The issue does not affect vBulletin 3.x.

To improve the security of your vBulletin 4 installation please download the patch from the members area of vBulletin: http://members.vbulletin.com/
We recommend you install this security patch as soon as possible.

The upgrade process is the same as previous patch level releases – simply download the patch from the Members’ Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required.

Technorati Tags: vBulletin security patch, vBulletin v4

Note that logging in without a password is logged as a failure. This results
in the security log filling up very fast if you log failures and have a user
without a password. The result is you can not login normally. Also note, not
having a password is a potential and probable security risk.

The event log can be viewed by going to Start | Control Panel | Performance
and Maintenance | Administrative Tools and click on Event Viewer.

The Event Log (Security) noting a successful logon and logoff by a remote
user. The user can highlight a log entry and right-click to view the event
Properties for detailed information.

Look in the Security Event Log for a Logon/Logoff Event 528 and Logon Type
10.

The free Microsoft Port Reporter tool provides for additional logging.
Description of the Port Reporter Parser (PR-Parser) tool
http://support.microsoft.com/default…b;en-us;884289

Availability and description of the Port Reporter tool
http://support.microsoft.com/kb/837243

Technorati Tags: Best UK Server Hosting, Event Viewer logs, Managed UK Dedicated server, UK windows web hosting, Windows 2008 Dedicated server, Windows Security Settings

cPanel PCI Compliance Step 1

First thing first, run a package update.

yum -y update

If it installed a new kernel, reboot the server so the new kernel takes affect. If its a live production server you may want to wait until an off-peak hour to do the reboot and continue with this article.

cPanel PCI Compliance Step 2

Now that you have the OS packages secure, its time to setup a firewall if you don’t have one already.

A good free IPtables based firewall is the APF (Advanced Policy Firewall) firewall from RF-X Networks, you can download that here:

wget http://www.rfxn.com/downloads/apf-current.tar.gz

While your at it, get and install the BFD (Brute Force Detector) and LSM (Linux Socket Monitor) which are also available on the RF-X Networks site.

The main things you want to configure are the allowed ports in the APF config file, both ingress AND egress, and then you want to setup an ACL by using the allow and deny hosts files that come with APF. For the ACL’s you want to block everything you don’t want public access to, but still need certain IPs to access. For example SSH, cPanel, WHM, and maybe webmail. For example your allow line for cpanel will look like this:

tcp:in:d=2083:s=123.123.123.123

Noticed, we used port 2083 and not the insecure cpanel port 2082, which we have blocked in the APF config file. And then so you have a deny from all that are not explicitly allows, add this to the deny hosts file:

tcp:in:d=2083:s=0/0

The reasoning behind this is to not even give anyone a chance to get in, if #1, they have your password, #2, they are trying to brute force their way in, #3, there is an exploit in which they are able to bypass the authentication means.

cPanel PCI Compliance Step 3

Back to Linux hardening, you want to do a few things here, first disable any unused packages/services, for example cups and portmap, delete any unneeded users, disable shell for any users that don’t need it in /etc/passwd.

You also want to change the SSH port, disable SSH version 1, and disallow direct root login:

pico /etc/ssh/sshd_config

Remember to allow the new SSH port in the APF config file, and add an underprivileged user to the wheel group, so you can su to root. and then restart the firewall and sshd.

cPanel PCI Compliance Step 4

Run a couple cpanel scripts, the first upcp, and the second easyapache. For upcp its recommend to use the “current” build, this is set in the update config in WHM.

/scripts/upcp

Remember to run upcp before running easyapache

/scripts/easyapache

When running easyapache, select the latest apache and PHP versions, and also ensure the following PHP options are checked:
CGI
Mod suPHP
suhosin fo PHP
Mod Security

This will ensure the most secure way to run PHP.

cPanel PCI Compliance Step 5

Install a ModSecurity rule set, ModSecurity, your layer 7, Web Application Firewall (WAF) is only as good as the rule set you are using. GotRoot.com is a good place for free ModSecurity rules.

wget http://www.gotroot.com/downloads/ftp/mod_security/apache2/apache2-gotrootrules-latest.tar.gz

Download, untar and install the different rules files, and then test and edit if needed.

cPanel PCI Compliance Step 6

The next step is to disable dangerous and PCI unfriendly PHP functions. For example a phpinfo page will cause you to fail a PCI scan. You disable line should contain at least the following functions:

phpinfo,passthru,shell_exec,system,proc_open,popen,curl_multi_exec,
show_source,escapeshellarg,escapeshellcmd,inject_code

cPanel PCI Compliance Step 7

Now its time to go to WHM. There are a number of built-in WHM security features, and PCI friendly features.
Going down the list on the left hand side of WHM you want to look at:

Apache mod_userdir Tweak – Here Check “Enable mod_userdir Protection” and click save
Compiler Access – Click “Disable Compilers”
Configure Security Policies – Check the first 3 and next 2 if necessary, and click save
cPHulk Brute Force Protection – Enable cPhulk, and under White/Black list Management enter your IP(s)
Password Strength Configuration – Set this to 100
PHP open_basedir Tweak – Check “Enable php open_basedir Protection.” click save
Shell Fork Bomb Protection – Click “Enable Protection”
SMTP Tweak – Click “Disable”

Apache Configuration–>Global Configuration
- For SSLCipherSuite Change the + by Medium to a -, you line should look like this “ALL:!ADH:+HIGH:-MEDIUM:-LOW:-SSLv2:-EXP”
- Set TraceEnable and ServerSignature to Off
- Set ServerTokens to ProductOnly
- Set FileETag to None
- For Directory ‘/’ Options uncheck “indexes”

Now click save, then click Rebuild Configuration and Restart Apache
For Manage Service SSL Certificates, make sure all your services have a valid SSL cert
Under Service Manager, disable any services you don’t need, for example if you don’t have your database on this server, disable mySQL, if you don’t use it for email, disable the email related services

cPanel PCI Compliance Step 8

In order to pass a PCI scan your server must have at least one SSL certificate signed by a recognized certificate authority, and any services using SSL need to be using a certificate as well. Buy a decent 128 / 256 bit  SSL certificate and install it not just for Apache, but also for all of your active services. WebHost Manager has a section for installing service SSL certificates to make this process easier.

cPanel PCI Compliance Step 9

Finally document your versions. A part of your PCI docs file, you should have a screen shot of the version you are running of at least the following:
Apache, PHP, ModSecurity, Linux Kernel, CentOS, OpenSSH, and OpenSSL. Your output will look something like this:

root@server [/]# httpd -v
Server version: Apache/2.2.17 (Unix)
Server built: Dec 14 2010 17:23:57
Cpanel::Easy::Apache v3.2.0 rev5277

root@server [/]# php -v
PHP 5.3.4 (cli) (built: Dec 14 2010 17:30:39)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with the ionCube PHP Loader v3.3.20, Copyright (c) 2002-2010, by ionCube Ltd.
with Suhosin v0.9.32.1, Copyright (c) 2007-2010, by SektionEins GmbH

root@server [/]# uname -r
2.6.18-194.32.1.el5

root@server [/]# cat /etc/redhat-release
CentOS release 5.5 (Final)

root@server [/]# cat /home/cpeasyapache/src/modsecurity-apache_1.9.5/apache2/mod_security.c
|grep MODULE_RELEASE |head -1
#define MODULE_RELEASE “1.9.5″

root@server [/]# rpm -qa |grep openssl
openssl-devel-0.9.8e-12.el5_5.7
openssl-0.9.8e-12.el5_5.7

root@server [/]# rpm -qa |grep openssh
openssh-4.3p2-41.el5_5.1
openssh-server-4.3p2-41.el5_5.1
openssh-clients-4.3p2-41.el5_5.1

Since RedHat type operating systems, including CentOS and Fedora, use backporting for OpenSSH and OpenSSL, you may get a false positive on your PCI scan for these. If that happens to you, send the screen shots showing your OpenSSH, OpenSSL, as well as your CentOS version and kernel version to your PCI scanner and let them know your a running a seucre, backported version, and request that they test that version manually.
If your PCI ASV requests more proof you are running a secure version of OpenSSH and OpenSSL, you can send them a screen shot of the following commands, which show specifically what patches have been applied to your version.

rpm -q --changelog openssh | head -50
rpm -q --changelog openssl | head -50

This will produce output similar to:

# rpm -q --changelog openssl | head -50
* Tue Dec 07 2010 Tomas Mraz 0.9.8e-12.7
- fix CVE-2010-4180 - completely disable code for
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462)

* Fri Mar 12 2010 Tomas Mraz 0.9.8e-12.6
- fix CVE-2009-3245 – add missing bn_wexpand return checks (#570924)
(output truncated)

Another common false positive with cPanel servers, is your scan might detect Exim as an open relay, this is because the server will sending the mail headers before authentication, even though a successful authentication is needed before it will allow email to go through. If this shows up on your scan you will want to ask the scanning vendor to test this vulnerability manually.

We hope you have enjoyed this article and found it useful for helping make your cPanel Linux server PCI compliant. Please remember to try and test the steps listed here on a test server before applying them to your production cPanel servers. In addition this article does not cover everything your need to do to be PCI compliant, and it meant to be a starting point, and provide information for a cPanel, CentOS specific server. We plan on bringing your future articles and howto’s to cover the PCI compliant information missing from this article.

Technorati Tags: Best UK Web Hosting 2011, Britain Web Hosting, England Web Hosting, fasthosts Alternative, Godaddy Alternative, London Web Hosting, PCI Compliant, Top UK Web Hosting 2011, UK2 alternative, Web Hosting 2011, WebHosting UK alternative

This release is available for upgrade through the Connect Manager, by download or via SVN. Instructions for installation using the Connect Manager are below.

As this is a Release Candidate we highly encourage extension developers to update their extensions to be compatible with this release.

Some of the key new features in this release include:

* Minimum Advertised Price (MAP Pricing)
* Persistent Shopping Across Devices and Browsers
* Enhanced Order Payment Action for PayPal Express Checkout
* And much more…

To see a full list of features and fixed issues please visit our release notes page. Diff files are available here.

Please report all issues with this release in the bug tracker.

Instruction on upgrading from Magento 1.5.1.0 to this preview of 1.6 using the Connect Manager are as follows:

1. Open Magento Connect Manager by navigating to System > Magento Connect > Magento Connect Manager.
2. Enter your Username and Password that you use to log in to the Admin Panel
3. In Magento Connect Manager, click Check for Upgrades in the Manage Existing Extensions fieldset.
4. When the search for upgrades is complete, the “Upgrade to 1.5.1.0.1” will be listed in the Available column for the Mage_All_Latest package.
5. In the Actions column for the Mage_All_Latest package, select “Upgrade to 1.5.1.0.1” and click Commit Changes.
6. Make sure that package upgrades are successfully installed by viewing the console messages below.
7. Click the refresh button below the console window.
8. Go to the Settings tab at the top of the MCM window.
9. In the Preferred State drop-down field, select Beta.
10. Click Save Settings.
11. Go back to the Extensions tab.
12. In the Manage Existing Extensions fieldset, click Check for Upgrades.
13. In the Actions column for the Mage_All_Latest package, select “Upgrade to 1.6.0.0-rc2 (beta)” and click Commit Changes.
14. Make sure that package upgrades are successfully installed by viewing the console messages.
15. Click the refresh button below the console window.
16. Close the MCM window and refresh your frontend. Your system is now upgraded to version preview 1.6.0.0.

Note that if you recieve a Service Temporarily Unavailable page after refreshing the frontend, you will need to open the Magento installation directory on the server and remove the maintenance.flag file. Then go to Magento var directory and remove the cache directory.  This will take care of the issue.

If you want something that is worth your money, then you should point out something that will help your business to grow. All businessmen are making their money are well secured and safe for their business to become successful. Its okey to save money, but when it comes to the needs of your business. you need to know when and how to spend it.

For this you need to first understand the requirement of your website, it depends on how big or small your business will be and how much daily visitor (traffic ) you expect accordingly you need make a choice weather you required a UK shared hosting,UK Reseller Hosting, UK VPS Hosting or dedicated Server Hosting.

You need to make sure that your business website has a service that is high in quality, because thats what will help you grow online and make money from.Since you are choosing a company that is a bit expensive , you should then expect a high quality service. Of course the cost of the hosting company is not just the bases if it a excellent one or not, you need to check the history of the company for you to be able to know if investing your money in this company is worth it or not . For this you can check reviews of the company on Web Hosting forums, Web Hosting review sites etc. A excellent hosting provider will usually look at your business as their asset which is good, because it only means that your business is vital to them as well.You should also make sure that your hosting provider are using latest hosting technologies, for your to make sure that your business is always updated.

Make sure you are not over charged for your provider, some companies are giving high quality service that is why they charge extra ..it that case its fine as your business will alway be in safe hands.

Technorati Tags: Best business Website hosting 2011, Best Dedicated Servers 2011, Best Drupal Hosting 2011, Best Joomla Hosting 2011, Best Magento Hosting provider 2011, Best reseller Hosting 2011, Best VPS Hosting 2011, Best WordPress Hosting 2011, Excellent UK web Hosting, Excellent Web hosting Provider, UK Web Hosting 2011, Webservers UK

If you respond to this letter, your domain will be transferred to the Domain Renewal Group, and WEBHOSTUK LIMITED will no longer be the registrar for your domain. The Domain Renewal Group charges much more for domains: £20 a year in comparison to our £9.99 GBP a year for .COM/.NET/.ORG domains.

If you receive a letter from Domain Renewal Group, we recommend you ignore the letter and simply throw it away. Here is a sample letter:

The Domain Name System or Servers (DNS), is the way that Internet domain names are located and translated into Internet Protocol addresses. A domain name is a meaningful and easy-to-remember handle for an Internet address. Internet domain names are the names which we use to refer to hosts on the Internet, such as www.webhost.uk.com while internet protocol addresses are the numbers which routers use to move traffic across the Internet, such as 197.71.123.219 DNS is part of the application layer of the TCP/IP reference model. DNS is implemented using two software components: the DNS server and the DNS client (or resolver).

If you have a domain name with www.123-reg.co.uk, and your webhosting is with www.webhost.uk.com (for example), the domain name servers would have to be changed to ns1.webhost.uk.com and ns2.webhost.uk.com. Your domain name needs to “know” where your website files are. By pointing the DNS to the servers of
webhositng uk, your website will be displayed.

Technorati Tags: DNS: Domain Name System or Servers

Digg is a popular social bookmarking and content discovery website. Although site management and maintenance is done the website’s paid staff, everything on digg is submitted by the digg user community. These submissions are subject to peer review and are voted upon by other site visitors. The stories receiving enough diggs is posted on the websites front page, for the millions of digg visitors to see. According to Alexa, Digg is one of the most popular websites on the internet, reaching 1 out of every 100 internet users daily.

How to submit stories?

Submitting stories to digg is very easy. To submit stories you have to be a registered member of the digg, once you have registered and signed in, just click on the option submit story and then enter the URL of the story which you would like to submit. Then enter the title of the story with a short description and select the proper category for the story. You are only allowed to digg only original story and not any duplicate entry.

What can you do as a digg user?

Every digg user can digg (help promote), bury (help remove spam), and comment on stories. You can even digg and bury comments you like or dislike. Digg also allows you to track your friends’ activity throughout the site.

Technorati Tags: What is Dig

A mailserver is a family of programs that answer email automatically. These programs are also called list servers. A good mailserver will be able to filter out spam, and prevent your mailbox from being clogged. A mailserver can be installed on the main Web server, or on a separate server.

It has two programs installed: Sendmail program and POP program

1) Sendmail Program

This program allows the mailserver to process outgoing email. If an email address does not exist, the mailserver will return the mail to the sender.
If the sender sends the mail to a particular email address and if that email address does not exist then the mailserver send the mail back to the sender.
If any technical problem arises during the mail delivery, the mail might be returned back to the sender. In all cases in which mail is returned, it arrives with an explanation or error code. By reading the error code you can determine why the mail failed to reach its destination.

2) POP  Program

The POP (Post Office Protocol) program collects incoming email. As it receives mail, it creates a single text file of accumulated messages for each email address. If the end-user has configured his or her email client to delete mail from the server upon collection, the mailserver’s text file is wiped when the mail is collected. Some people, however, store email on the mailserver. This is not only a privacy concern, but can also lead to malfunctions on the mailserver when text files become too lengthy.

Technorati Tags: What is Mailserver

* Who is visiting our Web site * What browsers do they use?
* Where do they go in the site * What pages do they look at?
* How long they stay at our site? etc.

The answers to these questions would be found in  Server log files

A server log is a file (or several files) automatically created and maintained by a server.
Your Web server log files contain much useful information such as :

• Which pages get the most traffic – and the least.
• What sites are referring visitors to you.
• Which pages visitors look at.
• What browsers and operating systems are most popular with visitors.
• When search engine spiders and directory editors visit.

This information often helps webmasters to figure out problems on our web site. Using log file we get detail information of our visitors. Once we know from where we are getting targeted traffic then it becomes easy for us to take necessary steps for maintaining and improving traffic from particular search engine.

The server stores visitor information in files with the .log extension, nearly all of the major Web servers use a common format for this log files. These log files contain information such as the IP address of the remote host, the document that was requested, and a timestamp.

The syntax for each line of a log file is:

site logName fullName [date:time GMToffset] “req file proto” status length

Each of the eleven items listed in the above syntax and example are described in the following list.

• site-either an IP address or the symbolic name of the site making the HTTP request
• logName - login name of the user who owns the account that is making the HTTP request. Most remote sites don’t give out this information for security reasons. If this field is disabled by the host, you see a dash (-) instead of the login name.
• fullName - full name of the user who owns the account that is making the HTTP request. Most remote sites don’t give out this information for security reasons. If this field is disabled by the host, you see a dash (-) instead of the full name. If your server requires a user id in order to fulfill an HTTP request, the user id will be placed in this field.
• Date - date of the HTTP request.
• Time - time of the HTTP request. The time will be presented in 24-hour format.
• GMToffset - signed offset from Greenwich Mean Time. GMT is the international time reference.
• req - HTTP command. For WWW page requests, this field will always start with the GET command.
• file-path and filename of the requested file.
• proto-type of protocol used for the request.
• status-status code generated by the request.
• length-length of requested document.

These data can be combined into a single file, or separated into distinct logs, such as an access log, error log, or referrer log. However, server logs typically do not collect user-specific information.

These files are usually not accessible to general Internet users, only to the webmaster or other administrative person. A statistical analysis of the server log may be used to examine traffic patterns by time of day, day of week, referrer, or user agent.

Technorati Tags: Log files