Author: Steve Davis

Beware some domain registration emails

 

I regularly receive an email from confused customers asking “is this email real?” and I always praise them for being wary.  There are many many scams on the internet and I am happy to help sort the scam from the spam and the ham.

This particular email is sent regularly and it can actually be prevented (see below).

fs

The email is skilfully written to be as confusing as possible – note the highlighted line.  It sounds ominous “Failure to complete your Domain name search engine registration by the expiation date may result in cancellation of this offer”.  Well whoopee do!  They may cancel the offer  of registering your domain on search engines…something that is completely unnecessary.

So if you receive this, convert it from scam to spam.

And if you want to not receive this sort of email, for $5.50 per year 123host offers domain privacy which will hide your real email from the scammers.

I am at their mercy…

 

123host users, you do understand that just like you pay me for hosting, I pay for a server.  Just like you count on me to provide certain services, I count on a data centre to keep the server running.

I do the day to day maintenance and tweaks on the server and have a contract with system administrators to do things that are too hard or too scary.  Think of it like you taking care of basic maintenance on your car, but taking it to a mechanic for serious work.

sysadmin

So…what happens when you take your car to your mechanic and when you get it back it makes a noise.  You tell them it is something they did, they say it is the way you drive.  You insist, they keep fobbing you off.  Eventually you demand they do a deeper investigation and gosh, look at that, it was something they did after all.

Similarly this week with the server outage.  My system admins identified the problem as being something going on at the server.  The data centre were adamant it wasn’t at their end.  My system admins dug deeper and were confident of the problem.  I got back on to the data centre and dug my heels in and gosh…look at that, it was a problem at their end.

I am sure you can imagine how infuriating this is.  Most customers maybe don’t notice as I don’t hear from them.  Some customers want to know what is going on and are frustrated but understand.  A few customers are justifiably angry as they are trying to run a business…one decided to quit 123host 🙁 and I don’t blame them, I wouldn’t put up with it either.

I have worked hard to build up a really high level of goodwill at 123host and to have it all undone by someone else was shattering to say the least.

Here’s what happened and you may be shocked at the proposed solution:  At 123host an offsite backup is run 3 nights a week.  That means quite a bit of data is being transferred at the time but it doesn’t seem to cause any problems.  I discovered that the data centre does its own backup every 10 days, that means quite a bit of data is being transferred.  Now imagine if they both happen at the same time!  That a a LOT of data being transferred and starts to look like 20 lanes of cars trying to get onto a 4 lane wide bridge.  If there isn’t any traffic, everyone moves quickly, but we all know what rush hour is like.

traffic

So all this data was trying to transfer and at the same time something happened to their backup that meant it had been running for 6 days or so.  SIX DAYS!  Eventually it caused such a bottleneck that though the server was still running it had effectively closed the bridge to all cars.  It took me hours to convince the data centre that the problem was at their end, eventually someone found the backup process and killed it and within minutes and ever since those cars are streaming across the bridge.

Since I do my own backups I asked them to turn that facility off, but it seems they can’t do that.  I asked “so what do you suggest I do?” and the unbelievable answer was “wait until it happens again and the call us and we will kill the backup”.  I laughed at the person who suggested such an idiotic idea – I won’t call it a solution.

facepalm

Right now I am looking at the options for 123host and it is likely to me moving to a co-located server in partnership with an old friend of mine who also has a web hosting business.  This means that we would own (rather than rent) our own server and only be renting the space in the data centre.  It also requires a much higher level of skill to manage but that is what my server administrators get paid for.

Moving accounts to a new server is not a task to be undertaken lightly, but if we can work it out, it will be the last move for a long time.

Thanks for listening.

Mea culpa

 

Well I am back from my trip to India and it was absolutley fantastic!  Having said that, I can understand why some people would not like the place, it is an assault on all your senses.  At the same time, if you chill and go with the “I am on an adventure” flow, India is an amazing place.  Check out my blog at http://Steve.Davis.net.au.

Apologies for some down and slow time today.  It was all my fault.

Still a little rusty on some things, I misconfigured a setting which effectively made the server fall off the internet.  The problem with DNS issues is that even if you notice straight away (I did) and correct it immediately (I did) the misinformation has been sent out to the world and takes time to be reversed.

It all looks a lot better now, my only disappointment was as part of the attempt to fix I rebooted the server, until then it had been up and running uninterrupted for almost 6 months.

But a working server is more important than an uptime record.

September Newsletter – Delhi Belly edition

 

It’s September edition of the 123host newsletter. As you may have noticed by now I like to come up with a theme and this month is no different. Welcome to the Delhi Belly edition! Spot the bad puns.

Things will be a little loose from September 11th for few weeks as I take a long promised holiday and head to India. I have been to a lot of countries, but this is my first time there. People have warned me that INDIA stands for I’ll Never Do It Again – we shall see.

While I am looking forward to the adventure, I am pretty anxious about 123host running smoothly and the great customer support continuing seamlessly. I will be checking in as often as possible but I didn’t want to spend all my time thinking about tech support when my main worry may be locating the nearest toilet. I’d like to introduce you to David who is going to be looking after you while I am gone. He lives in Northern Queensland and runs a similar business to 123host. We are going to swap skills, down the track I will look after his hosting service when he needs a break. I am confident you will be taken care of as I have reminded him many times about how important customer service is :o)

While David looks after you, I have engaged a server management team to do the technical stuff. I am even going to visit them when I am in Cochin (Western India). I have had a support contract with them for a while for any stuff I couldn’t figure out and they have been fast and efficient. So as long as I avoid their water, things should go well.

Why India? I want to see crazy stuff like this

All you WordPress users take note: WordPress recently upgraded to version 4.3 – it is really important that you make sure your installation is up to date. If not and your site is compromised via a known exploit I am afraid my willingness to help sort you out may be less than enthusiastic. On the other hand, if you are up to date and your plugins are all updated I will do what I can to help clean up the mess.

Last newlestter I explained about a new spam filtering thingy known as greylisting. I am interested in feedback on whether you have noticed any difference – I have. Gmail keeps spam for 30 days before automatically deleting it. A month ago there was 9,000+ items in my spam folder…yes over 9,000 – crap! As I am typing this the current count is less than 5,500 – so I am down by about 30%. This is good.

There can be side-effects though. A couple of people have contacted me about weird bounce emails so an explanation of how this works is in order. When an email comes in, the 123host mail server says to the sending mail server “Sorry, not available right now, try again” – this is a legitimate response from a mail server. Most spam comes from compromised servers so when 123host tries to contact the sending mail server and fails, the spam is never re-delivered. If it is genuine email then the sending mail server gets the ‘busy’ message and trieds to deliver the email again. This time and for the next 10 days 123host will accept it without checking. Some mail servers (it is pretty unusual) will report to the sender “your email has been delayed and will be retried” and people somethimes think it means their email has bounced. So if you have someone say “your email bounced” do check with them whether or not it was just a warning about the email being delayed.

Why India? Bad Bollywood

As you may have noticed, unlike most hosting companies, I am pretty easy going with things like bandwidth and disk quotas. Bump the limit and most often I will give you a bit more resources. But there is one area where I am Mr Tough Guy (TM) and that is security. If anything you do – or someone else tries to do – on your account will affect the entire server I will step in quickly and maybe even automatically to limit any collateral damage. I know I have mentioned before and remind you that the server and your account is under constant pressure from people trying to get past logins.

I have a security setting that will automatically block an IP address via the firewall if there are more than 20 failed login attempts in 3 minutes. This has some explosive side effects. If you fail to login that many times via email or wordpress or wherever, your IP address will be blocked. You won’t be able to access your own site or anything else on the server. It is easy peasy for me to fix: if you can’t get in and you also can’t see 123host.com.au head to WhatIsMyIP.com and send me your IP address in a support ticket. Like me in India, you will be quickly unblocked.

I hope your online adventures are still fun.

If you are midly interested in following my adventures:  http://Steve.Davis.net.au – in progress…

After all that typing I am pooped.

Getting spam under control – hopefully

 

I have implemented a new spam control system at 123host and in 12 hours I have already seen how effective it seems to be.

The system is known as ‘grey listing’ and here is how it works:  the 123host mail server will pretend it is busy and temporarily reject any email from a sender the server does not recognize.  The sending server will then try to send it again.

Spam usually fakes where it has come from, so the the (faked) originating server responds with “don’t know what you are talking about, there is no such email to resend” and the offending email is not accepted, much less delivered.

On the other hand, if the email is legitimate, the originating server will wait a short while and then try again, this time the 123host server will accept the email and remember the sending server for 7 days.

This has nothing to do with content or email addresses, it is simply testing the authenticity of the sending server.  It isn’t foolproof but it is already working well as far as I can see.

Gmail holds spam for 30 days before it is deleted, this is my mailbox today 😛

spam

I receive about 10 spam emails every hour!  The good thing is that gmail has a fantastic spam filter.  I see maybe one spam per day in my inbox and haven’t spotted a false positive (not spam classified as spam) in a couple of weeks.  TRIVIA:  Bad emails are known as spam, good emails are known as ham.

Since I started greylisting this morning, I would have expected to receive about 120 spam emails.  In fact I have ‘only’ received about 30.  Still a lot, but a 75% reduction is remarkable.  And I imagine that for people who receive less spam it is more noticeable.

If anything unusual seems to be happening with your incoming email (apart from less spam – which is unusual), please let me know by opening a 123host support ticket.  I forgot to mention in the newsletter that you can edit the Configure Greylisting configuration in the mail section of cpanel.  But it is limited to enabling or disabling it for a specific domain.

spam100

123host.au updated

 

When I first started 123host I did all the billing and management manually, it wasn’t too hard since most accounts belonged to me, friends and family and there wasn’t much money involved 😛

tt wasn’t long before it started to get out of hand so I bought some software, that despite being a bit quirky, does a great job of automating much of the work.

Good news is that there was a major upgrade recently, particularly in the client area which from my initial play (I don’t use it much myself) seems much easier to use.

Even better is that many email related functions have been replicated in the client area so you hardly need to go into that big scary cpanel any more.

At the 123host home page log in via the link in the top right corner.  Use your email address and the password you received when you created your account – this is not your hosting password or if you are using it, your WordPress password.  So many passwords…sigh…

Click Services and then My Services in the dropdown menu

myservices

 

 

 

 

Next select the hosting package you want to work on, though most people will only have one

choosedomain

 

 

And either celebrate or be intimidated by the new array of choices

clientarea
The quick shortcuts and quick create an email account are the most commonly used functions.  If you don’t undestand any of them you would do well to leave them alone, though if you want to look but don’t touch that is a good way to learn.

I am always happy to help you with anything you are not sure of.

На жаль українці (Sorry Ukrainians)

 

As is my usual pattern, when I wake up I grab my Android tablet and check emails and the server to make sure everything is OK.

This morning there was not a single email!  Most unusual and I panicked, but all that was happening was that there wasn’t a single email – joy!

Then I checked the load on the server.  As explained in an earlier post anything under 4.0 is good, more than that and there is a bit of a traffic jam with requests being processed.  My usual routine of checking up on everything from the comfort of my warm bed was shattered when I saw that the load was 70.0!  CRAP!

load

Ouch!

Out of bed, start computer and check what is going on – at least it wasn’t too cold.  I find that the server is getting hammered from the Ukraine with someone trying to get into lots of wordpress blogs via their /wp-admin link.  First thing I do is block that IP address and within seconds the load starts dropping and it is back at 2.6 pretty quickly.

In the middle of all this I receive an email from WordFence about the same IP address:

A user with IP address 195.154.236.232 has been locked out from the signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 20. The last username they tried to sign in with was: ‘Admin’

Couple of things about this; Wordfence seems to be a good idea and I am glad I recommended (and implemented) it.  ‘admin’ is a bad username for WordPress.

Then I ask myself a question “Seriously, how many people from the Ukraine are going to visit websites on my server?”  Likely none, so I blocked a range of IP addresses and hope that will keep them at bay for a short while :o(

Sorry Ukrainians

Geekiness warning:  Here is what the auto blocking software log looks like.  It shows why addresses are blocked & where they are from. SMTP AUTH is people trying to send spam through the server and failing authentication.

124.106.69.117 # lfd: (smtpauth) Failed SMTP AUTH login from 124.106.69.117 (PH/Philippines/-): 10 in the last 3600 secs – Sun Jun 28 05:51:51 2015
217.76.70.48 # lfd: (smtpauth) Failed SMTP AUTH login from 217.76.70.48 (KZ/Kazakhstan/-): 10 in the last 3600 secs – Sun Jun 28 05:53:46 2015
178.168.197.242 # lfd: (smtpauth) Failed SMTP AUTH login from 178.168.197.242 (BY/Belarus/-): 10 in the last 3600 secs – Sun Jun 28 06:05:07 2015
125.40.219.238 # lfd: (ftpd) Failed FTP login from 125.40.219.238 (CN/China/hn.kd.ny.adsl): 10 in the last 3600 secs – Sun Jun 28 06:05:52 2015
1.53.190.176 # lfd: (smtpauth) Failed SMTP AUTH login from 1.53.190.176 (VN/Vietnam/-): 10 in the last 3600 secs – Sun Jun 28 06:18:12 2015
125.63.66.243 # lfd: (smtpauth) Failed SMTP AUTH login from 125.63.66.243 (IN/India/125.63.66.243.reverse.spectranet.in): 10 in the last 3600 secs – Sun Jun 28 06:39:48 2015
46.216.31.232 # lfd: (smtpauth) Failed SMTP AUTH login from 46.216.31.232 (BY/Belarus/-): 10 in the last 3600 secs – Sun Jun 28 06:43:27 2015
5.39.223.29 # lfd: (smtpauth) Failed SMTP AUTH login from 5.39.223.29 (NL/Netherlands/-): 10 in the last 3600 secs – Sun Jun 28 06:47:05 2015
195.154.236.232 # Manually denied: 195.154.236.232 (FR/France/195-154-236-232.rev.poneytelecom.eu) – Sun Jun 28 06:58:31 2015
37.213.233.53 # lfd: (smtpauth) Failed SMTP AUTH login from 37.213.233.53 (BY/Belarus/-): 10 in the last 3600 secs – Sun Jun 28 07:02:21 2015
86.98.4.198 # lfd: (smtpauth) Failed SMTP AUTH login from 86.98.4.198 (AE/United Arab Emirates/-): 10 in the last 3600 secs – Sun Jun 28 07:04:11 2015
178.125.50.31 # lfd: (ftpd) Failed FTP login from 178.125.50.31 (BY/Belarus/mm-31-50-125-178.mfilial.dynamic.pppoe.byfly.by): 10 in the last 3600 secs – Sun Jun 28 07:05:37 2015
176.219.134.37 # lfd: (ftpd) Failed FTP login from 176.219.134.37 (TR/Turkey/-): 10 in the last 3600 secs – Sun Jun 28 07:22:32 2015
173.208.222.98 # lfd: (smtpauth) Failed SMTP AUTH login from 173.208.222.98 (US/United States/-): 10 in the last 3600 secs – Sun Jun 28 07:41:04 2015
169.159.118.240 # lfd: (smtpauth) Failed SMTP AUTH login from 169.159.118.240 (NG/Nigeria/-): 10 in the last 3600 secs – Sun Jun 28 07:50:25 2015
46.29.255.122 # lfd: (smtpauth) Failed SMTP AUTH login from 46.29.255.122 (US/United States/ptr122.ctreplacementswindows.com): 10 in the last 3600 secs – Sun Jun 28 07:50:30 2015
37.208.170.201 # lfd: (ftpd) Failed FTP login from 37.208.170.201 (QA/Qatar/-): 10 in the last 3600 secs – Sun Jun 28 07:52:10 2015

Rules

 

I am not very big on authority.  Ms 123host constantly points out how I love breaking rules.

So I am pretty easy going with most 123host rules.

If you are hosted with anything other than a small hosting company you can expect rules to be enforced without exception, without review, without any human intervention.  It is all automatic, they don’t care much about individuals and their circumstances.

I am different.  I rarely enforce bandwidth or quota limits, I will give you a bit more or look to see what is causing excessive use.  Until it gets out of hand I am willing to cut customers a bit of slack, it is part of the 12ehost great service philosophy and engenders loyalty and good word of mouth.

So it always pains me to have to write a “last chance” email letting someone know that if they don’t pay a month overdue invoice I am going to delete all their hard work.

The truth is that if she got back to me and said anything – “my mother is sick”, “I am having a baby”, “the dog ate my PayPal account” – I would be open to working something out.  Silence is the problem.

But there is one area I don’t compromise, security.  If your site in any way compromises the server it will be suspended.  Yes, I will work with you to figure out the problem, but security rules.

Them’s the rules.

Why it sometimes takes a while to solve a problem

 

Everyone wants their problems solved NOW!  Me included.

Web server management is a pretty complex thing.  There is a lot of stuff to know and learn and tweak.  Some things you do often enough that it becomes second nature, other things need a bit of reference work.

A customer whose email password is failing is a frequent issue.  They have often forgotten their password or something like that.

But imagine when email keeps failing and the password is reset and it still fails and everything looks 100% perfect and it still fails.

If there is one thing I am good at in life it is trouble-shooting.  I have a knack for being able to track through the steps of a problem and find what is wrong.  I can’t even explain how I do it, but I can.  Don’t assume that means I can also fix it, but at least know why it isn’t working and that is a good start.

So this password just won’t work.  Then I have an idea.  What if it is something about the actual password?  So I reset her mail password to something easy and BINGO! she gets into mail.

We went back to the original password which was something like Jumpy05#&* and working with the customer logging into webmail, started building the password

Jumpy05 - worked
Jumpy05# - worked
Jumpy05#& - failed!

Aha!!! Talk about obscure.  Who would have ever guessed that?  The fix, obviously, was a new password without an & in it.

By the way, not withstanding the error, that is an example of a good password. It might be memorable to you because of Jumpy (dog’s name) 05 (your birth date) and 3 symbols.

Still trying to discover why the & failed, haven’t had any answers in forums where I have asked.