Managed web hosting services, VPS and dedicated servers offered since 2007. WordPress Hosting plans with Daily Backups and e-Mail Accounts. Live ChatSupport Center Customer Login

Commonly asked questions about our products & services

 

Check web server speed, run PING, Traceroute, MTR and other useful commands from our Datacenter

 

1. Web Hosting Basics
 

 

What is Web Hosting?

Web Hosting provides the infrastructure to publish your web site. Our Web Hosting service includes space on a web server to store your web site, bandwidth to send it out to the world, configuration capability to associate your domain name with the web site content, and more.
[Top]
What is shared web hosting?
For shared web hosting, the service provider uses a single web server to serve multiple Web Hosting accounts, instead of providing one web server per Web Hosting account. Shared web hosting is a cost-effective solution for personal and small business web sites.
[Top]

Can I have more than one domain name pointed to my Web Hosting account?
You can have an unlimited number of domain names per Web Hosting account.

[Top]
How soon will my Web Hosting account be ready for use?
If you associate an existing domain name with your Web Hosting account, your web site can go live immediately after your transaction has been successfuly processed and authorized. If you associate your Web Hosting account with a new domain, it may take up to 48 hours before the registry updates its records to resolve the domain name to your web site.

[Top]
Will I have unlimited access to update my web site?
Yes, you can update your web site 24 hours a day, 7 days a week.

[Top]
Will I have my own FTP access?
Yes. You'll log in with the username and password you receive after signing up.

[Top]
If I use your Web Hosting, do you place ads on my web site?
No.

[Top]
I already have a domain. Can I use it with your Web Hosting?
Yes, you can use an existing domain name with your Web Hosting account. Just enter it when you sign up for a Web Hosting plan and then change the Nameserver Records on you Domain Control Panel. You'll receive detailed information after signing up.

[Top]
What kinds of Web Hosting do you offer?
We offer Linux web hosting with on Apache Servers. For the hosting plan details, please view our Web Hosting page.

[Top]
Can I have individual FTP logins for each domain?
Yes, you can have a separate FTP login for each domain name associated with the hosting account.

[Top]
What type of control panel does Web Hosting use?
Our Web Hosting uses industry leading cPanel control panel.

[Top]
Can I use an SSL certificate with Web Hosting?
Yes you can with dedicated IP address purchase.

[Top]
What billing cycle options do you offer?
We offer one month billing cycle.

[Top]
Is there a minimum contract for Web Hosting?
Monthly is our minimum term.

[Top]
What are your Web Hosting content policies?
To view our current Web Hosting agreement, click "Terms of Service" at the bottom of this page.

[Top]

3. Reseller Hosting Guide FAQ
 

New to Reseller hosting? Get answers to your questons from our reseller hosting gude below. If you have furthur questions don't hesitate to contact us.

 

 

What is reseller hosting?
Reseller hosting provides you with the ability to create individual subaccounts from the allotted disk space and bandwidth of your main account. You remain in complete control by setting the amount of space and bandwidth each subaccount receives. The number of individual hosting accounts (subaccounts) you can create depends solely on your purchased reseller plan. EURO-SPACE offer plans allowing you to create UNLIMITED accounts and each account get it's own cPanel control panel.

[Top]
Do I have to resell hosting to purchase a reseller plan?
You do not have to resell hosting to purchase a reseller account. You can use a reseller account to host your own websites or be generous and offer hosting to your friends and family with their own control panel.

[Top]
What are the advantages of reseller hosting?
If you're a webmaster/developer you can host and manage all your websites under one reseller account for one price instead of paying your hosting provider for multiple shared hosting accounts. Additionally, you can resell hosting as a value added feature to your existing business or as a separate entity.

[Top]
What is private label reseller hosting?
Private labeling provides the reseller who wishes to resell web hosting with complete transparency from the parent hosting company. Should you wish to start your own hosting company all traces of our company is completely removed so your customers will never know we exist. We accomplish this by using a privately registered domain name for our nameservers, anonymous server name, and anonymous ip whois. In addition, you have the option of using your own nameservers such as ns1/ns2.yourdomain.com.

[Top]
How do I manage my reseller hosting account?
All reseller hosting accounts come with two seperate control panels. WHM (WebHost Manager) is the administration control panel and cPanel is the end user control panel. 

WHM allows you to completely manage and create all subaccounts giving them each their own cPanel. Some functions you can perform with WHM include: 

* Create and manage all subaccounts. 
* Ability to limit subaccount's disk space. bandwidth, emails accounts. 
* Email all subaccount users. 
* Change subaccount users' passwords. 
* Check server status. 

cPanel is designed for the end user allowing them to manage their individual accounts which include: 

* Create, remove email accounts, forwarders, autoresponders. 
* View website statistics with AWstats. 
* View account information such as bandwidth usage, server status. 
* Manage domains, subdomains, and parked domains. 
* Manage and create MySQL databases. 
* Add, remove FTP accounts. 
* Use advanced tools such as cron jobs, hotlink protection.
* Access to pre-installed scripts such as Fantastico.

[Top]
Do I have to be knowledgable about web hosting to resell?
Basic knowledge is desired such as understanding various hosting related terms (mysql, php, various email features, etc). If there is something you don't know our support is available 24/7 to respond to any questions that you may have. We are also able to provide technical support directly to your customer on selected plans so you can focus on making sales.

[Top]
What am I responsible for if I resell hosting?
You would be responsible for any interaction between you and your customer since we only support the direct reseller or you in this case. (except where end user support is contracted). This also includes building your hosting website, setting up your plans and pricing, and any other 3rd party script installations, etc. We as the parent hosting provider supply you with the resources (disk space, bandwidth, features) and handle all server related issues.

[Top]

4. VPS Hosting FAQ
 

Find answers to the most commonly asked VPS hosting questions via the FAQ below. If you have furthur questions don't hesitate to contact us.

 

 

What is a VPS ?
VPS stands for Virtual Private Servers. VPS is an isolated server that share the hardware of a single physical server however performs like a stand-alone server where you can run your own applications, it can be rebooted independently, has its own root access, ip's, users, memory, processes, ports, etc.

[Top]
What is OpenVZ?
OpenVZ is the VPS (Server Virtualization) technology, which allow us to create isolated VPS servers on the single physical machine.

[Top]
What is guaranteed and burst memory (RAM) ?
Guaranteed memory is the amount of memory allocated to your VPS which you can use up to at any time. Burst allows your VPS to use more than your guaranteed memory as long as the memory is available to use up to the burst limit.

[Top]
What are the advantages of a VPS ?
VPS gives you the functions and features and of a managed dedicated server but without the price. You have full control of your VPS including full root access to install your own applications not viable on a shared hosting environment. Since a VPS is an isolated hosting environment it allows you more freedom to run scripts that aren't allowed on a shared hosting environment such as sending out a mailing list and since you get your own mail server you don't have to worry about other users blacklisting the mail server ip, it allows you to create reseller accounts if you are a reseller, and more.

[Top]
What is the difference between a VPS and shared hosting?
VPS is an isolated environment with your own resources whereas in a shared hosting environment the server resources are shared among all accounts on the server. In a shared environment you are restricted to use the features enabled by your provider whereas in a virtual isolated private environment you are free to disable/enable features suitable for your website.

[Top]

How do I manage my VPS?
Managed VPS hosting accounts come with popular WHM / cPanel control panel.

WHM is the hosting administration control panel. It allows you the manage and create hosting accounts in your VPS. Some functions you can perform include create and manage all hosting accounts, limit accounts disk space, bandwidth, email accounts, email all accounts, change account passwords, check server status.

cPanel is the hosting accounts control panel which allows you to manage the individual hosting account. Functions include create/remove email accounts and forwarders, view website stats via AWstats, view account information such as bandwidth usage, manage domains, subdomains, parked domains, manage and create mysql databases, add/remove FTP accounts, use advanced tools such as cron jobs, hotlink protection, access to pre-installed scripts such as Fantastico.

There's no control panel included in unmanaged VPS plans and you need to do operations from the command line, using popular Putty or WinSCP software.

[Top]

 

5. How to register a Name Server
 

Quickly find answers to the most commonly asked questions via the Nameserver Registration FAQ below. If you have further questions don't hesitate to contact us.

 

 

When using a nameserver for the first time, you may need to register it with your registrar (the company that you used to register your site's domain name).

Once your DNS servers have been registered, any new trial sites created in your cPanel can be pointed to your custom DNS and will use your registered domain name, rather than the default system domain names. You can also modify your existing domain name records and change the DNS servers to your own domain name, if you have previously created sites that use the default domain names. 

In this article, you'll find instructions for registering nameservers on some of the popular registar websites.

 

Registering a nameserver with GoDaddy
  1. Log in to the GoDaddy site
  2. Select My Account > Domain List. Select the domain name you want to update.  
  3. Next to the Host Summary header, click Add. 
  4. Enter "ns1" in the host name field and the IP address you've received from us in the IP address 1 field. Click OK. 
  5. Repeat this process for the second set of fields, entering "ns2" in the host name field and the IP address you've received from us in the IP address 2 field.

 

 

[Top]
Registering a nameserver with Namecheap
  1. Log into the Namecheap website
  2. Select My Account > Manage Domains. Select the domain name you want to update.  
  3. In the Advanced Options section, select Nameserver Registration. 
  4. Enter the following two nameservers and IP addresses and then click Add nameservers: 

    ns1.your_domain_name.com (192.1.2.3) 
    ns2.your_domain_name.com (192.1.2.3) 

    Note: In the examples above, replace your_domain_name.com with your registered domain name and IP addresses with the IP's you've received from us.

 

[Top]
Registering a nameserver with Enom.com
  1. Log into the Enom.com website
  2. In the menu on the left, select Domain Names. 
  3. Also in the left menu, select Register DNS. 
  4. If you are registering the nameservers for the first time, use the section titled Register a NameServer Name. 
  5. If you have previously registered nameservers for your domain, use the section titled Update a NameServer IP. 
  6. Enter the information provided in the e-mail you received when you first set up your account with Enom.com. 
  7. In the Nameservers section, enter the following information:

ns1.your_domain_name.com - IP address (192.1.2.3) 
ns2.your_domain_name.com - IP address (192.1.2.3) 


Note: In the examples above, replace your_domain_name.com with your registered domain name and IP addresses with the IP's you've received from us.

 

[Top]
Registering a nameserver with Bulkregister.com
  1. Log in to your account on the Bulkregister.com site
  2. Select the option: List Domains. 
  3. In the list of domain names that appears, select the domain name you want to edit. 
  4. Click Manage Name Servers. 
  5. Click the option: To create child name servers of this domain, click here. 
  6. In the left field, enter ns1 (the prefix of the primary nameserver). 

    Note: There's no need to enter the suffix for the domain name (such as .com or .org) because it is already listed.
  7. In the right field, enter the IP address for the primary nameserver as you have received from us.
  8. Click Create Name Servers. 

    Note: If a second set of fields are displayed, enter the secondary prefix in the left field: ns2 and enter in the right field the IP address as you have received from us.
  9. Click Confirm.

 

[Top]
Registering a nameserver with Network solutions
  1. Log into your account on the Network Solutions website
  2. Click the Host Registration Form link. 

    Note: In order to register your nameservers, you'll need to fill out the form twice (once for the primary and again for the secondary nameserver). 
  3. In the General Information section, enter your email address. Select the New option. 
  4. In the Host Information section, enter the following information: 

    Host NIC Handle: (leave this field blank) 
    Host Name: Enter the nameserver NS1.your_domain_name.com (replacing your_domain_name.com with the site's domain name). 
    IP Address: Enter the IP address you have received from us for the primary nameserver. 
  5. In the Contact Information section, enter your NIC handle. If you don't know your NIC handle, you can obtain this by doing aWHOIS lookup of your main domain name. 

    Alternatively, you can create a new contact record by leaving the NIC Handle field blank and submitting the form. 
  6. In the Host Form Authorization Information section, select the preferred Authentication Method. 
  7. Scroll to the bottom of the page and click Generate Host Form. 

    A completed Host Template is displayed. Scroll to the bottom of the page and click Mail this Host Form to me. The site will send you a copy of the Host Template. 
  8. Check your email to receive the form. Click reply to send the form back to Network Solutions. This is an important step, because if you do not reply to the email with the form, Network Solutions will not process your registration.  
  9. Repeat steps 2-8 to register the secondary nameserver. When you repeat step #4, enter the following information: 

    Host NIC Handle: (leave this field blank) 
    Host Name: Enter the nameserver NS2.your_domain_name.com (replacing your_domain_name.com with the site's domain name). 
    IP Address: Enter the IP address you have received from us for the primary nameserver.

[Top]


6. SSL Certificates FAQ
 

Quickly find answers to the most commonly asked questions via the SSL Certificates FAQ below. If you have furthur questions don't hesitate to contact us.

 

 

What is SSL and what it actually does for you?
SSL is the acronym for Secure Sockets Layer and is the Internet standard security technology used to establish an encrypted (or safe) link between a web server (website) and your browser (i.e. Internet Explorer, Chrome, Firefox, etc…). This secured link ensures that the data/information that is passed from your web browser to the web server remain private; meaning safe from hackers or anyone trying to spy/steal that info. SSL is the industry standard and is used by millions of websites to protect and secure any sensitive or private data that is sent through their website. One of the most common things SSL is used for is protecting a customer during an online transaction.

 


To establish a secured SSL connection on a web server it requires an SSL Certificate to be properly installed. When completing the process to activate SSL on your web server you will be asked to complete a number of questions to verify the identity of your domain and your company. Once properly completed, your web server will create 2 types of cryptographic keys – one is called a Private Key and the other is called the Public Key.

The Public Key isn't a secret and it's placed into something called a Certificate Signing Request or most commonly referred to as the CSR. The CSR is a file that contains all the data of your details. Once this CSR is generated, you can begin the SSL application process. During this process, the Certification Authority (CA) will go through the validation process to verify your submitted details and then once verified will issue an SSL Certificate with your details and allow you to use SSL. Your web server will automatically match the CA issued SSL Certificate to your Private Key. This means you are now ready to establish an encrypted and secure link between your website and your customer's web browser.

SSL protocol is complex, but the complexities always remain invisible to your customers. Instead the browser they are using provides them with a key indicator letting them know that their session is currently protected by an SSL encryption – sometimes it is the lock icon in the lower right-hand corner, or the addition of an "s" in https rather than just http, on high-end SSL Certificates, a key indicator is the green bar in the browser. Clicking on the indicators will display all the details about it. All trusted Certification Authorities issue SSL Certificates to either legit companies or legally accountable individuals.

Generally speaking, SSL Certificates include and display (at least one or all) your domain name, your company name, your address, your city, your state and your country. It also always has an expiration date of that particular certificate and of course the details of the Certification Authority responsible for issuing the certificate. Browser connect to a secured site and then retrieves the site's SSL Certificate and first makes sure that it has not expired, then it checks to see if it was issued by a known Certification Authority that the browser trusts, and then that it is actually being used by the website that is was actually issued to. If any one of these parameters does not check out properly, the browser will display a warning to the user to let them know that this site is not secure by SSL. It says to leave or proceed with extreme caution. That is the last thing you would want to say to your potential customer. That is why SSL is of high importance to any successful company doing business on the web.

[Top]
Why do I need an SSL certificate for my site?

If your site sends or receives sensitive information such as customers personal information, credit card details, etc., customers expect it to be secured with an SSL certificate. Many will leave your site if they see that it is not secured.

 

[Top]
Are All SSL Certificates the Same?

The number of businesses that use SSL have increased tremendously over the past few years and the reasons for which SSL is used has also increased, for example:
• Some businesses need SSL to simply provide confidentiality (i.e. encryption)
• Some businesses like to use SSL to add more trust or confidence in security and identity (they want you to know that they are a legitimate company and can prove it)
As the reasons companies use for SSL have become wider, three different types of SSL Certificates have been established:

• Extended Validation (EV) SSL Certificates
• Organization Validation (OV) SSL Certificates
• Domain Validation (DV) SSL Certificates

 

Extended Validation (EV) SSL Certificates are issued only when a Certification Authority (CA) checks to make sure that the applicant actually has the right to the specific domain name plus the CA conducts a very THOROUGH vetting (investigation) of the organization. The issuance process of EV Certificates is standardized and is strictly outlined in the EV Guidelines, which was created at the CA/Browser Forum in 2007, specifies the required steps that a CA must do before issuing an EV certificate:

 

1. Must verify the legal, physical & operational existence of the entity
2. Must verify that the identity of the entity matches official records
3. Must verify that the entity has the exclusive right to use the domain specified in the EV Certificate
4. Must verify that the entity has properly authorized the issuance of the EV Certificate

EV Certificates are used for all types of businesses, including government entities and both incorporated & unincorporated businesses. Takes about 10 days to issue.
A second set of guidelines are for the actual CA and it establishes the criteria to which a CA needs to be audited before being allowed to issue an EV Certificate. It is called, the EV Audit Guidelines, and they are always done every year to ensure the integrity of the issuance process.


Organization Validation (OV) SSL Certificates are issued only when a Certification Authority (CA) checks to make sure that the applicant actually has the right to the specific domain name plus the CA does some vetting (investigation) of the said organization.  This additional vetted company info is displayed to customers when the Secure Site Seal is clicked on, this gives enhanced visibility to who is behind the site which in turn gives enhanced trust in the site. Takes about 2 days to issue.


Domain Validation (DV) SSL Certificates are issued when the CA checks to make sure that the applicant actually has the right to the specific domain name.  No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal. DV certs can be issued immediately.

[Top]
Why Choose EV

Give your customers the confidence to make their purchases online with EV SSL Certificates. Extended Validation triggers the display of the green address bar in high-security browsers.


EV Sertificate Example

 

What does the green address bar do?

The green address bar gives an intuitive visual cue that your business is legitimate. The green bar is only available with Extended Validation (EV) certificates. In contrast, major web browsers have integrated anti-phishing protection so that known phishing sites will display a red address bar. Studies have shown a strong, positive impact for businesses that use EV certificates.


Customers Gain Confidence with the Green Address Bar

Extended Validation SSL gives Web site visitors an easy and reliable way to establish trust online. Only SSL Certificates with Extended Validation (EV) will trigger high security Web browsers to display a green address bar with the name of the organization that owns the SSL Certificate and the name of the Certificate Authority that issued it. The green bar shows site visitors that the transaction is encrypted and the organization has been authenticated according to the most rigorous industry standard. For better online performance and added customer confidence, choose Secure Site with EV SSL Certificates. (SSL Security and Extended Validation.)

 

[Top]
Why is the brand of certificate important?

Functionally, all certificates with the same level of encryption perform similarly. However, for discriminating customers, branding in certificates has the same effect as designer clothing: it gives sophisiticated customers assurance that you're a sophisticated business.

[Top]
How do visitors know what kind of SSL certificate I'm using?

To find out what SSL certificate you use, visitors simply click the lock icon in their browser's address box. A new window pops up with information about your certificate.

[Top]
Do SSL certificates work in all web browsers?

SSL Certificates are compatible with 99.9% of all browsers, including all major web browsers.

[Top]
Can I upgrade my SSL Certificate?

Once you purchase a certificate, we can't upgrade it. However, if you need a more secure certificate immediately, you can purchase it and install it on the same web server as the old certificate. If you don't need the more secure certificate immediately, you can wait until your current certificate expires and install a more secure one at that time.

[Top]
Do I need technical expertise to set up an SSL certificate on my web site?

Installing a certificate is not difficult, but it does involve a process that's specific to each individual web server. Certification Authorities publish instructions for generating the Certificate Signing Request (CSR) and installing the certificate.

[Top]
What is CSR?

CSR stands Certificate Signing Request. A CSR is a special key generated by a web server using that server's unique private key. The CSR is sent to the certificate issuer, which generates the final certificate.

[Top]


 

7. Sales FAQ
 

Quickly find answers to the most commonly asked questions via the sales FAQ below. If you have furthur questions don't hesitate to contact us.

 

 

Do you offer a money back guarantee?
We offer a no-hassle 15 day money back guarantee.

[Top]
What type of payment do you accept?
We accept all major credt cards including Visa, MasterCard, American Express, Discover and Diners Club via our certified reseller 2Checkout.com. Please note, we do not store your credit card details, all payments are processed by 2Checkout. We also accept Paypal.

[Top]
Are there any discounts if I paid annually?
Our prices are already very competitive. We don't provide any discounts for annual payments.

[Top]
How long does it take to setup an account after I order?
If you order during normal business hours Monday-Friday 11am-17:30pm (GMT), it can be setup within 1 to 24 hours, depends on your time zone. Orders placed over the weekend may experience a slight delay (24 - 48 hours).

[Top]
Do I get root access to the server?
Yes, if you have ordered VPS you get root access. With your hosting or reseller account you do not get root access to the server.

[Top]
Can resellers create sub-resellers?
A reseller can't create sub-reseller accounts but you can resell our reseller accounts as your own. You would bill your client for the reseller plan at a marked up rate, you pay us our fee. We setup your account and email you the account details which you send to your client.

[Top]
I am with another host and wonder if you can help me transfer my accounts?
We can provide transfer assistance for up to 30 accounts free if you are hosted on a cPanel server. Send an email to support@euro-space.net with the domain name, cpanel username and password for each account you want transferred.

[Top]
Where are your servers located?
Our USA servers are located in the AtlantaNAP datacenter in Atlanta. Our UK servers are located in the KillerCreation Networks Datacenter, UK, London.

[Top]
Do you allow adult websites on your servers?
We do allow adult content on our servers.

[Top]
Do you use a third party monitoring service to provide uptime reports?
We use WebSitePulse(www.websitepulse.com) to provide our clients with unbiased uptime reports from an outside third party. Uptime reports are provided to active clients.

[Top]
Are there any types of advertising placed on my account?
We do not place any type of advertising such as banners, popup's, etc. on your website.

[Top]
Do you provide support directly to my end user?
We provide end user support only on selected plans. If you are not contracted through us for end user support than you are responsible for your client's support. If you don't know the answer to a support question, you can contact us 24/7 for the answer and relay it to your customers.

[Top]
Do you provide billing to my clients?
We provide you with the web space, bandwidth, and other hosting related features. You are responsible for billing, and support to your end user.

[Top]
What is overselling enabled?
Overselling enabled is where we take the amount of disk space and bandwidth ACTUAL USE between all your accounts. For example, if you had the 10 GB space and 200 GB transfer plan and you decided to offer plans such as 1 GB space and 20 GB transfer on your site, you would only be able to offer it to 10 clients. With overselling enabled, you would be able to offer as many as you want as long as the aggregated amount USED between all your accounts does not go over the 10 GB space and 200 GB transfer or the cPanel account limits.

[Top]


 

8. Billing FAQ
 

Quickly find answers to the most commonly asked questions via the billing FAQ below. If you have furthur questions don't hesitate to contact us.


How do I update or change my credit card / billing information?
As we are not storing your credit card details, but your order is processing by our authorized retailer 2Checkout.com, to update your billing information first you need to login to your account here and click on the order you want to update with the new billing information, then click on Change Credit Card from the menu. You will be redirected to 2checkout.com website, where you can update the billing information.

[Top]
How do I retrieve my password to login to my account?
Use the Forgot Password link on the login page to have your password resent to the primary email on file.

[Top]
Can I pay with Paypal without creating a Paypal subscription?
As our hosting plans are setup as a recurring, you can cancel the subscription anytime from your billing account. However, to purchase single product or service (i.e. SSL certificate) you can pay to sales@euro-space.net , please contact us for details.

[Top]
How do I update my information?
Please login to your account here first, then choose Personal Information and enter new details.

[Top]
How do I change my billing login password?
Please login to your account here first, then click on Change Password.

[Top]
I have multiple orders. How can I get billed on the same day on one invoice?
Send an email to sales@euro-space.net and request to have your accounts renew on the same day. We'll have to prorate any accounts as necessary to accomodate this request.

[Top]
How do I view all my past invoices?
As we are not storing your credit card details, but your order is processing by our authorized retailer 2Checkout.com, to view your payment history and associated orders, first you need to login to your account here and click on the order you want to view past invoices of, then click on Payment History from the menu. You will be redirected to 2checkout.com website, where you can view the information.

[Top]
How do I cancel my account?
All cancellation requests must go through the Cancellation Request from your account. Select the order you want to cancel, then click on the Cancel Order button. You are responsible for all invoices generated prior to cancellation. Allow up to 5 days for your cancellation to be processed.

[Top]
I don't remember my password to cancel my account. What do I need to do?
Note the first 6 and last 2 digits of the credit card used on purchase, or the Paypal transaction ID in the email with request of cancellation, if you don't remember your password.

[Top]



 

9. Got Hacked? Check Our Security Advices
 

Quickly find answers to the most commonly asked questions via the Useful Advices below. If you have furthur questions don't hesitate to contact us.


My website got hacked, what to do?

This is an evolving guideline and pretty much covers all aspects of security that are your responsibility as a hosting account holder. If you follow them all, your account will remain secure and not hacked again.

Here are some tips to keep your site secure. This was primarily written in response to a hacked site:

1. First thing you need to do is check all vendor/developer sites for ALL web scripts/applications used in your account for any updates including any mod you may be using in any web application. If you are using any open source web application, that may be the prime suspect. However, you must check all and keep them up to date. Check the database on www.secunia.com for any known exploits released in public. 

2. Once you have verified that 100% of the installed scripts are the latest stable version, you will need to go through all files of your account and make sure none were uploaded by hackers before you audited or left by you from an old install of an application. There may be suspicious files in folders you would never imagine and in folders several levels down. You can use ftp or cPanel file manager to go through all files under public_html and compare them with your local copy. [You should always maintain a local copy for this comparison as well as backup.]

3. Make sure all passwords are a mix of alpha-numeric and not a dictionary word. Just because you thought of a difficult word from the dictionary does not make you safe. Please also use both capitals and lowercase and at least 8 characters.

4. The MySQL database access to all web applications should be using separate db users. Do not ever use your main account user/pass for it. Your main user/pass should never be stored in any file in your account.

5. In your control panel, activate archive option of your web logs in Raw Log Manager. This will give you the opportunity to check how the hacker exploited one of the scripts. Otherwise all raw logs are cleared after generating stats. If you have already been hacked, its too late now but you can archive the logs for future attacks.

6. If you have customized a web application with a mod, make sure it is also the latest stable version. Many popular web application may be stable but one of the addon mods may be exploitable and possibly not maintained any more.

7. If you have written some code yourself, make sure all input variables are sanitized (checked for valid data before using it). Otherwise a single line of bad code can give access to your entire account. The usual blunder is to include a file based on user input. Again, make sure all input to a script is checked for valid data. All exploits are based on input data. If your site does not take any input, you are 100% safe from web exploits, i.e. if you run 100% static HTML site with no script whatsoever anywhere in your account.

8. For PHP, any application that uses register_globals to be active has more chances of being exploitable. Avoid such applications.

9. If you have some mail script, make sure it is safe from header injection. In essence make sure that email address, subject and other part of data that is being submitted by user does not contain line breaks. Some coding assistance is provided on our forums.

10. Using open source free web applications is great but you have to maintain it by regular updates or you can loose all your data and site if a new exploit is known about it. And as a hosting account owner, it is your responsibility that you have installed only stable applications in your account.

11. If your site has been running fine for years, it does not mean there were no security holes in it. It actually means that exploit was unknown or you were lucky that no one exploited it before.

12. For added security, change the permissions of your configuration files (having database credentials etc.) to 660. You can do that via ftp or file manager. This feature can work on shared hosting servers or if your VPS/dedicated server has phpsuexec through cPanel.

13. For added security, if you can block access to certain administrative sections of your site, do that by giving access to only authorized IP addresses and blocking access for everyone else, Or password protect it.

14. If there is any file upload facility in your account, make sure that only authorized members can use it. 

Also the uploaded file should not be accessible via web URL directly (i.e. stored outside of public_html) unless

a) it is only uploaded by a site admin (responsible person)
b) checked and validated to be not exploitable

15. If there is any URL forwarding or Webmail facility for your site membership, make sure it is not given to all without proper authorization or it could be used for spamming.

16. If you're just testing / trying something, which only you need and you know you won't actively keep up to date, just lock it behind a password right away.

17. Since shared/reseller servers come with suPHP, you do not need any file or folder with world write permissions. The normal folder permissions should not exceed 755. PHP/HTML files can be 644 (or lower through ssh). CGI/Perl scripts should be 755.

18. Anyone who writes web application code, should be familiar with security. I found this book in my local Library particularly on PHP: http://www.oreilly.com/catalog/phpsec/  recommended to all. It covers all aspects of vulnerabilities found today in web applications. Found this site as well from the book: http://phpsec.org

19. Protect your website with the SSL Certificate, so information from/to your website sensitive areas will be encrypted. Learn more about SSL Certificates here , or order one here .

20. If your website is based on WordPress CMS, please learn how to harden your installation and fix cracked code from the following links:

http://codex.wordpress.org/Hardening_WordPress
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://www.wpbeginner.com/wp-tutorials/how-to-find-a-backdoor-in-a-hacked-wordpress-site-and-fix-it/ 

 

 

Use our Professional WebSite Security Service to Protect Your Website(s)

We can perform all above operations on your behalf - Scan and clean your website from malware, harden scripts, protect domain and put constant security monitoring on your account. Please submit a Support Request to receive special deal on this service.

[Top]



 
EURO-SPACE on Facebook Share Your Hosting Experience With EURO-SPACE on Twitter Share Your Hosting Experience With EURO-SPACE on LinkedIn EURO-SPACE on Google Plus

AffiliatesWordPress HostingcPanel Web HostingCloud VPS HostingDedicated ServersSSL CertificatesBlog Posts

Privacy PolicyAcceptable Use PolicyTerms of ServiceContact Us

PayPal Accepted VISA Cards Accepted MasterCard Accepted Discover Accepted Payment With Diners Club Accepted AMEX Accepted

© 2007 - EURO-SPACE. All Rights Reserved.