Technical « Mediumcube.com Web Hosting Blog

May 11, 2008

Free Tools to keep your computer secure

Filed under: Technical — Tags: internet protection, parental control, prevent ddos, protecting your system, tipes protecting windows, windows security — admin @ 2:45 pm

Protecting your PC is never more important as it is today. Generations of new spywares that hide ithemselves very well within your system environment collecting details and controlling your PC as zombies can wreck havoc not only on your system but on the general internet.

Imagine how hackers are able to utilize the power of thousands of hacked PCs online to bring down servers across the internet. This is what we know as DDoS (Distributed Denial of Service) Attack. DDoS attacks had brought many major sites to their knees for days and sometimes weeks. The most recent of such attack is the one on Estonia’s government, bringing down their banking and government services for several days.

The main root cause of DDoS attacks is those exploitable, unprotected computers connected to the internet which then hackers from thousands of kilometers away quietly control to attack other internet devices.

So we’re listing here few applications you can use on your Windows Operating System that will help protect and clean your computer from most known viruses/spywares:

1) Windows Defender: Tool developed by Microsoft and available for free to legally registered Windows machines. It provides protection against common spywares and exploits in the Windows OS. It can be downloaded for free from: http://www.microsoft.com/athome/security/spyware/software/default.mspx

2) Google Pack: Offers multiple applications for productivity and security. The most important applications in the Google Pack are: Norton Security and Spyware Doctor Lite Edition. The Google Pack can be downloaded for free from: http://www.microsoft.com/athome/security/spyware/software/default.mspx

3) Avast AntiVirus: Freely available for non-commercial use. The Avast anti-virus and anti-rootkit provides ultimate protection against harmful malwares. You can check Avast site for more info at: http://www.avast.com/eng/avast_4_home.html

4) AVG AntiVirus: Another freely available Antivirus for non-commercial use. It also contains an Anti-Spyware tool and can be downloaded for free from: http://free.grisoft.com/

5) Make sure your Windows OS is up to date: Check http://windowsupdate.microsoft.com for the latest Windows updates

6) Enable your Windows Firewall: This can typically be found on most Windows XP SP2 computers under your “Control Panel”. Windows Firewall will prevent unwanted connections from being made from or to your computer.

7) Internet Browser Protection: If you wish to protect someone using your computer from browsing malicious or inappropriate websites, we’d highly recommend you try Open DNS to minimize your network exposure to unwanted websites

The old saying goes: “Prevention is the best Protection” which still applys on the internet today. Just one last note, the more antivirus and antispyware applications you load on your Windows system, the slower your system will perform. In general, we wouldn’t recommend installing any of these applications on your Windows systems unless you have 512MB of RAM for Windows XP or 1GB of RAM for Windows VISTA.

Comments (0)

April 30, 2008

SQL Security Vulnerability in Poorly Designed Applications

Filed under: Technical — Tags: asp .net, php security, sql security, windows security — admin @ 11:26 am

Recently there had been a wide spread exploit that targets poorly designed applications on Windows based platform. The exploit is not a result of a security hole in Windows, IIS nor SQL. Rather, it is the result of web application not properly validating user input code before passing it to the SQL server.

The vulnerability had gained recently a high profile when few hackers were able to hack into the United Nations website and tens of thousands of others.

Therefore, it is imperative that you check your application code for any vulnerabilities that can lead to potential hack of your database and possibly the whole server.

For more information on this exploit, please visit the following sites:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9080580

http://hackademix.net/2008/04/26/mass-attack-faq

On our end, we’ve tightened the security on the servers as much as possible without compromising accessibility. However, due to this vulnerability being the result of poor application coding, the best way to protect your site is to validate user inputs before passing them to the SQL server. The references included above will give your web developer a better idea how the exploit works.

If you have any questions or concerns about this issue or others, please don’t hesitate to contact our support department.

UPDATE: Techtarget has good article on how to test your application at: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci996071,00.html Basically, if your application passes variables in the URL as in home.asp?a=value , then try to see if you pass a=val’ue if this would break MSSQL. If it does, then you may have a problem there.

UPDATE: This is a good Blog about things can be done to help find the problem in the code (URLScan 3, Scrawlr, MSCASI):

http://blogs.technet.com/swi/archive/2008/06/24/new-tools-to-block-and-eradicate-sql-injection.aspx

UPDATE: This is another great article on Cross-Site Scripting and ASP .NET, though not directly related to SQL issue, it does underlie the importance of properly designed code

http://forum.dotnetpanel.com/blogs/dan/archive/2009/02/11/cross-site-scripting-in-asp-net.aspx

Comments (0)

April 28, 2008

Security Update for WordPress

Filed under: Technical — admin @ 5:01 pm

Recently WordPress had released an important security update to patch vulnerable WP installs. It is imperative that if you’re running a Word Press version earlier than v2.5.1 that you either apply the patches or upgrade your Word Press install. For more information on this vulnerability, please visit:

http://wordpress.org/development/2008/04/wordpress-251/

Comments (0)

March 20, 2008

Network Maintenance on March 20th, 2008

Filed under: Technical — admin @ 12:05 pm

Please note, the following maintenance has been scheduled on our network. There will be no service disruption as traffic will be re-routed to other providers during the maintenance window.

Loop to Toronto Internet Exchange
Work: Change fiber route for maximum diversity
Date: Wednesday, March 26th 2008 between 12am and 6am EDT (04:00 – 10:00 UTC)
Duration: 1 hour

Comments (0)

February 1, 2008

Router Upgrade on February 4th, 2008

Filed under: Technical — admin @ 6:24 pm

A maintenance is scheduled for Monday, February 4th, 2008 between 11:00 pm and 12:00 am EST on one of our core routers. We have decided to replace the supervisor engine which will have the standard 1 GB memory. The VSNL uplink will only be activated after completing the maintenance (Tuesday 5th most probably). The traffic will be rerouted to other routers before the maintenance. This may take a few seconds to switch over. The supervisor engine will be replaced by another Cisco WS-SUP720-3BXL.

Comments (0)

July 18, 2007

Creating and Maintainaing Spam Free Mailing List

Filed under: Technical — admin @ 10:34 pm

One of the many challenge of online marketing in this age is to communicate effectively with your customers without getting your business tagged with the word spammer.

At Mediumcbe, we take spam seriously. So we’ve compiled a list of items every business broadcasting newsletters or mass email to clients should keep in mind:

- High delivery failure is the number one reason legitimate mailing lists become spam lists. Make sure you have a script or process that will remove failed emails addresses from your mailing list. If not possible, then send out an email every 3-6 months requesting your clients to re-subscribe. This should keep your mailing list clean, and keep your site away from trouble. Many of the larger mail providers reject emails based on the number of failed delivery attempts. For example, If your list contains 10,000 users and 500 of these fail with mostly @yahoo.com addresses, there is good chance Yahoo will either block your emails, delay it or consider it Bulk Email.

- Provide easy removal option. What is worse than a failed address ? It is someone upset they’ve received your email and have no way to remove themselves! Irritated mail users annoyed by spam problems can actually begin sending complaints to your web host, their ISP and others about your mailing list. This may result in your domain or IP address being black listed. The solution is very simple, place a simple and clear removal link at the top and bottom of your email. Once the person click the link, they are taken to a confirmation page “Please click Yes to confirm your removal from our mailing list”. I’ve seen many mailing list require you to login and go through multiple menus to unsubscribe. Keep It Simple Stupid! You don’t want to market to people who don’t want to listen to you.

- This is usually the first step in any mailing list. Make sure your mailing list is VERIFIED. Either single or double opt-in. It is preferred to have double opt-in list because they indicate more than anything else that the user is interested in what you are sending them.

Single Opt-in : When a user is subscribed by simply entering their email address at your website

Double Opt-in: The user must enter their email address at your website, and then confirm an email subscription message

- Lastly, choose a mailer software that complies with general email RFCs. always lower the rate at which emails are sent out for two reasons. First, it will reduce the load on your outgoing mail server. Second, many ISPs use mail filters that block a mailer IP address temporarily if it attempted to send x number of recipients within x period of time. Also, it is important the mailer software can handle email bounces, subscription and removal.

If you are a commercial marketer and guaranteed email delivery is important to you. It will be wise to invest in GoodMail System from http://www.goodmailsystems.com/ . Mediumcube can work with you to ensure your e-Marketing Campaign is a success.

Mediumcube offers a great Mailing list solution called MailMan. It is designed for high volume mailing list and has extensive features suitable for variety of email broadcasting.

Comments (0)

April 29, 2007

Completed cPanel Upgrade to Latest Stable

Filed under: Technical — admin @ 9:43 am

All our Unix servers have been upgraded to the latest cPanel Stable. This should resolve any problems with mail quota, few account creation bugs and other minor issues.

Comments (0)

« Newer Posts

May 2012
M	T	W	T	F	S	S
« Apr
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31