You can see image sizes using right click and Properties in both Internet Explorer (Right Click  Properties) and Firefox (Right-click View Image Info).  In Chrome, the easiest way to see an image size is to install an Extension to View Image Properties – there are quite a few options there (I used this one).

The old Windows XP powertoy resizer allowed you to right click on an image and resize it very quickly and easily, if you needed smaller size images for the web. Unfortunately it no longer works on Windows 7. However, the powertoy has been rewritten for Windows 7 and made publicly available.

Resizing the easy way …

To resize images the easy way, you simply:

• Download and install the resizer program first from http://imageresizer.codeplex.com/
• right click the image in your Windows folder,
• choose Resize Image
• select Medium or Small, or choose a specific size if you need one

If you still have XP, you may like the Windows PowerToy which you can find by Googling for "Windows PowerToy Resizer".

More options with the powerful Gimp tool …

Alternatively, you may want to use the much more powerful (and more complex) free software "Gimp" which is described in Haleemon's article at Resizing images for your website.

You can install this very easily using the installation system at www.ninite.com – tick "Gimp" then click the green download button and follow prompts from there!

After a 3 month upgrade and expansion program affecting many of our servers, we’re super excited to be able to announce that we will be doubling our disk space allocations on all hosting accounts, both new and old.

This disk space upgrade will be applied to all accounts across all of our servers over the course of the next month. In the meantime, if your account is running low on disk space, let us know by sending a quick email and we'll bump you up immediately.

You may be interested to know that one of the reasons this took a while to execute was that we keep something like 16 – 20 copies of your site in various forms of backup.

This is our way of thanking each and every one of you for being a White Dog Green Frog customer. We truly value your business.

Enjoy the extra space!

Some of you will have read of the recent demise of long term Australian company, Distribute IT. Vandalized by hackers in early June 2011, they were unable to get themselves back online and ended up selling to a larger registrar. Distribute IT were no small fish in the industry, with over 10,000 hosting customers and some 200,000 Australian domains.

So what went wrong? Firstly, the hack was unusually malicious, with the hacker partially formatting the system hard drives on all of Distribute IT's servers. Further, as time progressed, it emerged that Distribute IT had no available backups, possibly because they had been minimal and had all been hacked. It also appeared that their system and backup design had not allowed for emergency recovery scenarios. Additionally, Distribute IT struggled to communicate with customers who became increasingly desperate for information on their websites and email as hours stretched into days ,and days stretched into weeks, with little news or progress visible.

The invisible – and what it means to you as a customer

What can we take away from this episode?

• backups are really important – and they must be guarded against hacking
• security is important
• good simple system design can save a lot of issues – and requires real, on-the-ground expertise from your host

• it's worth paying – driving the price to bottom dollar will result in important loss of services, invisible until a serious problem occurs – then devastating in consequence
• Make regular backups – how often depends on how much your website changes

• all disks are redundant
• we run an intelligent firewall which, mostly invisibly, blocks a lot of hacking attempts
• all sites are backed up, on most servers in several ways

MX records, as some of you would already know, provide a DNS-based prioritized fallback method for email servers.  The idea is that it is possible to supply a list of servers that will accept your email, where the lowest number MX server is tried, then the next, and so on until a valid connection is made and the email is then sent over that connection.

For years, conventional wisdom has stated that having a secondary MX server as a backup for your primary server is a really good idea, however, I disagree …

I actually think backup MX servers are a huge risk as they tend to LOSE email over time.  How this happens is like this:

• The backup MX is setup
• Time passes, without the MX getting used
• Something goes wrong on the backup MX so that email gets dropped
• The main MX goes down, and email sent to the backup is dropped mercilessly and silently before it is discovered

When an email server goes down, internet email protocols dictate that the sending servers must hold on to messages and retry sending for 4 days, so if your server (Exchange or something external) goes down you’re actually already covered!  For a longer outage, a temporary server can easily be activated provided you have access to the DNS.

Additionally, secondary MX servers are used by spammers to inject spam as they are not checked as stringently as primary servers.  There are some ways to protect against this, “nolisting” being one of the tricks that we use and provide to customers in-house, which relies on spammers not having time to retry mail servers and normal mail servers being willing to retry.  (I'll write about nolisting in a future article)

So, in actuality, a secondary MX / backup email server:

• might result in additional email loss
• presents a higher spam profile
•  

So, just my opinion, and probably an unpopular one at that, but I just don’t think a secondary MX provides real value in terms of redundancy and may actually substantially reduce reliability in the event of a disaster down the track.  (None of this applies if you are a larger company – different rules of the game apply when you have larger numbers, your own email servers, and there are ways to mitigate the disadvantages above).

In  my opinion, for a smaller company, a solid way to protect against an outage is to:

• Ensure you (or your client) has login access to their domain at the registrar
• Or, possibly, create an ability to edit DNS (not as important if the above is done)
• Work out an emergency failover procedure so it’s there and ready-to-go for an emergency once it passes 24 hours

There are obviously scenarios where backup mail servers do make a lot of sense – one obvious one being for larger companies, or companies that have multiple locations; and perhaps a small company that can't respond to a mail outage in 4 days, and of course, there are others I haven't listed here (or thought of yet!).  Additionally a secondary MX server can prevent the 4 hour warning message sent to advise that delivery has been delayed.  My key point is simply that secondary MX service is not the panacea that conventional wisdom has it appear.

Having said all this, we do provide backup MX service if desired!  I guess I feel it's just part of my duty to warn people about something I think could cause them problems down the track, and perhaps present very little value to a client in the end.

Interested in hearing people's thoughts and feedback here .. am I missing anything?

A number of things can cause this to happen, things such as:

• Being disconnected from the internet
• Having an incorrect Name Server on your domain (a Name Server, in laymen terms is basically how the domain points to your hosting.)
• Something as simple as a spelling mistake in the domain name
• Or having bad DNS (Domain Name Server) settings on the web server.

For most of these issues, solutions are normally very easy to fix. Making sure all cords are plugged in correctly, checking the domain name you have typed in, and seeing if you can access other sites (such as google) can usually get these problems sorted very quickly. But there is a common problem that a lot of people encounter, even once the problem has been fixed.

This problem is DNS Caching.

Caching

Caching, in relation to computers, is a method used to try and speed up response time whenever you make a request, by either storing information viewed, or the location of where the information is, to quicken the response time for the next time that information is requested. In regards to websites, DNS Caching is when a website’s location is stored in memory, so that the next time you try to view it, it will show you what it found last time.

Although this does speed up load time, this can be a big problem if the DNS on your website has been cached as it doesn’t recheck the DNS and thus it appears that your site is still down even though it is actually up!

The problem arises when someone views the webpage prior to the problem being fixed. As you have no doubt assumed by now, even once the site is 'back up and running', the computer sometimes will remember the result it got last time, and continues to show the "Server not found" error.

One thing to remember when this happens is that it's usually only YOU experiencing this problem, everyone else who is visiting the site from then on will see the website as they would normally (Only people who have it cached will experience the problem).

Is it just me?

There are a variety of ways to check whether or not you're suffering from a bad case of the 'cache', several of them are listed below:

http://www.downforeveryoneorjustme.com/

This handy website tells you whether or not it's just YOU who can't access the site, or everyone else. Simple enter the name of the site into the box, then click 'or just me?

http://proxify.com/

This is a Proxy, a proxy (in computer terms) is basically a server that views a webpage for you, and then shows you the results. As well as protecting your IP, this allows you to look at your webpage as if you were on a different person's internet connection. Simply enter your website into the box, and click 'Proxify', and then if your site is up and running then it should load as it normally would.

Clearing your Cache

Usually, your computers cache is cleared every 2 – 3 hours, but there are a few ways to speed up this process. Below is a list of steps that can be taken to try to 'refresh' your cache (Do this in order!):

• Reboot your modem (Modems also use DNS caching, so this will clear its memory of your site)

• Reboot your computer ( This clears both your computers DNS cache as well as the internet browsers cache)

These steps don't always solve the problem, as your website may be cached with your ISP as well (Internet Service Provider). At this point you have basically have one option, wait a few hours for the ISP’s cache to clear.

Things to Check (Summary)

1. Check whether you can access other websites, such as www.google.com
2. Reboot your Modem, AND THEN your computer
3. Use   http://www.downforeveryoneorjustme.com/
4. Use   http://proxify.com/
5. If you still can't access your website, call our support desk on 1300 760 850

How websites get hacked:

There are fourmain ways that websites get hacked:

1. Exploited scripts – outdated scripts with security holes get exploited through the web by baddies.  They send special codes to your website that allow them to take over the website.

2. Stolen passwords – virus and trojan infections on your computer can steal passwords as they are typed, or from saved password files.  Once the virus has your passwords, they are sent up to a central repository and gradually exploited.  One of our web developer friends had this happen to him and they took almost 18 months to gradually work through and hack 3-4 of his sites – each with bank phishing sites.  Passwords can also be stolen by using them over public WiFi – both POP and FTP send passwords in the clear and shouldn't be used on public (unsecured) WiFi for that reason.
    
3. (2b) Stolen passwords on the server – some webhosts run accounts in such a way that they can see each other's database passwords, and thus each other's databases.  Yes, we think this is strange too.
    
4. Root compromise on the server – it is possible to take over a server completely, and hack the web server component so it occasionally sends viruses out to people looking at websites.  This is often done randomly, and sometimes only once per computer viewing the site, so it can be very hard to track down.  This is relatively rare as thankfully most hosts are able to protect themselves against this.  There were some recent examples of this in Australia over the last few years, though I'll refrain from mentioning the companies!
    

What we do to keep you safe

As we're in a unique position as a webhost as well as a web developer handling a lot of sites, we get to see more than a few sites hacked and we've worked out a methodology that successfully stops most hacking.  While we won't mention all our goodies here, some of the things we do are:

1. Block known attack signatures – when baddies attack scripts, they often use recognizable attack signatures.  Where possible we detect these and prevent them from getting through to your website, giving what's called a "406" error.
    
2. Firewall blocking of security scanners – a common hacker attack method is to "scan" a website by checking a list of vulnerabilities, or trying to guess a password by working through a list of common passwords, amongst other things.  If we see an IP doing things like these, we block them in the firewall and that's the last we ever hear of them.  While they can change IPs, only a few go that far, so this does cut down attacks.
    
3. Ensure user accounts can't see each other's databases – that way if one account gets hacked, it doesn't spread to others.  We hosted a small political organization for a few years that had been hacked around election time via this mechanism prior to moving to us, so it does happen!
    
4. Scan uploaded files – we scan all uploaded files for known virus and other related patterns, rather like an anti-virus on a PC.  We don't think many hosts do this yet.
    
5. Do server-based backups – these allow us to recover the unhacked versions of files, if we find out quickly that the site has been hacked.

One of the problems with a server that regularly hosts attacked sites is that it can start to affect things like email (listed in blocking lists) and of course, a server under attack often gets very slow.

What you can do to keep your site safe

There are two things that you can do that will help you keep yourself safe from a hacking attack:

1. Do regular backups of your site through cPanel – pop into cPanel regularly and download a backup.  You only need to do it every now and then unless you change your site a lot.  If you use WordPress, you can automate this with the WP-DB-Backup plugin, which can be asked to email you a backup on a weekly (or even daily) basis.  See our Backup article here for more information.
    
2. Keep your website's software up to date – if you use WordPress, for instance, it's merely a matter of logging into your dashboard regularly and running an update if there is a new version available.  If you run WordPress and don't have the time to log in regularly and want to ensure you are kept safe, there's a plugin called WP-Update-Notifier that will send you email when a new update is available.  See our article on updating web software here.

How we can help if you do get hacked

At the end of the day, any website can get hacked, even though you may have taken precautions, and we fully understand the distress that it can cause.

If you don't have your own developer, or if they would like a specialist to look at it, we are usually able to repair a website within a day, and do our best to diagnose for you how the site got hacked.  Contact us if you'd like to discuss this service.

• L-inux - the operating system type, but there are many flavours of Linux/Unix such as Centos, Ubuntu, FreeBSD etc
• A-pache - the web server itself that serves the web pages – there are other web server programs also used on Linux servers to replace Apache, such as nginx, lighttpd, and others.
• M-ySQL - is the free database engine that runs on the server if you have a database-powered or -requiring site
• P-HP -  the open-source programming language in very common use on the Internet these days.  Programs such as WordPress and Joomla! are developed in PHP.  The latest version of PHP, at the time of writing, is version 5.3.3, and software written for earlier versions of PHP doesn't always work on newer PHP versions (eg: see the constructor change in 5.3.3), particularly if authors don't write their software carefully.

What does LAMP hosting actually mean for me?

LAMP webhosting is probably the most widely used type of hosting on the internet at the moment for a number of good reasons – Netcraft cites 60% running Apache, and an educated guess is that about another 20% of the internet's web servers run on Linux/Unix-based servers. If you're not technical, all you need to know is that it does the job, and does it well – providing reliability, stability, and resilience whilst being cheap to run. Let's talk about the reasons why the LAMP family of web servers is so popular to give a bit more perspective.

Stability

LAMP hosting is incredibly stable, particularly so if it is well tuned.  Our servers would stay up for years if they were not periodically rebooted (periodic reboots are good sysadmin practice).  Like anything, they would be vulnerable to hacking if not well run, but so long as software patches are applied in a timely manner they are incredibly resilient. Linux runs on the Linux kernel, which has been closely refined over years and runs on millions of servers worldwide.

Cheap to run

In part due to their extreme stability, LAMP servers are much cheaper to run than Windows servers.  The software they run is all open source (unless you run a commercial version of Linux, sometimes advisable for high end servers) so there are no licence fees, and because the servers are so stable, they can efficiently handle a lot more users than Windows servers. As Linux (a form of Unix, if you've heard that term) is open source, there are bucket loads of free software available for it. A defacto rule of thumb we use is to multiply capacity by 2-3 when moving from Windows to Linux – 100 users on Windows means 300 on Linux, 10,000 hits on Windows means 30,000+ on Linux.

Resilient

LAMP servers cope well with a variety of problems, including heavy load, and are resilient to all sorts of attacks and security issues.  Of course, they're not immune, not for a moment, but can be very hardy when well run – when tuned correctly with the patches kept up to date.  This is really one of the key features of Linux – it's resilient in many ways.

Security

Like anything, Linux is insecure if it is not maintained – security everywhere is under a constant barrage, so software must be kept updated.  But a regularly updated Linux, with good firewalling and some forethought put into settings and security software, can be very secure under normal circumstances.  To be concrete, absolutely nothing is secure if people who are smart enough want to attack it, but if you want a down to earth comparison, Linux is very rarely hacked!

It's just everywhere

In general terms, LAMP servers (also known as the LAMP stack) are used on the lion's share of web servers, including Google and Facebook.  Sometimes one or more of the components is swapped around for an enterprise solution, but the basis is still Linux centred, along with Linux's philosophies (open architecture, simple small modules that interconnect well, and all open source, just to take a few key ideas).

Alternatives to LAMP hosting

The main contender for an alternative to LAMP hosting is the Windows IIS family.  If you are running .Net applications, there is currently no other choice, you have to use Windows hosting.  While IIS can be set up to be secure and fairly stable, constant attention and expertise is needed to do so.  A licence must be paid for each IIS server, and fairly constant maintenance is needed to keep them stable.  As a result, and understandably so, reliable Windows hosting plans are generally rather more expensive than LAMP hosting plans – a rough measure is 2x to 5x what you would pay for LAMP hosting. Windows IIS tends to be popular with enterprise developers using enterprise development frameworks and large CMS system, which often require IIS or family, although there are some attempts [eg: mono]  to build IIS-compatible systems running in the Linux framework. It's probably also worth noting that enterprise and very high volume web servers tend to modify the LAMP stack, for instance replacing Apache with the faster and newer nginx (eg wordpress.com) which is becoming increasingly popular and can substantially exceed Apache performance with more resilience.  Google appears to use a Linux kernel but uses proprietary software on top of that.

Summary

LAMP hosting provides a very solid platform for industrial strength general purpose hosting.  It is particularly suited to the hosting of high-availability enterprise solutions, but also works well for stable shared webhosting.

In an Enterprise hosting environment, the LAMP concept can be extended further to provide serious industrial strength reliability – the open and extensible framework that Linux is built on lends itself well to a variety of solutions and strategies that can be combined for amazing results. It's no accident, of course, that both Google and Facebook [1, 2] use many thousands of servers based on various forms of LAMP stack technology to provide their services – running forms of Linux in an architecture based on many small servers, where any one server is completely redundant.  [Ed: Google appears to run a variant of Linux]. — This has been a basic introduction to the more technical side of web hosting – if it's been helpful, or if you would like us to talk about other aspects, please comment!  I've tended to simplify things, if that has been unhelpful also please comment.]

Here are 5 basic steps to prevent your site from being hacked:

1. Remember that any software you install on your website could get hacked – it’s like a PC – but it’s out there on the internet 24 x 7!  Not updating that software, is the same as hiding your head in the sand – hoping really hard nothing will happen – and it probably will!!
2. Change your website Admin password to something that contains (at the very minimum):
   • both upper and lowercase letters
   • at least one number
   • at least one character/punctuation mark
   • consider using another username, not “admin”
3. Update your website software (and check for updates at the very minimum every 3 months)
4. Pay attention to your website statistics. If your bandwidth all of a sudden/out of the blue is 3GB higher than it has been in the past 3 years and you haven’t done anything different (eg Adwords campaign, radio promotion, handing out flyers etc) this should raise some serious warning flags in your head and prompt you to investigate further.
5. Keep your computer anti-virus software up-to-date (kind of like #3… but not really). If you have a key-logger virus on your computer, your strong, super secure password is useless because the bad guys will be able to see it and wreak havoc on your site.  We see this regularly!

I know we’ve written about this (numerous times actually) in the past but you’d be surprised (or maybe you wouldn’t) by the number of sites being hacked despite our warnings. Cleaning up a hacked site is not a trivial matter and can become quite costly.

If they’re made available to you, why wouldn’t you jump on the chance to take precautionary measures to protect your site?

If you’re not sure what this means, you’re welcome to ask for details.

One of the most amazing, and under-discussed, ideas to come out on the internet over the last decade is the concept of “Wikis”.  Most of you would, of course, be familiar with Wikipedia, which is an example of a certain type of Wiki – albeit on a huge scale!  However, Wikis in their original idea are much more simple – the idea being that they provide an easy to use and easy to search medium for dumping ideas and thoughts down.  There are several key concepts in the Wiki paradigm that make it extremely useful:

1. Wikis are easy to add text to and require little knowledge to use.  We use MediaWiki internally and added a module to it called “FckEdit” which allows easy-to-use formatting (see example of editor window below)

   

2. Anyone can change a Wiki – As little security as possible is enforced, the idea being that the more control that’s imposed the less likely people are to contribute.
3. Documentation evolves – it doesn’t have to perfect at first try, it’s better to just get something out there so the community can assist with evolving it

Initial experiments with Wikis have proved them to be a highly successful way of documenting processes, ideas and systems – they often work where more formal approaches have been tried and failed.  Obviously Wikipedia itself is a great example of just this, but there are many stories of Wiki technology transforming businesses and government departments.

One of the key ideas of Wikis is that anyone can modify a page.  This works because it keeps a history of changes and if you want to revert to a change, it’s only a click away. This means that if someone makes an edit which introduces errors, the change can easily be reversed.

Wikis are searchable – so it makes it easy to look up concepts and work done in the past, even if it was done a few years ago.  For instance, we were talking about some custom work we had done on our PBX phone system the other day.  We looked up the Wiki entry, which took us about 30 seconds to find, and instantly we had some basic info on the work that had been done 2 years ago, which none of us had been able to remember in detail until we saw the short (10 line) article we’d written when the work was done.  One of the tips here is to make sure you include keywords that might help to find the article.

At White Dog, there have been times when it’s been hard to get the idea of how important documentation is into the team’s head.  In order to bootstrap our Wiki when we started it in 2008, the deal was that coffee would be free at our team meeting every week if you brought an article you’d created in the Wiki!  Over time, as a result of the coffee policy, we’ve collected 337 articles in our Wiki and it’s become an invaluable and fairly complete record of our work practices, process and policies.

Some example articles from our Wiki:

• a 3 line article summarizing 3 hours of research to make it easy to find next time we need it
• 5 liner on when the garbage bins goes out and how to contact the council
• an article outlining some standards for web development practices
• a summary of key plugins for Joomla
• Documentation on our servers and their configuration
• Policies on email and internet use

A wiki takes time to build up, but can be an absolutely vital tool in taking your business to the next step.

Staff training can be accelerated with a Wiki too – new staff can read the article then discuss it with existing team members, and we also ask them to update articles as they find inaccuracies or unclear writing.

One important thing to remember with a Wiki is that the articles can actually be very short – sometimes a quick tip or a link to a useful website can save many hours of research.  It’s also important to remember that you are generally writing for a knowledgeable person and there’s no need to spend ages documenting the more obvious details – at least initially, getting the broader or the rough details down can be a big start and you can come back and refine what you’ve written later.  It’s better to get something down rather than nothing!  As your Wiki evolves, it can become an online process manual which can greatly contribute to the value of your business.

Wikis are actually relatively easy and cheap to set up, and can even take the place of a normal website if it’s relevant to your business.  Most are based on free software and there are some good options – TikiWiki and MediaWiki being the strongest as far as I know, but there are many others.

Has anyone else used Wiki technology in their companies?  Please comment and share if you have.

If your interested in a wiki, shoot us an email or give us a call. We will install and configure it for $600 ( though mention this blog article and get $100 off if ordered during month of July). We also provide a PDF cheat sheet on on how to do the basics. Turnaround time is 3 business days.