Author Archives: Administrator

Disabling Port 25 & Renewal Prices for Web Services

Posted on by

As part of our efforts to minimize mail deferrals, we will be deploying a popular and simple technique to combat outbound SPAM i.e disabling Port 25 for MUAs (such as outlook, thunderbird etc). Port 25 will be disabled in the third week of January and we will send you the final date soon.

Port 587 has already been enabled as a replacement and we encourage you to enable Port 587 for SMTP connections.

To change the SMTP Port you need to enable Port 587 in the following way:

Outlook: Tools >> Account Settings >> Email >> Change >> More Settings >> Advanced >> Outgoing server (SMTP)

Thunderbird: Tools >> Account Settings >> Outgoing server (SMTP) >> Edit >> Port

Coupled with SPF and DKIM that we launched earlier, disabling Port 25 will help ensure a more stable and seamless email experience for your Customers.

.UK.COM Awards 2011

Posted on by

The .UK.COM Registry is running a great promotion where .UK.COM Domain Registrants can win £5000 and be named the best original idea or the best design, content and functionality for a business/creative Website. Entries for the .UK.COM Awards 2011 have already started pouring in with companies and individuals around the UK nominating their websites and others for these awards.

About the .UK.COM Awards 2011:
The .UK.COM Awards are a bid to recognize the best .UK.COM Website in terms of idea, design, content and functionality.

These awards seek to name the best business and creative websites in two categories namely Best Original Idea and Best Design, Content and Functionality. Winners in these categories are eligible for a cash prize of £5000 along with being named the Best .UK.COM Business/Creative site in their respective categories.

Winners will be selected by an expert jury with both the Website owner and the Website designer being recognized for their contributions.

You too can enter today:
The competition is open to all existing and planned .UK.COM Websites and entries can be submitted till the 31st of December, 2010 with the winners being announced early next year. You can submit an entry even if you don’t have an existing website by simply describing your idea.

Nominate a Website:
If you think you know of one or more .UK.COM Websites deserving to win in one of the above categories, you can nominate them by going to www.uk.com and filling out a simple form.

To get started right away visit https://www.uk.com/awards/2011/enter.

Get ready for .CA

Posted on by

.CA is the official ccTLD of Canada and the first .CA Domain was registered in January 1998.

The Canadian Internet Registration Authority (CIRA) is the body responsible for managing the .CA Domain Space and under its guidance Registrations have seen a growth of 16% between 2007 and 2009.

A .CA Domain is now considered necessity for anyone looking to highlight their Canadian Connection.

With respect to the .CA rules and regulations, they differ slightly from those of other TLDs.

For instance, .CA registration requires one to satisfy certain Canadian Presence Requirements before being able to Register .CA Domains. You can read more about the Canadian Presence Requirements as laid down by CIRA here.

How to secure your site against a vulnerability in ASP.NET that could allow Information Disclosure.

Posted on by

A few days ago Microsoft released a Security Advisory (http://www.microsoft.com/technet/security/advisory/2416728.mspx) about a vulnerability which affects all versions of ASP.NET. This vulnerability known as Padding Oracle exploits the way an ASP.NET application handles encrypted data. ASP.NET encrypts data to prevent an application from tampering with it. Because of this vulnerability, an attacker can send data to a site and analyze the error response which provides a lot of information enabling the attacker to break the ASP.NET’s encryption in a matter of hours or minutes. An attacker then would be able to read a vulnerable application’s files and tamper with the data contained in them.

Workaround

A workaround that you can use against this vulnerability is to enable <customErrors> mode in the web.config file of your application, and explicitly configure your applications to always return the same error page – regardless of the error encountered on the server. By mapping all error pages to a single error page, you prevent a hacker from distinguishing between the different types of errors that occur on a server.

Enabling the Workaround on ASP.NET V1.0 to V3.5

If you are using ASP.NET 1.0, ASP.NET 1.1, ASP.NET 2.0, or ASP.NET 3.5 then you should follow the below steps to enable <customErrors> and map all errors to a single error page:

1) Edit your ASP.NET Application’s root Web.Config file.  If the file doesn’t exist, then create one in the root directory of the application.

2) Create or modify the <customErrors> section of the web.config file to have the below settings:

<configuration>

<system.web>

<customErrors mode=”On” defaultRedirect=”~/error.html” />

</system.web>

</configuration>

3) You can then add an error.html file to your application that contains an appropriate error page of your choice (containing whatever content you like).  This file will be displayed anytime an error occurs within the web
application.

Enabling the Workaround on ASP.NET V3.5 SP1 and ASP.NET 4.0

If you are using ASP.NET 3.5 SP1 or ASP.NET 4.0 then you should follow the below steps to enable <customErrors> and map all errors to a single error page:

1) Edit your ASP.NET Application’s root Web.Config file.  If the file doesn’t exist, then create one in the root directory of the application.

2) Create or modify the <customErrors> section of the web.config file to have the below settings.  Note the use of redirectMode=”ResponseRewrite” with .NET 3.5 SP1 and .NET 4.0:

<configuration>

<system.web>

<customErrors mode=”On” redirectMode=”ResponseRewrite”
defaultRedirect=”~/error.aspx” />

</system.web>

</configuration>

3) You can then add an Error.aspx to your application that contains an appropriate error page of your choice (containing whatever content you like).  This file will be displayed anytime an error occurs within the web
application.

How to Verify if the Workaround is Enabled

Once you have applied the above workaround, you can test to make sure the <customErrors> section is correctly configured by requesting a URL like this from your site: http://mysite.com/pagethatdoesnotexist.aspx

If you see the custom error page appear (because the file you requested doesn’t exist) then your configuration has been setup correctly.  If you see a standard ASP.NET error then it is likely that you missed one of the steps above.

Microsoft is currently working on a patch to fix this vulnerability. Once released, we will apply this on all of our Windows servers. This workaround will not be needed after that.

How to check if IonCube is installed on Linux Servers

Posted on by

Starting today, we’re introducing a series of posts through which we intend to bring you the latest updates from our developers and tech experts. This corner will give you an insider’s view on the new features around the corner, useful tips and tricks and all the techie gossip at Indi Domains!

For the first installment of the series, we’re tackling a very common aspect of most hosting queries – Extensions that are available on Servers. As many of you may know, on IIS systems it is not always possible to figure out what libraries are supported, whereas it is much simpler on machines running Apache.
(Disclaimer: Being a Linux fanboy, this post might display a little bit of favoritism to the Linux platform)

Therefore, today we’re going to tell you a little bit about how one can check if the IonCube Loader is available on a Linux Server using PHP.

Ioncube is a handy extension when you want to protect files with PHP encoding, encryption, obfuscation and licensing capabilities. If you have a proprietary software that you distribute or you simply wish to encode your script, you should use IonCube. There are other methods to encode PHP scripts, but IonCube is by far the most secure. You can easily figure out if IonCube is running by looking at the information from PHP info. To check this you need to create a PHP file with the content as:

phpinfo();


Here, you will see a Zend Engine badge with the version for IonCube loader (the version on our servers is v3.3.7).

However, this only gives you very basic information on the IonCube version running. If you need more information on IonCube, you can use the sample PHP script attached below. Use an FTP client to upload the file “ioncube_advance_tester.php” to root directory of the website. Depending on your hosting package, it may be named “public_html” or “web”.

This script will output diagnostic results and give you information on getting server side parameters. You can use this script to check other parameters.

The file uses the ioncube_loader_version_array() function to get a list of all config parameters into an array. We then iterate through this array to echo results. It is a very simple and straightforward script. Apart from checking whether IonCube is installed, the script also checks if other server settings are correct.

We have created functions for the Introduction and More Information sections. This is only to exhibit how everyone should code using PHP 5. You can take this script and run it on any Apache server; however this script does not support IIS.

Hope this was an informative read. Let us know what you think!

IMPORTANT UPDATE : Modifications in your .HTACCESS files

Posted on by

After investigating a certain hack, we’ve discovered a certain vulnerability in the cPanel set-up which could potentially allow an attacker to gain access to files and databases from other packages.

To prevent issues arising from the above, we have disabled the use of  “Options +FollowSymlinks” in the .htaccess file. If a website is using that code, you will receive a “500 Internal Server Error” while browsing that directory.
(Most Joomla/Wordpress/Drupal content management systems use the line of code in their .htaccess files).

As a workaround, you will need to replace “FollowSymlinks” with “symlinksifownermatch” as its more safer option from the .htaccess file. We already have “SymlinkIfOwnerMatch” enabled for entire “/home” directory.

The vulnerability was a real concern, which is why the changes needed to go live immediately. We do apologize if you have encountered a “500 Internal Server Error” owing to the change.

NOTE : Older Linux Hosting packages (before cPanel) will not be affected by this modification.

You are always free to get in touch with our Support Team incase you have any clarifications in this regard.

Adding SPF and DKIM Records

Posted on by

As mentioned previously, we have introduced SPF and DKIM on our mail hosting servers as part of our efforts to increase security.

We will begin signing emails on the 7th of September, 2010 and we suggest that you create the necessary DNS records at the earliest.

Adding these Records:

You will not be required to make any changes if you are using our DNS services.

In case our DNS services are not being used, certain TXT Records will have to be added at the DNS Provider.

The following are Sample DKIM and SPF Records:

DKIM
Format: Hostname TTL Zone RecordType Value
Example: 20100802._domainkey.dummy.pws 86400 IN TXT “v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2t0wVC8xxBYWsnRPYyo24Dk65pNr
jyf28Y4q5GWyAGrgtyIls7M/t/vUfdY5gYmliTwWkXq6xvJ0fVSTv6HD3lYFnf1OouDdNqlZJZQ
SLZfqFKFr2vgkwWxFx+6kBAf6wR5PM6r3i97JsNc7kvNgGHTFxeAPHRKfpA7KEFa6eqw
IDAQAB”

SPF
Format: Hostname TTL Zone RecordType Value
Example: dummy.pws 86400 IN TXT “v=spf1 exists:%{s}.%{i}._spf.mailhostbox.com redirect=_spf.mailhostbox.com”

You can also view the records in your respective Control Panel under Nameserver Details in the Order Details View of your Hosting Package.

Why do these Records need to be added?
SPF and DKIM help to reduce mail spoofing and sender address forgery. Therefore adding these records will ensure that you are protected against the same.

Using SPF and DKIM will also go a long way in upholding the reputation of our mail servers.
It would result in a lower risk of issues regarding spoofing and spam, and would help improve our service levels to Resellers and Customers.

Website Builder Deprecation

Posted on by

We’re very excited to be launching a brand new Do-It-Yourself Website Builder with added features and functionalities that far exceed the existing Product.

So far we have offered you a value-for-money website builder tool. Come mid-September, the new Website Builder will be a premium Product with a refreshingly new user experience and impressive and easily adaptable templates. It consists of an easy to use visual editor and access to a number of easy to integrate components such as Paypal, eBay, Form builder, Blog Roll etc.

To be able to introduce this premium Product, we will be deprecating our existing Website Builder on the 7th of September, 2010. Post the 7th, you will not be able to purchase or renew any Website Builder packages and the Product will be removed from all Indi Domains interfaces.

Impact:
Purchase and Renewal:
You will not be able to create or renew any new Website Builder packages post the 7th of September, 2010.

Managing Orders:
We will provide new login details for you to be able to manage your existing Website Builder packages. You will not be able to manage the packages through the Indi Domains Control Panel. Rest assured all websites will continue to function and resolve normally post the 7th.

Win up to $10,000 with HowDoYou.com

Posted on by

Maybe it helped you meet your boyfriend/girlfriend/dog walker. Or keep a friendship alive from continents away. Or learn something that protected your health or that of a loved one.

All you have to do is go to HowDoYou.com submit a short video or essay about how .com has changed your life. If your entry wins (by a combination of popular votes and judging), you could win one of ten iPads, $2,500, $5,000, or $10,000.

The deadline is August 31, 2010—don’t wait to tell your story!.

Visit HowDoYou.com for more information and to submit your entry.