Security tip: Change your database password

October 15, 2009

Unfortunately, we sometimes notice that hackers obtain control of a hosting account, because they read the password for the database servers after having exploited a weakness in a script on a customer web page. Using this password, the hacker will most often have full access to the account. This can be made more difficult by choosing a separate password for the database server. We see that many hackers will give up if they meet such a barrier. To put some focus to this issue, we now made it easier to change the password for the database server, and we always recommend the use of a separate password for the databases.

In order to change the database server password, log into the Control Center, choose “Databases” and select “Change database password”. Change it to something different from the Control Center password.

PHP 5.3 now available in the Control Center!

August 8, 2009

Around one month ago, version 5.3 of the popular scripting language PHP was released.

PHP 5.3 is now available in the Control Center and gives support for new features such as namespaces, closures, native MySQL driver, and many other new features. Read more here.

PHP 5.3 is not enabled by default, because many web applications need to be modified or updated. For example, many warnings may arise regarding features that have been deprecated. These are functions that are being phased out, and which probably will not work in PHP 6.0. It’s possible to select for each domain whether to use PHP 5.2 or PHP 5.3, but new domains are still defaulting to PHP 5.2. This way it’s easy to test if a given site works with PHP 5.3, but with the option to quickly switch back to PHP 5.2 in case of any problems.

Create your own custom “404” error page

February 17, 2009

It will sometimes happen that a visitor will reach a page that doesn’t exist, has been moved somewhere else, or simply mistypes the address of the page. Rather than displaying the default error messages (“error 404″), you can easily create your own 404 error page.

Step 1: Make a “.htaccess” file

If your site does not already use a .htaccess file, you can easily create one. Open a text editor such as Notepad, and insert the following line:

ErrorDocument 404 /404.html

Save the file with the name “.htaccess” (note the leading period). In case a visitor would try to reach a page that does not exist, 404.html would be visited. Of course, you can also use a PHP file, and you can call it what you prefer (for example, “error.html” rather than “404.html”). If your operating system isn’t happy that you are naming a file “.htaccess”, you can call it something else and rename it after you have transferred it to the server.

You can also create your own pages for other errors, such as 403 (Forbidden), 500 (Internal Server Error), and so on. It would look like this:

ErrorDocument 403 /403.html
ErrorDocument 500 /500.html

Step 2: Make a file for the error message

Now create a page containing the error message, and place it in e.g. the root of the folder for the domain. If you use the above examples, the file names would have to be 404.html, 403.html, and so on. To make the error page as useful as possible, try to include relevant information, such as:

• A search function
• Link to a site map or a Help page
• Feature for the user to report the error

Error pages should not redirect to the front page, especially without letting the user know that there was an error.

For your “404″ error page to be shown in Internet Explorer, its size must exceed 512 bytes — otherwise, IE will show its own error message.

“404″ Inspiration

A lot of creative error pages exist, and some people make a big effort to creating them. You can find lots of inspiration for your error pages here, here, and here.

How to back-up your e-mail

January 21, 2009

Although we automatically do backups of e-mail, this backup is only used in emergency situations such as greater hardware failers and situations like that. Therefore, we’ve made this tutorial on how you can backup your emails yourself, in case your own computer crashes or is lost.

Outlook Express

In order to backup mail files in Outlook Express, look for the following directories in your system:

C:\Documents and Settings\User Name\Application Data\Identities\
C:\Documents and Settings\User Name\Application Data\Microsoft\Outlook Express\
C:\Documents and Settings\All Users\Application Data\Microsoft\Outlook Express\

The address book is normally located in the following directory:

C:\Documents and Settings\User Name\Application Data\Microsoft\Address Book\

You can simply make a copy of these folders and keep them a secure place.

Mozilla Thunderbird

Mozilla Thunderbird saves all your email, your address book, bookmarks, etc., in the “Profile” folder, which is located here (if you use Windows):

C:\Documents and Settings\User Name\Application Data\Thunderbird\Profiles\

Alternatively, you can use a free program such as MozBackup, which will easily make backups (and restore them) of your email, address book, Firefox bookmarks and much more.

Apple Mail

For Apple Mail you can use a free program, Email Backup 2.0, which can backup both Apple Mail and Thunderbird for OS X. Alternatively you can make a copy of the files in:

~/Library/Mail

This means the folder “Mail” that is in the library folder inside your own user folder.

It’s better to save the copies another place than on your own computer. For example, you can burn them on a CD/DVD or transfer to a USB thumb drive. If you worry about the security of your backups, you can encrypt them with TrueCrypt (a free program for encryption of files).

New webmail in beta!

January 5, 2009

After a great deal of research on choosing the replacement for our existing webmail, we have now released a beta-version of the new system. It can be found on webmail.gigahost.dk.

The new webmail system is faster and more modern. There are several new features such as different identities and a much better search function. The user experience is much more clear and easy.

The webmail is based on RoundCube webmail, and uses a number of modifications developed by University of Michigan. Suggestions and comments are very welcome!