Category: Uncategorized

Migrating your site to SSL : HTTPS with installatron. Useful website tools to use for your site.

Migrating your site to SSL : HTTPS with installatron. Useful website tools to use for your site.

Useful website tools to use for your website.

https://www.ssllabs.com/
This is a useful site to check your site for proper ssl settings. You will get a grade once the report is done. An “A” is the best, while a “B” would be acceptable, you should really try and get the “A” grade. I would also recommend when you do your test that you click on the check box that says “Do not show the results on the board”, unless you have a perfect score you want to show off.

https://haveibeenpwned.com/
This site is useful to check if the email you use for logins has been seen on hacked lists. It is also very useful to check the security of passwords you use for logins.

https://www.whatismyip.com/ – list your current IP address

http://www.whatsmyip.org/ – Not to be confused with the .com version of the site. Many useful tools from gzip testing, to password generation. Not as useful as it once was since it does not seem to handle https based websites. But the DNS tools and password generator is quite useful.

https://checkgzipcompression.com – another tool for checking to ensure your site is using gzip compression. This one works with https based sites.

Speed test – google and http://www.speedtest.net/

https://slack.com – Team focused chat with many useful options.

Moving a site to ssl with installatron one click installer. This assumes you are using cPanel with autossl enabled.

1. Test your site to ensure you have a ssl certificate installed. This can be done by going to https://yourdomain. If you your site loads with no errors you can proceed. Some common issues you may run into, site is not fully secure and ssl mismatch. You may need to resolve these errors before you proceed.

2. Inside of your cPanel account, create a new subdomain using the subdomain tool. You will need to wait for the server to generate and install the free SSL certificate for this subdomain. You can test this just like step 1 above.

3. From inside of installatron, clone the live site to the new subdomain, but make sure to select the https version of the subdomain. This should only take a few minutes depending on the site size. This will create a complete copy of your site and move it to the subdomain you created. You can now test the site and fix any issues you may have by going to the subdomain https site. For example, https://subdomain.yourdomain

4. Once things look good on the subdomain, you can go into installaron and clone the site back to the live site but use https version in the drop down.

5. Once the live site is cloned back to https, test again. Things should have been resolved when you used the subdomain, but there may be some lingering links or code that may need to be changed.

At this point your site should be using a valid SSL certificate. If you are uncomfortable doing these steps you may want to contact your developer or your hosting company to see if they can help you out. I would also recommend that you have a full backup of your site before proceeding with anything that is going to change your site. This would include installing plugins, updating core site files, etc… A backup is a simple way to ensure you have a way to get back to a known working state.

Please understand that you use these instructions at your own risk.  I do not acceptable responsibility for anything you do to your website.

Net Neutrality with David Anderson of Canvas Host

Net Neutrality with David Anderson of Canvas Host

On November 21, 2017, FCC chairman Pai unveiled plans to repeal the net neutrality policy in the United States. A vote will be held on December 14, 2017, with a 3–2 party-line vote expected to approve the repeal.

What is Net Neutrality?

Net neutrality is the principle that Internet service providers must treat all data on the Internet the same, and not discriminate or charge differently by user, content, website, platform, application, type of attached equipment, or method of communication.

A widely cited example of a violation of net neutrality principles was the Internet service provider Comcast’s secret slowing (“throttling”) of uploads from peer-to-peer file sharing (P2P) applications by using forged packets. Comcast did not stop blocking these protocols, like BitTorrent, until the FCC ordered them to stop. In another minor example, The Madison River Communications company was fined US$15,000 by the FCC, in 2004, for restricting their customers’ access to Vonage, which was rivaling their own services. AT&T was also caught limiting access to FaceTime, so only those users who paid for AT&T’s new shared data plans could access the application. In July 2017, Verizon Wireless was accused of throttling after users noticed that videos played on Netflix and Youtube were slower than usual, though Verizon commented that it was conducting “network testing” and that net neutrality rules permit “reasonable network management practices”.

It should be noted that current acting chairman of the FCC Ajit Pai, was a Verizon lawyer!

Source

My Example of how this works.

To put this in a simple example.  Imagine your water line coming into your residence.  You get 50psi of water pressure to do with as you please for almost a set monthly rate, we will say $80/mo.  You can take a shower, use the water dispenser on the fridge, flush the toilet, wash your car, water your garden, do the dishes, do your laundry, fill your pool, and water your yard, among other things.

Now imagine a world where if you wanted to shower it would cost you $2/mo. extra, and if you wanted to flush your toilet $2/mo. extra, wash your car $5/mo. extra, do the dishes $5/mo. extra, use your water dispenser on the fridge $5/mo. extra.  I think you get the picture.  Now lets take this a little further.  If you signup with AT&T Water, you can use the shower and flush your toilet for free, and they will deliver fresh spring water to your fridge water dispenser along with a choice of POP, and one additional flavor.  The price is included in your water bundle of $80/mo., but to use your other water outlets to wash your car or do dishes it is still $5/mo. extra.  If you signup with Verizon Water, you still pay $80/mo. but they will give you spring water in the fridge water dispenser, but all other charges still apply.  If you signup for Comcast Water, you still pay $80/mo. and the water you get delivered to your house may not be drinkable.

Now imagine the same scenario but another added twist.  Imagine if you will that there is a quality of pressure scale that is controlled by your chosen water provider.  -10 to 10, with 0 (zero) being neutral.  -10 would be 5psi of water pressure and 10 would be 100psi of water pressure and 0 is the neutral/default 50psi.  Your chosen water provider has now decided that you need to pay more to get priority water delivery, you decided not to do this but all your neighbors did.  Now when you take a shower all your neighbors get 100psi of water pressure and you get 5psi.  They have prioritized the delivery of the water to those that chose to pay for the premium delivery of high pressure over those that did not choose to.

Not only that, but imagine that the water provider actually has the ability to completely prevent you from showering, watering your garden or flushing your toilet as they see fit.  The only requirement is that they let you know they are going to do it.  Beyond that they are allowed to turn things off/on as they see fit.  Maybe they got mad at a refrigerator manufacture for using too much water in their dispenser, so they decide to shut that service off.

If you think this scenario is a nightmare and not possible, think again.  This is precisely what Net Neutrality is preventing and why it is so very important to make sure it stays in place and is not repealed on December 14th.  Currently ISPs are regulated like a public utility just like your water provider, but if Net Neutrality is repealed the a fore mentioned scenario will become a reality.

It is imperative that everyone call their congress representative immediately and let them know you want Net Neutrality to stay.

Call your Senators and Representatives. Tell them to support net neutrality: 202-224-3121

This is a great link for contact information and banners.
https://www.battleforthenet.com/

Another link to resources for contact info.
https://www.elitedaily.com/p/how-to-contact-congress-about-net-neutrality-because-its-so-important-6745499

Here is a link search for the image we discussed.  This image has made the rounds on social media and is a glimpse of what possibly could be coming.  Sorry no link directly to the source image.

 

10 website security tips with Megan Ferrell and show feedback.

10 website security tips with Megan Ferrell and show feedback.

10+ Web Site Security Tips
10+ Web Site Security Tips

Feedback on/about the podcast.

  • Who is this podcast for?

The short answer to this question is, me. This podcast came about by me wanting to have something for my children to remember me by. I originally started reading books, recording them and then archiving them. The first book I read was Night Before Christmas. We have a family tradition of reading it Christmas eve. I wanted there to be a recorded version of myself that my children could listen to and share with their kids, long after I was gone. From there, I started reading Encyclopedia Brown books. This series holds fond memories for me and my youngest as it is one of the first books we read together, and then tried to figure out the answer. It was a lot of fun and if you have not read any of the books I highly recommend reading them. Even as an adult, they hold great value. After doing the books for a while, the next logical step was to do a podcast. Something that shared my discipline in Linux/Unix. So the podcast, web hosting podcast, was born.

For those that wonder what the target market would be for this podcast, I am not 100% certain. I like to think it is someone that is new to hosting and wants to get the most out of their shared hosting plan. I really like to share and give out information to anyone that will listen, and anyone that knows me personally, I think would agree. There is a wealth of information jammed into my head about everything from Apache to Xen Virtualization. Most of it is going to be very boring. So, I try to wade through the minutiae and bring the elements of hosting that I think would be not only interesting, but relevant. My hope is that this remains fun, for me, and in the end if someone finds one thing that is useful then that would be a bonus.

If you have questions or comments regarding the podcast or your own web site please feel free to drop me a line. The easiest way to reach me is through the contact form on https://webhostingpodcast.com/contact

 

10 website security tips + a few more for good measure.

Megan Ferrell from websites 503 joins me via zoom.us to discuss 10 website security steps. We take time going over the questions after the speed round of her answering them. We then add a few of our own recommendations for good measure. I urge anyone that has a website to look over these 10+5 security steps and see how your web site rates. These steps are very easy to fulfill so you get a 100%.

  1. Is your CMS software up to date?
  2. Are you using trusted third-party plugins and themes?
  3. Have you changed default settings on your CMS?
  4. Do you promptly remove outdated access permissions?
  5. Does your website URL start with HTTPS?
  6. Are you using a WAF (Web Application Firewall)?
  7. Is your server monitored for malware?
  8. Do you use SFTP instead of FTP to upload files to your website?
  9. Do you have daily backups of your website?
  10. Are passwords difficult?

    Bonus round

  11. Have you changed all default passwords sent to you when you signed up?
  12. Does your developer or another person know your passwords?
  13. Have you disabled and removed all unused themes or plugins?
  14. Have you hidden your login page?
  15. Have you enabled or use two factor authentication?

The original 10 steps came from the following link.

Upcoming topics and additonal show ideas.
In the coming episodes, we are going to take a look at SEO, Managed WordPress Options that are FREE, modifying the robots.txt file and touch on some development topics. I am also looking at starting a web hosting round table show in 2018 using google hangouts or youtube. If anyone is interested in participating in the round table, please use the contact form to get in touch. The idea from the round table came from watching the podcasters round table. I would like to have no more than 6 people on at a time, a topic would be determined ahead of time to ensure a proper fit, and then discuss that topic in a round table setting. I think it would be very informative to get many different points of view. For example, my idea of a developer/designer could possibly be different than yours. If this sounds like something that would interest you please let me know.