SEO Hosting FAQFlexible SEO Hosting – Pay only for what you need!

What is the right way to send bulk e-mail?

April 17th, 2014

This is intended only as a basic outline of what it takes to manage a legitimate bulk e-mail list. Seek expert advice from appropriate companies and consultants for a more complete understanding of the complicated issues of legitimate bulk e-mail. Remember, all bulk e-mail must be opt in, otherwise it is unsolicited. And Unsolicited Bulk E-mail (UBE) is spam!

1. Address acquisition – Make sure it’s Opt In. E-pending is not Opt In. If the recipient didn’t ask for it in the first place, the rest of the list management processes are irrelevant. While various transactions and business relationships can infer permission, if there’s any doubt, or for any on-going bulk e-mail relationship, closed-loop Confirmed Opt In (COI) is the gold standard for verifying permission, in use since about 1996. Some examples of software which use COI include Majordomo-2, EZMLM, Mailman, and Lyris.

For more on COI, see:

• http://www.spamhaus.org/whitepapers/mailinglists.html

• http://www.spamhaus.org/whitepapers/permissionpass.html

• http://www.spamhaus.org/news.lasso?article=635

2. Truth in advertising - State your policies and the nature of the bulk e-mail at the point of subscription. Tell the subscriber what to expect: how often, how big, what kind, what topics and content, etc. Don’t hide information about the subscription on remote pages, behind hyperlinks, or buried in jargon, legalese, and obfuscation.

3. Identify your company properly in the message itself and in Internet records. Use properly registered domains with working mail and web addresses. Every domain you use should identify your company and lead to a website identifying your company. Don’t hide behind ever-changing mazes of domains (snowshoe spamming). Anonymized whois records just shout “hey, I’m trying to hide something!” So does using only an image for your name and address in the mail. Use proper SPF records and DKIM signatures. Stand behind every message you send saying “we sent that mail and we accept responsibility for sending it.” Make your online identity as solid as a brick-and-mortar business.

4. Maintenance - Keep your list current! Remove unsubscription requests and bounces promptly, as close to real-time as possible, no later than the same day. Mail the list at regular intervals. Unmailed lists provoke high complaint rates when they reactivate, even from truly opt-in addresses. Addresses “churn” over time, that is, they are abandoned or re-used. For most commercial lists, mail at least once per week and remove any address with three sequential bounces, or with sequential bounces for more than two weeks.

5. Bounce processing - Respect what the recipient’s server tells you. SMTP “5xy” codes mean “No!” Bouncing your mail off the filters but showing up in the logs, or resuming spamming after filter rules come down, is a sure-fire way to really annoy server operators and mailbox owners alike. Addresses being converted to spamtraps will typically reject (5xy) all deliveries for about six months…you certainly don’t want those on your list so make sure they bounce off!

Similarly, a receiver’s TEMP FAIL response (4xy) should be respected by your server. All standards-compliant servers will automatically retry such deferred deliveries at increasing time intervals. Generally retries cease and the message is considered undeliverable after 5 days. The interval before pruning a deferred address from your list is usually longer and takes more bounces than a hard “5xy” rejection, but eventually such addresses should also be retired from your list.

6. Unsubscription must work! Promptly. And for all the bulk mail you’re sending to that address. It must work via e-mail (include correct info in headers) and many subscribers also appreciate a web link included in message body. Sign up for feedback loops, and consider that abuse reports may indicate more serious problems than can be fixed by simply unsubscribing the reporting address. Some jurisdictions also require unsubscription via snail-mail. Basically, if someone wants off your list, help them with their request no matter how they ask.

7. Concurrency - Respect the receiving server’s SMTP dialogue. If it says pipelining allowed, give it what it wants. If it says “try again later” (4xy), don’t despair, let your server queue the message and do what good servers are supposed to do. If it accepts a bit slowly, throttle back your server so as not to flood smaller sites. Opening up lots of threads to a slow server is an excellent way to get tarpitted and blocked. (Good servers do all that stuff by default, automatically.)

8. Seek expert advice! There are highly qualified delivery consultants and some who aren’t so qualified; buyer beware. Ask your ISP for advice. Consider using a reputable E-mail Service Provider (ESP) to send your mail and manage your lists. If any delivery consultant is not aware of the terms and problems in this very brief outline, or if they make promises that they can get you “whitelisted” at ISPs, well, again, caveat emptor! (No one but Spamhaus decides what IPs we list or remove from our lists. The only way to be removed is to fix the spam problem that caused the listing.)

http://tinyurl.com/kda37

Info provided by The Spamhaus Project

Important Doc to read for Email Marketing Companies:
Yes. All firms engaged in marketing via email should read the following documents:

The Definition of “Spam”

http://www.spamhaus.org/definition/

Responsible Mailing Lists -vs- Spam Lists

http://www.spamhaus.org/whitepapers/mailinglists/

Permission Pass – How to rescue your mailing list

http://www.spamhaus.org/whitepapers/permissionpass/

What is the right way to send bulk e-mail?
http://www.spamhaus.org/faq/section/Marketing FAQs#214

“Role Accounts” & “Feedback Loops”
http://www.spamhaus.org/faq/section/ISP Spam Issues#119

Email Marketing Best Practice Document

http://www.m3aawg.org/sites/maawg/files/news/MAAWG_Senders_BCP_Ver2a-updated.pdf

Crystone Makes Hosting Simple!

April 16th, 2014

Magazine-Ad

WordPress 3.9 Release Candidate 2

April 16th, 2014

The second release candidate for WordPress 3.9 is now available for testing.

If you haven’t tested 3.9 yet, you’re running out of time! We made about five dozen changes since the first release candidate, and those changes are all helpfully summarized in our weekly post on the development blog. Probably the biggest fixes are to live widget previews and the new theme browser, along with some extra TinyMCE compatibility and some RTL fixes.

Plugin authors: Could you test your plugins against 3.9, and if they’re compatible, make sure they are marked as tested up to 3.9? It only takes a few minutes and this really helps make launch easier. Be sure to follow along the core development blog; we’ve been posting notes for developers for 3.9. (For example: HTML5, symlinks, MySQL, Plupload.)

To test WordPress 3.9 RC2, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip). If you’d like to learn more about what’s new in WordPress 3.9, visit the nearly complete About screen in your dashboard ( → About in the toolbar) and also check out the Beta 1 post.

This is for testing, so not recommended for production sites—yet.

cPanel-EasyApache 3.24.15

April 10th, 2014

SUMMARY
cPanel, Inc. has released EasyApache 3.24.15 with FCGI version 2.3.9 and PHP versions 5.5.10 and 5.4.27. This release addresses the FCGI vulnerability CVE-2013-4365 with fixes to a possible heap buffer overwrite issue, and the PHP vulnerability CVE-2013-7345 with fixes to bugs in the fileinfo module. We encourage all FCGI users to upgrade to FCGI version 2.3.9, and all PHP users to upgrade toPHP version 5.5.11 or PHP version 5.4.27.

AFFECTED VERSIONS
All versions of FCGI versions before 2.3.9.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2013-4365 – MEDIUM

FCGI 2.3.9
Fixed a possible heap buffer overwrite issue related to CVE-2013-4365.

AFFECTED VERSIONS
All versions of PHP version 5.5 before 5.5.11.
All versions of PHP version 5.4 before 5.4.27.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2013-7345 – MEDIUM

PHP 5.5.11
Fixed bug in the file info module related to CVE-2013-7345.

PHP 5.4.27
Fixed bug in the file info module related to CVE-2013-7345.

SOLUTION
cPanel, Inc. has released EasyApache 3.24.15 with FCGI version 3.2.9, and the updated versions of PHP 5.4 and 5.5 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest versions of FCGI and PHP automatically. Run EasyApache to rebuild your profile with the latest version of FCGI and PHP.

REFERENCES

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4365

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7345

https://www.apache.org/dist/httpd/mod_fcgid/CHANGES-FCGID

http://www.php.net/ChangeLog-5.php#5.4.27

http://www.php.net/ChangeLog-5.php#5.5.11

cPanel TSR announcement

April 1st, 2014

cPanel TSR-2014-0003 Announcement
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.
cPanel has rated these updates as having security impact levels ranging from Minor to Critical.
Information on cPanel’s security ratings is available at http://go.cpanel.net/securitylevels.
If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.
RELEASES
The following cPanel & WHM versions address all known vulnerabilities:
* 11.42.0.23 & Greater
* 11.40.1.13 & Greater
* 11.38.2.23 & Greater
The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net.
SECURITY ISSUE INFORMATION
The cPanel security team and independent security researchers identified the resolved security issues. There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time.
Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issues. This Targeted Security Release addresses 47 vulnerabilities in cPanel & WHM software versions 11.42, 11.40, and 11.38.
Additional information is scheduled for release on March 26th, 2014.
For information on cPanel & WHM Versions and the Release Process, read our documentation at:

http://go.cpanel.net/versionformat

For the PGP signed message, please go to: http://cpanel.net/wp-content/uploads/2014/03/TSR-2014-0003-Accouncement.txt

cPanel-EasyApache 3.24.14 / Apache version 2.2.27

April 1st, 2014

SUMMARY
cPanel, Inc. has released EasyApache 3.24.14 with Apache version 2.2.27. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.2.27.

AFFECTED VERSIONS
All versions of Apache version 2.2 before 2.2.27.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-0098 – MEDIUM

Apache 2.2.27
Fixed bug in the mod_log_config module related to CVE-2014-0098.

CVE-2013-6438 – MEDIUM

Apache 2.2.27
Fixed bug in the mod_dav module related to CVE-2013-6438.

SOLUTION
cPanel, Inc. has released EasyApache 3.24.14 with updated version of Apache version 2.4 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest version of Apache automatically. Run EasyApache to rebuild your profile with the latest version of Apache.

REFERENCES

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6438

http://httpd.apache.org/docs/trunk/new_features_2_2.html

cPanel-Apache 2.4.9 / EA 3.24.13

March 21st, 2014

SUMMARY
cPanel, Inc. has released EasyApache 3.24.13 with Apache version 2.4.9. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.4.9.

AFFECTED VERSIONS
All versions of Apache version 2.4 before 2.4.9.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-0098 – MEDIUM

Apache 2.4.9
Fixed bug in the mod_log_config module related to CVE-2014-0098.

CVE-2013-6438 – MEDIUM

Apache 2.4.9
Fixed bug in the mod_dav module related to CVE-2013-6438.

SOLUTION
cPanel, Inc. has released EasyApache 3.24.13 with updated version of Apache version 2.4 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest version of Apache automatically. Run EasyApache to rebuild your profile with the latest version of Apache.

REFERENCES

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6438

http://httpd.apache.org/docs/trunk/new_features_2_4.html

cPanel 11.42 Now in STABLE Tier

March 18th, 2014

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.42, which is now available in the STABLE tier.
cPanel & WHM version 11.42 offers a brand new theme, an upgrade to Horde Groupware Webmail, and more.

Paper Lantern Theme
As part of 11.42, cPanel & WHM introduces Paper Lantern, a modern, powerful theme. With its simplified design, beautiful icon set, and thoughtful feature names, this edition of Paper Lantern is only the beginning.

Horde Groupware Webmail Upgrade
cPanel & WHM now uses Horde Groupware Webmail Edition 5.1. This upgrade provides a simple webmail application for all users, regardless of experience level.

Detailed information on all cPanel & WHM version 11.42 features can be found at https://documentation.cpanel.net .* An overview of the latest features and benefits is also available at http://releases.cpanel.net.

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Security Advisories and Product Release Announcements” mailing list here: http://cpanel.net/mailing-lists.

*Please note the updated URL for cPanel & WHM Documentation.

cPanel 11.42 Expected in STABLE Tier

March 17th, 2014

cPanel, Inc. tentatively plans to release cPanel & WHM software version 11.42 in the STABLE tier on March 17, 2014.

cPanel & WHM version 11.42 offers a brand new theme, an upgrade to Horde Groupware Webmail, and more.

Paper Lantern Theme
As part of 11.42, cPanel & WHM introduces Paper Lantern, a modern, powerful theme. With its simplified design, beautiful icon set, and thoughtful feature names, this edition of Paper Lantern is only the beginning.

Horde Groupware Webmail Upgrade
cPanel & WHM now uses Horde Groupware Webmail Edition 5.1. This upgrade provides a simple webmail application for all users, regardless of experience level.

Detailed information on all cPanel & WHM version 11.42 features can be found at https://documentation.cpanel.net. * An overview of the latest features and benefits is also available at http://releases.cpanel.net.

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Security Advisories and Product Release Announcements” mailing list here: http://cpanel.net/mailing-lists.

*Please note the updated URL for cPanel & WHM Documentation.

EasyApache 3.24.12 Release Announcement

March 11th, 2014

SUMMARY
cPanel, Inc. has released EasyApache 3.24.12 with PHP versions 5.5.10 and 5.4.26. This release addresses PHP vulnerabilities CVE-2014-1943, CVE-2014-2270, and CVE-2013-7327 by fixing bugs in the Fileinfo and GD modules. We encourage all PHP users to upgrade to PHP versions 5.5.10 and 5.4.26.

AFFECTED VERSIONS
All versions of PHP 5.4 before 5.4.26.
All versions of PHP 5.5 before 5.5.10.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-1943 – MEDIUM

PHP 5.4.26
Fixed bug in the Fileinfo module related to CVE-2014-1943.

PHP 5.5.10
Fixed bug in the Fileinfo module related to CVE-2014-1943.

CVE-2014-2270 – MEDIUM

PHP 5.4.26
Fixed bug in the Fileinfo module related to CVE-2014-2270.

PHP 5.5.10
Fixed bug in the Fileinfo module related to CVE-2014-2270.

CVE-2013-7327 – MEDIUM

PHP 5.5.10
Fixed bug in the GD module related to CVE-2013-7327.

SOLUTION
cPanel, Inc. has released EasyApache 3.24.12 with updated versions of PHP 5.4 and 5.5 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest versions of PHP automatically. Run EasyApache to rebuild your profile with the latest version of PHP.

REFERENCES

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2270

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7327

http://www.php.net/ChangeLog-5.php#5.5.10

http://www.php.net/ChangeLog-5.php#5.4.26

New to using a VPS? We have 6 Security Tips for you!

February 24th, 2014

SEO Hosting VPS SecuritySo you just got your new virtual private server (VPS) and your are excided about using it BUT you need to be aware of some import tips to help you secure it properly. Your VPS will open you up to a whole new world of possibilities and power. It will also open you up to a new world of security threats. If you are accustomed to having most security issues handled by your shared hosting provider, now might be a good time to learn some basic security tips for your new VPS.

1. Protect your logins - This means using strong secure password and limiting SSH access to only necessary users and disallowing root logins. The ‘root’ account has full control over the entire server, so allowing direct logins as ‘root’ via SSH is one of the biggest security risks. Hackers can brute force a server’s ‘root’ password and when they succeed, they will gain full control over your entire server.

2. Keep Your Software Up-To-Date – Keeping the software up-to-date is one of the most important tasks of securing your server. Everyday, numerous vulnerabilities are found in various linux applications, services and scripts and new fixed versions of them are being released very quickly. Installing the updates on your server is crucial and strongly recommended.

3. Protect your server – This means network firewalls, application firewalls, brute force detection and any other form of protection you can imagine. Take some time and research various preventative measures you can take with your operating system.

4. Monitor everything – A VPS administrator must be proactive. You cannot wait until your web host contacts you with a problem. Unlike shared hosting, this may not happen until it is too late. Setup system monitors and keep an eye on your virtual server.

5. Backup, Backup, and Backup – Backup your server regularly and be prepared for the worst. Test your backups to make sure they actually restore properly.

6. Stop/Disable Unnecessary Services – All Linux distributions usually have many services/daemons configured to start every time you start the server. The more services running on your server, the more ports are being open to potential external break-ins. Disabling unnecessary services can improve the security of your server and even the overall server performance.

To check which services are running on your server execute:
# chkconfig –list

The above command will show the startup status of all services.

To stop a service at startup time you can execute:
# chkconfig –levels off

When you start to think about the huge responsibility a VPS requires, it can be overwhelming, but it is definitely manageable if you have the right tools and a fair amount of education on the topic.

Is WordPress Making MySQL Crash?

February 13th, 2014

It is always frustrating when you go to check out your blog and you get a message saying a “database connection” error has occurred rather than your normal website displaying. Most of the times a simple restart of MySQL will fix the problem. Most problems such as this relate to your WordPress database and can be fixed without much difficulty.

Once you have determined that WordPress is the cause of your MySQL problems, you can usually repair the database tables that might be causing the problem. The first step is to verify each of the table’s integrity.

If you use phpMyAdmin, you can do the following:

1. Click the name of your database on the left-hand side

2. Click “Check All” at the bottom to select all tables

3. From the drop down menu, select “Check table”

4. If you find some tables do not have the status “OK”, choose “Repair table”

5. Select tables again and choose “Optimize table”

This may not fix all database problems, but it is a good place to start if you ever experience any. Normally, WordPress should not make MySQL crash, but it is possible, and if it does then you have a memory issue or even a bigger problem such as an uninvited guest on your server.