Knowledge Base

Knowledgebase

FAQ Security

On the Web, you will want to ensure your privacy and your site's security. If you are engaging in E-Commerce, you will also want to ensure the security of data that passes between you and your customers. Hosting 4 Less supplies SSL capabilities.

There are some important security measures that you can take as well. You must be careful with your passwords, in how you design them and to whom they are distributed. You can also password protect parts of your Web. Additionally, you need to change your passwords often, especially if there is a turnover in the people who have access to them.

For additional information, we have included some links below about privacy, passwords, and encryption. If you have any questions or concerns about security and your Website, please call Hosting 4 Less Support at 888-818-0444.

General Security Resources
The WWW Security FAQ

Privacy
Electronic Privacy Information Center Home Page

Passwords and Account Security
Why you need to be careful in selecting passwords



Secure Socket Layer (SSL)
Abuse

FAQ Secure Socket Layer (SSL)

What is SSL?


"SSL" stands for Secure Sockets Layer. It is a security protocol that encrypts all of your connections with a Web server. SSL thwarts eavesdroppers who could "sniff" your Internet packets for sensitive information such as passwords and credit card numbers. Thus, SSL has made on-line commerce viable for all web users. SSL was designed by Netscape and was originally incorporated into the company's Web server and Web browser software. Since then, SSL has been included in products from every major developer of Web software.

Netscape defines its product as follows:

Netscape Communications has designed and specified a protocol for providing data security layered between application protocols (such as HTTP, Telnet, NNTP, or FTP) and TCP/IP. This security protocol, called Secure Sockets Layer (SSL), provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection. SSL will enable a Website visitor's browser to connect and transparently negotiate a secure communication channel. Once this connection has been made, information can be exchanged with theoretically no chance of any unauthorized third party interpreting the data.

How does SSL work?


Quoting from the technical specifications of Netscape Data Security: "SSL provides a security "handshake" that is used to initiate the TCP/IP connection. This handshake results in the client and server agreeing on the level of security they will use, and fulfills any authentication requirements for the connection. Thereafter, SSL's only role is to encrypt and decrypt the bytestream of the application protocol being used (for example, HTTP, NNTP, or Telnet). This means that all the information in both the HTTP request and the HTTP response are fully encrypted, including the URL the client is requesting, any submitted form contents - including things like credit card numbers, any HTTP access authorization information - usernames and passwords, and all the data returned from the server to the client."

Specific web server software implements server-side support for HTTP over SSL, including support for acquiring a server certificate and communicating securely with SSL-enabled browsers. The final step necessary to ensure that the web server has the proper security verification is the registration of that site's encrypted key pair as generated by an encryption authority (such as VeriSign). Without having an installed verified encrypted key pair, the site is no more secure than any other Web server.


Can I use Hosting 4 Less’s certificate and SSL connection?

Hosting 4 Less allows its customers to use the Hosting 4 Less SSL Server certificate. Depending upon the hosting plan of your account, this service may already be included; otherwise you must contact Technical Support at Hosting 4 Less by calling 888-818-0444, to request SSL for a nominal fee. Once SSL has been enabled on your account, the Hosting 4 Less TM Web server that hosts your page is ready to securely serve any directory, web page, or image within your account. This is done by referring to a specific secure URL location for secure documents. The URL includes an "s" after the http (for example, https://servername.Hosting 4 Less.com/yourdomain/filename.htm rather than http://domainname.com/filename.htm.)


How do I use Secure Socket Layer (SSL) for secure transmission?

Once SSL has been enabled on your account (see above), the Hosting 4 Less Web server that hosts your page has a complete secure Web server included for your use. The only changes you need to make are renaming the URL's of the Web pages you want to be secure. Contact Technical Support at Hosting 4 Less by calling 888-818-0444 to get the host name of your Web server, and then name your Web pages as such: https://servername.Hosting4Less.com/domainname. For example, if your domain was joe.com and the host name of your Web server given to you by Hosting 4 Less Technical Support was secure.Hosting 4 Less.com, then you can use SSL on your Website by using the URL: https://secure.Hosting4Less.com/joe


I don't want to use Hosting 4 Less's name in the URL when I use the SSL certificate. What can I do?

If you would rather not use Hosting 4 Less’s certificate you must purchase your own certificate from a Certificate Authority such as Verisign or Thawte.


Can I use a less expensive certificate, like a Personal VeriSign Certificate?

No. The Server certificate, or a similar type from another vendor, is necessary as it establishes the SSL connection from the Server to the user's browser. Personal certificates are only for use in verifying the client to the server and are intended for individual use only.


Restrictions


The restriction for utilizing SSL or an SSL-enabled product is a propriety one... i.e. it requires specific browser software to fully integrate all of the encryption schemes necessary to maintain security.

The steps in this process are:

Request to Hosting 4 Less that a key be generated. This will create a temporary certificate that is termed "Self-Signed". It guarantees who you are on the Web until the permanent certificate is completed. Most people utilize this for testing purposes only. We will forward a copy of the request to you once it is generated. Then, go to the appropriate Certificate Authority site and fill out the request for a Digital ID for your web server. You will have to paste the request into the form there. 

Note: you can use: http://www.verisign.com .

When the Certificate Authority sends the final certificate, forward a copy to Hosting 4 Less and the finished product will be installed.


Where do I get support regarding VeriSign?

Information on Server IDs from VeriSign can be found at
http://www.verisign.com/server/index.html. If you need to have a certificate installed by Hosting 4 Less, please contact Hosting 4 Less Support at 888-818-0444 and make your request. Please refer to questions related to SSL for more information on secure transactions.

Top
FAQ Abuse


What is a Denial of Service Attack? How could an attack affect my service?

A Denial of Service Attack (DoS) occurs when someone executes a malicious program on a server or on part of the network. Usually, these programs are designed to "flood" certain network resources (such as routers or switches) in order for the attacker to gain access to some other resource they deem to be desirable (maybe a specific server), or simply to knock the machine off-line. Most often, the attacker has a specific server as a target; if they cannot gain access to or bring down the specific server, they sometimes resort to attacking the entire network.

At Hosting 4 Less, we have many security measures in place designed to provide safety for your Website. Our Network Engineers monitor our network and all of its servers 24 hours a day, seven days a week. They are alerted if there is any sort of attack on our network or any of its components.

In the case of an attack on Hosting 4 Less's network, our Network Engineers immediately swing into action to stop the attack. Sometimes this requires that they shut down the component that is under attack to ensure its safety. Attacks are almost always resolved in under a half an hour, so there should be minimal impact on your Hosting 4 Less service. If you think your server or site is under attack, notify Hosting 4 Less Support at 888-818-0444


What is Hosting 4 Less's policy on spam?

Hosting 4 Less does not approve of spam in any form. If you have received spam, please call Technical Support at 888-818-0444 to report the incident. Hosting 4 Less will determine the source of the spam and take the appropriate actions.

If you are found guilty of sending spam, you will have violated the Acceptable Use Policy and will be subject to disciplinary action as follows:

  • First offense will result in the receipt of a warning.
  • Second offense will result in the termination of your account.