Tricks and Trips

Sometimes it's necessary to make sure your website’s visitors use the SSL/TLS encrypted connection. If you’re not familiar with SSL/TLS and would like to know more please review our article “What is SSL and Why is it important?”

Forcing visitors to use SSL/TLS can be accomplished through your .htaccess file using mod_rewrite and will invoke HTTPS (HTTP Secure) protocol.

Important:If you have existing code in your .htacess, add this above where there are already rules with a similar starting prefix.

1) To force all web traffic to use HTTPS insert the following lines of code in the .htaccess file in your website’s root folder.
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
Be sure to replace www.yourdomain.com with your actual domain name.

2) To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website's root folder:
RewriteEngine On 
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
Make sure to replace example\.com with the domain name you're trying force to https. Additionally, you need to replace www.yourdomain.com with your actual domain name.

3) If you want to force SSL on a specific folder you can insert the code below into a .htaccess file placed in that specific folder:
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} folder 
RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]

Make sure you change the folder reference to the actual folder name. Then be sure to replace www.yourdomain.com/folder with your actual domain name and folder you want to force the SSL on.

When preparing for SSL, ensure that your site does not use absolute paths. For example, if you call an image called 'logo_full_animation.gif', then it should just be called with a relative path. This means in your code, you just have to place the part of the path from where the calling file is. If the image is in a folder named images, and your page is in the primary folder, then you only have to place '/images/site/company_logo/gif/logo_full_animation.gif' as opposed to 'http://cfts.co/images/site/company_logo/gif/logo_full_animation.gif'. You can use http://whynopadlock.com. to test and check that your site has installed and is using the SSL/TSL certificates correctly.
on Saturday July 14 by Peter Atkin
Was this helpful?

So you’ve finally sorted out that website for your business. You’ve chosen the perfect domain name, created (or hired someone else to create) the perfect design and now it's online and ready for customers. A lot of work has gone into it and you have it all backed up just in case something should go wrong…don't you?

Backing up your website regularly is incredibly important. For a start, think of all the time, planning and money that went into getting it online in the first place. Every image was chosen for a reason, hours of thought and effort went into every passage of text. Not to mention the stressful task of planning, designing and re-designing your layout over and over again. How much would it cost you to do that all over again? Can you even remember exactly where and how everything was? Chances are you can’t, particularly if your site has been up and running for a while.

There are numerous reasons why your site should be backed up regularly, and preferably in more than one location. All of these reasons are different but all could cause equal devastation to your website, your business and your revenue. Here are just a couple of the most common occurrences which could be disastrous without a backup.

It’s all too easy to accidentally hit delete, particularly when more than one person has access to your control panel. Can you imagine clicking the wrong button and inadvertently deleting your entire site? Your content, contacts, orders…all gone. Rebuilding it all would be a nightmare, very expensive and damaging to your reputation if and when orders are not fulfilled.
In this day and age, website content tends to be updated quite regularly. Keeping your backups up to date will make this process a lot easier and ensure that you can restore the most recent version of the site with minimal disruption. If, for example, your site contains a forum or discussion board, your members won’t be too pleased after some planned updates that all of their posts, photos etc are gone. Another potentially catastrophic event.
Basically, what it comes down to is that you and your business are risking a lot by not backing up your site. Think again about how much time, effort and money would be involved in rebuilding everything from scratch. It’s almost certainly a lot easier and cheaper to back it up.

The next question is how? Luckily, as well as being incredibly important, creating a backup is incredibly easy. All you need to do is access your control panel, enable backups and select the most appropriate option. Simple!

If you’re still unsure about why or how to back up your website, give us a call on 0414-533784 and we will be more than willing to help you out.

on Friday July 20 by Peter Atkin
Was this helpful?

Time synchronization is an important aspect for all computers on the network. By default, the client's computers get their time from a Domain Controller and the Domain Controller gets his time from the domain’s PDC Operation Master. Therefore the PDC must synchronize his time from an external source.

Before you begin, don’t forget to open the default UDP 123 port (in- and outbound) on your (corporate) firewall. I required our time sources between our storage devices, firewall and PDC to be synced, so now all devices get there time synced from the same source

  1. First, locate your PDC Server. Open the command prompt and type:
    netdom /query fsmo
  2. Log in to your PDC Server and open the command prompt.
  3. Stop the W32Time service:
    net stop w32time
  4. Configure the external time sources, type:
    w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org”
  5. Make your PDC a reliable time source for the clients. Type:
    w32tm /config /reliable:yes
  6. Start the w32time service:
    net start w32time
  7. The windows time service should begin synchronizing the time. You can check the external NTP servers in the time configuration by typing:
    w32tm /query /configuration
  8. Check the Event Viewer for any errors.

his is what worked for me on our 2008R2 Standard SP1 Server:

Another way for line item 4.
w32tm /config /syncfromflags:manual /manualpeerlist:time.nist.gov /update /reliable:yes

I then did a query using:
w32tm /query /status

Leap Indicator: 0(no warning)
Stratum: 2 (secondary reference – syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.3060097s
Root Dispersion: 7.7757678s
ReferenceId: 0x808A8DAC (source IP: 128.138.141.172)
Last Successful Sync Time: 12/22/2012 9:44:22 PM
Source: time.nist.gov
Poll Interval: 6 (64s)

on Saturday July 21 by Peter Atkin
Was this helpful?

Windows firewall allows access to ports and applications individually or in combination depending on your requirements.

The quick and easiest way is: Under Windows Control Panel, open the Windows Firewall applet, Select the Exceptions tab, Add each of the following executables as per 'Executables as Exceptions' list below, not very fine grained but will do the job.

Assuming a default configuration, the following ports are required (depending on which services you want to make publicly available). All ports are TCP, unless otherwise stated.

Executables as Exceptions Default Location (Version 18) Default MDaemon Ports
AVUpdate.exe
clamd.exe
CFEngine.exe
MDaemon.exe
MDSpamD.exe
WorldClient.exe
WebAdmin.exe
MDUpdater.exe
WCXMPPServer.exe
\MDaemon\SecurityPlus
\MDaemon\SecurityPlus\ClamAVPlugin
\MDaemon\App
\MDaemon\App
\MDaemon\SpamAssassin
\MDaemon\WorldClient
\MDaemon\WebAdmin
\MDaemon\App
\MDaemon\XMPPServer
25
587
336
465
80
443
110
143
995
993
53
1000
444
3000
443
4069
3101
SMTP
MSA
ODMR
SMTP SSL
ActiveSync
ActiveSync SSL
POP3
IMAP
POP3 SSL
IMAP SSL 
DNS
Remote Administration
Remote Administration SSL
WorldClient
WorldClient SSL
Minger UDP
BES

Ports may vary depending on how MDaemon and the firewall is set up, also what functions and features in MDaemon are in use.

Note that various parts of MDaemon interact using sockets to localhost IP addresses, if using a software firewall, do not block any traffic to/from 127.0.0.1 this may include SpamAssassin, WorldClient, BES and other features.

Alt-N recommends that the \MDaemon directory be excluded from any/all third party scanning or monitoring applications.

Some usful links.
http://help.altn.com/mdaemon/en/index.html?default-domain-and-servers_ports.htm
http://help.altn.com/mdaemon/en/index.html?wc--https.htm
http://help.altn.com/mdaemon/en/index.html?wa--https.htm

on Monday October 01 by Peter Atkin
Was this helpful?

You might get into a situation where you have really screwed up your LVE (lightweight Virtual Environment), here is a quick way to reset them, the best way is to create a new ve.cfg file with the following default content, within an ssh or terminal session with root privileges. 

Backup the original config just in case

mv/etc/container/ve.cfg /etc/container/ve.cfg_back

Make a new config

nano /etc/container/ve.cfg

copy paste (as text only) this into the new config

<lveconfig>
<system>
<ubc enabled="false"></ubc>
</system>
<defaults>
<cpu limit="100"></cpu>
<ncpu limit="1"></ncpu>
<io limit="1024"></io>
<mem limit="0"></mem>
<pmem limit="262144"></pmem>
<nproc limit="100"></nproc>
<other maxentryprocs="20"></other>
</defaults>
</lveconfig>

Save and exit then apply the new config settings using the cmd line below.

lvectl apply all

This is exactly as I have done it works a treat with CloudLinux 7.x, yep I screwed up too.

on Monday October 29 by Peter Atkin
Was this helpful?

Cybersecurity threats pose significant risks to businesses, particularly those that have poor security measures in place.

The vast majority of all breaches happen to small and medium-sized businesses, and most of the breaches could have been prevented with current technology.

If you are responsible for protecting your data and confidential information from hackers and other cyber threats, take the time to review these best practices. It could make the difference in guarding against potentially ruinous data theft or privacy invasions.

Security Awareness

Train your users - often! Teach them about data security, email attacks, and your policies and procedures. We offer training security and policy training.

Advanced Endpoint Detection & Response Protect your computer's data from malware, viruses and cyber attacks with advanced endpoint security. Today's latest technology (which replaces your outdated anti-virus solution) protects against file-less and script-based threats and can even rollback a ransomware attack.

Updates

Keep your firmware and software updated, we provide a “critical update” service via automation to protect your computers and servers from the latest known attacks.

Antivirus / Malware

Choose your software with care, not all that glitters is not gold, for our recommendations see here

Passwords

The stronger the passwords you use are, the more secure you will be against potential cyber attacks. we made a short introduction to strong passwords here:

Firewall

Make use of services and rules for both in and outside threats, most people only think about outside threats coming in but with communications today, IM, email, social media, USB the threat is just as likely to come from inside, assume the worst.

If you have a UTM (Unified ThreManagementmnt) device a good start is to deny sites based on content as well as know security risks.

Encryption

Whenever possible, the goal is to encrypt files at rest, in motion (think email) and especially on mobile devices.

Spam Email

Secure your email, the majority of attacks originate in/via your email, there are several steps to securing this medium, and they start at the domain level then work your way inwards, see here for more info on that.

Backup

I cannot stress this enough, Backup local. Backup to the cloud. Have an offine backup for each month of the year. Test your backups often, if your aren’t convinced your backups are working properly call us,

Multi-Factor Authentication

Utilize Multi-Factor Authentication whenever you can including on your network, banking websites, and even social media. It adds an additional layer of protection to ensure that even if your password does get stolen, your data stays protected.

Web Gateway Security

Internet security is a race against time. Cloud-based security detects web and email threats as they emerge on the internet, and blocks them on your network within seconds – before they reach the user.

Mobile Device Security

Today's cybercriminals attempt to steal data or access your network by way of your employees' phones and tablets. They're counting on you to neglect this piece of the puzzle. Mobile device security closes this gap.

Stay Current

Moving industry news can cover plenty of relevant topics, including online safety concerns. This is why you should always make sure that you follow industry trends and news. Stay informed about the latest incidents with malware and by doing so, it will be all the easier to take necessary measure to protect your business from cyber attacks.

Security Assessment

It's important to establish a baseline and close existing vulnerabilities. When was your last assessment?

call us Tel: +256-(0)414-533784 or email support at for more advice or help.

Dark Web Research

If you can, Knowing in real-time what passwords and accounts have been posted on the Dark Web will allow you to be proactive in preventing a data breach. We scan the Dark Web and take action to protect your business from stolen credentials that have been posted for sale.

SIEM/Log Management

(Security Incident & Event Management)
Uses big data engines to review all event and security logs from all covered devices to protect against advanced threats and to meet compliance requirements.

on Wednesday November 14 by Peter Atkin
Was this helpful?