sell hundreds of names per day to get some profits; for the second, the technicality, you would need to build and maintain a very complicated interface for connecting every single domain manager to your billing system.

Imagine that there are hundreds of domain extensions and not all the extensions are administered by the same entity. This means that the requirements changes between them, same as how they manage the connection to their interfaces. You would need a team of people to be able to build and maintain such complexity.

The same would be true for you if you start your own hosting company. You would need to pick up the domain reseller that you considered the best for you.

Neteron is an affiliated reseller of eNoms and RProxy. Also, as neteron.com is a Finish company, we built and manage our own interface for reselling directly the ".fi" domain. We are registered and accredited by Traficom for such a purpose under our main company name Vanaja Commerce and Solutions.

Third of The Secrets Behind Starting a Web Hosting Company:

Your Web Hosting Control panel would be another step for consideration. You must pick up the one you think is the most appropriate for you and your customers. It provides a graphical interface and automation tools designed to simplify the process of hosting a website for the website owner or the "end-user". It enables administration through a standard web browser using an easy-to-use structure.

You would be able to manage the server that will host your customers, and your customers will be able to manage their own hosting accounts. These happened through two different interfaces, one for the server administration and the other for the end-user.

cPanel, DirectAdmin, Plesk, Interworx, CWP, Webuzo and Cyberpanel are all well know in the industry.

There is an Easy Way revealed in this Forth of The Secrets Behind Starting a Web Hosting Company:

Neteron.com and other web hosting companies offer different reseller programs specifically designed for starting a web hosting company. You will be able to start your company using all the products they have in listing and in a white-label model. This would be the easiest and cheapest way to start your company and I would personally recommend for starters to try first this way.

You don't need to invest big money in anything and you will have the total support for all the products that are available for reselling. Starting in this way will give you the time to master all the information and technology surrounding the web hosting industry before you consider flying solo.

The End.

The post The Secrets Behind Starting a Web Hosting Company first appeared on Neteron.

Best Practices to Secure Your WordPress

admin — Thu, 02 Jun 2022 12:53:28 +0000

With Best Practices to Secure Your WordPress, you will learn to apply some rules and concepts that will help you to keep your site out of problems.

Introduction to Secure Your WordPress

WordPress started in 2003 as a joint effort between Matt Mullenweg and Mike Little. They create a fork of b2/cafelog, a blogging tool developed in 2001 by some French programmer Michael Valdrighi.

In 2002 Valdrighi stopped the development of b2, but in January 2003 this job that was left behind by Valdrighi was taken back with a fork of his project which is now nowadays as WordPress.

WordPress is a Web Content Management System (CMS), computer software used to manage the creation and modification of digital content. It provides website authoring, collaboration, and administration and it helps users with little knowledge of web programming languages or markup languages create and manage website content.

It is open-source and it is free, meaning anybody can download and install it for its own purpose. It was developed initially as a blog system but it evolved and nowadays it is possible to use it for developing websites, forums, eCommerce, media gallery, and learning systems, and the list continue and is expanding with time.

Isn't WordPress secure?

By nature, WordPress is secure enough to use, and there are a lot of people studying and analyzing its code and implementing patches and updates when a defect is found.

But remember that it is open-source and not only the original developers and maintainers have access to the code but everybody, and in this list, malicious people are found.

Once in a while, the code is exploited by bad entities, but fortunately, there are others that are competing against these entities and they are trying to discover these weaknesses before they are exploited. Companies like WordFence are doing an excellent job.

Before implementing WordPress:

1.- It is important to select the right place to host your WordPress project. Your Web Hosting company must guarantee a secure environment for a WordPress implementation. Be sure your selection includes a place where elemental security is included. For example, Modsecurity rules should be implemented on a server level and by default. Modsecure is an open-source web application firewall that will stop almost all well know SQL injection attacks.

2.- The Operating System is important too, for example, CloudLinux offers stability with the most optimal secure environment for deploying applications in a shared environment. Users are isolated between them and the process levels are regulated and administered.

3.- Good hosting companies host their resources in high-end data centers. These always include DDoS attack protection that is automatically implemented every time an attack is discovered. You can help yourself by implementing Cloudflare which is a CDN, WAF, DDOS protection, bot management, API security, web analytics, image optimization, stream delivery, load balancing, SSL, DNS, and so on. There is free use of their DNS infrastructure that you can use.

Initially Secure Your WordPress:

1.- Use strong passwords: Nowadays there is no excuse for not using strong passwords. I should not need to explain the reasons behind this but logically the use of strong and difficult passwords makes it harder for attackers to gain access to your system. This is true for your mail, for accessing your computer, for any registration to any service that requires registration or the use of login.

2-. Change the default login address: Everybody knows that the login address of a WordPress site ends in /wp-admin. Test yourself trying this with different domain names and I bet you will find once in a while an unsecured WordPress admin login address. There are plugins that allowed you to hide the access to the administration page of your site, they are easy to use.

3.- Unsecure plugins: Only install plugins that are considered secure. Select the one that has more and better reviews and the one that has more installation. I would consider a plugin with 10 million installations more secure than one that has only 100. Popular plugins are considered mature and updates and patches are delivered more frequently than the ones that are not so popular.

4.- Uninstall plugins and themes that you are not using: This will eliminate any hiding that you considered not in use, obvious that the code is still installed on your WordPress, so keep it clean with only the necessary code for your website.

5.- Keep your implementation updated: Sometimes security vulnerabilities are corrected with new WordPress releases. Updating to the newest version of WordPress will ensure that you have the latest security fix. Not updating your version of WordPress may leave your site open to hackers. The same is true with the plugins and themes. Keeping them updated is a good way to make things difficult for attackers.

6.- Backup your site: It is good practice to have a backup system like the one offered by neteron. You can configure it to backup the complete account and have the possibility of recovering if something happens or rolling back after a mistake made by your web developer or yourself. I promise you won't regret it.

Neteron.com you will be able to automatically apply the next rules to Secure Your WordPress:

Some of these are not so simple and require some research for a standard user. Some web hosting like neteron.com has an easy way of implementing these measures, just with a few clicks.

1.- Turn off pingbacks: Pingbacks allow other WordPress websites to automatically leave comments under your posts when these websites link to these posts. Pingbacks can be abused to use your website for DDoS attacks on other sites. This security measure turns off XML-RPC pingbacks for your whole website and also disables pingbacks for previously created posts with pingbacks enabled.

2.- Restrict access to files and directories: If access permissions for files and directories are not secure enough, these files can be accessed by hackers and used to compromise your website. This security measure sets the permissions for the wp-config file to 600, for other files to 644, and for directories to 755.

3.- Configure security keys: WordPress uses security keys (AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, and NONCE_KEY) to ensure better encryption of the information stored in the user's cookies. A good security key should be long (60 characters or longer), random and complex. The security check should verify that the security keys are set up and that they contain at least alphabetic and numeric characters.

4.- Block directory browsing: If directory browsing is turned on, hackers can obtain various information about your website that can potentially compromise its security. If directory browsing is turned on, this security measure can block it. This measure modifies the server configuration file (Apache, Nginx). Note that custom directives in the .htaccess file might override this.

5.- Forbid execution of PHP scripts in the wp-includes directory: The wp-includes directory may contain insecure PHP files that can be executed to take over and exploit your website. This security measure prevents the execution of PHP files in the wp-includes directory. This measure modifies the server configuration file (Apache, Nginx). Note that custom directives in the .htaccess file might override this.

6.- Forbid execution of PHP scripts in the wp-content/uploads directory: The wp-content/uploads directory may contain insecure PHP files that can be executed to take over and exploit your website. This security measure prevents the execution of PHP files in the wp-content/uploads directory. This measure modifies the server configuration file (Apache, Nginx). Note that custom directives in the .htaccess files might override this.

7.- Block unauthorized access to wp-config.php: The wp-config.php file contains sensitive information like database access credentials, and so on. If for some reason, the processing of PHP files by the web server is turned off, hackers can access the content of the wp-config.php file. This security measure prevents unauthorized access to the wp-config.php file. This measure modifies the server configuration file (Apache, Nginx). Note that custom directives in the .htaccess files might override this.

8- Disable scripts concatenation for WordPress admin panel: This security measure turns off a concatenation of scripts running in the WordPress Administrator panel, preventing your website from being affected by certain DoS attacks. Turning off the concatenation of scripts might slightly affect the performance of the WordPress Administrator panel, but it should not affect your WordPress website from visitors' point of view.

9.- Disable PHP execution in cache directories: If a compromised PHP file ends up in one of the cache directories of your website, executing it can lead to compromising the whole website. This security measure disables the execution of PHP files in cache directories, preventing such exploits from happening. Note that some plugins or themes might ignore the security recommendations from WordPress Security Team and store valid PHP executables in their cache directory. You might have to disable this security measure if you need to make such plugins or themes work.

10.- Disable file editing in WordPress Dashboard: Disabling file editing in WordPress removes the ability to directly edit the plugin and theme file sources in the WordPress interface. This measure adds an additional layer of protection for the WordPress website in case one of the WordPress admin accounts is compromised. In particular, it prevents compromised accounts from easily adding malicious executable code to plugins or themes.

11.- Change default database table prefix: WordPress database tables have the same standard names on all WordPress installations. When the standard wp_ prefix is used for the database table names, the whole WordPress database structure is transparent, making it easy for malicious scripts to obtain any data from it. This security measure changes the database table name prefix to something different than the default wp_ prefix. Note that changing the database prefix on a website with production data might be dangerous, so it is strongly advised to back up your website before applying this measure.

12.- Enable bot protection: This measure protects your website from useless, malicious, or otherwise harmful bots. It blocks bots that scan your website for vulnerabilities and overload your website with unwanted requests, causing resource overuse. Note that you might want to temporarily disable this measure if you're planning to use an online service to scan your website for vulnerabilities since these services might also use such bots.

13.- Block access to sensitive files: This security measure prevents public access to certain files that can contain sensitive information like connection credentials or various information that can be used to determine which known exploits are applicable to your WordPress website.

14.- Block access to potentially sensitive files: This security measure prevents public access to certain files (for example, log files, shell scripts, and other executables) that might exist on your WordPress website. Public access to these files could potentially compromise the security of your WordPress website.

15.- Block access to .htaccess and .htpasswd: Gaining access to .htaccess and .htpasswd files allow attackers to subject your website to a variety of exploits and security breaches. This security measure ensures that .htaccess and .htpasswd files cannot be accessed by abusers.

16: Block author scans: Author scans are looking to find usernames of registered users (especially WordPress admin) and brute-force attack the login page of your website to gain access. This security measure prevents such scans from learning these usernames. Note that depending on the permalink configuration on your website this measure might prevent visitors from accessing pages that list all articles written by a particular author.

17.- Change the default administrator's username: During the installation WordPress creates a user with administrative privileges and the username 'admin'. Since usernames in WordPress cannot be changed, it is possible to try brute-forcing the password of this user to access WordPress as the administrator. This security measure creates a WordPress administrator account with a randomized username and ensures that there is no user with the administrative privileges and 'admin' username. If the 'admin' user is found, all content belonging to this user is reassigned to the new administrator account, and the 'admin' user account is removed.

Going the extra mile with Secure Your WordPress and Wordfence.

Installing a security plugin like Wordrfence will give you an extra level of security. The free version will provide you with Malware scanning, two-factor authentication, rate limiting, brute force protection, vulnerability alerts, and more.

With Wordfence you will be able to identify and block malicious attackers targeting WordPress, and if you get the paid version then you will receive the latest firewall security rules, block IP addresses in real-time, and detect the newest malware.

If you are running a high-end mission-critical website where downtime has a financial impact then you must consider a Response Plan through Wordfense. This will provide an SLA of 4 hours a day, 7 days a week, and 365 days a year incident response with a 1-hour response time and 24-hour time to resolution. you

Conclusions

WordPress is a relatively secure CMS that allowed the integration with hundreds and hundreds of external applications called plugins. It is difficult to follow and track the origin of all this code and it is up to you to follow some rules to keep your site as safe as possible. Remember this is an open-source and as well as there are good people reviewing the code on a daily basis, there is the not-so-good one that is looking for flaws to exploit.

You must always think about security in everything you do with your WordPress. Always backup before any update is made, or before a plugin is installed. Automatic daily backups are the best, and manual backups are just before any changes are made.

The end.

The post Best Practices to Secure Your WordPress first appeared on Neteron.

About Domain Name, Registrars, and Resellers

admin — Fri, 27 May 2022 17:42:36 +0000

About Domain Name, Registrars, and Resellers

This article will give you an idea about what is behind the scene between the Domain Name, Registrars, and Resellers, the differences, and the reality.

The concept

A domain name is a string of characters that represent an address on the internet jungle. They are unique, meaning that the is only one combination for each one, like for example there is only one neteron.com in the entire world. A domain name refers to a website address and each website is identified with a series of numbers called IP address.

Client software like Firefox and Chrome use these numbers to connect to the websites, but humans refer to websites using domain names.

Let's clarify this. Humans write the domain name in the navigator and the navigator makes the call to the website using IP numbers, and that is why Domain Names make our life easier as we do not need to remember numbers.

ARPANET - The History

The Advanced Research Projects Agency Network (ARPANET) was the first wide-area packet-switched network with distributed control and one of the first networks to implement the TCP/IP protocol suite.

Both technologies became the technical foundation of the Internet. The first computers were connected in 1969 and the Network Control Program was implemented in 1970. The network was declared operational in 1971.

ARPANET was originally published in 1967 and introduced a concept for the network that was essentially the foundation for the Internet. In 1969, the idea was put into practice with the interconnection of four computers. Much later, the Domain Name System was introduced on the ARPANET. It was published by the Internet Engineering Task Force (IETF).

As ARPANET grows, so was the complexity of the use of numbers in order to access the remote machines, and it was not until 1983 when was first introduced the Domain Name Systems, with general public registration not being available until February 24, 1986.

The first seven domain extensions were controlled by ARPANET and in 1998 this responsibility went to a nonprofit organization called ICANN.

The ICANN

ICANN is the Internet Corporation for Assigned Names and Numbers, it was founded in 1998 and grew out of a U.S. Government commitment to transfer the policy and technical management of the DNS to a non-profit corporation based in the U.S. with global participation.

Nowadays is an internationally organized, non-profit corporation that has responsibility for Internet Protocol (IP) address space allocation, protocol identifier assignment, generic (gTLD), and country-code (ccTLD) Top-Level Domain name system management, and root server system management functions.

ICANN is responsible for coordinating the management of the technical elements of the DNS to ensure universal resolvability so that all users of the Internet can find all valid addresses. It does this by overseeing the distribution of unique technical identifiers used in the Internet's operations, and delegation of Top-Level Domain names (such as .com, .info, etc.).

In 2005-6, four new additional sponsored TLDs (.cat, .jobs, .mobi, and .travel) were successfully launched. ICANN's GNSO is currently developing policy recommendations for the introduction of additional gTLDs.

The IANA

The Internet Assigned Numbers Authority (IANA) is a department of ICANN that is responsible for maintaining the registries of the Internet's unique identifiers, which include domain names, Protocol Parameters, and Internet numbers (IP Addresses and Autonomous System Numbers).

Top-level domain

A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain.

For example, in the case of neteron.com, the ".com" is the top-level domain. Other examples of tope TLS are ".net", ".org", ".net", ".biz" and ".fi", just to mention few of them.

Second-level and lower level domains

These are the names directly to the left of .com, .net, and the other top-level domains. As an example, in the domain example.co.uk, co is the second-level domain.

Domain names are what came at the left of the Top-level Domain or Second-level when this is used.

The domain name neteron.com is the combination of a TLD and a string name that is the second-level domain. The combination is unique. Subdomains are all subordinates of its next-level domains, for example, ftp.neteron.com, www.neteron.com, and so on.

The Whois Protocol

WHOIS is a TCP-based transaction-oriented query/response protocol that is widely used to provide information services to Internet users. While originally used to provide "white pages" services and information about registered domain names, current deployments cover a much broader range of information services.

Domain name registrar

Do not get fooled. Not all the Hosting Companies are domain registrar accredited, and the reason is the cost of the accreditation. Widely used registrars include Enom, Tucows, and Webcentral. Each ICANN-accredited registrar must pay a fixed fee of US$4,000 plus a variable fee.

Some domain registrars accredited do not register domain names but offer the service to third parties called resellers, and that is where we are.

Domain name resellers

99% of the hosting companies use TLD providers in order to register domain manes. We affiliate with their program and follow the international rules for Registrars.

That is the only way hosting companies like neteron.com can offer registration of domain names. Otherwise, we would need to create a huge platform to connect not only to ICANN but to every single domain that ICAAN does not manage, remember that they regulate but others administrate.

For example, country extensions are administered, managed, and ruled by every government they belong to. If I want to offer ".fi" from Finland or ".it" from Italy, they I would need to build privately the interface to connect those systems.

The other way is to affiliate with a Bigger Domain Name Registrar and offers through them these domains. These affiliations came already with the possibility to offer hundreds of these extensions.

In the case of neteron.com, we are affiliated with enom.com which belongs to tucows.com, the second-largest domain registrar in the world; but enom.com do not have ".fi" in its wallet.

As neteron.com is a Finnish company we create the interface to connect directly to Ficora, the Finnish entity that regulates that specific extension. That is the reason we can offer ".fi" to customers in Finland, and yes we are accredited by FICORA but not by ICANN. Interesting ah!

The end.

References:

https://neteron.com

https://www.techradar.com/news/behind-the-internet-the-history-of-domain-names

http://archive.icann.org/tr/english.html

https://en.wikipedia.org/wiki/Domain_name

https://en.wikipedia.org/wiki/Domain_name_registrar

https://en.wikipedia.org/wiki/Fully_qualified_domain_name

https://en.wikipedia.org/wiki/Country_code_top-level_domain

https://en.wikipedia.org/wiki/DNS_root_zone

https://en.wikipedia.org/wiki/Domain_name

https://www.rfc-editor.org/rfc/rfc3912.txt

https://enoms.com

https://tucows.com/

The post About Domain Name, Registrars, and Resellers first appeared on Neteron.

Brief Notes About The Web Hosting Industry

admin — Fri, 27 May 2022 10:17:09 +0000

Brief Notes About The Web Hosting Industry

For this article, I will be referring to the Web Hosting Industry as the one that offers web hosting as the main product and all that is associated with that. There are giants like Azure, AWS, Google, Oracle, and IBM that all offer cloud products far beyond that web hosting derivates.

The fact

There are a huge number of Web Hosting companies all around the world and all are similar in some aspects and different in others, but they all offer Web Hosting, which is the perfect place to go when you want a Web Site. I said the perfect place as you will get up and running your site faster than any other alternative you could ever think of, including any of the giants.

Shared Hosting, Domain name, WordPress, and Email Hosting are the main products and what the majority of customers apply for. Some other companies offer VPS Hosting and Dedicated Hosting where dedicated resources are given when need it.

What customers must know

1.- Do web hosting companies own data centers?.

The majority of web hosting companies do not own servers. Datacenters own the servers and they are rented for that purpose. Some data centers rent space in their racks and some company locates their servers there, and some others offer for rent one quarter, medium, three quarter, and the whole rack for others to place their devices.

Some data centers offer cages and these are measured in square meters as these are closed rooms. Only the tenant has access to the cages and installed the devices they want.

2.- Why can you host your website directly in a data center?

In theory, you could and some people do but, data centers do not offer software support. In general, they give you access to the servers through a remote console for you to work around your software implementation and troubleshooting. What they offer is technical hands when some hardware is faulty, they are the only ones that can change, replace or fix those parts. That is all.

3.- But from all the options available on the market, what would be the best for you?.

The first thing to consider is your location or the place where your customers are located. The idea is that your service is as close as possible to your target. If you live in Germany and you are planning to build a website for a company in Germany then the most obvious place would be to select the service as close as possible to the country.

But this is not a rule anymore, as the technology behind the internet backbones allowed you to consider the whole continent as your geographic border, meaning that any provider in Europa can supply you with excellent service if their servers are located inside the same geographic area. The same is true in America, Asia, Australia, and so on.

4.- What should I take into consideration for a Web Hosting Provider?

There are a few facts to consider before you obtain a Web Hosting service:

First, as we said before, you must consider the location of the service, if you are in Europe then you better get a service located inside the continent.
Second, you would have a piece of mind selecting a service that you can upgrade in the future. If your website grows then you would need a better plan or service.
Third, considered the framework you are interested in developing your site and choose a place that offers the most suitable for you. Neteron.com has a good range of products for this purpose, same as others of course.
Fourth, support is really important. You must consider a place where you would grant the most satisfying experience.
Fith, the SLA and agreement policies, not many people pay attention to this but you must consider a place that will offer you security and guarantee of uptime. You won't appreciate the shortage of services if they have not been planned and notified before.
Sixth, remember that some of these services are based in a shared environment, and you must be considered that resources are been shared too. Some companies over-crowd their servers as they make more profit by investing less in technology. Neteron.com shared services are far for been over-crowd and this guarantee a smooth-running service even when you are using the smaller of the plans.

Conclusion

If you are looking for a place to host your website then considered use a Web Hosting Company, you will be able to publish your website faster than any other option. Considered a company in the same geographical area. Consider a place where you are sure you can grow as your business does. Consider a company that so not overcrowd the services and that offers good security and a decent SLA agreement. Consider a place where the support is going to give you the most appreciable experience.

The post Brief Notes About The Web Hosting Industry first appeared on Neteron.

The Importance of SSL

admin — Wed, 25 May 2022 06:47:42 +0000

The Importance of SSL Certificates

Brief introduction

To know more about The Importance of SSL Certificates I will start with some basic information and a little history.

First of all, what does SSL stand for? the answer would be "Secure Sockets Layer". This means nothing to most people but it is considered one of the most critical security layers in the internet industry.

It started in the '90s and Netscape first implemented it. If you are a "generation X" then you already know the Netscape name, and it was one of the most important if not the most important navigator of that time. If you want to know more about what happened to Netscape, you can refer to this link on Wikipedia.

There was a guy in its '40s named Taher ElGamal, an Egyptian and cryptographer who used to work in Netscape as a chief scientist. He was the mastermind behind SSL.

Nowadays the SSL Certificates have evolved as a necessary security feature that you have to implement in your website, and in its most simple form called Standard SSL it will encrypt the entire communication between the web browser and the server, and the same is true in the other way around. The encryption is so secure that there is no technology at this moment that can decrypt a well-implemented SSL.

This is so important that Neteron.com as well as other web hosting companies offers for free this type of basic SSL. This is automatically implemented once you get your hosting account.

Standard Domain Validation SSL (DV)

This is the most basic SSL and its job is to validate a domain, that is all. It will tell the client that a domain name is been managed through a web hosting account. It really does not tell you who is the owner of the domain, just that the domain is been controlled and is managed by an account registered in a hosting company. It does not perform any other organization-level validation.

This type of certificate is perfect for basic users, people who only want the communication to be encrypted, with no other wondering about any other issue, for example, a blog, or a personal website but in practice, it is even used by small companies and startups.

Organization Validation SSL (OV)

This is the kind of validation you want to be sure it exists on a web page where you are going to write your personal information; like a registering form. You are not walking around the street giving your name and address to people you don't know, right ?. The same is true for a website.

For the owner of a domain that wants to get an Organization Validation SSL Certificate, he must provide extra information about himself, he must prove who he really is. There are three steps for this to happen:

1.- Domain Control Validation: This is the same as Standard SSL, and this is done through email validation, adding a TXT in the cName records, or a secret file with a hash code that you upload to your website. Only the person who controls the domain and the hosting account can do this.

2.- Organization Validation: This is a game-changer as this involves the verification of your organization through public records. This is proof of the existence of your organization or business.

There are third parties entities that exist for the purpose of collecting, saving, and protecting this kind of information so companies like the SSL providers can use it to verify you are real.

Also, a bank statement, a copy of your phone bill, power bill, water bill, or a lease agreement can be requested.

3.- Callback process: Because it is not enough with step number 2, you also must be ready for a callback. This can be through an automated process like a robocall where a number is given to you and you just used it as an activation code; no you cannot use a prepaid phone number; it must be your phone number associated with your company as per the phone bill shows.

There is the possibility that verification through your notary or legal office where your company is registered is requested. It all depends on where you live or where your organization resided.

When ordering the Organization Validation SSL certificate, you must be ready with the requirements. In the best scenery, it can take 24 hours for the provider to approve it once you have submitted all the requirements.

Extended Validation (EV)

The Extended Validation is the "crème de la crème", the best of the best. This is the highest level of trust, and also the most expensive to acquire. It is very similar to Organization Validation but the process includes verification of the owner(s) too, not only the organization.

The conditions for verification can be different and/or more complicated, there is a validation specialist that will contact you with the requirements and the alternatives that can be used to validate the certificate.

These kinds of certificates are rarely seen implemented, probably banks, big e-commerce companies, or ensure companies can have the big pocket of power for buying one of these.

SSL Wildcard

I call this kind of certificate a commodity option. While Standard, Organization, and Extended certificates will secure your domain, the Wildcard will fill the gaps left for the subdomains. It is called Wildcard because it will add an * which means "all" content in that space before your domain name, for example:

A standard certificate will cover neteron.com as the main domain, but it won't cover host.neteron.com, customer.neteron.com, or my.neteron.com.

You would need a Wildcard certificate to cover *.neteron.com and the "*" means "all" that you can include there.

Wildcards are options for the Standard and the Organization Validation certificates.

In the real-life

In real life, SSL is a must and this should be implemented as soon as you have a website, it is your responsibility to make sure this is done.

Web hosting companies including Neteron.com do install one of these free versions of SSL certificates, and this is good enough to start making your communication encrypted, you will be able to secure your login into your account or do all your necessary configuration without being worried that the information will leak to the outside.

You can worry about other security issues like being hacked, a virus, malware, or spam, or that you leak the password in a different way, but not through the communication between your navigator and the server.

Once you have completed your first steps for your website, you can decide when to acquire a different option of SSL, it is up to you, and it depends on your needs if you feel it is necessary or advisable to get one of these paid options.

Conclusion

The SSL path starts with the free version of the SSL and this is enough to start encrypting the communication between client to server, or server to server in some cases. It is good enough for your blog, personal page, or informational pages.

If you require customers to sign up or register on your site, then it would be advised to use an Organization Validation in any of its forms. The reason for that is to show the people that your site is real, that it belongs to an organization and it creates liability. You will be legally responsible for the information or services you are been given.

If you want to go further and you think you need more trust, then you can opt for an Extended Validation Certificate, but be aware that these are expensive.

Resources:

Neteron.com Web Hosting Company: https://neteron.com/ssl-certificates/

Sectigo Certification Authority: https://sectigo.com/

Comodo Certification Authority: https://ssl.comodo.com/

Digicert Certification Authority: https://www.digicert.com/

Let's Encrypt Certification Authority: https://letsencrypt.org/

Taher ElGamal: https://en.wikipedia.org/wiki/Taher_Elgamal

Public key certificate: https://en.wikipedia.org/wiki/Public_key_certificate

The post The Importance of SSL first appeared on Neteron.

IP-based virtual host vs Name-based virtual host. The magic of sharing.

admin — Mon, 23 May 2022 09:28:48 +0000

Virtual Host

To understand more about IP-based virtual host vs Name-based virtual host, first, we would need to clear the path with the definition of the virtual host. A virtual host is a technology that allows multiple websites to be called using their own domain names and all of this happens on the same server or inside the same system. They have in common that they all share the same environment.

Imagine that you have a domain name called carsforsale.com and a website with the content hosted in Neteron, at the same time another person who happened to be the owner of a restaurant called Steak House owns the domain name steakhouse.restaurant, and yes; nowadays it is possible to register hundreds of new domain extensions like .bar, .restaurant, .rocks etcetera apart of the traditional .com, org and so on; and this person has its own web site hosted in neteron, in the same server as the carsforsale.com.

Do you see now what is happening? at least two domain names and two different websites are hosted inside the same server and both share resources, hard discs, processor, memory, interface card, and IP addresses, but...

How a web server knows what information to send when some client (web browser) makes requests for a specific domain that has an IP address that is been shared by multiple web hosts?. This is where IP-based virtual hosting vs Name-based virtual host enters into action.

To understand what is the dilemma we would need to go deep into the topic of how the domain names are resolved.

There is something called DNS, and they are in charge of translating a domain name into a numeric IP address, and in the example before they could or could not be sharing the same IP address, and this is where virtual hosts are coming into action together with the web server software, like the famous Apache.

There are two types of virtual hosts used in the shared web hosting environment, the IP-based virtual host and the Name-based virtual host, and they make everything possible.

IP-based virtual host

The IP-based virtual host would let a single domain name have its own dedicated IP address and given the fact that one interface can have multiple IP addresses, it would be possible to have multiple domains with their own exclusive IP address. For this to work, these IP addresses must be announced and routed from and to the entire world.

When somebody writes the domain name in a navigator, this will resolve the IP address using a DNS server and this will give back the unique IP address owned by that domain. The Web server knows what information to send based on the fact that the IP address requested belongs only to the specific domain name.

Name-based virtual host

The Name-based virtual host is different in the way that multiple domain names share the same IP address. What this means is that the DNS servers will have in their database different domain names assigned with the same IP address, and when the client uses the navigator and write a domain name, a DNS server will be consulted and it will give back the shared IP address for that request.

The web server relies on the client to give back the correct hostname as part of the information needed, meaning that the server will have both not only the IP but the hostname requested before it send the website information to the client and that is how the client navigator displays the correct information in its navigator, even when different domain name shares the same IP address.

Conclusion

In conclusion, both methods are valid options and It is up to you to decide if you want an IP-based or a Name-based hosting. In general and for the majority of the cases the Name-based is enough, cheaper, and absolutely transparent in all aspects. There are cases where customers would prefer to have a dedicated IP address for their own applications but this depends entirely on you.

It is always possible to change and jump from one to another, at any time you want.

Resources:

DNS Server: https://en.wikipedia.org/wiki/Name_server

Apache documentation: https://httpd.apache.org/docs/

Vhost documentation: https://httpd.apache.org/docs/2.4/en/vhosts/

The post IP-based virtual host vs Name-based virtual host. The magic of sharing. first appeared on Neteron.