Questions and answers about virtual serverCommunity Poll
Wed, 28 May 2008 21:15:24 +0000
Last week we asked how many web hosts do you currently use and 71% said one. This weeks question is…
What would be the best prize for a contest?
22" Monitor
Laptop
Vado
Wii
View Results
Managed Blog Hosting - Looking to start your own blog but don’t want to get stuck with installing, maintaing and upgrading it? Let us do it all for ...]
ThePlanet.com – Current Promotions
Tue, 27 May 2008 16:16:07 +0000
ThePlanet.com is my favorite web host. I have been a customer with them pretty much since 2004. About a year ago I swapped my old server for a new one based on one of their super specials that they had last summer. I could not be happier. The server is rocking and uptime is high. ...]
It's time to punish spammers
Tue, 19 Sep 2006 12:45:26 -0400
This post focuses on the S-word. SPAM.
How can ISPs & Web Hosts stop spam? How can we fight back? What tools can we use to fight back? What methods can be used on the server-level to protect end-user inboxes?
There are some things in life that just make me smile:
But this makes me smile from ear to ear:
Earthlink awarded $11Million from Spammer
Spam is a problem that is plaguing not only end-users but web hosts, ISPs, backbone providers and network administrators as well.
While the CAN-SPAM legislation is weak, it provides an essential first-step towards setting up the battle in the legal arena to fight spam. Making it illegal to forge headers and return addresses provides companies with a legal basis for prosecuting spammers in the United States. Obviously more needs to be done, but the CAN-SPAM act is better than nothing.
It is obviously every good netizen's (net citizen?) dream to eliminate SPAM. SPAM has turned one of the quickest and far-impacting methods of communication into a daily hassle and waste of time.
SPAM is damaging the internet community in many ways. A few of the main problems caused by spam:
- End user frustration. End-users are frustrated by the amount of SPAM in their inbox and eventually, instead of experiencing a life-changing method of communicating with relatives in another country or engaging in commerce, end-users are forced to sift through myriads of messages to weed out the ones that they want to read. In extreme cases, this deluge of spam may even cause light-weight users to simply stop using E-mail.
- Hijacked computers. A large portion of bulk email is sent from hijacked and compromised computers. While there are many spammers who rent their own servers, there are networks of hijacked PCs which are sold in blocks of thousands for use by spammers. Ignoring the fact that such behavior is illegal, anyone who has used or tried to disinfect a hijacked PC knows that they often slow to a crawl, crash or they consume an entire house-holds worth of bandwidth which will result in degraded performance of other computers. Just like the point above, this frustration will lead many users to abandon use of their computers or waste money on having their computers repaired.
- Lost emails. A direct result of SPAM is the loss of legitimate and valuable emails.
- Accidental Deletion. Legitimate emails are often lost in the process of a user repeatedly clicking 'Delete' while clearing their Inbox of SPAM.
- Spam Filters. To combat SPAM, many E-mail service providers filter incoming email for SPAM & Virii. It is unrealistic to believe that SPAM filters will never accidentally tag a legitimate email as spam. When this happens, either the email will be discarded by the E-mail providers servers or the message will wind up in the Spam-folder where it may get discarded before the end-user can review it and realize that it was not spam.
- Wasted time & productivity. According to a Linux News article, Spam costs $20Billion - yes billion - each year in lost productivity and that spam costs enterprises between $600 and $1,000 each year for every user.
- ISP, Backbone, Network Administrator & Servers effects. Unquestionably, SPAM has caused a huge headache for network operators of all types. Throughout the internet chain, from the Email service provider to the backbone providers SPAM is costly.
- Web Hosting providers & E-mail service providers are forced to setup spam & virus filtering systems to protect their end-users. For large web hosting companies, ISPs and enterprises this means the additional overhead of purchasing dozens, hundreds or even thousands of spam scanning servers as well as the additional overhead & staff time of managing all these systems.
- ISPs (ie residential DSL/Cable modem providers as well as enterprise connectivity providers) and network backbone operators are forced to expand their network to carry the new deluge of spam & virii. Hijacked computers can easily send out thousands or tens of thousands of SPAM/Virii emails each day. Having to deal with this extra (unwanted) network traffic, ISPs will raise their rates - because even if you are not using your internet connection, your hijacked computer sure is.
- System / Network Administrators. In addition to end-user or employee assistance, help desks & system administrators now have to worry about finding infect computers, cleaning infected computers and educating end users about safe computer practices. It takes valuable time for a network administrator to locate infected machines (most often because of inadequate logging or firewall policies).
- Web Hosting Companies. Insecure sendmail scripts are now exploited thousands of times on a daily basis to send spam. Often times this results from customers running an old version of a publicly available PHP or Perl script. What is alarming is that spammers are now starting to exploit custom written mailing scripts - using search engines to find email forms and then testing them each individually for vulnerabilities. This shows extreme dedication on the part of the spammers - they are testing custom written, unknown scripts form vulnerabilities and exploiting them. It has now become the web hosts job to location insecure scripts and notify customers. Large-scale exploitation of insecure scripts can endanger a web hosts standing with ISPs or even get their email servers listed on public black lists such as SPEWS or SORBS - resulting in a portion of the internet not accepting email from customers on those servers.
A real life analysis
Figure 1.
The above graphic is an image of data collected from just one in-bound spam filtering server that we run for our web hosting customers. This one server was processing over 100,000 spam emails per day at its peak. Spam is not a minor issue for ISPs, email service providers or web hosts - the infrastructure required to support the weeding out of spam and viruses is expensive and time consuming to operate/update.
Later on in this post I will go into detail about how we cut down the amount of spam that our servers had to process by checking a connecting computers IP address before accepting email from them.
Fighting Back There are many ways that we can fight back against the spammers.
- End User Education. There would be no spam if end-users didn't actually open them or respond to them. The economics of running spam networks and operations require that at-least a small portion of the spam recipients act on or open spam emails.
Network administrators and computer-savvy 'nerds' must start to educate the end users as to the danger of clicking on unknown popups, downloading unknown files and not updating their computer because these direct actions result in the compromising of their computers. A single click by an uneducated end user can cause havoc for system and network operators. End-users must also be taught never to reply to spam - replying will only let them validate your email address. It is also important to note that simply by opening a spam email, spammers can validate your address. Spammers will often place unique hidden (or visible) images or code in emails that will identify you as having seen the images or run the code. tip: set your email reader not to show images in emails unless you specifically allow it.]
- Spam Filtering. Email providers and web hosts are increasingly successful at filtering spam from ever reaching their end-users inboxes. Personally, I've seen the results of AOL's spam filtering and I'm very impressed. Probably one or two junk emails will get through each day - for someone who checks their email once a month, that could mean 30-60 junk emails - and that would be terrible.
Email service providers are becoming increasingly efficient at keeping spam out of their end-users inboxes. Software such as SpamAsassin can be run server-wide and help filter out unwanted emails. DNS Black lists such as Sorbs, SpamCop and spamhaus can help your server to filter out connections from unwanted IP addresses (computers which are hijacked, vulnerable etc). The problem with these methods for combating spam is simply that it requires more cpu & processing power. Checking black lists and running SpamAssassin or ClamAV (free Linux virus scanner) requires a large amount of resources, which cost money.
A powerful & effective spam & virus Protection system can be built at the Web Host / E-Mail provider level with free software. Incoming email servers should always run a combination of:
- DNS Black list checks - SpamCop(.net), Sorbs(.net) etc.
- SpamAssassin(.org) Spam-filter
- ClamAV(.net) Virus Scanner
These 3 tools can be integrated separately into common email servers such as SendMail or you can use a package such as MailScanner to tie all3 systems together.
If you look at Figure 1. (above), you can see that when Elite Hosts started to implement RBL (real time block lists - aka DNS Block lists, a few examples given above), the amount of spam that just one of our many incoming email servers processed fell from around 60,000 messages per day to around 2,000 messages per day! If that is just from one server, imagine how much processing power we saved across all of our incoming email servers.
Another 3 useful, but lesser used technique for combating spam on the server-level are:
- Require reverse DNS Requiring connecting machines to have reverse DNS will allow you to easily identify connecting servers. You can then use these results to block certain domains from sending to your email servers. For example, with the exception of their email servers, we block connection attempts from any computer with a hostname ending in comcast.net that is not a static email server. Figure 1 (above) shows that requiring reverse DNS reduced the spam messages per day processed on one server from around 2,000 to 1,000
- Sender Call-Back. This is one anti-spam mechanism that is used by CPANEL. The mail server will connect to the email server of the domain in the From: address and check whether or not the sending address is a valid email address. This can help to filter out spam from those spammers who are just too lazy (or dumb?) to send you email from non-existent email addresses or domains.
- SPF. This is controversial technique for verifying the sender of an email. SPF has become controversial because it uses the DNS TXT record of a domain to specify valid servers which are allowed to send email for a domain. In my opinion, loss of the (rarely used) TXT record is a good exchange for the benefits. SPF is more of an anti-fishing tool than an anti-spam tool. SPF simply looks up the domain of the sender and verifies that emails are coming from an accepted server. This means that if you receive an email from billing@paypal.com, an SPF capable email server will ask PayPal if the computer sending spam is in-fact a valid email server that is allowed to send email from the domain. The thought behind SPF is excellent - verifying that connecting servers are sending email from domains that they are responsible for - however some argue about the implementation and the use of the TXT record.
Bottom Line: If SPF stops phishing attacks from reaching end users (which it does!), then it is a step in the right direction. This will not eliminate spam, but at-least it will protect uneducated users from replying to billing@paypal.com with their PayPal passwords.
In order for SPF to be really effective, it needs to see more wide-spread usage - major companies (AOL, eBay, PayPal) already publish SPF records, but email servers need to start checking those records.
The Future of Spam
Spammers are not stupid. Like many other things in life, Spammers will adapt and change with the times.
Spammers are not oblivious to spam filters - to the contrary, spammers will work day & night to craft email messages that receive low scores on spam filtering systems. Spammers are increasingly shifting to image-based spams so that Spam-Filtering software can't find the key words and phrases that it needs to tag the messages as spam.
Anti-Spam companies are also fighting back - working to develop software that will recognize spam text in image-based spam emails and other advanced modules to help stay in-step with the spammers.
Spammers are also diversifying, experimenting with new mediums such as Instant Messages and Blogs. I have yet to receive an IM Spam (I hope that this doesn't Jinx it), but I can imagine how upset I will feel when my private IM space is invaded by a new IM window from a spammer. Spammers are also moving to blogs, forums & community systems. Spammers are creating automatic scripts that post their customers products URLs in blog comments, forum posts and more. Just like the email anti-spam companies are fighting back, these communities are coming up with methods to block this automated spam - image captchas, audio passwords and other interesting methods.
Conclusion & Summary
Unfortunately, it looks like spam is here to stay - wasting our valuable time, money and resources. There are many things that we can do to retake our inboxes and put spammers out of business:
- Better end-user education
- Better legislation to prosecute spammers
- Better programmer education - teaching programmers how to write secure scripts that send email
- Residential & Small Business ISPs should block outbound SMTP port 25 by default (with the option to enable it upon request)
- Microsoft, the provider of over 95% of the worlds desktop system, has to have stronger security built into their products. How is it acceptable that 1 click can cause a program to download an take over your computer? How is it acceptable that an un-updated Windows installation can be compromised within minutes of being connected to the internet? It is excellent that Microsoft has now decided to focus on security, but it might be too late. For the last few years, Microsoft has been handing their customer's computers to hackers.
- Web Hosts & Email service providers should install spam scanning software, use spam black lists, check for phishing via SPF & implement other common-sense methods for reducing spam, fishing & virus attacks. If web hosting companies & email providers could stop spam from being delivered to their end-users, spammers would make no money and simply disappear.
Hopefully we can take back the Internet and provide an amazing, worry-free & frustration-free experience for our end-users.
ThinkHost $30.00 OFF CouponWed, 28 May 2008 16:57:46 +0000
Our partner website “Web Hosting Resource Kit” has just released an exclusive coupon for ThinkHost web hosting. As this coupon is exclusively reserved for visitors of The Web Hosting Resource Kit, we cannot present you the coupon code, but we can certainly direct you to the web page that carries this ThinkHost Discount coupon.
ThinkHost ...]
How to Transfer Your Web Site to a New Web Hosting ServiceMon, 05 Feb 2007 08:00:46 +0000
How to Transfer Your Web Site to a New Web Hosting Service
There are various reasons why an online business owner like you has decided to switch to a new web hosting providers. Your old web hosting provider probably has very poor technical support, or their web server is always down, or may be your old ...]
Installing System Center Essentials 2007Mar 07, 2008 2:49 PM PST
For some time, Microsoft has focused on large enterprises and small business, as evidenced by products such as Small Business Server. The midmarket (500 PCs, a couple dozen servers) has very similar needs as smaller and larger enterprises, but faces unique challenges. Whereas Microsoft provides some specific products for smaller organizationsincluding the aforementioned Small Business Servermidmarket organizations have had to utilize full-fledged enterprise tools often without the benefit of large IT staffs or significant server infrastructures to do so.
Enter the "Essentials" line, which is targeted
at midmarket IT organizations. I'm not sure if all of Microsoft's mid-market
focused endeavors will use the word "Essentials" but so far, this has
been the case. For the monitoring, system management, and software deployment
side of the house, Microsoft has released System Center Essentials 2007. In
this article, I'll explain the purpose and features of this product, outline
its system requirements and limitations and walk through a sample installation.
Featured virtual server Items
AN Hosting was created in early 2001 by a two man team and expanded at an
amazing rate. In 2005 it was acquired by midPhase and jointly they now host over
150,000 domain names on a modern network comprised of over 1,000 servers.
AN Hosting has followed the trend of many modern hosting providers by only
offering one standard plan to all its users. This does present many advantages
like better customer support and superior client satisfaction seeing as the
hosting provider specializes in only one unique product instead of a wide range
of services. Needless to say that any customer requiring a more tailor made
solution will have to look elsewhere.
Currently the hosting plan offers a robust 500gb disk space, 5000gb of bandwidth
and the possibility to host an amazing 40 domains. Setup is currently free but
this can be expected from most hosting providers nowadays. Other specs include
unlimited e-mail accounts, MySQL databases and sub domains. All hosting accounts
come equipped with the Fantastico manager which permits for one click install of
various popular scripts like Wordpress, Mambo, OScommerce, Sub Dreamer and
b2evolution just to name a few.
Prices vary considerably depending on the payment plan preferred. When paying
for six months the price will be $8.95mo whilst when opting for the 48 moth plan
the price is reduced to only $4.95mo. This is great for customers looking for
long term solutions but the same cannot be said for whoever can�t afford the
$237.60 needed for the upfront payment. Please keep in mind that when ordering
the six month payment plan there is an extra $21.90 fee for the domain, with all
the other options this is totally free.
The site is extremely easy to navigate which is a breath of fresh air when
compared to other hosting companies that chose fill their sites with useless
clutter and promotional offers that only confuse the customers. With AN Hosting
purchasing a hosting plan is simple and an extremely straight forward experience
with no distractions along the way. Furthermore their customer support is
exemplary and receiving a reply to any inquiry generally only takes a few
minutes.
When it comes to payment options presented AN Hosting does require some
improvements. They only accepted form of payment consists of major credit cards
which represents a significant drawback especially for those that do not have
one of the credit cards required. Most hosting providers offer other options
including Paypal payments which has become the industry standard. In our opinion
this is a very negative feature that should be rectified especially if AN
Hosting wishes to cater for international customers.
anhosting.com is an excellent solution for customers that have some previous
hosting experience and are in the market for a stable, long term solution. On
the other hand, people requiring cheap hosting with the option of monthly
payments will have to look someplace else. Either than that AN Hosting is a
trusted hosting provider with many years of experience and an impeccable track
record.
Click Here to go to
anhosting
website.
We felt that virtual server demanded more recognition than it is presently getting. So we had decided on writing on virtual server. Enjoy it.
#
This Week's Best Sellers!
host gator dedicated
host gator dns
host gator domain
host gator email
web site hosting review | web site hosting reviews
Labels: cheap web hosting reviews | cheap web hosting services | cheap web hosting solution | cheap web hosting with