Takeshi Etocloud backup solutionI’m excited to announce that our Cloud Backup service will now automatically back up your SQL databases off-site to the Amazon cloud. So Cloud Backup has you covered for your website, SQL and MySQL databases.  You are in full control of when backups are made and how many versions to keep.

Automated SQL backups is a feature that many customers have been asking for over the years and we are happy to be able to deliver this solution to you.

And that’s not all….

While we were working on enhancements, we added Blacklist Monitoring as well. With this feature, we will monitor Google to detect if they ever flag your site for being compromised. If we detect a Blacklist event, we’ll alert you and stop the backups of your site and databases so that you are not making backups of compromised files. This should help you recover your clean backups more easily.

The “peace of mind” Cloud Backup solution starts at $1.75/mo. You can order Cloud Backup in Control Panel.

 

July Updates

On July 23, 2015, in Announcements, by Ray

Ray HuangHere’s a list of our Web Application Gallery updates for July:

  • Acquia Drupal 7.37.43
  • BlogEngine.NET 3.1
  • DotNetNuke 7.4.0 Community Edition
  • Joomla 3.4.1
  • mediaWiki 1.24.2
  • mojoPortal 2.4.0.9
  • MonoX 5.1.40.5150
  • nopCommerce 3.50
  • Orchard 1.9
  • phpBB 3.1.4
  • phpMyAdmin 4.4.7
  • SilverStripe CMS 3.1.12
  • Umbraco CMS 7.2.5
  • VevoCart 6.2.0 *NEW*
  • WordPress 4.2.2
 

Ray HuangLately I’ve been evaluating some companies that offer email communication solutions and was introduced to SendGrid by a coworker.  I found it offers a lot of great features to help someone reduce the time to create marketing emails, customer communication emails, newsletters, etc.

SendGrid offers a free account that you can use to send 12,000 emails every month. You’ll need a SendGrid account for this tutorial, so if you don’t already have one, take a minute to set up an account now.

In many cases you can start using SendGrid very quickly simply by changing the SMTP connection string in your application to use SendGrid’s SMTP server. But in this post I will show you how easy it is to create emails from start to finish, highlighting a couple of the features SendGrid offers.

A Simple Contact Form

Here are instructions on how you can create a simple contact form and send the results to yourself using SendGrid’s API.

1) Startup Visual Studio (in this demo, I am using Visual Studio 2013 and C# for my example).

2) Select File -> New -> Project…

FileNewProject

3) Select the Web template and give your project a name.  In my example, I named it SendGridExample.  Hit the OK button to continue.

ProjectName-720

4) Select Empty template and hit OK.

WebForms-720

5) Add the SendGrid C# Library (or whatever programming language you prefer to use) using NuGet.  Under Tools, select Library Package Manager -> Manage NuGet Packages for Solution…

NuGet

6) Select the Online menu item on your left and in the upper right search text box, type in “sendgrid”.  Hit the Install button to install the library(ies) you need.

NuGetInstallSendGrid-720

7) Now let’s add a Web Form for the project.  Under Solution Explorer, right click on the project name and select Add -> Web Form.

AddWebForm

8) We’ll give the form a name like ContactUs.

ContactUs

9) Now go to Design View and using the Toolbox on your left, create a form using tables, text boxes, and text and add a submit button (e.g. Contact Us) as shown below.

DesignerView-720

10) Double click on the Contact Us button to bring up the code behind (ContactUs.aspx.cs) file and in the submit button Click Event, paste and modify the code below to your liking.  In this example, I am using SendGrid’s proprietary mail class, so you’ll need to add a using SendGrid statement to your list of includes at the top.  If you prefer and want to simplify your code a bit, you can just use .NET’s built-in libraries (i.e. System.Net and System.Net.Mail) to compose the email instead, and we provide sample code here.

Both cases require the .NET mail libraries.

var message = new SendGridMessage();
List<String> recipients = new List<String>
{
  @"Contact <contact@acme.com>",
  @"Marketing <marketing@acme.com>",
  @"Test <test@acme.com>"
};
message.AddTo(recipients);
message.From = new MailAddress("contact@acme.com", "Contact Us Form");
message.Subject = subjectTextBox.Text;
message.Html += "<strong>Name</strong>: " + nameTextBox.Text + "<br />";
message.Html += "<strong>Address</strong>: " + addressTextBox.Text + "<br />";
message.Html += "<strong>City</strong>: " + cityTextBox.Text + "<br />";
message.Html += "<strong>State/Province</strong>: " + stateTextBox.Text + "<br />";
message.Html += "<strong>Country</strong>: " + countryTextBox.Text + "<br />";
message.Html += "<strong>Zip Code</strong>: " + zipCodeTextBox.Text + "<br />";
message.Html += "<strong>Telephone</strong>: " + telephoneTextBox.Text + "<br />";
message.Html += "<strong>Email Address</strong>: " + emailAddressTextBox.Text + "<br /><br />";
message.Html += messageTextBox.Text;

var credentials = new NetworkCredential("apikey", "API_Key");

var transportWeb = new Web(credentials);

transportWeb.DeliverAsync(message);

Response.Redirect("ContactSuccess.html");

SendGrid recommends that you create and use an API key to authenticate and send email, but you can also use your SendGrid username and password. If you use the API key, use “apikey” for the SMTP username.

11) That’s it. Press F5 to build and test your code.

A Marketing Email or Newsletter

SendGrid offers a wide variety of features that allow you create, manage, and perform analysis on marketing emails or newsletters such as Click Tracking, Google Analytics, Open Tracking, and Subscription Tracking just to name a few.  I’ll demonstrate some of these features in the program below.

1)    In the same project, add a new web form and name it SendNewsLetter.  Open the code behind file and in the Page_Load Event Handler, paste and/or modify the following code to your liking.

var message = new SendGridMessage();
List<String> recipients = new List<String>
{
  @"Contact <contact@acme.com>",
  @"Marketing <marketing@acme.com>",
  @"Test <test@acme.com>"
};
message.AddTo(recipients);
message.From = new MailAddress("postmaster@acme.com", "Postmaster");
message.Subject = "November ACME Newsletter";
message.Html += "Here is your ACME Newsletter for the month of November.  We have a number of exciting deals this month<br /><br />";
message.Html += "ACME Toy Cars are now just $29.99 and will make a great gift for kids for the holidays.<br /><br />";
message.Html += "ACME Christmas Trees ornaments, only $59.99 for a box of 20.  Click <a href=\"http://www.troubleshootingcenter.com\">here</a> for more details.<br /><br />";

var username = "sendgridusername";
var password = "sendgridpassword";
var credentials = new NetworkCredential(username, password);

var transportWeb = new Web(credentials);

transportWeb.DeliverAsync(message);

Response.Redirect("ContactSuccess.html");

2)    Now go to your SendGrid Account, expand the Settings node on the menu to your left, and click on Tracking.  Enable Click Tracking, Open Tracking, and Subscription Tracking.  If you notice in the code above, I’ve added an HTML link to a webpage.  Click Tracking will track if the user clicks on that link which is embedded into your newsletter.  Open Tracking will track if a user opens an email, and Subscription Tracking will automatically add a unsubscribe link to your email so that it complies with the CAN-SPAM Act.  The beauty of these features is that no extra coding is needed to implement them.  SendGrid automatically does that for you with the flip of a switch.  Hit F5 to build and test the code.  Once you receive the email, try clicking on the HTML and Unsubscribe links and proceed to the next steps.

Tracking-720

3)    To check if someone has clicked on a link in your newsletter or unsubscribed, just go to the Dashboard or click on the Stats menu item.

Stats-720

4)    To check the status of an email such as Delivered, Opened, etc. click on the Activity menu item.

Activity-720

5)    That’s it for these features.  You can use these tools (and combine them with others offered) to help you gauge the effectiveness of your marketing campaign and customer engagement and make adjustments if need be to improve your program.  If you’re not a developer and find coding hard to understand, then you’re in luck.  SendGrid provides a Marketing Email wizard and WSIWYG interface with templates to help you draft very professional looking marketing emails.

MarketingDesigns-720

Other features you will want to explore include white labeling, alerts, spam checking, and webhooks.  Using SendGrid, you can fine tune your marketing campaigns to get a better ROI.

 

Ray PenalosaWe all knew it was coming. As of July 14, 2015 Windows Server 2003 support is ending and Microsoft will stop supporting the platform. That doesn’t mean that Windows 2003 will not run – it means that any security holes, vulnerabilities, or exploits found on the platform will no longer be patched or fixed by Microsoft.

I know that change is always difficult, and no one likes going through the ordeal of moving a site and testing it. At DiscountASP we took a proactive approach. We began planning for this two years ago and we invested a great deal of time and care into helping our customers move to either a Windows 2008 or Windows 2012 server. The vast majority of the migrations were performed by the DiscountASP migration specialists, trained professionals with expertise in moving web site files to a new server.

We had over 60 Windows 2003/IIS 6 servers to retire, which amounted to over 6,000 sites.

DiscountASP web migration specialists

Moving done right.

Every site migration began with pulling up the site on the browser to ensure it was functioning and pointing to our web servers (and of course everyone was emailed prior to migration to let them know when it would be taking place). Then file migration from one server to another took anywhere from 40 minutes to well over an hour depending on the size and number of files. Once transfer to the new server was complete, we viewed and tested the site on the new server.  If any code modifications or account configuration needed to be set, we took care of that, then emailed the site owner letting them know that their migration was complete.

Our migration specialists took the extra step of modifying account settings, application settings and connection strings for older .NET 1.1 applications that displayed an error after migration. Because of that kind of attention to detail, the vast majority of our members weren’t even aware of the actual move, and the entire process was transparent to them.

For those who took advantage of our temporary IIS 7 and IIS 8 testing platforms, we worked closely with them to move a copy of their site to the testing environment where they were able to fully test the compatibility of their web applications. Any code modifications, server or account settings that were needed were done in the test environment.  When testing was completed we manually moved the site to the new platform.  This eliminated any possible application disruptions that could have occurred during the migration to the new platform.

This was all done manually and free of charge, one site at a time.  When everything was said and done, it took over 6,000 hours – or a full 250 days – to migrate the sites and finally retire the Windows 2003 servers. And finally, a statistic we’re very proud of: more than 99% of our customers did not experience any disruption of their websites.

DiscountASP.NET customers now have the peace of mind that their sites and web applications are being hosted on safer servers, and they also have greater server resources available to their busy sites.

Add Raymond Penalosa to your Google+ circles.
Visit DiscountASP.NET to learn more about our ASP.NET hosting services.

 

Michael PhillipsIf you use an SSL certificate (https) on your site, you may have seen a couple of new things happening in Google Chrome version 41 or later. Various warning messages such as, “The identity of this website has not been verified,” “Your connection to <domain> is not encrypted,” or other visual indications that the https connection is not secure have started to be displayed.

Those appear when your SSL certificate uses a SHA-1 signature (most SSL certificates issued before 2015 use SHA-1).

sha-blog-1a

To fix the problem of browser security warnings you must re-key your SSL certificate for SHA-2. If you don’t see those warnings in Chrome and you purchased your certificate recently, it may already be SHA-2. You can verify using this test site.

 

If you purchased your SSL certificate from us, here’s how to re-key:

1) Contact us and we will re-generate and re-submit the CSR.

2) You’ll then get an email from GeoTrust with a link to complete the process. When completing the re-key on the GeoTrust site, be sure that SHA-2 is selected as the “Hashtag Algorithm.” You can find step-by-step instructions (and a video) here.

3) After you’ve completed the reissuing process, you’ll receive an email with the new certificate. Go to Control Panel and paste the new certificate into the SSL Manager.

 

If you purchased your SSL certificate elsewhere:

1) Contact us and we will re-generate the CSR and email it to you. Then you’ll have to contact the issuer of your certificate to get your certificate re-keyed for SHA-2.

2) When you receive the re-keyed certificate, go to Control Panel and paste the new certificate into the SSL Manager.

 

“Obsolete cryptography” message after re-keying with SHA-2

There is another potential problem after you’ve re-keyed your SSL certificate. While the address bar will show the green lock icon, if visitors look at the certificate details in Chrome, they may see an “Obsolete Cryptography” message.

sha-discount

What’s happening is the Chrome Browser is ignoring the cipher preference we use on the server (which includes their preferred ciphers) and pointing out any “weak ciphers” they find. You might notice that many large corporate sites are also insecure according to Chrome, for similar reasons:

sha-apple

That “obsolete cryptography” message may persist for a while because Google is not providing any information on exactly what they want from the server to stop calling it insecure. It would appear that Google would like to see every server everywhere remove support for all older cryptographic methods.

We understand the reasoning behind that, but the problem with removing some of those methods is doing so will shut out visitors using some older browsers and operating systems that don’t support newer methods (such as Windows XP). Since our servers are shared by many customers, it isn’t really an option for us to make global changes that prevent some visitors – even a small number – from accessing our customer’s sites.

We are testing configuration of a separate group of servers that will not support any of the older cryptography methods, but it’s not something we can offer to you yet. We continue to monitor information from Google on recommended server configuration, as well as testing various configurations ourselves to prevent the “obsolete cryptography” message.

If you have any trouble re-keying a certificate, or if you have any questions about these ongoing changes, let us know and we’ll do our best to help.

 

Windows hosting platform updated to .NET 4.5.2

On March 26, 2015, in Announcements, by Takeshi Eto

Takeshi Etoasp.net 4.5.2 hostingWe have updated both our Windows 2012 and Windows 2008 platforms to .NET 4.5.2.

Some of the enhancements of ASP.NET 4.5.2 include better ability to schedule async work items, better control over http headers, and debugging improvements.

This update is an in-place update so we did not rush pushing it out. Experience has taught us that in-place updates can be disruptive to some customers despite Microsoft assurances of backward compatibility. In fact to be on the safe side, when we updated to .NET 4.5.1, we only updated our Windows 2012 platform, leaving our Windows 2008 R2 platform at .NET 4.0, so that we could move customers should any unforeseen issues arise from the update.

However, updating our entire hosting platform to  .NET 4.5.2 is now important because Microsoft announced that they will be deprecating .NET 4 – ,NET 4.5.1 in early January 2016. In the future, Microsoft intends to only support the latest few frameworks.

At the end of February, we updated our Everleap cloud hosting platform to .NET 4.5.2 and we did not encounter any issues, so we scheduled the update for DiscountASP.NET at the end of March during the usual maintenance window. You can now enjoy the latest Microsoft web stack. Of course, if you do notice any issues, please contact us right away.

 

Takeshi EtoI’m very happy to announce that we are going into our 10th year of maintaining our Microsoft Gold Partner status.

Microsoft continues to raise the bar to attain the Gold level status, so we do put a great deal of investment every year in maintaining our Gold Partner status. We think that our partner status truly shows our commitment to stay on top of Microsoft-related technologies. This commitment not only serves as a differentiator, but it also helps us maintain our strong relationship with Microsoft – a relationship that helped bring Everleap, our cloud hosting solution based on Windows Azure Pack, to life.

 

Michael PhillipsWhat is a DDoS?

DDoS stands for Distributed Denial of Service. When someone launches a DDoS attack, hundreds (or thousands) of computers and servers around the world simultaneously send traffic to a web server – or most often, a specific site on a server – in an attempt to take the site down by overwhelming the server.

When a site on our network is the target of a DDoS the effect on your site can range from none, to slowing it down, to making it completely unavailable.  The reason for that is DDoS attacks vary in method and severity, and many of them are counteracted before anyone even notices a problem. Others are more intense or sustained or difficult to counteract, and everyone notices those because they can potentially cripple the network.

Why does an attack on a single site affect the entire network?

A sufficiently large attack on a single site can send enough traffic to the network to overwhelm the routers that live at the entrance to our network. The largest measured DDoS at the time I’m writing this was over 400 gigabits per second – that’s 400 billion bits of data. Per second.

To put that in perspective, some of the most massive and expensive network switches available can handle 100 Gbps, and most common switches are built to handle only 1 or 2 Gbps of traffic. That may sound small compared to a 100 Gbps switch, but it’s more than sufficient for most networks. We host tens of thousands of sites, and our average network traffic is around half a gigabit.

So you can see why an attack large enough to overwhelm the switches can affect every site on the network, including the main DiscountASP.NET site, email, Control Panel, helpdesk, etc.

The method for dealing with large attacks is essentially the same as dealing with smaller ones, but the overall impact is naturally worse, since everyone is affected. Attacks on a scale large enough to effect the entire network are still uncommon, but becoming more of a threat every day, for reasons I’ll spell out in a minute.

What does DiscountASP.NET do to counteract a DDoS?

The methods we use to counteract DDoS attacks are varied and have included just about every method available: DDoS mitigation services, intrusion detection devices, null routing, etc. There are a lot of methods out there, but often the most effective thing we can do is be reactive and responsive. Our network is continuously monitored for malicious traffic, and we have direct control over null routing on all of our backbone connections.

When a DDoS targets a specific site, they are relatively easy to counteract. Though more often than not these days, DDoS do not directly target a domain or an IP, so it takes a bit of time to determine the target (and determining the target is necessary to counteract the attack).

In the past we could just throw massive amounts of bandwidth at an attack to absorb the traffic and mitigate the attack’s effect. But that approach has become much less effective as of late. The botnets have become too large, and a rapidly increasing number of the compromised computers are on broadband connections in homes or corporate servers in large data centers.

While there still isn’t any way to prevent a DDoS before it happens, be assured that we react to every incident of possible malicious traffic immediately and respond with whatever methods are likely to be most effective as quickly as possible.

Why do DDoS attacks happen?

There are a lot of reasons, ranging from political protest to personal grudge and a million other reasons in between. Humans launch these attacks and or course humans can be unpredictable and irrational. When we determine the target of DDoS attacks there is often no outward reason why the site would be attacked. So the reason isn’t always obvious.

The problem – and the reality – is that no matter what we do, inevitably some DDoS attacks are going to have an effect on the network, and possibly your site. It isn’t just us, it’s every site and host everywhere, including the biggest sites on the Internet. Unfortunately, if they can take down Microsoft or Amazon, they can take down DiscountASP.NET. It’s something we are all coming to grips with and trying to learn to prevent.

Where to go for information in the event of a large DDoS attack

If you suspect that a large scale attack is happening, you can check our Twitter, Google+ and Facebook pages for updates and information. We will also be moving our community forum to a server outside of our network sometime soon in order to keep that communication channel open in the event of a large attack.

If a DDoS affects your site you can be sure that we are doing all me can to stop it and return the network to its maximum capacity.

 
iBlog by PageLines