Archive for March, 2009

What is a content delivery network?

Tuesday, March 31st, 2009

CDN stands for content delivery network in which there a farm of servers separated geographically which helps in faster organizing, storing, and streaming web site content (images, text, video and other static content) to end-users. Rather than serving content directly from the host server to the end-user, the Content Delivery Network moves the content source from the host server to a node that is geographically closer to the end-user. This minimizes the distance the data has to travel, avoiding network traffic jams, and decreasing latency.

Key Benefits of a Content Delivery Network:

A. High-Quality Content and Media Rich Web Sites:

CDN places content as close to the end-user as possible, making downloading, streaming, and web site load times faster and more consistent. This allows web sites to include richer, more creative content without sacrificing performance.

B. Broader Geographic Reach:

CDN pushes content to server nodes placed around the world, optimizing the speed and reliability of content delivery to end-users regardless of location. This is especially advantageous as Internet subscriber rates continue to increase globally.

C. Cost-Effective, Performance-Neutral Scalability:

CDN spreads its workload over multiple servers in diverse locations, so increases in content demand does not slow down or compromise delivery.

What are the advantages of using CDN over standard Internet content delivery?

CDN delivers content more efficiently than standard Internet content delivery, letting businesses meet the growing demand for rich, online media that require large bandwidths. Standard Internet delivery sends content data over general Internet routes from the host server’s location to the end-user’s location. This takes into account neither the host server’s proximity to the end-user, nor possible traffic jams between the two. CDN, however, moves the content from the host server to a node that is geographically closer to the end-user. This avoids potential network congestion and decreases latency, increasing delivery speed and providing consistent and reliable file transfer times. In addition, as a solution created specifically for content delivery, CDN includes tools that provide more content management and delivery control, helping with content monetization.

Who should be using a CDN?

CDN is ideal for any company or individual that wants to make content available on the Internet, particularly those with sites that utilize caching, streaming, and downloading services. This includes a wide variety of industries and applications, including:

  • Social Networking
  • Gaming
  • E-commerce
  • Entertainment
  • Software Development
  • Financial Services

Content Formats:

CDN supports multiple content formats for streaming media and progressive downloads.

Formats for Streaming Media

  • Windows Media Player
  • Flash Media

Formats for Progressive Downloads

  • Windows Media Player
  • Flash Media
  • DivX
  • H.264
  • Move Media Player
  • Microsoft Silverlight
  • QuickTime
  • MP3
  • RealSystem G2
  • RealPlayer
  • Real Networks
  • HTML
  • TXT
  • GIF
  • JPG
  • PDF

Supported Delivery Protocols

  • HTTP
  • RTMP
  • MMS

Diadem Technologies in association with Softlayer Technologies Inc. is providing Content delivery services to its clients for their richmedia  and streaming media applications.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
 Loading ... Loading ...

Tags: ,
Posted in Datacenter, Web Hosting | No Comments »

Webhostingtalk (WHT) has been hacked

Thursday, March 26th, 2009

webhostingtalk is down
I am shocked beyond belief to note that www.webhostingtalk.com, the largest web hosting discussion forum on the web, is offline. Its not only offline, its data backups (onsite and offsite) alongwith the current site data has been completely wiped out and the only backup which they have is written on a set of DVD disks which is about 6 months old.

Despite all their security mechanisms and firewalls, they have not been able to prevent this attack which speaks volumes on the level of vulnerability which all web servers and applications have to live with on the web. This is a huge loss for WHT as a 6 months loss of data would have an incalculable and long term damage to their revenues, goodwill and reputation of being a secure online meeting point for web hosting enthusiasts across the world.

Read the full text of the mail sent by WHT to its subscribers below:

Hello fellow WHTers!

It’s been pretty hectic around here, but I wanted to make sure as many members as possible know what’s going on. At approximately 8:30 pm EST on Saturday, March 21 The malicious attacker deleted all backups from the backup servers within the infrastructure before deleting tables from our db server. We were alerted of the db exploitation and quickly shut down the site to prevent further damage.
We’ve tried to answer any questions or concerns in the following thread posted at http://www.webhostingtalk.com/showthread.php?t=729727. Be sure to subscribe if you want to stay informed.

Remember, you can follow us on Twitter @WebHostingTalk.
WHT Data – Q&A Information
========================
What do we know about the damage done?
This attack was very deliberate, sophisticated and calculated. The attacker was able to circumvent our security measures and access via an arcane backdoor protected by additional firewall. We are still investigating the situation, but we know the attacker infiltrated and deleted the backups first and then deleted three databases: user/post/thread. We have no record or evidence that private message data was accessed. Absolutely no credit card or PayPal data was exposed.
Do we know the motivation behind the attack?
We don’t know enough at this time, so any insight would be purely speculative in nature. WHT is a platform where positive and negative information is shared and exposed about business and individuals. Under TOS policy, we cannot edit or remove user-generated content at the request of an unsatisfied third party. Therefore, WHT tends to become the target for disgruntled individuals and businesses.
Have we been able to restore more recent back-ups?
The offsite backup, the onsite backup and the operational data were destroyed by the attacker, so we’ve resorted to a physical back-up of last resort. Unfortunately, we are experiencing difficulty restoring from our most recent physical backup. At this point, October is the most recent backup that we were able to restore. We continue to work to extract data from a more recent set of DVDs.
What is WHT focused on doing now?
The first priority, which kicked in immediately upon discovering the hack while in process, was locking down the infrastructure to avoid further damage and restoring the site. We also had to block the potential for a repeat attack. Now we are working on investigating how much prior data is restorable, reinstating premium memberships, contacting business partners, and communicating with the community members. We are also doing everything possible to identify the attacker and bring them to justice. Disappointments happen – we are working hard to restore trust among community members and to bring things back to normal.
Is WHT doing anything different due to this attack?
WHT has been targeted before and our infrastructure has withstood previous attacks. However, following this well-planned and targeted attack, we will be altering aspects of our architecture to ensure that this type of attack does not happen again. Needless to say, we have learned from this situation and will address any discrepancies accordingly.
We had three, protected data back-up units with one offsite behind a firewall and a fourth physical data back-up layer. We evaluated our disaster recovery plan as recent as late-2008, and carefully reviewed how to recover from a disaster situation. The attacker appeared to have deliberately targeted our data back-up systems, a scenario that our disaster recovery plan did not fully anticipate. We have implemented changes to our data backup and disaster recovery plans to address this weakness. And we advise others to consider a scenario of deliberate, malicious data destruction in their backup and recovery plans.
What should members do now?
The password encryption technology we use is strong for securing non-financial data. However, we suggest that members change their passwords frequently and do not use the same user name and password for the forum as they may use for more sensitive services like online banking. If a member feels more comfortable changing their password, then we recommend that they do what makes them feel more secure.
A concern is that members may receive more spam because the attacker posted stolen email addresses on file sharing sites. I haven’t personally seen an increase in the amount of spam I usually receive to my email address, but it is a risk that we cannot easily alleviate. As we become aware of specific file sharing sites with these email addresses, we are requesting that the emails be removed promptly. So far, most have been quick to comply.
What if I can’t use my WHT account?
We are temporarily using a version of the database from October 2008. This means that if you joined WHT after October 2008, you’ll need to register again to post now. We may still be able to recover your account, but we don’t know yet. Please register with the same username you used before.
If you joined WHT before October 2008 and get a password error, the system is probably asking for the password you were using in October 2008. If you don’t remember your previous password and have access to the email address for your WHT account in October 2008, please use the password recovery tool.

If you’ve subscribed to a Premium or Corporate membership prior to October 2008, someone from iNET has contacted you by now. If you’ve subscribed (or re-subscribed) since October 2008 and haven’t heard from iNET, please contact us on the helpdesk.
Moving forward …
We take the protection of user-contributed data very seriously, and we strongly regret what happened. iNET has a sophisticated infrastructure with advanced security. Yet even institutions that spend millions of dollars a year on Internet security are exploited. Anyone recall NASA being hacked some years back?
It’s not what you’ve done, it’s what you do. And from this day forward, we continue.
We’ve been overwhelmed by all the offers of help and support we’ve received from our members. What can I say about that beyond my heartfelt thanks? I love this community!
========================
Thanks for listening. And I’ll see you on the forums!
Dennis Johnson (aka SoftWareRevue)
iNET Community Coordinator

My advice to all organisations (big or small) is to thoroughly re-evaluate their data backup and disaster recovery mechanisms to ensure that they can survive such catastrophic events. In today’s world you cannot leave online data security to chance.
1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 3.00 out of 5)
 Loading ... Loading ...

Tags: ,
Posted in News & Updates, Web Hosting | No Comments »

Improve Security using php.ini

Wednesday, March 25th, 2009

PHP has some vulnerable functions which can be used to break into your server if your scripts are not coded securely. You can setup a list of functions in php.ini using disable_functions directive. This directive allows you to disable certain functions for security reasons. It takes on a comma-delimited list of function names. This disable_functions feature is not affected by Safe Mode. This directive must be set in php.ini For example, you cannot set this in httpd.conf

Open php.ini file:

#vi /etc/php.ini

Find disable_functions and set new list as follows:

disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,

curl_multi_exec,parse_ini_file,show_source

Save and close the file. Restart httpd:

# service httpd restart

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
 Loading ... Loading ...

Tags: , ,
Posted in PHP/MySQL | No Comments »

Payment Gateways in India

Sunday, March 22nd, 2009

As a trusted webhost for SMEs to large businesses in India, we keep getting queries from our clients on the payment gateway service which they can use on their website. A payment gateway is typically a third party provider which allows you to accept credit card transactions through your website, which they than route on to the acquiring Bank for an approval or denial of the transaction. Payment gateway services are gaining in popularity in India as they are required for online sales. Without much ado, here is my list of the most relevant payment gateways in India and their offerings:

1. CCAvenue – www.ccavenue.com

CCavenue is probably the most popular payment gateway service provider in India. It has an option for you to either process and accept payments in USD or accept payments in INR. If you are considering to accept payments in USD and have the funds remitted to your account in INR, a USD account might be more suitable. However, if your transactions would mostly be in INR, the INR payment gateway would possibly be the recommend option.

Pros: Established payment gateway provider, efficient services, prompt payment disbursal, feature rich control panel.

Cons: The website frontend and merchant area could be updated. The setup fees and transaction charges are a bit steep and getting online support doesn’t always work.

Pricing: INR payment gateway and USD payment gateway

2. ABCPayments.com – www.abcpayments.com

ABCpayments.com (a division of IndiaMART InterMESH Limited) is an e-payments solution provider and is based in New Delhi. Their website looks a bit dated and they don’t have an online merchant registration form, which leads me to believe that they might not be pursuing this business aggressively.

However, they have quite a few clients opting for their services and they can be contacted through their online feedback form to get more details:

Pros: NA
Cons: Website lacks content and is unimpressive. No signup form for new clients. No login form for members.

3. ICICI Payseal – www.ICICIBank.com

Payseal, the payment gateway service from ICICI Bank enables organisations to accept secure online Credit Cards payments over the Internet. They have been around for quite some time and as this service is provided by ICICI Bank, which is the largest private sector Bank in India, you can be assured that they will be in good standing and would continue to improve their online payment gateway services.

The Payseal payment integration scripts are in JSP, so you require a proficient webmaster to help integrate this payment service on your website as it requires Tomcat web server to execute the JSP scripts. Some of our clients have been using this service for quite a while and are overall happy with their services. The pricing for their service varies on the business volume which you can provide to them but it would be safe to assume that they will charge you a one time payment gateway integration of about Rs. 25000 and about 5% as transaction fees.

Pros: Service offered by a leading Indian Bank, secure integration, regular payment disbursal, technical support.
Cons: Support might not be as efficient as a dedicated payment gateway service provider, integration process is somewhat complicated, setup charges are quite high.

4. HDFC Bank – www.HDFCBank.com

HDFC Bank has recently launched its payment gateway service for B2C transactions. Though, not much is known about its services, it should be similar in pricing and features to ICICI Bank and they will probably be a little more competitive in their offerings as they are new in this business.

As HDFC Bank, is amongst the most tech savvy and proficient Banks in India, you can expect them to provide a world class payment gateway service to their clients.

Pros: NA
Cons: NA

5. E-Billing Solutions – www.ebs.in

E-Billing Solutions (EBS) looks like a leading provider of payment gateway services and its website and presentation is by far the most impressive and comprehensive in comparison with all the other payment gateway providers in India.

They are based in Mumbai and have offices in Chennai and Hyderabad so if you are in any of these three cities, getting prompt support should be that much easier. They seem to be serving quite a few clients and their pricing is also very competitive when you compare it with the other payment providers in India.

Pros: Professional website with multiple options for support (email, chat, phone), online signup, competitive pricing plans, online control panel for merchants.
Cons: Relatively new provider, No mention of USD transactions on their website.

6. Paysignet – www.paysignet.com

Paysignet e-Transactions Pvt. Ltd. seems to be a relatively new but looks like a promising provider. What concerns me however, is that they don’t have a physical office address mentioned on their contact us page and they don’t have a team page with a list of their key personnel. Personally, I like to know the physical location and a little bit more about the management team before I can trust a provider and its services. Having said that, I am hopeful that they will make the required updates and come up with a better presence in the days ahead.

Pros: Promising services, online control panel, PCI compliant, ISO 9001 certified, Net Banking integration.
Cons: Physical office location is NA, Pricing information is not transparent, New provider in the online payment processing industry.

Notable mention:

Transecute – www.transecute.com

Probably amongst most technologically advanced and secure payment gateway provider in India, Transecute is currently not giving out any new account and is currently quite content with the clients which they have. Hopefully, once they are back in action, they will give most providers a run for their money.

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 3.25 out of 5)
 Loading ... Loading ...

Tags: , ,
Posted in Ecommerce, Web Hosting | 5 Comments »

Creating image thumbnails in php

Thursday, March 19th, 2009

Thumbnail are used by graphic designers and photographers for a small image representation of a larger image. The main advantage of creating thumbnails is that it generates the new image with the proportional dimension of the large image and hence the image resolution and quality remain intact. As the thumbnails are smaller in size they load quickly and makes the page render faster as well.

We are using a thumbnail class to make code simpler and easy to use. Image extensions with jpg, gif and png are supported for creating thumbnail using this class.

Three easy steps to create and image thumbnail :

Step 1. Create a folder and named  as createThumb.  Create a file named thumbnail_Class.php in the createThumb folder and paste the code given below into it.

<?
function createThumb($srcname,$destname,$maxwidth,$maxheight)
{
$oldimg = $srcname;
$newimg = $destname;

list($imagewidth,$imageheight,$imagetype)=@getimagesize($oldimg);

$shrinkage = 1;
if ($imagewidth > $maxwidth)
$shrinkage = $maxwidth/$imagewidth;
if($shrinkage !=1)
{
$dest_height = $shrinkage * $imageheight;
$dest_width = $maxwidth;
}
else
{
$dest_height=$imageheight;
$dest_width=$imagewidth;
}
if($dest_height > $maxheight)
{
$shrinkage = $maxheight/$dest_height;
$dest_width = $shrinkage * $dest_width;
$dest_height = $maxheight;
}
if($imagetype==2)
{
$src_img = imagecreatefromjpeg($oldimg);
$dst_img = imagecreatetruecolor($dest_width, $dest_height);
imagecopyresampled($dst_img, $src_img, 0, 0, 0, 0, $dest_width, $dest_height, $imagewidth, $imageheight);
imagejpeg($dst_img, $newimg, 75);
imagedestroy($src_img);
imagedestroy($dst_img);
}

elseif ($imagetype == 3)
{
$src_img = imagecreatefrompng($oldimg);
$dst_img = imagecreatetruecolor($dest_width, $dest_height);
imagecopyresampled($dst_img, $src_img, 0, 0, 0, 0, $dest_width, $dest_height, $imagewidth, $imageheight);
imagepng($dst_img, $newimg, 75);
imagedestroy($src_img);
imagedestroy($dst_img);
}
else
{
$src_img = imagecreatefromgif($oldimg);
$dst_img = imagecreatetruecolor($dest_width, $dest_height);
imagecopyresampled($dst_img, $src_img, 0, 0, 0, 0, $dest_width, $dest_height, $imagewidth, $imageheight);
imagegif($dst_img, $newimg, 75);
imagedestroy($src_img);
imagedestroy($dst_img);
}
}
?>

Step 2. Create a file named index.php with in this folder and paste the code given below inside index.php. This is the file which you need to run from the browser. Place your image (e.g., grapes.jpg) to create thumbnail within the createThumb folder.

<?
include(‘thumbnail_Class.php’);

$filePath    =    ‘grapes.jpg’;
$destPath    =    ‘Thumb_grapes.jpg’;
$maxwidth        =    450;
$maxheight        =    300;
createThumb($filePath,$destPath,$maxwidth,$maxheight);

echo ‘Thumbnail Created.’;
?>

Step 3. Finally, Run the index.php from your browser and if your thumbnail is created successfully then you will get an message “Thumbnail Created” and the thumnail image will create in createThumb folder with name Thumb_grapes.jpg.
(more…)

Tags: , ,
Posted in PHP/MySQL | 2 Comments »

Creation of additional FTP users for Plesk Linux

Sunday, March 15th, 2009

Plesk is a great Control Panel in  the shared hosting environment, but there are a few things that are not available in the Control Panel. For example, you cannot create additional FTP user in Plesk Control panel for Linux (this support is enabled in Plesk for windows).  But some time it is required to have multiple FTP accounts to upload/download data. You need to have shell access since the Plesk control panel won’t allow it in the GUI.

Assuming you already have an existing domain (example.com) with the primary FTP user (jack) with password (schmidt) with home directory (/var/www/vhosts/example.com), and you wish to create additional ftp users (jill and bob) with the same access privileges as jack:

Procedure:

Login to server via SSH as root.

Issue the shell command:

#cat /etc/passwd |grep ‘jack’

This will show you a line similar to the following:

jack:x:10041:10001::/var/www/vhosts/example.com:/bin/false

The first number (after the 2nd colon : ) is 10041, so this is the UID of user jack. You will need this in the ‘useradd’ lines since useradd wants a number for the UID.

The second number (after the 3rd colon : ) is 10001, this is the GID (psacln), we won’t need that right now.

Then run the following shell commands to create the users and passwords:

#useradd -u 10041 -o -d /var/www/vhosts/example.com -g psacln -s /bin/false jill
#useradd -u 10041 -o -d /var/www/vhosts/example.com -g psacln -s /bin/false bob
#passwd jill (enter the new password and confirm it, does not have to be the same as jack’s)
#passwd bob (enter the new password and confirm it, does not have to be the same as jack’s)

You should now be able to use an FTP client to login with that user’s name and password.

User jill and bob should be able to see the example.com docroot just as user jack can. You should NOT be able to browse above the example.com docroot directory. All 3 users should have the same access to the files since they belong to the same group, so no matter which of the users created or edited the file(s), all should be able to access/edit/whatever the same files.

(NOTES: Since these are users defined at the OS level, when connecting with an FTP client, they would login with username ‘jill’, ‘bob’, or ‘jack’. They would NOT use ‘jill@example.com’. This also means that USERNAMES MUST BE UNIQUE.)
(more…)

Tags: , , , ,
Posted in Linux, Plesk Control Panel | 20 Comments »

Crystal Report issue with Plesk and installing runtime component

Thursday, March 12th, 2009

There is an issue with Crystal reports support with Plesk installation . We have found that in spite of  installing the crystal report runtime redistributable package the report won’t show in the web page on any hosted domain in Plesk, but if you run the report under a virtual directory under the default website the report will be displayed properly. The reason behind this is the IIS application pool launching user (identity). By default the “Default Application pool” launches using the “Network Service” privilege which has the privilege to access the Crystal report assemblies that are referenced in your web.config file.  By Default when a domain is hosted through Plesk control panel it creates a separate application pool for it and the user to launch its application pool is set to “IWPD_domain”. So to resolve the issue either one has to change the application pool Identity to “Network Service” or create a separate application pool using “DefaultApppol” as template and then change the application setting of the website to use that newly created application pool. Remember to set inheritable NTFS permission to the “Network Service” user on your web site.

You can download the crystal report redistributable packages from the link and install it:

https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/bobj_download/main.htm.
A step by step pictorial representation is given below:

(more…)

Tags: , ,
Posted in Database, Web Hosting, Windows Server | 1 Comment »

Our corporate blog is now online

Friday, March 6th, 2009

Welcome to our web log and we hope we can do justice to this endeavor. Setting up a blog is probably the easiest thing you could do online; download and install wordpress, get a free theme online and bingo, your blog is online. However, it will take tons of effort and discipline to ensure that we keep posting new and relevant posts on a regular basis. I am sure feedback from our visitors will keep us motivated to make this a regular affair for us.

So what will this blog talk about? Though I don’t have a firm plan in place, it will more about you than us. It will be more about helping our fellow webmasters, web developers and our clients in helping them resolve issues in certain areas, which we believe we are good at. In the process, we hope to also improve our knowledge and capabilities and hopefully become a resource for the web community, worldwide.

Sure, not every post would be accurate or meaningful enough but we hope to learn and improve.  Just as Lao-tzu, the Chinese philosopher had once said “A journey of a thousand miles begins with a single step”, here is our first step in this journey of online blogging, which we hope is an eventful one.

Posted in News & Updates | No Comments »