We mentioned previously that on December 1st new ICANN rules are going into effect that change the way some domain contact information changes are processed. Well, here we are, and now we know a bit more about how the changes are going to be handled by our registrar, OpenSRS, so here’s an update.
First, the change affects all “generic top level domains.” Those are domains like .com, .net, .org, .biz, .info, etc., and it includes all of the new domain extensions, like .blog, .photo, etc. Country code domains such as .uk, .TV, .co, etc. are not governed by ICANN, so they are not affected.
After December 1st, when you change the first name, last name, email address or organization for the registrant (that’s the domain name owner) you’ll have to approve the change in two separate emails. This only applies to changes made to the registrant’s contact information. Changes to the administrative, billing or technical contacts for your domain are not affected.
The reason there are two emails to respond to now is because changes to the registrant’s name, organization or email information are now treated the same way a “registrant change” has always been treated. The difference being, in the past that “registrant change” was assumed to be a change of ownership from person to person, so emailing both parties made sense.
But now that those emails are triggered any time you update something like your email address, those two emails will go to the same person – you. Unfortunately, you still need to approve the change by clicking a link in both emails, or the change will fail.
I know, it doesn’t make any sense and it complicates a previously simple operation, but this is the way it’s going to be done now, so we’ll just have to adapt.
How you can avoid problems or delays related to the change
- Take a few minutes now to make sure your registrant (domain owner) information is up to date, especially the email address.
- When you change the first name, last name, email address or organization for the registrant (domain owner), but are not transferring ownership to another person, make sure you approve the change by clicking the link in both emails that you receive.
- Additionally, you can avoid any problems or potential delays by granting OpenSRS (our domain registrar) “Designated Agent” status, which gives OpenSRS the right to automatically approve “Change of Registrant” updates for you. This option will be available on the confirmation page that will be linked to in the change approval email(s).
We’ve added php 7 to the options available in the ASP.NET/PHP Version section of Control Panel.
php 5.3, 5.4, 5.5 and 5.6 have also been updated to the latest builds (in the case of 5.3, 5.4 and 5.5 they are the final builds).
You may want to consider weaning off the 5.x versions of php, as 5.3, 5.4 and 5.5 are past their end of life. php. 5.6 will still be viable for a couple more years, so if you’re using an earlier version, take a look at moving to 5.6, or better yet, php 7.
To change the php version for your site, go to the IIS Tools section of Control Panel, and look for the dropdowns on the “ASP.NET/PHP Version” tab.
On December 1, 2016, new ICANN rules go into effect that create another step when you change the first name, last name, contact email or organization fields for your domain. Doing any of those things will now trigger the “trade process.” Which means those minor ownership information changes will now be treated the same way a domain transfer is treated.
The domain owner will have to approve those changes in two separate emails. The “current” and “previous” owner (which are usually the same person in the case of most of the changes above) need to approve the change or it will fail.
So, for example, if you update your name or the name of your organization, you’ll have to approve the change in two emails. If you update the email address associated with a domain name, you’ll have to approve that change at both the old and the new email address. That introduces some potential problems if you don’t have access to old and new email addresses, or you miss one of the two notices that go to the same address.
The changes are taking place due to an ICANN review of the transfer process that began almost a decade ago. There were potential issues with the original transfer policies that made domain hijacking a little too easy, so ICANN began looking at “special provisions” for registrant changes in order to prevent some of those problems.
Which sounds good, but what we’ve ended up with is a process that may make it more difficult to hijack a domain, but have the unintended effect of making a lot of day-to-day domain management tasks more difficult and confusing.
We’re not yet certain exactly how the changes will work for domains registered through DiscountASP.NET or Everleap. But we’ll do what we can to keep the confusion to a minimum, and we’ll give you some details when we know exactly how the changes will affect your domain management processes.
You may have noticed that a lot of web hosts are not particularly active on social media. Many don’t even have public-facing community forums. We’ve always had a forum because we believe they’re indispensable when it comes to making information and knowledge available, and as a place where people can help each other.
As far as social media is concerned though, we didn’t hop on that train right away. DiscountASP.NET started 3 years before Facebook and Twitter opened to the public, and 8 years before Google+ decided to do their thing.
But when those things came along, most businesses didn’t immediately take advantage of them, and we were no different. Eventually though, we made our way to Twitter, then Facebook. But it was when Google+ came along that we started to take a more active role in social media.
There were a lot of benefits to using Google+ when it started (though now most of those benefits have disappeared as Google slowly dismantles Plus and takes it toward a communities-only kind of thing). But since we were putting a lot of time and energy into Plus when it started, it was only natural to put more time and energy into Twitter and Facebook as well.
So we put a lot of resources into all three, with the expectation that we would get a dialog going with our users and the world at large. We did Google+ Hangouts, published new articles often, responded to every social media interaction.
That’s what all the pundits and social media experts were telling us we should do. They assured us that, “If you build it they will come,” so we built it and nurtured it and painted it nice colors and put up decorative lights. It was a great and glorious thing.
But not really.
What we learned after committing those resources to social media was that the people who use web hosting services don’t much care about what we have to say outside of issues that are directly related to what we do. They don’t want to hang out with us. Well, on social media, anyway. Our blogs still get a lot of traffic and our forums continue to be used. But Twitter, Facebook, Google+? Not so much.
There are certainly a lot of you on Twitter and Facebook – and yes, some of you are even still on Google+ – but you’re not so interested in chit chatting with your web host on there.
Now, I have to tell you, we are an interesting bunch, but I can’t blame you for not being our pals. For not wanting to hang out and talk about motorcycles or vinyl LPs or gardening. Interacting with a company can feel a little…weird. Or one-sided in a lot of cases. Plus, you’ve got work to do. And so do we.
So we’re okay with not being your Facebook friends. But we have seen that you do expect to be able to use social media to find out what’s happening when you see a problem. So we’ve shifted our social media focus to providing notices about upcoming maintenance and alerting you to problems as they’re happening.
And as far as that goes – well, here’s my social media calendar for DiscountASP.NET for two weeks in October:
As you can see, it’s a lot of ground to cover. But you’ve let us know that’s what you want, so we’re happy to do it.
Those are just the scheduled things, the things we know are going to happen. The unscheduled activity is an entirely different kettle of gumbo, and it can be a bit frantic and crazy around here when something goes wrong and affects the entire network.
It’s crazy because we’re your favorite scrappy independent host, not a huge multinational conglomerate. Which means we don’t have a room full of people in front of computers here in the office, waiting patiently to answer your Facebook posts or Tweets. It’s usually just me and one or two members of the support staff, depending on what’s going on.
So if one of those big problems does happen, we’ll let you know on social media, but we’ll also usually point you to our forums (which are hosted outside or network) for more information, or to answer your questions.
That helps because we can give you updates and answer questions in one place, rather than three or six (or more). Imagine trying to answer every post on Facebook, Twitter and Google+ and work the helpdesks and forums for two brands when hundreds of people are posting and emailing. There’s just no way we can keep up on all of the social media sites at those times.
So if you post on Facebook when there is a problem that affects a large part of the network but you don’t get a response right away, it doesn’t mean we’re unaware of the problem, and we certainly aren’t ignoring you. We’re probably just, you know, busy.
The outage threads in the forums have traditionally been locked, but a while back we opened them up so you can talk to us in there. So next time you feel like something may be going haywire, check for us in the forums: DiscountASP.NET, Everleap.
Luckily problems that affect everyone are very rare, so we’re not often in a place where we’re overwhelmed answering your queries. If it’s a localized problem, something affecting one server or part of a server, we’ll always do everything we can to respond to you wherever you happen to be posting.
When we saw the writing on the social media wall we didn’t just fold up our tents and go back to the way things used to be. We adapted, and we continue to adapt every day. And I hope we’re adapting in a way that’s working for you. If we’re not – well you know where to find us.
Well, yes I am. If you aren’t using it.
WordPress is the world’s most popular blog, CMS, framework, magic trick – however you classify it, it’s behind almost 20% of the world’s self-hosted websites, and that’s a lot of sites. More than 75 million, they say. So odds are you’ve installed WordPress at least once, if not half a dozen times, over the years.
But where, oh where are those WordPress installations?
We find a lot of them in /test directories, or in abandoned /blog directories. We find them there because they get compromised, and we’re called in to clean up the resulting mess. And that mess can go very deep, and spread out well beyond the WordPress directory.
Since WordPress is so popular, it’s also the target of more compromises than any other third-party application that you can install. So what often happens is someone installs WordPress to try it or test it, and then they forget about it. But they don’t delete it. So there that old installation sits.
And the longer it sits without being updated, the more vulnerable it is to compromise by the bad guys. If you think they’ll never find it because you cleverly installed it in a random directory that you don’t link to from anywhere, think again. The bad guys have bots – lots and lots of bots – and spiders, and all they do, all day every day, is look for wp-admin pages to exploit.
If you are actively using WordPress, that’s great, all you have to do is keep it up to date and your chances of being compromised are vastly reduced (they don’t go away, but they’re reduced). If you use WordPress but you’re not someone who logs in to the WordPress admin back end every day, you might consider setting up automatic updates.
Another thing you can do is delete the “admin” user that’s created when you first install WordPress. Give your everyday user admin permissions and delete that admin user. I know, it’s scary, but do it! That will make it harder for the bad guys to exploit you using a brute force attack on your admin password.
Active WordPress installations aside, the best thing you can do is look around for old, unused WordPress installations and get rid of them. And while you’re in there digging around, you might want to delete any other applications that you aren’t using. Look at it like a kind of year-round spring cleaning. It will make your domain more secure and potentially save you from a real headache down the road.
The third .NET Conf UY is taking place September 29th through October 1st in Montevideo, Uruguay.
Get the very latest on Microsoft technologies, including HoloLens, .NET Core, DevOps, Docker, Universal Apps, Windows 10, Internet of Things, Xamarin, Sharepoint, Office 365, SQL Server and Visual Studio. Hob-nob with top experts, and enjoy a unique opportunity to learn, share and network. Workshops, conferences and fun are all guaranteed, in an informal, friendly environment.
Sound good? You’ve always wanted to see Uruguay, haven’t you? What better time. Montevideo is a beautiful, modern city, and if you buy your ticket before August 31st, you’ll enjoy access to the entire conference for only $10!
You may have noticed that there were a couple of outages last week, related to moving all of the hardware in our network to a new, larger space in the Los Angeles data center (and if you didn’t notice, forget I said anything).
A large-scale move like that is a major, unusual occurrence, and probably (hopefully!) a one-time thing. For a major move like that, you may have expected some brief periods of downtime related to it.
But we’ve been successfully preventing and avoiding other types of global outages for some time now (not to jinx anything), though individual server outages are still something that happens from time to time. In fact they’re scheduled to happen every month when we do Windows updates.
I know that a lot of you notice when there is an outage, because I talk to you about it here, on Twitter, Google+, Facebook, in the helpdesk, standing in line at the movie theater, at stop lights on my way in to the office…
I hear what you’re saying, no one likes an outage, and we take them very seriously around here. I know that many of you rely on us to provide service to your clients, and when there’s a problem, they rattle your cage, not ours.
But our goal here is to be honest in all of our communication with you, and honestly, things are going to fail. We’re going to have occasional problems. Some small, some large. And as a result, your web site will not be up 100% of the time.
Yes, I said it.
And while it may be a little strange to see someone from an established website hosting company saying it, it really shouldn’t be too surprising. It’s the reality of the situation. Hardware fails, networks fail and humans fail.
For what it’s worth, I think we do provide nearly perfect service
Nearly. But it can’t work 100% of the time because there are a million variables at work here every minute of every day, and we can only control about 999,000 of them.
I’m speaking for us, here at DiscountASP.NET, but what I’m talking about applies to every service that you use. All of them. On the Internet (it’s difficult to think of a single online service or utility that hasn’t had an outage in the past six months), in your home, in your car, on the train – pretty much everything you rely on to always be there – it’s all going to fail at some point.
Considering the complexity of the network that is the Internet, and the interconnectedness of thousands of different kinds of hardware and software, it’s really kind of a minor miracle that it works as well as it does. But no one – ourselves included – likes an interruption, even in their miracles.
Whenever there is an incident that affects a lot of you (or all of you – like a major DDoS), we spend a lot of time after the fact analyzing what went wrong and determining how we can prevent or better react to something similar in the future. That’s time well spent, because every improvement we make, large or small, has a positive impact on the quality of the nearly perfect service we provide to you.
We also spend a considerable amount of time and money preventing and mitigating problems before you even know they’re happening. Network monitoring, intrusion and exploit detection, hardware and software retirement and migration – it’s an ongoing process, and we constantly tweak and improve all of our processes. And by “constantly,” I mean every single day.
But the major improvement we’ve made isn’t actually on the DiscountASP.NET platform
It’s the introduction of a completely new platform at Everleap.
That’s our cloud hosting system built on Windows Azure Pack. It’s all of the good parts of the big cloud combined with the good parts of traditional hosting. Meaning the resilience, redundancy and flexibility of the big cloud, but with the inclusion of a lot of traditional hosting services that you’ve come to expect, but cost extra at the large cloud hosts: email, databases, SQL Reporting Service, usage stats, SSL, DNS, expert, in-house tech support, etc.
What makes Everleap different is that it is much more fault-tolerant than a traditional server set up like we have here at DiscountASP.NET. If an Everleap server goes down, all of the traffic for those sites is routed to a healthy server within seconds. That technology also allows us to do Windows server updates with no web server downtime. Something that’s impossible on a traditional Windows server.
That alone is pretty cool, but you can also run your site simultaneously on multiple servers that are automatically load balanced, increase resources like memory and CPU much more easily, and even get Reserved Cloud Servers and Managed SQL servers – all the resources of a web or SQL server dedicated to a single user. Reserved Cloud and Managed SQL are like having your own server – no unruly neighbors to drag you down – but without any of the maintenance headaches that come with a VPS or dedicated server.
If all of that sounds like a sales pitch, it is! A little bit. We really believe that Everleap is the future of web hosting, and we want everyone to benefit from the advances. Now I know that some of you are probably wondering, “If you believe in it so much, why didn’t you just replace the DiscountASP.NET platform with the Everleap technology?”
And the answer is, we seriously considered it. But it would have been unnecessarily disruptive for a lot of folks, and we feel that there’s still a place for a traditional hosting platform. So ultimately we decided to offer Everleap on its own so that everyone who enjoys DiscountASP.NET just the way it is, thank you, can remain right where they are. Choice is always good.
But if you’re outgrowing the traditional hosting platform, or you just want the speed, flexibility and greatly improved uptime of the new platform, you may want to give Everleap a try. It’s free for 30 days, so you’ve got nothing to lose. If you like it, we’ll even help you move and apply any credit remaining on your DiscountASP.NET account to your new Everleap account.
The future is now! Come on over and see it for yourself.
Note: beginning with Chrome version 46 the yellow caution triangle has been removed from the https URL when Chrome encounters minor errors such as those described in this article.
If you use an SSL certificate (https) on your site, you may have seen a couple of new things happening in Google Chrome version 41 or later. Various warning messages such as, “The identity of this website has not been verified,” “Your connection to <domain> is not encrypted,” or other visual indications that the https connection is not secure have started to be displayed.
Those appear when your SSL certificate uses a SHA-1 signature (most SSL certificates issued before 2015 use SHA-1).
To fix the problem of browser security warnings you must re-key your SSL certificate for SHA-2. If you don’t see those warnings in Chrome and you purchased your certificate recently, it may already be SHA-2. You can verify using this test site.
If you purchased your SSL certificate from us, here’s how to re-key:
1) Contact us and we will re-generate and re-submit the CSR.
2) You’ll then get an email from GeoTrust with a link to complete the process. When completing the re-key on the GeoTrust site, be sure that SHA-2 is selected as the “Hashtag Algorithm.” You can find step-by-step instructions (and a video) here.
3) After you’ve completed the reissuing process, you’ll receive an email with the new certificate. Go to Control Panel and paste the new certificate into the SSL Manager.
If you purchased your SSL certificate elsewhere:
1) Contact us and we will re-generate the CSR and email it to you. Then you’ll have to contact the issuer of your certificate to get your certificate re-keyed for SHA-2.
2) When you receive the re-keyed certificate, go to Control Panel and paste the new certificate into the SSL Manager.
“Obsolete cryptography” message after re-keying with SHA-2
There is another potential problem after you’ve re-keyed your SSL certificate. While the address bar will show the green lock icon, if visitors look at the certificate details in Chrome, they may see an “Obsolete Cryptography” message.
What’s happening is the Chrome Browser is ignoring the cipher preference we use on the server (which includes their preferred ciphers) and pointing out any “weak ciphers” they find. You might notice that many large corporate sites are also insecure according to Chrome, for similar reasons:
That “obsolete cryptography” message may persist for a while because Google is not providing any information on exactly what they want from the server to stop calling it insecure. It would appear that Google would like to see every server everywhere remove support for all older cryptographic methods.
We understand the reasoning behind that, but the problem with removing some of those methods is doing so will shut out visitors using some older browsers and operating systems that don’t support newer methods (such as Windows XP). Since our servers are shared by many customers, it isn’t really an option for us to make global changes that prevent some visitors – even a small number – from accessing our customer’s sites.
We do maintain special servers that do not support any of the older cryptography methods, and they are available if you’d like to move your site. The servers are primarily used by customers who need a “hardened” server to pass a PCI compliance scan. But the added security does introduce some issues, such as older browsers being unable to connect to sites on those servers via https. There are also a few other caveats that may require adjustment or a work-around on your part. But if you’d like to move your site to such a server, or need more information, let us know.
We continue to monitor information from Google on recommended server configuration, as well as testing various configurations ourselves to prevent the “obsolete cryptography” message.
If you have any trouble re-keying a certificate, or if you have any questions about these ongoing changes, let us know and we’ll do our best to help.