IT Security Insiders: Expect an Escalation in DDoS Attacks for Duration of 2017

4GHadmin | 31 July 2017

The long and short of it is that Internet security will always be a forefront topic in this industry. That’s a reflection of both the never-ending importance of keeping data secure given the predominance of e-commerce in the world today and the fact that cyber hackers will never slow in their efforts to get ‘in’ and do harm in the interest of making ill-gotten financial gains for themselves.

So with the understanding that the issue of security / attacks / preventative measures is never going to be moving to the back burner, let’s move forward to discuss what the consensus among web security experts is – namely, that DDoS Attacks are likely to occur at an even higher rate than previously for the remainder of 2017.

Here at 4GoodHosting, in addition to being one of the best web hosting providers in Canada we’re very active in keeping on top of trends in the Web-based business and design worlds. as they tend to have great relevance to our customers. As such, we think this particularly piece of news is worthy of some discussion.

Let’s have at it – why can we expect to see more DDoS attacks this year?

Data ‘Nappers and Ransom Demands

As stated, IT security professionals predict that DDoS attacks will be more numerous and more pronounced in the year ahead, and many have started preparing for attacks that could cause outages worldwide in worst-case scenarios.

One such scenario could be – brace yourselves – a worldwide Internet outage. Before you become overly concerned, however, it would seem that the vast majority of security teams are already taking steps to stay ahead of these threats, with ‘business continuity’ measures increasingly in place to allow continued operation should any worst-case scenario come to fruition.

Further, these same insiders say that the next DDoS attack will be financially motivated. While there are continued discussions about attackers taking aim at nation states, security professionals conversely believe that criminal extortionists are the most likely group to successfully undertake a large-scale DDoS attack against one or more specific organizations.

As an example of this, look no further than the recent developments regarding Apple and their being threatened with widespread wiping of devices by an organization calling itself the ‘Turkish Crime Family’ if the computing mega-company doesn’t cough up $75,000 in cryptocurrency or $100,000 worth of iTunes gift cards.

A recent survey of select e-commerce businesses found that 46% of them expect to be targeted by a DDoS attack over the next 12 months. Should that attack come with a ransom demand like the one above, it may be particularly troublesome for any management group (given the fact that nearly ALL of them will not have the deep pockets that Apple has)

Further, the same study found that a concerning number of security professionals believe their leadership teams would struggle to come up with any other solution than to give in to any ransom demands. As such, having effective protection against ransomware and other dark software threats is as important as it’s ever been.

Undercover Attacks

We need to mention as well that these same security professionals are also worried about the smaller, low-volume DDoS attacks that will less 30 minutes or less. These have come to be classified as ‘Trojan Horse’ DDoS attack, and the problem is that they typically will not be mitigated by most legacy DDoS mitigation solutions. One common ploy used by hackers is to employ a Trojan horse as a distraction mechanism that diverts guard to open up the gates for a separate, larger DDoS attack.

Citing the same survey yet again, fewer than 30% of IT security teams have enough visibility worked into their networks to mitigate attacks that do not exceed 30 minutes in length. Further, there is the possibility of hidden effects of these attacks on their networks, like undetected data theft.

Undetected data theft is almost certainly more of a problem than many are aware – and particularly with the fast-approaching GDPR deadline which will make it so that organizations could be fined up to 4% of global turnover in the event of a major data breach deemed to be ‘sensitive’ by any number of set criteria.

Turning Tide against ISPs

Many expect regulatory pressure to be applied against ISPs that are perceived to be insufficient in protecting their customers against DDoS threats. Of course, there is the question as to whether an ISP is to blame for not mitigating a DDoS attack when it occurs, but again it seems the consensus is that it is, more often that not. This seems to suggest that the majority would find their own security teams to be responsible.

The trend seems to be to blame upstream providers for not being more proactive when it comes to DDoS defense. Many believe the best approach to countering these increasing attacks is to have ISPs that are equipped to defend against DDoS attacks, by both protecting their own networks and offering more comprehensive solutions to their customers via paid-for, managed services that are proven to be effective.

We are definitely sympathetic to anyone who has concerns regarding the possibility of these attacks and how they could lead to serious losses should they be able to wreak havoc and essentially remove the site from the web for extended periods of time. With the news alluded to earlier that there could even be a worldwide Internet outage before long via the new depth and complexity of DDoS attacks, however, it would seem that anyone with an interest in being online for whatever purpose should be concerned as well.

0

Multiple Domains for the Same Company: Yea, or Nay?

4GHadmin | 17 July 2017

You’ll find many business owners (or their e-commerce shot callers) that are proponents of having multiple domains for a single venture. Others will insist it’s an unnecessary expenditure if you utilize and position for your single domain with maximum effectiveness. For the average person, being able to make the correct determination here may well be beyond what they’re able to objectively determine, so let’s spend a little time this week to help those of you asking ‘is it better to have multiple domains and websites for a business?’

Here at 4GoodHosting, it’s our mix of solid hosting, competitively priced packages, and excellent customer support that makes us a good Canadian web hosting provider, but we feel another aspect that sets us apart is the level of insight we have into our industry and all of the subject offshoots that come from it that will be of interest to our customers.

Having multiple domains means carrying more than one website for the same company. The general logic is that it’s especially wise to do so if you have a product or service that appeals to different audiences. A site that’s tailored to the viewing / interacting / purchasing preferences of each respective target audience. Typically you will aim to customize the messaging, sales content and collaterals, and other marketing strategies so that they’re more likely to be ‘hooks’ for that demographic.

For example, a website for communications professionals will use a different approach than one for a staffing agency, for example, and this means that so a cross-over product (e.g., copy / scan / fax machines) might prove to be challenging to pitch effectively on a single site. It’s in these situations where the business will often consider having 2 (or more) sites with different domains so as to maximize the effectiveness with which they promote themselves to multiple specific buyer demographics.

From the SEO Standpoint Only

Should you take the decidedly narrow view and only consider search engine optimization (SEO), any reputable SEO expert will advise you that multiple domains can hurt your page ranking. That’s because having several keyword-rich domains pointing to your website is of no real specific benefit. SEO is directed towards a single domain name and will be regulated by site popularity, the volume and type of content featured, keywords located in meta and title fields – not to mention whether or not you’re paying or ‘sponsoring’ your spot in the ‘top 4’ at Google. What’s really most beneficial and should take precedence in your decision making process is taking into account the functionality of the site and how it specifically supports your goals. You should determine very specifically what is the exact role of your website (or sites) when choosing to use more than one URL.

Websites that can be identified as serving a simple purpose, like a portfolio of work for example, will be just fine using multiple pages on the same. Or they should be. If the business model is a little bit more multi-leveled, then considering multiple sites is warranted.

But now let’s have a look at where multiple domains for a website are suitable, and where they’re not. But before that let’s take quick stock of 3 considerations many people may overlook when starting to consider multiple domains:

  1. More work – For starters, each of these sites will require unique content, regular updates, and their own specific SEO optimization. You’ll be spending more time seated in front of the screen, for sure.
  2. Increased costs – Unless you’re going to shoulder all of that increased workload on your own, it’s almost certainly going to cost staff time, tech support, and don’t forget that outside vendors are now going to require a pair of paycheques. Yes, there can be economies of scale for hosting and other services to an extent, but that needs to be weighed against the value added to the goals for the sites.
  3. Organization – You’re going to have to do more as regards regular maintenance and content updates, plus you’ll have to ensure your marketing messages are consistent across all platforms, including the websites themselves.

Multiple Domains are Suitable When..

  1. You Have A Single Business with Diverse Audiences

Most people won’t need to be reminded that 1-size does not fit all when it comes to communicating with different audiences online. Each group has its own set of needs and expectations about how products or services fit their needs. When an array of messages is required, separate sites makes it possible to tailor content as well as approach an individual group.

  1. Your Niche Website Is Designed to Showcase a Specialization

Niche websites always tend to more appealing as compared to large, generic ones. Larger are prone to having too much overlap with a competing site, and this diminishes the likelihood of being able to get the value you need from links. Niche sites are ideal for allowing the kind of specialization that makes them helpful with complementing the information (or services) of other sites.

This in turn can support the development of deep, topic-specific content that then works to make your site a valuable (and linkable) resource. That of course goes a LONG way it you getting what you need out of your website

  1. You Have High Turnover

Name changes are more common in certain industries. An accounting or law firm might change associates or partners, adding new names or removing that of a retiree. In addition, if an affiliation exists with a parent company, such as a broker with being part of a larger umbrella of multiple provincial or regional offices, wholesale changes can result from rebranding efforts and the like. In these and other cases, multiple domain names can be helpful in leveraging an established identity or geographic presence.

  1. You’re Visible in Multiple Countries, with Multiple Languages

Those of you doing business in multiple countries might want to consider having separate sites for each geographic location. Localizing the colors, images, and content to match the social and cultural norms will serve to make your site much more user-friendly. Further, matching local preferences and habits can make it so that the URL is easier to find.

Multiple Domains are Less Suitable When..

  1. Your Challenges in Managing Multiple Domain Sites are Primarily SEO related.

When it comes to page rankings, at the most basic level there is zero benefit to having multiple sites, while there very well could be negatives. Garnering bad links to phishing sites is one example, and if it occurs that requires significant technical troubleshooting.

  1. People Are Have Difficulty Finding You

Most people are inclined to look up a company by name, and that means multiple domain names can make it difficult (or confusing) for a prospect or customer to find what they need.

  1. Your Domain is Less Authoritative Due to Name Changes

Frequent changing of one or more of the domain names can hurt the site’s credibility.

  1. Your Related Expenses are Problematic

As mentioned, the time and money that will be required of your for building and maintenance (including troubleshooting) increase in line with the number of sites you’re maintaining.

  1. You’re Experiencing a Diluted identity

Depending on your brand, separating products and services between different sites could undermine the power and market influence of the company.

  1. You’ve Got Merging Issues

Anyone who’s eyeing a possible merge into a single website will need to keep in mind that the migration needs to be done correctly (and that will come with significant expense).

All this said, it’s entirely true that a single website can support multiple product lines and services, but the catch is that it’s got to be decidedly easy to navigate. That needs to be the primary motivation you’ve got to keep at the forefront in your mind, rather than focusing on the ease or low cost of design maintenance.

So, any feedback? Are you a multiple domain holder for your site(s) based on your type of business interests, or the nature of the business itself? Or is a single domain perfectly sufficient for your needs?

0

Notable Upgrades with Email Hosting on Cpanel and WHS

4GHadmin | 10 July 2017

Being up and open on the information superhighway isn’t a set-it and forget it kind of deal. Every good Canadian web hosting provider will offer their customers what they consider to be the best and most intuitive control panel for site updates when and as needed. Here at 4GoodHosting, we’ve always seen cPanel to be the best choice and recently they’ve made a good thing even better with significant upgrades to their email hosting capacities.

This week let’s talk about some of the awesome features that have been rolled out to make hosting email on a cPanel & WHM server a breeze for webhosting providers, system administrators, and cPanel users.

 

cPanel & WHM Version 58

SubAddressing

SubAddressing (or ‘plus addressing’) refers to the name of an email that incorporates a ‘+’ as part of the destination user. Subaddressing optimizes the filtering of emails out of your inbox without having to configure filters for each sender. It’s definitely useful for system administrators and more standard cPanel users.

You know what it’s like in some instances when you sign up for a user account from any service provider or retailer. You’ll then be bombarded with future ‘offer’ emails and the like, but by using an address like denos+partyrentals@domain.tld to filter them all into a folder named ‘partyrentals’ at my email account denos@domain.tld. Plus you can also track who is sharing your email address with other companies as well with the fact each address acts as a unique one.

One quick thing to note here is you don’t create the folder before you use this address you do have to go to the server and manually subscribe to the new folder.

MDBox

MDBox continues to be a hit with system administrators, and the list of reasons why you should convert from Maildir to MDBox is long.

Both are storage formats used by the mail application on cPanel & WHM servers, called Dovecot. There are more than a few differences between them, but the one that necessitated adding support is that email stored with Maildir uses a simple 1-to-1 format, while MDBox employs what they call a many-to-1 format. For your average Joe cPanel user it makes no difference at all, but for a server administrator it’s something of a big deal. It allows more than one mail message to be stored in a single file for lower inode use, and that lets you enjoy a whole lot faster disk access. Things like backups and account transfers for any cPanel with large email accounts take a fraction of the time, and can be done with minimal server impact.

cPanel & WHM Version 60

SNI Support in Dovecot

cPanel made it a point to be eliminating domain-mismatch SSL as much as possible with the introduction of AutoSSL last year. The idea was to help prevent end-user confusion and reduce support load for webhosts and system administrators. That’s been accomplished by adding SNI support for all services across cPanel, including Proxy Subdomains and common service subdomains. Adding SNI support to Dovecot means that emails users can set up a secure connection to their mail server using their own domain name, with no chance of coming across a mis-matched SSL Domain error that many user will know all too well. No more!

cPanel & WHM Version 62

Email Account Settings

It seemed the primary frustration of end users was when they wanted to check their email outside of the webmail interfaces on the server. Keeping your documentation updated for those users can be a huge resource drain for a Canadian web hosting provider. That starts with the fact that there are a ton of different devices (phones, tablets, laptops, etc) that you and your support team should be fairly familiar with. Then add in the number of native applications (like Mail on MacOS and iOS) and 3rd-party applications (Thunderbird, Outlook, Mailbird, Claws, Opera Mail to name a few) and it becomes a little much.

It’s easy to have the webmail interface send yourself instructions for configuring any cPanel-hosted email account. From there you’ll notice that the email containing instructions also has a mobile configuration file attached to it. Open that mobile config file on your mobile device and that’s pretty much it for the procedure. All you have to do is confirm the settings and enter your password, and just like that the account is set up for you.

More adept users can take this a step further: Add your WHM account login for your server to the cPanel app (for iOS and Android). Then you can login to webmail for any user on your server via your mobile device, and send them the new account setup instructions with ease.

cPanel & WHM Version 64

IMAP Full-Text Search Indexing

IMAP Full-Text Search Indexing is one of those features that’s more sublime in its usefulness and thus appeal for system administrators. The entirety of that is in the way that it delivers incredibly fast search capabilities for all of your email hosted on a cPanel & WHM server over an IMAP connection. As an email user you’ll love how you can search your email so quickly, even if your email is hosted on the server. If you’re not a big fan of folders, it’s pretty darn nice. It comes highly recommended for hecking email on my phone or any iOS device, Microsoft Outlook, SquirrelMail, Horde, Roundcube, and Mozilla Thunderbird.

Quick note: If you didn’t enable SOLR on the upgrade to version 64, you can enable it via the WHM’s Manage Plugins interface (Home >> cPanel >> Manage Plugins), or by running the install_dovecot_fts (full text search) script.

iOS Push Notifications

Another gripe users had had in the past was with the inability to get email in a timely manner from your cPanel & WHM server on an iOS device. As an email user, you are forced to choose between a delay, either that or manually refresh your inbox. cPanel did add the best support possible for android devices in version 54, but didn’t add support for iOS push notifications until version 64.

There’s a lot of manual work that goes into setting up iOS push on a server, and that’s due to Apple requiring extensive configuration. It’s well worth it though, and if you visit cPanel’s website there’s good iOS Push Notifications set up documentation.

cPanel & WHM Version 66

Mail Compression on delivery

Here we are at the latest and greatest from cPanel. This feature promises to be the most exciting to anyone (sysadmin or cPanel user) that is concerned about their email bear hugging up disk space in their cPanel accounts. It has yet to be rolled out yet, but there’s one particular feature of version 66 where they’re adding compression for emailed delivered to your server. It will be compressed as the email is delivered, whether you’re using Maildir, or MDBox, reducing the amount of space needed by any email account on your server. Pairing Compression with MDBox promises to make email hosting blazing fast!

If you’re like us, you love what you do but it’s always best to get away from the desk with updates complete as soon as possible.

0

The Next ‘Disruption’: Artificial Intelligence Set to Explode

4GHadmin | 05 July 2017

Generally speaking, if you’re an information technologies trend that’s given an acronym then you’re a part of the mainstream understanding, or are soon to be a part of it. The latter part of that definitely applies to artificial intelligence. If you’re not explicitly aware of what ‘AI’ stands for, it’s only a matter of time until you do.

Further, if you think that digital assistants like Siri are encompassing the cutting edge of artificial intelligence technology, you’re very much mistaken. They are in fact examples of artificial intelligence, but voice-recognition based software that access the information on the web based on those recognized prompts is but the tip of the iceberg of what’s coming. Nonetheless, they serve as good and fairly commonly recognized examples of the basic premise of AI; you have a source of deductive reasoning integrated into your devices(s) and it goes through those deductions ‘intelligently’, despite being an ‘artificial’ being.

Here at 4GoodHosting, we’re firmly established as a good Canadian web hosting provider, but we’re also keenly interested in staying on top of trends in the digital world that – and particularly ones that are set to make big waves. AI is definitely one of them, so this week we’re going to discuss specific AI applications that are going to be coming to the forefront in a big way over the coming years.

A significant part of the digital revolution circles around the consumerization and digitization of everyday lives. No revelation there. Whether it’s healthcare, education, government, or the corporate world, it’s going digital in a big way and being tailored towards a more consumer-centric acquisition model. Front and centre are cloud computing, virtualization, user mobility, and a good many more of them.

Data is already everything in regards to these trends, and it’s going to be even more so. Driven by the Internet of Things, the average total amount of data created (and optionally stored) by the majority of devices is predicted to reach 600ZB per year by 2020, and that’s even higher than what industry predictions were for this trend just 2 years ago in 2015. Data of course needs to be created first, and it’s in the creation stage that the volume and magnitude of data’s presence is most notable.

What’s notable as well is this data isn’t benign. Instead it’s a conduit to accomplishing something more based on the prerogatives of the user. It carries very valuable pieces of information that is related to users, products, services, and even the entirety of specific business operations as a whole.

So the question becomes – how do you mine this data in the most timely and effective manner, and get the entirety of your defined value out of it?

In advance of our diving further into the topic, it’s important to understand that many organizations and partners are already looking at ways to bring AI further into the market.

Intelligent applications based on cognitive computing, artificial intelligence, and deep learning look to be the next wave of technology that will radically transform how consumers and enterprises work, learn, and play.

These applications are being developed and implemented on cognitive / AI software platforms that offer the tools and capabilities to provide users with recommendations, predictions, and intelligent assistance made possible by cognitive systems, machine learning, and artificial intelligence. Not surprisingly, cognitive / AI systems are quickly becoming a key part of IT infrastructure and the proverbial early-bird enterprises are working to understand and then plan for the adoption and use of these technologies in their organizations.

Get ready for a new working reality where cognitive systems and artificial intelligence across a broad range of industries will be one of (if not the) primary forces driving worldwide revenues from nearly 8 billion dollars in 2016 to more than 47 billion dollars by the time we reach 2020.

Here’s the big point to understand – deploying and implementing intelligent systems that learn, adapt and potentially act autonomously will become the primary battleground for technology vendors and services partners through at least 2020. These technologies will aim to specifically replace legacy IT and business processes where functions were simply executed as predefined instructions. These machines will contextually adapt and help make powerful business as well as IT decisions

And so, here are the most prominent large-scale AI disruptions that will be arriving very soon:

  • Applied Artificial Intelligence and Machine Learning – These technologies can be more explicitly understood to be AI platforms that process data and help make decisions in a more contextually / other-sensitive manner that goes well beyond simple, rule-based, data processing algorithms. Instead, they are able to learn, adapt, predict, and – in some cases – even operate without any human interaction of any sort. Applied AI is going to be found in everything from self-driving cars to consumer electronics.

For example, IPSoft has an engine named Amelia which has every capability of being your very own digital employee. It acts as a learning engine and takes the initiative to monitor data, movements, processes etc. to learn your business, leverages key data points, and overall learn the entirety of the ‘ins and outs’ of what you do. From there, you can deploy Amelia as a cognitive agent capable of taking on the role of a service desk assistant, customer service associate, and even patient entry assistant.

  • Smart Apps Interacting with Data – How impressed would you be if your apps could help prioritize specific functions for you, based on conditions of the market, the customer, or any defined prerogative? Imagine if you could have a very informal conversation and then have your app go back and define important tasks based on that conversation? Smarter applications will leverage data to help transform the way we conduct day-to-day business. In the very near future almost every application dealing with data will come with a machine learning aspect to it.
  • Intelligence and User Augmentation – AI and smart systems will allow users to “double” up on what they’re trying to accomplish. Most of all, we’ll be able to integrate with wearable technologies, various business functions, and even create and orchestrated flow of information based on very specific use-cases. Leveraging AI and machine learning will allow users to function at a much higher level, bringing even more value to their business. This is NOT user replacement… rather it’s augmenting their capabilities and improving all of the processes surrounding their digital work (and home) life.
  • AI-Driven Security – Security is of increasing importance in the digital world, and particular in how it relates to e-commerce operations. AI-driven security architectures will mesh together with IT infrastructures, virtual technologies, user behaviour, cloud analytics, and a whole lot more. There will be a major need for smarter security systems as we merge into a much more complex – and inevitably interconnected – world. Look for these systems to be able to monitor contextual points around users, devices, flow of information, and much more to create intelligent security architectures. It’s going to be very impressive.
  • General Data-Driven IT solutions – These solutions will continue to deliver considerable value to users, as well as enhancing the services they consume and improving how businesses perform various functions within the digital realm. Some will be concerned that these systems are here to replace them, but that’s a shortsighted and off-base concern. The reasonable perspective is to understand that if you embrace AI technology and incorporate it judiciously it has the potential to bring so much more value to your operations and involvement in the digital business world.

There is always a degree of uncertainty and trepidation that’s attached to incoming new technologies that look as if they will thoroughly reinvent many aspects of the working world. Machine learning and AI systems should be welcomed, as they will help augment functions and aid us in making better, well-informed decisions and focus on growing our businesses, making them more streamlined in their operations, and creating better services.

The explosion of AI is definitely on its way, and we for one couldn’t be any more enthusiastic about it!

0