Blog Header Banner

Archive for the ‘blog’ tag

Locked out of cPanel Again? Locked out of your Web Site?   no comments

Posted at Oct 21, 2014 @ 9:01am Ask the Expert,Web hosting

cpanelAvid readers of the blog know that I’m a slayer of tickets and protector of the Turnkey Internet realm of support tickets. If you have a support need with your software that you’ve purchased from Turnkey Internet, more than likely, I will be one of the team members who works on your issue. I wanted to write you gentleman and ladies, a post on a support request I see at least once a week if not more. I will start this article off by asking one question. Have you ever been locked out of your house? You walk out the house not thinking about the door, but then you realize that you need to go back into the house to grab your keys. However, the door is locked.

 

What will you do? If you’re a super prepared individual, you may have a spare key laying around somewhere, but if you’re like me, this may not be the case. So, what’s next? Maybe you start thinking, “hmmmm, I wonder if I have any windows unlocked?” You walk around the house hoping, praying, that you have a window unlocked. You soon discover, that you’re a very safety conscious individual and all of your windows are locked? Well, what do you do now? You have no spare key. No windows are unlocked. While that rock on the ground could easily go through the window, do you really want to pay money to get the window repaired?

 

This usually leaves you with no other option then contacting your local locksmith. Pay the ridiculous amount to have them drive out and let you back into your house in a matter of minutes. Now, what if that happens on your server? For the sake of this article, we will assume you have a server, VPS/Dedicated/Cloud, that has cPanel installed. You haven’t changed the password, but all of a sudden you can’t login to your cPanel or WHM anymore. What do you do? Well, if you purchased your services from Turnkey Internet, the quickest way would be to open a support ticket and have one our engineers allow you back in, but what if you’re a do it yourself type of person? Is there a back spare key you can use?

 

Now, just to be clear, I’m not talking about not being able to view your site in a browser, but specifically about your cPanel password, that you’ve not changed, no longer working. You may get the first thought that, holy crap, my account has been hacked. Someone has stolen my password and is slowly but surely stealing all of my data. While yes, this could be a possibility especially if you have an insecure password, e.g. CAT123, but what if you have a secure password. A 12 character password. It’s more less likely that your cPanel password has been stolen and more likely that you’re locked on our your account by cPHulk.

 

It’s very possible that you’ve heard of cPhulk before. For those of you who haven’t, the link below will explain exactly what cPHulk is:

 

http://docs.cpanel.net/twiki/bin/view/11_30/WHMDocs/CPHulk

 

cPhulk is a brute force protection software that is installed by cPanel by default. This little piece of software constantly monitors the server to ensure no one is brute forcing their way into your server. For users who do not know what brute forcing is, please see the link below:

 

http://en.wikipedia.org/wiki/Brute-force_attack

 

To summarize that link, brute forcing is when a hacker tries every iteration possible to login to your account. They start with a dictionary of commonly used username and passwords and attempts to login to your account with each one. This is called a brute force attack and is what cPHulk is written to protect against. However, cPHulk can be a bit over zealous at times and end up blocking you out of your own accounts. So, how do you fix?

 

This fix assumes that you have root access to the server and a SSH client such as Putty to access the server.

 

  1. SSH to your server
  2. Type mysql
  3. Connect cphulkd;
  4. Delete from brutes;
  5. Delete from logins;

 

That will clear all IP’s currently blocked on the server and allow you to login to cPanel/WHM. At which point, you can go to Security Center -> cPHulk Brute Force Protection  and white list your own IP to keep this from occurring in the future. You’ve essentially just become your own cPanel locksmith. If you’re still having issues, you can always open a support ticket with us directly at: https://helpdesk.turnkeyinternet.net/

 

Until next time…

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by Jeremy on October 21st, 2014

Tagged with , , , , , ,

Is your wordpress web site under attack? Over 90,000 hacker bots may be knocking on your door!   no comments

Posted at Sep 12, 2014 @ 9:50am Web hosting

wordpress-site-attackHowdie do Turnkey Lovers,

 

I have a quick question for you, have you ever heard of wordpress? My guess is since you’re reading this blog, you’ve heard of wordpress any may even be using on your own website, but for those who are first time readers, I will give a brief overview. Here is a quick overview from WordPress.org:

 

WordPress is web software you can use to create a beautiful website or blog. We like to say that WordPress is both free and priceless at the same time. The core software is built by hundreds of community volunteers, and when you’re ready for more there are thousands of plugins and themes available to transform your site into almost anything you can imagine. Over 60 million people have chosen WordPress to power the place on the web they call “home” — we’d love you to join the family.

 

WordPress is one of the most popular site building pieces of software currently on the internet. Sure, you have Joomla which is almost the same as wordpress, but has slight differences with its configuration. For this article, however, we will be focusing purely on wordpress. As you can see in the overview above, over 60 million people have chosen to use wordpress  which is quite a large pool of users on the internet. Now, what if someone decided to launch an attack on wordpress based sites? They would have a pretty large base of users to attack and could affect hundreds or possibly, thousands of websites. Well, this attack has already happened and still running at this very instance.

 

On an off for the last few months, A botnet of over 90,000 machines, has been attempting to globally brute force and hack into wp-login.php which is the file that WordPress users use to login to WordPress. The attack is sending thousands of requests at one time to attempt to login to your WordPress installation via wp-login.php in an attempt to gain access to make it part of the growing botnet. To shed some light on what a bonet is, directly from Wikipedia:

 

botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks. This can be as mundane as keeping control of an Internet Relay Chat (IRC) channel, or it could be used to send spam email or participate in distributed denial-of-service attacks. The word botnet is a combination of the words robot and network. The term is usually used with a negative or malicious connotation.

 

Well, you may be wondering, if I have a site on a server with Turnkey Internet, how are my sites being protected?  Since day 1 of the wide scale attacks,  we’ve enabled a server wide ACL that blocks all access to wp-login.php unless the IP is whitelisted. This ACL or access control list, keeps the attack at bay. Due to the fact that the botnet is targeting wp-login.php directly, we can deney all access to users we specifically allow. When the attack runs, our servers return a 403 page and the attack moves on. You may be saying, “Sure, that works, but is there anything that I can do as a client on my end to help relieve the attack?’

 

Listed below is the recommended code that you add to your sites .htaccess file in your public_html folder to add an extra layer of security (you’ll need to edit ‘example.com’ to be the domain you are setting it up on):

 

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteCond %{REQUEST_METHOD} POST

RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php*

RewriteCond %{HTTP_REFERER} !.*example.com.* [OR]

RewriteCond %{HTTP_USER_AGENT} ^$

RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]

</ifModule>

 

This in conjunction with our ACL will prevent the attack from affecting your site(s).

 

Additional recommendations:

-Changing your default admin username for wp-admin to a different username as the attack is specifically targeting the admin username.

 

-Placing a browser-based password on wp-login.php

 

The link immediately below will explain how to do this:

http://codex.wordpress.org/Brute_Force_Attacks#Password_Protect_wp-login.php

 

Additional information about the attack can be found here:

http://blog.skunkworks.ca/brute-force-attack-targeting-sites-running-wordpress/

http://www.inmotionhosting.com/support/news/general/wp-login-brute-force-attack

 

Using the tips we’ve provided above, this will help to keep the attack from affecting your site. It will also increase the security of your wordpress based site as well. We hope this will help all clients and not just those at Turnkey Internet, but any client globally who may be having issues with the wordpress attack on their sites.

 

Until next time

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by Jeremy on September 12th, 2014

Tagged with , , , , ,

Where For Art Thou, Blog?   no comments

Posted at Jan 2, 2012 @ 6:51pm Small Business

One of the most common questions we get from new business owners is whether it is best to host their blog on their own site or on a blog hosting site like WordPress. We typically recommend that business owners host their own blogs, since the cost is low and control is entirely in the hands of the author. However, there are some instances when hosting on a free blogging site makes sense.

When Free is Right

If your budget is tight and you are worried about the learning curve, utilizing a free blogging service may be the right choice for you. WordPress and Blogger are two free hosting services you may consider. Of course, the downside of free hosting is the lack of control. Not only are you stuck with the non-customizable URL, you don’t have complete control of your own content. For a business, having control and security are essential. More on this below.

What’s the Deal with WordPress

As a platform, wordpress has many advantages. It’s customizable, easy to navigate, and has a large community of people sharing tips, troubleshooting tricks and free templates. The problem with hosting a WordPress site on their free service is that they can enforce their “non-commercial-use” policy at a moment’s notice. This means if you use your blog to advertise your own products or include affiliate links, you run the risk of losing your content. The good news is that WordPress is available for free to host on your own site. This means you can take advantage of all the perks of a WordPress site without worrying about the WordPress police. You’ll need your own hosting account for this, but you can often include a WordPress blog on your existing hosting plan. We offer this here at TurnKey.

What is Your Existing Web Presence?

Do you already have a business website? Do you have a presence on the social networks? If your business is already somewhat established online, it’s probably best to host your blog on your own website. The main reason for this is your URL. When you host on your own site, your blog shares the same URL as the rest of your website. This is good for branding and it keeps customers from getting confused. It also means that your blog’s content will help your entire site’s SEO profile. The search engines will index your blog posts as new content, and this will make your site pop up higher in search results.

Do You Already Have Hosting?

If you already have hosting for your website, chances are good you’ll be able to add a blogging platform at no extra charge. If you have a bare-bones hosting plan, you may need to upgrade, but the cost will only increase by a few dollars a month.

Worried About the Learning Curve?

Don’t be. Not only are these platforms designed to be user-friendly, many hosts offer one-click installation. This means you don’t have to know anything at all about how the technology works to start using it.

Learn More

We offer hosting plans specifically tailored to the blogger. If you’re feeling nervous about setting up your first blog, this is a great place to start.
http://www.turnkeyinternet.net/blog-hosting/

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by admin on January 2nd, 2012

Tagged with , , ,

Why Host Your Blog on its Own Domain?   no comments

Posted at Nov 8, 2010 @ 2:58pm TurnKey Marketing

Anyone with a blog faces this conundrum at one time or another. Some people start out with a free blogging service like typepad or blogger, and, as they grow their audience, decide they need their own property. Others start out managing their own blog and get mired in the wordpress updates or spam and bail for a free, fully managed option. Before leaping right in, there are several items to consider when deciding which arrangement is right for you.

What are your Goals?

Are you planning on world domination or is your blog primarily for your friends and family? If you’re aspirations are modest, there is no reason to invest your time and money into a privately hosted blog. On the other hand, if you have loftier goals and think  you might, one day, want to become a pundit or amass a million followers, hosting your own property could pay dividends.

Design

Are you a designer? Does it matter to you to have your blog look just so? With free blogs, you have severely limited options design-wise. You can pick colors and templates, but you can’t go much beyond that. If you want to design your blog from the ground up, a privately hosted blog is right for you.

Maintenance

How good are you at computers? Do you understand how to configure a database? Do you understand PHP, blog software installation stuff or server-side configurations? None of this is particularly difficult, and it is very possible to learn it all with a little elbow grease. But, if you haven’t got the time, or don’t want to be bothered, a free blog is the best choice.

Branding

Generally, a blog with its own memorable domain name is much more brandable than a free blog domain (that includes .typepad or .wordpress within the URL). A private domain projects a professional image and sticks in people’s minds. Name your blog something clever to really capitalize on the memory factor. If you have big dreams, think about the promotional materials and business cards you may use in the future. Your own domain will look smashing on both.

Making Money

If your blog is popular, you can sell ads and make money, regardless of what format your blog happens to be in. Arguably, advertisers may be more inclined to take you seriously with your own domain name, but numbers talk. If you have the traffic, they’ll be interested.

Ready to Get Started?

If you’ve decided on hosting your own blog with your own domain name, look no further than TurnKey Website.

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by admin on November 8th, 2010

Tagged with , , , , ,

Blog Hosting from TurnKey Internet   no comments

Posted at Oct 26, 2010 @ 3:52pm News

These days blogging is a ubiquitous tool for businesses, but it isn’t always easy to get started. Many free platforms don’t offer the ability to use your own domain name, leaving you to give out amateurish addresses to business clients, while do-it-yourself programs present a steep learning curve without much in the way of style. With TurnKey Blog Hosting, we are fulfilling this obvious need by providing a ready-made blogging solution that is adaptable, robust and professional. As a blogger myself, I know how frustrating it can be to find a platform that meets my two most basic and important needs: good looks, works.

Functionality

TurnKey Blog Hosting offers incredible functionality with quick, customizable templates that are sleek and easy to use. You can use your own domain name so your clients will see your blog as an integral part of your company’s identity and brand. Set up takes about 90 seconds, and you can fully customize your blog to match your existing website. Choose from hundreds of templates and themes, migrate content easily from other blogging platforms like Blogger, Typepad and Livejournal and enjoy complete administrative control for managing access and permissions. TurnKey Blog Hosting also offers state-of-the-art SPAM filters to prevent junk from clogging up your comments. On top of all that, you can monitor your site’s statistics with our webstats program, and take advantage of email via your blog hosting account.

SEO

The other critical element of a successful blog is search engine optimization (SEO). With the constantly changing SEO rules (thanks, Google), optimizing your blog can be a full-time job. Thankfully for all of us, WordPress offers many wonderful plugins and add-ons for automating the optimization process. If you were managing your own blog hosting, you would need to configure your wordpress to integrate these tools, keeping up with security updates, patches and alerts. With TurnKey Blog Hosting we do all of this for you. We have researched the best plugins for SEO to drive the maximum amount of traffic possible to your blog. With our optimized configuration, your blog will be poised to ensnare each and every spidery Google tendril.

What TurnKey Does for You

Our goal is always to provide easy, ready-made “turnkey” solutions that don’t require any technical expertise on the part of our clients. At the same time, all of our products are enterprise-class, professional, sleek, and top-of-the-line. We always try to put ourselves in the position of our business clients. We ask ourselves: “if I were a small business owner looking for an affordable, easy, professional solution, what would work best for me?” When it comes to blogging, TurnKey Blog Hosting is our answer to that question, and we couldn’t be happier with the result. We hope you will try it out for yourself and explore the many ways a TurnKey Blog can enhance the image of your business while driving traffic to your website.

Learn more!

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by admin on October 26th, 2010

Tagged with , , , ,