Must-knows of SSL and SSL Certificates:

• SSL, short for Secure Sockets Layer, is a protocol for transmitting private information via the Internet
• SSL is all about encryption; some of us might even know that SSL uses two keys to encrypt data, a public and a private key
• SSL is a must-have for e-commerce websites
• We know we’re on an SSL protected page when the URL begins with “https” and there is a closed padlock icon on the browser

Now, let's take a look at the good-to-know’s of SSL and SSL Certificates.

How does it work?

An SSL-encrypted connection is established via the SSL "handshake" process.

This process is transparent to the end user. The "padlock" icon in the browser and the "https://" prefix in the URL are the only visible indications of a secure session in progress.

By contrast, if a user attempts to submit personal information to an unsecured Web site (i.e., a site that is not protected with a valid SSL certificate), the browser's built-in security mechanism triggers a warning to the user, reminding him/her that the site is not secure and that sensitive data might be intercepted by third parties. Faced with such a warning, most Internet users will likely leave the unsecured site.

What information is contained on an SSL Certificate?

An SSL Certificate contains the following information:

• the certificate holder’s name
• the certificate’s serial number and expiration date
• a copy of the certificate holder’s public key
• the digital signature of the certificate-issuing authority (ie. GeoTrust)

Does it matter if the encryption strength is 40-bit or 128-bit?

Encryption strength is measured in key length – the number of bits in the key. To decipher an SSL communication, one needs to generate the correct decoding key. Mathematically speaking, 2n possible values exist for an n-bit key. Thus, a 40-bit encryption involves 240 possible values. A 128-bit key involves 2128 possible combinations, rendering the encrypted data impossible to hack. In simple terms, the difference between a 40-bit and a 128-bit encryption is akin to securing your financial information behind a deadbolt vs. a bank vault.

But, the actual encryption strength on a secure connection is determined by the level of encryption supported by the user's browser and the server that the website resides on. The majority of browsers support a 128-bit encryption. In other words, if you have the GeoTrust QuickSSL (up to 256-bit) on your website and your visitor’s browser supports 128-bit, information transferred between your website and your visitor’s browser will be encrypted with a 128-bit encryption.

How do I purchase an SSL Certificate? What do I need to know?

Doteasy is a reseller of the GeoTrust Quick SSL Certificate. We offer the 1 year QuickSSL certificate for US$159.

The most important thing you need to keep in mind is that the dedicated SSL Certificates are created to function with one unique domain name. For example, if the certificate is issued to the domain www.yourdomain.com, the correct secure URL will be https://www.yourdomain.com. A visitor going to https://yourdomain.com or https://shop.yourdomain.com will not see the padlock icon and instead will see a mismatch certificate error message.

I am not running an e-commerce website, do I still need an SSL Certificate?

SSL Certificates are used to prevent hackers from stealing private information. Here are the reasons why you should consider using an SSL Certificate even if you're not running an e-commerce site:

1. Keep your visitors information private – If you process sensitive data such as address, birth date, license, or ID numbers (ie. as part of a signup or login form), an SSL Certificate will keep your visitor information private and help ensure that their personal data is not stolen or tampered with (aka. identity theft)
2. 2. Give yourself a competitive edge – A secure site will help you gain a competitive advantage over those who do not secure their customer data. Savvy customers will click away from a website when conducting transactions or giving private data if the site does not appear to have secure areas.
3. 3. Help your site appear legitimate – An SSL Certificate will help your site to appear legitimate and trustworthy.

I have an SSL Certificate installed, but the padlock icon is not displaying in the browser?

This issue will occur if your webpage is displaying images, banners or scripts that are coming from a server that is not secured.

To resolve this issue, you will need to make sure all items on the website are secured.

1. If frames are being used, ensure that the entire website is being secured, and not just the framed page
2. If images are being used, ensure all images are secured (referenced with https:// prefixes rather than http://)
3. Ensure scripts and codes (ie. JavaScript) are not being referenced from a non-secure source

Everyone should backup their websites regularly! It is quick and easy and will give you peace of mind.

But why should I back up my own site? Doesn’t Doteasy backup my website anyways?

Yes, we do backups of your website, but the backups are mainly for our benefit, for example, the server crashes completely and we need to restore all the websites from that server onto a new one. All of the files from a server backup would be jumbled together.

Basically, our requirements for keeping backups of your server are different from your requirements for keeping a backup of your website. So, it is always good to make your own backups.

There are a few ways to backup your Doteasy website:

• FTP
• Site Admin Panel
• phpMyAdmin

FTP

Start your FTP client as you would to upload your files. However, with a backup, you will be transferring (or downloading) files from your server to your computer.

Site Admin Panel (Ultra/Unlimited Hosting AND websites less than 500mb)

With this option, you will be using the Export function in your Site Admin Panel to backup your website (including web files and database).

You can login to your Site Admin Panel via the login link in your Member Zone.

1. Once you have logged into your Site Admin Panel, select the Export/Import function from the Menu.

2. On the Export tab, select the type of export and the mode of transfer desired.

*Note* The Download mode is recommended for exporting small files to your local computer. Large files may take a long time to transfer depending on the quality of your Internet connection. Use the FTP mode for a faster and more reliable transfer for larger files.

Manual Download (for websites larger than 500MB)

If your website is larger than 500MB, you can contact us to schedule a manual monthly backup for your website. This manual backup is free and once started, will run monthly.

Once you have contacted us, our scheduler will backup your entire website (including web files and database) every month. The backup file will then be uploaded to your FTP account for you to download.

MySQL Database-only (PHP/MySQL, Ultra/Unlimited Hosting)

For clients with the PHP/MySQL optional feature or are on the Ultra or Unlimited Hosting plans, if you need to backup your databases only, you can easily do so using phpMyAdmin.

1. Login to phpMyAdmin via the MySQL Administration Tool link in your Site Admin Panel.

2. Click on the Export link

3. In the Export box in the upper left corner, select all databases you wish to back up.

4. Check the box next to Save as file and click on the Go button.

5. A download window should pop up asking you where you’d like to save the file, choose a location, rename the file to something suitable and click OK.

*Note* If your database is large, it may be a good idea to save each of the databases individually. Also, saving them all in one file means you'll need to separate them if you don’t want to restore them all at the same time

Installed Applications

If you have installed Wordpress, Drupal and/or Joomla on your website, you can refer to the following sites for more information on backups:

• Wordpress
• Drupal
• Joomla

author: Kathy

What would you do if you received the following email?

Dear user,
We received a third party complaint of invalid domain contact information in the Whois database for this domain…We sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain. The domain has subsequently been purchased by another party. You will need to contact them for any further inquiries regarding the domain. PLEASE VERIFY YOUR CONTACT INFORMATION - http://www.enom.com.com92.biz

Recently, domain owners who have registered their domain names through Enom and Network Solutions were targeted in a phishing scam. Emails were sent to domain owners, asking them to login to renew or update their domain registration. The emails contain a link to a login page that is designed to look like that of Enom.com and NetworkSolutions.com. Unaware of the ill-intentions o the fraudster, many customers have fallen for the scam.

By the way, the above message is one of the phishing emails sent. You can read more about these phishing emails here:

• Enom Phishing Scam
• Network Solutions Phishing Scam

So, what can you do to protect yourself from these phishing scams?

1. Keep Information to Yourself

Fraudsters often mine the domain registry WHOIS database for your domain registration information, including your domain expiry date and contact information. This is how they know when to send you fraudulent domain renewal “reminders”. While you cannot hide your domain expiry date on your Whois records, you do have the option to hide you contact information – Private Domain Registration.

With Doteasy Private Domain Registration service, your contact information will be masked with our information. Doteasy Private Domain Registration is currently offered as a bundled package with the Domain Locking service (a invaluable services that protects your domain from unauthorized transfers or thefts). You can order this Domain Protection Package in your Member Zone.

2. Know Your Registrar

We have already received several inquiries from Doteasy domain owners. It appears that the fraudsters are not just targeting Enom or Network Solutions customers. If your domain is registered with Doteasy and you have received a Enom-titled warning email, that should set off alarm bells.

You can easily find out who your domain registrar is by using the Whois tool in your Member Zone.

3. Start Typing

The scam emails contain a link to a login page that is designed to look like that of another legitimate company (ie. Enom.com and NetworkSolutions.com). The safest way to login to your domain account to renew or edit your registration is by typing in the address directly in your web browser.

4. Notify Us

If you believe you have been a target or a victim of a phishing scam, contact us immediately so that we can further assist you.

author: Kathy

Visitors search for your site on Google but instead of linking to your website, they are taken to a Google webpage that looks like this:

What does this mean?

Google has placed warnings in its search results for websites that has been tested and determined to host or distribute badware. If a Google user searches for a site that Google has determined to be potentially dangerous, they will see a warning in the search results.

To remove this warning, you will first need to identify the problem(s) that has caused Google to flag your site.

Identifying the Problem

StopBadware.org suggests checking the following on your website:

1. Any software that you are offering for download.
2. Links and codes/scripts on your website, including third-party hitcounter or statistics services. You can visit the StopBadware Reports and Badware Website Clearninghouse for information on the sites and software to which you link or are planning to link.
3. Third-party ads displayed on your website. Make sure these ads do not link to bad software or badware-infected webpages.
4. If you have a forum, blog, guestbook or user-generate content sharing area on your website, check all posted links.

Removing the Google Warning

Once you have identified and removed the problem(s) there are three ways to remove the Google warning:

• Google periodically re-scans the sites it has previously flagged, so you can choose to wait for this re-scan. Unfortunately, there is no set schedule for these re-scans so we won’t be able to tell you exactly when Google will recheck your website.
• You can submit a request for review through StopBadware.org.
• You can also submit a request for review through Google Webmaster Tools.

Common Questions

1. Is it possible for someone to report my website to Google to place a warning on the website? (ie. someone is deliberately lying to hurt my business)

No, it is not possible for someone to falsely report your site to Google to have the warning issued. Google independently identifies sites that host or distribute badware. If a search for your site leads to a Google warning page, it means that Google's testing process has determined that your site either hosts or distributes badware and may be harmful to site visitors.

2. Is it possible to learn exactly what caused my website to be flagged?

Unfortunately, Google has its own independent process for locating badware on websites. To preserve the integrity of that process, Google does not release detailed information about the results of its testing to the public at large. However, Google does offer information to verified site owners through its Google Webmaster Tools service.

For more information, you can visit Google Webmaster Blog on badware notifications.

author: Michael

Web browser not working properly anymore? Pop-up windows and ads popping up from nowhere? Your computer could be infected.

Safe web surfing on the Internet continues to get harder every day. Although you can't eliminate all of the risks, there are ways you can reduce potential dangers.

Anything you download from the Internet could be a threat but a few software programs are known for including spyware and adware. With these safe web surfing tips and common sense you can avoid a lot of common problems, ie. the problems mentioned above.

Any file-sharing program is a big problem because the files come from several computers. The first safe web surfing tip is stay away from file-sharing programs all together because this is a major source of computer problems today.

Another good safe web surfing tip is to be cautious about products that claim to be free. Sometimes the publisher generates revenue from pop up ads which will mysteriously appear while you browse the Internet. Adult and gambling sites are also known to use pop up, spyware and adware programs.

It's almost not enough nowadays just to run anti-virus programs. Spyware and Adware are now ahead of viruses as the number one annoyance with computer users today. So you need to arm yourself with spyware and "mal-ware" protection software as well.

In addition to the constant Virus/mal-ware/Spy-ware threat you need to consider your operating system. The newest Windows Operating system "Windows Vista", will now ask you if you have installed a Virus program, setup a firewall and installed any Spyware protection products, in an effort to help users stay safe and through the use of "automatic updates" automatically help secure your computer for any uncovered weaknesses within the operating system. Anyone using older operating systems are going to be increasingly at risk when they no longer are supported or protected with new security patches.

For those who wish to read more, Microsoft has posted detailed instructions on how to tell if your computer has been hit and what to do about it.

You may also want to check out what the FBI recommends on how to protect your computer.