Dear Customers,

After more than two decades of active existence, the web is now faced with never-before-seen security issues. In such a hostile and growingly unpredictable environment, it’s web hosting providers who need to shoulder the burden of keeping the integrity of site contents and shelter them from negative influences.

In a response to the global security crisis caused by cataclysmic bugs like ‘Heartbleed’ and the brute-force attack on WordPress sites, we are now in the process of reviewing and improving the overall security of our web hosting services so as to ensure a long-term protection of your sites and applications.

There was already a review of all the features and tools on our hosting platform that are centered around security.

What is left to be done is to ensure a fully encrypted communication over the entire range of client protocols.

As far as encrypted transmission of data over the HTTP protocol is concerned, we offer you a few SSL options that will allow you to transmit sensitive data on your sites over a secure connection. We’ve recently added an option to activate an SSL certificate by using a shared IP address for free, so as to make this option affordable to anyone.

To ensure an encrypted transmission of data over the FTP protocol, we have so far offered users access to sFTP – a security extension to FTP that allows customers to make a file-transfer-protocol connection with our servers by means of SSH.

Now we have enabled FTPs – another security extension to FTP, which uses SSL encryption to protect data as it is transmitted over a network.

In contrast to sFTP, which is accessible only to SSH users, the FTPs protocol is available to anyone who uses an FTP client.

To make use of FTPs, you will first need to make sure that your FTP client supports SSL encryption and then simply use the special FTPs server that is found next to the regular hosts for your account:

Regarding the email protocol, we are planning to review the current implementation of POP3s, IMAPs and SMTPs – the basic mail service encryption technologies, on our platform so as to make sure that they come up to the latest security standards.

Also, in the long run, we’ll be focusing our server network administration efforts on the implementation of DNSSEC – a security extension to the Domain Name System (DNS), which was created to address vulnerabilities in the system on a global level.

Kind Regards,
Web Hosting team

Dear Customers,

This is the second of a series of articles dedicated to building a successful online presence. The following article is dedicated to site loading speeds. Check out the first article on website security, in case you have missed it.

If content is king, then website loading speed is the ‘scepter’ of the king, which allows him to reach his citizens in the fastest possible way.

Just as the content needs to be of decent quality to capture the reader’s eye, the website loading speed needs to be as fast as possible so that the quality content in question can be delivered on time before the reader loses interest.

As we know, the attention span of site visitors has dropped significantly over the last years, so the faster a site loads, the less bounce rates it will score. Not to mention the fact that site loading speed is one of the major factors in the Google ranking algorithm.

There are many hardware/software quality factors that influence the loading speed rates, most of them being in the very hands of the web hosting providers.

Here is how we, at ResellersPanel, face these factors to make sure that you enjoy blazing-fast loading speeds that ‘rule’.

• SSD Storage

  We use SSD drives instead of regular HDDs, since they offer an innovative technology for data storage, which uses electronic interfaces. Also, they are more compact in size and have no moving parts and rotating disks. This makes data reading more straightforward (allowing for a file access time of 0.1 millisecond) and site loading – noticeably faster. Tests have shown that a site hosted on an SSD performs significantly faster than a site hosted on an HDD. You can make a simple test – compare the performances of SSD- and HDD-equipped PCs and see for yourself.

• Data Compression

  Thanks to the ZFS LZ4 compression that we use to store your content, data reading and writing on our hosting platform is a lot faster. This means that your sites will be delivered faster to the public in comparison with sites stored on an EXT4-based cPanel hosting platform.

• A Well-Balanced Platform

  We have built a custom cloud hosting platform where the server workload is being distributed between a few machines instead of just one. The even distribution of core service tasks allows for server requests to be carried out faster. This way, your mails will go through faster as well as your web applications and sites.

• Data Caching

  We use special methods to cache your frequently accessed site content in the server RAM, so that future requests for that data can be served faster. We deploy servers with large amounts of RAM to make sure that larger site contents are cached efficiently as well.

• PHP Opcode Caching

  We use the APC (Alternative PHP Caching) framework to avoid the overhead of parsing source code on each request and to ensure that dynamic web pages are served faster. This tool works perfectly well with applications with a large source-code base such as Drupal, leading to a 3x increase in the page generation speed. You can enable APC caching for your PHP resources from the Advanced section of the Control Panel.

• Website Accelerators

  In the web hosting Control Panel, you will find various tools that will help speed up your sites and applications. Memcached will help reduce the number of times a database or API is read by caching data and objects in RAM. It is perfect for traffic-heavy, database-driven websites like large e-stores, busy blogs, news portals, etc. Varnish, in turn, is an HTTP accelerator that caches not-so-often updated pages of content-heavy websites to make them load faster to the visitor. Node.js is perfect for speeding up data-intensive, real-time applications.

• A Custom-Built Network for Faster Access

  Our administrators have built a custom, load-balanced internal network in the data center, so as to boost the communication between the different servers in our load-balanced platform (as mentioned above). Also, we have selected data centers that use various major ISPs and that have access to several main Internet backbones to ensure a lightning-fast connection between your sites and the rest of the world.

• A Choice of Data Centers

  Since the location of a site is tightly connected with how fast it will resolve to its visitors, we offer a choice of data center locations across the world. Thus, you can choose to host your site as close to your audience as possible and achieve the fastest possible site loading speed. We have a data center in the USA for North and South America-based websites, a UK data center for websites based in Europe, Africa and the Middle East, and a facility in Australia aimed at serving websites in Australia, Oceania and Asia.

Kind Regards,
Web Hosting team

Dear Customers,

Over the past few weeks, our system administrators have detected an unusually high amount of traffic towards WordPress login pages such as http://www.yoursite.com/wp-admin.

They have analyzed the traffic and have found out that it’s all due to a massive global brute-force attack against WordPress sites.

Unlike hacks that focus on vulnerabilities in software, brute-force attacks are aimed at gaining access to a site in the simplest possible way – by trying random usernames and passwords multiple times in a row, until the site is broken into. This makes passwords like ’123456′ and usernames like ‘admin’ most vulnerable to brute-force attacks.

The traffic-consuming nature of these attacks may lead to the excessive use of your server’s memory and may cause serious performance problems for your sites and applications. This is because the number of http requests (i.e. the number of times someone visits your site) is so high that the server runs out of memory.

This sort of attack is not endemic to WordPress only. However, the application’s popularity makes it a frequent target for brute-force abusers.

Here are a few very simple tricks to protect your WordPress site:

1. Limit the access to the wp-admin directory by IP address

   If you are the only person who needs to log into your admin area and if you have a static IP address, you can deny access to the wp-admin folder to everyone but yourself via an .htaccess file.

   Create a file called .htaccess using a plain text editor or simply edit the existing one (if any) and add:

   # Block access to wp-admin.
   
   order deny,allow
   
   allow from x.x.x.x
   
   deny from all
   

   Here x.x.x.x is your IP address. You can add multiple IP addresses by adding the line: allow from x.x.x.x in accordance with the number of IPs you wish to whitelist.

2. Limit the access to the wp-login.php file by IP address

   You can also limit the access to your wp-login.php file inside your wp-admin/ area via an .htaccess file.

   Create a file called .htaccess or simply edit the existing one (if any) in the /wp-admin folder and add:

   <Files wp-login.php>
   
   Order allow,deny
   
   Allow from x.x.x.x
   
   Deny from all
   
   </Files>
   

   Here x.x.x.x is your IP address. You can add multiple IP addresses by adding the line: allow from x.x.x.x in accordance with the number of IPs you wish to whitelist.

3. Update your robots.txt file

   Add the following lines in your robots.txt file or create a file named robots.txt with the following content:

   User-agent: *
   
   Disallow: /wp-admin
   
   Disallow: /wp-login.php
   
   Disallow: /administrator
   

   This will essentially block search engines from indexing these URLs, as brute-force attackers generate lists of such URLs (intitle: Log In and inurl: wp-login) namely with the help of the major search engines.

   This method is more of a long-term prevention, as it will take a few months for the search engines to update this information, but it should make brute-force attempts disappear for good.

4. Protecting yourself from spam comments

   On another note, if you are receiving a large amount of spam comments on your WordPress site, you can deactivate the comment option by doing the following:

   Go to yoursite.com/wp-admin/options-discussion.php

   Uncheck ‘Allow people to post comments on new articles’

   You WILL need to go to all existing posts and to turn off comments there as well

   If you still want people to be able to comment, you might consider having them register first. In that case, check the box ‘Users must be registered and logged in to comment instead’.

Kind Regards,
Web Hosting team

Dear Customers,

The web is a huge, tightly knit ecosystem, which is constantly getting polluted by malicious users and algorithms. So, once launched online, each site becomes vulnerable to many negative influences.

To make sure your websites are prepared to meet the challenges of the polluted ecosystem, we have built up our platform around enhanced security.

Here is a list of the features and tools we have implemented on our shared hosting platform to help you stay safe online.

• ModSecurity anti-hack firewall

  The ModSecurity Apache module is a firewall that will effectively prevent most URL forgery or “brute force” attacks and forum spamming attempts targeted at your websites. By default, ModSecurity is enabled for all the websites in a hosting account, so it will automatically block all incoming requests that are flagged as insecure. Also, it is kept constantly updated in order to prevent all types of ‘up-to-date’ attacks. You can find ModSecurity in the Advanced section of the Control Panel.

• Website-based firewall

  Using our Outgoing Connections functionality, you can restrict the outgoing traffic from your site. It will prevent sensitive data leaking off a site to an external host. By default, all outgoing connections from a customer’s account are disabled. If, however, you want to allow external connections to certain IP addresses, you can do so from the Outgoing Connections section in the Control Panel.

• Anti-virus protection

  Our servers are equipped with a powerful security system to stop viruses, Trojans, worms and other malicious bugs aimed at disrupting your website and emails. All our servers are protected by a constantly running anti-virus software. Heavily modified by our sysadmins, our anti-virus software operates in the background – it does not affect server performance and effectively keeps viruses, Trojans, worms and other malicious bugs out of our servers.

• IP blocking

  With the help of the IP Blocking tool, you can prevent a malicious user or a script from attacking your site by blocking the IP address they are coming from. It allows you to easily deny a specific IP address access to your website or to a section of it. You can even block an entire range of IP addresses, because a hacker might use a dynamic IP from a certain network to attack your site. This tool is located in the Advanced section of the Control Panel.

• .htaccess generator

  From the .htaccess Manager in the Control Panel, you can easily control the behavior of the Apache web server. For instance, you can protect your website content with password-protected folders and IP-based authentication, enable hotlink protection for your images or CSS files, block different IP addresses from accessing your website and even block visitors that come from a particular site referrer. The .htaccess Manager is intuitively integrated into the Advanced section of the Control Panel.

• Data corruption protection

  Our platform relies on the ZFS file system, which has an inbuilt checksum functionality to ensure protection against silent data corruption. This way, if data gets corrupted on one of the disks in the RAID array, the system will be able to recognize the corrupted files and to recover the data from the unaffected disk. In the meantime, the EXT4 file system, which is used by most cPanel hosting providers today, does not have checksums and hence might mistake the healthy files as being corrupted and thus compromise the data on the healthy disk as well.

• Help with hacked sites

  We offer help with hacked sites within reasonable limits. When our technical support team receives a report of a hacked site, they first try to contact you and to provide advice on how the issue can be resolved in due time. If you are not experienced enough, our technicians then take the case in their hands.

• Daily data backups

  If, by any chance, your site contents get lost or compromised, you can easily restore them from the Control Panel. We offer browseable daily backups, which are executed 4 times a day, and which can be restored with a single mouse click at any moment. Also, our Dropbox backup option allows you to store a backup of your site and databases in your Dropbox account as well. The Browsable backups and the Dropbox backups are located in the File Manager.

• Last, but not least, we offer comprehensive Control Panel-integrated web statistics that will help you monitor your website traffic, so that you could quickly locate any possible malicious behaviour targeted at your site and take measures to block it in time.

Kind Regards,
Web Hosting team