Last Few Days To Grab Your UK Domain For £1.50
For the month of June we've had all new UK domain registrations at £1.50. With the 30th June 2017 looming, now is your last chance to grab your perfect .uk domain before the end of the campaign
Our Stand At GradJobs 2016 London Olympia
On Friday 7th October and Saturday 8th October 2016 we'll be at our stand at the GradJobs 2016 event at Londons Olympia with those lovely people at Nominet (@dotuk) talking about .uk domains and our student offering at https://students.ecohosting.co.uk. The guest speaker at the event will be Bianca Miller and she'll be explaining the benefits of creating your online presence using a .uk domain. Of course this doesn't just apply to students and the benefits are many across all industries, business types and individuals. Over the coming months we'll be publishing infographics with facts and figures about how a .uk domain and a website with us will benefit you and if you have a business, how it will move your business forward.
Here are some interesting facts for you. Students spend an average 4 hours a week on activities to boost their employability and 1 in 12 students dedicate 10 hours+ a week trying to improve their attractiveness to potential employers. What better way to showcase your talents or your portfolio than by using a .uk domain and a website. With things like WordPress you can create an amazing website with little or no knowledge about how to build a website and make it look like you've spent a fortune and/or months building it.
How CloudFlare increases speed and security of your site
CloudFlare makes it easy for any site to be as fast and secure as the big Internet sites.
CloudFlare, is a web performance and security company, they've recently announced their partnership with Eco Hosting and our Premium Platform! If you haven’t heard about CloudFlare before, to cut a long story short, they’ll make any website twice as fast and protect it from a broad range of web threats.
Hundreds of thousands of websites, ranging from individual blogs to the websites of Fortune 500 companies and national governments and everything in between, use CloudFlare to make their sites faster and more secure. Figures show that they power more than 65 billion page views a month which is more than Amazon, Wikipedia, Twitter, Zynga, AOL, Apple, Bing, eBay, PayPal and Instagram combined and more than 25% of the Internet regularly passes through their network.
Faster web performance
CloudFlare is designed to take a great hosting platform like Eco Hosting/Eco Cloud Hosting and make it even better.
They currently run 74 data centers located around the world. When you sign up for CloudFlare, they begin routing your traffic to the nearest data center. As your traffic passes through the data centers, they determine what parts of your website are static or dynamic. The static portions are cached for a short period before there is a check to see if they’ve been updated.
By automatically moving the static parts of your site closer to your visitors, the overall performance of your site improves significantly. This caching system will also save bandwidth and decreases server load meaning your web application will run faster and more efficiently. On average CloudFlare will cut the load time for pages on your site by 50% which means higher engagement and happier visitors.
Broad web security
CloudFlare’s security offerings give protection against attacks such as DDoS, hacking or spam. Traffic patterns are analysed in real time and adapt the security systems to ensure good traffic gets through and bad traffic is blocked. The goal is to make attacks against websites a bad memory. Given that there are billions of different attacks every year they are able to adapt due to the vast number of people using the network and are well on the way to achieving that goal.
Any website can deploy CloudFlare, so you don't need to host with us, however, by integrating with Eco Hosting and our Premium Platform, we make the process of setting up CloudFlare simple by using a one click option. Just look for the CloudFlare icon in the cPanel, choose the domain you want to enable, and click the orange cloud. That's it!
How To Create A Botnet Using Free Services
I was reading an article by Rob Ragan and Oscar Salazar when I realised that free stuff wasn't always great....now who doesn't like free stuff? Of course I don't mean the free stuff that I use, that's OK.....I mean the free stuff that spammers and cyber crims exploit. Why am I mentioning this now? Well, as you may have seen, over the Christmas period of 2015 we experienced an extremely large amount of traffic in the form of a DOS attack which originated from the AWS's (Amazon Web Services) network. As such, to protect ourselves and our customers, we had to block all traffic from that network.
So how does stuff like this happen? Well, remember the free stuff I was talking about....?
In summary what Rob Ragan and Oscar Salazar tried to do was to create a botnet of a thousand free trial accounts on cloud services just like AWS, set up a virtual machine on each one, and use it for, in this case, Litecoin mining but in theory this could be used for all sorts of ill-doing. Now, most if not all cloud services that offer free accounts have some sort of test to make sure that accounts being created are genuine accounts with human users and not automated bots, so a Turing Test would be in order right? Apparently, 66% of these cloud service providers use a very simple Turing Test, all you have to do is click a link sent to a specific email address.
To cust a long story short, Ragan and Salazar described how they used those free services to fool the simple Turing Test with just a few accounts. Although they did need another neat trick to bypass the outbound Internet access block by tunneling out through an inbound SSH connection but you can see how this can be built into 1000's of accounts and from there a DOS attack or any other wrongdoing can be launched against anyone. The power of the resources available meant that the 1000 VMs that they had access to were the equivalent of about 20,000 hacked computers. If you couldn't access the BBC website or iPlayer over Christmas and New Year, this is probably what happened.....but then, who knows?
If it's free and useful, people will make a huge effort to exploit it.
What Is XSS (Cross Site Scripting).....
A lot of people have been asking what is XSS....you've probably seen the messages in your control panels warning to update plugins because they are vulnerable so here is a brief explanation of what goes on if you've been compromised.
OK, well we know that Wordpress is probably the most used CMS on the planet so it is bound to be a target for hackers who want to hijack SEO Kudos, to use the site for phishing or spamming or just because they can, all of which are damaging to your reputation and can take hours of painstaking work to restore your website back to it's original glory. Recently we have observed a huge rise in attacks utilising existing and known vulnerabilities in the WordPress platform because of unpatched/updated plugins or core files.
Typically, many WordPress blogs allow comments to be submitted either anonymously or after a registration process by default. Eventually, an attacker taking advantage of being able to post specially crafted code will come across a user that has administration rights and their code is loaded into the admin's browser.
The code creates a transparent full-screen object which sits over the top of all other window elements and executes the payload when a mouse cursor moves over it. You can probably guess what happens next.
If triggered by a logged in user with the appropriate admin permissions, the website will be compromised in various ways, including but not limited to:
- A new administration user being added
- The server will have a back-door installed
- WordPress SPAM filtering will be rendered non-functional
- The viewing user’s cookie stolen and potentially used for later session hijacking
Some things to remember about how to mitigate this...
- Turn off comments if not needed.
- Use a security plugin
- Keep all plugins and core files up to date
- Regularly check to see if any admin users have been added
- As soon as you are made aware of a vulnerability update immediately.
ALL RIGHT ALL RIGHT STOP GOING ON.....
After numerous requests we are launching our new platform and our affiliate scheme! Those of you that know me from the support team responses may have noticed that I haven't been around for a while (or maybe you haven't noticed or even care). I have been seconded to the team that is setting up our new Reseller / Developer / Multi-Site WHM cPanel hosting platform. After dropping some bits and smashing them (don't worry I didn't use them) it all seems to be working well. I won't go into too much detail here about technicals, needless to say no expense has been spared and it's very shiny. It will be launching soon so keep an eye out for the new navigation link on the website and you can read all about it. Zak and Andrew have been editing and css-ing the heck out of the admin area to make it look pretty and to make sure all functionality is working as it should. As a reseller, you can sell our packages, create your own, resell domains and loads more. Those of you who have loads of websites (of your own and your clients) can purchase a reseller package and just use it as your own development server. Versatile, secure, robust, brand new, technically top of the range and energy efficient and most of all....shiny!
DON'T PANIC, ALREADY MITIGATED
You may have heard about this already but if not don't worry, it's already been patched across all platforms. As with Heartbleed and Shellshock, we have addressed the issue immediately, and the good news is that there isn’t yet a known exploit in the wild, but it’s expected we’ll see one sooner rather than later. Ironically a vulnerability of this nature is vectored through a fossilised function, come one now really, a virtual floppy disk driver? It's even more ironic that the bug has existed since 2004. As we’ve moved forward in the computer age, we have seen how legacy dependencies and considerations cause current problems and of course vulnerabilities. Every time we retire a legacy dependency, we will of course be increasing the security of our systems, however, as we move even further forward with technology, it seems we’ll never run out of legacy dependencies as we're continually creating them every day.
TOP TIPS FOR PROTECTING YOURSELF AGAINST PHISHING ATTACKS?
It is so important to avoid spam email, we're recapping our top tips for you:
- Do not open any attachments from emails unless you explicitly trust the source
- Do not directly open links from emails (manually type the address if possible.)
- Always check hyperlinks by moving your mouse over the link to determine actual address.
- Bad grammar and spelling are often a good indication that the email is fake.
- Most companies should NEVER ask for your password in an email.
What should you do / not do when you get a spam email?
- Don't be tempted to reply.
- Don't use unsubscribe links - they are probably just a means to verify your email address and then you'll get even more spam.
- Use a spare or generic email address when signing up to services, keep your main one clean and away from spammers.
- If you’re getting a lot of spam, check your spam settings and set to high if necessary.
Is Your Website Mobile Friendly?
On April 21 2015 Google started to further expand the use of how mobile friendly a website is, as a ranking signal. This change will obviously have a significant impact in mobile search results. As a consequence, users will find that they get relevant search results that are optimised for their tablets and or phones.
Check if your website is mobile friendly by using their friendliness tool https://www.google.com/webmasters/tools/mobile-friendly/
New Superfast Premium Platform Launch
Over the past few weeks we have been working on a new (predominantly) Wordpress platform. Each server includes 6 cores, 20GB Ram, 100Mbit pipe and a shiny new SSD drive.
During our tests we've seen some amazing results, even with themes that are notoriously slow. Thanks to some apache mods, some of the sites we tested (that had 30 different plugins including WooCommerce) were also quick, however, these didn't include any cache plugins (W3 or Super-Cache) so there is still scope for quicker load times.
If you would like to get on this platform before the official launch then please let us know and we'll endeavor to migrate you. Where's the catch I hear you ask, well....the trade off for this speed and reliability (less people less breakages) is the cost, it will cost more but you're getting dedicated services for a fraction of the price.
High performance hosting without having to manage your own server. With dedicated resources and 99.99% uptime SLA guarantee, this is the hosting your website deserves. Backed up by 100% UK support 24x7. Watch this space!
We have Lift Off....
You may or may not have noticed that our website has changed recently, the functionality however, has not. All logins remain the same and all access points are still active.
If you login directly to the hosting control panel this remains the same https://mycpanel.domainname.co.uk. If you were unaware that this was an option and usually login via the admin dashboard please continue to do so, this hasn't changed.
The only difference, with all the changes we've made to the website, is to the login links, these links used to be at the top of the home page but they are now at the bottom of the home page.
Problems Logging In To Your Control Panel?
We understand how easy it is to forget a password (or to lose it) and we are always told to change our passwords regularly so it's no wonder we have no idea which password we use for what and how it was composed....uppercase, lowercase, numbers, special characters...arrgghhh! One of the most common requests we have is "how do I reset my control panel password?" From the control panel login UI you will see a forgotten password link, this will give you the option to change the password after sending a reset message to your mailbox.
Sometimes the new password may not be strong enough which means the screen will do nothing or go nowhere this is because or system is set up to only work with what it considers secure passwords. If you have trouble, you can access your hosting control panel and all other products and services via the admin dashboard (the bit that stores all your contact details and where you pay for your items). Once you've gained access you can change the password from the column on the right, remember it must show "good" and show green as well as giving you a completion message before it changes the password
We Still Recommend Keyworded Domains
SEO intelligence software company CanIRank conducted a very interesting in-depth study into the impact of keyword domain names on organic search rankings. The research provides hard evidence that companies could greatly reduce their costs by investing in keyword domains despite recent moves by Google to reduce their influence.
CanIRank's research compares websites using keyword domain names to brandable domains and which are able to attain top rankings more easily. This is hotly contested topic in the search optimisation realm and this study frames how important it is for companies to stay in the know on these trends. (Source Sedo.com)
Wales + Cymru Domains Now Available
If you trade in the UK (particularly Wales), a Welsh domain name is essential to protect your business/brand and to prevent anyone else using the same name to trade. People can take advantage of your reputation, hold your name for resale or just use it to abuse you and your customers. As with any other domain you can redirect new domain names to your main website, this ensures you stay in control and customers are directed to the correct place.
If you’re a Welsh business or target customers in Wales directly, as a fiercly patriotic bunch what better way to show relevancy and trust than with a .wales or .cymru domain name for your main website? It instantly shows visitors where you are before they've even clicked on the link, making it perfect for tourism and local business websites. We've registered loads ourselves as we're based in Cardiff :)
Eco Hosting are an Accredited Channel Partner and as such we have greater flexibility to help you better manage your domains. With great power, also comes great responsibility (I've always wanted to say that) and as an Accredited Registrar we need to be sure that the data we acquire (your Name + Address) are accurate and that you're a real person.
Nominet will regularly check data and check on registrars (to see if we're checking data) to flag details which they are unable to validate. We check all our registrant data using 3rd party sources but if Nominet flag something as invalid, we’re sent an email to say "double check this" which then starts a Data Quality Case. We then send the account holder an email with details on how they can correct the invalid data. This will happen regardless with registrants based outside the UK who register UK domains.
The most common error is people regsitering domains using their company name but they are'nt a limited business. In this case, as explained on our registration pages, the registrant details should be name of the registrant TA (trading as) company name and the type should be Sole Trader. Registering a UK domain like this will also prevent the registrant from opting out of UK Privacy. If you're not sure then register as an individual and then once your business is up and running update the details with us.
There are obviously occasions where Nominet’s systems may flag names or addresses incorrectly (although they may be valid), in these cases we’ll need to verify the flagged details by asking for documentation such as a photo of your utility bill or passport so that we can manually verify the details. This can sometimes happen if you are working from a new building or if you live in a nice country house that is far from any recognisable postcode (albeit an address that the postman knows about).
If you receive one of these emails, Nominet's regulations state that you have 30 days to submit the correct information, if we do not receive the correct details within 30 days we are required to suspend the domain name until the correct details are submitted. If this happens it will break your website, email and any products and services attached to the domain.
If you have any questions regarding ‘Data Quality’ please get in touch.