Don’t Fall For ICANN Domain Protection Certificate Scam

Category Archives: Nexcess

Aug 15

  • Created: Aug 15, 2014 3:01 PM

Don’t Fall For ICANN Domain Protection Certificate Scam

ICANN scam

In a recent blog post, ICANN (Internet Corporation for Assigned Names and Numbers) revealed a scam in which registrants of top-level domains like .com and .net are approached by fraudsters and told that they need to buy a certificate to “protect their domain”. Although the certificates are well designed and incorporate official ICANN graphics, the scammers are not associated with ICANN, the certificates do nothing to protect domain ownership, and the offer is entirely spurious.

Web hosting clients and domain name registrants should not pay third-parties for this purported service. Nor should they pay money to any organization claiming to be or to represent ICANN, which does not sell services to domain name registrants (the individuals and organizations that use domain names).

ICANN is a non-profit organization that was created to manage the databases that allow the Domain Name System to translate the URLs we’re all familiar with into the IP numbers that machines use to route data around the Internet, as well as a number of other services connected with DNS and Internet namespace management.

Read more

Posted in: Nexcess, Security
Aug 12

  • Created: Aug 12, 2014 2:45 PM

WordPress 4.0 Beta Is Ready For Testing

WordPress Beta

Every few months the wizards who develop WordPress put out another release. It’s always an interesting time for WordPress users and watchers, who are eager to see what benefit the new features and enhancements will bring to their site (or, if you’re more pessimistic, what new annoyances they’ll have to deal with).

In this article I’d like to take a look at the highlights of the next major WordPress release, as well as how you can get it.

First a word of warning, beta releases are, by definition, under active development — there will be bugs, there may be security vulnerabilities. I’d strongly advise you not to upgrade your production sites to the beta version. There’s a possibility it’ll hose your site or break features.

Read more

Posted in: Nexcess, WordPress
Jul 25

  • Created: Jul 25, 2014 2:15 PM

Recent Exploit using Fake Magento Extensions

We are publishing this post in the hope that all Magento users can utilize this information to determine if their site has been compromised and take the steps required to correct the problem.

We were recently contacted by a client regarding a Common Point of Purchase Investigation that was initiated by a credit card issuer. These investigations are used to pinpoint the source of fraudulent activity reported by card holders. Our security team immediately began a comprehensive internal investigation to pinpoint the root cause of the fraudulent activity on the client’s account. Our security team found evidence of Magento core files having been modified to skim credit card data during the checkout process. The skimmed data would then be logged to a fake image file (actually a text file) located in the media folder, then the attacker would download these text files from a remote server.

Next, our security team began a scan of our entire infrastructure to determine if any other client sites were affected by the same exploit. We found a total of 39 sites (out of 15,000 Community and 1,500 Enterprise Magento stores) hosted with us, were affected by the same exploit. We immediately contacted all of the affected clients before their credit card processing companies had even detected a problem.

We have since cleaned all of the sites that were exploited and contacted all of the affected clients about the exploit.

PLEASE NOTE: If you are hosted with us and have not been contacted by our security team regarding this issue, then we believe your site has not been affected by this exploit. We are committed to the safety and security of your data and we take these issues very seriously. As a precaution, we are running hourly scans of our infrastructure to detect any further compromises.

Read more

Posted in: Magento, Nexcess, Security
Jul 15

  • Created: Jul 15, 2014 4:43 PM

Creating Multilingual WordPress Sites

Multilingual WordPress

Even though the web is a global network, many businesses are happy to create an English-language site and leave it at that. In some cases, that’s fine. The burden of translation can be quite high, and if the market a site is addressing is fairly localized, then the ROI of internationalizing isn’t worth the effort. The US and Europe, most of the populations of which have at least a passing familiarity with English, have long dominated the online economy, but that’s rapidly changing.

South America, India, and China are quickly growing in online spending power, and companies that fail to address expanding markets are missing a trick. Sites that are targeted at the European market will generally find that their audiences speak English, but if they can find what they need on sites in their native languages, they’ll preferentially do business there, so the international nature of English shouldn’t be relied on.

Even within the US, providing multi-lingual sites is a good idea. The Spanish-speaking population is large, and with Mexico, and Central and South America close by, there’s much to be gained from providing at least bilingual content.

Read more

Posted in: Nexcess
Jul 10

  • Created: Jul 10, 2014 1:58 PM

Choosing The Right WordPress Theme For Your Site

One of the perks of using WordPress is the large number of themes. There are themes that provide just about any aesthetic or function, with many thousands of free and premium themes available from the official repositories, theme marketplaces like ThemeForest, and direct from developers like Elmastudio — one of my personal favorites.

But, not all themes are equal. Because of WordPress’s popularity, theme developers can make a lot of money. That’s attracted many people to the market, both the talented and professional, and the under-skilled and slipshod. For a new WordPress user, it can be difficult to discriminate between the two — a theme that appears perfect in a showcase can disappoint after payment.

I’d like to offer a few simple guidelines that will help new WordPress users make a choice that they’ll be happy with.

Read more

Posted in: Nexcess, WordPress
Jun 27

  • Created: Jun 27, 2014 2:00 PM

What Do The New Generic Top-Level Domains Mean For Webmasters?

New Top Level Domains and SEO for webmasters

Unless you’ve been living under a rock, you’re probably aware that domain registrars and web hosting companies have started to offer a large number of new generic top-level domains. There is some confusion among web hosting clients as to the status of these new domains, so I thought it would be useful to explain what they are, why they were created, and the potential benefits to hosting clients.

What Is A Generic Top-Level Domain?

Top-level domains are the final part of a bare domain name; “.com”, “.net”, and “.me” are all common examples of TLDs. Domain names come in a couple of different varieties: generic domain names (gTLD) and country-code domain names (ccTLD). The latter are intended to be used for sites that have a relationship to a specific geographic area, “.fr” and “.jp”, for example, although that is somewhat complicated by the way Google regards some ccTLDs, such as “.me”, the ccTLD for Montenegro, which for SEO purposes are treated the same as a generic TLD. As the name suggests, gTLDs have no ties to specific regions, and can be used by anyone. There are other top-level domains with a slightly different status, like “.cat”, but for our purposes the distinction between gTLDs and ccTLDs is sufficient.

Read more

Posted in: Nexcess
Jun 25

  • Created: Jun 25, 2014 3:03 PM

Using WordPress As A Crowdfunding Platform

Over the last few years, crowdfunding has taken off in a big way. In 2011, a total of $1.5 billion was raised through crowdfunding. In 2012, that number increased to $2.7 billion. The most successful crowdfunding projects raise many millions of dollars, with prominent examples being Star Citizen, a video game that raised over $44 million dollars after having asked for $500,000; the Pebble smartwatch, which exceeded $10 million; and the Ubuntu Edge, which failed in its (somewhat over-optimistic) goal of raising $32 million, but was pledged almost $12 million dollars.

The leading crowdfunding platforms, Kickstarter, have had a huge impact on the opportunities available for makers, creatives, and anyone who has a great idea but lacks the capital and connections to turn it into reality. While there are obvious advantages to using established crowdfunding platforms, the most notable being a built-in audience, a platform designed for running crowdfunding projects, and experienced people handling the financial aspects of the process, there are also benefits to going it alone and building a platform over which you exert complete control.

Naturally, WordPress offers several solutions to the problem of home-grow, self-hosted crowd funding. But, I’m going to highlight what I consider to be one of the best WordPress crowdfunding plugins available.

Read more

Posted in: Nexcess, WordPress
Jun 19

  • Created: Jun 19, 2014 5:08 PM

How To Get Help From WordPress Plugin Developers (And How Not To)

Getting WordPress Plugin Help

If you’re a WordPress user, the chances are that you’ll have to interact with plugin developers at some point. It can be frustrating and anxiety-inducing when a plugin goes awry, especially if it has a significant impact on your site’s functionality or even stops it working altogether. On many occasions, I’ve seen WordPress users vent that frustration at plugin developers. As satisfying as that might be in the short-term, it’s not helpful.

Developers work on free plugins for a variety of different reasons: to give back to a community from which they have benefitted, to publicize a premium version of their plugin or some other service, or simply as a hobby. If you’re using a free plugin on your WordPress site, you’re getting something for nothing from a developer who is probably very busy putting food on their table with a full-time job in addition to working on the plugin. Developers don’t have the time or the inclination to deal with rude, demanding, or uninformative users.

To help you deal with plugin developers in a way that’s likely to have a positive result for both you and the developer, it is helpful to keep a few simple guidelines in mind.

Read more

Posted in: Nexcess, WordPress
Jun 17

  • Created: Jun 17, 2014 4:18 PM

Alternative Payment Methods To Outstrip Credit Cards For Global eCommerce

eCommerce and alternative payments

US eCommerce was built on the back of secure credit card data handling and a population of which the majority own a credit cards. In the US, and much of the rest of the world, credit cards are still the primary method of payment, but the proportion of people choosing to use alternative payment methods is set to reach half of the global eCommerce market, which is surprising when you consider that Amazon, the biggest fish in the eCommerce pond, doesn’t accept alternative payment methods on its main eCommerce store, in spite of offering its own spin on alternative payments.

In fact, the number of companies offering alternative payment methods is rapidly growing, with a particular focus on mobile payments. Amazon, Google, and others offer digital wallets, and Apple and Facebook are expected to jump on board in the near future. It’s likely that the battle for the wallets of eCommerce shoppers will be fought and won on mobile platforms, an area in which both Google and Apple are well placed to dominate.

But across the alternative payment market as a whole, the more established players continue to rule the roost, with PayPal and AliPay being the most prominent. AliPay, which is China’s leading online payment solution, processed over €100 Billion worth of transactions, making it world’s third largest mobile payment provider.

Read more

Posted in: Nexcess