Martin OrtegaThe time has come to move away from our Windows 2003/IIS 6 Servers, people. :(

Why?

Well, aside from the fact that it’s already 10 years old, Microsoft will stop releasing security patches for Windows 2003 soon. This will make the Windows 2003 O/S vulnerable. We don’t like that and I’m sure you wouldn’t want to host your site on a vulnerable operating system. So we decided it would be a good time to let you know about some of the benefits of moving to a Windows 2008/IIS 7 or Windows 2012/IIS 8 servers.

Okay, so what are the benefits of moving my site to Windows 2008 or Windows 2012?

More control, more memory, tighter security.

With Windows 2008/IIS 7 or Windows 2012/IIS 8 you will have more control over the hosting environment. You will be able to connect to your site using IIS Manager and it will provide you with a lot more options. For instructions on how to connect to your site using IIS Manager please read this Knowledge Base article (you can only connect to your site using IIS Manager if you’re on a Windows 2008/IIS 7 or Windows 2012/IIS 8 server).

When you are connected with IIS Manager you will have access to the following:

  • .NET Error Pages
  • Error Pages
  • Handler Mappings
  • HTTP Redirect
  • IP Address and Domain Restrictions.
  • MIME Types
  • Modules
  • Request Filtering
  • URL Rewrite

Also, if you migrate to Windows 2008/IIS 7 or Windows 2012/IIS 8 your site will have more RAM memory for the application pool. On our Windows 2008 IIS 7 server we provide the application pool with 200MB of RAM memory. On the Windows 2012 IIS 8 server we provide your application pool with 300MB of RAM memory.

Yeah! More memory! What else?

You’ll also have more control over your FTP settings. We provide you with a ability to block IP addresses and only allow your IP to access the site via FTP. This will prevent other people from accessing the site via FTP even if they get your FTP credentials!

And?

Well have you ever heard of web deploy? We also give you the ability to web deploy from your Visual Studio 2010 & Visual Studio 2012 application to your site on our web servers. This allows you to build your site locally and web deploy to our servers.

We also allow our users on IIS 7 and IIS 8 to connect to their site using WebDAV.

What about WebMatrix?

Yes, you can even use WebMatrix to web deploy the applications to our web servers.

Are there any differences between IIS 6, IIS 7 and IIS 8 hosting accounts?

  • Yes, on the IIS 6 servers we allow you to deny the Anonymous user read and write access to any directory you don’t want them to have access to. On our IIS 7 & IIS 8 servers we don’t allow you to change the permissions for this user. So, if you need to protect a directory we provide you with steps on how to password protect a directory on IIS 7 & IIS 8.
  • We also stopped supporting Front Page extensions on both our IIS 7 & IIS 8 servers.
  • If you’re using an ODBC DSN connection, that is not supported on our IIS 7 and IIS 8 servers. It’s recommended that you move it to a OLEDB connection.
  • The ASP.NET framework 1.1 is no longer supported. But, the ASP.NET framework 2.0 should be backwards compatible with ASP.NET 1.1. So in this case you can use the ASP.NET framework 2.0 for your web site if it requires 1.1.

If any of this sounds good to you, contact support to get the migration ball rolling. Migration is voluntary at this time, but eventually we will have to migrate everyone off of Windows 2003/IIS 6. You’ll have the benefit of time to test and iron out potential problems if you do it now, before migration is mandatory.

If you have any questions about migration, just let us know.

 

How to Get Support Like a Pro

On June 12, 2013, in How-to, by Martin

Martin OrtegaHave you ever emailed us directly for support?

We still get the email message in our helpdesk queue and we still provide you with the same support you need. However, emailing support@ isn’t the best way to contact us for assistance.

Why not?

Well, when you email us directly we might not have any idea who you are, depending on the address you email us from and what you state in the email. It may take longer to resolve your issue because our next reply to you is often, “What is the domain name associated with your hosting account? Can you also please authenticate this support ticket…” (we have to authenticate because we don’t want to provide potentially sensitive account information to anyone who isn’t supposed to have it).

But all you want to do is to resolve your issue as soon as possible, and I don’t blame you.

So how can you resolve my issue more quickly, and what’s the “correct” way to contact support?

Well, you’ve gotta open the ticket through the Support Portal ;)

The login form is in the upper right corner of the page. Use your Control Panel username and password to login to the support portal.

SupportPortalLogin

Once you’re logged in, opening a ticket is easy. Just click Submit a Ticket, choose the department (options are Support, Sales and Billing) and type your question.

ticket

You can also log in to the Support Portal to see our replies. Or if you get our reply via email, simply reply to the email message and your original message to us will be automatically attached by our ticketing system.

This helps us keep a good historical record of what type of tickets you’re opening and what type of trouble you have been having with your account.

Also, when you open a ticket through the support portal your account information will be automatically available to us and we’ll be able to look up your account through our system.

That’s great Martin… But what should I include in my ticket?

That all depends on the type of problem you have, but it is really important to provide us with as much information as possible.

You’re getting an error on your site? Provide us with exact steps to recreate the error on our end. Add information on what lead to this error.

You have an email problem? Oh man! Email is a big area to cover, but it’s always a good idea to tell us which email user is having the problem. Which email user is sending the message? What settings you’re using to receive mail if you’re using an email client (screen shots are always a good idea). If you’re getting bounced email messages, please provide us with the full headers of the bounced email message.

Put yourself in the shoes of the support agent that’s about to help you. Ask yourself, “What this person who’s about to help me going to need in order to resolve my problem?”

Then send off the ticket and we’ll reply to it as quickly as possible. You might be surprised by how fast we reply ;)

What if I didn’t get a reply in my email inbox!?

It’s all good! Make sure you check your ticket history by clicking View Tickets in the Support Portal when you log in.

SupportPortalViewTickets

By checking out your ticket history you will have the ability to see our responses and reply to us directly. You also have the ability to close the ticket yourself if you have resolved your own problem.

SupportPortalReply

Some Good Things to Remember:

  • Don’t open multiple tickets about the same problem. This can cause confusion or duplicated effort on our end, which could lead to us providing inaccurate or untimely information. Which can only lead to frustration on your end.
  • If the original problem has been resolved and you have a new issue or question, open a new support ticket for the new question. We generally read the tickets from the oldest message to the newest in order to fully grasp the issue (and take previous replies into account). So if you tag a new issue onto an old ticket, you are going to slow down our response time, since we may spend time diagnosing a problem that’s already been solved.
  • Does it seem like it’s taking too long for us to reply? As long as the ticket is Active in the Support Portal we are most likely working on your issue. We normally reply to a ticket in under one hour. If it takes longer than one hour you can rest assured that we’re working on the ticket. If the ticket is set to Waiting, that means we’re waiting to hear back from you.
  • Was the ticket you opened Closed but the issue is still not resolved? You can always reopen the ticket and provide any additional information you have related to the problem. If you want to start fresh you can open a new ticket, but be sure to provide the ticket number of the ticket that was closed. That way our support staff can refer back to the ticket if necessary.
  • Does your issue involve coding or development related problems? Please post any coding or development related problems in our Support Forum to get peer to peer (and support staff) assistance. It’s not a blow off. Really. We still love you.
 

Martin OrtegaWe did a recent survey and discovered that 38% of the people who participated didn’t know how much of their web site traffic is coming from mobile devices.

We asked, What was the percentage of your web site traffic coming from mobile (smartphones and tablets) in 2012?

This is how our users answered:

MobileSurvey

Well, for those of you who don’t know how much of your traffic is coming from Mobile clients, we have SmarterStats to help you find out.

If you haven’t enabled SmarterStats for your hosting account, here’s how to do it:

Log in to Control Panel and go to Stats / Raw Logs.

Click the Enable button next to SmarterStats (Free) (Yup, that’s right! We provide this to you for free. :) )

Alright Martin I have enabled SmarterStats what do I do now?

Well now all you have to do is relax for about an hour and let SmarterStats process the HTTP logs for your site. SmarterStats processes our HTTP server logs for your site to provide you a nice interface.

After the hour has passed, login to your SmarterStats account. You can find the login information in the Stats / Raw Logs section of Control Panel.

When you log in, expand the Report Items folder and expand the Browsers folder too.

Now click on Mobile Phones.

MobileReport

Cool Martin! Now how do I save this report and change the date range at the same time?

Well… if you like the report you see and you would also like to change the date range, all you have to do is click on the Add Favorite icon in the report you just clicked on.

Add_Favorite_Icon_SmarterStats

This will then open the Following Window:

Add_Favorite_Icon_SmarterStats_Window

Click on the drop down menu next to Default Date Range and choose the date range you wish to use. Then go ahead and choose any of the other settings you wish to use and click on the OK button.

This report will be placed in the Favorites section in SmarterStats.

SmarterStats_Favorite

Another cool thing you can do to stay in the loop is to set up a Custom Report. That way you can have the report emailed to you daily, weekly, or monthly.

Expand the Custom Reports folder. Now click on the New Custom Reports.

SmarterStats_Custom_Reports

The following web page will appear:

SmarterStats_Custom_Reports_New

Go ahead and enter a name for your report in the name field, choose the Default Date Range, and click on the Report Items tab.

Click Add Item.

Click the drop down menu next to Report Item and select the favorite report you just created.

Now click Save.

This report will now be in your Custom Reports folder.

Click on the Scheduled Email Reports icon.

SmarterStats_Scheduled_Email_Reports

Click on the Add Email Report icon.

From the Reports drop down menu select the report you just created.

In the Frequency field select how often you wish to receive this report.

In the To field enter the email address you wish to send to.

Now click on Optional tab to add more email address to send to.

You might also want to place a check next to Enable graphical charts (HTML only) that way you get a nice graphical chart to refer to in your email message.

Click Save when finished.

Well, with all that said and done, I hope this helped some of you  stay up to date with what type of traffic your web site is receiving.

 

Martin OrtegaIn this tutorial we will be showing you how to use Request Filtering in IIS to Prevent SQL Injections. We previously did a tutorial called, “How to block bots and spiders with Request Filtering,” and we will touch on a lot of the same concepts here.

Please note that these instructions only apply to our Windows 2008 IIS 7 & Windows 2012 IIS 8 Servers.

First, you will need to make a connection to your site using IIS Manager. Please read our knowledge base article on How to connect to the server using the Microsoft IIS Manager.

Once connected:

Double click the Request Filtering module in IIS Manager.

Request Filtering box

Now click the URL icon in the Request Filtering module.

Request Filtering URL icon

Next click Deny Sequence… in the “Actions” section.

In this example we’ll be blocking the common SQL Injection term “varchar” so enter this in the Deny Sequence box and click OK.

Deny Sequence boxSo now when someone tries to enter “varchar” into your site’s URL, they will receive the follow error message from the server:

HTTP Error 404.5 - Not Found

There are a number of other terms that you can also use. Here are some terms you may wish to add to the Deny Sequence rules for your site account as well:

  • @@version
  • char
  • exec
  • execute
  • declare
  • cast

So now when anyone tries to enter any of the above terms into your URL Sequence, they will receive the HTTP Error 404.5 – Not Found error message from the server.

Be Warned! If your site currently uses any of the terms that you deny, you will receive the HTTP Error 404.5 message too. So choose your terms wisely to prevent any issues with your site.

 

Martin OrtegaIn this tutorial I’m going to show how to check your HTTP logs for a site account in order to find those nasty SQL Injections.

Let’s get started!

In order to complete this task, please make sure you have enabled raw logs for your hosting account by reading our knowledge base article: How do I access the raw log files?

If the SQL Injection happens before enabling the raw log files, then you wont be able to find the SQL Injection since the HTTP logs won’t be provided until the next day, and the past HTTP logs for your site account won’t be available. You may need to Contact Support and ask them if they can provide you with the HTTP logs in order to investigate an SQL Injection.

Please be sure to provide them with the dates of the HTTP logs you wish to access. Also, remember that support won’t have any HTTP logs that are more than 30 days old. If the Injection happened more than 30 days previous, no record HTTP logs will be available for your hosting account.

We’re going to need a special tool to help investigate

To help you search out the SQL Injection from your HTTP Logs, you’re going to need to use a tool called BareGrep. This tool can be downloaded here. Make sure you click on the “Free Version” link (if you like it and think you will put it to good use, consider purchasing the software). It’s a cool little tool because it’s not required to be installed on the computer and just runs off the .exe file.

Time to get down and dirty!

The awesome part about BareGrep it allows you to drag and drop multiple text files into it. This means if you’re not exactly sure of the exact date the injection happened, you can search multiple text files all in one shot.

Open BareGrep and select the text files that you wish to search. Now drag and drop the files into BareGrep’s grey area.

DragAndDropBareGrep

Let’s find those nasty SQL Injections!

We’re going to use a keyword search to find is the line in the HTTP logs where the SQL Injection occurred.

These are the keywords I like to use in BareGrep (feel free to add some of your own):

  • - -  (that’s two dashes)
  • @@version
  • varchar
  • char
  • exec
  • execute
  • declare
  • cast

Now it’s time to enter each of the keywords one at a time into BareGrep’s text field.

BareGrep_Search_Example

Hey! Hey! Hey! We found something!

Now let’s select the lines in BareGrep and see what we can find. Once selected, copy and paste the lines into an empty Notepad document.

BareGrep_Copy_Selected_Items

You should get a few lines like the following HTTP line below. I know it looks nasty but let me try to explain what certain things are.

ex121209.log    414    2012-12-09 13:17:34 W3SVC100000 WEB151 216.177.71.6 GET /search.aspx home=177&id=1%27%20or%201=@@version-- 80 - 8.8.8.8 HTTP/1.0 Mozilla/4.0+(compatible;+Synapse) - - www.yourhosteddomainname.com 500 0 0 7639 354 531

This part of the line is stating the date and time (PacificTime) the SQL Injection happened.

2012-12-09 13:17:34

The other part is the web server and IP address.

WEB151 216.177.71.6

The following is interesting because it tells you exactly what page it was that was vulnerable to the SQL Injection. This will also give you a clue on what you will need to patch up on your site to prevent it from happening again.

GET /search.aspx

The other part is what they entered in their web browser when trying to check if a SQL Injection vulnerability is possible. If there is vulnerability this code displays an error message along with the SQL database version. This means that the SQL database is answering to the hacker and it’s a dead giveaway that the web application is vulnerable to a SQL Injection.

home=177&id=1%27%20or%201=@@version--

Here comes the best part of the HTTP log, the hacker’s IP address! The example here belongs to Google’s DNS, but this is where the hacker’s IP address will be located in the HTTP logs. Please remember that most people will hide their real IP address and it doesn’t mean that the IP really belongs to the hacker. The evil person could have been using a network that doesn’t belong to them. Most likely a proxy service they like using to hide behind.

Cool thing about this is that if you’re on an IIS 8 or IIS 7 account, you have the ability to block IP addresses using IIS Manager. Please read our knowledge base article on How to connect to the server using the Microsoft IIS Manager.

If you’re on a IIS 6 server you will need to contact our support department. Ask them to block an IP address for you and provide them with the IP you wish to block.

Okay, so you know how they checked for the vulnerability in your application. Where can you find the injection that changed all of your table fields?

For this you will need to keep looking in the HTTP logs. What I like to do next is enter the hacker’s IP address into BareGrep and see all the Injections the hacker used. It will also show you the other parts of your site that the person visited.

What you will need to look for is the following in the HTTP log. This piece of code in the log will be followed by a bunch of numbers and charters. This friends, is where the tables got inserted with the malicious URLs/text to one of your tables on the SQL database. This also means that the page “/search.aspx” is vulnerable to the SQL Injection.

/search.aspx id=10+declare+@s+varchar(8000)+set+@s=cast

Okay, so now you’re ready to prevent the SQL injections from happening on your site.

I have referred people to the following articles in order to prevent a SQL injection from happening again. I really hope this helps you guys and we can see an end to these stinky SQL Injections.

Filtering SQL injection from Classic ASP

Filtering for SQL Injection on IIS 7 and later

Blocking SQL injection using IIS URL Rewrite

 
iBlog by PageLines