Tag Archives: Paypal

How to improve your ecommerce server security & love yourself – Part 2

 

Image representing PayPal as depicted in Crunc...

As with the first installment of this series, we’ll continue to look at optimizing server security for an e-commerce site. Clearly security for an online business is not just a matter of PCI compliance or making sure your own information and accounts are safe. Security breaches can (and regularly do) bankrupt companies, and a business’s reputation with consumers can plummet.

Server security is one thing, though. Learning to love ourselves and feel secure in our own skin is essential to the good life. One easy way I have found to feel secure in my skin is to look at myself in the mirror while poorly reciting French love poetry. If I feel awkward staring into my own eyes while I read – in an awful, just absolutely terrible French accent – love poems, I look into the eyes of a photograph of myself instead.

So far we have discussed the basic types of hosting, development of a security plan, and SSL security certificates. In the next and final installment, we will focus specifically on passwords since they comprise such a large part of security. Today we will go over backups, vulnerability scanning, updates, payment gateways, and balance.
Continue reading How to improve your ecommerce server security & love yourself – Part 2

What is High-Availability?

 

LVS official logo

So what is this new-fangled concept called “high-availability?” Traditionally, high-availability has been experienced by women in nightclubs, when a man has walked up and said to them, “Hey you, I just want you to know that I’m not like these other hard-to-get jokers in here. I’m available 24/7, around-the-clock, to come over to your place and give you a shoulder massage.”

In computer terms, high-availability is different. It refers to how fault-tolerant or resilient a network is, how capable it is of delivering a website accurately every time. If there is an error in one specific location of the software or hardware, that does not affect user experience because the system accounts for the difficulties and resolves them prior to delivery. It similar to a pizza place that checks to make sure there is no maliciously discarded bellybutton lint among the sausages and peppers before the pie goes out the door.

To better understand how high-availability works, let’s take a look at comments on the subject from Microsoft, Oracle, and Linux Virtual Server in this three-part series. While we study the topic, let’s pay an Olympic-trained athlete to swim in a pool that we’ve installed in a glass box over our heads, because a German study from the early 1970s indicates that it improves knowledge-retention.

Availability & Uptime

Okay, the swimmer is swimming. Thanks for chipping in $32,468. Let’s look at what availability is and how it relates to server uptime.

Availability is a general term that includes system failures, reliability, and recovery when anything does go awry. Availability is often phrased in terms of server uptime, whereas any instances of failure are considered downtime. Failure refers not just to when a system is inaccessible, but also to when it is not functioning correctly. My brain, for instance, has an average daily uptime of 23.8% even though I only sleep 90 minutes a night.

Uptime is basic math, and it can get a little boring to see every hosting company out there promoting their guaranteed 99.99% uptime. These figures, though, are significant. Just take a look at Microsoft’s figures for 99% uptime and 99.99% uptime.

With a 99% uptime guarantee, the website could experience as much as 14.4 minutes of downtime each day and 3.7 days of downtime each year. With a 99.9% uptime guarantee, those figures are cut to 86.4 seconds per day and 8.8 hours per year. Um… I don’t want to distract you, but did we forget to put breathing holes in the glass box? He looks like he’s under duress. The problem is, though, the German findings do not allow for any pauses or disruptions during the learning process, so we have to continue.

A brief note on uptime as it relates to us: It’s funny to think that any amount of “unscheduled downtime” (software updates and other server maintenance) is acceptable. That’s why we guarantee 100% uptime in our service level agreement (SLA) with all our customers (reimbursing for errors) – one reason our customer retention rate is over 90%.

Prediction & Availability

Optimizing for availability of a network is complex. Every aspect of the system, from the applications being used to the way that it is administered to how it’s deployed all make an impact on availability. Microsoft recommends that failures will always occur from time to time, and those failures will of course be unexpected. Predicting moments of downtime, then, is virtually impossible. Yeah, let’s… I guess get rid of that glass box. It’s a little depressing.

However, a system will automatically become more reliable as a network develops stronger recovery mechanisms. Microsoft points out, “If your system can recover from failures within 86.4 seconds, then you can have a failure every day and still achieve 99.9 percent availability.” I’ve used this same logic to explain to my wife why it’s acceptable for me to stare at the ceiling and shriek like a wounded and deranged animal for 86 seconds every day when I walk in the door from work.

Effect on Page Loads & Revenue

Availability can be thought of simply as uptime, but it can also be thought of in terms of transactions, such as those on an e-commerce site. The same math really applies to any situation when thought of in terms of pages failing to load or loading incorrectly.

A website with 99.9% availability or uptime that receives 10,000 data requests from visitors each day will experience 10 failures per day and 70 per week. The following is from a table Microsoft provides defining different availability figures as fulfilling the requirements of certain types of systems:

  • Commercial – 99.5%
  • Highly available – 99.9%
  • Fault resilient – 99.99%
  • Fault tolerant – 99.999%
  • Continuous – 100%

Conclusion, Continuation & Poem

Okay, so that gives us a basic starting point for exploring availability. Again, if you like the idea of 100% uptime, that’s our promise – and we put our money where our mouth is in our SLA (and also I put pennies in my mouth sometimes, because I like the way it tastes and can’t think of what else to do with them). Here are our solutions for shared hosting, dedicated servers, and VPSs.

We will move on with this subject in the second part of the series via discussion of the Oracle piece. I’m really sorry about the swimmer. That was a horrible idea on my part. Here is a poem to make you feel better:

Thank you for your time

I think you are very nice

Let’s all go to Tijuana

And eat some beans and rice.

By Kent Roberts

Plesk / cPanel Passwords & Using a Random Password Generator

 

HostGator Cpanel Login  Screen

Both Plesk and cPanel have assistance tools for password generation. cPanel has its own random password generator. Plesk allows you to set password strength parameters that gauge new passwords and only allow new ones if they fit certain specifications you establish as the admin.

Beyond what’s available within these two control panels, anyone has access to random password generator tools – I’ll look at one of the best ones out there. This app is great for simple generation of passwords for anything that’s outside your hosting environment and/or when you want to get access to passwords fast. Note that since Plesk does not have its own password generator, you need an alternative anyway. I’ll also discuss how to create a system for passwords so you can keep track of everything.

For this article, I’ll first look at Plesk/cPanel and then the specialized software that’s available. My main sources are cPanel, Parallels, and a piece by Stefan Neagu for MakeUseOf.

** I’ll also go over some of the best passwords out there – sort of an awards ceremony for password users throughout the world. To start out, I’d like to congratulate Becky Stephens from Minneapolis, Minnesota for her excellent PayPal password, I83&hh^^*ksj37dfiFGjer84438$$%ksajFhsaBdh483894#%$.

Plesk Password Generator? Heck No.

There ain’t no Plesk password generator folks. However, you’ve got other ways to get passwords, so, not a big deal. You can control passwords, though, to make sure all your passwords meet minimum strength requirements. Parallels recommends using higher security for passwords – so there perspective is to max out the security and forget the UX as far as this setting goes.

Keep in mind – you may want to achieve a balance between the ease of memorizing and strength of password security. You may get more support requests re: lost passwords. That’s just something to consider prior to making the passwords more difficult – surely folks will forget more. ** I want to commend Pete Blair of Oklahoma City for this incredible password for his Chase bank account, 298398sdSYfj$#%^#$%@hfjDh4t6R04C986$#^%#$%fuhsdf, which is difficult to guess but also very easy to remember.

Just to be clear what we mean by strength, that’s in opposition to vulnerability. If your password is “strong,” it is considered to be hacker-resistant. Really, though, hacker-resistance is a spectrum. The level of hacker-resistance will be established by these settings, allowing you to make it less likely that an attack against your system or a specific account will be successful.

In a nutshell, what strengthening your password means is making it longer and more complex – so, you’re going to need to stretch out the passwords and use more sophisticated approaches with numbers, symbols, and upper/lower case. The password, essentially, is going to look incredibly annoying and incomprehensible.

To adjust your password strength settings with Plesk Panel 11, go to Tools & Settings > Password Security > Password Strength. You can choose between the following five levels of strength: Very strong, Strong, Medium, Weak, or Very weak. (“Very weak” is what I always choose for my home security systems.)

Changing a setting within this window will universally modify your parameters so that not all passwords are accepted. The system will keep spitting back a message to the user to strengthen the password, with instructions how to do so, until one is submitted that is strong enough to meet the requirements.

Once you have adjusted the settings for password strength, no one using the system – whether that is a customer or reseller, the admin or an auxiliary user – will be able to create a password that exists outside of your minimum guidelines. This also applies to all scenarios – email, FTP, whatever – as well as at the inception of the account / original password generation and changes to it at any point. Adjusting the password strength will affect new passwords that are established, but not the ones that are already active.

** Rebecca Townsend of Toronto, Ontario, also has an incredible password for her Apple account: Efoh43098D53G048jkfs&^%^%$$#^^#sdfjDhosSdfkjh576&^%. Rebecca’s password, rather than being generated with a software program like many of the others I’m praising in this piece, came to her in a dream. The dream was mostly about ice cream, but the sprinkles in the ice cream spoke the password one character at a time.

cPanel Password Generator? Well, Sure.

There is a random password generator tool in cPanel – it’s called, nonsensically, Password Generator. The button is not always present – it sometimes likes to be unavailable. Sometimes it’s shy. But don’t let the tool’s occasional shyness convince you that it is not the sexiest functionality in the entire cPanel system.

To use the Password Generator, just click it. You’ll see a password immediately pop up within the tool. You don’t have to take that particular one. You can keep clicking Generate Password until you see one you like. If you click it several billion times, you will eventually see your mother’s maiden name.

You can change the parameters for the password too. In Advanced Options, you can select and check boxes for inclusion or exclusion of the different types of characters and cases. Length of the password can be determined as well.

Once you’ve determined what the password is, check the box to indicate that you’ve written it down in a safe physical location or that you have saved it in a secure database. Here are Mac and Windows systems for password storage:

Once you’ve got the password you want, you can use it on the page in cPanel if you want by clicking Use Password – which also closes the tool. You can also close the window without using it – allowing you to use the app for generation of passwords for external accounts if you like.

** Patty Iverson of Albuquerque, New Mexico, has a fantastic password for her Facebook account. It’s bhFgh9E008342%$%D$%$sddfkSjhsdEgo867$%fjheiu%$&4. Great job, Patty. Patty has her passwords written down on a paper coffee cup that she keeps behind the Tupperware in her kitchen cabinet (the one at eye level just to the left of her sink). Weird right? Great idea. The key to her apartment, if you need it, is under the cactus to the right of her front door. Take a look at those passwords.

Considerations for Use of Random Password Generators

OK so we are going to look at a random password generator. Prior to exploring it, though, let’s think about what we need from one of these tools. The following considerations were mentioned by Stefan in his MakeUseOf piece.

  1. How long is it? As discussed above, you want to know the tool you’re using gives you a long password. That’s just a basic way to keep it from being guessed.
  2. How entropic is it? Per the Free Online Dictionary, entropy indicates the amount of “disorder or randomness in a closed system.” It seems strange at first to be going for randomness and disorder with your security, but that complexity with make it easier to evade intrusive maneuvers by criminal parties.
  3. Do you trust the provider? You need to have knowledge or faith that the organization behind the tool you are using does not store your information or have a backdoor. It’s not much use to utilize a system that can itself get invaded. Is the transmission secured? You want an online password generator, for instance, to have SSL encryption (HTTPS protocol).

 

Bradley Thomas of Newark, New Jersey, is using an incredible password for Windows: sdSlk4509w8D90ekdsg&#$ED%3jsakhXUfdjlk6$##$klEaslCkjddlkj32W$#%S790sfXkUl35#$%#45skike56. If you are ever away from this piece and want to remember it, it’s written down on a piece of paper in his wallet. If you’re able to get the wallet, you can go ahead and throw away the pictures of his children and buy some gifts for your own children with his credit cards. If you use the Delta card, it will increase his frequent flyer miles, which is really the least you can do.

Password Generation & Storage: Perfect Passwords & IronKey

Per Stefan, Perfect Passwords is the best solution out there for standalone pass-gen software. This software was created by Steve Gibson, who has an incredible reputation in the programming world and a career of accomplishments to back up his ability to create an application you can trust.

An SSL certificate secures the connection as the passwords are being created. The software runs three strings simultaneously, each of which has 63 or 64 possible components. You can choose how to mix and match the strings. This system is complex, which in turn creates passwords that are highly randomized.

Get an IronKey thumb drive. An IronKey device is itself password protected – and all files and data on it are encrypted as well. The drive will wipe itself clean if anyone attempts to take it apart by hand or after ten incorrect passwords are tried.

The IronKey drive comes with a GUI password administrative app and a secure browser. Passwords are only on the screen: they don’t ever get typed in or go through unsecured third-party software.

Aside from the IronKey, Stefan stores some passwords in an Excel file – one column containing the account to which they correspond, the other containing the password. He keeps the file in his Google Drive.

Stefan’s Google password, by the way, is 32AH0984sfkjkj45R609#$%#$34sEdflkjUsdfl0$SO%^$SSfja#@S$fd.

Summary & Conclusion

If you are using Plesk Panel, be sure to strengthen the parameters so that when new passwords are created or when they are changed, strength – both length and entropy – is mandatory. If you are using cPanel, you can use its random password generator to create passwords – or you can try out Perfect Passwords.

Regardless what system you are using to create passwords, IronKey is an option if you want to store your passwords securely and have them on a device you can use anywhere. You can also keep your most important passwords in the comments below this piece – though that is probably not a good idea. So, if you are a precocious seven-year-old and don’t quite understand what I’m talking about, don’t place all your passwords in the comments. I could probably get sued, especially if I use them to gather information about your family and break into another suburban home. It’s time for a change.

by Kent Roberts and Richard Norwood

Best cPanel Apps, Part 2

 

Control Panel

As you probably know, cPanel applications can greatly enhance the experience of hosting via cPanel/WHM. As with applications for any system, these pieces of software provides simple interface-based formats to monitor a network, compile data and statistics, and perform certain standardized tasks. The end result will be that your cPanel operation will run more smoothly with simplified administration.

I previously detailed some of the other top applications – 15 of them, and there are an additional 11 here as well. The apps below cover a plethora of administration aspects – security, performance, billing and support, template design, mobile compatibility, and more.

My previous piece used applications from two sources – the cPanel Application Catalog and GK~root. This piece will be derived entirely from the cPanel Application Catalog, looking specifically at the apps that have the highest ratings on their site and that were not covered in the previous article. A large amount of the information I will present, other than the general ratings, will be gathered from the application websites.

Below I will give descriptions of each app, along with insider anecdotal information related to the software, its creators, and as applicable, early childhood development. Note that this article is intended to be read over a candlelight dinner featuring lasagna, garlic bread, and mixed greens. There should only be one person seated at the table. The person reading the article should literally be “over” the table, perched on a small swing and occasionally pausing to play the harmonica. (That, after all, is how it is being written. My fiancée looks worried, but I think the blues solos are soothing her.)

Atomic Secured Linux

•    4.1 out of 5 stars (3rd overall)

This application improves the security of a Linux server. The product proactively protects the server rather than relying on signatures or patches of known vulnerabilities. It increases the security both of the OS and applications. Atomic Security Linux was designed to be easy to use regardless of your level of expertise, with more sophisticates features for those who have greater experience.

A number of celebrity cyborgs, including Kim Kardashian and Oprah, have installed this application as a sort of protective chastity belt to avoid their biology-technology ratio from becoming imbalanced during moments of weakness (allowing open-entry to intruders). Cyborgs must be careful not to ever become more than 50% biology.

WHM Complete Solution (WHMCS)

•    3.8 out of 5 stars (10th overall)

WHMCS brings together a number of different functionalities – account management, billing, support, domain management, etc. The idea of this application is general automation of all these various facets of online business. The application touts how easy it is to integrate with over 100 different APIs (PayPal, Authorize.net, etc.), with scripts to do so easily available on their website.

Many people don’t know that this product was originally called WHM: The Final Solution. Test marketing revealed that many potential clients viewed that name as “overly dramatic” and “too Hitler-ish.”

Varnish Cache

•    3.8 out of 5 stars (11th overall)

This caching HTTP reverse proxy, a type of web accelerator, caches pages in memory rather than storing them on disks. The plugin’s site claims it is faster than Nginx, Litespeed, and Lighttpd. Varnish Cache reduces your server loads and optimizes the speed of your site, accelerating your server as much as 1000x (up to 2000x if you are lucky enough to have twin varnishes).

Varnish Cache should not be mistaken for “varnish cash,” a way that young boys prove their ascent to manhood in the Ohio River Valley as their friends and relatives watch admiringly. Note: Huffing varnish, whether for a small pool of money or not, stunts early childhood development … but some say it’s worth it.

CleanPanel (cPanel Designs)

•    3.8 out of 5 stars (13th overall)

This app is a template to improve the appearance of cPanel. You can choose between a number of different colors, and it has been tested for compatibility with all major cPanel applications. CleanPanel is primarily focused on user experience (UX), using space and contrast between different elements of the design to make the page cleaner to view and use.

CleanPanel’s creators view it as a political statement against the Nuclear Regulatory Commission’s Atomic Safety and Licensing Board Panel, which is notorious for always being high on varnish when determining its new safety guidelines. Now that’s an unclean panel!

mysqlmymonlite.sh

•    3.8 out of 5 stars (14th overall)

This plugin optimizes MySQL. It is a stripped down version of mysqlmymon.sh, which generally monitors the system. mysqlmymonlite.sh http://mysqlmymon.com/, the “lite” version, gives statistics without providing as much sensitive data pertaining to the server. Stats include CPU, memory, and general server information. All is gathered in under 12 seconds, according to the app’s site.

The script for the lite version is suspected to have been developed by pouring Miller Lite over the original script. This process not only stripped down some of the features of the standard version: it also significantly decreased its calories.

CP Control Panel (cPanel Client for iPhone / iPad)

•    3.8 out of 5 stars (15th overall)

This app allows you to perform backups, manage files, perform FTP transfers, manage email, view stats, manage DNS, etc. – all from an iOS mobile device (iPad or iPhone). The two features highlighted on the CP Control Panel website are that its FTP client, which is built into its script, makes file management significantly easier. Also, the connection is directly to your current server – your login credentials go straight to your host.

Though it would seem that the CP in this app’s title stands for Control Panel, it actually stands for Club Penguin. CP is a Disney program that, like varnish, stunts early childhood development. (Science has proven that huffing cartoon penguins into your brain is at least as deadly as poisonous chemicals, because the penguins are hungry.)

MobPanel

•    3.8 out of 5 stars (16th overall)

This application is primarily focused on making it easier to manage hosting and cloud accounts. It is compatible with major mobile devices. The most important information is immediately available when you initially enter the GUI. MobPanel allows you to manage accounts, reboot servers, and many other general management tasks.

As you may suspect, this plugin was not named to denote huge throngs of people. It was originally designed for the Polish Mafia in Brooklyn, so that they could better manage their Internet presence, which was spotty until they discovered this nifty tool. Now their “My Legs Were Broken by the Mafia, and All I Got Was This Lousy T-Shirt” apparel is selling like wild.

Softaculous

•    3.8 out of 5 stars (17th overall)

Softaculous allows you to auto-install a huge library of scripts, almost 300 of them, in one click. You can install a content management system (CMS), for instance, such as WordPress or Joomla!, with this app. Be aware that performing updates of a CMS with Softaculous, or any auto-installer, can be dangerous because any plugins on your site may not fit the new version. Look before you leap.

The creators of Softaculous do not have a history in software. They have a history in toilet tissue, where they consistently rubbed tissue against their skin and thought, “This is softacular! No, that’s not quite right.” Finally, they were terminated for being too obsessed with softness (at the grave expense of absorbency). Seven years later, after they decided IT was the best place to celebrate softness and received fast-track PhDs in computer science from the University of Bogota, Softaculous was born.

Blesta

•    3.7 out of 5 stars (20th overall)

This cPanel plugin allows you to manage billing, support, and general client management. The app uses modules, which makes it more versatile for different types of online businesses (ie it’s user-friendly). Functions such as invoicing, support, and payments can all be performed directly from a client’s page. Blesta’s code is open-source. It also allows remote API access.

Blesta was originally an auto parts store. Though the company’s focus has now turned to cPanel administrative plugins, they still give oil changes and tire rotations to their repeat customers free of charge, “to remember the old times.”

ASSP Deluxe for cPanel

•    3.7 out of 5 stars (21st overall)

According to the application’s site, ASSP Deluxe is “the only ASSP frontend for cPanel officially supported by Fritz Borgstedt, ASSP developer.” The app is used on over a thousand servers worldwide (one out of every six using ASSP, according to the app’s website). It’s an easy way to set up ASSP on your server to prevent spam and viruses.

The makers of ASSP Deluxe were previously the editors in chief of car kulture DeLuxe Magazine http://www.ckdeluxemag.com/. They get their oil changed by Blesta. It’s a well-integrated industry, more automotive than it might at first seem.

Parallels Web Presence Builder

•    3.7 out of 5 stars (23rd overall)

This plugin is a CMS – it generally assists with website building. It includes thousands of templates and the ability to add ecommerce, integrate Facebook (by transitioning the actual design of your site for usage with it), search, and analytics. This Parallels product allows WYSIWYG editing of sites so you can customize.

This product came out soon after the debacle in which Parallels released a product called the Web Absence Builder. This app, also designed for cPanel, simply sent out massive amounts of spam emails to all the clients associated with a site, then filled it up with pages of porn malware, and finally went to a shot of eternal white static.

Conclusion

Each of the above apps can improve your experience using cPanel/WHM for administration of your site. Visit the sites and see what you think. Many of the apps can be tested, with free trials available. Good luck. If you’ve used any of the apps and either liked or disliked them, or have any other comments, please let us know below.

by Kent Roberts and Richard Norwood

Monetize Your Website With Memberships

Today I’m looking at recent blog posts related to bringing community to your website. The best way to monetize your website is to have a loyal repeat visitor base. These visitors will act as your ambassadors, and from here you can take a number of approaches to generating your website revenue. If you develop a niche community, you can offer your audience demographic to your potential site sponsors. Or if your site develops special informational value, you can capitalize on that directly using membership subscriptions.

The range of WordPress membership plugins can be overwhelming so here we examine the most popular options to help you make an informed decision.

Juliana Payson‘s insight:

Tech Toucan goes into depth here with the integration capabilities with your WordPress Website. By far my favorite is S2 Membership, it allows Paypal integration for subscription fees.

 

 

Websites can boost revenue through Advertorials
Canadian National Newspaper
Owners of online websites and blogs can get extra revenue streams through AdvertorialAgency.com, in an environment more difficult to generate advertising revenue.

Juliana Payson‘s insight:

Sick of using spammy looking Adsense to generate revenue? Get targeted headline content to appear on your site. It still pays out using a similar mechanism to the Adsense banner ads, but instead you have up-to-date article headlines relevant to your audience.

 

Blog post at Blogging Tips : Deciding to monetize your blog is something you need to think long and hard about. What sort of avenues will you use to generate income?

Juliana Payson‘s insight:

Affiliate links are a fantastic way to monetize your blog and they can be profitable depending on your niche. Vouching for a product using an affiliate link meaning you earn commission when someone purchases the product. Reviews and product suggestions are always helpful to your reader base, I find Google Affiliate Program particularly useful for this. Pay attention to the comments section of this article, people’s individual experiences are noteworthy and may be relevant to how you want to run your particular website.

 

Do you have any monetization tips for non-WordPress CMS websites? Please get in touch here on Google Plus if you have tips you’d like to share via Superb.net – Juliana