Cyber security authorities, the Comodo Organisation have created history by surpassing Symantec to become the number 1 digital certificate authority in the world! “In the history of the Internet, this is the first time there has ever been a new number one in certificate authority market share, and we are extremely proud of this accomplishment,” said Melih Abdulhayoglu, CEO of Comodo. “It’s important to state that we’ve achieved this number one ranking through organic growth, not acquired growth, resulting from the strong customer and partner relationships globally. Consumers and businesses worldwide have spoken loudly and clearly that they choose and trust Comodo as their number one security provider.”
According to data by w3Techs.com, an independent IT market research firm, Comodo has taken 33.6% of the certificate authority market to claim the number 1 position. The report focuses on global web technology usage & certificate authorities of the top 10 million websites to calculate this share percentage. At ResellerBytes, we’ve recently shifted to COMODO, a more affordable entry point to SSL. Making it more accessible to everyone makes the Internet a more secure space. As part of our MegaSalePromo at ResellerBytes, we’re offering SSL certificates starting at $10.99 per year.
SSL certificates, the digital certificates that authenticate the identity of a website are managed & issued by Comodo.
Of the .COM websites using digital certificates, 34.7% of all .com websites use Comodo as compared to 29.9% who use Symantec.
Comodo Certificates are the quickest & most cost effective way or online transactions to take place.
At ResellerBytes, we’ve recently switched to Comodo in keeping with our promise to always offer the top of the line products. Throughout the month of June, we’re offering a 95% off on SSL certificates! Don’t miss out on the opportunity to get the industry’s best product at a great price for your customers!
If the security and privacy of your customers is important to you, then using SSL certificates should be on top of your priority list. Safeguarding your website helps you create trust in your business by offering an identity proof to your customers online. This kind of security gives your customers the confidence that no private information will be tapped online and that all the online transactions they make are secure with trustworthy Secure Server Certificates.
Why Comodo SSL Certificate?
Comodo SSL Certificate is one of the most trusted Secure Server Certificates that provides more security to your customers as compared to any leading Certificate Authority. This is because Comodo delivers top-notch desktop security to around 2 million new users every month, without any charges. Comodo is a distinguished SSL Certificate Authority offering a wide range of low-cost SSL certificates such as Enterprise SSL, Premium SSL, Instant SSL, Lite SSL, Pro SSL, Intranet SSL, Wild Card SSL and Free SSL.
Without the right tools, your Website isn’t trusted
Thousands of new viruses and Trojans keep popping up on the Web every single day. These viruses have the ability to harm millions of Websites and breach internet security and trust. If you’re in an internet business, it is critical for you to restore this trust. All thanks to Comodo, it offers you the right tools you need to regain your customer’s trust. The SSL Certificates authenticate individual identity, companies, websites as well as content.
Cyber-terrorists are usually impersonators. They survive on deception. Authentication is the heart of Internet Security and Trust. Authentication confirms that a certain individual, business, or website is genuine. Businesses can help build trust when visitors, software publishers, businesses, or websites are authenticated. This process makes sure that no critical information has been tampered with.
Trust can be rebuilt when Hackers or the viruses and Trojans they bring into existence are scorched. It can help boost the success of any online businesses and facilitate secure online interactions. And, Comodo makes this possible with ease.
Comodo SSL Certificate create trust online
Comodo has been providing authentication for thousands of websites across the globe. Most customers are aware that websites that are concerned about protecting online identity and transactions make use of recognized Secure Server Certificates. The award-winning desktop security, Comodo, is one of the most trusted services that can provide better security to your customers than any other source.
Comodo is one of the leaders in the SSL Certificate industry being the conceiver of the Certificate Authority / Browser Forum (CA/B Forum) – a group of Certificate Authorities and browser providers that established guidelines and implementation processes for the Extended Validation (EV). Comodo High Assurance Certificates make use of patented technology including Corner of Trust logo which provides customers with web identity assurance. When you analyze SSL Certificate issued by Comodo and compare it with others certificates, you will realize that Comodo offers the most cost-efficient secure server certificate with 99.9% browser recognition, thereby meeting all the basic requirements of Internet security.
Share your security tips & tricks with us in the comments below.
Does design a website from scratch can seem like an intimidating task? Do you want to design a website and manage the content without coding or in-depth technical know-how? Enter CMS. CMS or Content management system is a software that allows publishing, editing and modifying content as well as maintenance from a central interface. CMSs are often used to run blogs, news portals, and e-commerce websites. Many corporate and marketing websites use CMSs as well. Websites built with CMSs can also be used by Resellers as an alternative to the SuperSite and are very easy to manage.
Content management systems help you keep track of each and every bit of your content on the website. The content on your website can be anything like simple text, documents, photos, music, videos. The best part of CMS is that it requires almost no technical knowledge or skill to manage and maintain it, everything about your content is managed by CMS.
Website building has become much easier with the availability of many content management systems. Although there are many content management systems out there, the level of complexity and the options that they offer can vary. Some of them are very simple, easy to use and also give the flexibility to customize the website. In this article, we are going to compare some of the most popular CMS’s to help you choose the one that fits your needs.
WordPress
WordPress is a content management software that you can use it to create a beautiful website or blog. WordPress is free, but the kind of features and ease of utilization are priceless.
This software is built by the community of hundreds of volunteers, and if you decide to use this CMS software you will find thousands of plugins and themes available that can transform your site into amazingly anything you imagine. There are over 60 million people who are using WordPress CMS to power their website. WordPress also has a wide range of third party themes as a part of its offering.
WordPress started as a blogging platform and has rapidly become a preferred platform for it. WordPress can accommodate multiple authors – this is a very important feature for serious publications. Because of its popularity and enormous community, it has evolved a lot from its original purpose, and now it is not just a blog, but an all-in-one web publishing platform or CMS.
“WordPress is an easy to use CMS and the codes are easy to understand. WordPress Themes can be deployed faster as compared to any other CMS. We generally recommend WordPress as its interface is easy to understand even for non tech guys.” – Domenico, Reseller/WordPress User
Pros – Easy to use, Themes
Cons – Very limited, Susceptible to Hackers
Drupal
Drupal is an open source content management platform powering millions of websites and applications. It’s built, used, and supported by an active and diverse community of people around the world. You find thousands of add-on modules and themes that will let you build any type of site you can imagine. Drupal can also be used to build advanced database management websites if one has the proper technical knowledge.
Drupal is a full-fledged, enterprise-grade CMS. It’s recommended for large projects where stability, scalability, and power are prioritized over ease of use and aesthetics. The application is quite popular and is also backed up by an enthusiastic community. Drupal was designed from the ground-up to be search engine friendly which makes it an excellent platform for any business website.
A bare Drupal installation looks like a desert after a draught. The lack of themes doesn’t make things any better. You will have to find a good designer if you want your website to look really good. Drupal also requires a bit of technical knowledge and has a steep learning curve.
“I prefer drupal because of its security aspect. It checks its modules for security breaches. Also, it allows role based authentication. One can assign different roles and permissions to those roles.
Drupal has a multi-site-feature (1 installation on many sites). It has been extremely useful for my e-commerce business with the use of the drupal commerce module.” – Aaron, Web Developer/Drupal Enthusiast
Pros – Most features and customization, Best CMS right out of the box
Cons – Steep learning curve, Lacks Design Options
Joomla
Joomla is an award-winning content management system which helps users build websites and also powerful online applications. Installing and setting up of Joomla is very easy and you do not have to be an advanced user. Joomla is an open source content management solution that is available freely for everyone. Joomla works extremely well as an enterprise-grade CMS. It’s capable of handling a large volume of articles when compared to WordPress. It also works well when it comes to handling e-commerce websites. Joomla can be used by Resellers to create their own E-commerce website from the ground up as an alternative to selling Domains and Hosting Products.
Joomla! is considered extremely powerful, with a wide range of functionality that allows you significant modifications and flexibility. What sets Joomla apart from the rest of the CMS’s is the amazing community that stays behind the software with its extremely democratic approach to running the Joomla! project. Making WordPress SEO friendly is as easy as installing a free plugin. With Joomla, you’ll need a ton of work to get to the same level of search engine friendliness. Unless you have the budget to hire a SEO expert, you might want to look at alternative solutions.
“We prefer Joomla! because we have a ready to start e-commerce site which uses 3rd party plugins suited to our needs. The maintenance is easy and no developers are required.” – Marco, Joomla User
Pros – Very flexible, handles large websites well
Cons – Not SEO Friendly, Lack of free plugins when compared to Drupal/WordPress
Even though WordPress, Joomla, and Drupal are built on the same technology stack, they vary heavily in features and capabilities. For beginners, WordPress is the one which will most likely satisfy the needs of the individual. It all boils down to the end result and expectations of the user. Joomla has a slight learning curve and is better at handling bigger websites than WordPress. Drupal is the most complex out of the three and has every feature that any CMS user can ask for. Resellers can choose either one depending on their requirements to build a beautiful website to help boost their businesses. Hopefully, the above comparative information will help you choose a CMS that fits your requirements.
Which CMS do you prefer and why? Please let us know in the comments below!
A Distributed Denial of Service (DDoS) attack is a type of distributed attack that attempts to disrupt an online service by making it unavailable to its users over a targeted computer network. This is usually done by overwhelming the service with traffic from unknown sources. Read More about How to Deal with DDoS Attack.
These attackers typically target networks with important resources, which include popular websites and banking sites, presenting a major challenge to users who want to access important information. In essence, DDoS attack is a combined effort to avert computer systems from functioning as they normally would, more often from a remote location over the internet.
These attackers typically target networks with important resources, which include popular websites and banking sites, presenting a major challenge to users who want to access important information. In essence, DDoS attack is a combined effort to avert computer systems from functioning as they normally would, more often from a remote location over the internet.
DDoS Attack – A True Game Changer
The denial of access can be blotted out by latest tools, which allow anyone with an Internet connection and a complaint, to launch an attack. Such an action make DDoS attack a true game changer in the world of networking as far as online threats are concerned. This is one reason why businesses must always be aware of being a potential target for attack.
The most common form of DDoS attack is by sending massive and perpetual requests for external communication to the targeted network. These systems keep receiving requests for information from unwanted users, which are often non-visitors to the site. The attack is made with an intention of creating a false impression of massive traffic attack in such a manner that the actual web traffic coming from original web users witnesses a slowdown, sometimes causing web crashes.
This process is made effective by being heavily automated on the attacker’s end. Customized software are created to flood the services with unwanted traffic, and is run on as many computers as possible. The users, aiding in a DDOS attack, sometimes may or may not be even aware of it.
Trends in DDoS
Today, DDoS not just targets connection bandwidth, but it also attacks multiple devices. They may attack devices that form the base of your current security infrastructure, including Firewall. They also attack various applications that most businesses rely on, such as VoIP, HTTPS, DNS and SMTP.
The latest trend in the world of DDoS these days is the multi-vector attack. This type of attack is a combination of application and state exhaustion approaches against systems and strikes in one go. These attacks are trending possibly because they are not easy to deal with, besides they’re highly effective.
All in all, a DDOS attack can be very threatening to businesses across the globe. It is, hence, important for them to be prepared in case a group of attackers decide to build trouble on your network.
What is Ransomware?
Ransomware is a malicious software that encrypts files and locks devices, such as a computer, tablet or smartphone and then demands a ransom to unlock it. Recently, a dangerous ransomware named ‘Wannacry’ has been affecting devices worldwide creating the biggest ransomware attack the world has ever seen.
What is WannaCry Ransomware?
WannaCry ransomware attacks windows based machines. It also goes by the name WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY. It leverages SMB exploit in Windows machines called EternalBlue to attack and inject the malware. All versions of windows before Windows 10 are vulnerable to this attack if not patched for MS-17-010. After a system is affected, it encrypts files and shows a pop up with a countdown and instructions on how to pay the 300$ in bitcoins to decrypt and get back the original files. If the ransom is not paid in 3 days, the ransom amount increases to 600$ and threatens the user to wipe off all the data. It also installs DOUBLEPULSAR backdoor in the machine.
How it spreads?
It uses EternalBlue MS17-010 to propagate. The ransomware spreads by clicking on links and downloading malicious files over internet and email. It is also capable of automatically spreading itself in a network by means of a vulnerability in Windows SMB. It scans the network for specific ports, searches for the vulnerability and then exploits it to inject the malware in the new machine and thus it spreads widely across the network.
What can you do to prevent infection?
- Microsoft has released a Windows security patch MS17-010 for Windows machines. This needs to be applied immediately and urgently.
- Remove Windows NT4, Windows 2000 and Windows XP-2003 from production environments.
- Block ports 139, 445 and 3389 in firewall.
- Avoid clicking on links or opening attachments or emails from people you don’t know or companies you don’t do business with.
- SMB is enabled by default on Windows. Disable smb service on the machine by going to Settings > uncheck the settings > OK
- Make sure your software is up-to-date.
- Have a pop-up blocker running on your web browser.
- Regularly backup your files.
- Install a good antivirus and a good anti-ransomware product for better security.
What are we doing on our Windows shared servers?
We are already in the phase of applying Windows updates on all our shared hosting Windows servers. However, we need to reboot servers in-order to apply those security patches. We shall announce the schedule for server reboot in this thread shortly.
What do you need to do in case of our Windows dedicated servers?
You need to patch the Windows dedicated server immediately using the steps mentioned here: Download PDF
In addition to this, please block the IP addresses, domains and file names mentioned here: Download File
You can also refer to the following links to apply the necessary fix.
https://technet.microsoft.com/library/security/MS17-010
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
https://support.microsoft.com/en-in/help/4013389/title
For dedicated servers, once you have applied necessary changes, you need to reboot the server.
Please feel free to contact our support desk if you have any questions.
Microsoft released a Security Advisory (http://www.microsoft.com/technet/security/advisory/2416728.mspx) about a vulnerability which affects all versions of ASP.NET. This vulnerability known as Padding Oracle exploits the way an ASP.NET application handles encrypted data. ASP.NET encrypts data to prevent an application from tampering with it. Because of this vulnerability, an attacker can send data to a site and analyze the error response which provides a lot of information enabling the attacker to break the ASP.NET’s encryption in a matter of hours or minutes. An attacker then would be able to read a vulnerable application’s files and tamper with the data contained in them.
Workaround
A workaround that you can use against this vulnerability is to enable <customErrors> mode in the web.config file of your application, and explicitly configure your applications to always return the same error page – regardless of the error encountered on the server. By mapping all error pages to a single error page, you prevent a hacker from distinguishing between the different types of errors that occur on a server.
Enabling the Workaround on ASP.NET V1.0 to V3.5
If you are using ASP.NET 1.0, ASP.NET 1.1, ASP.NET 2.0, or ASP.NET 3.5 then you should follow the below steps to enable <customErrors> and map all errors to a single error page:
- Edit your ASP.NET Application’s root Web.Config file. If the file doesn’t exist, then create one in the root directory of the application.
- Create or modify the <customErrors> section of the web.config file to have the below settings:
<configuration> <system.web> <customErrors mode=”On” defaultRedirect=”~/error.html” /> </system.web> </configuration>
You can then add an error.html file to your application that contains an appropriate error page of your choice (containing whatever content you like). This file will be displayed anytime an error occurs within the web application.
Enabling the Workaround on ASP.NET V3.5 SP1 and ASP.NET 4.0
If you are using ASP.NET 3.5 SP1 or ASP.NET 4.0 then you should follow the below steps to enable <customErrors> and map all errors to a single error page:
- Edit your ASP.NET Application’s root Web.Config file. If the file doesn’t exist, then create one in the root directory of the application.
- Create or modify the <customErrors> section of the web.config file to have the below settings. Note the use of redirectMode=”ResponseRewrite” with .NET 3.5 SP1 and .NET 4.0:
<configuration> <system.web> <customErrors mode=”On” redirectMode=”ResponseRewrite” defaultRedirect=”~/error.aspx” /> </system.web> </configuration>
You can then add an Error.aspx to your application that contains an appropriate error page of your choice (containing whatever content you like). This file will be displayed anytime an error occurs within the web application.
How to Verify if the Workaround is Enabled
Once you have applied the above workaround, you can test to make sure the <customErrors> section is correctly configured by requesting a URL like this from your site: http://mysite.com/pagethatdoesnotexist.aspx
If you see the custom error page appear (because the file you requested doesn’t exist) then your configuration has been setup correctly. If you see a standard ASP.NET error then it is likely that you missed one of the steps above.
Microsoft is currently working on a patch to fix this vulnerability. Once released, we will apply this on all of our Windows servers. This workaround will not be needed after that.
We are looking for you to suggest what topics you would like to see on this blog. We will try our best to make sure the information that is critical to you is always available here.
DDoS attacks are a fairly common occurrence on the internet and are something we’ve experienced in the past as well. Here is some more information on DDoS attacks, who they affect and how we mitigate such attacks.
A Denial of Service attack aims to make a website unavailable to users by flooding the website’s servers with an extremely high number of requests. These multiple incoming requests can make website resolution exceedingly slow and can even cause servers to crash.
A Distributed Denial of Service (DDoS) attack is essentially a DoS attack that originates from multiple sources. Such attacks are usually carried out using thousands of unsuspecting zombie machines known as botnets.
DDoS attacks have traditionally been used by cyber criminals to extort money from website owners that rely on the accessibility of their websites. However ‘Hacktivists’ have also initiated such attacks in the past to bring down company and government websites in protest of certain policies or decisions.
A popular recent example is anonymous’ attack in protest of the Megaupload Raids that targeted various government and music industry sites.
Who can it affect?
DDoS attacks are difficult to safeguard against completely and can affect large and small websites alike.
Having suffered a DDoS attack on our DNS servers in the past, we understand that such attacks can occur and the best solution is to have systems in place that allow you to mitigate the attack and get systems back online as soon as possible.
Which leads us to – How do we mitigate DDoS attacks?
While there isn’t a lot that can be done to prevent DDoS attacks, there are certain techniques that we employ to mitigate DDoS attacks and restore services.
To help mitigate DDoS attacks we’ve employed the services of Prolexic Technologies that is a global leader in DDoS Protection & Mitigation. While there are multiple ways in which Prolexic helps mitigate DDoS attacks, here is a simplified version of how Prolexic works.
- BGP Routing:
With BGP routing, when a DDoS attack occurs, our traffic gets routed through Prolexic’s servers where malicious and legitimate traffic is segregated and legitimate users can continue to access our services. - Advanced Filtering:
As the traffic gets routed through Prolexic’s servers, their filtering technology identifies anomalies which are then “red flagged” by the system. Moreover, research is then conducted by Prolexic engineers to determine whether this activity should be blocked on the network. Once malicious activity has been determined, it is labeled in the system and blocked.
How can you independently mitigate attacks?
As a individual website owner you have limited control over a server but you can use CloudFlare to protect your websites from attacks.
CloudFlare protects your websites by routing traffic through their intelligent global network – a little like what Prolexic does for us ?
We already provide CloudFlare on our Hosting servers so Resellers can enable and start using it immediately. More information on how CloudFlare can protect you can be found here –
http://www.cloudflare.com/overview
How Web Hosting Providers should deal with a DDoS Attack:
DDoS attacks are a very real threat to website owners and hosts worldwide but like I said before, there is no foolproof way for anyone to really protect themselves against such an attack.
As a Web Hosting provider yourself, I’m sure you’ve come across Customers that consider leaving you in the aftermath of a DDoS attack. You might have felt the same of your upstream provider as well. However, it’s important to remember that anyone can be a target.
An indicator of a good Host isn’t one that hasn’t been attacked yet but one that can effectively restore services and reduce damage.
How Web Hosts handle the situation is also an important indicator. I’ve always seen that the ones that do handle attacks effectively provide detailed information on the following: (This actually applies to most issues/interruption in services)
- Which services were affected?
- Are the services back up or how long will it take to restore services?
- Does the Client need to do anything?
- Why did this happen i.e. details of the DDoS attack
- How was the attack mitigated?
- Can this happen again?
- Who can Clients contact if they have any concerns?
As a individual website owner you have limited control over a server but you can use CloudFlare to protect your websites from attacks.
So there you have it – everything on what is a DDoS attack and how you can deal with it! I’d love to know what you think so do comment and let me know your thoughts.
Email authenticity is a major concern for a lot of customers and one of the best ways of addressing this is by adding SPF and DKIM Records. Both these techniques can be used to prevent email spoofing.
So what are SPF and DKIM Records?
SPF stands for Sender Policy Framework and is an open standard to prevent sender address forgery. The way it works is that it stops email forgers from forging the sender address in an email. It does this by authorizing addresses that can send email for a particular Domain Name. You can get a little more info on SPF here.
Similarly, DKIM i.e. Domain Keys Identification Mail is another mechanism used to fight email forgery. It uses encryption technology to verify the authenticity of the sender address. If a message has been verified through Domain Keys, you’ll see a small icon of an envelope and key in the email header. Read more about DKIM here.
Adding these Records:
No changes will be required if you’re using our DNS Services.
However, in case you’re not using our DNS services, you will need to add certain TXT Records in the package being used. These can be viewed under Nameserver Details in the Order Details View of your Email Package.
Over the last couple of months ResellerBytes has received a lot of requests for PHP 5.4 and we are proud to announce that our servers now support PHP 5.4! Yes. Now our Linux Hosting Servers support PHPv5.4 ?
This means, all our Linux SDH, MDH, BH/RH servers will also have PHPv5.4 along with old PHP versions. We will soon take a call for discontinuing the support for the older PHP versions on our servers (PHP v5.2).
The latest enhancements significantly improve PHP’s elegance, while removing deprecated functionality, resulting in a dramatic optimization of the runtime (up to 20% more speed and memory usage reduction).
FAQ (Some Frequently Asked Questions)
Q. How do I use PHP v5.4 on our Linux servers?
A. Just like PHP v5.3, there needs to be a blank file in the home directory of the user with the filename as “usealtphp54”
Q. Is it mentioned in the KnowledgeBase?
A. The information is accessible at this link: http://my.www.resellerbytes.com/kb/answer/1592
Q. What happens if there are two files usealtphp54 and usealtphp (both) in the home folder for a package?
A: Well, it picks up “usealtphp54” by default and sets the PHP version to 5.4 for that package.
Q. Was there any downtime involved during the deployment?
A. None what so ever !
Would you part with sensitive information like credit card details or your social security number, without any assurance that the information will be kept confidential? Neither would I, especially in an online environment.
So how does an entrepreneur gain the trust and confidence of his customers? Especially if he wants to boost his sales and cater to a larger market, without having to spend too much time and effort in building a trustworthy brand.
Various studies have revealed that a lot of customers abandon a site for lack of security. The smaller the company, the greater is the customers’ concern. Surely, nobody would knowingly want to turn away a potential customer. To get a step closer towards building a brand that is trusted, a wise choice would be to invest in a Digital Certificate…
An estimated 59.8% of online shoppers abandon their purchase process resulting in a loss of a substantial amount of money.* When it comes to parting with sensitive information, Digital Certificates have the highest scope to minimize Shopping Cart Abandonment, especially during the check-out process. Simply because it is widely known that Digital Certificates encrypt the sensitive information entered, making it unintelligible to all but the parties involved. Thus, increasing the motivation for customers to shop online. Another important thing that Digital Certificates do, especially nowadays with advanced browsers, prevents a ‘security pop-up’ from appearing during the purchase process.
This is precisely why Digital Certificates have become such an important aspect of every online business.
Looking at it from a Reseller’s perspective… the market is huge, the time is perfect and the prices don’t get better… I won’t deny that the premium brands of Digital Certificates come at a steep price (if you chose another Service Provider). At ResellerBytes, you will find Thawte Digital Certificates – A Verisign Product; the only difference being the prices are much lower than what Thawte themselves offer, or anyone else for that matter. The “trusted seal” logo that comes with Thawte Digital Certificates will be positioned on the website, thus escalating the brand worth in the minds of the customers many times over.
P.S. Do go through our revamped Digital Certificate page where you may have many of your queries addressed.