This morning, email and website access is sporadic (at best) on the PDXTC servers, and it is slowly being restored.

For what it’s worth, the problem was not actually on our end, but in the middle, with one of Portland’s primary bandwith providers making a stupid mistake. i know that’s of little consolation, but it’s the truth.

Tuesday afternoon about 4:45, our primary bandwith provider (Time Warner) made an unannounced and incorrect change to their system, causing not only web and mail servers to go down for PDXTC, but for nearly all of their Portland customers.

While we do have an alternative bandwidth provider for cases like this, they (apparently) have been unable to accommodate the traffic levels, since several local hosting companies have placed a huge load on them due to this Time Warner outage.

We realize the inconvenience this has caused, we apologize, and we are working diligently with Time Warner and yet another provider to achieve a speedy resolution, and prevent this from happening again.

A dozen years ago or so, I had one password that I used for everything, and it wasn’t until some bad experiences that I understood the wisdom of having stronger passwords.

That said, to this day, I have some very simple passwords for literally dozens of online accounts I have in various places, because there’s really only so much need for security on certain accounts, but they’re not common words from the dictionary.

I also have some accounts that I would obviously not want to fall into the wrong hands, but I’m also not willing to give up my most secure passwords to these companies either, and for those I use a different password.

Finally, for logging into credit card company or financial institution sites require an inordinate amount of caution, and that’s why I have three personal “password levels” that I use. While they’re all completely easy for me to remember, they’re not going to be randomly guessed by some software or ‘bot.

Long before I started using Firefox, I either had to remember my passwords or buy Roboform for every computer, so I derived a system that made some sense to me, since I often found myself frustrated by forgetting my passwords.

Jumping ahead to 2009, privacy and security have never been more important, and the odds are you haven’t begun using stronger passwords, have you?

After a recent very ugly hacking of a website on our hosting, where the FTP password was set to “password”, I’d like to do recommend that you go change some of them right now.

In my opinion, you absolutely must to create a stronger password for your:

1. E-mail accounts
2. Web property logins & FTP access
3. Web logins that have financial implications

Why use a stronger email password?
With a simple e-mail password, hackers can run scripts on mail servers trying common usernames and common passwords, and frequently they are successful gaining entrance to someone’s Web mailbox.

When someone gets access to a mail server with a username and password that validates, they can easily point their zombie spam machines to your mail server and begin to send out millions and millions of e-mails hour after hour. This does a couple of things, including bringing your mail server to its knees and getting everyone that’s hosted on that mail server banned for a least a few hours while the mess gets cleaned up.

Why use a stronger web / FTP password?
Most hackers aren’t content anymore with just defacing your site, now there’s a purpose to their hacking, i.e. some sort of financial gain.

When someone gets access to your Web logins and they can change your site, they’re also able to upload malicious scripts that can infect unsuspecting site visitors with various viruses, malware, adware and spyware.

In the old days, when spyware was relatively new, you could usually always tell when you add some crapware on your site because your system ran poorly, and this led to the rise of various spyware removal and prevention software.

Today however, the crapware designers do a much better job, and it’s highly likely that if you get spyware from a website, you may not even notice a performance hit. As the industry has become much more lucrative, talented programmers can write software to do their bidding on your PC without you even noticing.

For all you know, some well-written spyware could be using your home computer to log in at 11 at night to send a few thousand e-mails out, and be completely done by 3 a.m. only to sit dormant and not affect your regular daily use.

Why use stronger Financial Passwords?
Well, duh – For your online banking and purchasing, someone could conceivably log in as you, and trade stocks, transfer funds, and basically wipe you out financially just as surely as if you let the government do it for you.
That’s why you need secure passwords, and you need password you can remember.

How can you create a secure yet memorable password?
Secure passwords should have a combination of both upper and lower case letters, as well as numerals, to keep the hackers at bay,, and here’s my preferred way to create secure passwords that I can’t forget…

Think of an event that has some meaning for you and think of it as a written sentence. then use the first letter of each word, and the numbers for your password.

For example -
“My dog Fido died on May 10 1990” and your password would be MdFdoM101990

Or -
“My son Joe was born on May 10, 2000″ and the password becomes, MsJwboM102000 – get it?

You might choose to just use the last two digits for the year, or perhaps all four, but use a pattern that you can remember.

Use your wifes birthday, or something else that you could NEVER forget, and make sure to use at least two capital letters and at least two numbers.

If you want it truly unique for each website, and even more secure, you could try also adding the first letter of the domain you’re logging into.

# and $ signs and a few other characters are secure too, but keep in mind that some servers won’t accept them.

I’ll wait here while you go change your passwords right now, because believe me, someone really IS trying to get in your account, and maybe they’re trying right now!

*** Update March 2010***
My friends sister just found out that she was locked out of her hotmail account, and after a few minutes she realized she was locked out of her bank account too, and a couple of others. someone had apparently gained access to her mail account, so I got a panicked call.

Her password was a simple one, and with it, they changed her security questions in case she noticed, then they reset passwords elsewhere,  (since they had control of her email account for verification they could do that!), and as of this writing, she’s on the phone with US Bank after about 20 minutes of digging to find this link at Microsoft which led to this Microsoft account recovery form.

Change your passwords NOW.

If you’re one of our 900 hosting customers having sporadic trouble with email for the past 36 hours, here’s the deal, and we’re pretty sure it’s totally unrelated to my public criticism of Linux Magic.

At approximately 7:45AM Pacific, one of the PDXTC shared mail servers (mail2.pdxtc.com) was determined to be in a critical state by our server monitoring system.

The PDXTC Tech Support Manager arrived at the Portland Pittock Data Center at approximately 8:45am to troubleshoot the problem.

It was determined that this problem is due to an overwhelming amount of SPAM being sent into the server from outside services.

PDXTC currently subscribes to a service by SPF that eliminates approximately 95% of all SPAM. That service from the third party went offline and let that 95% of SPAM through to the server.

That overwhelming amount of SPAM equates to approximately 1.2 million messages. The servers load when trying to deliver these messages to user inboxes was compromised and will continue to remain in a critical state until SPF can be brought online.

We have already contacted the third party vendors in regards to the SPAM problem and they are aware of the issue and are still working on a resolution. In the meantime we are currently implementing two of our own internal SPAM filter servers to take load off of the server.

The servers have been built and have been installed in our data center. We are now currently waiting on the SPAM filtering software licenses to be issued for this matter to be resolved.

The mail server has remained online through this interim and users should be able to successfully receive email. There is frequent problems with trying to send email from this server due to the high load balance of the server and the SMTP protocol timing out when user’s attempt to send email.

Another symptom user’s may also experience due to this outage is receiving duplicate email messages in their email inbox. This is caused by the load balance of the server as well.

Anytime an email is received from an outside provider the server sends a confirmation that the email has been received to the outside provider. Once the confirmation is received the outside provider stops sending the message, unfortunately with the load balance of the server confirmation notifications to outside providers are delayed causing messages to be delivered multiple times.

Please be aware the PDXTC staff is working as quickly as possible to resolve the problem and minimize any downtime by getting the server back online as soon as possible.

PDXTC understands the importance of this matter and sincerely apologizes for any inconvenience this outage may have caused. Thank you for your continued support of PDXTC.

Qwest Internet service here in Portland Oregon has apparently begun to randomly block port 25 for its customers, just like Comcast did last year. This renders users helpless to send email using their own domain from their web host’s email server like most businesses do.

Also just like Comcast, they are not doing it to all users yet, and they have provided no notice to users for whom they have done this. It’s only due to spending several hours on the phone last summer that I can offer this solution.

If this has happened to you, simply open your mail client, go to the advanced properties of the mail account, and change your outgoing mail server (SMTP) from Port 25, to port 587, then save configuration, and restart your Outlook or Outlook express.

Port 587 is another port that many web hosts provide for exactly this situation. While I can attest to its success on the majority of hosted mail servers (including our web hosting servers in Portland), it may not work for everyone.

In the event changing to port 587 does not solve your problem, rather than calling Qwest, call your web host, and explain that “you suspect that your ISP has blocked port 25 for outgoing mail. What other port do they recommend you try?”

At that point, they will either open another port, or tell you the existing passport to use for their Web hosting.

The reasons Qwest (and Comcast) have done this to people with no notice escape me, but there ya go!

Another Portland web hosting user has been removed from our network because they are unable to follow the following instructions:

User E-mail rules for Web Hosting Clients:

1. Do not send unsolicited e-mail to your clients or customers unless you are using an approved third-party mail delivery method that is compliant with the current standards for spam prevention.
2. See rule #1 Failure to do so will result in the loss of your hosting account.

We’re sorry for the inconvenience to all of our other 680+ web hosting customers, but one of the PDXTC mail servers was again blocked yesterday by Comcast, because someone was too cheap to hire a reputable mail delivery service to handle their business E-mail communications.

I’ve written before about using services like iContact and how it protects you the business owner, as well as your customers and all other businesses that may be sharing your mail server from this headache.

They even have a 30 day free trial:

Anyway, we’re sorry for the inconvenience, but as you can see by the letter below the Comcast problem has been resolved.

Stompernet is one of the most expensive programs on the Web, but it is also one of the best.

I’ve been a member all of 2007, and I continue to shell out my money month after month, never ceasing to be amazed at the rich flow of information both from faculty and from other members.

Some actually call it a scam, while trying to hawk and various other products or programs, but I defy anyone to find a larger or more comprehensive resource of experts on the web.

The best and brightest Internet marketers in the world ( many whom have come out of retirement) make up the faculty at Stompernet, and cover every facet of search engine optimization and Internet marketing.

Beginning tomorrow, Stompernet is having a limited opening again, and if you want to learn more about it, you can check it out here at my affiliate link.

There is also now a limited one dollar trial for Stomper

There is an entire industry that does nothing except buy and resell expired domain names, and most of their inventory comes from grabbing the expired domain names of businesses just like yours.

Knowing these ten items below could save you hours of time & aggravation, and save your businesses hundreds or even thousands of dollars.

These are, in my opinion, the ten things you absolutely must know about your company domain name…

Domain registrar company name – This is the company that your domain was purchased from. The registrars website is the only place you can update or renew any domain information – look this up at http://www.betterwhois.com and type in your domain name, then a confirmation code you’ll be provided. Instantly, you’ll be given the name of your registrar.

Domain registrar username and password – Wherever your domain was registered, there is a user name and password required make any changes. This username and password is crucial for you to know.

After determining the registrar, visit their website and attempt to log in. If you don’t know the login and account name, you’re going to have to contact them, either by phone or by email.

Domain registrant – Normally, the business owner is the registrant. But, whoever possesses the registrar username and password is effectively in control of the domain.

The registrant is the legal owner, but many companies find out too late that they’re not the registrants of their own domain names! Often, it is an ex-employee, or the web hosting or design company they hired to create the website.

This leaves the site owner out in the cold if they ever want to make hosting or design changes. Your initial search at http://www.betterwhois.com will also show this information below the name of the registrAR.

Domain registrant contact information – The contact information of the registrant MUST be kept current at the website of the registrar. If you register a domain name and then change your email address or ISP, you will never be notified that your domain name is expiring, and you will lose your domain name.

Verify the registrant contact information at the registrar website. This is how most domain names are lost. When the expiration date comes up, the registrar attempts to notify the registrant. If there’s no response, then you lose it.

Domain Expiration Date – For obvious reasons, you should be well aware of when your domain name is set to expire. There are vultures perched on every tree branch waiting to pounce on your expired domain name, then try to sell it back to the rightful owner at 20, 50, or even 100 or 1000 times the actual cost.

Domain Locked Status – New domain name registrations are locked by default at the registrar. This means no changes can take place without an email notification getting sent to the registrar. If you’ve had your domain for a couple of years, your registrar may not have your domain name locked. Check this at your registrant website.

Your Web host – It’s hard to believe, but many businesses faced with the loss of a key employee don’t even know who is hosting their website. To determine your webhost, do the following”

1. Use http://www.betterwhois.com to determine your “Name Server” settings
2. Visit DNS Stuff and use the search box under “DNS Lookup”, (selecting “NS” from the dropdown box) to search for one of your Name Server settings. Just type in the domain name, without the first prefix, which is usually NS.
3. This should give you the name of the domain that owns your name servers. In many cases it will match, but in some cases, it will be another domain name.
4. After you have the Name Server owners domain name, just visit that site to get their contact information.

FTP Username and password of your domain – Not only is it important to know the company that’s hosting your domain, but you should also know their phone number, email, and their website. However, to make any changes to your website, you need to know your FTP address, your FTP user name, and your FTP password.

This information is to be guarded closely, and should always be changed after any key employee or subcontractor leaves your employment.

Domain control panel access – This is provided by your web host for convenience, and it’s where you would add or remove any email addresses, mailing lists, FTP users, or subdomains to your current domain.

Complete control of everything in your website starts here, and the username and password for the control panel should also be held close, and distributed only on a “need to know” basis.

Website Visitor Statistics – Only the most antiquated web hosts don’t offer free comprehensive reporting on your site visitors. Amazingly, many business owners aren’t even aware that they exist, or have no idea of the wealth of knowledge that they hold. Contact your webhost, and find out where and how you access your site statistics and give them a look.

Some Definitions:

Domain name – This is your url or your “address” on the web. www.domainname.com

Registrant – This is the legal owner of any domain name. Contrary to popular belief, this can is not always the business owner or company that is using the domain name

Registrar – This is an online service for registering domain names. There are dozens, perhaps even hundreds of registrars to choose from, and prices range from $7 to $30 per year, per domain name.

How devastated would you be if you lost your domain name and all of your company email addresses? Not a month goes by that I don’t encounter yet another business that got caught with their pants down… Don’t you be next!

Find out the answers to these ten items, fill them out on a worksheet, and keep it safe for future reference. You never know when you’ll need it.

Search Commander hosting clients have noticed a problem sending to AOL email addreses this week. The problem? It doesn’t arrive! Why?

As webhosts, we our hosting IP addresses from ARIN, the primary provider of IP addresses in the US and Canada.

AOL, in all their wisdom, is refusing to recognize that these new addresses exist yet, so they are blocking the mail as potential fraud, or spam. They return a cryptic message with a link to this page that says this:

554 RTR:BG

http://postmaster.info.aol.com/errors/554rtrbg.html

EXPLANATION:

This error indicates you are sending email from an IP address not yet delegated or allocated by the Internet Assigned Number Authority (IANA), commonly referred to as a Bogon IP. Traffic originating from Bogon IP addresses is generally assumed to be illegitimate or “spoofed”.

According to Complete Whois -
“the actual term “bogons” comes from word “bogus”, as in bogus ip announcements”

The real problem is that AOL only updates the list of new IP addresses once a month, and nobody seems to be able to say why.  So, ISP’s and web hosts need to wait for problems to occur, then they report the problems to AOL, who then updates the list manually before the regularly scheduled update. It’s stupid and archaic, but then, that about sums up AOL, doesn’t it?
They’ve totally dropped the ball, but now claim 3 to 5 business days to fix. Today is day 3. On behalf of our support staff, I’m truly sorry. There was no way this problem could have been prevented or anticipated.

If it wasn’t so frustrating, it might be funny that more than ten years after I first signed on to AOL Hell, I’m still waiting for them to get their act together…

That’s how long nearly 70 Portland web hosting servers were down this afternoon, and 5 of those web servers were mine. I had 170 affected customer domains, and what felt like that many phone calls! Ugh. Talk about frustrating!

The problem ended up being a. IP address change that Time Warner made, (TW is is our main provider), and once we reached them on the phone, they were able to switch back, get us back up in minutes.

We normally have a failsafe backup router in place that would have prevented this type of thing, but at that very moment, our backup router was being reconfigured by Rob, who was down at the data center. Just unaviodable bad timing, I guess…

If your domain was affected, I’m sorry… If not…then just forget you ever read this!

If you are a web hosting customer of ours, this is an urgent wake up call. By the end of 2006, your site may no longer function properly unless you act now. Microsoft has already discontinued Unix server support for Front Page, and Windows hosting support is likely not far behind.

Recently Microsoft announced that FrontPage 2003 will be the last version of FrontPage to be released. The product has reached its “End of Life” with Microsoft. Microsoft also announced that the Unix FrontPage server extensions have also reached their EOL date. The official EOL date for Unix extensions was on June 30th 2006.

Many features used in FrontPage websites are based on FrontPage Server Extensions released by Microsoft. Things like form processing, themes, hit counters and even website publishing. These features are collectively known as the FrontPage web-bots, and they are all coming to an end on our Unix systems.

We’ve continued to run the unsupported Unix FrontPage extensions on our servers since June to try to provide as much support for customers as possible, however, we are officially announcing the end, effective January 1, 2007.

Having the server extensions support dropped by Microsoft leaves us in a bad position and we must remove these extensions from the servers to avoid leaving the servers open to a possible attack.

SearchCommander.com plans on removing the FrontPage extensions from all of our Unix servers on December 31st, 2006. After this date, any site using the FrontPage server extensions on Unix at the end of this year will no longer work properly.

We MAY decide to pull support even earlier if any incompatibility or security issue arise, since there will be no further patches or upgrades to fix these issues.

Microsoft has also announced that it will be replacing FrontPage with two new product lines…

These lines are SharePoint Designer, aimed at businesses and teams of developers working on a single site. Expression Web Designer is the other line, targeted towards your average business web designer or home user. Both of these products are based on more standardized code and features than Front Page.

It is very likely that once these two new products are out, the Windows server FrontPage extensions will also be discontinued, so you should stop using them now even on windows servers. Neither of these new products will require or use the features in the FrontPage server extension package.

This puts you in an unfortunate but unavoidable position. Many of our users use FrontPage not only on Unix but also on Windows as well. With Unix support already being terminated and Windows likely to follow, the time has come to convert to more standardized web practices.

There is no upgrade path or any one clear direction for each of our users. Each webmaster will have to determine the best possible path for them to take.

All Unix users will be forced to switch over to Windows hosting within the next 3 months, keeping their existing FrontPage extension sites on-line.

We will then be removing the FrontPage extension controls from the control panel to avoid any new instances of FrontPage being installed.

We are strongly urging all users who use the FrontPage server extensions, Unix or Windows, to standardize their web practices and STOP USING the Front Page extensions at the earliest possible date.

There are several different paths that can be taken for the users of the FrontPage server extensions, and we’ll outline some of them below so you can make an educated decision.

1) Wait For Microsoft Expression Web Design
Users can wait for Expression Web Designer to be released by Microsoft and then convert their existing sites to the new formats and technologies. There will likely not be any built in functionality as there is in FrontPage with its web-bots. We are also not sure if there will be a built in FrontPage converting tool.

Pricing for the software is likely to be around $400 and it is said to be ready for stores by the end of the year. This is just information gathered from various Internet postings so please don’t hold SearchCommander.com to the pricing or release dates.

2) Unix users can move to Windows:
Moving from Unix to Windows is a very viable solution for the time being, and will buy you a little bit of time. We are going to try to continue to support the Windows FP extensions for as long as possible. However, if there is a security exploit for FP we will have to remove the support from Windows as well, and you will be out of luck. Therefore, you need to get off the FP extensions ASAP…

In the event of a security exploit on the FP extensions for Windows, we will check to see if Microsoft releases a patch to fix the exploit. If they do not release a patch for the extensions we will have to pull support for those as well. Please use this option only to buy yourself a little extra time to get one of the other options to work for you. This is not intended to be a permanent solution.

3) Continue Using FrontPage on UNIX, but WITHOUT using the server extensions:
This is always a valid option for any of our users. FrontPage is a decent web design program that will continue to work without the use of the FrontPage extensions. Users can build their websites in FrontPage locally on their computers and FTP them to the server using a FTP client or the built in FrontPage FTP client. Other features like form processing and hit counters will need to be replaced using scripts. There are many places on the Internet to find free scripts for form processing and hit counters that are built using PHP or ASP.

4) Use a web design program other than Microsoft FrontPage:
This is pretty much the same option as #3. There are many other design programs on the market such as Adobe Dreamweaver, or Coffeecup Designer. Many of these programs use standardized web processing and all of them would still require replacements for the FrontPage web-bots.

Each one of these options may or may not be right for you, and there are others too, including blogs and content management systems (CMS) but one thing is certain –

You MUST STOP using Front Page Extensions before the end of this year on your Unix hosting account.

Please evaluate each option above, and decide what is best for you and your website before your site stops working.

Please ask your questions about this here, as blog comments, so that all of our users may benefit form the answers.

Any web hosting support emails about this subject will also be posted here, and I will answer each one personally.
We’re sorry for the inconvenience, but hey, the world is a changing place!

As an Oregon web host with 5 servers located in downtown Portland, I cannot afford to have any down time, or have any delays in getting help when I need it.
I need those machines running 24/7 with reliable backup, remote monitoring, and emergency recovery assistance.

Do I have time to do that myself? No way. Am I going to trust that to a faceless company in the middle of nowhere?  Not a chance.
Time and time again, Rob and Justin from Weberz hosting solutions remind me why I have them maintain and manage my servers.

Yesterday a potential programming problem on a new client website threatened to void three months of work. With just a little bit of developer communication, we had the issue fixed in a day, and I kept a client that would surely have had to host elsewhere, assuming he could get some help.
If you just need reliable web hosting, I can surely help you myself.  But if you need a  managed or co-located server with hands on suppoort to like I do, turn to Weberz, and be sure to tell them I sent ya!

Why do I still get so many calls from people that have lost their domain names? Because business owners have businesses to run, and occasionally trust “little” things like domain registration to others. Some things are just too important to delegate.
Read this short article I wrote last year and you’ll never unwittingly lose your domain name… It’s called 7 things every business owner should know about their domain name