Uncategorized

The .MX country-code TLD is finally available for registration!

.MX domain names now available for registrationFelicidades! Starting from today, you and your customers can register .MX ‘nombres de dominio’ and become a part of the large online Mexican family.

.MX had been a long-sought-after extension before it became open to the public a few years ago. It was closed for registration for a long time and only 3rd-level .COM.MX domains names were available to the public.

Now the .MX ccTLD is open for registration to anyone and you can get your .MX domain today without any restrictions whatsoever.

Why register .MX domain names?

  • Show your personal/business interest in Mexico. The .MX ccTLD represents a great chance for companies and individuals having economical, political or cultural relations with Mexico, to voice their identity online.
  • Show commitment to Mexican customers. A local domain name will contribute to your company’s professional image and will help you demonstrate your commitment to the local audience.
  • Increase your sales on the Мexican market. By targeting the Mexican market with a local TLD, your brand will be recognized by potential customers and you will stand a much better chance of increasing your revenue.
  • Protect your local trademark. By registering a .MX domain, you will secure your brand as an online trademark pertaining to Mexico.
  • Get a short and easy-to-remember website name. The possibility of laying hands on a short and recognizable site name is much greater with a ccTLD like .MX than with a widely used TLD like .COM and .NET.

Who can register .MX domain names?

There are no local presence or citizenship requirements for registering a .MX domain, unlike the situation with some other ccTLDs.

Anyone can register a .MX domain name for a period of 1-5 years. Also, if you have a .MX domain registered somewhere else, you can transfer it over to us, so as to keep your site(s) and domain name(s) in one place. An EPP code will be needed for the transfer to take place.

On the heels of the recent PHP updates to our system – the introduction of PHP sockets and the upgrade to v 5.6.0, we have now activated PHP NG on our servers.

PHP NG was first introduced in May, 2014 as a major effort to refactor the PHP codebase in order to reduce memory consumption and to increase overall performance.

Although still in alpha development, PHP NG is starting to show amazing performance improvements over the current stable PHP version – PHP 5.6, while maintaining 100% compatibility.

The tests of developers have shown that PHP 5.7 NG is performing anywhere between 20% and 110% faster than PHP 5.6 in real-world applications such as WordPress, Drupal or SugarCRM. Memory consumption has been reduced significantly too.

Also, PHP NG’s refactored codebase is an excellent basis for future optimizations, and its performance level keeps improving.

PHP 5.7 NG is used only for development purposes and will most probably not be suitable for production use this year. However, it has all the potential to turn into a phenomenon for servers around the world, with more stable betas and even release candidates expected in early 2015.

You can enable PHP NG from the PHP Configuration section of the Web Hosting Control Panel.

PHP NG option in the Control Panel

Social Login for Hosting Control Panel - LiquidLayer.net

Social Login for Hosting Control Panel – LiquidLayer.net

 

Two months ago, we enabled a social login option for all resellers and shared hosting customers.

Now this capability is also available with all semi-dedicated servers, as well as with all Virtual Private Servers and dedicated servers ordered with the Hepsia Control Panel.

Just like on the shared hosting platform, the social login option works with Facebook, Google+ and Yahoo! social media profiles.

This is a very useful one-login solution for users who manage several accounts, since it will save them from having to work with tons of usernames and passwords.

How to use the social login option

The social login option is available with all semi-dedicated servers, since they use the Hepsia Control Panel by default.

VPS and dedicated customers can take advantage of this option if they choose to use the Hepsia Control Panel with their server at signup.

In the Control Panel, users will be able to quickly link their hosting account(s) with their social media profile(s) and thus gain instant access to their Control Panel anytime they open the Login page.

You can find detailed instructions on how to use the social login option in our previous social login post.

Backend improvements to the social login functionality

Apart from enabling the social login option on all Hepsia-equipped servers, our developers have also made a few essential improvements to the functionality’s backend.

Thanks to a tweak to the interface through which we communicate with the social networks, now the connections between the social media profile(s) and the Control Panel will be 3 times faster than before, which means zero waiting time at login.

Also, a glitch causing occasional connectivity hiccups was smoothed out and now users can stay logged in their social media profiles over a truly stable connection.

Semi-dedicated servers and OpenVZ VPSs in  FinlandSince the new data center in Finland was added to our platform, the number of websites hosted on our shared hosting servers there has been growing steadily because of the favourable conditions and the secure image of the facility.

To open up the cool Finnish facility for the more advanced users, we have also added semi-dedicated servers and OpenVZ VPSs to the list of services offered in the Ficolo data center.

Semi-Dedicated Servers in the Finnish Data Center

You and your customers can enable any of the semi-dedicated server packages (Semi-dedicated 1 or Semi-dedicated 2) by selecting the Ficolo data center on the order form:

Semi-dedicated servers in the Finnish data center

Like with the servers in the SteadFast data center in Chicago, USA, a semi-dedicated server in the Ficolo data center will be set up within a few minutes after the purchase.

OpenVZ VPSs in the Finnish Data Center

Тhe Ficolo data center is ready to accommodate all 10 OpenVZ VPS configurations that we are offering. The prices will remain the same:

OpenVZ VPS servers in the Finnish data center

Like with the OpenVZ VPSs in our US, UK and Australian data centers, the virtual machines in the Ficolo data center will be set up within a few minutes after the purchase itself if they are ordered with the Hepsia Control Panel, and within up to 3 hours – if they are ordered with the cPanel Control Panel.

Did you take some time to market the new super-cool Finnish data center to your customers? If you haven’t done so already, here is a short overview of the data center’s advantages:

>> a disaster-proof geographical location – Finland is a country with an extremely low risk of natural disasters like hurricanes, tsunamis, etc.

>> energy efficiency – a decreased amount of energy is needed for cooling purposes due to the facility’s location in a naturally cool network of underground tunnels; the electricity used by the data center is 100% generated by wind power

>> perfect connectivity conditions – direct connections to major fiber-optic network operators like TeliaSonera, Elisa and DNA; for optimum connection speeds, the Internet connections within the country are routed directly to the end customer through the operator’s network, and to international users – through top-level international Internet gateways.

>> maximum data security – a full range of first-class data security solutions, including CCTV surveillance, mantraps, onsite security personnel, firewalls, etc.

Semi-dedicated servers in the UK and in Eastern EuropeThe geographical expansion of our server network continues with the addition of semi-dedicated servers to the data centers in the UK and in Bulgaria.

Now you can offer this custom server hosting solution to a much larger customer base across the globe.

Offering your customers a closer location for their resource-consuming sites will translate into better loading speeds and an amazing website performance.

Semi-dedicated servers in the UK data center

The data center near London, UK, can now accept semi-dedicated server setup requests from you and your customers. It would be a great choice for webmasters from Western and Central Europe and from Africa.

You can enable any of the semi-dedicated server packages (Semi-dedicated 1 or Semi-dedicated 2) by selecting the Pulsant data center on the order form:

Semi-dedicated servers in the UK data center

Semi-dedicated servers in the Bulgarian data center

Our partnering data center in Sofia, Bulgaria, can now also accommodate your resource-heavy sites and apps at the same price. It is a recommended option for users from Eastern Europe and the Middle East.

Again, you and your customers can enable the semi-dedicated server packages by selecting the TelePoint data center on the order form:

Semi-dedicated servers in the BG data center

Semi-dedicated Servers – key service highlights

Here is a list of the key advantages of the semi-dedicated servers, which differentiate them from the other server hosting setups:

  • a guaranteed 99.9% service & network uptime – since the semi-dedicated servers are part of our shared hosting network, they offer a 99.9% service uptime guarantee, not just a 99.9% network uptime guarantee as is the case with the Virtual Private Servers and the dedicated servers;
  • no server management required – our administrators will be taking care of each semi-dedicated server, so you will not be responsible for any server administration duties (monitoring, troubleshooting, maintenance, etc. duties) whatsoever;
  • a free Hepsia Control Panel – our Web Hosting Control Panel comes with each semi-dedicated server by default, so there’s no need for additional setup procedures;
  • instant account setup – a new semi-dedicated server will be set up as quickly as a shared hosting account – right after the payment has been verified by our Sales Department;
  • large CPU quotas – each server will be allocated generous amounts of CPU time, which will empower users to host more resource-intensive sites, including busy WordPress blogs, community portals, e-shops, etc.;
  • large MySQL database query quotas – as with the CPU time, database-heavy website owners can take advantage of large database query quotas;
  • bigger email allocations – semi-dedicated server users can send more emails without an hourly outbound email limit, which gives them more power and flexibility, especially in terms of their email marketing campaigns;
  • a free dedicated IP – each semi-dedicated server will come with a free dedicated IP address, which can be used for SSL setup purposes, for example;
  • free VPN access – 5 GB of free VPN traffic will be ensured for each semi-dedicated server for trouble-free access around the globe;
  • Varnish – this web app accelerator, included with each package, will help users cache their traffic-heavy sites and make them load faster;
  • Memcached – this caching system is also included with each setup and will help users speed up their dynamic applications by reducing database load;
Backup Name Servers - LiquidLayer.net

Backup Name Servers – LiquidLayer.net

 

The NS records turn a floating domain into a fully functional host by anchoring it to a certain server on the web.

Since the availability of a web server might at times be compromised, most domain names have two name servers – the main one (NS1) and a backup server (NS2), which takes over if the  first one is experiencing problems.

To further secure the customers’ online presence, we’ve also added a second (NS3) and a third (NS4) backup name server to each host

 Most hosting providers provide only two name servers per host

It is a common practice in the web hosting industry hosts to be assigned only two name servers by default. This means that they will have only one backup server, which is usually  located in the same data center. Even if the provider offers more than one backup server, the second one will still be located in the same data center.

This way, if a major problem in the data center’s network occurs, which  is not uncommon in the industry as practice has shown,  the customers’ sites will be left out of the game.  

Thousands of users still keep bitter memories of the major network outage at the EIG’s data center in Provo, Utah, earlier this year, which took many servers down and left their sites offlinein the course of days. EIG keeps customers of leading hosting providers like Hostgator and BlueHost under one roof, so we can all imagine the scope of the issue.

Only users who had their own backup name servers in other data centers, were able to survive the crash.

A location-based name server backup service

We’ve learned from experience that the use of different networks to handle name resolutionwithin one and the same data center is not a solid guarantee for online availability. This is why, our admins implemented backup name servers in three different locations around the globe – NS2  in the Chicago data center (already existing), NS3 in the UK data center and NS4 in the Finnish data center.

This way, in the event of a massive network disruption in the Chicago data center, each next-level backup server will be able to take over the job from the previous one in the chain.

A backup name server (NS3) in the UK data center

While implementing the location-based backup service, our admins first added a name server in the Pulsant data center in Maindenhead, UK.

The UK facility has direct connections to international backbones and a very secure infrastructure. Also, the UK is a country with a lower risk of natural disasters like tsunamis and hurricanes, as compared to the USA.

A backup name server (NS4) in the Finnish data center

We’ve selected the data center in Finland to house the fourth name server for a reason. Located in an underground compound, which used to accommodate the Finnish Defence Forces, the data center can withstand even an atomic bomb attack.

Apart from the natural protection against disasters of all sorts, the facility offers an iron-clad security system, which further guarantees the flawless performance of the sites hosted there.

With the implementation of NS3 and NS4 name servers in different locations, you can now offer your customers a much more stable web hosting service, resistant to network failures and natural disasters, which, as we know, no host is immune to nowadays.

This addition will help you convert those clients of yours who only have a domain into actual hosting customers, since you will offer them triple online protection for their sites – something, which is unthinkable with their current host.

Jail Host option in the Control PanelNot long ago, we enabled the ModSecurity anti-hack firewall on all our servers to shield your hosting account from malicious online activity around the clock.

As the global practice has shown, however, hackersmay find ways to infiltrate into the systemsurreptitiously (we all know that no one can possibly offer a 100% anti-hacker insurance) and manage to take over one of your hosts. Well, if that happens, it’s time for them to get ‘jailed’ in that host.

Through the new ‘Jail Host’ functionality, our web hosting system will outsmart the intruder by ‘jailing’ them.

What does the ‘Jail Host’ option stand for?

By activating the ‘Jail Host’ option for a given host, you practically isolate it from the other domains within the www/ directory of the same hosting account.

This way, if hackers try to attack the given host, they will be immediately ‘punished’ and ‘jailed’ in that host.

By being ‘jailed’, the intruders will not be able to use the host as a doorway to the rest of the system where the other hosts of yours are located.

This restriction works at the Operating System level, which will guarantee its efficiency in all cases of hack attacks on the given host.

When could I use the ‘Jail Host’ option?

The ‘Jail Host’ functionality can come in real handy when you hire a webmaster to work on your site. If you do not know the webmaster in person, then it would be reasonable to take all measures to protect your host.

In this case, most hosting providers would recommend giving the guy limited FTP access to the particular host. However, if the guy comes with cruel intentions, they will still be able to break the FTP barrier and to litter your account with malicious scripts. If you ‘jail’ the host first, you’ll never risk putting your hosting account as a whole at risk.

How do I activate the ‘Jail Host’ option?

The ‘Jail Host’ option is integrated into the Hosted Domains section of the Web Hosting Control Panel. It is available with all shared hosting plans, semi-dedicated servers and dedicated servers. The option is not available with our Virtual Private Servers because of its incompatibility with the virtualization technology.

In the Hosted Domains section, click on the Edit Host icon at the end of the Actions column:

Jail Host option - Edit Host panel

The ‘Jail Host’ functionality is located at the bottom of the Edit Host form. Just tick the box andclick on the Edit Host button:

Jail Host checkbox  in Hepsia

Does the ‘Jail Host’ option involve any other restrictions?

From a ‘jailed’ host, you will not be able to access the files hosted under a different domain within the same account. So, if you want to use them, you will need to deactivate the ‘Jail Host’ option first.

However, all the other domains in the account will have access to the ‘jailed’ host’s file system.

•••

The ‘Jail Host’’ option helps users address a very specific security glitch, which lies deep under the surface.

Thus, it will add a new level of protection to your customers’ sites and will give you a very strong selling point in the eyes of prospective customers who are sensitive about online security. Actually, who isn’t?

What’s more, ‘Jail Host’ is a completely innovative option on the web hosting market and cannot be currently found readily implemented on any other hosting platform.

So what are you waiting for? Talk to your customers about security in a new and different way.

Base64 attacks are becoming more and more common these days. They involve exploiting a PHP vulnerability on a website and injecting malicious, base64-obfuscated code. The main targets of such attacks are poorly coded plugins that feature security holes.

The encoded code is decoded when the infected .php file is loaded and the actual attack is carried out. A popular attack is to forward a website to another page, which grants the attacker an affiliate bonus.

Here is an example of what a base64 hack looks like in a .php file:

eval(base64_decode(“dGhpcyBpcyBhIHRlc3Q=”)); – this code will output “this is a test” when decoded. A regular base64 code snippet will be significantly longer.

On our web hosting platform, there are several ways to deal with such hacks:

Restore a backup

With our cloud hosting accounts, we offer multiple daily backups, so anyone can easily revert to a previous version of a website with just a click. And we keep backups for up to 30 days.

Here is how to choose the correct backup:

– Log into the Hepsia Control Panel and navigate to the File Manager section;

– Head to the folder pertaining to the hacked website;

– Sort the files by modified date;

This way, anyone can see when the files were last updated. When there are multiple .php files that were updated 10 days ago, simply load an earlier backup with clean versions of those files.

If there are problems restoring a backup, our support team reps will be happy to assist.

Clean the files manually

To clean the files by hand, simply download them to a computer and clean them using a text editor. The Windows/OSX-compatibleSublimeText or the Windows-compatible Notepad++, both of which are available for free, will do a great job.

Once the files are downloaded, load them in the text editor and search for any base64 code. To see if there is any base64 code on the website, use the following search term:

eval(base64_decode.

Once you discover an instance, copy the actual code snippet and search again. Simply replace the code with an empty space to get rid of it. If there are still any other base64 instances, repeat the procedure until non are left.

Regular expressions can also be used to target base64 code on the website. Again, simply replace the regex matches with an empty space to clear them from the pages.

Here is a sample regex search term: /eval\(base64_decode\((.*)\)\);/i

Keep in mind that this type of search with target all base64 instances. This means that if any plugin or element of the site is using base64 encoding as well, it will also be removed.

Clean the files over SSH

When using terminal access, all infected files can be cleaned with just a few commands over SSH. If SSH access is not enabled for the account, it can be done with a request in theUpgrades section of the Hepsia Control Panel.

The first thing that needs to be done is to get a sample of the infected base64 code. Use this as a reference for cleaning all infected files.

See which files are infected by using the following command:

$ find . -type f | xargs grep “dGhpcyBpcyBhIHRlc3Q=”

This command will search for all files in the current folder that contain the following string:

“dGhpcyBpcyBhIHRlc3Q=”.

Here is how the output of that command will look like:

 ./themes/default/single.php:<?php   eval(base64_decode(“dGhpcyBpcyBhIHRlc3Q=));

./themes/default/search.php:<?php   eval(base64_decode(“dGhpcyBpcyBhIHRlc3Q=”));

This will list all the infected files in the current folder and its subfolders. Once the list is ready, it’s time to eliminate the code.

We’ll use the sed program and our function will look like this:

find . -name “*.php” -print | xargs sed -i ‘s@eval(base64_decode(“dGhpcyBpcyBhIHRlc3Q=”));@@g’

Use the search function one more time to make sure that all the files are now clean. If the search returns no results, the website has been cleaned.

Preventing base64 attacks

As we’ve noted, a base64 hack will target a vulnerability in the code. So the best course of action is to always keep apps and plugins updated to the latest versions available. A good rule of thumb is to only download plugins that are actually needed. If a plugin is not used anymore – remove it from the application.

Also, when downloading new plugins, always keep track of the number of downloads and the update dates. If the last update is more than one year old, the plugin in question may be susceptible to an attack.