Author - Travis N.

How SSL showed up everywhere

SSL certificates have gained a lot of importance over the last few years. 15 years ago, you really only saw SSL in a few places: when you registered on a website, when you logged into your account, and when you purchased items online. SSL wasn’t widely available as it could be expensive. You needed dedicated IPs as the technology at the time could only handle a single certificate per port. This meant that if you wanted SSL on your site, you had to get a dedicated IP which cost you extra per month. It cost companies like ours a lot as we had to start using up more IP addresses. Then, things changed. We fixed the broken technology and made it easier and more affordable for SSL to be installed though a technology called SNI or Server Name Indication.

Protecting information

SSL certificates are important because the job they serve is to encrypt communication between your web browser and the web server you’re making requests to. Without it, bad guys can steal your passwords, credit card information, and other sensitive information like banking and heath records. Encryption also serves another purpose: data integrity. Data integrity means that the data you send or received is not tampered with.

There’s an amusement park operator that offers visitors to its parks free Wi-Fi to use while they’re in line. There’s just one thing – they inject advertisements. So if you go to https://www.gonodespace.com while you’re connected you’ll see a banner ad at the bottom. While this is still bad, it’s not malicious. But bad guys can use this same trick to inject malicious code into legitimate websites to steal information or modify it in transit – like what if there’s a t-shirt you wanted. You purchase it but instead of telling your credit card company to charge $10, they modified the request to charge $1000 and to divert $990 to their account. This would be very bad!

How SNI allowed SSL everywhere

Back in the day though, as we previously said, SSL was very expensive. You had to pay for a certificate, a dedicated IP, and then the additional configuration. But we decided we needed to get more secure so that no one could tamper with traffic. When you type in an address like https://www.gonodespace.com, your browser makes a request to our server. Lets say our site was on a server with multiple other accounts. The server will look at the virtual host header (“gonodespace.com”) and then finds the website that matches and returns that certificate. Of course, this is an oversimplification of the process but the important thing is it allowed us to start allowing multiple customers to share IPs and use their own SSL certificates without any problems.

Baseline security

However at the time SSLs still required a lot of work. You had to generate a CSR (Certificate Signing Request – it’s something that allows you to request a certificate), then you had to take that to a certificate authority (CA) and pay them for a certificate. Once you proved you owned the domain (validation is generally done via email), you then get the certificate to install. What a process! So several years ago some people got together and they said that the Internet needs some baseline security and they set out to create free certificates. Around the same time, there were a lot of security issues going on with some of the big name CAs. They were randomly issuing certificates they shouldn’t or private keys were becoming compromised. So, this group decided that the best way to handle this was to limit the length a certificate would be valid. Instead of the minimum of one year, they decided on 90 days or three months. This way, if a certificate was compromised, it wouldn’t have long before it would be expired anyways. This group? Let’s Encrypt.

What Let’s Encrypt did was revolutionary. They provided a way for everyone to obtain and use SSL certificates to secure their websites for free. Hosting companies like NodeSpace provide Let’s Encrypt certificates to ensure that you get baseline security as web browsers start to mark HTTP sites as insecure. This way when visitors come to your site, they’re not scared away by insecure warnings. Your content authenticity is protected as data can’t be modified in transit, and you get some peace of mind.

NodeSpace offers Let’s Encrypt on all shared hosting accounts.

Read more...

Why am I getting all these sales calls?

Dear NodeSpace,

I just purchased a domain the other day and within the last 72 hours, I’ve received SIX calls trying to sell me SEO and website design services!! Did my domain registrar sell my information?

Sincerely,

Frustrated Dot Com

Dear “Frustrated”,

We hear you! These spam calls, texts, and emails are absolutely ridiculous and it’s a real problem. The short answer is no, your information wasn’t sold. It was scraped. There’s a lot going on when you register your perfect domain and we’re going to clear up the process and what you can do to make these calls stop.

Registering your domain

The process starts when you register a domain. This can either be through your web host or an exclusive registrar such as NameCheap.com. In order to purchase the domain, you have to give up some personal details like your name, address, email, and phone number. You might think these are just for billing, but the agency that oversees domain name registration at the top, ICANN – the Internet Corporation for Assigned Names and Numbers – requires it. When your domain is registered, it’s really being registered with ICANN who keeps track of all the .com, .net, .tech, .blog, etc. domains. This information goes into what’s called a public “Who Is” (commonly styled as “WHOIS”) record. This allows anyone in the world to see who owns which domain along with some information like where it was registered (the “registrar”), the creation date (when it was first registered), and expiration date among other things.

These calls, text messages, and emails were all obtained by scrapers that monitor WHOIS for new domain registrations. When they see a new one, they immediately grab the registrant information (your information) and market with it.

Keeping your private info private

Unlike your doctor’s office which is required to keep your info private by law, there’s no real privacy when it comes to domain names. But there is a solution. It’s called ID Protection and it might be called something different by the company that sold you your domain. It’s typically an addon-service as the domain registrar appears to register your domain on their behalf. It usually comes with an additional cost because of this. Since the domain registrar “registered” your domain as theirs, (don’t worry, it’s not actually theirs. You still have full access to use it as you wish.) their information goes on record instead of yours. This means that you won’t get text messages, phone calls, or emails.

NodeSpace will add ID Protection on to your domain for $7.95/year

WHOIS privacy for cheap

If you don’t want to pay for this service, we have a few recommendations. If you don’t mind the occasional junk mail, you can use your real address. Or, you can get a local post office box and use that as your address. Depending on where you live and PO box availability, they can be $20/year from the USPS. To stop spam calls and texts, swap your phone number out for a free Google Voice number. Google Voice will screen calls, too. To stop spam emails, you can create a junk email address on Gmail, Yahoo, GMX, etc. but make sure you don’t lose access to that email address! If you move your domain to a new registrar, you’ll need access to the email on file to prove you actually own the domain.

Hopefully this clears up why you get all those annoying calls. We’re proactively working with ICANN to help change this policy so you’re not hit with spam the moment you start your next great idea.

NodeSpace is a domain register through Enom. Domains can be registered with or without hosting service from our store. Don’t forget to sign up for ID Protection or use the tips in this article to help save you from spam. NodeSpace support is always happy to help you out.

Read more...

Getting the right domain with ease

Domain names can be a challenge for anyone who owns a website. Back when the internet was new and relatively small, getting the perfect domain was easy. American Airlines registered the two letter aa.com. Clothing retailer American Eagle snagged ae.com. Retail store General Dollar owns gd.com. General Electric, of course, owns ge.com. But what about you? If you’re trying to start a fashion website, you might find that fashionblog.com is taken along with fashshionstar.com.

With over 130 million .com domains registered since September 21, 2017, you may think finding the right one is hard.

Domains beyond .com

You may know that there is .com, .net, .org, .info, but there are some other domains where your perfect name may lie. You may even find that a domain using one of these other extensions may help your SEO as well. You may have a venture that is targeting people who live in the UK. Using a .uk or .co.uk domain, Google knows that this is where you’re targeting and will show people in the UK your site higher up on the list.

If you’re a non-profit organization, .org is still a perfect choice. Tech companies gravitate towards using .io. If you’re a producer of videos, you might even consider .tv.

Also, don’t be afraid to get creative! Perhaps your business name is Skyco. If skyco.com wasn’t available, you could try sky.co and actually incorporate your business name as your whole domain name.  If you’re local to a specific area, you can use local domains like .nyc for New York City or .london for London. For example, The Wright, a restaurant in NYC had “thewrightrestaurant.com”, but switched to thewright.nyc. Not only does it save characters, you know they’re in NYC!

Search for your domain

We love seeing the awesome names our customers choose. We offer a lot more than .com! Be a .ninja or the .one with a great domain!

Read more...

SSL is no longer optional

Having an SSL these days is no longer optional: it’s mandatory. Both Google Chrome and Mozilla Firefox have began warning website visitors if they are going to enter passwords or credit card numbers on pages that aren’t secure. This comes as a measure to help prevent an uptick in recent security breaches, trying to end phishing, and raising an awareness for data security.

As of now, Firefox warns users before they enter a password or credit card on a page that isn’t delivered via HTTPS. This warning appears when the user puts their cursor into the field.

Firefox warning on an HTTP page

Firefox warning on an HTTP page

Starting in October 2017, Google Chrome is going to be upgrading their security in a similar fashion to what Firefox has. Currently, on a page that has a password or credit card field, users can see a “Not Secure” warning in the address bar.

SSLs to keep you secure

NodeSpace offers free SSL certificates powered by Let’s Encrypt on all shared hosting accounts.

Although all SSL certificates use similar methods to protect and validate your data, the level of trust and assertion they provide varies. Standard SSL (Domain Validated) Certificates are the easiest and most common type of SSL certificate. OV and EV Certificates also authenticate the identity of the company or organization that holds the certificate providing more trust to end users.

EV Certificates offer the highest level of validation and trust, and will show the name of the company or organization in green in the address bar. This is an immediate, visual way that viewers can know that extra steps were taken to confirm the site they’re visiting – which is why most large companies and organizations choose EV certificates.

SSL certificates start at $15.67/year.

Read more...

Let’s Encrypt announces wildcard certificates

The free certificate authority Let’s Encrypt has announced that in January 2018 they will be adding support for wildcard certificates.

Let’s Encrypt will begin issuing wildcard certificates in January of 2018. Wildcard certificates are a commonly requested feature and we understand that there are some use cases where they make HTTPS deployment easier. Our hope is that offering wildcards will help to accelerate the Web’s progress towards 100% HTTPS.

Let’s Encrypt has helped contribute to the web going from 40% to 58% HTTPS since the service launched in December of 2015. NodeSpace has Let’s Encrypt turned on by default on all shared hosting accounts and we offer free Let’s Encrypt management through cPanel. We will keep our customers updated as this develops over the next few months.

For more information, you can read the Let’s Encrypt blog post here.

Read more...

Containerize all the things!

Chances are you’ve heard of Docker. It’s a great way to ship software in an environment that is ready to go – all dependencies, all settings, all packed in a nice container. Developers love containers, sysadmins like myself love containers, and you should love containers. So let’s get something out of the way: What is a container? Well, it’s like a virtual machine but instead of having it’s own OS, RAM, CPU, etc., it uses the host OS, RAM, CPU, and in some cases can even share libraries with other containers. Another thing to note is that container technology isn’t new. It’s been around since 2000 with FreeBSD Jails.

Docker is great in the sense that it can run on Linux, Windows, and Mac so that a developer can ship a container that has everything and it’ll work on any host OS (typically – depends on the software being shipped in the container). It has all of the dependencies needed to run.

So, what does this mean? It means that we’re officially announcing our support for adding Docker into our hosting infrastructure! Yes – we’re building out brand new infrastructure in which you will be able to run Docker containers. We highly recommend that you follow our social media channels as we will be providing more details including availability. If you have any questions, please feel free to contact us!

Read more...

How Net Neutrality Affects You

We don’t like to get too political, but when it comes to the Internet, this is our business.

Right now in the United States, Net Neutrality is a hot topic again now that the FCC is trying to reverse the rules again. This is one of those issues that adversely affects us, you, and your website visitors. The way it stands now, traffic on the internet is equal – doesn’t matter where the traffic is from or who it is going to, it loads just the same. Here’s where the issue is – if these rules are indeed reversed, our business is threatened easily. For example, Customer browses to Site A which we host. It loads slowly for them. Annoyed by this, they find Site B which is hosted by a larger competitor to us. Site B, despite being nearly identical to Site A loads nearly instantly. The owner of Site B makes the sale while Site A slowly loses money. What’s the problem? Our larger competitors can easily pay off your Internet Service Provider (ISP – companies like Comcast, Spectrum, etc.) to make sure their network gets “VIP” treatment and will load fast for their customers. Since NodeSpace is a smaller company, we can’t pay off your ISP for the same treatment which means in return, our sites could potentially load slower or not at all. When this happens, smaller companies like us will lose business to the larger competitors and eventually disappear. We’ve signed a letter, alongside over 800 other small technology businesses, to the FCC chairman because we love what we do and we love our customers.

This is not right. We need your help to tell the FCC that this action is dangerous to small businesses and startups. Sign the petition. Make the call. Spread the word. We need you now more than ever. Help us Save The Internet.

Read more...

Understanding and using Git

If you have downloaded free and open source software, you’ve probably heard of a site called GitHub. Maybe your CMS software is hosted there. But what is “Git” and why is it popular and why should you use it, even on small sites?

Understanding Git

What is Git? To put it simply, Git is a version control system. A version control system allows software developers to work on teams and work on code of a project together. Teams of all sizes use it, from single developers to teams of hundreds of thousands. The best thing about Git is that it is distributed. Every developer on the team has a copy of the different repositories. They make the changes local on their system and then push these up to the Git server and into the appropriate branch. Another great reason to use Git is that it is free and open source software. Since it’s open source, it has been ported into most IDEs (like Visual Studio) and is supported on every platform – Windows, Mac, and Linux.

Using Git

Git is installed on your computer or your development machine. From here, you checkout code from the repository, make a branch, and get to work. You do all your work in your branch. You then push your branch up to allow others to work on it as well. No matter if you’re cranking out PHP, JavaScript, C#, or even HTML, using Git can save you a lot of headache!

If you’re looking for a great Git tutorial to get you up and running, we highly suggest checking out this guide from Atlassian to get you started.

Why you should use version control on your website

Your website is a living application. You’re going to make changes to it, maybe you want to bring a developer on, maybe you even want historical records of your site. Git makes this all easy! Having different branches means you can work on different portions of your site and then merge them together when it’s all done.

Hosting your Git repo

Although Git is decentralized, it is centralized in a way. You need to connect to a Git server to store your code. A popular one is GitHub. It’s free and it allows you to create unlimited public repos (this means that anyone can access it, great for open source projects not so great for proprietary code). If you need private repos (like authorized team members can access the repo with their login), this is where GitHub will cost you. If you’re on a limited budget, or want to use a different service, we recommend GitLab. Xinsto, our parent company, uses GitLab for some of our internal software projects and it’s our favourite especially because you can have private repos for free.

Publishing your site with Git

This is where it gets cool – you can actually publish your site using a combination of shell scripting and Git (and yes, NodeSpace supports this with our Elite plan and on all dedicated and virtual servers!). There are various instructions on how to do this all over the internet. Due to this being advanced, our support team is unable to “officially” support it, however we will gladly help you!

Read more...

cPanel or not?

When it comes to getting a dedicated or virtual server, we offer the option to add on cPanel which is a popular control panel. But should you get it? We get this question a lot so we thought we would share with our experiences with cPanel versus not using cPanel so you can make the right choice.

What are you hosting?

The first question to ask is, “What are you hosting?” If you’re a business and this server is going to be hosting your website and some online applications and you have a team knowledgeable with Linux (or Windows), you don’t need cPanel. This will allow you to have full control over the server and install any applications you’d like without major consequences. Now if you’re a web designer and you’re offering clients hosting, we definitely recommend having cPanel along with our managed hosting service. This allows you to focus on websites and we’ll handle your server.

Are you comfortable with Linux?

Here’s a big one – you need to be comfortable with Linux to manage your server. This means a lot of command line as there is no GUI (graphical user interface) on our Linux servers. If you’re not comfortable with working in a pure command line environment, then a cPanel environment would be right for you. Managing backups and even configuring a mail server and FTP server can be a bit difficult if you don’t know what you’re doing.

Take it from the host…

We definitely recommend cPanel. It definitely makes management much easier. Coupling cPanel with our Managed service means that you get the full power of our support staff and you can focus on what you do best. Leave the servers to us!

Contact us today to see how we can help you!

Read more...