Our offering of Soholaunch Pro was very much an accident - one day, it showed up in Fantastico. We had assumed that all software in Fantastico would be open source (and free to use), and it was not actually open source or free to use if you wanted to make the most of it so upon install, our clients were a little confused. It was relatively inexpensive at the time, and after a client asked about it, we licensed it for the servers.
Over the last few years, we’ve gone from just having it as a side offering to one of our featured offerings, and it went from a really tiny part of our business to the content management system of 7% of all sites hosted at DrakNet. (Currently, the number stands at 131 sites and is steadily rising.) In addition to bringing in new clients, we have converted a number of our current clients over to the system.
If you want to know what it does, we have a plethora of information available on the site for you to peruse. If you want to know why people are using it, you can visit the Soholaunch forums and find some very passionate people about the software (including yours truly, who is an opinionated volunteer moderator). If you want to know what the sales and marketing information doesn’t tell you, read on…
Soholaunch Pro is used to run your entire site, and essentially takes it over. If you have a current site and think you might want to switch, it will take some planning on your part and our part to do it - we recommend downloading your current site, installing Soholaunch Pro, and then re-uploading your old site over the Soholaunch installation as long as they are straight HTML pages, as this will allow both to exist simultaneously OR installing another full account to built it on and then switching the site over. All activity to manage your site for the most part is done through your browser, and its compatible with the most popular ones on Windows, Macs, and Linux Desktops (though I am not sure the Linux Desktop support is official - we have been able to manage the site on a Mint install).
So, why choose it? Well, for one, its commercial software - as much as we support open source software, the fact is the “newbies” just entering into the market may not have time for the “do it yourself” approach to web site technology and support, and we simply don’t have the time (or the inclination) to become familiar with every single open source solution out there and since we can’t, the help that we can give you is limited. Having a company actually stand behind the software is beneficial for those that want a quicker response than some open source CMS’s are capable of, and Soholaunch has it. Since we have a guaranteed direct line of support to the company with our license, we support the software and it is, in fact, the only CMS that we do directly support fully.
Two, it really is a two-sided machine. One of the most brilliant aspects of the Soholaunch product is that it is expandable and customizable if you are a programmer, and if you’re not, it’s expandable and customizable (though you may pay a small fee for that by way of a plugin). It is rapidly improved on both by the company itself, and the developers that favor it in the form of plugins.
The drawback, of course, is that its $149 for a license and that license is assigned to one domain name. The plus of hosting here is that we pay that licensing fee for you - there are an awful lot of hosting companies that claim they offer Soholaunch, but they simply have the free trial in Fantastico that everybody, their dog, and their Aunt Sally gets. Not for nothing, but any schmuck with Fantastico can offer that - here at DrakNet, Soholaunch, Inc. yanks a few thousand dollars out of our bank account a year so that no one here pays for the software as long as they’re here. Period. Ever. The end.
As a bonus, you get some Viastep templates because we snagged ‘em way back when, before server licensing templates became prohibitively expensive.
You really can get up and running in an hour, and if you use one of the templates names above, you can get a pretty slick looking site in that time - and that’s really the draw. Up, fast, configurable, and slick looking without having to go through the twists and turns of learning how to do all this “design stuff”.
We’ve had a few folks ask about the new rounded corners focus of the site, and how we did them. While we, personally, bought a program to do it that’s probably a bit more expensive than most would like to spend, there is a way for you to get rounded corners that are cheap and pretty.
http://www.roundedcornr.com/ is a web site that will allow you to create a basic rounded corner box, a gradient, a bordered box, and a single rounded corner image. Pick your colors and degrees and the site will create the images for you as well as the code - you simply need to cut and paste where you wish it to appear in your site and put the text or image you wish to have in the box.
The reason for the focus is that our design was stuck in the 90’s. We wanted to make it a little cleaner and, frankly, while we started out as designers the past ten years has definitely turned us from designing to system administration so our design skills are a little lacking. (We’re also not the type of company that pays thousands for web site design, no offense to the designers that host with us - we’re kind of a function over form type of place).
This feature’s title is totally and completely ripped off from NoFactZone, but since we host them and we do it for free, we’re hoping they won’t mind. (One day we need to blog how they wound up here because its kind of interesting, but that day is not today.)
“Better Know a Button” is exactly that - instead of giving you a broad overview of something you can do with your cPanel that involves lots of buttons, we’ll pick one button (or sub-button) and explain it. Today’s blog post is sponsored by the button “Getting Started Wizard”.
It’s the very first button in your control panel, and probably the button that’s most often overlooked. When you click on it, it says:
Welcome to your web hosting account for yourdomain.com. This software allows you to manage all different aspects of your web site, including your files, security, email, web applications, and a whole lot more. This getting started wizard will introduce you to some of the concepts behind web hosting and allow you to configure some basic settings for your web site so that you can start bringing traffic (visitors) to your site. At any time, you can use the jump menu to skip ahead to the next section.
This section will give you an introduction to some very important concepts in web hosting, including the most basic of concepts - your file structure. We know for a fact that hardly any of you watch this because we can see which files are accessed when you sign in - we also take the tickets that people inevitably submit because they never went through this section and aren’t very familiar with just exactly how a web site is set up. If we had a $1.00 for every ticket we answered explaining to people that they uploaded their index file into their home directory and that’s why it’s not web accessible (i.e. you can’t see it), we’d have as much money as Dreamhost without the server overhead.
In addition to general file structure overviews, it gives you a rundown of the features your account has, including Webdisk, cPanel’s alternative to WebDav on Microsoft servers (and the way that those of you who publish with Frontpage and are lost without the extensions can still hold on to your old, decrepit, end-of-lifed software while making a little bit of a jump into modernity).
It will take you through setting your contact information, telling you about different features of the hosting account, and in some cases, providing a way for you to set up those features right from the overview. It will also show you the different skins you have available and let you pick one, if you don’t like the default.
If you’re unfamiliar with servers and file structures, this is an excellent way to get familiar with your web site. Regardless of whether you think you need to know about all that kind of stuff, there will come a day when you will - we guarantee it.
We’re preparing for our once a month billing run, and since I’ve gotten in the habit of posting I thought I’d take some time to expand on the processes that we go through, and when we do what.
DrakNet’s monthly billing cycle runs once a month, every month, on the 25th, so if you’re monthly, or quarterly, or semi-annual your card on file will be hit around midnight central time as soon as the calendar hits the 25th. We run on 28 day cycles just like the moon, so your deadline to pay will be 28 days after that.
Now, what you need to understand is that there are two sets of dates, your invoice date and due date, and your package renewal date. On the 25th, the system takes a look at every package and when it renews, and if the package renewal date falls within that 28 day time frame, it will be put on the invoice. So, for example, your package renews on May 5th - it will be on tonight’s invoice of April 25th, and if you don’t pay it by May 5th, you’re using services that you haven’t paid for because come May 5th, your services are being utilized without having been paid for.
Since billing is one of my least favorite things to do and orders come in at all times of the month, that 28 days is the time you have to get that account in order if your card is declined or if you have refused to put a card on file. The due date listed on your invoice is your absolute deadline - since all packages that would have been on the 25th invoice would have had to renew within that 28 day time frame, by the time that 28 days is up we know that everyone who is outstanding is using services that they have, for whatever reason, chosen not to pay for. On your due date or very soon after, you are suspended until those service are paid for.
Now, we do have a pretty hefty warning system - we have standard reminders that go out whenever we try your card and it is declined again, or when we check to see who hasn’t paid. At two weeks before the deadline, we send you an email letting you know that you’re within two weeks of being suspended. We also try to get one out at 72, 48, and 24 hours (though sometimes you’ll only get one of those if we’re busy) to let you know that imminent doom is approaching. On your due date or within one or two days after, your account is suspended completely - your files are maintained, your system is maintained, but it is taken offline and your mail system will not accept mail. We email you and let you know you have seven days before you’re terminated, with a timestamp.
If you don’t pay within those seven days, your site is nuked. A backup may be maintained as we clean them out periodically and irregularly, but we don’t guarantee that and you shouldn’t depend on it. Once you stop paying and your account is terminated, you’re terminated and this eventually includes backups. If you want to come back, you need to open a completely new account and pay for the time that you used and didn’t pay for, as well as the new fees for the new account. If we hold the registration on the domain, we put the domain name up for sale as abandoned as an attempt to recoup the fees we lost.
It’s extremely important that you make sure that your email in your billing area is up to date so you will get these emails - we don’t call people to beg them for money. Since you have access to your billing area, we feel its your responsibility to keep that information up to date, and we do take the extra time to send you emails outlining exactly what the risk is when you don’t pay.
Annual hosting accounts (and the soon to be launched biennial accounts) are handled differently because of the history of irregular payment on these accounts. A lot of people forget when they’re due, or forget when they are coming up, or forget to maintain their card, information, or email and then are shocked when their account is suspended. Sometimes people wanted to cancel, and yet by the time they are invoiced for 28 days, it’s outside the 30 day cancellation (which applies to the package, not the invoice date). Because these accounts have a larger payment, sometimes 28 days isn’t long enough when people forget, so we elongated the grace period after averaging out how much time people would say they needed when they were late.
3 months before annual accounts are due, we will run the invoice that will coincide with the exact due date of the package renewal. If there is a card on file, it is charged. If it is decline, you will get reminders once a month and then as you get towards the deadline, the notices will follow the pattern laid out above for the monthly accounts.
Configuring your cPanel settings so that you see less spam can turn into a never-ending battle once you start - and admittedly, some of you never start. So, this post we’re going to go over the default settings your account is installed with, and introduce you to some tricks that can assist you in filtering out unwanted email.
Exim
We process email through Exim - the way that mail works is that servers essentially knock on each other’s doors, provide a few key bits of information, and the receiving server decides whether to accept the sending server’s mail and if it accepts it, what to do with it. When an email is received, it goes through it’s first layer of security, which is not directly controlled by you. This level checks:
- whether the IP is whitelisted from all security, and delivers the mail.
- that the HELO is there, and if it is empty or not sent, the email is rejected.
- that the HELO is a fully qualified domain name. If not, it is rejected.
- If the IP Only is sent as the HELO, it is rejected.
- if someone sends our IP as their IP, it is rejected.
- against recent dictionary attacks, and is rejected it found.
- checked against the dictionary attack whitelist, and sent if found.
- checked against the RBL whitelist, and sent through if found.
- Is checked against zen.spamhaus.org, and rejected if found.
- Is checked against bl.spamcop.net, and rejected if found.
- checked against sender verify whitelist, and sent if found.
- sender is verified as real on sending server, and rejected if not.
- The recipient of the email is verified as here, and rejected if not.
After an email passes all of these checks, it is delivered to your mail system where your own MailScanner configuration and mail configuration handles the spam from there. While you don’t have the ability to change any of the above settings, we do have white lists set up to bypass almost every check just in case, so if you ever have an issue you can always ask DrakNet to whitelist one of your senders so that they simply step around the above if their mail is ever filtered and there’s no evidence their server is a threat to ours.
MailScanner
Our MailScanner installation is not a cPanel product, it’s an additional spam-fighting software that we installed to better address the spam. While MailScanner incorporates SpamAssassin (the default spam tagging and scanning software that does come default), our MailScanner also incorporates Distributed Checksum Clearinghouse and Vipulus Razor as well as SpamAssassin.
Upon your account’s installation, your MailScanner is pre-configured for the least restrictive use. Low scoring spam is considered a 5, high scoring spam is a 20, everything is set to be delivered, and virus scanning is actually turned off despite it appearing in your configuration area as many people complained of false positives and seemed to prefer handling their own virus scanning. At this point, MailScanner will only tag your spam - you will still see it all (or at least all the mail that gets through the RBL). You can change all of these settings under the “MailScanner Configuration” icon.
The Default Spam scoring numbers are pretty good - but feel free to play with them. Changing them around will change how MailScanner decides what is spam and what is not. There are two choices that you have insofar as what you want MailScanner to do with the spam it finds.
Those who set MailScanner to deliver the spam usually do so because they have set up their own filtering rules to filter spam-tagged mail into a folder so that they can peruse it all and make sure nothing is mis-tagged before nuking it. You can accomplish the same thing by creating an email address specifically for spam, having MailScanner deliver it there, and checking it/cleaning it out frequently.
You can also set it to discard - which is, admittedly, the most pleasant. The domain name drak.net has been around for ten years now, and has had lots of time to be sold and resold again to a variety of spam lists, so the spam that it gets thrown at it is a veritable flood. A few years ago, the tagging was just too much to deal with, and we began discarding both high and low scoring spam so that we don’t see any of it. A few still get through, but the helpdesk is now far more manageable. The risk is, of course, that something is mis-tagged, and you won’t see it to know it got discarded.
Then there’s a third measure you can take that people often overlook - cPanel’s mail filtering.
Filtering
There are two filtering options in your cPanel - account level, and user level. The two buttons are exactly what they say - you can use account level to filter emails for everyone on your account, and user level to come up with specific filtering directives just for one or a few email accounts.
So that this doesn’t get too long, we’re going to give you just one example to get you started.
At the top of account level filtering, it says:
Please create or edit a filter below. You can add multiple rules to match subjects, addresses or other parts of the message. You can then add multiple actions to take on a message such as to deliver the message to a different address and then discard it.
Click on “Create a New Filter”. Once you’re there, you’ll see that you have a number of options to filter out certain emails. Let’s say that you keep getting emails from a spam company that MailScanner just doesn’t seem to get with that Viagra mis-spelling - this newsletter always says “Vi@gra” in the subject line, and no matter how you play with the settings in MailScanner and even though you have it set to discard, you keep seeing it (or you tag email and know that no email with Vi@gra in the subject line is one that you ever need to see).
You’d name the rule - “Vi@gra Subject Filter”, or something that lets you know what it does. Then use the drop down list to choose to filter the subject, then choose “contains” (since you have no idea what else they’ll say in the subject line), and on the second line put Vi@gra. “Discard Message” should be the default chosen - then just hit the button to activate the rule., and bye bye messages There’s even a testing mechanism for the spam you used to make sure that the system is doing what you want with it.
This is a pretty robust system, and this post is meant to show you the ability that you have to manage the mail routing and the different abilities you have to deal with spam, not fully explain every aspect of the system (which would be extremely long and involved). If you have any questions about mail routing, you can always leave a comment here or email support, and we’ll be happy to help.
This past week has brought up some very interesting illustrations of just how careful you have to be when downloading or purchasing software off of the Internet. Everyone knowns not to download “too good to be true” free programs to their computer, and almost everyone now runs virus and malware scanners for their desktop to protect their computer from a wrong decision. Can the same scheme that infects your computer infect your site?
You bet.
Just this week, it was discovered that a massive number of Wordpress Blogs were hacked by an organized scheme, including installations at ZDNet, utilizing an xml-rpc vulnerability. Some of the hacks also came in through users downloading Wordpress themes that were infected (likely deliberately, but maybe not). Remember the old Lost Boys vampire thing where you have to invite him in for the vamp to be able attack you in your own home? Yep, same thing.
Frankly, we here at DrakNet are not immune to this - this past week, I was toying around with the idea of installing a directory of Soholaunch hosts. I had looked at this software and when I tried to order, it checked me out at a different site - which should have been my first clue. $90 later I had software that I hadn’t checked out, and the awakening came only after I purchased it.
When I unpacked it, there were immediate indications that something was amiss - the files provided were all dated May of 2005. “Good” PHP practices in May of 2005 compared to April of 2008 have changed significantly, and what everyone thought it was a-ok to do back then in the intervening years has been shown in some cases to be insecure and downright dangerous, so I began to do the due diligences that I should have done before I plunked down my money.
What I discovered was that multiple XSS And SQL Injection Vulnerabilities were found in the software in May of 2006 - a year after all the files provided me were created. Checking their web site, I found that the company advertised that their last update to the files was in December of 2006, implying that the software had been updated after these vulnerabilities were found - and yet as I searched through the installation I had downloaded, there wasn’t a single file provided that was dated after 08-18-2005, two days before it’s first official release date, and a year before it’s landing on multiple security advisory lists.
Had I done a search for the company, I would have seen that their company name and the word “nightmare” comes up multiple times on their first search page and I would have gotten some indication that, perhaps, this software wasn’t exactly my best choice. Had I simply done a search for their company name and the word vulnerability, I would have seen that there were 9,390 entries. I was in a hurry, and I didn’t - it was my own fault, and I admit it. I do know better, but I was in a hurry, and skipped that part.
As a consequence, I’m now arguing for my $90 back. I first went to the company who, of course, doesn’t do refunds and offered to work out what the issue was. When I outlined and detailed what I perceived as a suspicion that the company fraudulently advertised an update that didn’t take place to make it seem that they had patched insecure software that they hadn’t, suddenly, they were silent.
I then went to their payment processor for a refund, and thusfar the company has refused to speak to them, either. I will likely wind up having to drive to my bank, fill out paperwork, print out all of this evidence, and file a chargeback. Lesson learned… again.
So, how do you not fall into a trap like this?
Remember that old software is usually insecure - there’s even a term for it. Abandonware. Abandonware is old software, no longer maintained by the company or creator, and is no longer updated or patched when security issues are found within it. Microsoft FrontPage is actually now abandonware - as of late 2006, it is no longer supported, updated, or patched. There are thousands of scripts like this floating around on the Internet.
Google the script and the company with the word vulnerability and security. See if problems have been found with the programs, and whether the software developers are actually paying attention to the security community - good software companies (or good open source software developers) will jump when a vulnerability is found in their software, and will report back to the alert lists that it’s been patched after they release that patch to protect their users. If they don’t, that should be a red flag.
Google the script and the company to see what people are saying about them - everyone that does business on the Internet is going to aggravate someone, and finding something negative isn’t always a reason to run. You should, though, find more good opinions than bad opinions about the software and the company, and if you don’t find any opinions the software may not be widely used enough to have had it’s vulnerabilities discovered. This is the Internet - people talk. If they aren’t talking about you… well…
Don’t download Wordpress Themes, scripts, and so on from spammy looking sites. Get it from spammy sites, get a spammy product. Realize that anything that you put on your site is potentially open door to the developer and/or anyone else if there’s a hole - make sure that developer is trustworthy insofar as you can both not to take advantage, and to stand behind what they created with a sense of responsibility towards the people that use their software.
Remember that your web site is a veritable playground of mischief, and be as selective as you can in what you decide to snag and put on there - any program has the ability to put a back door into your site and subvert your site for its own ends. Do as much as you can to make sure that it doesn’t happen - and don’t get lazy like we did - because it’s the one time when you decide to just hurry up and do it that you may get burned.
Some discussion has started in the cPanel forum (where hosts come to compare notes on those non-documented features of cPanel and other software) regarding the latest Wordpress upgrade (2.5), and its new resource-hungry attitude towards CPU and memory.
For most blogs, this won’t be an issue - for popular blogs that are nearly continually visited, this may begin to be a bit of an issue in terms of hosting cost (if you average out at higher resource usage, you may be required to upgrade) and the dreaded “Digg Effect” preparation that is well known to take down sites on shared hosts (along with everyone else on the server with them) - which is both good, in the fact everyone loved you, and bad, in that half the Internet shows up on your door at once.
Since you, obviously, want your blog to be bigger and heavily trafficked, it’s a good idea to prepare for those eventualities before half the Internet shows up at your front door, and one of the ways to do that is to install the WP Super Cache plugin.
WP Super Cache is a static caching plugin for WordPress. It generates html files that are served directly by Apache without processing comparatively heavy PHP scripts. By using this plugin you will speed up your WordPress blog significantly.
This plugin is a fork of the excellent WP-Cache 2 by Ricardo Galli Granada. WP-Cache 2 caches the pages of your WordPress blog and delivers them without accessing the database. Unfortunately it still means loading the PHP engine to serve the cached files.
WP Super Cache gets around that. When it is installed, html files are generated and they are served without ever invoking a single line of PHP. How fast can your site serve graphic files? That’s (almost) as fast it will be able to serve these cached files. If your site is struggling to cope with the daily number of visitors, or if your site appears on Digg.com, Slashdot or any other popular site then this plugin is for you.
If you’re starting to become popular and are getting worried, are popular and are already worried, or hope to become popular and don’t want to be worried, we suggest that you check it out. There are some pluses and minuses to installing it so make sure to read the page thoroughly.
And one more tip - if you do ever find yourself dugg or slashdotted, one of the quickest ways that you can speed up your site if to turn off, temporarily, mod-security.
mod_security supplies an array of request filtering and other security features to the Apache HTTP Server. What that means in practicality is that every single request that comes in through httpd (the web server) is compared to hundreds of known signatures of attacks and if it matches those, the request is not allowed to be completed. This application firewall works in tangent with out firewall in stopping known compromises on software programs. It’s drawback is that instead of simply getting a request and serving it, apache has to process each and every request and compare each one to those hundreds of signatures before letting it through. An unexpected major, massive spike in traffic (the digg effect) can dramatically pile up those requests because there’s more involved in processing them.
You have the ability to turn off this security for your site - during general, day to day operations, this is not recommended. During a Digg, though, it’s almost required and may be the difference between keeping your site online and slowing the server to a crawl.
You can temporarily disable mod-security by adding a specific command in the .htaccess file. Locate the .htaccess file in Apache web root directory (public_html), if it does not exist, create a new file named .htaccess, and add in the following code:
SecFilterEngine Off
SecFilterScanPOST Off
The above entries in the .htaccess will disable the ModSecurity (mod_security) module for the domain. Once the spike in traffic has passed (with Digg specifically, it seems to be about two days), simply remove the lines from your .htaccess, or remove the .htaccess itself if this is all that’s in it.
We still see an awful lot of people forwarding email offsite to their ISP’s email address. This is very bad. Very, very bad. We wish cPanel had a way to stop you from doing it, and we wish we had time to contact every one of you individually to explain why it’s bad because we can see in our handy, dandy config files who’s doing it and where it’s going. Since we cannot do that, we’re going to explain here why this is very, very, very bad both for you and for us.
Your cPanel email system is fairly robust. You have POP email accounts, IMAP accounts, and forwarding capabilities. You can get mail through webmail on this server, pop it into a client, get it on your Blackberry - the choices are numerous. Out of all those choices, there’s only one that can really harm your ability to get your mail, and that’s forwarding your email to your ISP (or GMail, Yahoo, or Hotmail).
When someone emails our system here, there are some tests that the email goes through when another mail server knocks on the door. First, we see if the sending server is on an RBL and if so, we won’t take the mail. Next we check if the recipient email address is defined as accepting mail (which includes installed accounts or forwarders) and if it is not, we don’t accept the mail. If the sending server isn’t on an RBL, the email address exists here, and it passes some other criteria that insures it’s a correctly formatted email, then our servers take the mail and processes it. If you simply have a POP account for that address, we drop it in there, and it waits for you to pick it up.
If you have an offsite forwarder, we then take that email and forward it to your ISP (or webmail provider) - this forwarding step changes the nature of that email in that the email is no longer from the server that originally delivered it here. The email is now originating from your server here at DrakNet.
This is an unbelievably important distinction. If you have MailScanner set to deliver and simply tag spam, and you also have your account set up to forward that email to you, you and your domain (and since this is shared hosting, the entire server and everyone on it) then appear to be the spammer to your ISP because the email being sent to you is being delivered by us. Even if you have MailScanner configured well, some spam mail will still get through - once that happens Comcast, or AOL, or SBCGlobal, or RoadRunner will look at our server and says:
“Dude! You keep sending spam to our user! You won’t stop! You can’t email here anymore!”
And before you can blink, all mail from here to there bounces. All of it - from everyone on the server with you trying to email anyone they know at that ISP. (As well as, remember, all the mail you are forwarding, both good and bad, which you now won’t ever see).
The AOL folks are particularly guilty of causing problems with this because of the unbelievably easy way AOL lets you report spam - simply click a button, and report the server instantly, right? Well, if it’s a forwarded email, you just reported your DrakNet server, upping the likelihood that one of our servers will get blacklisted for forwarding your mail to you, just like you told it to, and ensuring that you’ll lose a significant amount of mail, as well as disrupt communications for everyone with you.
Another issue with this is that if you forward your mail offsite, we simply have no way to help you if you have a question about lost mail. Once your ISP accepts the mail, our part is over with. If a mail doesn’t make it to you and your ISP accepted it, it simply isn’t our issue anymore and we have no ability to ask them what they did with the mail once they took it - and most ISPs are so large that whether you lost one email from your Aunt Martha really isn’t their concern.
Forwarding should only be used to define multiple addresses that accept mail on the server, and they should only be used to forward that mail to email addresses on the server itself. drak.net itself has about 20 email aliases and only one actual pop account - there is no limit to how many email aliases you can have. Once you begin using those forwards to forward offsite, though, you risk setting off a blacklist that will disrupt mail service for you, and the communication ability of all your neighbors. And yes, it can get your account asked to leave should it happen more than once.
All the major webmail providers (Gmail, Yahoo, Hotmail) allow you to pop email into your webmail - set this up instead of forwarding. Almost all popular email programs allow you to pop mail from multiple accounts into one area to manage it - set this up instead of forwarding to your ISP. Don’t forward email to your ISP out of laziness - the risk is fairly significant that you could blacklist your own domain, tick off everyone on the server with you, and greatly annoy us when we have to deal with it.
One more word about forwarding - if you install a pop account on the server, and you install a forwarder on the server to send the email offsite with the same address as the pop account, you will get two copies of that email. One copy will be archived on the server here, and one is sent to you - your mail can fill up very, very quickly that way, eventually overtaking your quota if you install a pop account and never check it or clean it out. If you are using an address as a forwarder only, do not install a pop account for it - it’s an alias, and it doesn’t need it.
Lots of people that sign up never bother to read the Terms of Service. We know this - we also know, as you do, that you’re bound by it whether you read it or not. Unfortunately, more and more people are getting caught by the mass-email restrictions, so we wanted to give you some tips regarding those, and working around them to do what you need.
First, obviously, you need to make sure that if you run an announcement list, you keep good records. You’re sharing a server with a few hundred other people and as much as we may personally like you and as fun as you may be on the DrakChat list, if you get the server blacklisted, we’re very likely going to show you the door unless you can prove they opted in. Blacklisting is something that disrupts communications for hundreds of people, and in our best Texas drawl we report unequivocally that “we just won’t be having it“. Part of the reason why blacklists have become almost obsolete here is that we’re jackbooted thugs when it comes to this kind of stuff.
The first rule, which is automatically enforced, is that absolutely no web script anywhere is allowed to send more than 100 emails in an hour. We have software that will detect it and simply shut off your script automatically. It’ll lock it down before it even emails us to let us know it’s happened, its that automatic of a process.
This is partly for performance reasons - when you share a server with hundreds of other people, they don’t want to wait for your 10,000 emails to go out before their email can go out. A queue is exactly what it sounds like, a line that everyone waits in. More than 2 domains send out 10,000 emails on one server at the same moment, and mail processing comes to a screeching halt. For fairness, no one gets to repeatedly own all the resources at $5 a month. Sorry.
The second reason is security. The vast majority of spam goes out through innocent servers that have compromised, insecure, mis-configured or “old and should have been updated in 2003″ web scripts. As much as we harp on updating, some of you ignore that, too, and leave scripts that were written in 1999 sitting on your web site because you like it and it appears to work.
While we inventory and try to catch them, there’s always a chance that we don’t. One wrong configuration, one hole not patched, and your site is sending out thousands of emails touting the benefits of Viagra, which gets the server (and everyone on it) blacklisted, and causes us to focus days on patching, securing, and getting off the blacklist as well as answering emails from irate customers who are angry their mail is bouncing - and we usually do this while your site sits suspended. To avoid that, we lock down anyone that sends more than 100 emails in an hour from any web script on the server in an attempt to ensure that you can function, don’t lose your account, and that if a compromise happens we have a minimal chance of dealing with a blacklisting since so few emails got out.
Does that mean you simply can’t run an announcement list on our servers? No, it doesn’t - it does mean that you have to work within the system to do it.
PHPList, which is the most common mailing list software used on our servers as it is offered in Fantastico, allows you to set and configure your mailings so that you can have your mailing list, your neighbors aren’t unduly burdened, and we can still stop spammers when they find compromised scripts pretty fast. This process is called “throttling” - programming PHPList to send out email in batches just under the server limitation to avoid being locked.
Full directions to throttle PHPList are located here. The process is very simple, and involves changing just a few parameters in the configuration file. For the longer version, visit their site - the short version (and the settings we recommend as we do run php-cgi) are:
Find config.php and edit in in an ascii test editor like Notepad (or Pico or Vi for the shell-aware).
Edit define("MAILQUEUE_BATCH_SIZE",0); so that it says define("MAILQUEUE_BATCH_SIZE",16);
Make sure define("MAILQUEUE_BATCH_PERIOD",600); says 600, which is 10 minutes.
If you want to be nice to your neighbors, changing define('MAILQUEUE_THROTTLE',0); to define('MAILQUEUE_THROTTLE',3); would be a nice touch.
This allows you to send 96 emails per hour, avoid the timeouts, and make sure the script won’t get locked. You do not have to worry about leaving room for other scripts on your site to email out that hour, as the 100 email an hour limit is per specific script, not per any web script on the entire domain.
If you run something other than PHPList, check with your software vendor regarding how to throttle or batch your mass-mailings.
Quite frequently on the chat list, we get an email sent to it that asks the proverbial question “Is XXXXX.com down, or is it just me?”. Well, now there’s a web site that lets you ask the same question:
Type in a domain name, and the site will let you know is the site is down for everyone, or if it’s just you. If it winds up being just you, grab a staff member on chat, or email support with your IP address so that we can check our firewall and see if you set it off and got yourself blocked, which is usually the most likely scenario when it winds up being “just you”. Don’t know how to figure out what your IP address is?
will tell you your IP address - we need your computer’s IP when those things happen, not the IP of your web site. We already know the IP of your web site.
Our offering of Soholaunch Pro was very much an accident - one day, it showed up in Fantastico. We had assumed that all software in Fantastico would be open source (and free to use), and it was not actually open source or free to use if you wanted to make the most of it so upon install, our clients were a little confused. It was relatively inexpensive at the time, and after a client asked about it, we licensed it for the servers.
