fware

Ransomware On Your Website – Is It Possible?

fware ransomware

Ransomware on a website?

Ransomware is popularly thought to affect only PCs, mainly containing older versions of Microsoft Windows, through phishing of login details. Actually, nothing is farther than the truth.

In fact, ransomware can be introduced even into Linux-based web servers / websites without using any phishing techniques, and even if they are behind a firewall.

The above image displays the new homepage of a website on cPanel shared hosting recently locked by ransomware. The image below is a listing of the ransomware-encrypted website files as seen via an FTP client.

fware ransomware file listing

How did the ransomware get in?

Servers are computers available on the public Internet and are required to serve information via multiple protocols such as HTTP/HTTPS, FTP, SSH, etc. This also creates multiple points of entry for attackers in addition to poorly secured entry points in web apps.

In this case, the website had allowed file uploads into directories that (carelessly) had execute file permissions enabled for everyone. In Linux this is the 777 permission. This allowed an attacker to upload the fware encryption PHP code to the website and then cause the code to execute via a web browser call.

What would you do if this happened to you?

How would you be affected if you woke up one morning to see your website that wasn’t available anymore? Even after paying the ransom there is no guarantee of receiving the decryption key and getting back your website files and data.

Luckily, in this case, the webmaster (website manager) for this website had already enabled automated website backups and was able to restore the website quickly. Most webmasters agree frequent automated backups are the best defense against total website loss. So does your website have automated backups?

 

dedicated servers billing discounts

New Dedicated Server Billing Cycles and Discounts

Dedicated Server on iwebz.hosting

A Dedicated Server is meant to take your web site one step further. Offering an amazing combination of dependable hardware and stable software, the dedicated servers on offer at iWebz Web Hosting are precisely what your site needs.

ARTICLE: Why should Tech startups start with Dedicated Servers?

New Billing Cycles

Recently, we’ve introduced a major upgrade to our dedicated servers – we’ve improved the hardware of the existing setups and added 8 new configurations.

Up until now, only a monthly payment period has been available for the dedicated server packages.

With the new update, our Dedicated Server customers will be able to make use of 3-month and 6-month billing cycles, apart from the default monthly payment option.

These billing periods are now available while placing your order.

dedicated server new billing cycles

Billing Cycle Discounts

dedicated servers billing discountsAs you can see, the new billing cycles are tied to a corresponding discount on the default monthly price.

This way, if you select the 3-month billing cycle, they will get a pleasing 10% discount off their plan’s monthly price right away:

And if you select the 6-month billing period, the discount will be twice as big – 20% OFF the default monthly price.

By switching between the 3 billing period options, you will be able to see the difference between the regular monthly price and the discounted quarterly and semi-annual prices in the table below and choose the most suitable option at the time of purchase.

Once enabled, the new billing periods will be in force for as long as you want. When the period expires, you will be able to renew your subscription for another 3 or 6 months, or to switch to the regular monthly billing option.

Get a Dedicated Server for your online venture

Take advantage of a free Control Panel, 24/7/365 technical support and a 99.9% uptime guarantee.
mezzanine cms logo

Installing Django-based Mezzanine CMS on iwebz.hosting

Following this tutorial requires you to have an active web hosting account from iwebz.hosting with SSH access enabled.

mezzanine cms iwebz python hosting

Setting up the Mezzanine CMS environment

To begin installing the Django framework-powered Mezzanine CMS (official website)on our platform, you must first create the app environment via SSH.

Step 1: Create a virtual environmеnt (venv) in the root folder of your account, in our case:

/usr/local/python-3.5/bin/virtualenv /home/venv/

Step 2: Enter the newly created virtual environment using the following command:

source /home/venv/bin/activate

Step 3: Go to the “www” folder of your hosting account:

cd /home/www/

Step 4: Install the Mezzanine CMS binaries along with the corresponding modules fastcgi support and flup6.

pip install git+https://github.com/NetAngels/django-fastcgi
pip install flup6
pip install mezzanine

NOTE: Make sure you disable the Outgoing Connections option or the installation of the modules will fail.

Step 5: Set up the Mezzanine project In a selected custom directory, in our case mydjangocms:

mezzanine-project mydjangocms

Step 6: Create a domain or subdomain for the newly installed CMS. Keep in mind that the Jail host option needs to be deactivated in order for the installed modules to function properly.

Point your newly created domain or subdomain to the path of your project. In our example, the path is “/www/mydjangocms”.

python settings

Setting up the Mezzanine CMS app

Step 7: Go to the newly created Mezzanine CMS folder:

cd mydjangocms

Step 8: Set up a database for your CMS. In our case, we’ll use the sqlite3 database for the sake of ease (alternatively, you could set up a MySQL/PostgreSQL database by applying the necessary settings to the Python setup file:

python manage.py createdb

You will see the following message:

A site record is required.
Please enter the domain and optional port
in the format 'domain:port'. For example 'localhost:8000' or 'www.example.com'.
Hit enter to use the default (127.0.0.1:8000):

Use the default option for the SQL host. You will then be asked to enter your username, email and password. These are the login credentials for the CMS system and not the database.

In the end, you can choose if you want to have some demo content inserted.

Step 9: Set up an .htaccess file in the folder of your project with the following entries:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.fcgi/$1 [QSA,L]

Step 10: Set up an index.fcgi file in the folder of your project using the following code (it will serve as an entry point for all requests to the CMS). Don’t forget to replace “mydjangocms” with the name of your project.

#!/home/venv/bin/python3.5
# -*- coding: utf-8 -*-
import os
import sys
activate_this = '/home/venv/bin/activate_this.py'
exec(open(activate_this).read(), dict(__file__=activate_this))
cms_path = '/home/www/mydjangocms/'
sys.path.insert(0, cms_path)
os.chdir(cms_path)
# Set the DJANGO_SETTINGS_MODULE environment variable.
os.environ['DJANGO_SETTINGS_MODULE'] = "mydjangocms.settings"
from django_fastcgi.servers.fastcgi import runfastcgi
from django.core.servers.basehttp import get_internal_wsgi_application
wsgi_application = get_internal_wsgi_application()
runfastcgi(wsgi_application, method="prefork", daemonize="false", minspare=1, maxspare=1, maxchildren=1)

Step 11: You’ll need to make the index.fcgi file executable using this command:

chmod +x index.fcgi

Step 12: Edit the settings file located inside “mydjangocms/settings.py” and replace

ALLOWED_HOSTS = []
With your actual host name:

ALLOWED_HOSTS = ['mydjangocms.my-best-domain.net']

Step 13: Run the following command to collate the static files:

python manage.py collectstatic

You are now ready and your site should be up and running.

In our example, the newly installed Mezzanine CMS will resolve to:
http://mydjangocms.my-best-domain.net/

django mezzanine cms installation

Now you can log into your Mezzanine CMS Admin Panel using the login details set in step 8 above and kickstart a new blog, for example:

django mezzanine cms admin panel

Web Hosting with Python support

Know more about our web developer-friendly shared web hosting with SSH access and Python libraries.
python manager

Python Manager section now available in the Control Panel

Python Manager

The Python Manager is the latest web developer-friendly feature of iwebz.hosting

Python is one of the most important application depython managervelopment languages and has been around for a long time now. It is easy to learn and use, no matter if you’re new to programming or an experienced developer. Its standard library supports many Internet protocols, including JSON, FTP, IMAP, HTML and XML.

Python is mostly used for web development, scientific & numerical computing, software development, and system administration purposes. So there are many different types of Python-based software.

Following the feedback of web developers, iWebz℠ has added a new Python Manager functionality to the Advanced section of the Hepsia Control Panel on iwebz.hosting.

The new Python Manager section in the control panel will allow users to edit the current Python version and to enable Python-compatible applications for their projects.

Located right next to PHP Settings, it gives you one-click access to various Python management options.

Using the Python Manager

From the Python Manager section of the Control Panel, you’ll be able to set the Python version for your account. You can choose between Python 2.7, Python 3.1 and the latest version – Python 3.5.

You can setup your Python app environment and install Python scripts using your SSH access that comes with your web hosting account.

Web Hosting with Python support

Know more about our web developer-friendly shared web hosting with SSH access and Python libraries.
.eu domain in flag

Renewal Grace Period changed for .EU domains

23rd November 2016

Revision in Renewal & Restoration Policy

A Renewal Grace Period is the time during which a domain owner can renew an expired domain at the regular renewal price. Most domain extensions offer a renewal grace period of up to 40 days.

The .EU Registry has announced a change in its policy with respect to Domain Renewals as a result of which .EU domains will no longer enjoy any Renewal Grace Period. This change will come into effect from 23rd November, 2016.

A domain name that is not renewed before the expiry date will now directly expire and be only be available for restoration at the stipulated restoration price.

If you have any .EU domain names coming up for renewal on or before 23 November, please ensure that you renew or transfer your .EU domains as soon as possible.

Renew or Transfer now

You can renew or transfer .eu domains on these websites.

icann logo

ICANN IRTP-C impact on Domain Transfers

icann logoICANN Domain Transfer Policy Updates

ICANN has mandated certain updates to the Domain Transfer Policy for enhanced verification when either the Registrant or the Registrar change occurs. This will be effective from 1st of December, 2016.

Here are some of the key aspects that are part of the new Transfer Policy :

Impact on Inter-Registrar Transfers

A Form of Authorization, or FOA, is the email that is sent to the registered name holder when a domain transfer is initiated to approve the request. The FOA will now expire after 60 days if the transfer is not completed, unless we allow an automatic renewal and the registrant has expressly opted in to an automatic renewal.

● The FOA is void if the domain name expires before approval.

Impact on Inter-Registrant Transfers

● If a material change is made, we must collect consent from both the Prior Registrant and the New Registrant, prior to making the requested change, even if you represent both parties. A “material change” is a change in the name, company or email address listed for the registrant contact.

● If the Prior Registrant and New Registrant do not confirm the change within 60 days of the request, the change implementation will not proceed.

● Once both Prior and New Registrant parties agree to the requested contact changes, the information will be updated within 1 day after.

Impact on Privacy Protection

The Registrar on Record will act a designated approver for the Registrant. So no approval is needed from the Registrant listed on the domain. An email will be sent to the registrant whenever the status of Privacy Protection is changed. This email is merely for notification purposes.

 

We hope this was helpful. To know more about the policy please refer to the ICANN website.

 

ownCloud logo

ownCloud File Sync & Share On Shared Hosting

ownCloud logo

ownCloud Synced File Storage

Did you know that iWebz Shared Hosting plans let you setup your own private synced storage system just like Dropbox for your group of employees, friends or family members?

owncloud-header

Now let them Access, Sync & Share data from their computers or mobile devices using ownCloud.

ownCloud on iWebz Shared Hosting

All our Shared Hosting plans provide for UNLIMITED storage & bandwidth, so all you need is a Shared Hosting account with us. Only ensure that the content of files stored are within our Acceptable Use Policy.

If you already have a Shared Hosting account with us, before you setup ownCloud via the Web Installer PHP script, make sure you have PHP 5.3 or above enabled, and allow Outgoing Connections via the Advanced tab in the Control Panel.

Installing ownCloud

With the PHP web installer script, ownCloud automatically creates everything you need, so you don’t need any special skills to get it set up. If you have multiple users who will access ownCloud, it’s recommended that you do not use SQLite, but use an existing or manually created MySQL database.

  1. Download and save the Web Installer PHP script to your computer.
  2. Upload the setup-owncloud.php file to your web space using the File Manager, or an FTP app or an FTP client browser extension.
  3. Enter the URL of the setup file into your web browser. It should something like http://www.yourdomainname.com/setup-owncloud.php
  4. Follow the basic onscreen instructions to install ownCloud. After a couple of minutes it’ll redirect you to the login page.
  5. Each user is presented with Desktop & Mobile client download options after logging into their web-based interface.

 

If you face any issues with setting up ownCloud on your iWebz Shared Hosting account, write in to us via this form