Servers for the Information Age

The never-ending need for File Servers in the modern world
Dedicated Servers at GoDaddy.com
Handling the ‘Data on Demand’ needs of a New Generation!
-
Whatever you do with the following information is solely your responsibility.
#telnet ip:25
That title looks like random letters and symbols, but it is actually the command used to connect to an SMTP server via telnet. The # represents the shell, telnet is the program used to start a connection via telnet, ip is the ip address of the mail/smtp server (an SMTP server comes with XP PRO and is easy to set up), and 25 is the port SMTP daemons run on.
First of all, the newer Windows command shells are not truly DOS, and the telnet command is a little different. Namely, you will replace the colon between the ip and the port with a space. I don t know why this was changed but there is nothing to be done about it so you just have to live with it. The colon is used, however, in almost all other operating systems, such as BSD, Linux, and probably Mac (I don t own a Mac).
When you connect, you will know right away what daemon the server is running. A daemon is a program that deals with all incoming connections and data on a specific port. The most common SMTP daemon is Sendmail (for Linux and maybe cygwin). Don t expect to find this on too many big websites (ie Yahoo, Microsoft.com, etc), I would think they would know better. But on many websites this daemon is still being used.
This tutorial will cover just fake mail sending. You will not learn how to take down any mail servers, because it is generally irresponsible to take down mail servers, and the only practical application is testing the security of your own server (if you really want to know how, use Google). That being said, you could potentially cause havoc with fake mail as well, but the playing field is more even considering everyone is equally at risk (not just those with outdated software on their servers), and unless you are smarter than the average kill-random-computers-with-winnuke person then the most harm you can do is anonymously insult people.

Fake Mail Commands
Generally, the following commands will work fine:
helo
mail from: someguy@random.com
rcpt to: someotherguy@anywhere.com
data
content of email
.
quit
Entering those commands when connected via telnet to a Sendmail daemon will send someotherguy@anywhere.com an email containing content of email from someguy@random.com. In some cases, you might need to type helo random.com at the beginning (random.com being the domain of the return address) to get this to work. The return and to addresses, as well as the content of the e-mail, can be modified as much as you want. If it doesn t work, the daemon might need authentication, or the syntax might be different (try adding <>s on either side of the email addresses). And, backspace does not work, even though it looks like that. If you mess up in typing a command and press backspace, the command is void. In the contents of the e-mail, backspaces will show up as boxes when read by the receiver.
This is an invaluable social engineering technique. Imagine sending an email to an AOL customer, faking the return address as a system administrator, with contents something like We are debugging the system lost all our user data for your area. We require you to send your name, date of birth, address, username, password, credit card number, and credit card expiration date. They would happily comply, thinking you were someone you weren t.
You are not completely anonymous when using this technique. Anyone who is serious about safety should know about email headers, or information included in the email. If you have pop3 enabled with your email (you do if you have gmail) then just open up the mail with Thunderbird (of Outlook, ugg) and tell it to display the headers. I will not go in depth on this, but a search on the internet will show you what you need to know to spot fake mail.

About the Author

eblivion — Mike Vollmer
http://eblivion.sitesled.com

The never-ending need for File Servers in the modern world
Dedicated Servers at GoDaddy.com
Handling the ‘Data on Demand’ needs of a New Generation!
-
There is nothing more frustrating as a webmaster then waking up in the morning, firing up your browser to check your website only to find a message saying “This site has exceeded it’s bandwidth limits for the month”

It’s embarrassing, time consuming and not to mention costly if you are missing out on sales.

On the other side of the scale, it can be very costly to be on a larger web hosting plan or dedicated server and hardly even use the services it offers.

Good quality web hosting is not cheap, but you need to balance your business needs with what you can really afford to pay.

So what web hosting service should you be using? Good question!

In this article I’m going to be talking about the pro’s and con’s of both shared web hosting and dedicated web hosting packages. By the end of the article you should have some idea what your online business needs now and what it will need when it expands.

Shared Hosting

Shared hosting is what most small online businesses use. Shared hosting means that your site is on one server that also holds other peoples websites as well. Your website will not be the only one on that server. Very few small online businesses need the power of a dedicated server.

Most companies offer a few different types of shared web hosting services. The only difference usually being how much disk space you want or how much transfer allowance you need.

The best way to show you what the difference is between shared hosting services is to show you an example.

Go to http://www.marblehost.com/hosting-plans.php

This is an example web hosting companies shared hosting services. As you can see they offer two different types of shared hosting services. Basically they offer a small and large service.

The major differences between each package really is how many domain names you can host, how much transfer (how many megabytes that are downloading from your website) you can have and how much disk space (how many files you can store) you need.

If you’re just starting out online and haven’t got a website up yet and not sure what you are doing exactly, start off with the small plan. That’s more then enough for a small site or blog for that matter.

Now if you run a larger website and you offer a lot of downloads, say for example you’re selling a rather large ebook, you might need the large service. Let’s say you have a 10mb ebook for sale, the large service this company offers would allow you to have roughly 2000 downloads of that package before you ran out of bandwidth (transfer).

Dedicated Hosting

Dedicated hosting is for the big boys. It’s for medium to big business looking to do a lot of work online. A dedicated server is just that, you’re own server. You get your own server just for your website which is unlike shared hosting as you have to share a server.

There are many different packages available with dedicated hosting depending on how much you want to spend. The more resources a server has, IE, RAM, Hard drive space, processor speed, the more it will cost.

You can see that a dedicated server allows you a lot more disk space and transfer allowance. It also allows you unlimited domain names. Dedicated servers are also known to be a lot more stable and allow you more control over your website and are perfect for a professional image.

There are two types of dedicated servers….

Managed hosting

Managed hosting offers you the support of a technical team looking after your server. They do all the updates and technical side of things for you. They will perform routine maintenance without you even asking. Managed hosting how ever does cost quite a lot more then un-managed usually.

Un-managed hosting

Un-managed hosting isn’t as support less as it sounds. Most dedicated servers do come with technical assistance and routine maintenance, but any support questions will more then likely cost you extra. If you need something added to your server, it will cost you a in maintenance fee’s. Rebooting your server should also come free with un-managed dedicated hosting.

Multiple Domain Name Hosting

Another thing you should look at is whether or not you want to host multiple domain names with your one hosting package. Both shared hosting and dedicated hosting can allow you to do this. A lot of share hosting services now allow this.

I recommend always using a web host that allows you to have multiple domain names with your one account. It really does solve the problem of having multiple hosting accounts for different domain names.

Other Things To Look For

Other things to think about when searching for a web hosting company is what you intend to do with your website.

Do you need a lot of technical assistance? If so, look for a hosting company with live 24/7 support. Do you want to create a blog, or lot’s of blogs? Then you will need to see if your web hosting company allows you to setup multiple MYSQL databases.

About the author:

For more info about good web hosting visit WebHostingToplist and enjoy discount web hosting with our discount coupon codes.

The never-ending need for File Servers in the modern world
Dedicated Servers at GoDaddy.com
Handling the ‘Data on Demand’ needs of a New Generation!
-
My site is hosted on an Apache web server. Why is that? Because, in my
humble opinion, Microsoft’s IIS web server is in no way qualified to service
internet web sites (it is excellent as an intranet and applications server,
however). Another reason is the vast number of security issues that seem to
pop up day after day.

In point of fact, the Gartner Group has recommended “that businesses hit by
both Code Red and Nimda immediately investigate alternatives to IIS,
including moving Web applications to Web server software from other vendors
such as iPlanet and Apache”.

http://www4.gartner.com/DisplayDocument?doc_cd=101034

But what about those of us who are already hosting their sites on Apache
servers? I’ve seen lots of articles about how to protect, detect, cleanse
and prevent the worms from attacking IIS servers. While the worms do not
penetrate Apache security, they do cause damage.

Some of the damage includes:Server logs get filled with junk - The Nimda
worm alone created over 20,000 entries in a 2 day period in my log files.

The server is made very busy - This is especially true if you’ve got a
custom 404 error page, as I do. This means that every time the worm attempts
a penetration, then entire 404 page is returned (in my case, that’s about
40k). That adds up to a lot of wasted bandwidth.

I thought about this issue for a while after examining my logs and seeing
thousands of 404 errors from attempted worm penetrations. Surely there was a
way to at least reduce the impact of these things? As I saw the 404 error
count increase, I realized that a significant portion of the bandwidth that
I was paying for was being thrown away.

An examination of the log files produced several thousand attempts at each
of the following URLs. Obviously each of these is the address of a possible
weakness in an IIS server.

/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c/winnt/system32/cmd.exe
/d/winnt/system32/cmd.exe
/scripts/..%2f../winnt/system32/cmd.exe
/scripts/..%c1%9c../winnt/system32/cmd.exe
/scripts/..%%35%63../winnt/system32/cmd.exe
/scripts/ .%%35c../winnt/system32/cmd.exe
/scripts/..%c0%2f../winnt/system32/cmd.exe
/scripts/..%c0%af../winnt/system32/cmd.exe
/MSADC/root.exe

The Apache web server provides a feature called .htaccess, which provides
commands to control a web site. This file is very obscure and extremely
useful when used properly. You have to be careful when editing .htaccess
files, as a small mistake can make your web site stop working. What I like
to do is immediately test the site to be sure it works.

Be sure not to make the mistake that I made once - I browsed to my site, saw
that the home page came up, and went to work. Later, I found it was not
working but appeared to work because the home page was stored in my browser
cache. Thus I learned a simple lesson the hard way: always hit the refresh
key of the browser when testing .htaccess changes.

I did a little research and testing, and added the following lines to my
.htaccess file.

redirect /scripts http://www.stoptheviruscold.invalid
redirect /MSADC http://www.stoptheviruscold.invalid
redirect /c http://www.stoptheviruscold.invalid
redirect /d http://www.stoptheviruscold.invalid
redirect /_mem_bin http://stoptheviruscold.invalid
redirect /msadc http://stoptheviruscold.invalid
RedirectMatch (.*)cmd.exe$ http://stoptheviruscold.invalid$1

These lines did exactly what I wanted them to do - they stopped the virus
from creating 404 errors in my log file, and they prevented my 404 error
page from being triggered, thus creating lots of useless bandwidth
utilization. There is still some bandwidth used, obviously, but it is far
less than it would have been. The load on the server is also considerably
reduced, which should make my web hosting company happy.

Note that log file entries are still made by the various worms as they
attempt to penetrate the server. These entries do now show as errors, which
makes it easier to pick out real errors from the logs.

About the Author

Richard Lowe Jr. is the webmaster of Internet Tips And Secrets at
http://www.internet-tips.net - Visit our website any time to read
over 1,000 complete FREE articles about how to improve your
internet profits, enjoyment and knowledge.