04 Jul

SSL, Google’s ‘Not Secure’ warning and your website

Starting from July, 2018 Chrome Browser will mark a website without SSL certificate or HTTPS as “NOT SECURE“. This means that when potential customers visit a website without the HTTPS in the address bar, they will see that their website is not secure. So what can you do? You can simply install SSL certificate and have your site secured.

We at TetraHost offers free SSL certificate with our hosting service and to install SSL for your website, simply login to your cPanel >> Security >> Let’s Encrypt SSL >> here you will find option to install SSL certificate.

For assistance, please check following article:

Announcement: Free Let’s Encrypt SSL With Hosting

More about the Google Announcement:
https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

If you are having any issue with SSL install or want us to install the certificates for you, please submit a ticket to support [at] tetrahostbd.com

20 Mar

Important: Password Security Policies

The password is the single most common security measure for digital systems, both online and off-line. The problem is that it is becoming increasingly less secure as hackers gain more and more powerful tools to simply crack them. A great deal of attention has gone towards the creation of secure passwords, what constitutes them, and whether or not it is feasible to retain a bunch of random alphanumerical strings inside your head all the time.

How are passwords cracked?

Most accounts that have their passwords compromised are not done so by another human being directly. Instead a computer will be tasked with guessing your password, so planning should go in to understanding and then deterring a computer from cracking your password. A hacker has a variety of malicious tactics available to them when trying to crack your password. These would be the two most common attacks you see on the Internet today:

  • Brute Force Attack: The attacker runs a script that tries again and again to randomly crack your password by sheer brute force. A long password with multiple character sets is the best protection. The higher your password entropy the less likely your password will be compromised by a brute force attack.
  • Dictionary Attack: The attacker utilizes dictionaries of known words or passwords and a script to try them in thousands of combinations until one matches up with the correct password. Don’t use common words, or keystrokes such as anyone’s name or phone number. Use a combination of multiple character sets to reduce the likelyhood of multiple entries pulled for a dictionary matching up successfully.

In recent time, We have been working on having more security on our cPanel servers and have applied few new security policies.

Password Strength – An password of any kind must set to 80% strong at least. System will not accept your password until it matches the security policy. To setup an strong password, you can use Lowercase/Uppercase letter, signs/symbols and number.

Password Age – Passwords must be changed every 90 days. Our system will automatically ask user to change their password every 90 days.

These two measures should allow you to secure your cPanel and related services. In the meantime, if you have any questions about account security, please contact us at TetraHost Support.

08 Jul

Compose an HTML Message in Web Based Mail

cPanel Webmail provides instant access to your email without the use of a local email client. You will need to login to cPanel and use the tool “Email Accounts” to view the username for your specific email account. The password needed to login should be already noted. If not, the password will need to be reset.

Visit the following URLs to access cPanel Webmail directly:

http://www.domain.com/webmail
http://www.domain.com:2095
http://webmail.domain.com

We provide three different web based mail client which you can use to access mails. The Three mail clients are:

Squirrelmail
Horde
Roundcube

The mail client will allow you to incorporate typical word processor functionality such as Bold, Italic, bullet points, images, font color, etc. By default HTML Compose options isn’t enabled and to enable it, follow the steps below for your preferred web based mail client:

Inside Roundcube:
1) Click the plus icon to create a new message
2) Select HTML from the “Editor Type” dropdown(available below Subject Line)

Inside Horde:
1) Click “New Message”
2) Enable “HTML composition” by ticking the option from right side.

Unfortunately, cPanel do not have HTML Composing enabled for Squirrelmail thus it is not available. We request our client to use Roundcube or Horde to have the ability to use HTML compose.

21 Jul

Using a Custom PHP.ini File and Make PHP Changes

The php.ini file is the default configuration file for running applications that require PHP. It is used to control variables such as upload file’s size, timeouts, and resource limits. We use suPHP(pronounced sue-p-h-p) environment in all our servers which allows our user to have their own custom php.ini file and change certain PHP settings as per their CMS requirement.

Below are some of the most common lines that are altered when making custom PHP changes:

  • memory_limit
  • upload_max_filesize
  • post_max_size
  • max_execution_time
  • max_input_time
  • register_globals
  • magic_quotes_gpc
  • date.timezone

 

To being creating your very own custom php.ini file:

php.ini Setup Process:
1. Create a file called php.ini from your local machine with the PHP values you want to modify.
2. Upload the newly created php.ini file to your cPanel account under the public_html folder.

Note: Make sure the file name is correctly setup which is php.ini

suPHP Path Setup Using .htaccess:
Create a .htaccess file and put the following code: suPHP_ConfigPath /home/username/public_html and upload the file to your cPanel account under the public_html folder.

Note 1: Make sure to change the cPanel username with the actual account username.

Note 2: If you already have an .htaccess file then you can just modify the .htaccess file by accessing it using File Manager and setup the path. FYI .htaccess is an hidden file so please make sure you enabled the option that says “Show Hidden Files(dotfiles)” while accessing File Manager.

 

Once you have completed the above steps your php.ini file will be active. Any entries you placed in the file will be used in place of the entries from the server’s main php.ini file.

Some examples of what may be changed by using a custom php.ini file are:

upload_max_filesize = 10M
post_max_size = 10M
max_execution_time = 30

Should you require any further assistance with creating a custom php.ini file then check in with one of our fantastic support people at http://tetrahostbd.com/contact.

18 Sep

Domain example.com has exceeded the max defers and failures per hour

In cPanel 11.32, a new feature is added to limit the ability of exploited or hacked sites to send out spam emails.

If you are receiving an error similar to “Domain example.com has exceeded the max defers and failures per hour (5/5 (100%)) allowed” in an email bounce back, it means that outgoing email from your domain has triggered a rule in the server that will stop any further email from going out of the server. This happens when a domain account sends out emails that either fail or get deferred. cPanel will regularly monitor the emails sent through all email accounts on your domain, and if, over the past hour, more than 100% of the attempted deliveries have failed, outbound email will temporarily be limited.

Let see how cPanel describe about this new feature of cPanel:

The maximum percentage of a domain’s outgoing mail that can consist of failed or deferred messages. Once the domain exceeds this percentage, it is temporarily blocked from sending mail.

This error is derived from an hourly monitoring system from cPanel, where any blocked domains are allowed to send email again at the top of every hour. For example, if you received this error at 2:45pm, the block will release at 3:00pm and the domain will be able to send emails out once more.

To solve the issue immediately for a domain, we have to remove the following file:

/var/cpanel/email_send_limits/max_deferfail_exampledomain.com

and restart the exim service. Please note, this will need to be done by a system admin with root permission to server.

19 Nov

Manage Email Account

You can easily create e-mail accounts from your hosting account’s Control Panel (cPanel). Here is what you need to do:

  • Step 1: Log into your cPanel
  • Step 2: Once at the main page, click on the Email Accounts icon.

  • Step 3: In the fields provided, type the name of the account, the password and the disk space you would like to assign to the mailbox.

  • Step 4: Click on the Create Account button to create the mailbox.

You will be taken to a page which asks you for confirmation. Click on Yes to create the mailbox.

 

How to remove mail accounts

 To delete a mail account, simply click on the Delete button next to it.

You will be taken to a page which asks you for confirmation. Click on Yes to delete the account. If you want to change password or quota of a previously created account then use the Change Password and Change Quota option.

20 Sep

Learn: About Web Accessibility [VIDEO]

Photo via itjil

Web accessibility and web design go hand in hand. If you’re creating a website, it must be  accessible to those with disabilities, as well as cross-browser compatible. Sure, this isn’t breaking news, it’s still required learning for designers/developers of all stripes.

Here’s a free introductory tutorial on learning web accessibility from treehouse, an online school that teaches technology. They’ve got loads of (paid) courses that will get you up to speed on a wide variety of design and development topics, such as creating a web app, starting a business, or building a website.

Part 1 of 16 of their web accessibility tutorials series is below, and you can watch the rest of the videos in order right here.