Have You Been Shafted By Your Web Host?

Filed under General | 1 Comment

I often hear horror stories about hosts that have draconian AUP enforcement policies. It’s well worth finding out what the terms are before you decide on a web host. Don’t be surprised if they all look fairly bad though because when it comes to breaches of AUP, regardless of whether you are responsible or your server has been breached, your host will probably have little sympathy. Most web hosts will either shut your account down straight away or give you a short time to remove your files. They would much rather that you became someone elses problem than theirs.

I think that’s a little bit silly though. It just means that the site owner is going to take his/her same problems to a different server. It would be nice to see some web hosts be a little more pro-active with regard to security. As I’ve mentioned elsewhere, with most dedicated servers you get a stock standard setup. No firewall and fairly mediochre security in general.

Of course we could say that it’s the responsibility of the server leasee but let’s face it, the majority of people leasing dedicated servers are doing that to help their business…not to become unix geeks. So it’s safe to assume that most  people who have a dedicated server probably wouldn’t even know the simple tasks such as looking at the server logs. If you are going to market your product to a general public who don’t know how to maintain that product then surely you should at least be providing a basic service or recommendations with regard to hiring someone to manage the server(s).

There’s often a ‘managed server’ option but in my experience most managed services are quite costly whilst still only providing basic service.

Do you have any horror hosting stories where you felt your host dropped the ball or treated you unfairly?


Stop Being Lazy With Passwords – Today!

Filed under General | Leave a Comment

Do you know that one of the major causes of servers being broken into is laziness? It’s true. No-one wants to hear that they are lazy, but how often have you set a password on a website with only one thought in mind – something that is easy to remember? Generally speaking, passwords that are easy to remember include people’s names, dates and plain english words. This makes breaking into accounts and servers way too easy.

Not surprisingly we humans tend to have similar patterns of thinking so the average computer criminal doesn’t have to think about it for very long before he/she will come up with some language and number patters that will get them into online membership areas and servers. Let’s take the classic example of a birthdate. I could write a program in less than an hour that would go through a dictionary of names … real names like Bob, John, Fred etc as well as the other common logins such as admin, administrator and supervisor. I could then have it go through every date from, say, 1950 to the present and have it try to log into servers with those name/date combinations. I can pretty much guarantee you that I would be able to get into at least a few accounts that way.

If you’re breaking out in a cold sweat because your PayPal or bank account has one of those name/date style combinations then you really should change the name AND the password without delay.

So, what do we do about the ‘hassle’ of remembering strong passwords. Better yet, what is a strong password exactly? A strong password has a combination of letters (upper case and lower case), numbers, symbols and punctuation and is at least 8 characters long. So, an example, a strong password could be dP4.ty9%. The longer the password is, the harder it is to ‘crack’. And that difficulty goes up exponentially due to the number of possible combinations of characters that are added each time you add another character to the password length.

Getting back to the ‘hassle’ of strong passwords. The solution is easy. Use Roboform. Roboform is a trusted and secure way to store all of your passwords on your own computer. It’s easy to back up (and very handy if you want to copy all of your logins and passwords over to another computer). Roboform also gives you single-click access to all the websites and accounts you log into. So, even for the very lazy …it actually makes logging in EVEN EASIER than having to remember a WEAK password.

Roboform is free with a limit on the number of sites you can add. The ‘pro’ version has no limits and is well worth the $30 one time upgrade fee. You can check it out by clicking HERE or on the banner below.

RoboForm: Learn more...


BlogRush – Bums Rush?

Filed under General | 1 Comment

Up until recently I had a BlogRush widget on this site. However, for some reason which they didn’t even bother to tell me, they decided that The Dedicated Server Doctor didn’t meet their quality guidelines.

This led me to do a search and see how many others of the 10,000 or so they ‘deactivated’ felt that their was something not quite right. What I found really surprised me. Many comments from other BlogRush members, many of who had either removed the BlogRush widget weeks ago, saying that they had received the ‘congratulations’ email for having a quality blog. There were also some really excellent blogs that were unceremoniously dumped. In one case where a blog had been re-instated there was apparently an apology from BlogRush owner John Reese because the  blog had been deactivated ‘due to a typo’.

Whilst I’m not going to lose any sleep I’ll make a few points and then I’ll get over it 🙂

* Many blog owners received emails that basically said ‘you don’t meet our guidelines’ but didn’t mention the actual reason, so it’s like ‘you don’t meet our guidelines .. go read them and work out why’. Personally I think that’s just a little bit rude. I know I certainly couldn’t work out which guideline I supposedly wasn’t meeting.

* When ex-blogrushers started complaining, Reese locked comments on his blog, the Warrior forum deleted posts about BlogRush and a thread that Reese started to ‘explain’ was locked once warrior members started replying.

* It is abundantly obvious that the ‘quality control review team’ is a group of individuals who are all interpreting the guidelines in their own special way.

That’s all I have to say about that!


What About MY Security?

Filed under General | Leave a Comment

That’s a very good question. Obviously any business that is providing a security related service should practice what it preaches. When you sign up for any of our services we split the information and send it to two places. You domain and contact details are added to our database. Your password is sent directly to our staff. By doing this, we avoid storing your password online and we don’t store the combination of domain, login and password in the same place. We also use a secure server for our signup forms, so that the information you are sending to us is SSL encrypted over the Internet.


Do I Really Need A Firewall?

Filed under General | Leave a Comment

Absolutely! Putting a server online with no firewall is akin to having your own computer on the internet with no firewall, no antivirus and no anti-spyware software. It’s not a matter of IF someone will break in, but rather WHEN they will break in. Did you know that most dedicated servers will be targeted by automated ‘cracking’ programs within hours of being deployed? I always check the server logs just prior to installing firewall software and I typically see anything from 10,000 to 30,000 cracking attempts per day that have been logged.


These automated programs simply run through combinations of usernames and passwords until they find a combination that will allow them to log in. Once your server has been cracked, the person who gains access can use your server for a multitude of purposes including running the same cracking software that they used on your server, to try to break into other servers. Some may use your server as a file download repository or a ‘zombie’ spam relay whilst others are only interested in deleting files and/or defacing your web site.


Most dedicated servers are provided with no firewall installed. They are basically wide open to attack. This isn’t because the host is shirking their responsibility but rather that they have no idea what services you will be running, so it is, in most cases, better to leave the firewall configuration to you. I can not stress enough, the importance of having your server security checked and a firewall installed and configured. It is an absolute must!