Hostek.com Wiki - User contributions [en]

How to Enable Robust Exceptions on a per Site basis in ColdFusion

2018-03-27T18:25:34Z

Davidd:

In circumstances when you need to enable robust exceptions for a site, here are the steps needed:

You can configure this at the site level within your Application.cfc using the "this.EnableRobustException" property:

https://helpx.adobe.com/coldfusion/cfml-reference/application-cfc-reference/application-variables.html

Example "Application.cfc" file:

<cfcomponent>
<cfset this.Name = "My Application Name" />
<cfset this.EnableRobustException = "True" />
</cfcomponent>

Example for restricting based on IP address:

<cfcomponent>
<cfset this.Name = "My Application Name" />
<cfif CGI.REMOTE_ADDR EQ "123.123.123.123">
<cfset this.EnableRobustException = "True" />
</cfif>
</cfcomponent>

'''NOTE:''' Replace '''123.123.123.123''' with your actual IP address.

How to Enable Robust Exceptions on a per Site basis in ColdFusion

2018-03-27T18:22:34Z

Davidd:

In circumstances when you need to enable robust exceptions for a site, here are the steps needed:

You can configure this at the site level within your Application.cfc using the "this.EnableRobustException" property:

https://helpx.adobe.com/coldfusion/cfml-reference/application-cfc-reference/application-variables.html

Example "Application.cfc" file:

<cfcomponent>
<cfset this.Name = "My Application Name" />
<cfset this.EnableRobustException = "True" />
</cfcomponent>

Example for restricting based on IP address:

NOTE: Replace "123.123.123.123" with your actual IP address.

<cfcomponent>
<cfset this.Name = "My Application Name" />
<cfif CGI.REMOTE_ADDR EQ "123.123.123.123">
<cfset this.EnableRobustException = "True" />
</cfif>
</cfcomponent>

How to Enable Robust Exceptions on a per Site basis in ColdFusion

2018-03-27T18:20:02Z

Davidd:

In circumstances when you need to enable robust exceptions for a site, here are the steps needed:

You can configure this at the site level within your Application.cfc using the "this.EnableRobustException" property:

https://helpx.adobe.com/coldfusion/cfml-reference/application-cfc-reference/application-variables.html

Example "Application.cfc" file:

<cfcomponent>
<cfset this.Name = "My Application Name" />
<cfset this.EnableRobustException = "True" />
</cfcomponent>

Example for restricting based on IP address:

NOTE: Replace "123.123.123.123" with your actual IP address.

<cfcomponent>
<cfset this.Name = "My Application Name" />
<cfif CGI.REMOTE_ADDR == "123.123.123.123">
<cfset this.EnableRobustException = "True" />
</cfif>
</cfcomponent>

SmarterMail

2017-06-26T21:15:47Z

Davidd: /* Information */

__FORCETOC__
==SmarterMail Help==
===SmarterMail Documentation===
*The link below will send you to the SmarterMail Documentation, this will familiarize you with the interface and it's functions:
#https://help.smartertools.com/SmarterMail/v13/
#For a different version of SmarterMail, please see this page: https://help.smartertools.com/Default.aspx
===SmarterMail Video Tutorials===
*The link below will send you to our SmarterMail Video Tutorials Wiki:
#https://wiki.hostek.com/SmarterMail_-_Video_Tutorials
===Anti-Virus Information===
*Our SmarterMail MailServers use Trend Micro's Server Protection Anti-Virus software along with AVG Cloudcare. These programs are continually updated and they filter all known viruses.

==Limits within SmarterMail==
===Information===
*A "limit" in this aspect is more like a safeguard or protective measure.
*#The word "limit" is a little misleading here, as we're not limiting anything ''most'' customers would do.
*#If you do run into any of these "limits", please contact support right away and we'll work with you further.

*A '''SmarterMail VPS''' or '''Windows VPS with SmarterMail''' is always a good option for you if you need to have some abnormal situations handled.

===Emails Per Hour===
#The number of emails a domain can send per hour is '''100'''.
#In normal situations, a domain will not send this many in a Day or Week.

===Email Attachment Size===
#The Maximum size of an Email Attachment is '''30MB'''.
#If you feel you need to send a larger attachment, please consider the end recipient and the effect such a large attachment will have on them. (Storage Space + ISP Data Usage concerns)
#Here are a couple of alternatives:
##FTP(File Transfer Protocol) can be used to move the the file(s) to your site. Once that is accomplished you can email them a link to the file. You may need to place the file in a .zip so that they can easily download it though.
###More information on FTP [https://wiki.hostek.com/Connecting_to_FTP here].
##File Sharing Services such as:
###Dropbox: https://www.dropbox.com/
###Google Drive: https://www.google.com/drive/
===Users Per Domain===
#The number of users per domain needs to be kept to '''100''' or less.
#In most situations, only a handful of addresses are needed.
#Anything approaching that limit is a little abnormal and [depending on your situation] a '''SmarterMail VPS''' would be your next step after hitting that marker.

==Basic Interface Functions==

===How to import mail from another mail server===
#Log into SmarterMail as your email user.
#Click the Settings icon.
#Expand the My Settings and Advanced Settings folders in the navigation pane.
#Click Mailbox Migration.
*The mailbox migration tool will open in a new window. Follow the on-screen instructions to import email and collaboration data from a third-party mail server to your SmarterMail mailbox.

===How to Create a Folder===
#Sign in to '''SmarterMail'''.
#Click on the '''Mail''' icon.
#Click on '''Actions''' (On the far-left side of the light-blue bar.)
#Click on '''New Folder'''.
#Name your folder.
*You can access any folders you create by Clicking on the '''+''' button next to '''Inbox'''.

===How to Perform a Mass Deletion===
#Sign in to '''SmarterMail'''.
#Click on the '''Mail''' icon.
#Select the '''appropriate''' inbox.
#Click on '''Delete'''.
#Select '''Delete All Messages in Folder'''.
*If you want to save certain emails, please follow '''How to Move Emails to a Folder'''.

===How to Move Emails to a Folder===
#Sign in to '''SmarterMail'''.
#Click on the '''Mail''' icon.
#Select the '''appropriate''' inbox.
#Tick all of the '''appropriate''' emails.
#Click on '''Actions''' (Above the Emails).
#Select '''Move'''.
#Specify the '''folder''' of choice (You might have to find it by Clicking on the '''+''' next to '''Inbox''').

===How to Set a Notification Profile===
*This will allow you to set any number of email address to receive '''very''' important '''System Administrator''' Notification emails.
#Sign in as the primary administrator email account (the default is the ''''mailadmin@'''' user) in '''SmarterMail'''.
#Click on '''Settings''' (the '''gears''' icon).
#Expand '''Domain Settings'''.
#Click on '''Notification Profiles'''.
#You now have the option to create a '''New''' entry, '''Delete''' an entry, or '''Edit''' the default/existing entry.
*These are the options you will have to choose from when setting a '''Notification Profile'''.
#'''Email Address(es)''' - The email address(es) to which notifications are sent.
##'''Enable''' - Select this option to enable email notifications.
#'''SMS Email Address(es)''' - The mobile device email address to which notifications are sent.
##'''Enable''' - Select this option to enable SMS notifications.
#'''Enable Reminders for all domain administrators''' - Select this option to send a reminder to all domain administrators when the event is triggered.

==How to Add a Disk Space "Event"==
*This will setup a notification to alert you whenever a User's Disk Space is close to, say for example 90% Full.
*This is done through SmarterMail's '''Events''' feature.
#Log in to SmarterMail
##Example: <nowiki>mail.yourawesomedomain.com</nowiki>
#Go to the '''Settings''' tab, which is the Gears icon on the left-hand side.
#Click on '''Events''':
#*You can set this up for '''your user''' in the '''Events''' section under the '''My Settings''' area.
#*You can set this up for '''any user''' in the '''Events''' section under the '''Domain Settings''' area.
#Click the '''New''' button near the top of the page.
#Here is an example Disk Space Event:
##This is in the "Conditions Tab"
##'''Event Name:''' Example Disk Space Alert
##'''Event Category:''' User
##'''Event Type:''' User Disk Space Used
##'''Time of Day:''' Disabled
##'''Mailbox Usage (%):''' [Greater Than] [90]
#Click on the '''Actions''' tab next to the '''Conditions''' tab, and hit '''Add Action'''.
#Click '''Save''' if the Defaults look good or after you make your custom changes.

==How to Add a Trusted Sender==
===User-level Trusted Senders List===
*This can also be called a [soft-]whitelist for your user.
#Login to Webmail
##Example: <nowiki>http://mail.yourawesomedomain.com/</nowiki>
#Go to '''Settings''' (Gears Icon)
#Under '''My Settings''' select '''Trusted Senders'''
#Click '''New'''
#Add a Domain or Email User (one per line) and click '''Save'''

===Domain-level Trusted Senders List===
*This can also be called a [soft-]whitelist for your whole domain.
#Login to Webmail(e.g. <nowiki>http://mail.yourawesomedomain.com/</nowiki>) as an Administrator of the Domain
##If you don't have an Administrator user, then you'll want to start by logging into '''[https://wcp.hostek.com/ WCP]''' and following the below steps:
##We're going to access the Default Admin User which is called '''mailadmin'''.
##Click on '''Users''' underneath the '''Email''' section in WCP.
##Click on '''Login''' parallel to the '''mailadmin''' user.
#Go to '''Settings''' (Gears Icon)
#Under '''Domain Settings''' select '''Trusted Senders'''
#Click '''New'''
#Add a Domain or Email User (one per line) and click '''Save'''

==How to Add a Signature==
*A Signature will always appear at the bottom of your next Email. So you'll want to make sure that it's appropriate for all uses.
#Login to your '''SmarterMail'''
##Example: <nowiki>http://mail.yourawesomedomain.com/</nowiki>
#Click on '''Settings''' (Gears Icon)
#Expand the '''My Settings'''
#Click on '''Signatures'''
#Click on the '''Signatures''' tab
#Select '''Add'''
#Apply your '''Signature''' in the text box and click '''Save'''

===Adding an Image to your Signature===
#You will first need to upload the image to your website unless the image already exists in your root folder.
#Enter in the '''URL''' location of the image in the code (Shown below), as well as the '''Width''' and '''Height'''.
#Login to your '''SmarterMail'''
##Example: <nowiki>http://mail.yourawesomedomain.com/</nowiki>
#Click on '''Settings''' (Gears Icon)
#Expand the '''My Settings'''
#Click on '''Signatures'''
#Click on the '''Signatures''' tab
#Right-Click on the Signature and select '''Edit'''
#Next, click on the '''<>''' (Code Snippet) icon listed below the window and paste the full '''Image Code''' from below [only with your URL] in any location you are wanting the image displayed.
*URL EXAMPLE:
**http://www.example.com/folder/logo.jpg
*Image code:
**<code><img src='http://example.com/folder/logo.jpg' width='###' height='###' /></code>

==Shared Calendar==
*To share your SmarterMail Calendar with other users within your domain, follow these steps:
#Go to '''Settings''' (Gears Icon)
#Expand '''Sharing'''
#Click on '''Shared Resources'''
#Right-click on each user you want to have access to your Calendar and click '''Edit'''
#Choose the access level you want them to have. The options are:
##'''None''': No access.
##'''Availability-only''': This allows users to only see the availability of others when setting up Events.
##'''Read only''': Allows users to only see the shared data but not have any ability to edit it.
##'''Full control''': Allows users to fully edit and view the shared resource.
*VPS-Customer Note: The SmarterMail '''Sharing''' feature is only available on SmarterMail Enterprise Edition.

==How to setup Content Filters==
*Content Filtering is a very powerful method to filter all of your important emails to one folder, or even automatically delete the emails you don't want to see.
#Log into SmarterMail
#Example: <nowiki>http://mail.yourawesomedomain.com/</nowiki>
#Click the '''Settings''' (Gears Icon)
#Expand '''"Filtering"'''
#Click on '''Content Filtering'''
#In this screen you can Add and Manage your Content Filters as you see fit.
*If used against Spam, Content Filtering should be used ''with'' Spam Filtering.

==Forwarding==
===How to add a Forwarding Email Alias===
# Log into your WCP at https://wcp.hostek.com
# In the '''Email''' section click on '''Forwarding'''
# Click '''Add Email Alias'''
# In the '''Alias Name''' field enter the first part of the email address you want to forward (i.e. '''john''') ... do not include the @domain.com part.
# In the '''Forwarding Address''' field, enter the real destination email address like '''john@another_domain.com'''
# Click '''Save'''
===How to add Forwarding to an Existing Email User===
# Log into your WCP at https://wcp.hostek.com
# Click on the '''Users''' icon.
# Click the '''Login''' button for the specific user.
# Once in SmarterMail click the '''Settings''' icon on the left.
# Click on the Forward Tab at the top.
# Type in the address you want to have emails forwarded to.
#The '''Remove Emails on Forward''' option removes emails from the server that have already been Forwarded.
##This keeps your Email Disk Space Usage low, rather than keeping the messages on the server.
# Click '''Save''' at the top to save the settings.

==How to Create a Backup Email Address==
*If you ever forget your SmarterMail password and would like to have it reset[without contacting support], you will need a backup e-mail address setup in SmarterMail, below you are shown how to set one up:
#Login to SmarterMail
##Example: <nowiki>http://mail.yourawesomedomain.com/</nowiki>
#Click on '''Settings''' (Gears Icon)
#Make sure you're on the '''Account Settings''' page
#Fill out the '''Backup Email Address''' box
#Click '''Save'''
*Now if you forget your SmarterMail password you can click on the '''Forgot Password''' link and you will be sent more information to your Backup Email Address.

==Email Headers==
===Importance===
*Email headers can be very useful for tracking down issues with failed emails and spammers. This is because they include such information as the sender's IP Address, the originating MailServer, and the FROM Email Address.
*The IP Address of the originating server is very important, because it can provide us with very good information on the issue.
===How to view Email Headers===
#Login to Webmail
##Example: <nowiki>http://mail.yourawesomedomain.com/</nowiki>
#Find and open the message in your Inbox
#Click '''"Header"''' in the lower right-hand corner of the screen
#The content of the email should now show several lines of information including '''return-path''', and '''received'''

==Mailing List Management==

===How to Create a Mailing list===
#Log in to SmarterMail as the mailadmin
#Click the Settings icon
#Expand the Domain Settings and Mailing Lists folders
#Click Mailing Lists in the navigation pane
#Click New in the content pane toolbar
#Click the List Settings tab and complete the appropriate fields. The Name and Moderator fields are required
#Click the Options tab and select the appropriate checkboxes to enable the desired mailing list options
#Click Save

===How to Import a Mailing List===
#Export your subscribers from where they are now.
#Open your subscribers file in a text editor such as NotePad.
#Add the Email Address identifier explained below:
##The first line of your list should be this text <code>EmailAddress</code>
#Save the file with the '''.csv''' extension.
#Login as one of the Domain-level Admins (mailadmin@... is the Default one)
#Click '''Settings''' (Gears Icon)
#Expand the '''Mailing Lists''' section
#Click '''Mailing Lists'''
#Click on '''Subscribers'''
#Select '''Upload''' and find the file on your machine to upload it.
*'''Example:'''
#By default a file "list.txt" should be saved to your local computer after exporting the list.
#Open the file in NotePad or any other text editor.
#Here is the body of the example file:
##<code>EmailAddress example@exampletest.com</code>
#Save it as a '''.csv''' file.
#The file should now be called "list.csv" instead of "list.txt".
#Upload(Import) the file into SmarterMail.
===How to Export a Mailing List===
#Login as one of the Domain-level Admins (mailadmin@... is the Default one)
#Click '''Settings''' (Gears Icon)
#Expand the '''Mailing Lists''' section
#Click '''Mailing Lists'''
#Click on '''Subscribers'''
#Select '''Download'''
#Select the location you wish to save the file to and click '''Save'''
===How to Add and Remove Subscribers===
*When you add a new Subscriber you can only add them one at a time unless you upload a text file of the Subscribers.
*To manage your mailing list, please follow these steps:
#Login to Webmail as a Domain-level Administrator
##Example: <nowiki>http://mail.yourawesomedomain.com/</nowiki>
##Example: mailadmin@yourawesomedomain.com
#Go to '''Settings''' (Gears Icon)
#From the '''Domain Settings''' area select '''Mailing Lists'''
#Select the mailing list you wish to manage.
#Click Actions, then click '''List Subscribers'''.
#Choose from the following options:
##'''Add Addresses''': adds one or many email addresses to the list (when adding multiple addresses, enter only one address per line - duplicates will not be added)
##'''Download''': initiates the download of a .txt file containing your mailing list subscribers
##'''Upload''': initiates the upload a new .txt file containing your list subscribers (one per line). Choose to add the uploaded addresses to the existing list or to completely replace the old list with the new addresses. Duplicates will not be added.
##'''Delete All''': initiates the deletion of all email accounts in the list. A confirmation dialog will appear. Once you delete subscribers, you cannot recover them, so it is recommended that you first download the list before deleting.
##'''Delete link''': this option will delete only the selected email address from the list
#Click Save.

===How to Subscribe/Unsubscribe===

*The following explains the steps involved in subscribing and unsubscribing to an existing mailing list. This is done by sending an email message to the list. You are also able to execute other Listserv Commands through email messages.
====To subscribe to a mailing list, please follow these steps:====
#Open your Email client and create a new message.
#Enter <code>stServ@yourawesomedomain.com</code> (this is the Default MailList Admin) as the TO Address.
#Enter <code>subscribe listname</code> in the Body of your message where "listname" is the name of the list you are subscribing to.
#Leave the Subject of the message '''blank'''. If your mail program requires text in the subject field, enter a few random characters.
#Send the email
#If you successfully Subscribed you will receive a confirmation email.
====To unsubscribe from a mailing list, please follow these steps:====
#Open your Email client and create a new message.
#Enter <code>stServ@yourawesomedomain.com</code> (this is the Default MailList Admin) as the TO Address.
#Enter <code>unsubscribe listname</code> in the Body of your message where "listname" is the name of the list you are unsubscribing from.
#Leave the Subject of the message '''blank'''. If your mail program requires text in the subject field, enter a few random characters.
#Send the email
#If you successfully Unsubscribed you will receive a confirmation email.
===Listserv Commands===
*Listserv commands allow you to control the list through commands sent in email messages to the Listserv Command Address. By default, the Command Address for a domain is "stServ@yourawesomedomain.com".
*#Your System-level Administrator may change this Command Address.
*To send a command, compose an email to the Command Address with the command in the body of the message.
*#The subject of the message is ignored.
*'''Note:''' Any references to "listname" should be replaced with the list you are trying to use.
#<code>Help</code> - Replies to the email with basic instructions on using Listserv Commands.
#<code>Help listname</code> - Replies to the email with the contents of the Help File for that list.
#<code>List</code> - Replies to the email with a list of all available lists.
#<code>List listname</code> - Replies to the email with a list of all subscribers for a particular list. This command can be disabled by the moderator in General Settings.
#<code>Subscribe listname</code> - Adds your email address to the subscribers list of the mailing list. This command may be disabled for private lists by the moderator in General Settings.
#<code>Unsubscribe listname</code> - Removes your email address from the subscribers list for the mailing list referenced by listname.
#<code>Set mode digest listname</code> - Sets your email address to receive emails in digest mode, which will send all messages for the list combined into one email at regular intervals.
#<code>Set mode standard listname</code> - Sets your email address to receive emails in standard mode (the default), which will send messages one at a time to your email account.

==How to Enable the Sent Items Folder==

===In SmarterMail===
#Login to SmarterMail
##Example: <nowiki>http://mail.yourawesomedomain.com/</nowiki>
#Click on '''Settings''' (Gears Icon) on the left-hand side of the page.
#Next click on '''Account Settings''', which should be under the '''My Settings''' section.
#Towards the middle of the page click on the Tab labelled '''Compose'''.
#There should now be a box that reads '''Enable sent items folder''' click that box and then click '''Save'''.
#The next time you compose an email through SmarterMail the email will appear in your '''Sent Items''' folder.

===In Email Client===
#Make sure the Email Account type in your Email Client is set to '''IMAP''', if it is set to POP3 this shouldn't apply to you.
#In your Email Client, enable what is commonly called placing a copy of '''Sent''' mail to be placed in the email address folder on the server. This is worded differently per email client.
##In '''ThunderBird''':
###In Account Settings
###Then in Copies and Folders
###Tick the box next to '''Place a Copy in:'''
###Select the Radio Button next to '''"Sent" Folder On:'''
##In '''Outlook:'''
###You should create a '''Rule''' to have the Sent messages '''forwarded''' to the server's '''Sent Items''' location.

==How to handle Disk Space Alerts==
===Alert Information===
#If you receive the below message for one of your email accounts you will need to either clear out emails to free up some space for that user, or use the steps below to increase the space for that user.
#*<code>"The size limit of ### MB for mailbox youremail@yourdomainexample.com has been exceeded. Incoming mail is currently being rejected."</code>
#Emails will be bounced back to the sender until enough space is added/cleared. The emails that are bounced, will be unrecoverable by our system. However, the logs will have record of all messages that were rejected.
#Learn how to view your Delivery and SMTP logs [https://wiki.hostek.com/WCP_(Windows_based_Control_Panel)#Mail_Logs here].

===Viewing Disk Space Usage===
*These steps will allow you to view the disk space currently being used for each of your SmarterMail users, as well as the maximum allowed disk space for each user.
#Log into SmarterMail for your domain as an administrator account such as '''mailadmin'''. Example Login URL: <nowiki>http://mail.yourdomain.com</nowiki>
#Click '''Reports''' on the far left navigation bar
#Expand '''Domain Summary Reports'''
#Expand '''Traffic Reports'''
#Click '''Disk Usage'''
*'''NOTE''': If you do not see any Usage Reports, then you will need to contact Support to have those enabled for the Domain.

===POP3 Utilization===
*We also recommend the use of '''POP3''' in a '''Mail Client''' (such as Microsoft Outlook, Mozilla Thunderbird, Roundcube, etc.) to pull the emails off of the server and onto your local device.
#Configuration steps for common Mail Clients: [https://wiki.hostek.com/Email_Client_Setup_Tutorials '''here'''] 

===Editing Disk Space Limits In SmarterMail===
*These steps will allow you to change the disk space limit for your SmarterMail users.
#Log into SmarterMail for your domain as an administrator account such as '''mailadmin'''
##Example Login URL: <nowiki>http://mail.yourdomain.com</nowiki>
#Click '''Settings'''
#Click '''Expand Domain Settings'''
#Click '''Users'''
#Right-click the user you want to edit and click '''Edit'''
#Change the '''Mailbox Size Limit''' to the new limit you want to assign
##Setting the limit to '''0''' means 'Unlimited' or 'No Set Limit' (this means that the limit is now however much Disk Space your Domain has on the MailServer)
#Click '''Save'''.

===Editing Disk Space Limits in WCP===
#Log into your '''Windows Control Panel''' by going to http://wcp.hostek.com.
#Click on '''Users''' under the '''Email''' section.
#Click the pencil icon (Edit) to the left of the specific email user.
#In the section '''Mailbox Size (MB)''' change the amount to your desired size.
#Click '''Save'''.
*'''NOTE''': Maximum size to set per user is '''999'''. If you would like no limitations, set the size to '''0'''.

===Ordering Additional Disk Space===
#Log into your '''Client Billing Area''' at '''https://cp.hostek.com'''.
#Click on the '''Services''' tab in the menu bar and select '''View Available Addons'''.
#Next, click on the '''Order Now''' tab next to the product add-on you would like to choose.
#Fill in the payment methods below and click on '''Complete Order'''.
*'''NOTE''': If you have ordered an '''irregular amount of Disk Space''': our '''SmarterMail VPS''' would be another solution for your '''high email storage''' needs. These are located in the VPS section of our main website.

=== (VPS-only) Altering Domain Disk Space Limits===
#Log in to the SmarterMail Administrator
#*Example Login URL: <nowiki>http://mail.your-awesome-domain.com</nowiki>
#*Username: '''This is located in the Informational Email sent to you after the initial setup of your VPS'''
#*Password: '''This is located in the Informational Email sent to you after the initial setup of your VPS'''
#Go to '''Domains''' (Globe icon)
#'''Right-click''' on the domain and select '''Edit'''
#Go to the '''Limits''' tab
#Change the '''Disk Space''' box to whatever you want
#*('''0''' is "Unlimited" or "No Set Limit"; this means that the limit is now however much Disk Space your VPS has, which isn't recommended in the case of spam.)
#Click '''Save'''

==CalDAV Setup==
#CalDAV is an Internet standard allowing a client to access scheduling information on a remote server.
#CalDAV synchronizes any modifications to a predefined calendar, whether the change is made directly on the server(Webmail) or if it was made on your iPhone(Mobile Device).

*You'll find step-by-step instructions on how to configure SmarterMail's CalDAV in certain email clients:
===Thunderbird with Lightning Extension===
*Steps for adding a CalDav calendar to Thunderbird Lightning.
#Choose '''File'''->'''New'''->'''Calendar...'''
#Select '''On the Network''' and click '''Next >'''
#Select '''CalDAV''' and enter the following for the location:
##<nowiki>https://mail.[yourdomain.com]/WebDAV/cal</nowiki>
##(Replace '''[yourdomain.com]''' with your actual domain name)
#Enter a name for your calendar and choose the '''E-mail''' to associate the calendar with and click '''Next >'''
#Click '''Confirm Security Exception''' when prompted (this is just required because you're using '''mail.yourdomain.com''' for the connection instead of '''mail##.hostek.com''')
#You will now be prompted to enter a '''User Name''' and '''Password''' to authenticate with SmarterMail. Enter the following:
##User Name: **Your Full Email Address**
##Password: **Your Email Password**
#Check the checkbox if you do not want to enter the password every time you open Thunderbird.

===Other===
*[https://wiki.hostek.com/IPhone#iPhone_Calendar_Sync_with_SmarterMail iPhone CalDAV Setup Wiki]
*Tutorials for other email clients will be added in the future.
*If you would like to see a tutorial for a specific email client, please let us know by submitting a ticket [https://support.hostek.com/ here].

==SmarterMail Chat/XMPP==
===Information===
*SmarterMail Chat is a feature within SmarterMail that allows users on the same domain to "chat" with one another .
*Smartermail Chat is '''NOT''' available on our Shared Hosting packages.

===VPS Activation===
*You can enable SmarterMail Chat on your VPS by following the steps below:

====Enabling Chat for a Domain====
#Log in to SmarterMail as the '''System-level Administrator'''
#Click '''Domains''' (Globe Icon)
#Right-click and select '''Edit''' on the desired domain and the Domain Settings will load in a separate window
#Go to the '''Features''' tab
#Tick the '''Enable XMPP Communication''' checkbox
#Click '''Save'''

====Enabling Chat for an User====
#Log in to SmarterMail as the '''Domain-level Administrator'''
#Click '''Settings''' (Gears Icon)
#Expand '''Domain Settings'''
#Click on '''Users'''
#Right-click and select '''Edit''' on the desired user and the User Settings will load in a separate window.
#Click the '''Service Access''' tab.
#Select the '''Enable XMPP Access''' checkbox.

==ActiveSync/EAS==
===Information===
*Pricing an Purchasing:
#This is a $4.79/month Addon on per user basis.
#Currently you must contact [http://support.hostek.com '''Support'''] to purchase this Addon.
##To speed up this process, please provide Security Verification(Security Answer +/- Security Question) with your request and we'll get this setup for you.
*Description:
#Microsoft Exchange ActiveSync(EAS) is a data synchronization protocol that enables over-the-air access to email, calendars, tasks, and notes from most mobile devices, including Blackberry, iPhone, Palm Pre, and Windows Mobile devices.
#In addition, ActiveSync(EAS) enables SmarterMail users to have access their email, calendars, tasks, and notes while working offline.
*What it's for:
#Mobile Devices ( iPhone, BlackBerry, Windows Mobile Devices )
#Microsoft Desktop Email Clients ( Outlook 2013 and above, Windows Mail (Windows 8 or above))
*What it's '''NOT''' for:
#Non-Microsoft Desktop Email Clients ( ThunderBird, OperaMail, etc. )

===How to setup ActiveSync in a Mobile Device===
#If you already have mail setup on your phone as an IMAP Account, then you will need to delete the Email Account off your phone to re-add it as an Exchange Account.
##The same thing goes for the POP3 Accounts too, but know that the Emails stored on your phone will be deleted and will only be recoverable via a nightly backup from our team.
##If this is the case you'll want to add a separate Exchange Account to your Mobile Device and keep the POP3 one.
#Add the Email Account back to your phone, choosing Exchange as the type.
##Example: [[File:Iphone-exchange.png|100px]]
#Enter the details accordingly (leave the '''Domain (Optional)''' field blank.)
#iPHone users need to make sure '''Fetch New Data''' is set to '''Push'''.
===Proper use of Sub-Folders with ActiveSync===
*When creating New Folders, '''DO NOT''' create Sub-Folders within your Inbox:
#While technically possible, many third-party Email Clients and most Mobile Devices '''CANNOT''' sync Sub-Folders that are part of a user's Inbox.
#To make your SmarterMail folders available for a third-party Email Client such as Outlook, when you set up the account in your Email Client you will need to use IMAP as your Incoming MailServer type.
#If you use POP3 for your email you only have access to your SmarterMail Inbox, this means you can't access your personal mail folders you've created to organize messages.
#In addition, when using syncing protocols like Microsoft Exchange ActiveSync(EAS), any folders that are created will also sync with whatever Mobile or Desktop Email Client you're setting up with ActiveSync.
#Just be aware of the concern noted previously about syncing Sub-Folders created within your Inbox.

[[Category:SmarterMail]]
[[Category:Email]]
[[Category:Email-VPS]]
[[Category:Misc-Email]]
[[Category:Configuring-Email-Clients]]
[[Category:VPS]]

WordPress Site Hacked

2017-05-30T20:11:32Z

Davidd: /* More Information */

'''IMPORTANT NOTE: Be sure to keep your WordPress install up to date AND keep your themes and plugins up to date.'''

__FORCETOC__

==Introduction==

This article explains what to do if your WordPress site is compromised by a hacker and how to resolve the issue. If you find that the steps in this article are too technically challenging, please contact our support team and explain the situation; and we can offer assistance with getting your site back to normal.

==Causes==

The following are the most common way that a WordPress site gets compromised:

* Your desktop or laptop computer gets a virus/spyware/malware application installed, and that application records your login keystrokes on the WordPress site([https://en.wikipedia.org/wiki/Keystroke_logging keylogger]) and sends the username/password to the hacker.
* The WordPress site contains a theme with a vulnerability
* The WordPress site contains a plugin with a vulnerability

==Remedy==

Below are some steps you can take to fix your WordPress site:

# Move everything except the /wp-config.php file into a backup directory (you can name it something like /Quarantine or /OLD)
# Create a backup of your MySQL database through PHPMyAdmin (Accessible from your hosting control panel)
# '''NOTE: Steps 1 and 2 are critical. If anything goes wrong, the backup of your site files and database will allow you to revert the changes.'''
# Download the latest version of WordPress here: https://wordpress.org/download/
# Upload the files and folders from the latest version of WordPress that you downloaded. This should replace the /wp-admin, /wp-includes, index.php, etc. that you moved to the backup folder in the first step.
# Edit your wp-config.php file and ensure nothing bad was added by the hacker (this can often be a snippet of code added to the beginning or end of the file that shouldn't be there. If you are unsure, compare the wp-config.php file with the wp-config-sample.php that came with version of WordPress you downloaded in step one)
# Update the MySQL database password and place the new password in the wp-config.php file because the hacker may have gotten the old password
# Log into the WordPress admin (/wp-login.php) and navigate to the 'Users' section. The hacker may have added some additional users to your site so you should delete any users that you did not add.
# Update the password for all of the valid WordPress users in-case that is how the hacker got into the site
# Go to the 'Settings'->'Permalinks' page and click 'Save'. This will re-create your .htaccess(Apache) or web.config(IIS) file.
# Copy everything from your old /wp-content/Uploads folder into your new /wp-content folder. This will bring over any images, audio, and video that were previously uploaded to your site.
# Re-install any plugins and themes you were using on the site. If you had made modifications to your theme or plugins and need to bring the files over from the backup of the site, be very careful. The hacker may have injected bad code into your old theme and/or plugin files that will allow them to get back into the site. You should only move over files that are absolutely necessary and check the content of those files for anything suspicious.

==Adding extra security==

These are some extra steps you can take to lock down your WordPress installation.

* Disable file editing through the WordPress by adding "''define('DISALLOW_FILE_EDIT', true);''" to your wp-config.php file - reference: [https://codex.wordpress.org/Hardening_WordPress#Disable_File_Editing]
* Disable direct script execution in both your /wp-content and /wp-includes directories. The PHP files in these directories should only be used via includes from the core WordPress code and not directly.
* Add Basic authentication to your /wp-admin directory. This will cause your administrator section to require a double-login, but it adds an extra layer of security to your WordPress admin dashboard.

==Additional considerations==

Here are some additional considerations to take after an event.

* Scan the desktop or laptop computer you use to administer the site for malware.
* Update your FTP password.

==More Information==

[https://codex.wordpress.org/Hardening_WordPress https://codex.wordpress.org/Hardening_WordPress] 
[https://codex.wordpress.org/FAQ_My_site_was_hacked https://codex.wordpress.org/FAQ_My_site_was_hacked]

[[Category:WordPress]]
[[Category:Security]]

WordPress Site Hacked

2017-05-30T20:10:04Z

Davidd:

'''IMPORTANT NOTE: Be sure to keep your WordPress install up to date AND keep your themes and plugins up to date.'''

__FORCETOC__

==Introduction==

This article explains what to do if your WordPress site is compromised by a hacker and how to resolve the issue. If you find that the steps in this article are too technically challenging, please contact our support team and explain the situation; and we can offer assistance with getting your site back to normal.

==Causes==

The following are the most common way that a WordPress site gets compromised:

* Your desktop or laptop computer gets a virus/spyware/malware application installed, and that application records your login keystrokes on the WordPress site([https://en.wikipedia.org/wiki/Keystroke_logging keylogger]) and sends the username/password to the hacker.
* The WordPress site contains a theme with a vulnerability
* The WordPress site contains a plugin with a vulnerability

==Remedy==

Below are some steps you can take to fix your WordPress site:

# Move everything except the /wp-config.php file into a backup directory (you can name it something like /Quarantine or /OLD)
# Create a backup of your MySQL database through PHPMyAdmin (Accessible from your hosting control panel)
# '''NOTE: Steps 1 and 2 are critical. If anything goes wrong, the backup of your site files and database will allow you to revert the changes.'''
# Download the latest version of WordPress here: https://wordpress.org/download/
# Upload the files and folders from the latest version of WordPress that you downloaded. This should replace the /wp-admin, /wp-includes, index.php, etc. that you moved to the backup folder in the first step.
# Edit your wp-config.php file and ensure nothing bad was added by the hacker (this can often be a snippet of code added to the beginning or end of the file that shouldn't be there. If you are unsure, compare the wp-config.php file with the wp-config-sample.php that came with version of WordPress you downloaded in step one)
# Update the MySQL database password and place the new password in the wp-config.php file because the hacker may have gotten the old password
# Log into the WordPress admin (/wp-login.php) and navigate to the 'Users' section. The hacker may have added some additional users to your site so you should delete any users that you did not add.
# Update the password for all of the valid WordPress users in-case that is how the hacker got into the site
# Go to the 'Settings'->'Permalinks' page and click 'Save'. This will re-create your .htaccess(Apache) or web.config(IIS) file.
# Copy everything from your old /wp-content/Uploads folder into your new /wp-content folder. This will bring over any images, audio, and video that were previously uploaded to your site.
# Re-install any plugins and themes you were using on the site. If you had made modifications to your theme or plugins and need to bring the files over from the backup of the site, be very careful. The hacker may have injected bad code into your old theme and/or plugin files that will allow them to get back into the site. You should only move over files that are absolutely necessary and check the content of those files for anything suspicious.

==Adding extra security==

These are some extra steps you can take to lock down your WordPress installation.

* Disable file editing through the WordPress by adding "''define('DISALLOW_FILE_EDIT', true);''" to your wp-config.php file - reference: [https://codex.wordpress.org/Hardening_WordPress#Disable_File_Editing]
* Disable direct script execution in both your /wp-content and /wp-includes directories. The PHP files in these directories should only be used via includes from the core WordPress code and not directly.
* Add Basic authentication to your /wp-admin directory. This will cause your administrator section to require a double-login, but it adds an extra layer of security to your WordPress admin dashboard.

==Additional considerations==

Here are some additional considerations to take after an event.

* Scan the desktop or laptop computer you use to administer the site for malware.
* Update your FTP password.

==More Information==

https://codex.wordpress.org/Hardening_WordPress 
[http://codex.wordpress.org/FAQ_My_site_was_hacked codex.wordpress.org/FAQ_My_site_was_hacked]

[[Category:WordPress]]
[[Category:Security]]

ISAPI Rewrite

2017-02-09T18:47:49Z

Davidd: /* HTTP to HTTPS with www Redirect */

__FORCETOC__

= ISAPI_Rewrites and Redirects Version 3 =

ISAPI_Rewrite Version 3 is a powerful URL manipulation engine based on regular expressions, which is supported on our Windows Servers. Hostek.com has lots of experience with Isapi_Rewrite Hosting. This wiki contains some examples of how to implement Isapi_Rewrite Version 3.

*ISAPI_Rewrite is an IIS Module that is very similar to the Apache Module "Mod_Rewrite", Mod_Rewrite is also enabled on our LiteSpeed servers.
*For more information on Mod_Rewrite please see our [https://wiki.hostek.com/Mod_rewrite Mod_Rewrite Wiki] and our [https://wiki.hostek.com/URL_Rewrite#Apache_.28Linux.29 URL Rewrite Wiki.]

<pre>
IMPORTANT: Place the rewrite rules in a file named .htaccess and place it in the website's Default Directory(i.e. the \wwwroot folder).
</pre>
*If you do not have an .htaccess file already created you can:
*#Open a text editor--like Notepad--and save the file as ".htaccess".
*#Use the File Manager in the hosting control panel to create a .htaccess file on the server.

== Simple Redirects and Rewrites ==

==== Redirecting to a different domain ====
If you need to redirect your website to another website

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine On

RewriteCond %{HTTP_HOST} ^(www\.)?domain\.com$ [NC]
RewriteRule ^(.*)$ http://www.newdomain.com/$1 [QSA,R=301]
</pre>

==== Rewrite a Folder to another Folder ====

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on
RewriteBase /

RewriteRule ^oldfolder$ /correctfolder [NC,R=301,L]
</pre>

==== Redirect File Names ====
To have your index.htm page auto redirect to index.asp user this example

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on

RewriteRule index.htm index.asp [R=301,L]
</pre>

==== Subfolder Rewrite ====
To redirect your domain to a subfolder of that domain example: www.domain.com to www.domain.com/folder

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine On

# Exclude requests already going to /subfolder to avoid an infinite loop
RewriteRule ^subfolder.*$ - [NC,L]

# Rewrite normal requests to /subfolder
RewriteRule ^(.*)$ /subfolder/$1 [L]
</pre>

==== non-www. to www. Redirects ====

Redirecting non-www version to www., example domain.com to www.domain.com

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on

RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</pre>

==== www. to non-www. Redirects ====

Redirecting www version to non-www., example www.domain.com to domain.com

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.domain.com
RewriteRule ^ http://domain.com%{REQUEST_URI} [R=301,L]
</pre>

==== URL Rewrite ====

Suppose you have URL like www.example.com/foo.asp?a=A&b=B&c=C and you want to access it as www.example.com/foo.asp/a/A/b/B/c/

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on
RewriteRule ^(.*?\.asp)/([^/]*)/([^/]*)(/.+)? $1$4?$2=$3 [NC,LP,QSA]
</pre>

==== WordPress Permalinks ====

WordPress Permalinks using mod_rewrite are for Linux, but ISAPI_Rewrite does offer the equivalent. If you want to have index.php not show in the url try using these in your .htaccess file.

If your WordPress site is in the wwwroot folder.

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
# BEGIN WordPress

#Options +Followsymlinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [NC,L]

# END WordPress
</pre>

If your WordPress site is in a subfolder.

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
# BEGIN WordPress

#Options +Followsymlinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /subfolder/index.php [NC,L]

# END WordPress
</pre>

==== Redirect wwwroot/public_html to subfolder ====

Allows you load your domain from a subfolder instead of the wwwroot/public_html folder.

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteCond %{REQUEST_URI} !^/subfolder/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /subfolder/$1
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteRule ^(/)?$ subfolder/index.html [L]
</pre>

== HTTP to HTTPS SSL Rewrites ==

Suppose you have URL like http://shop.example.com and you want your visitors to be redirected to https://shop.example.com

Here are some examples of how to force SSL. Simply place the following rules into your '''.htaccess''' file:

==== HTTP to HTTPS Redirect ====

<pre>
# Enable rewrite rules
RewriteEngine On

## Redirect HTTP to HTTPS

# Only trigger rule if a non-ssl port is being used
RewriteCond %{SERVER_PORT} !443
# Redirect to HTTPS
RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301]
</pre>

==== HTTP to HTTPS with www Redirect====

This version will both redirect to HTTPS as well as add "www." to the beginning of the hostname if it is missing.

<pre>
# Enable rewrite rules
RewriteEngine On

## Redirect HTTP to HTTPS with www

# Only trigger rule if a non-ssl port is being used
RewriteCond %{SERVER_PORT} !443
# Extract non-www portion of HTTP_HOST
RewriteCond %{HTTP_HOST} ^(www\.)?(.*) [NC]
# Redirect to HTTPS with www
RewriteRule (.*) https://www.%2/$1 [R=301]
</pre>

''NOTE: If you prefer to remove the www from the URL, simply change "<nowiki>https://www.%2/$1</nowiki>" to "<nowiki>https://%2/$1</nowiki>"''

==== Shared SSL ====

If you are using the shared SSL and want to force SSL, the below script will redirect traffic to the shared SSL URL:

<pre>
# Enable rewrite rules
RewriteEngine On

## Redirect HTTP to HTTPS on shared SSL

# Only trigger rule if a non-ssl port is being used
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https://secure##.ezhostingserver.com/mywebsite-com/$1 [R=301]
</pre>

''NOTE: Replace the above URL with the correct shared SSL URL for your site, which can be found within your hosting control panel.''

== Site Crawlers ==

Example on how to prevent certain spiders from crawling your site.

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on

RewriteCond %{HTTP_USER_AGENT} ^Baiduspider.*$
RewriteRule .* /block.htm

RewriteCond %{HTTP_USER_AGENT} ^Yandex.*$
RewriteRule .* /block.htm
</pre>

== Wild-Card Subdomains & Variables Rewrites ==

Here is an example to show how to get the variables from positions 1 and 2 without it mattering how many items are in the URL. In other words, a good example for a rewrite rule for optional parameters.

==== Variable URLs ====
Let's say you want to have a URL display like: http://your_domain.com/some-folder/34-77-some-key-word.html
But you want that to really process a query like:http://your_domain.com/folder/search.asp?country=34&city=77

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on
RewriteRule ^some-folder/([^-]+)-([^-]+)-.*$ /folder/search.asp?country=$1&city=$2
</pre>

==== Wild-Card Subdomains ====

Rewrite all wild-card sub-domain requests to a folder without affecting "your_domain.com" or "www.your_domain.com"

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
# Ignore requests that are already rewritten
RewriteRule ^subdomainfolder/.*$ - [NC,L]

# Rewrite all requests to non-www sub-domains to /subdomainfolder
RewriteCond %{HTTP_HOST} !^(www\.)?your_domain\.com$ [NC]
RewriteRule ^(.*)$ /subdomainfolder/$1 [L]
</pre>

For more Examples and other uses please visit [http://www.helicontech.com/isapi_rewrite/doc/examples.htm#SEF Helicon Tech]

[[Category:Windows]]
[[Category:Tutorials]]
[[Category:ISAPI_Rewrite]]

ISAPI Rewrite

2017-02-09T18:41:56Z

Davidd: /* HTTP to HTTPS SSL Rewrites */

__FORCETOC__

= ISAPI_Rewrites and Redirects Version 3 =

ISAPI_Rewrite Version 3 is a powerful URL manipulation engine based on regular expressions, which is supported on our Windows Servers. Hostek.com has lots of experience with Isapi_Rewrite Hosting. This wiki contains some examples of how to implement Isapi_Rewrite Version 3.

*ISAPI_Rewrite is an IIS Module that is very similar to the Apache Module "Mod_Rewrite", Mod_Rewrite is also enabled on our LiteSpeed servers.
*For more information on Mod_Rewrite please see our [https://wiki.hostek.com/Mod_rewrite Mod_Rewrite Wiki] and our [https://wiki.hostek.com/URL_Rewrite#Apache_.28Linux.29 URL Rewrite Wiki.]

<pre>
IMPORTANT: Place the rewrite rules in a file named .htaccess and place it in the website's Default Directory(i.e. the \wwwroot folder).
</pre>
*If you do not have an .htaccess file already created you can:
*#Open a text editor--like Notepad--and save the file as ".htaccess".
*#Use the File Manager in the hosting control panel to create a .htaccess file on the server.

== Simple Redirects and Rewrites ==

==== Redirecting to a different domain ====
If you need to redirect your website to another website

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine On

RewriteCond %{HTTP_HOST} ^(www\.)?domain\.com$ [NC]
RewriteRule ^(.*)$ http://www.newdomain.com/$1 [QSA,R=301]
</pre>

==== Rewrite a Folder to another Folder ====

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on
RewriteBase /

RewriteRule ^oldfolder$ /correctfolder [NC,R=301,L]
</pre>

==== Redirect File Names ====
To have your index.htm page auto redirect to index.asp user this example

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on

RewriteRule index.htm index.asp [R=301,L]
</pre>

==== Subfolder Rewrite ====
To redirect your domain to a subfolder of that domain example: www.domain.com to www.domain.com/folder

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine On

# Exclude requests already going to /subfolder to avoid an infinite loop
RewriteRule ^subfolder.*$ - [NC,L]

# Rewrite normal requests to /subfolder
RewriteRule ^(.*)$ /subfolder/$1 [L]
</pre>

==== non-www. to www. Redirects ====

Redirecting non-www version to www., example domain.com to www.domain.com

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on

RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</pre>

==== www. to non-www. Redirects ====

Redirecting www version to non-www., example www.domain.com to domain.com

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.domain.com
RewriteRule ^ http://domain.com%{REQUEST_URI} [R=301,L]
</pre>

==== URL Rewrite ====

Suppose you have URL like www.example.com/foo.asp?a=A&b=B&c=C and you want to access it as www.example.com/foo.asp/a/A/b/B/c/

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on
RewriteRule ^(.*?\.asp)/([^/]*)/([^/]*)(/.+)? $1$4?$2=$3 [NC,LP,QSA]
</pre>

==== WordPress Permalinks ====

WordPress Permalinks using mod_rewrite are for Linux, but ISAPI_Rewrite does offer the equivalent. If you want to have index.php not show in the url try using these in your .htaccess file.

If your WordPress site is in the wwwroot folder.

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
# BEGIN WordPress

#Options +Followsymlinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [NC,L]

# END WordPress
</pre>

If your WordPress site is in a subfolder.

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
# BEGIN WordPress

#Options +Followsymlinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /subfolder/index.php [NC,L]

# END WordPress
</pre>

==== Redirect wwwroot/public_html to subfolder ====

Allows you load your domain from a subfolder instead of the wwwroot/public_html folder.

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteCond %{REQUEST_URI} !^/subfolder/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /subfolder/$1
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteRule ^(/)?$ subfolder/index.html [L]
</pre>

== HTTP to HTTPS SSL Rewrites ==

Suppose you have URL like http://shop.example.com and you want your visitors to be redirected to https://shop.example.com

Here are some examples of how to force SSL. Simply place the following rules into your '''.htaccess''' file:

==== HTTP to HTTPS Redirect ====

<pre>
# Enable rewrite rules
RewriteEngine On

## Redirect HTTP to HTTPS

# Only trigger rule if a non-ssl port is being used
RewriteCond %{SERVER_PORT} !443
# Redirect to HTTPS
RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301]
</pre>

==== HTTP to HTTPS with www Redirect====

This version will both redirect to HTTPS as well as add "www." to the beginning of the hostname if it is missing.

<pre>
# Enable rewrite rules
RewriteEngine On

## Redirect HTTP to HTTPS with www

# Only trigger rule if a non-ssl port is being used
RewriteCond %{SERVER_PORT} !443
# Extract non-www portion of HTTP_HOST
RewriteCond %{HTTP_HOST} ^(www\.)?(.*)
# Redirect to HTTPS with www
RewriteRule (.*) https://www.%2/$1 [R=301]
</pre>

''NOTE: If you prefer to remove the www from the URL, simply change "<nowiki>https://www.%2/$1</nowiki>" to "<nowiki>https://%2/$1</nowiki>"''

==== Shared SSL ====

If you are using the shared SSL and want to force SSL, the below script will redirect traffic to the shared SSL URL:

<pre>
# Enable rewrite rules
RewriteEngine On

## Redirect HTTP to HTTPS on shared SSL

# Only trigger rule if a non-ssl port is being used
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https://secure##.ezhostingserver.com/mywebsite-com/$1 [R=301]
</pre>

''NOTE: Replace the above URL with the correct shared SSL URL for your site, which can be found within your hosting control panel.''

== Site Crawlers ==

Example on how to prevent certain spiders from crawling your site.

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on

RewriteCond %{HTTP_USER_AGENT} ^Baiduspider.*$
RewriteRule .* /block.htm

RewriteCond %{HTTP_USER_AGENT} ^Yandex.*$
RewriteRule .* /block.htm
</pre>

== Wild-Card Subdomains & Variables Rewrites ==

Here is an example to show how to get the variables from positions 1 and 2 without it mattering how many items are in the URL. In other words, a good example for a rewrite rule for optional parameters.

==== Variable URLs ====
Let's say you want to have a URL display like: http://your_domain.com/some-folder/34-77-some-key-word.html
But you want that to really process a query like:http://your_domain.com/folder/search.asp?country=34&city=77

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on
RewriteRule ^some-folder/([^-]+)-([^-]+)-.*$ /folder/search.asp?country=$1&city=$2
</pre>

==== Wild-Card Subdomains ====

Rewrite all wild-card sub-domain requests to a folder without affecting "your_domain.com" or "www.your_domain.com"

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
# Ignore requests that are already rewritten
RewriteRule ^subdomainfolder/.*$ - [NC,L]

# Rewrite all requests to non-www sub-domains to /subdomainfolder
RewriteCond %{HTTP_HOST} !^(www\.)?your_domain\.com$ [NC]
RewriteRule ^(.*)$ /subdomainfolder/$1 [L]
</pre>

For more Examples and other uses please visit [http://www.helicontech.com/isapi_rewrite/doc/examples.htm#SEF Helicon Tech]

[[Category:Windows]]
[[Category:Tutorials]]
[[Category:ISAPI_Rewrite]]

SQL Server Identity Jumps

2017-01-05T18:41:12Z

Davidd:

A feature that has the side-effect of sometimes causing jumps in identity numbers is "identity caching". The reason this is implemented in SQL 2012 and above is to improve the efficiency of generating new IDs for identity fields by incrementing the on-disk number by some amount (1000 for 'int' fields) and serving the next 1000 IDs directly from memory. The side-effect of this is that if SQL Server is restarted, it may start up using the pre-written number on disk, and there will seem to be a gap since the ID numbers that were cached in memory were never used.

We do not disable this behavior on our shared SQL Servers for the following reasons:

* SQL Server trace flags are only meant for debugging, and the only way to disable the behavior is with a trace flag (Not to mention that it is an undocumented trace flag). Since we need to run our shared SQL Servers in a supported configuration, using the trace flag is not a good option for us.

* The identity-caching feature help reduce disk-writes and improve SQL Server performance.

The following alternatives are available if sequential numbers are important:

* You can use the new 'Sequence' object that is also implemented in SQL 2012 and above. The sequence object allows you to disable caching. However, it will require some changes to your application's SQL and/or stored procedures to take advantage of it.

* You can generate the numbers using an algorithm within your application.

* We offer VPS servers with SQL Server. With your own VPS running SQL Server, you can make any changes you want, such as adding the trace flag.

* If the main goal is to reduce confusion for users when they see a gap, starting identity numbers higher (such as 10000) or displaying numbers with a minimum number of digits and leading zeros (such as 00001) can reduce the perceived difference when this occurs.

Added By: [[User:Davidd|Davidd]] ([[User talk:Davidd|talk]]) 10:30, 13 November 2015 (CST)

[[Category:MSSQL]]

Bulk Mail

2016-03-24T20:26:24Z

Davidd: /* Pricing */

__FORCETOC__
==Bulk Email==
===Notices===
#The Bulk Email option is NOT for sending spam.
#It is for sending to legitimate customers and subscribers.
#It is NOT to be used to send to purchased lists.

===Pricing===
*Pricing for the Bulk Mail service.
{| border="1" cellpadding="4" cellspacing="0" style="margin: 1em 1em 1em 0; background: #f9f9f9; border: 1px #aaa solid; border-collapse: collapse;"
! scope="col" style="background-color:lightgrey;" | Emails Per Month
! scope="col" align="center" style="background-color:lightgrey;" | Equals
! scope="col" style="background-color:lightgrey;" | Pricing
|-
! scope="row" | #1 - 25,000
! scope="row" align="center" | =
| Not considered bulk - included in hosting - N/A for Bulk Mail service
|-
! scope="row" |#25,001 - 50,000
! scope="row" align="center" | =
| $20/month add-on
|-
! scope="row" |#50,001 - 100,000
! scope="row" align="center" | =
| $35/month add-on
|-
! scope="row" |#100,001 - 200,000
! scope="row" align="center" | =
| $50/month add-on
|-
! scope="row" |#200,001 - 400,000
! scope="row" align="center" | =
| $75/month add-on
|-
! scope="row" |#400,001 - 750,000
! scope="row" align="center" | =
| $90/month add-on
|-
! scope="row" |#750,001 - 1,000,000
! scope="row" align="center" | =
| $110/month add-on
|-
! scope="row" |#1,000,001+
! scope="row" align="center" | =
| Contact sales [https://support.hostek.com/ here]
|}

===Ordering===
#To order a Bulk Mail Account, please contact us by submitting a ticket [http://support.hostek.com here] with the domain name and the tier of Bulk Mail that you've chosen.
##If you have ''multiple domains'' '''OR''' if want ''more than one Bulk Mail Account'' you will need to order a separate service for each one.

==Bulk Email In Outlook==

===For new accounts in Outlook, follow these steps:===
# Add a new account under File--->Add New Account. Be sure your bulk account has been added to your actual mail server in Smartermail/Cpanel
# Select Manually configure server settings and click next
# Select Internet E-mail and click next
# Enter the name and the bulk e-mail address
# Select the account type you want for the incoming mail that's set up on Smartermail (even if the account won't receive incoming mail this needs to be done or Outlook setup cannot complete)
# Input the incoming mail server (typically mail.yourdomainname.com)
# Input the outgoing mail server which is mailout-b.ezhostingserver.com
# Enter the full e-mail address for the username
# Enter the password you set for the user in Smartermail/Cpanel
# Click on More Settings
# Click on Outgoing Server
# Check the "My Outgoing Server Requires authentication" box
# Select "Log On Using" enter in the bulk username and password that was e-mailed to you here
# Click on the "Advanced" tab
# Change the Outgoing Server port from 25 to 26
# Click OK and then Next

===For existing accounts in Outlook, follow these steps:===
# Click on File--->Account Settings
# Double-Click on your account
# Change the outgoing mail server to mailout-b.ezhostingserver.com
# Click on More Settings
# Click on Outgoing Server
# Check the "My Outgoing Server Requires authentication" box
# Select "Log On Using" enter in the bulk username and password that was e-mailed to you here
# Click on the "Advanced" tab
# Change the Outgoing Server port from 25 to 26
# Click OK and then Next
*Following these steps will successfully set up your Outlook e-mail account to use the Bulk Mail service you purchased for sending e-mails.

==Bulk Email in SmarterMail==

===Setting up Bulk Email in SmarterMail===
#Login into '''Webmail''' (e.g. <nowiki>http://mail.yourawesomedomain.com/</nowiki>
#Go to '''Settings''' (Gears Icon)
#Open the '''Advanced Settings''' section
#Click on '''SMTP Accounts'''
#Click on '''New'''
#Fillout the form with the information you were provided after purchasing the Bulk Email User Account. Below is an Example:
##'''Server Address:''' mailout-b.ezhostingserver.com
##'''Port:''' 25
##'''Display Name:''' example@yourawesomedomain.com
##'''Email Address:''' example@yourawesomedomain.com
##'''Username:''' example_yourawesomedomain_com
##'''Password:''' ******************
##'''Encryption:''' None
##'''Authentication Enabled:''' Yes
#Click '''Save'''
===Using the Bulk Email in SmarterMail===
#Go to the '''Mail''' section
#Click on '''New''' [to compose a new message]
#You'll notice that the '''From:''' Address has a '''drop-down menu''' now, '''click''' on this and choose the Email Address which you set up in the SMTP Accounts.
##If there are duplicates you choose the closest one to the bottom.
#Send your message(s) as you normally would.
*Note: If you have a MailingList, you'll simply send '''TO''' that MailingList's ID. (e.g. clients@yourawesomedomain.com)

[[Category:SmarterMail]]
[[Category:CPanel-Mail]]

SQL Server and TLS 1.2

2016-03-16T20:34:05Z

Davidd:

Due to PCI DSS requirements, many sites and servers have disabled support for TLS versions older than 1.2. For servers that have MS SQL Server installed, this can cause failure for the SQL Server to start if the appropriate version and update are not installed.

==SQL Server Versions Supporting TLS 1.2==

These are the SQL Server version and update levels that will function with TLS 1.0 disabled.

{| class="wikitable"
|-
! Version
! Update
! Download Link
|-
| style="padding: 5px;" |SQL 2012 SP2
| style="padding: 5px;" |Cumulative Update 10
| style="padding: 5px;" |https://www.microsoft.com/en-us/download/details.aspx?id=50731
|-
| style="padding: 5px;" |SQL 2012 SP3
| style="padding: 5px;" |Cumulative Update 1
| style="padding: 5px;" |https://www.microsoft.com/en-us/download/details.aspx?id=50733
|-
| style="padding: 5px;" |SQL 2014 RTM
| style="padding: 5px;" |Cumulative Update 12
| style="padding: 5px;" |https://www.microsoft.com/en-us/download/details.aspx?id=51187
|-
| style="padding: 5px;" |SQL 2014 SP1
| style="padding: 5px;" |Cumulative Update 5
| style="padding: 5px;" |https://www.microsoft.com/en-us/download/details.aspx?id=51186
|}
Source: https://support.microsoft.com/en-us/kb/3052404

==Applying Updates to SQL Server==

You can apply the update to your SQL Server instance by downloading the installer from the appropriate link above and running it on the server with the SQL instance. The SQL Service will be stopped during update, and the update may require a reboot. Therefore, an update should only be applied during off-peak/maintenance hours for production environments.

==SQL Server Clients Support TLS 1.2==

After applying the update and removing support for TLS 1.0, all clients connecting to SQL Server remotely will need to support TLS 1.2. If you encounter any issues connecting remotely with SQL Management Studio, we recommend that on the remote PC that is having issues connecting, you update SQL Server Management Studio to match the version of SQL Server that was installed on the server and also install the latest .Net version (download link: https://www.microsoft.com/en-us/download/details.aspx?id=49981).

NOTE: The same installer that was used to update the server can be used to update SQL Management Studio.

[[User:Davidd|Davidd]] ([[User talk:Davidd|talk]]) 14:12, 14 March 2016 (CDT)

[[Category:Databases-MSSQL]]

SQL Server and TLS 1.2

2016-03-16T20:33:22Z

Davidd:

SQL Server and TLS 1.2

2016-03-14T19:16:02Z

Davidd: /* Applying Updates to SQL Server */

SQL Server and TLS 1.2

2016-03-14T19:15:15Z

Davidd: /* SQL Server Versions Supporting TLS 1.2 */

Due to PCI DSS requirements, many sites and servers have disabled support for TLS versions older than 1.2. For servers that have MS SQL Server installed, this can cause failure for the SQL Server to start if the appropriate version and update are not installed.

==SQL Server Versions Supporting TLS 1.2==

These are the SQL Server version and update levels that will function with TLS 1.0 disabled.

{| class="wikitable"
|-
! Version
! Update
! Download Link
|-
| style="padding: 5px;" |SQL 2012 SP2
| style="padding: 5px;" |Cumulative Update 10
| style="padding: 5px;" |https://www.microsoft.com/en-us/download/details.aspx?id=50731
|-
| style="padding: 5px;" |SQL 2012 SP3
| style="padding: 5px;" |Cumulative Update 1
| style="padding: 5px;" |https://www.microsoft.com/en-us/download/details.aspx?id=50733
|-
| style="padding: 5px;" |SQL 2014 RTM
| style="padding: 5px;" |Cumulative Update 12
| style="padding: 5px;" |https://www.microsoft.com/en-us/download/details.aspx?id=51187
|-
| style="padding: 5px;" |SQL 2014 SP1
| style="padding: 5px;" |Cumulative Update 5
| style="padding: 5px;" |https://www.microsoft.com/en-us/download/details.aspx?id=51186
|}
Source: https://support.microsoft.com/en-us/kb/3052404

==Applying Updates to SQL Server==

You can apply the update to your SQL Server instance by downloading the installer and running it on the server with the SQL instance. The SQL Service will need to be stopped during update, and the update may require a reboot. Therefore, an update should only be applied during off-peak/maintenance hours for production environments.

==SQL Server Clients Support TLS 1.2==

After applying the update and removing support for TLS 1.0, all clients connecting to SQL Server remotely will need to support TLS 1.2. If you encounter any issues connecting remotely with SQL Management Studio, we recommend that on the remote PC that is having issues connecting, you update SQL Server Management Studio to match the version of SQL Server that was installed on the server and also install the latest .Net version (download link: https://www.microsoft.com/en-us/download/details.aspx?id=49981).

NOTE: The same installer that was used to update the server can be used to update SQL Management Studio.

[[User:Davidd|Davidd]] ([[User talk:Davidd|talk]]) 14:12, 14 March 2016 (CDT)

SQL Server and TLS 1.2

2016-03-14T19:15:04Z

Davidd: /* SQL Server Versions Supporting TLS 1.2 */

Due to PCI DSS requirements, many sites and servers have disabled support for TLS versions older than 1.2. For servers that have MS SQL Server installed, this can cause failure for the SQL Server to start if the appropriate version and update are not installed.

==SQL Server Versions Supporting TLS 1.2==

This are the SQL Server version and update levels that will function with TLS 1.0 disabled.

{| class="wikitable"
|-
! Version
! Update
! Download Link
|-
| style="padding: 5px;" |SQL 2012 SP2
| style="padding: 5px;" |Cumulative Update 10
| style="padding: 5px;" |https://www.microsoft.com/en-us/download/details.aspx?id=50731
|-
| style="padding: 5px;" |SQL 2012 SP3
| style="padding: 5px;" |Cumulative Update 1
| style="padding: 5px;" |https://www.microsoft.com/en-us/download/details.aspx?id=50733
|-
| style="padding: 5px;" |SQL 2014 RTM
| style="padding: 5px;" |Cumulative Update 12
| style="padding: 5px;" |https://www.microsoft.com/en-us/download/details.aspx?id=51187
|-
| style="padding: 5px;" |SQL 2014 SP1
| style="padding: 5px;" |Cumulative Update 5
| style="padding: 5px;" |https://www.microsoft.com/en-us/download/details.aspx?id=51186
|}
Source: https://support.microsoft.com/en-us/kb/3052404

==Applying Updates to SQL Server==

You can apply the update to your SQL Server instance by downloading the installer and running it on the server with the SQL instance. The SQL Service will need to be stopped during update, and the update may require a reboot. Therefore, an update should only be applied during off-peak/maintenance hours for production environments.

==SQL Server Clients Support TLS 1.2==

After applying the update and removing support for TLS 1.0, all clients connecting to SQL Server remotely will need to support TLS 1.2. If you encounter any issues connecting remotely with SQL Management Studio, we recommend that on the remote PC that is having issues connecting, you update SQL Server Management Studio to match the version of SQL Server that was installed on the server and also install the latest .Net version (download link: https://www.microsoft.com/en-us/download/details.aspx?id=49981).

NOTE: The same installer that was used to update the server can be used to update SQL Management Studio.

[[User:Davidd|Davidd]] ([[User talk:Davidd|talk]]) 14:12, 14 March 2016 (CDT)

SQL Server and TLS 1.2

2016-03-14T19:12:16Z

Davidd: Created page with "Due to PCI DSS requirements, many sites and servers have disabled support for TLS versions older than 1.2. For servers that have MS SQL Server installed, this can cause failu..."

Due to PCI DSS requirements, many sites and servers have disabled support for TLS versions older than 1.2. For servers that have MS SQL Server installed, this can cause failure for the SQL Server to start if the appropriate version and update are not installed.

==SQL Server Versions Supporting TLS 1.2==

{| class="wikitable"
|-
! Version
! Update
! Download Link
|-
| style="padding: 5px;" |SQL 2012 SP2
| style="padding: 5px;" |Cumulative Update 10
| style="padding: 5px;" |https://www.microsoft.com/en-us/download/details.aspx?id=50731
|-
| style="padding: 5px;" |SQL 2012 SP3
| style="padding: 5px;" |Cumulative Update 1
| style="padding: 5px;" |https://www.microsoft.com/en-us/download/details.aspx?id=50733
|-
| style="padding: 5px;" |SQL 2014 RTM
| style="padding: 5px;" |Cumulative Update 12
| style="padding: 5px;" |https://www.microsoft.com/en-us/download/details.aspx?id=51187
|-
| style="padding: 5px;" |SQL 2014 SP1
| style="padding: 5px;" |Cumulative Update 5
| style="padding: 5px;" |https://www.microsoft.com/en-us/download/details.aspx?id=51186
|}
Source: https://support.microsoft.com/en-us/kb/3052404

==Applying Updates to SQL Server==

You can apply the update to your SQL Server instance by downloading the installer and running it on the server with the SQL instance. The SQL Service will need to be stopped during update, and the update may require a reboot. Therefore, an update should only be applied during off-peak/maintenance hours for production environments.

==SQL Server Clients Support TLS 1.2==

After applying the update and removing support for TLS 1.0, all clients connecting to SQL Server remotely will need to support TLS 1.2. If you encounter any issues connecting remotely with SQL Management Studio, we recommend that on the remote PC that is having issues connecting, you update SQL Server Management Studio to match the version of SQL Server that was installed on the server and also install the latest .Net version (download link: https://www.microsoft.com/en-us/download/details.aspx?id=49981).

NOTE: The same installer that was used to update the server can be used to update SQL Management Studio.

[[User:Davidd|Davidd]] ([[User talk:Davidd|talk]]) 14:12, 14 March 2016 (CDT)

HTTP/2

2016-02-17T17:28:40Z

Davidd:

HTTP/2 is a successor to the http/1.1 protocol. It is based on the SPDY protocol and offers some improvements over http/1.1, such as http header compression, server push, multiplexing, and pipelining.

==Support for HTTP/2==

Below is a Matrix showing support for http/2:

{| class="wikitable"
|-
! Server
! HTTP/2 Support
|-
| style="padding: 5px; text-align: center;" | IIS 7.5 (Windows Server 2008 R2)
| style="padding: 5px; text-align: center; background-color: DarkRed" | No
|-
| style="padding: 5px; text-align: center;" |IIS 8.5 (Windows Server 2012 R2)
| style="padding: 5px; text-align: center; background-color: DarkRed" | No
|-
| style="padding: 5px; text-align: center;" |IIS 10 (Windows Server 2016)
| style="padding: 5px; text-align: center; background-color: DarkGreen"| Yes
|-
| style="padding: 5px; text-align: center;" |Apache 1.x
| style="padding: 5px; text-align: center; background-color: DarkRed"| No
|-
| style="padding: 5px; text-align: center;" |Apache 2.2
| style="padding: 5px; text-align: center; background-color: DarkRed"| No
|-
| style="padding: 5px; text-align: center;" |Apache 2.4.17 and newer
| style="padding: 5px; text-align: center; background-color: Yellow"| If mod_http2 is enabled
|}

[[User:Davidd|Davidd]] ([[User talk:Davidd|talk]]) 11:28, 17 February 2016 (CST)

[[Category:Windows]]
[[Category:Linux]]
[[Category:VPS]]

HTTP/2

2016-02-17T17:28:12Z

Davidd: HTTP/2 - What it is and where it is supported

HTTP/2 is a successor to the http/1.1 protocol. It is based on the SPDY protocol and offers some improvements over http/1.1, such as http header compression, server push, multiplexing, and pipelining.

==Support for HTTP/2==

Below is a Matrix showing support for http/2:

{| class="wikitable"
|-
! Server
! HTTP/2 Support
|-
| style="padding: 5px; text-align: center;" | IIS 7.5 (Windows Server 2008 R2)
| style="padding: 5px; text-align: center; background-color: DarkRed" | No
|-
| style="padding: 5px; text-align: center;" |IIS 8.5 (Windows Server 2012 R2)
| style="padding: 5px; text-align: center; background-color: DarkRed" | No
|-
| style="padding: 5px; text-align: center;" |IIS 10 (Windows Server 2016)
| style="padding: 5px; text-align: center; background-color: DarkGreen"| Yes
|-
| style="padding: 5px; text-align: center;" |Apache 1.x
| style="padding: 5px; text-align: center; background-color: DarkRed"| No
|-
| style="padding: 5px; text-align: center;" |Apache 2.2
| style="padding: 5px; text-align: center; background-color: DarkRed"| No
|-
| style="padding: 5px; text-align: center;" |Apache 2.4.17 and newer
| style="padding: 5px; text-align: center; background-color: Yellow"| If mod_http2 is enabled
|}

[[Category:Windows]]
[[Category:Linux]]
[[Category:VPS]]

[[User:Davidd|Davidd]] ([[User talk:Davidd|talk]]) 11:28, 17 February 2016 (CST)

HTTP/2

2016-02-17T17:19:09Z

Davidd: /* Support for HTTP/2 */

HTTP/2

2016-02-17T17:17:22Z

Davidd: /* Support for HTTP/2 */

HTTP/2 is a successor to the http/1.1 protocol. It is based on the SPDY protocol and offers some improvements over http/1.1, such as http header compression, server push, multiplexing, and pipelining.

==Support for HTTP/2==

Below is a Matrix showing support for http/2:

{| class="wikitable"
|-
! Server
! HTTP/2 Support
|-
| style="padding: 5px; text-align: center;" | IIS 7.5 (Windows Server 2008 R2)
| style="padding: 5px; text-align: center; background-color: Red" | No
|-
| style="padding: 5px; text-align: center;" |IIS 8.5 (Windows Server 2012 R2)
| style="padding: 5px; text-align: center; background-color: Red" | No
|-
| style="padding: 5px; text-align: center;" |IIS 10 (Windows Server 2016)
| style="padding: 5px; text-align: center; background-color: Green"| Yes
|-
| style="padding: 5px; text-align: center;" |Apache 1.x
| style="padding: 5px; text-align: center; background-color: Red"| No
|-
| style="padding: 5px; text-align: center;" |Apache 2.2
| style="padding: 5px; text-align: center; background-color: Red"| No
|-
| style="padding: 5px; text-align: center;" |Apache 2.4.17 and newer
| style="padding: 5px; text-align: center; background-color: LightGreen"| With mod_http2 enabled
|}

HTTP/2

2016-02-17T17:17:12Z

Davidd: /* Support for HTTP/2 */

HTTP/2 is a successor to the http/1.1 protocol. It is based on the SPDY protocol and offers some improvements over http/1.1, such as http header compression, server push, multiplexing, and pipelining.

==Support for HTTP/2==

Below is a Matrix showing support for http/2:

{| class="wikitable"
|-
! Server
! HTTP/2 Support
|-
| style="padding: 5px; text-align: center;" | IIS 7.5 (Windows Server 2008 R2)
| style="padding: 5px; text-align: center; background-color: Red" | No
|-
| style="padding: 5px; text-align: center;" |IIS 8.5 (Windows Server 2012 R2)
| style="padding: 5px; text-align: center; background-color: Red" | No
|-
| style="padding: 5px; text-align: center;" |IIS 10 (Windows Server 2016)
| style="padding: 5px; text-align: center; background-color: Green"| Yes
|-
| style="padding: 5px; text-align: center;" |Apache 1.x
| style="padding: 5px; text-align: center; background-color: Red"| No
|-
| style="padding: 5px; text-align: center;" |Apache 2.2
| style="padding: 5px; text-align: center; background-color: Red"| No
|-
| style="padding: 5px; text-align: center;" |Apache 2.4.17 and above
| style="padding: 5px; text-align: center; background-color: LightGreen"| With mod_http2 enabled
|}

HTTP/2

2016-02-17T17:16:44Z

Davidd: Created page with "HTTP/2 is a successor to the http/1.1 protocol. It is based on the SPDY protocol and offers some improvements over http/1.1, such as http header compression, server push, mul..."

HTTP/2 is a successor to the http/1.1 protocol. It is based on the SPDY protocol and offers some improvements over http/1.1, such as http header compression, server push, multiplexing, and pipelining.

==Support for HTTP/2==

Below is a Matrix showing support for http/2:

{| class="wikitable"
|-
! Server
! HTTP/2 Support
|-
| style="padding: 5px; text-align: center;" | IIS 7.5 (Windows Server 2008 R2)
| style="padding: 5px; text-align: center; background-color: Red" | No
|-
| style="padding: 5px; text-align: center;" |IIS 8.5 (Windows Server 2012 R2)
| style="padding: 5px; text-align: center; background-color: Red" | No
|-
| style="padding: 5px; text-align: center;" |IIS 10 (Windows Server 2016)
| style="padding: 5px; text-align: center; background-color: Green"| Yes
|-
| style="padding: 5px; text-align: center;" |Apache 1.x
| style="padding: 5px; text-align: center; background-color: Red"| No
|-
| style="padding: 5px; text-align: center;" |Apache 2.2
| style="padding: 5px; text-align: center; background-color: Red"| No
|-
| style="padding: 5px; text-align: center;" |Apache 2.4.17+
| style="padding: 5px; text-align: center; background-color: LightGreen"| With mod_http2 enabled
|}

Lucee RESTful Webservice Tutorial

2016-01-21T16:58:43Z

Davidd: Created page with "This tutorial will go over the steps for setting up a RESTful webservice using Lucee. ==Overview== All rest requests use one of the following special path formats: '''/rest..."

This tutorial will go over the steps for setting up a RESTful webservice using Lucee.

==Overview==

All rest requests use one of the following special path formats:
'''/rest/APPLICATION/COMPONENT'''
'''/rest/APPLICATION/COMPONENT/FUNCTION'''

For the '''Default''' rest application, the following mappings are used. The default rest application is assigned within the '''Lucee Web Administrator''':
'''/rest/COMPONENT'''
'''/rest/COMPONENT/FUNCTION'''

* '''APPLICATION:''' The virtual path assigned to the application in the '''Lucee Web Administrator'''.
* '''COMPONENT:''' The '''name''' of the cfcomponent or the '''restpath''' of the component if one is provided.
* '''FUNCTION:''' The '''restpath''' of the cffunction if one is provided.

For functions that do not have a '''restpath''', the specific function executed depends on the '''http verb'''(I.E. get,put,post,delete) matching the '''httpMethod''' property of the function.

==Create webservice files==

The webservice files should be added to a sub-folder within your site. The webservice will be comprised of a group of '''.cfc''' files with the '''rest''' parameter on the '''cfcomponent''' tag set to '''true'''. You can also use the '''restpath''' parameter to specify the path that should be used for each component if you do not want to use the default of the component name. Each method also accepts a '''restpath''' parameter if you wish the method to use a sub-path under the component. Here is an example service:

<cfcomponent rest="true" restpath="/restexample">

<cffunction name="greeting" access="remote" returnType="string" httpMethod="get">
<cfreturn "{ ""Lucee"": ""I'm home!"" }">
</cffunction>

</cfcomponent>

==Add webservice mapping==

* Log into the Lucee Web Administrator
* Select '''Archives and Resources''' -> '''Rest'''
* Enter the following details within the '''Create new mapping''' section:
** '''Virtual:''' The '''APPLICATION''' path that you will use when accessing the rest application.
** '''Physical:''' The '''site-relative''' path to the directory containing the rest cfc components.
** '''Default:''' The '''default''' rest application can be accessed without including the a '''APPLICATION''' portion in the url.
* Click '''save'''

==Add handler mapping==

Since the rest URLs will not end with a normal cfml file extension, we will need to manually tell IIS that we want URLs under the rest path to be sent to Lucee for processing. This is done by adding a '''handler''' to the '''web.config''' within the site's webroot(/wwwroot). Below is an example of how we could add a rest mapping for the example component given previously:

</configuration>
</system.webServer>
<handlers>
<add name="BonCode-Tomcat-REST-Handler-restexample" path="/rest/restexample/*" verb="*" type="BonCodeIIS.BonCodeCallHandler,BonCodeIIS,Version=1.0.0.0,Culture=neutral,PublicKeyToken=ad590a40d40745cf" resourceType="Unspecified" preCondition="integratedMode" />
</handlers>
</system.webServer>
</configuration>

Here is another example that we would use if we chose the '''Default''' option when adding the rest mapping in the Lucee Web Administrator:

</configuration>
</system.webServer>
<handlers>
<add name="BonCode-Tomcat-REST-Handler-default" path="/rest/*" verb="*" type="BonCodeIIS.BonCodeCallHandler,BonCodeIIS,Version=1.0.0.0,Culture=neutral,PublicKeyToken=ad590a40d40745cf" resourceType="Unspecified" preCondition="integratedMode" />
</handlers>
</system.webServer>
</configuration>

[[User:Davidd|Davidd]] ([[User talk:Davidd|talk]]) 10:58, 21 January 2016 (CST)

[[Category:Lucee]]
[[Category:Railo]]

Using Caching to Improve Performance

2016-01-20T22:39:34Z

Davidd: Created page with "This article will show a few ways that you can use caching to improve page load times for your website. ==Using Cache-Control Headers to Improve Page Load Performance== The..."

This article will show a few ways that you can use caching to improve page load times for your website.

==Using Cache-Control Headers to Improve Page Load Performance==

The Cache-Control header of an HTTP response tells the client web browser when and how long it should cache responses. This can be used for resources that do not often change to prevent the browser from repeatedly requesting the same resources on every page.

The cache-control header that caches a response for 60 seconds appears as follows in the headers of a request:
Cache-Control: max-age=60

You can also indicate that the page should only be cached by the end-user and not by any proxies (I.E. It contains content only intended for a single user) by adding the "private" directive:
Cache-Control: private, max-age=60

Alternatively, if you want to ensure a page is cached at all proxies in addition to the end user, you can add the "public" directive:
Cache-Control: public, max-age=60

===Static Content===

Static content is the easiest to apply cache-control to because by its very nature, it does not change frequently. Static content includes javascript, css, images, and plain html pages. In-general, These items can be safely cached by the client for the duration of their visit. I would recommend setting the cache duration to be about the length that the average visitor stays on the site.

The control panel allows you to specify the static cache duration on a per-folder basis by selecting a domain and going to 'IIS Settings' -> 'Caching'.

===Dynamic Content===

Dynamic content is often more difficult to cache due to its changing nature. However, there are still often pages that are dynamically generated but do not change very often. And these can be cached for a reasonable duration.

====Packaged Applications====

For pre-written applications, altering the cache-control settings for dynamic pages may or may not be available through the application's configuration. Additionally, some applications, such as WordPress and Joomla, require plugins to add caching functionality.

====Custom Applications====

For applications that you have written yourself, you can specify the cache-control setting for a particular page by setting the cache-control header directly from the code. Below are some examples of how to do this in several different programming languages:

=====ColdFusion=====

Cache for 1 hour:

<cfheader
name="cache-control"
value="max-age=3600"
/>

=====PHP=====

Cache for 5 minutes:

header('cache-control: max-age=300');

=====C#.Net=====

Cache for 1 day:

Response.AddHeader("cache-control", "max-age=86400");

=====VB.Net=====

Cache for 30 minutes:

Response.AddHeader("cache-control", "max-age=1800");

=====Classic ASP=====

Cache for 1 hour:

Response.AddHeader "cache-control","max-age=3600"

==Using Response Caching to Improve Page Load Performance==

Response caching allows the server to remember the response that was given for a particular page and use that response to reply to future requests for that page. When using the response cache, the initial request for the page will take longer since the application must execute the code to generate the page. However, subsequent requests will be almost instantly served from the response cache. This can be helpful for sites that are dynamically built by a CMS-engine, but the content of the site does not change very often.

The response caching must be configured within the folders "web.config" IIS configuration file. If you have an existing configuration file, only the "caching" section below should be added. If you do not currently have a web.config file in the folder, the entire example should be used:

<configuration>
<system.webServer>
<caching enabled="true" enableKernelCache="true">
<profiles>
<add extension=".asp" policy="CacheUntilChange" kernelCachePolicy="CacheUntilChange" />
</profiles>
</caching>
</system.webServer>
</configuration>

The important part above is the '''add''' element inside of the '''profiles''' element. You must add one more '''add''' elements to define what should be cached and for how long. Below are the available properties for the '''add''' element:

* '''Extension(''required''):''' The file extension for which you would like requests to be cached.
* '''Duration:''' How long to cache files when the '''CacheForTimePeriod''' option is used with the '''Policy''' or '''kernelCachePolicy''' parameters. The default is 30 seconds. The format is '''hh:mm:ss'''.
* '''Policy:''' How long to cache files. Possible options are:
** '''DontCache:''' No caching is enabled. This is the default.
** '''CacheUntilChange:''' Cache until the source file is modified. This will only work when the URL maps to an actual file.
** '''CacheForTimePeriod:''' Cache for the duration specified in the '''Duration''' property.
* '''kernelCachePolicy:''' Same options as '''Policy''' property.
* '''varyByHeaders:''' A semi-colon delimited list of headers that should cause separate content to be cached for each combination.
* '''varyByQueryString:''' A semi-colon delimited list of querystring parameters that should cause separate content to be cached for each combination. You can also specify '''*''' if you want any changes in the querystring to cause separate content to be cached.

[[Category:Windows]

SQL Server Identity Jumps

2015-11-13T16:30:47Z

Davidd:

The feature that has the side-effect of sometimes causing the jumps in identity numbers is "identity caching". The reason this was implemented in SQL 2012 and above is to improve the efficiency of generating new IDs for identity fields by incrementing the on-disk number by some amount (1000 for 'int' fields) and serving the next 1000 IDs directly from memory. The side-effect of this is that if SQL Server is restarted, it may start up using the pre-written number on disk, and there will seem to be a gap since the cached ID numbers were never used.

We do not disable this behavior on our shared SQL Servers for the following reasons:

- SQL Server trace flags are only meant for debugging, and the only way to disable the behavior is with a trace flag (Not to mention it is an undocumented trace flag). Since we need to run our shared SQL Servers in a supported configuration, using the trace flag is not a good option for us.

- The identity-caching feature help reduce disk-writes and improve SQL Server performance.

The following alternatives are available if sequential numbers are important:

- You can use the new 'Sequence' object that was also implemented in SQL 2012 and above. The sequence object allows you to disable caching. However, it will require some changes to your application's SQL and/or stored procedures to take advantage of it.

- You can generate the numbers using some algorithm within your application.

- We offer VPS servers with MSSQL. With your own VPS running SQL Server, you can make any changes you want, such as adding the trace flag.

- If the main goal is to reduce confusion for users when they see a gap, starting identity numbers higher (such as 10000) or displaying numbers with a minimum number of digits and leading zeros (such as 00001) can reduce the perceived difference when this occurs.

Added By: [[User:Davidd|Davidd]] ([[User talk:Davidd|talk]]) 10:30, 13 November 2015 (CST)

[[Category:MSSQL]]

SQL Server Identity Jumps

2015-11-13T16:30:15Z

Davidd:

The feature that has the side-effect of sometimes causing the jumps in identity numbers is "identity caching". The reason this was implemented in SQL 2012 and above is to improve the efficiency of generating new IDs for identity fields by incrementing the on-disk number by some amount (1000 for 'int' fields) and serving the next 1000 IDs directly from memory. The side-effect of this is that if SQL Server is restarted, it may start up using the pre-written number on disk, and there will seem to be a gap since the cached ID numbers were never used.

We do not disable this behavior on our shared SQL Servers for the following reasons:

- SQL Server trace flags are only meant for debugging, and the only way to disable the behavior is with a trace flag (Not to mention it is an undocumented trace flag). Since we need to run our shared SQL Servers in a supported configuration, using the trace flag is not a good option for us.

- The identity-caching feature help reduce disk-writes and improve SQL Server performance.

The following alternatives are available if sequential numbers are important:

- You can use the new 'Sequence' object that was also implemented in SQL 2012 and above. The sequence object allows you to disable caching. However, it will require some changes to your application's SQL and/or stored procedures to take advantage of it.

- You can generate the numbers using some algorithm within your application.

- We offer VPS servers with MSSQL. With your own VPS running SQL Server, you can make any changes you want, such as adding the trace flag.

- If the main goal is to reduce confusion for users when they see a gap, starting identity numbers higher (such as 10000) or displaying numbers with a minimum number of digits and leading zeros (such as 00001) can reduce the perceived difference when this occurs.

[[User:Davidd|Davidd]] ([[User talk:Davidd|talk]]) 10:30, 13 November 2015 (CST)

[[Category:MSSQL]]

SQL Server Identity Jumps

2015-11-13T16:28:22Z

Davidd: Created page with "The feature that has the side-effect of sometimes causing the jumps in identity numbers is "identity caching". The reason this was implemented in SQL 2012 and above is to imp..."

PCI Compliance

2015-06-09T18:04:43Z

Davidd: /* Shared Servers */

__FORCETOC__

== Obtaining PCI Compliance ==

You need PCI Compliance if your website/business: '''accepts, transmits or stores any cardholder data.'''

'''If that is you:'''

Find a Quality Security Accessor such as [https://www.securitymetrics.com SecurityMetrics] or [https://trustwave.com/ TrustWave], there are many such vendors. They will help you determine the type of compliance required for your business and provide the services to achieve and maintain compliance.

'''How do I know what level / validation type?'''

The Quality Security Accessor will help you determine this and based on PCI DSS Standards.

*The level of "compliance" required (1-4) is based on transaction or monetary volume.
*The "Validation Type" determines the assessment requirements and is based on how much card data you store.

A copy of the PCI DSS is available [https://www.pcisecuritystandards.org/security_standards/index.php here].
More general unofficial details can be found at [http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard here].

=== How Hostek complements efforts for PCI compliance ===

#Insuring PCI standards can be met and kept for our own systems.
#Providing firewall protection for all servers and the option for PCI compliant firewall rules to be applied to customers environment.
#Providing VPN for customers to securely connect and manage environment remotely.
#Providing VLAN (virtual private network) for customers environment with multiple servers so their database server is completely isolated from public access.
#Including or offering Anti-Virus scanning on VPS and/or Shared Hosting servers.
#Protecting physical access to network and servers. Data centers are managed & monitored 24x7 by security cameras and on-site staff.

== Hostek.com ==

PCI compliance requires quarterly scans from a PCI compliance vendor. Hostek.com goes above and beyond this requirement by having regular scans from two different PCI compliance vendors. One vendor's scans are done quarterly. The other's scans are done nightly. This ensures that all potential PCI compliance issues are accurately identified and dealt with promptly.

===Hostek.com PCI Compliance Report===
Hostek.com PCI DSS Compliance report: [[Media:Hostek-PCI-Compliance-040115.pdf‎]]

==Datacenter==
The St. Louis, MO data center where the hostek.com equipment is housed maintains SOC 2 Certification. This replaced the SSAE16 Certification.

Certification: [[File:2014CyberconSoc2Cert.pdf]]

Audit: [[File:2014CyberconSoc2Audit.pdf]]

===Previous Certifications===
2011-12 - SSAE 16 Certification ([http://hostek.com/forms/SSAE-16_Letter_of_Cert.pdf audit report]). This replaced the SAS 70 Type 2 Certification. 
2013 SOC2 Part 1: [[File:SOC2-2013_CYBERCON_Full_Report_PART-1.pdf]] 
2013 SOC2 Part 2: [[File:SOC2-2013_CYBERCON_Full_Report_PART-2.pdf]]

==Shared Servers==

We support PCI compliance on our shared hosting servers. If your PCI scan shows any issues that are not directly related to your web application, you can attach the report in a support ticket so that we can address any issues.

===TLS 1.0===

{| class="wikitable floatright"
| colspan="2" | Browser Support w/ TLS 1.0 Disabled
|-
| Browser / OS
| Status
|-
| IE 11 / Win 8.1
| style="background-color: #AAFFAA" | Supported
|-
| IE Mobile 10 / Win Phone 8.0
| style="background-color: #FFAAAA" | Unsupported
|-
| IE Mobile 11 / Win Phone 8.1
| style="background-color: #AAFFAA" | Supported
|-
| Java 6u45
| style="background-color: #FFAAAA" | Unsupported
|-
| Java 7u25
| style="background-color: #FFAAAA" | Unsupported
|-
| Java 8u31
| style="background-color: #AAFFAA" | Supported
|-
| OpenSSL 0.9.8y
| style="background-color: #FFAAAA" | Unsupported
|-
| OpenSSL 1.0.1l
| style="background-color: #AAFFAA" | Supported
|-
| OpenSSL 1.0.2
| style="background-color: #AAFFAA" | Supported
|-
| Safari 5.1.9 / OS X 10.6.8
| style="background-color: #FFAAAA" | Unsupported
|-
| Safari 6 / iOS 6.0.1
| style="background-color: #AAFFAA" | Supported
|-
| Safari 6.0.4 / OS X 10.8.4
| style="background-color: #FFAAAA" | Unsupported
|-
| Safari 7 / iOS 7.1
| style="background-color: #AAFFAA" | Supported
|-
| Safari 7 / OS X 10.9
| style="background-color: #AAFFAA" | Supported
|-
| Safari 8 / iOS 8.1.2
| style="background-color: #AAFFAA" | Supported
|-
| Safari 8 / OS X 10.10
| style="background-color: #AAFFAA" | Supported
|-
| Yahoo Slurp Jan 2015
| style="background-color: #AAFFAA" | Supported
|-
| YandexBot Jan 2015
| style="background-color: #AAFFAA" | Supported
|}

{| class="wikitable" style="float: right; margin: 0 0 .5em .5em"
| colspan="2" | Browser Support w/ TLS 1.0 Disabled
|-
| Browser / OS
| Status
|-
| Android 2.3.7
| style="background-color: #FFAAAA" | Unsupported
|-
| Android 4.0.4
| style="background-color: #FFAAAA" | Unsupported
|-
| Android 4.1.1
| style="background-color: #FFAAAA" | Unsupported
|-
| Android 4.2.2
| style="background-color: #FFAAAA" | Unsupported
|-
| Android 4.3
| style="background-color: #FFAAAA" | Unsupported
|-
| Android 4.4.2
| style="background-color: #AAFFAA" | Supported
|-
| Android 5.0.0
| style="background-color: #AAFFAA" | Supported
|-
| Baidu Jan 2015
| style="background-color: #FFAAAA" | Unsupported
|-
| BingPreview Jan 2015
| style="background-color: #AAFFAA" | Supported
|-
| Chrome 42 / OS X
| style="background-color: #AAFFAA" | Supported
|-
| Firefox 31.3.0 ESR / Win 7
| style="background-color: #AAFFAA" | Supported
|-
| Firefox 37 / OS X
| style="background-color: #AAFFAA" | Supported
|-
| Googlebot Feb 2015
| style="background-color: #AAFFAA" | Supported
|-
| IE 6 / XP No FS 1
| style="background-color: #FFAAAA" | Unsupported
|-
| IE 7 / Vista
| style="background-color: #FFAAAA" | Unsupported
|-
| IE 8 / XP No FS 1
| style="background-color: #FFAAAA" | Unsupported
|-
| IE 8-10 / Win 7
| style="background-color: #FFAAAA" | Unsupported
|-
| IE 11 / Win 7
| style="background-color: #AAFFAA" | Supported
|}

We are disabling support for TLS 1.0 on our Shared Windows Servers.

*Disabling TLS 1.0 is now required for PCI DSS compliance.
*This change is to ensure that any connection over HTTPS is secured against "eavesdropping" from Man-In-The-Middle(MITM) attacks.
*The majority of users will be unaffected by this change because it will only affect outdated browsers and old mobile devices that do not support TLS 1.1 or TLS 1.2.
====Internet Explorer====
#After disabling this protocol '''Internet Explorer 11'''(only supported on '''Windows 7 and up''') will be the only version of Internet Explorer that can view HTTPS pages on the shared Windows servers.
#Users with '''Windows XP''' and '''Windows Vista''' will have an unsupported version of Internet Explorer. In order to view HTTPS pages these users will need to use an alternate browser (Example: Google Chrome, Mozilla FireFox, Safari, etc.).

====Support/Unsupported Browsers/OS's====
*See table on the right
 

==Common PCI Compliance Resolutions==

===SSL/TLS Protocol Initialization Vector Implementation Information Disclosure===

aka: BEAST (Browser Exploit Against SSL/TLS) Vulnerability

'''NOTE:''' If you are on a '''shared server''' or a '''managed VPS''', please submit a support ticket [http://support.hostek.com] and attach/include your PCI scan report. The information below is for our non managed VPS customers.

* Place the following text in a file named '''TLS.reg''' and execute the file. It will add registry values to enable TLS 1.1 and TLS 1.2 support:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

* After completing the above step, go to '''Start''' -> '''Run''' -> (type '''gpedit.msc''') -> (click '''OK''')
* Navigate to '''Computer Configuration''' -> '''Administrative Template''' -> '''Network''' -> '''SSL Configuration Settings'''
* Right click on '''SSL Cipher Suite Order''' and choose '''Edit''' (Windows 2008 R2) or '''Properties''' (Windows 2008)
* Select '''Enabled''' and replace the text in the textbox under '''SSL Cipher Suites'''(not to be confused with the '''Notes''' textbox) with the following long line of text(All on a single line - no line breaks or spaces):
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_NULL_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_WITH_MD5,TLS_RSA_WITH_NULL_SHA,TLS_RSA_WITH_NULL_MD5
* Click '''OK'''
* Reboot server

===Disable SSLv2 & Strong Cyphers Only & Strong Protocols Only===
If you are on a shared server, please open a support ticket and attach the PCI scan report.

For VPS's: This generally applies to a Windows based server. If you see one of these items on your PCI scan report, download this zip [http://hostek.com/wikifiles/disablessl2-strongcyphersonly-strongprotocolsonly.zip] and extract the appropriate .reg file and put that on your VPS and double click it to make the appropriate registry change to fix the issue. Generally if one of these show on your report, we suggest running all three .reg files to fully take care of the issue at one time.

'''NOTE:''' You will need to reboot the server for these changes to take affect.

====VPS-Windows 2008 Servers====
This free tool can be used to determine if vulnerable or weak protocols or cypers are enabled, and provides the option to disable them.

https://www.nartac.com/Products/IISCrypto/Default.aspx

Changes using this tool require a server reboot to complete them.

Websites that allow testing for SSL Protocols and Cyphers:

https://www.ssllabs.com/ssltest/index.html

http://www.serversniff.net/sslcheck.php

==Visa E-commerce Security Checklist Questionaire==

Click this link to Visa E-commerce Security Checklist Questionaire [[https://wiki.hostek.com/Visa_E-commerce_Security_Checklist_Questionaire]]

==Cloud Assessment Questions==
Q: Is your organization insured by a 3rd party for losses?
A: Yes

Q: Do your organization's service level agreements provide tenant renumeration for losses they may incur due to outages or losses experienced within your infrastructure?
A: The Hostek.com SLA provides for a refund or credit limited to the dollar amount paid for the service during that monthly period. The refund or credit amount is calculated based on amount paid for the monthly service / number of minutes in a month * number of down minutes.

Q: Do you collect capacity and utilization data for all relevant components of your cloud service offering?
A: Yes. Daily.

Q: Do you provide tenants with capacity planning and utilization reports?
A: No.

Q: Do you have a documented procedure for responding to requests for tenant data from governments or third parties?
A: Yes

Q: Do you process, transmit or store any credit card related information on behalf Cisco?
A: In our St. Louis facility, we do not use Cisco. In our Dallas facility, we do.

Q: Please provide any documentation on policies and procedures for controls you have in place to protect tenant's intellectual property and sensitive data from unauthorized access.
A: Utilization of IPS and IDS. Customer has ability to lock down server access. Internal access information is stored encrypted and only available via internal access.

Q: Please provide any documentation and policies you have regarding how you may access, mine, utilize tenant data and/or metadata.
A: We do not mine nor utilize tenant data. Access to tenant data would occur if tenant asked for help in resolving a situation which may require such access.

Q: Please specify any inspection technologies used for collecting or creating metadata about tenant data usage (search engines, etc.?).
A: We do not inspect tenant data.

Q: What is the process for tenants to opt-out of having their data/metatdata accessed/mined via inspection technologies?
A: N/A as we do not inspect tenant data.

Q: Can you provide the physical location/geography of storage of a tenant’s data upon request?
A: Yes.

Q: Do you allow tenants to define acceptable geographical locations for data routing or resource instantiation?
A: No.

Q: Do you allow tenants to specify which of your geographic locations their data is allowed to traverse into/out of (to address legal jurisdictional considerations based on where data is stored vs. accessed?)
A: No.

Q: What capability do you have to use system geographic location as an authentication factor?
A: N/A

Q: Does legal counsel review all third party agreements?
A: Yes.

Q: Do you select and monitor outsourced providers in compliance with laws in the country where the data orignates, processed, stored and transmitted?
A: N/A

Q: Have you established an Information Security Management Program (ISMP?)
A: Our ISMP is being developed.

Q: Do you provide tenants with a right to audit (tenant audit)?
A: No, for security/confidential purposes.

Q: What is the process for tenants to request deletion/removal of data as needed?
Q: Provide the standards used for secure deletion of archived data upon request by tenants.
Q: What is the process to sanitize all computing resource of tenant data once a customer has exited your environment.
Q: What is time period that you retain customer data after explicit user deletion/removal?
A: When a cloud tenant cancels, their virtual machine and backup data is deleted. Data blocks are reused for new customers, which replace the old blocks.

Q: Do you manage separate production and non production environments & what controls do you have in place to ensure that the production data in not copied to non-production environments?
A: No. We have a redundant production environment, which is replicated nightly from the primary environment.

Q: Are backups and archives of data using unique encryption keys for each tenant?
A: Each tenant has their own uniquely retained archive.

Q: What is the duration for keeping backed up data? And can you provide information about your backup rotations and rotation of your backup media?
A: The backup duration depends on the plan selected. By default this will range from 5-10 days. The backups are full backups with a nightly differential, providing for a full 5-10 day restoration period.

===Identity and Access Control===

===Physical Security and Disaster Recovery===

Q: Do you require strong (multifactor) authentication options (card keys+PIN, biometric readers, etc.) for access to your physical facilities?
A: Yes.

Q: Are any of your datacenters located in places which have a high probability/occurrence of high-impact environmental risks (floods, tornadoes, earthquakes, hurricanes, etc.)?
A: No.

Q: Do you use 24X7 camera monitoring in all the access points of your datacenter and key locations within the datacenter?
A: Yes.

Q: Do you maintain liaisons and points of contact with local authorities in accordance with contracts and appropriate regulations?
A: N/A

[[Category:Infrastructure]]
[[Category:VPS]]

PCI Compliance

2015-06-09T17:51:43Z

Davidd: /* TLS 1.0 */

__FORCETOC__

== Obtaining PCI Compliance ==

You need PCI Compliance if your website/business: '''accepts, transmits or stores any cardholder data.'''

'''If that is you:'''

Find a Quality Security Accessor such as [https://www.securitymetrics.com SecurityMetrics] or [https://trustwave.com/ TrustWave], there are many such vendors. They will help you determine the type of compliance required for your business and provide the services to achieve and maintain compliance.

'''How do I know what level / validation type?'''

The Quality Security Accessor will help you determine this and based on PCI DSS Standards.

*The level of "compliance" required (1-4) is based on transaction or monetary volume.
*The "Validation Type" determines the assessment requirements and is based on how much card data you store.

A copy of the PCI DSS is available [https://www.pcisecuritystandards.org/security_standards/index.php here].
More general unofficial details can be found at [http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard here].

=== How Hostek complements efforts for PCI compliance ===

#Insuring PCI standards can be met and kept for our own systems.
#Providing firewall protection for all servers and the option for PCI compliant firewall rules to be applied to customers environment.
#Providing VPN for customers to securely connect and manage environment remotely.
#Providing VLAN (virtual private network) for customers environment with multiple servers so their database server is completely isolated from public access.
#Including or offering Anti-Virus scanning on VPS and/or Shared Hosting servers.
#Protecting physical access to network and servers. Data centers are managed & monitored 24x7 by security cameras and on-site staff.

== Hostek.com ==

PCI compliance requires quarterly scans from a PCI compliance vendor. Hostek.com goes above and beyond this requirement by having regular scans from two different PCI compliance vendors. One vendor's scans are done quarterly. The other's scans are done nightly. This ensures that all potential PCI compliance issues are accurately identified and dealt with promptly.

===Hostek.com PCI Compliance Report===
Hostek.com PCI DSS Compliance report: [[Media:Hostek-PCI-Compliance-040115.pdf‎]]

==Datacenter==
The St. Louis, MO data center where the hostek.com equipment is housed maintains SOC 2 Certification. This replaced the SSAE16 Certification.

Certification: [[File:2014CyberconSoc2Cert.pdf]]

Audit: [[File:2014CyberconSoc2Audit.pdf]]

===Previous Certifications===
2011-12 - SSAE 16 Certification ([http://hostek.com/forms/SSAE-16_Letter_of_Cert.pdf audit report]). This replaced the SAS 70 Type 2 Certification. 
2013 SOC2 Part 1: [[File:SOC2-2013_CYBERCON_Full_Report_PART-1.pdf]] 
2013 SOC2 Part 2: [[File:SOC2-2013_CYBERCON_Full_Report_PART-2.pdf]]

==Shared Servers==

We support PCI compliance on our shared hosting servers. If your PCI scan shows any issues that are not directly related to your web application, you can attach the report in a support ticket so that we can address any issues.

===TLS 1.0===

{| class="wikitable floatright"
| colspan="2" | Browser Support w/ TLS 1.0 Disabled
|-
| Browser / OS
| Status
|-
| IE 11 / Win 8.1
| Supported
|-
| IE Mobile 10 / Win Phone 8.0
| Unsupported
|-
| IE Mobile 11 / Win Phone 8.1
| Supported
|-
| Java 6u45
| Unsupported
|-
| Java 7u25
| Unsupported
|-
| Java 8u31
| Supported
|-
| OpenSSL 0.9.8y
| Unsupported
|-
| OpenSSL 1.0.1l
| Supported
|-
| OpenSSL 1.0.2
| Supported
|-
| Safari 5.1.9 / OS X 10.6.8
| Unsupported
|-
| Safari 6 / iOS 6.0.1
| Supported
|-
| Safari 6.0.4 / OS X 10.8.4
| Unsupported
|-
| Safari 7 / iOS 7.1
| Supported
|-
| Safari 7 / OS X 10.9
| Supported
|-
| Safari 8 / iOS 8.1.2
| Supported
|-
| Safari 8 / OS X 10.10
| Supported
|-
| Yahoo Slurp Jan 2015
| Supported
|-
| YandexBot Jan 2015
| Supported
|}

{| class="wikitable" style="float: right; margin: 0 0 .5em .5em"
| colspan="2" | Browser Support w/ TLS 1.0 Disabled
|-
| Browser / OS
| Status
|-
| Android 2.3.7
| Unsupported
|-
| Android 4.0.4
| Unsupported
|-
| Android 4.1.1
| Unsupported
|-
| Android 4.2.2
| Unsupported
|-
| Android 4.3
| Unsupported
|-
| Android 4.4.2
| Supported
|-
| Android 5.0.0
| Supported
|-
| Baidu Jan 2015
| Unsupported
|-
| BingPreview Jan 2015
| Supported
|-
| Chrome 42 / OS X
| Supported
|-
| Firefox 31.3.0 ESR / Win 7
| Supported
|-
| Firefox 37 / OS X
| Supported
|-
| Googlebot Feb 2015
| Supported
|-
| IE 6 / XP No FS 1
| Unsupported
|-
| IE 7 / Vista
| Unsupported
|-
| IE 8 / XP No FS 1
| Unsupported
|-
| IE 8-10 / Win 7
| Unsupported
|-
| IE 11 / Win 7
| Supported
|}

We are disabling support for TLS 1.0 on our Shared Windows Servers.

*Disabling TLS 1.0 is now required for PCI DSS compliance.
*This change is to ensure that any connection over HTTPS is secured against "eavesdropping" from Man-In-The-Middle(MITM) attacks.
*The majority of users will be unaffected by this change because it will only affect outdated browsers and old mobile devices that do not support TLS 1.1 or TLS 1.2.
====Internet Explorer====
#After disabling this protocol '''Internet Explorer 11'''(only supported on '''Windows 7 and up''') will be the only version of Internet Explorer that can view HTTPS pages on the shared Windows servers.
#Users with '''Windows XP''' and '''Windows Vista''' will have an unsupported version of Internet Explorer. In order to view HTTPS pages these users will need to use an alternate browser (Example: Google Chrome, Mozilla FireFox, Safari, etc.).

====Support/Unsupported Browsers/OS's====
*See table on the right
 

==Common PCI Compliance Resolutions==

===SSL/TLS Protocol Initialization Vector Implementation Information Disclosure===

aka: BEAST (Browser Exploit Against SSL/TLS) Vulnerability

'''NOTE:''' If you are on a '''shared server''' or a '''managed VPS''', please submit a support ticket [http://support.hostek.com] and attach/include your PCI scan report. The information below is for our non managed VPS customers.

* Place the following text in a file named '''TLS.reg''' and execute the file. It will add registry values to enable TLS 1.1 and TLS 1.2 support:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

* After completing the above step, go to '''Start''' -> '''Run''' -> (type '''gpedit.msc''') -> (click '''OK''')
* Navigate to '''Computer Configuration''' -> '''Administrative Template''' -> '''Network''' -> '''SSL Configuration Settings'''
* Right click on '''SSL Cipher Suite Order''' and choose '''Edit''' (Windows 2008 R2) or '''Properties''' (Windows 2008)
* Select '''Enabled''' and replace the text in the textbox under '''SSL Cipher Suites'''(not to be confused with the '''Notes''' textbox) with the following long line of text(All on a single line - no line breaks or spaces):
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_NULL_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_WITH_MD5,TLS_RSA_WITH_NULL_SHA,TLS_RSA_WITH_NULL_MD5
* Click '''OK'''
* Reboot server

===Disable SSLv2 & Strong Cyphers Only & Strong Protocols Only===
If you are on a shared server, please open a support ticket and attach the PCI scan report.

For VPS's: This generally applies to a Windows based server. If you see one of these items on your PCI scan report, download this zip [http://hostek.com/wikifiles/disablessl2-strongcyphersonly-strongprotocolsonly.zip] and extract the appropriate .reg file and put that on your VPS and double click it to make the appropriate registry change to fix the issue. Generally if one of these show on your report, we suggest running all three .reg files to fully take care of the issue at one time.

'''NOTE:''' You will need to reboot the server for these changes to take affect.

====VPS-Windows 2008 Servers====
This free tool can be used to determine if vulnerable or weak protocols or cypers are enabled, and provides the option to disable them.

https://www.nartac.com/Products/IISCrypto/Default.aspx

Changes using this tool require a server reboot to complete them.

Websites that allow testing for SSL Protocols and Cyphers:

https://www.ssllabs.com/ssltest/index.html

http://www.serversniff.net/sslcheck.php

==Visa E-commerce Security Checklist Questionaire==

Click this link to Visa E-commerce Security Checklist Questionaire [[https://wiki.hostek.com/Visa_E-commerce_Security_Checklist_Questionaire]]

==Cloud Assessment Questions==
Q: Is your organization insured by a 3rd party for losses?
A: Yes

Q: Do your organization's service level agreements provide tenant renumeration for losses they may incur due to outages or losses experienced within your infrastructure?
A: The Hostek.com SLA provides for a refund or credit limited to the dollar amount paid for the service during that monthly period. The refund or credit amount is calculated based on amount paid for the monthly service / number of minutes in a month * number of down minutes.

Q: Do you collect capacity and utilization data for all relevant components of your cloud service offering?
A: Yes. Daily.

Q: Do you provide tenants with capacity planning and utilization reports?
A: No.

Q: Do you have a documented procedure for responding to requests for tenant data from governments or third parties?
A: Yes

Q: Do you process, transmit or store any credit card related information on behalf Cisco?
A: In our St. Louis facility, we do not use Cisco. In our Dallas facility, we do.

Q: Please provide any documentation on policies and procedures for controls you have in place to protect tenant's intellectual property and sensitive data from unauthorized access.
A: Utilization of IPS and IDS. Customer has ability to lock down server access. Internal access information is stored encrypted and only available via internal access.

Q: Please provide any documentation and policies you have regarding how you may access, mine, utilize tenant data and/or metadata.
A: We do not mine nor utilize tenant data. Access to tenant data would occur if tenant asked for help in resolving a situation which may require such access.

Q: Please specify any inspection technologies used for collecting or creating metadata about tenant data usage (search engines, etc.?).
A: We do not inspect tenant data.

Q: What is the process for tenants to opt-out of having their data/metatdata accessed/mined via inspection technologies?
A: N/A as we do not inspect tenant data.

Q: Can you provide the physical location/geography of storage of a tenant’s data upon request?
A: Yes.

Q: Do you allow tenants to define acceptable geographical locations for data routing or resource instantiation?
A: No.

Q: Do you allow tenants to specify which of your geographic locations their data is allowed to traverse into/out of (to address legal jurisdictional considerations based on where data is stored vs. accessed?)
A: No.

Q: What capability do you have to use system geographic location as an authentication factor?
A: N/A

Q: Does legal counsel review all third party agreements?
A: Yes.

Q: Do you select and monitor outsourced providers in compliance with laws in the country where the data orignates, processed, stored and transmitted?
A: N/A

Q: Have you established an Information Security Management Program (ISMP?)
A: Our ISMP is being developed.

Q: Do you provide tenants with a right to audit (tenant audit)?
A: No, for security/confidential purposes.

Q: What is the process for tenants to request deletion/removal of data as needed?
Q: Provide the standards used for secure deletion of archived data upon request by tenants.
Q: What is the process to sanitize all computing resource of tenant data once a customer has exited your environment.
Q: What is time period that you retain customer data after explicit user deletion/removal?
A: When a cloud tenant cancels, their virtual machine and backup data is deleted. Data blocks are reused for new customers, which replace the old blocks.

Q: Do you manage separate production and non production environments & what controls do you have in place to ensure that the production data in not copied to non-production environments?
A: No. We have a redundant production environment, which is replicated nightly from the primary environment.

Q: Are backups and archives of data using unique encryption keys for each tenant?
A: Each tenant has their own uniquely retained archive.

Q: What is the duration for keeping backed up data? And can you provide information about your backup rotations and rotation of your backup media?
A: The backup duration depends on the plan selected. By default this will range from 5-10 days. The backups are full backups with a nightly differential, providing for a full 5-10 day restoration period.

===Identity and Access Control===

===Physical Security and Disaster Recovery===

Q: Do you require strong (multifactor) authentication options (card keys+PIN, biometric readers, etc.) for access to your physical facilities?
A: Yes.

Q: Are any of your datacenters located in places which have a high probability/occurrence of high-impact environmental risks (floods, tornadoes, earthquakes, hurricanes, etc.)?
A: No.

Q: Do you use 24X7 camera monitoring in all the access points of your datacenter and key locations within the datacenter?
A: Yes.

Q: Do you maintain liaisons and points of contact with local authorities in accordance with contracts and appropriate regulations?
A: N/A

[[Category:Infrastructure]]
[[Category:VPS]]

PCI Compliance

2015-06-09T17:49:26Z

Davidd: /* Internet Explorer */

__FORCETOC__

== Obtaining PCI Compliance ==

You need PCI Compliance if your website/business: '''accepts, transmits or stores any cardholder data.'''

'''If that is you:'''

Find a Quality Security Accessor such as [https://www.securitymetrics.com SecurityMetrics] or [https://trustwave.com/ TrustWave], there are many such vendors. They will help you determine the type of compliance required for your business and provide the services to achieve and maintain compliance.

'''How do I know what level / validation type?'''

The Quality Security Accessor will help you determine this and based on PCI DSS Standards.

*The level of "compliance" required (1-4) is based on transaction or monetary volume.
*The "Validation Type" determines the assessment requirements and is based on how much card data you store.

A copy of the PCI DSS is available [https://www.pcisecuritystandards.org/security_standards/index.php here].
More general unofficial details can be found at [http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard here].

=== How Hostek complements efforts for PCI compliance ===

#Insuring PCI standards can be met and kept for our own systems.
#Providing firewall protection for all servers and the option for PCI compliant firewall rules to be applied to customers environment.
#Providing VPN for customers to securely connect and manage environment remotely.
#Providing VLAN (virtual private network) for customers environment with multiple servers so their database server is completely isolated from public access.
#Including or offering Anti-Virus scanning on VPS and/or Shared Hosting servers.
#Protecting physical access to network and servers. Data centers are managed & monitored 24x7 by security cameras and on-site staff.

== Hostek.com ==

PCI compliance requires quarterly scans from a PCI compliance vendor. Hostek.com goes above and beyond this requirement by having regular scans from two different PCI compliance vendors. One vendor's scans are done quarterly. The other's scans are done nightly. This ensures that all potential PCI compliance issues are accurately identified and dealt with promptly.

===Hostek.com PCI Compliance Report===
Hostek.com PCI DSS Compliance report: [[Media:Hostek-PCI-Compliance-040115.pdf‎]]

==Datacenter==
The St. Louis, MO data center where the hostek.com equipment is housed maintains SOC 2 Certification. This replaced the SSAE16 Certification.

Certification: [[File:2014CyberconSoc2Cert.pdf]]

Audit: [[File:2014CyberconSoc2Audit.pdf]]

===Previous Certifications===
2011-12 - SSAE 16 Certification ([http://hostek.com/forms/SSAE-16_Letter_of_Cert.pdf audit report]). This replaced the SAS 70 Type 2 Certification. 
2013 SOC2 Part 1: [[File:SOC2-2013_CYBERCON_Full_Report_PART-1.pdf]] 
2013 SOC2 Part 2: [[File:SOC2-2013_CYBERCON_Full_Report_PART-2.pdf]]

==Shared Servers==

We support PCI compliance on our shared hosting servers. If your PCI scan shows any issues that are not directly related to your web application, you can attach the report in a support ticket so that we can address any issues.

===TLS 1.0===

{| class="wikitable floatright"
| colspan="2" | Browser Support w/ TLS 1.0 Disabled
|-
| Browser / OS
| Status
|-
| IE 11 / Win 8.1
| Supported
|-
| IE Mobile 10 / Win Phone 8.0
| Unsupported
|-
| IE Mobile 11 / Win Phone 8.1
| Supported
|-
| Java 6u45
| Unsupported
|-
| Java 7u25
| Unsupported
|-
| Java 8u31
| Supported
|-
| OpenSSL 0.9.8y
| Unsupported
|-
| OpenSSL 1.0.1l
| Supported
|-
| OpenSSL 1.0.2
| Supported
|-
| Safari 5.1.9 / OS X 10.6.8
| Unsupported
|-
| Safari 6 / iOS 6.0.1
| Supported
|-
| Safari 6.0.4 / OS X 10.8.4
| Unsupported
|-
| Safari 7 / iOS 7.1
| Supported
|-
| Safari 7 / OS X 10.9
| Supported
|-
| Safari 8 / iOS 8.1.2
| Supported
|-
| Safari 8 / OS X 10.10
| Supported
|-
| Yahoo Slurp Jan 2015
| Supported
|-
| YandexBot Jan 2015
| Supported
|}

{| class="wikitable" style="float: right; margin: 0 0 .5em .5em"
| colspan="2" | Browser Support w/ TLS 1.0 Disabled
|-
| Browser / OS
| Status
|-
| Android 2.3.7
| Unsupported
|-
| Android 4.0.4
| Unsupported
|-
| Android 4.1.1
| Unsupported
|-
| Android 4.2.2
| Unsupported
|-
| Android 4.3
| Unsupported
|-
| Android 4.4.2
| Supported
|-
| Android 5.0.0
| Supported
|-
| Baidu Jan 2015
| Unsupported
|-
| BingPreview Jan 2015
| Supported
|-
| Chrome 42 / OS X
| Supported
|-
| Firefox 31.3.0 ESR / Win 7
| Supported
|-
| Firefox 37 / OS X
| Supported
|-
| Googlebot Feb 2015
| Supported
|-
| IE 6 / XP No FS 1
| Unsupported
|-
| IE 7 / Vista
| Unsupported
|-
| IE 8 / XP No FS 1
| Unsupported
|-
| IE 8-10 / Win 7
| Unsupported
|-
| IE 11 / Win 7
| Supported
|}

We are disabling support for TLS 1.0 on our Shared Windows Servers.

*This is now required for PCI DSS compliance.
*This is to ensure that any connection over HTTPS is secured against "eavesdropping" from Man-In-The-Middle(MITM) attacks.
*The majority of users will not notice this change because this will only affect outdated browsers and old mobile devices.
====Internet Explorer====
#After disabling this protocol '''Internet Explorer 11'''(only supported on '''Windows 7 and up''') will be the only version of Internet Explorer that can view HTTPS pages on the shared Windows servers.
#Users with '''Windows XP''' and '''Windows Vista''' will have an unsupported version of Internet Explorer. In order to view HTTPS pages these users will need to use an alternate browser (Example: Google Chrome, Mozilla FireFox, Safari, etc.).

====Support/Unsupported Browsers/OS's====
*See table on the right
 

==Common PCI Compliance Resolutions==

===SSL/TLS Protocol Initialization Vector Implementation Information Disclosure===

aka: BEAST (Browser Exploit Against SSL/TLS) Vulnerability

'''NOTE:''' If you are on a '''shared server''' or a '''managed VPS''', please submit a support ticket [http://support.hostek.com] and attach/include your PCI scan report. The information below is for our non managed VPS customers.

* Place the following text in a file named '''TLS.reg''' and execute the file. It will add registry values to enable TLS 1.1 and TLS 1.2 support:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

* After completing the above step, go to '''Start''' -> '''Run''' -> (type '''gpedit.msc''') -> (click '''OK''')
* Navigate to '''Computer Configuration''' -> '''Administrative Template''' -> '''Network''' -> '''SSL Configuration Settings'''
* Right click on '''SSL Cipher Suite Order''' and choose '''Edit''' (Windows 2008 R2) or '''Properties''' (Windows 2008)
* Select '''Enabled''' and replace the text in the textbox under '''SSL Cipher Suites'''(not to be confused with the '''Notes''' textbox) with the following long line of text(All on a single line - no line breaks or spaces):
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_NULL_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_WITH_MD5,TLS_RSA_WITH_NULL_SHA,TLS_RSA_WITH_NULL_MD5
* Click '''OK'''
* Reboot server

===Disable SSLv2 & Strong Cyphers Only & Strong Protocols Only===
If you are on a shared server, please open a support ticket and attach the PCI scan report.

For VPS's: This generally applies to a Windows based server. If you see one of these items on your PCI scan report, download this zip [http://hostek.com/wikifiles/disablessl2-strongcyphersonly-strongprotocolsonly.zip] and extract the appropriate .reg file and put that on your VPS and double click it to make the appropriate registry change to fix the issue. Generally if one of these show on your report, we suggest running all three .reg files to fully take care of the issue at one time.

'''NOTE:''' You will need to reboot the server for these changes to take affect.

====VPS-Windows 2008 Servers====
This free tool can be used to determine if vulnerable or weak protocols or cypers are enabled, and provides the option to disable them.

https://www.nartac.com/Products/IISCrypto/Default.aspx

Changes using this tool require a server reboot to complete them.

Websites that allow testing for SSL Protocols and Cyphers:

https://www.ssllabs.com/ssltest/index.html

http://www.serversniff.net/sslcheck.php

==Visa E-commerce Security Checklist Questionaire==

Click this link to Visa E-commerce Security Checklist Questionaire [[https://wiki.hostek.com/Visa_E-commerce_Security_Checklist_Questionaire]]

==Cloud Assessment Questions==
Q: Is your organization insured by a 3rd party for losses?
A: Yes

Q: Do your organization's service level agreements provide tenant renumeration for losses they may incur due to outages or losses experienced within your infrastructure?
A: The Hostek.com SLA provides for a refund or credit limited to the dollar amount paid for the service during that monthly period. The refund or credit amount is calculated based on amount paid for the monthly service / number of minutes in a month * number of down minutes.

Q: Do you collect capacity and utilization data for all relevant components of your cloud service offering?
A: Yes. Daily.

Q: Do you provide tenants with capacity planning and utilization reports?
A: No.

Q: Do you have a documented procedure for responding to requests for tenant data from governments or third parties?
A: Yes

Q: Do you process, transmit or store any credit card related information on behalf Cisco?
A: In our St. Louis facility, we do not use Cisco. In our Dallas facility, we do.

Q: Please provide any documentation on policies and procedures for controls you have in place to protect tenant's intellectual property and sensitive data from unauthorized access.
A: Utilization of IPS and IDS. Customer has ability to lock down server access. Internal access information is stored encrypted and only available via internal access.

Q: Please provide any documentation and policies you have regarding how you may access, mine, utilize tenant data and/or metadata.
A: We do not mine nor utilize tenant data. Access to tenant data would occur if tenant asked for help in resolving a situation which may require such access.

Q: Please specify any inspection technologies used for collecting or creating metadata about tenant data usage (search engines, etc.?).
A: We do not inspect tenant data.

Q: What is the process for tenants to opt-out of having their data/metatdata accessed/mined via inspection technologies?
A: N/A as we do not inspect tenant data.

Q: Can you provide the physical location/geography of storage of a tenant’s data upon request?
A: Yes.

Q: Do you allow tenants to define acceptable geographical locations for data routing or resource instantiation?
A: No.

Q: Do you allow tenants to specify which of your geographic locations their data is allowed to traverse into/out of (to address legal jurisdictional considerations based on where data is stored vs. accessed?)
A: No.

Q: What capability do you have to use system geographic location as an authentication factor?
A: N/A

Q: Does legal counsel review all third party agreements?
A: Yes.

Q: Do you select and monitor outsourced providers in compliance with laws in the country where the data orignates, processed, stored and transmitted?
A: N/A

Q: Have you established an Information Security Management Program (ISMP?)
A: Our ISMP is being developed.

Q: Do you provide tenants with a right to audit (tenant audit)?
A: No, for security/confidential purposes.

Q: What is the process for tenants to request deletion/removal of data as needed?
Q: Provide the standards used for secure deletion of archived data upon request by tenants.
Q: What is the process to sanitize all computing resource of tenant data once a customer has exited your environment.
Q: What is time period that you retain customer data after explicit user deletion/removal?
A: When a cloud tenant cancels, their virtual machine and backup data is deleted. Data blocks are reused for new customers, which replace the old blocks.

Q: Do you manage separate production and non production environments & what controls do you have in place to ensure that the production data in not copied to non-production environments?
A: No. We have a redundant production environment, which is replicated nightly from the primary environment.

Q: Are backups and archives of data using unique encryption keys for each tenant?
A: Each tenant has their own uniquely retained archive.

Q: What is the duration for keeping backed up data? And can you provide information about your backup rotations and rotation of your backup media?
A: The backup duration depends on the plan selected. By default this will range from 5-10 days. The backups are full backups with a nightly differential, providing for a full 5-10 day restoration period.

===Identity and Access Control===

===Physical Security and Disaster Recovery===

Q: Do you require strong (multifactor) authentication options (card keys+PIN, biometric readers, etc.) for access to your physical facilities?
A: Yes.

Q: Are any of your datacenters located in places which have a high probability/occurrence of high-impact environmental risks (floods, tornadoes, earthquakes, hurricanes, etc.)?
A: No.

Q: Do you use 24X7 camera monitoring in all the access points of your datacenter and key locations within the datacenter?
A: Yes.

Q: Do you maintain liaisons and points of contact with local authorities in accordance with contracts and appropriate regulations?
A: N/A

[[Category:Infrastructure]]
[[Category:VPS]]

PCI Compliance

2015-06-09T17:48:59Z

Davidd: /* Internet Explorer */

__FORCETOC__

== Obtaining PCI Compliance ==

You need PCI Compliance if your website/business: '''accepts, transmits or stores any cardholder data.'''

'''If that is you:'''

Find a Quality Security Accessor such as [https://www.securitymetrics.com SecurityMetrics] or [https://trustwave.com/ TrustWave], there are many such vendors. They will help you determine the type of compliance required for your business and provide the services to achieve and maintain compliance.

'''How do I know what level / validation type?'''

The Quality Security Accessor will help you determine this and based on PCI DSS Standards.

*The level of "compliance" required (1-4) is based on transaction or monetary volume.
*The "Validation Type" determines the assessment requirements and is based on how much card data you store.

A copy of the PCI DSS is available [https://www.pcisecuritystandards.org/security_standards/index.php here].
More general unofficial details can be found at [http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard here].

=== How Hostek complements efforts for PCI compliance ===

#Insuring PCI standards can be met and kept for our own systems.
#Providing firewall protection for all servers and the option for PCI compliant firewall rules to be applied to customers environment.
#Providing VPN for customers to securely connect and manage environment remotely.
#Providing VLAN (virtual private network) for customers environment with multiple servers so their database server is completely isolated from public access.
#Including or offering Anti-Virus scanning on VPS and/or Shared Hosting servers.
#Protecting physical access to network and servers. Data centers are managed & monitored 24x7 by security cameras and on-site staff.

== Hostek.com ==

PCI compliance requires quarterly scans from a PCI compliance vendor. Hostek.com goes above and beyond this requirement by having regular scans from two different PCI compliance vendors. One vendor's scans are done quarterly. The other's scans are done nightly. This ensures that all potential PCI compliance issues are accurately identified and dealt with promptly.

===Hostek.com PCI Compliance Report===
Hostek.com PCI DSS Compliance report: [[Media:Hostek-PCI-Compliance-040115.pdf‎]]

==Datacenter==
The St. Louis, MO data center where the hostek.com equipment is housed maintains SOC 2 Certification. This replaced the SSAE16 Certification.

Certification: [[File:2014CyberconSoc2Cert.pdf]]

Audit: [[File:2014CyberconSoc2Audit.pdf]]

===Previous Certifications===
2011-12 - SSAE 16 Certification ([http://hostek.com/forms/SSAE-16_Letter_of_Cert.pdf audit report]). This replaced the SAS 70 Type 2 Certification. 
2013 SOC2 Part 1: [[File:SOC2-2013_CYBERCON_Full_Report_PART-1.pdf]] 
2013 SOC2 Part 2: [[File:SOC2-2013_CYBERCON_Full_Report_PART-2.pdf]]

==Shared Servers==

We support PCI compliance on our shared hosting servers. If your PCI scan shows any issues that are not directly related to your web application, you can attach the report in a support ticket so that we can address any issues.

===TLS 1.0===

{| class="wikitable floatright"
| colspan="2" | Browser Support w/ TLS 1.0 Disabled
|-
| Browser / OS
| Status
|-
| IE 11 / Win 8.1
| Supported
|-
| IE Mobile 10 / Win Phone 8.0
| Unsupported
|-
| IE Mobile 11 / Win Phone 8.1
| Supported
|-
| Java 6u45
| Unsupported
|-
| Java 7u25
| Unsupported
|-
| Java 8u31
| Supported
|-
| OpenSSL 0.9.8y
| Unsupported
|-
| OpenSSL 1.0.1l
| Supported
|-
| OpenSSL 1.0.2
| Supported
|-
| Safari 5.1.9 / OS X 10.6.8
| Unsupported
|-
| Safari 6 / iOS 6.0.1
| Supported
|-
| Safari 6.0.4 / OS X 10.8.4
| Unsupported
|-
| Safari 7 / iOS 7.1
| Supported
|-
| Safari 7 / OS X 10.9
| Supported
|-
| Safari 8 / iOS 8.1.2
| Supported
|-
| Safari 8 / OS X 10.10
| Supported
|-
| Yahoo Slurp Jan 2015
| Supported
|-
| YandexBot Jan 2015
| Supported
|}

{| class="wikitable" style="float: right; margin: 0 0 .5em .5em"
| colspan="2" | Browser Support w/ TLS 1.0 Disabled
|-
| Browser / OS
| Status
|-
| Android 2.3.7
| Unsupported
|-
| Android 4.0.4
| Unsupported
|-
| Android 4.1.1
| Unsupported
|-
| Android 4.2.2
| Unsupported
|-
| Android 4.3
| Unsupported
|-
| Android 4.4.2
| Supported
|-
| Android 5.0.0
| Supported
|-
| Baidu Jan 2015
| Unsupported
|-
| BingPreview Jan 2015
| Supported
|-
| Chrome 42 / OS X
| Supported
|-
| Firefox 31.3.0 ESR / Win 7
| Supported
|-
| Firefox 37 / OS X
| Supported
|-
| Googlebot Feb 2015
| Supported
|-
| IE 6 / XP No FS 1
| Unsupported
|-
| IE 7 / Vista
| Unsupported
|-
| IE 8 / XP No FS 1
| Unsupported
|-
| IE 8-10 / Win 7
| Unsupported
|-
| IE 11 / Win 7
| Supported
|}

We are disabling support for TLS 1.0 on our Shared Windows Servers.

*This is now required for PCI DSS compliance.
*This is to ensure that any connection over HTTPS is secured against "eavesdropping" from Man-In-The-Middle(MITM) attacks.
*The majority of users will not notice this change because this will only affect outdated browsers and old mobile devices.
====Internet Explorer====
#After disabling this protocol '''Internet Explorer 11'''(only supported on '''Windows 7 and up''') will be the only version of Internet Explorer that can view HTTPS pages on the shared Windows servers.
#Users with '''Windows XP''' and '''Windows Vista''' will have an unsupported version of Internet Explorer. In order to view HTTTPS pages these users will need to use an alternate browser (Example: Google Chrome, Mozilla FireFox, Safari, etc.).

====Support/Unsupported Browsers/OS's====
*See table on the right
 

==Common PCI Compliance Resolutions==

===SSL/TLS Protocol Initialization Vector Implementation Information Disclosure===

aka: BEAST (Browser Exploit Against SSL/TLS) Vulnerability

'''NOTE:''' If you are on a '''shared server''' or a '''managed VPS''', please submit a support ticket [http://support.hostek.com] and attach/include your PCI scan report. The information below is for our non managed VPS customers.

* Place the following text in a file named '''TLS.reg''' and execute the file. It will add registry values to enable TLS 1.1 and TLS 1.2 support:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

* After completing the above step, go to '''Start''' -> '''Run''' -> (type '''gpedit.msc''') -> (click '''OK''')
* Navigate to '''Computer Configuration''' -> '''Administrative Template''' -> '''Network''' -> '''SSL Configuration Settings'''
* Right click on '''SSL Cipher Suite Order''' and choose '''Edit''' (Windows 2008 R2) or '''Properties''' (Windows 2008)
* Select '''Enabled''' and replace the text in the textbox under '''SSL Cipher Suites'''(not to be confused with the '''Notes''' textbox) with the following long line of text(All on a single line - no line breaks or spaces):
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_NULL_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_WITH_MD5,TLS_RSA_WITH_NULL_SHA,TLS_RSA_WITH_NULL_MD5
* Click '''OK'''
* Reboot server

===Disable SSLv2 & Strong Cyphers Only & Strong Protocols Only===
If you are on a shared server, please open a support ticket and attach the PCI scan report.

For VPS's: This generally applies to a Windows based server. If you see one of these items on your PCI scan report, download this zip [http://hostek.com/wikifiles/disablessl2-strongcyphersonly-strongprotocolsonly.zip] and extract the appropriate .reg file and put that on your VPS and double click it to make the appropriate registry change to fix the issue. Generally if one of these show on your report, we suggest running all three .reg files to fully take care of the issue at one time.

'''NOTE:''' You will need to reboot the server for these changes to take affect.

====VPS-Windows 2008 Servers====
This free tool can be used to determine if vulnerable or weak protocols or cypers are enabled, and provides the option to disable them.

https://www.nartac.com/Products/IISCrypto/Default.aspx

Changes using this tool require a server reboot to complete them.

Websites that allow testing for SSL Protocols and Cyphers:

https://www.ssllabs.com/ssltest/index.html

http://www.serversniff.net/sslcheck.php

==Visa E-commerce Security Checklist Questionaire==

Click this link to Visa E-commerce Security Checklist Questionaire [[https://wiki.hostek.com/Visa_E-commerce_Security_Checklist_Questionaire]]

==Cloud Assessment Questions==
Q: Is your organization insured by a 3rd party for losses?
A: Yes

Q: Do your organization's service level agreements provide tenant renumeration for losses they may incur due to outages or losses experienced within your infrastructure?
A: The Hostek.com SLA provides for a refund or credit limited to the dollar amount paid for the service during that monthly period. The refund or credit amount is calculated based on amount paid for the monthly service / number of minutes in a month * number of down minutes.

Q: Do you collect capacity and utilization data for all relevant components of your cloud service offering?
A: Yes. Daily.

Q: Do you provide tenants with capacity planning and utilization reports?
A: No.

Q: Do you have a documented procedure for responding to requests for tenant data from governments or third parties?
A: Yes

Q: Do you process, transmit or store any credit card related information on behalf Cisco?
A: In our St. Louis facility, we do not use Cisco. In our Dallas facility, we do.

Q: Please provide any documentation on policies and procedures for controls you have in place to protect tenant's intellectual property and sensitive data from unauthorized access.
A: Utilization of IPS and IDS. Customer has ability to lock down server access. Internal access information is stored encrypted and only available via internal access.

Q: Please provide any documentation and policies you have regarding how you may access, mine, utilize tenant data and/or metadata.
A: We do not mine nor utilize tenant data. Access to tenant data would occur if tenant asked for help in resolving a situation which may require such access.

Q: Please specify any inspection technologies used for collecting or creating metadata about tenant data usage (search engines, etc.?).
A: We do not inspect tenant data.

Q: What is the process for tenants to opt-out of having their data/metatdata accessed/mined via inspection technologies?
A: N/A as we do not inspect tenant data.

Q: Can you provide the physical location/geography of storage of a tenant’s data upon request?
A: Yes.

Q: Do you allow tenants to define acceptable geographical locations for data routing or resource instantiation?
A: No.

Q: Do you allow tenants to specify which of your geographic locations their data is allowed to traverse into/out of (to address legal jurisdictional considerations based on where data is stored vs. accessed?)
A: No.

Q: What capability do you have to use system geographic location as an authentication factor?
A: N/A

Q: Does legal counsel review all third party agreements?
A: Yes.

Q: Do you select and monitor outsourced providers in compliance with laws in the country where the data orignates, processed, stored and transmitted?
A: N/A

Q: Have you established an Information Security Management Program (ISMP?)
A: Our ISMP is being developed.

Q: Do you provide tenants with a right to audit (tenant audit)?
A: No, for security/confidential purposes.

Q: What is the process for tenants to request deletion/removal of data as needed?
Q: Provide the standards used for secure deletion of archived data upon request by tenants.
Q: What is the process to sanitize all computing resource of tenant data once a customer has exited your environment.
Q: What is time period that you retain customer data after explicit user deletion/removal?
A: When a cloud tenant cancels, their virtual machine and backup data is deleted. Data blocks are reused for new customers, which replace the old blocks.

Q: Do you manage separate production and non production environments & what controls do you have in place to ensure that the production data in not copied to non-production environments?
A: No. We have a redundant production environment, which is replicated nightly from the primary environment.

Q: Are backups and archives of data using unique encryption keys for each tenant?
A: Each tenant has their own uniquely retained archive.

Q: What is the duration for keeping backed up data? And can you provide information about your backup rotations and rotation of your backup media?
A: The backup duration depends on the plan selected. By default this will range from 5-10 days. The backups are full backups with a nightly differential, providing for a full 5-10 day restoration period.

===Identity and Access Control===

===Physical Security and Disaster Recovery===

Q: Do you require strong (multifactor) authentication options (card keys+PIN, biometric readers, etc.) for access to your physical facilities?
A: Yes.

Q: Are any of your datacenters located in places which have a high probability/occurrence of high-impact environmental risks (floods, tornadoes, earthquakes, hurricanes, etc.)?
A: No.

Q: Do you use 24X7 camera monitoring in all the access points of your datacenter and key locations within the datacenter?
A: Yes.

Q: Do you maintain liaisons and points of contact with local authorities in accordance with contracts and appropriate regulations?
A: N/A

[[Category:Infrastructure]]
[[Category:VPS]]

PCI Compliance

2015-06-09T17:43:43Z

Davidd: /* Support/Unsupported Browsers/OS's */

__FORCETOC__

== Obtaining PCI Compliance ==

You need PCI Compliance if your website/business: '''accepts, transmits or stores any cardholder data.'''

'''If that is you:'''

Find a Quality Security Accessor such as [https://www.securitymetrics.com SecurityMetrics] or [https://trustwave.com/ TrustWave], there are many such vendors. They will help you determine the type of compliance required for your business and provide the services to achieve and maintain compliance.

'''How do I know what level / validation type?'''

The Quality Security Accessor will help you determine this and based on PCI DSS Standards.

*The level of "compliance" required (1-4) is based on transaction or monetary volume.
*The "Validation Type" determines the assessment requirements and is based on how much card data you store.

A copy of the PCI DSS is available [https://www.pcisecuritystandards.org/security_standards/index.php here].
More general unofficial details can be found at [http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard here].

=== How Hostek complements efforts for PCI compliance ===

#Insuring PCI standards can be met and kept for our own systems.
#Providing firewall protection for all servers and the option for PCI compliant firewall rules to be applied to customers environment.
#Providing VPN for customers to securely connect and manage environment remotely.
#Providing VLAN (virtual private network) for customers environment with multiple servers so their database server is completely isolated from public access.
#Including or offering Anti-Virus scanning on VPS and/or Shared Hosting servers.
#Protecting physical access to network and servers. Data centers are managed & monitored 24x7 by security cameras and on-site staff.

== Hostek.com ==

PCI compliance requires quarterly scans from a PCI compliance vendor. Hostek.com goes above and beyond this requirement by having regular scans from two different PCI compliance vendors. One vendor's scans are done quarterly. The other's scans are done nightly. This ensures that all potential PCI compliance issues are accurately identified and dealt with promptly.

===Hostek.com PCI Compliance Report===
Hostek.com PCI DSS Compliance report: [[Media:Hostek-PCI-Compliance-040115.pdf‎]]

==Datacenter==
The St. Louis, MO data center where the hostek.com equipment is housed maintains SOC 2 Certification. This replaced the SSAE16 Certification.

Certification: [[File:2014CyberconSoc2Cert.pdf]]

Audit: [[File:2014CyberconSoc2Audit.pdf]]

===Previous Certifications===
2011-12 - SSAE 16 Certification ([http://hostek.com/forms/SSAE-16_Letter_of_Cert.pdf audit report]). This replaced the SAS 70 Type 2 Certification. 
2013 SOC2 Part 1: [[File:SOC2-2013_CYBERCON_Full_Report_PART-1.pdf]] 
2013 SOC2 Part 2: [[File:SOC2-2013_CYBERCON_Full_Report_PART-2.pdf]]

==Shared Servers==

We support PCI compliance on our shared hosting servers. If your PCI scan shows any issues that are not directly related to your web application, you can attach the report in a support ticket so that we can address any issues.

===TLS 1.0===

{| class="wikitable floatright"
| colspan="2" | Browser Support w/ TLS 1.0 Disabled
|-
| Browser / OS
| Status
|-
| IE 11 / Win 8.1
| Supported
|-
| IE Mobile 10 / Win Phone 8.0
| Unsupported
|-
| IE Mobile 11 / Win Phone 8.1
| Supported
|-
| Java 6u45
| Unsupported
|-
| Java 7u25
| Unsupported
|-
| Java 8u31
| Supported
|-
| OpenSSL 0.9.8y
| Unsupported
|-
| OpenSSL 1.0.1l
| Supported
|-
| OpenSSL 1.0.2
| Supported
|-
| Safari 5.1.9 / OS X 10.6.8
| Unsupported
|-
| Safari 6 / iOS 6.0.1
| Supported
|-
| Safari 6.0.4 / OS X 10.8.4
| Unsupported
|-
| Safari 7 / iOS 7.1
| Supported
|-
| Safari 7 / OS X 10.9
| Supported
|-
| Safari 8 / iOS 8.1.2
| Supported
|-
| Safari 8 / OS X 10.10
| Supported
|-
| Yahoo Slurp Jan 2015
| Supported
|-
| YandexBot Jan 2015
| Supported
|}

{| class="wikitable" style="float: right; margin: 0 0 .5em .5em"
| colspan="2" | Browser Support w/ TLS 1.0 Disabled
|-
| Browser / OS
| Status
|-
| Android 2.3.7
| Unsupported
|-
| Android 4.0.4
| Unsupported
|-
| Android 4.1.1
| Unsupported
|-
| Android 4.2.2
| Unsupported
|-
| Android 4.3
| Unsupported
|-
| Android 4.4.2
| Supported
|-
| Android 5.0.0
| Supported
|-
| Baidu Jan 2015
| Unsupported
|-
| BingPreview Jan 2015
| Supported
|-
| Chrome 42 / OS X
| Supported
|-
| Firefox 31.3.0 ESR / Win 7
| Supported
|-
| Firefox 37 / OS X
| Supported
|-
| Googlebot Feb 2015
| Supported
|-
| IE 6 / XP No FS 1
| Unsupported
|-
| IE 7 / Vista
| Unsupported
|-
| IE 8 / XP No FS 1
| Unsupported
|-
| IE 8-10 / Win 7
| Unsupported
|-
| IE 11 / Win 7
| Supported
|}

We are disabling support for TLS 1.0 on our Shared Windows Servers.

*This is now required for PCI DSS compliance.
*This is to ensure that any connection over HTTPS is secured against "eavesdropping" from Man-In-The-Middle(MITM) attacks.
*The majority of users will not notice this change because this will only affect outdated browsers and old mobile devices.
====Internet Explorer====
#After disabling this Protocol '''Internet Explorer v.11''' [which is only supported on '''Windows 7 and up'''] will be the only version of IE that can view HTTPS Pages on the Shared Windows Servers.
#Users with '''Windows XP''' and '''Windows Vista''' will have an unsupported version of Internet Explorer, so in order to view HTTTPS Pages they will need to use an alternate browser (i.e. Google Chrome, Mozilla FireFox, Safari, etc.).
====Support/Unsupported Browsers/OS's====
*See table on the right
 

==Common PCI Compliance Resolutions==

===SSL/TLS Protocol Initialization Vector Implementation Information Disclosure===

aka: BEAST (Browser Exploit Against SSL/TLS) Vulnerability

'''NOTE:''' If you are on a '''shared server''' or a '''managed VPS''', please submit a support ticket [http://support.hostek.com] and attach/include your PCI scan report. The information below is for our non managed VPS customers.

* Place the following text in a file named '''TLS.reg''' and execute the file. It will add registry values to enable TLS 1.1 and TLS 1.2 support:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

* After completing the above step, go to '''Start''' -> '''Run''' -> (type '''gpedit.msc''') -> (click '''OK''')
* Navigate to '''Computer Configuration''' -> '''Administrative Template''' -> '''Network''' -> '''SSL Configuration Settings'''
* Right click on '''SSL Cipher Suite Order''' and choose '''Edit''' (Windows 2008 R2) or '''Properties''' (Windows 2008)
* Select '''Enabled''' and replace the text in the textbox under '''SSL Cipher Suites'''(not to be confused with the '''Notes''' textbox) with the following long line of text(All on a single line - no line breaks or spaces):
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_NULL_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_WITH_MD5,TLS_RSA_WITH_NULL_SHA,TLS_RSA_WITH_NULL_MD5
* Click '''OK'''
* Reboot server

===Disable SSLv2 & Strong Cyphers Only & Strong Protocols Only===
If you are on a shared server, please open a support ticket and attach the PCI scan report.

For VPS's: This generally applies to a Windows based server. If you see one of these items on your PCI scan report, download this zip [http://hostek.com/wikifiles/disablessl2-strongcyphersonly-strongprotocolsonly.zip] and extract the appropriate .reg file and put that on your VPS and double click it to make the appropriate registry change to fix the issue. Generally if one of these show on your report, we suggest running all three .reg files to fully take care of the issue at one time.

'''NOTE:''' You will need to reboot the server for these changes to take affect.

====VPS-Windows 2008 Servers====
This free tool can be used to determine if vulnerable or weak protocols or cypers are enabled, and provides the option to disable them.

https://www.nartac.com/Products/IISCrypto/Default.aspx

Changes using this tool require a server reboot to complete them.

Websites that allow testing for SSL Protocols and Cyphers:

https://www.ssllabs.com/ssltest/index.html

http://www.serversniff.net/sslcheck.php

==Visa E-commerce Security Checklist Questionaire==

Click this link to Visa E-commerce Security Checklist Questionaire [[https://wiki.hostek.com/Visa_E-commerce_Security_Checklist_Questionaire]]

==Cloud Assessment Questions==
Q: Is your organization insured by a 3rd party for losses?
A: Yes

Q: Do your organization's service level agreements provide tenant renumeration for losses they may incur due to outages or losses experienced within your infrastructure?
A: The Hostek.com SLA provides for a refund or credit limited to the dollar amount paid for the service during that monthly period. The refund or credit amount is calculated based on amount paid for the monthly service / number of minutes in a month * number of down minutes.

Q: Do you collect capacity and utilization data for all relevant components of your cloud service offering?
A: Yes. Daily.

Q: Do you provide tenants with capacity planning and utilization reports?
A: No.

Q: Do you have a documented procedure for responding to requests for tenant data from governments or third parties?
A: Yes

Q: Do you process, transmit or store any credit card related information on behalf Cisco?
A: In our St. Louis facility, we do not use Cisco. In our Dallas facility, we do.

Q: Please provide any documentation on policies and procedures for controls you have in place to protect tenant's intellectual property and sensitive data from unauthorized access.
A: Utilization of IPS and IDS. Customer has ability to lock down server access. Internal access information is stored encrypted and only available via internal access.

Q: Please provide any documentation and policies you have regarding how you may access, mine, utilize tenant data and/or metadata.
A: We do not mine nor utilize tenant data. Access to tenant data would occur if tenant asked for help in resolving a situation which may require such access.

Q: Please specify any inspection technologies used for collecting or creating metadata about tenant data usage (search engines, etc.?).
A: We do not inspect tenant data.

Q: What is the process for tenants to opt-out of having their data/metatdata accessed/mined via inspection technologies?
A: N/A as we do not inspect tenant data.

Q: Can you provide the physical location/geography of storage of a tenant’s data upon request?
A: Yes.

Q: Do you allow tenants to define acceptable geographical locations for data routing or resource instantiation?
A: No.

Q: Do you allow tenants to specify which of your geographic locations their data is allowed to traverse into/out of (to address legal jurisdictional considerations based on where data is stored vs. accessed?)
A: No.

Q: What capability do you have to use system geographic location as an authentication factor?
A: N/A

Q: Does legal counsel review all third party agreements?
A: Yes.

Q: Do you select and monitor outsourced providers in compliance with laws in the country where the data orignates, processed, stored and transmitted?
A: N/A

Q: Have you established an Information Security Management Program (ISMP?)
A: Our ISMP is being developed.

Q: Do you provide tenants with a right to audit (tenant audit)?
A: No, for security/confidential purposes.

Q: What is the process for tenants to request deletion/removal of data as needed?
Q: Provide the standards used for secure deletion of archived data upon request by tenants.
Q: What is the process to sanitize all computing resource of tenant data once a customer has exited your environment.
Q: What is time period that you retain customer data after explicit user deletion/removal?
A: When a cloud tenant cancels, their virtual machine and backup data is deleted. Data blocks are reused for new customers, which replace the old blocks.

Q: Do you manage separate production and non production environments & what controls do you have in place to ensure that the production data in not copied to non-production environments?
A: No. We have a redundant production environment, which is replicated nightly from the primary environment.

Q: Are backups and archives of data using unique encryption keys for each tenant?
A: Each tenant has their own uniquely retained archive.

Q: What is the duration for keeping backed up data? And can you provide information about your backup rotations and rotation of your backup media?
A: The backup duration depends on the plan selected. By default this will range from 5-10 days. The backups are full backups with a nightly differential, providing for a full 5-10 day restoration period.

===Identity and Access Control===

===Physical Security and Disaster Recovery===

Q: Do you require strong (multifactor) authentication options (card keys+PIN, biometric readers, etc.) for access to your physical facilities?
A: Yes.

Q: Are any of your datacenters located in places which have a high probability/occurrence of high-impact environmental risks (floods, tornadoes, earthquakes, hurricanes, etc.)?
A: No.

Q: Do you use 24X7 camera monitoring in all the access points of your datacenter and key locations within the datacenter?
A: Yes.

Q: Do you maintain liaisons and points of contact with local authorities in accordance with contracts and appropriate regulations?
A: N/A

[[Category:Infrastructure]]
[[Category:VPS]]

PCI Compliance

2015-06-09T17:41:08Z

Davidd:

__FORCETOC__

== Obtaining PCI Compliance ==

You need PCI Compliance if your website/business: '''accepts, transmits or stores any cardholder data.'''

'''If that is you:'''

Find a Quality Security Accessor such as [https://www.securitymetrics.com SecurityMetrics] or [https://trustwave.com/ TrustWave], there are many such vendors. They will help you determine the type of compliance required for your business and provide the services to achieve and maintain compliance.

'''How do I know what level / validation type?'''

The Quality Security Accessor will help you determine this and based on PCI DSS Standards.

*The level of "compliance" required (1-4) is based on transaction or monetary volume.
*The "Validation Type" determines the assessment requirements and is based on how much card data you store.

A copy of the PCI DSS is available [https://www.pcisecuritystandards.org/security_standards/index.php here].
More general unofficial details can be found at [http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard here].

=== How Hostek complements efforts for PCI compliance ===

#Insuring PCI standards can be met and kept for our own systems.
#Providing firewall protection for all servers and the option for PCI compliant firewall rules to be applied to customers environment.
#Providing VPN for customers to securely connect and manage environment remotely.
#Providing VLAN (virtual private network) for customers environment with multiple servers so their database server is completely isolated from public access.
#Including or offering Anti-Virus scanning on VPS and/or Shared Hosting servers.
#Protecting physical access to network and servers. Data centers are managed & monitored 24x7 by security cameras and on-site staff.

== Hostek.com ==

PCI compliance requires quarterly scans from a PCI compliance vendor. Hostek.com goes above and beyond this requirement by having regular scans from two different PCI compliance vendors. One vendor's scans are done quarterly. The other's scans are done nightly. This ensures that all potential PCI compliance issues are accurately identified and dealt with promptly.

===Hostek.com PCI Compliance Report===
Hostek.com PCI DSS Compliance report: [[Media:Hostek-PCI-Compliance-040115.pdf‎]]

==Datacenter==
The St. Louis, MO data center where the hostek.com equipment is housed maintains SOC 2 Certification. This replaced the SSAE16 Certification.

Certification: [[File:2014CyberconSoc2Cert.pdf]]

Audit: [[File:2014CyberconSoc2Audit.pdf]]

===Previous Certifications===
2011-12 - SSAE 16 Certification ([http://hostek.com/forms/SSAE-16_Letter_of_Cert.pdf audit report]). This replaced the SAS 70 Type 2 Certification. 
2013 SOC2 Part 1: [[File:SOC2-2013_CYBERCON_Full_Report_PART-1.pdf]] 
2013 SOC2 Part 2: [[File:SOC2-2013_CYBERCON_Full_Report_PART-2.pdf]]

==Shared Servers==

We support PCI compliance on our shared hosting servers. If your PCI scan shows any issues that are not directly related to your web application, you can attach the report in a support ticket so that we can address any issues.

===TLS 1.0===

{| class="wikitable floatright"
| colspan="2" | Browser Support w/ TLS 1.0 Disabled
|-
| Browser / OS
| Status
|-
| IE 11 / Win 8.1
| Supported
|-
| IE Mobile 10 / Win Phone 8.0
| Unsupported
|-
| IE Mobile 11 / Win Phone 8.1
| Supported
|-
| Java 6u45
| Unsupported
|-
| Java 7u25
| Unsupported
|-
| Java 8u31
| Supported
|-
| OpenSSL 0.9.8y
| Unsupported
|-
| OpenSSL 1.0.1l
| Supported
|-
| OpenSSL 1.0.2
| Supported
|-
| Safari 5.1.9 / OS X 10.6.8
| Unsupported
|-
| Safari 6 / iOS 6.0.1
| Supported
|-
| Safari 6.0.4 / OS X 10.8.4
| Unsupported
|-
| Safari 7 / iOS 7.1
| Supported
|-
| Safari 7 / OS X 10.9
| Supported
|-
| Safari 8 / iOS 8.1.2
| Supported
|-
| Safari 8 / OS X 10.10
| Supported
|-
| Yahoo Slurp Jan 2015
| Supported
|-
| YandexBot Jan 2015
| Supported
|}

{| class="wikitable" style="float: right; margin: 0 0 .5em .5em"
| colspan="2" | Browser Support w/ TLS 1.0 Disabled
|-
| Browser / OS
| Status
|-
| Android 2.3.7
| Unsupported
|-
| Android 4.0.4
| Unsupported
|-
| Android 4.1.1
| Unsupported
|-
| Android 4.2.2
| Unsupported
|-
| Android 4.3
| Unsupported
|-
| Android 4.4.2
| Supported
|-
| Android 5.0.0
| Supported
|-
| Baidu Jan 2015
| Unsupported
|-
| BingPreview Jan 2015
| Supported
|-
| Chrome 42 / OS X
| Supported
|-
| Firefox 31.3.0 ESR / Win 7
| Supported
|-
| Firefox 37 / OS X
| Supported
|-
| Googlebot Feb 2015
| Supported
|-
| IE 6 / XP No FS 1
| Unsupported
|-
| IE 7 / Vista
| Unsupported
|-
| IE 8 / XP No FS 1
| Unsupported
|-
| IE 8-10 / Win 7
| Unsupported
|-
| IE 11 / Win 7
| Supported
|}

We are disabling support for TLS 1.0 on our Shared Windows Servers.

*This is now required for PCI DSS compliance.
*This is to ensure that any connection over HTTPS is secured against "eavesdropping" from Man-In-The-Middle(MITM) attacks.
*The majority of users will not notice this change because this will only affect outdated browsers and old mobile devices.
====Internet Explorer====
#After disabling this Protocol '''Internet Explorer v.11''' [which is only supported on '''Windows 7 and up'''] will be the only version of IE that can view HTTPS Pages on the Shared Windows Servers.
#Users with '''Windows XP''' and '''Windows Vista''' will have an unsupported version of Internet Explorer, so in order to view HTTTPS Pages they will need to use an alternate browser (i.e. Google Chrome, Mozilla FireFox, Safari, etc.).
====Support/Unsupported Browsers/OS's====
*See table on the right
 

==Common PCI Compliance Resolutions==

===SSL/TLS Protocol Initialization Vector Implementation Information Disclosure===

aka: BEAST (Browser Exploit Against SSL/TLS) Vulnerability

'''NOTE:''' If you are on a '''shared server''' or a '''managed VPS''', please submit a support ticket [http://support.hostek.com] and attach/include your PCI scan report. The information below is for our non managed VPS customers.

* Place the following text in a file named '''TLS.reg''' and execute the file. It will add registry values to enable TLS 1.1 and TLS 1.2 support:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

* After completing the above step, go to '''Start''' -> '''Run''' -> (type '''gpedit.msc''') -> (click '''OK''')
* Navigate to '''Computer Configuration''' -> '''Administrative Template''' -> '''Network''' -> '''SSL Configuration Settings'''
* Right click on '''SSL Cipher Suite Order''' and choose '''Edit''' (Windows 2008 R2) or '''Properties''' (Windows 2008)
* Select '''Enabled''' and replace the text in the textbox under '''SSL Cipher Suites'''(not to be confused with the '''Notes''' textbox) with the following long line of text(All on a single line - no line breaks or spaces):
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_NULL_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_WITH_MD5,TLS_RSA_WITH_NULL_SHA,TLS_RSA_WITH_NULL_MD5
* Click '''OK'''
* Reboot server

===Disable SSLv2 & Strong Cyphers Only & Strong Protocols Only===
If you are on a shared server, please open a support ticket and attach the PCI scan report.

For VPS's: This generally applies to a Windows based server. If you see one of these items on your PCI scan report, download this zip [http://hostek.com/wikifiles/disablessl2-strongcyphersonly-strongprotocolsonly.zip] and extract the appropriate .reg file and put that on your VPS and double click it to make the appropriate registry change to fix the issue. Generally if one of these show on your report, we suggest running all three .reg files to fully take care of the issue at one time.

'''NOTE:''' You will need to reboot the server for these changes to take affect.

====VPS-Windows 2008 Servers====
This free tool can be used to determine if vulnerable or weak protocols or cypers are enabled, and provides the option to disable them.

https://www.nartac.com/Products/IISCrypto/Default.aspx

Changes using this tool require a server reboot to complete them.

Websites that allow testing for SSL Protocols and Cyphers:

https://www.ssllabs.com/ssltest/index.html

http://www.serversniff.net/sslcheck.php

==Visa E-commerce Security Checklist Questionaire==

Click this link to Visa E-commerce Security Checklist Questionaire [[https://wiki.hostek.com/Visa_E-commerce_Security_Checklist_Questionaire]]

==Cloud Assessment Questions==
Q: Is your organization insured by a 3rd party for losses?
A: Yes

Q: Do your organization's service level agreements provide tenant renumeration for losses they may incur due to outages or losses experienced within your infrastructure?
A: The Hostek.com SLA provides for a refund or credit limited to the dollar amount paid for the service during that monthly period. The refund or credit amount is calculated based on amount paid for the monthly service / number of minutes in a month * number of down minutes.

Q: Do you collect capacity and utilization data for all relevant components of your cloud service offering?
A: Yes. Daily.

Q: Do you provide tenants with capacity planning and utilization reports?
A: No.

Q: Do you have a documented procedure for responding to requests for tenant data from governments or third parties?
A: Yes

Q: Do you process, transmit or store any credit card related information on behalf Cisco?
A: In our St. Louis facility, we do not use Cisco. In our Dallas facility, we do.

Q: Please provide any documentation on policies and procedures for controls you have in place to protect tenant's intellectual property and sensitive data from unauthorized access.
A: Utilization of IPS and IDS. Customer has ability to lock down server access. Internal access information is stored encrypted and only available via internal access.

Q: Please provide any documentation and policies you have regarding how you may access, mine, utilize tenant data and/or metadata.
A: We do not mine nor utilize tenant data. Access to tenant data would occur if tenant asked for help in resolving a situation which may require such access.

Q: Please specify any inspection technologies used for collecting or creating metadata about tenant data usage (search engines, etc.?).
A: We do not inspect tenant data.

Q: What is the process for tenants to opt-out of having their data/metatdata accessed/mined via inspection technologies?
A: N/A as we do not inspect tenant data.

Q: Can you provide the physical location/geography of storage of a tenant’s data upon request?
A: Yes.

Q: Do you allow tenants to define acceptable geographical locations for data routing or resource instantiation?
A: No.

Q: Do you allow tenants to specify which of your geographic locations their data is allowed to traverse into/out of (to address legal jurisdictional considerations based on where data is stored vs. accessed?)
A: No.

Q: What capability do you have to use system geographic location as an authentication factor?
A: N/A

Q: Does legal counsel review all third party agreements?
A: Yes.

Q: Do you select and monitor outsourced providers in compliance with laws in the country where the data orignates, processed, stored and transmitted?
A: N/A

Q: Have you established an Information Security Management Program (ISMP?)
A: Our ISMP is being developed.

Q: Do you provide tenants with a right to audit (tenant audit)?
A: No, for security/confidential purposes.

Q: What is the process for tenants to request deletion/removal of data as needed?
Q: Provide the standards used for secure deletion of archived data upon request by tenants.
Q: What is the process to sanitize all computing resource of tenant data once a customer has exited your environment.
Q: What is time period that you retain customer data after explicit user deletion/removal?
A: When a cloud tenant cancels, their virtual machine and backup data is deleted. Data blocks are reused for new customers, which replace the old blocks.

Q: Do you manage separate production and non production environments & what controls do you have in place to ensure that the production data in not copied to non-production environments?
A: No. We have a redundant production environment, which is replicated nightly from the primary environment.

Q: Are backups and archives of data using unique encryption keys for each tenant?
A: Each tenant has their own uniquely retained archive.

Q: What is the duration for keeping backed up data? And can you provide information about your backup rotations and rotation of your backup media?
A: The backup duration depends on the plan selected. By default this will range from 5-10 days. The backups are full backups with a nightly differential, providing for a full 5-10 day restoration period.

===Identity and Access Control===

===Physical Security and Disaster Recovery===

Q: Do you require strong (multifactor) authentication options (card keys+PIN, biometric readers, etc.) for access to your physical facilities?
A: Yes.

Q: Are any of your datacenters located in places which have a high probability/occurrence of high-impact environmental risks (floods, tornadoes, earthquakes, hurricanes, etc.)?
A: No.

Q: Do you use 24X7 camera monitoring in all the access points of your datacenter and key locations within the datacenter?
A: Yes.

Q: Do you maintain liaisons and points of contact with local authorities in accordance with contracts and appropriate regulations?
A: N/A

[[Category:Infrastructure]]
[[Category:VPS]]

PCI Compliance

2015-06-09T17:39:09Z

Davidd: /* Shared Servers */

__FORCETOC__

== Obtaining PCI Compliance ==

You need PCI Compliance if your website/business: '''accepts, transmits or stores any cardholder data.'''

'''If that is you:'''

Find a Quality Security Accessor such as [https://www.securitymetrics.com SecurityMetrics] or [https://trustwave.com/ TrustWave], there are many such vendors. They will help you determine the type of compliance required for your business and provide the services to achieve and maintain compliance.

'''How do I know what level / validation type?'''

The Quality Security Accessor will help you determine this and based on PCI DSS Standards.

*The level of "compliance" required (1-4) is based on transaction or monetary volume.
*The "Validation Type" determines the assessment requirements and is based on how much card data you store.

A copy of the PCI DSS is available [https://www.pcisecuritystandards.org/security_standards/index.php here].
More general unofficial details can be found at [http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard here].

=== How Hostek complements efforts for PCI compliance ===

#Insuring PCI standards can be met and kept for our own systems.
#Providing firewall protection for all servers and the option for PCI compliant firewall rules to be applied to customers environment.
#Providing VPN for customers to securely connect and manage environment remotely.
#Providing VLAN (virtual private network) for customers environment with multiple servers so their database server is completely isolated from public access.
#Including or offering Anti-Virus scanning on VPS and/or Shared Hosting servers.
#Protecting physical access to network and servers. Data centers are managed & monitored 24x7 by security cameras and on-site staff.

== Hostek.com ==

PCI compliance requires quarterly scans from a PCI compliance vendor. Hostek.com goes above and beyond this requirement by having regular scans from two different PCI compliance vendors. One vendor's scans are done quarterly. The other's scans are done nightly. This ensures that all potential PCI compliance issues are accurately identified and dealt with promptly.

===Hostek.com PCI Compliance Report===
Hostek.com PCI DSS Compliance report: [[Media:Hostek-PCI-Compliance-040115.pdf‎]]

==Datacenter==
The St. Louis, MO data center where the hostek.com equipment is housed maintains SOC 2 Certification. This replaced the SSAE16 Certification.

Certification: [[File:2014CyberconSoc2Cert.pdf]]

Audit: [[File:2014CyberconSoc2Audit.pdf]]

===Previous Certifications===
2011-12 - SSAE 16 Certification ([http://hostek.com/forms/SSAE-16_Letter_of_Cert.pdf audit report]). This replaced the SAS 70 Type 2 Certification. 
2013 SOC2 Part 1: [[File:SOC2-2013_CYBERCON_Full_Report_PART-1.pdf]] 
2013 SOC2 Part 2: [[File:SOC2-2013_CYBERCON_Full_Report_PART-2.pdf]]

==Shared Servers==

We support PCI compliance on our shared hosting servers. If your PCI scan shows any issues that are not directly related to your web application, you can attach the report in a support ticket so that we can address any issues.

===TLS 1.0===

{| class="wikitable floatright"
| colspan="2" | Browser Support w/ TLS 1.0 Disabled
|-
| Browser / OS
| Status
|-
| IE 11 / Win 8.1
| Supported
|-
| IE Mobile 10 / Win Phone 8.0
| Unsupported
|-
| IE Mobile 11 / Win Phone 8.1
| Supported
|-
| Java 6u45
| Unsupported
|-
| Java 7u25
| Unsupported
|-
| Java 8u31
| Supported
|-
| OpenSSL 0.9.8y
| Unsupported
|-
| OpenSSL 1.0.1l
| Supported
|-
| OpenSSL 1.0.2
| Supported
|-
| Safari 5.1.9 / OS X 10.6.8
| Unsupported
|-
| Safari 6 / iOS 6.0.1
| Supported
|-
| Safari 6.0.4 / OS X 10.8.4
| Unsupported
|-
| Safari 7 / iOS 7.1
| Supported
|-
| Safari 7 / OS X 10.9
| Supported
|-
| Safari 8 / iOS 8.1.2
| Supported
|-
| Safari 8 / OS X 10.10
| Supported
|-
| Yahoo Slurp Jan 2015
| Supported
|-
| YandexBot Jan 2015
| Supported
|}

{| class="wikitable" style="float: right; margin: 0 0 .5em .5em"
| colspan="2" | Browser Support w/ TLS 1.0 Disabled
|-
| Browser / OS
| Status
|-
| Android 2.3.7
| Unsupported
|-
| Android 4.0.4
| Unsupported
|-
| Android 4.1.1
| Unsupported
|-
| Android 4.2.2
| Unsupported
|-
| Android 4.3
| Unsupported
|-
| Android 4.4.2
| Supported
|-
| Android 5.0.0
| Supported
|-
| Baidu Jan 2015
| Unsupported
|-
| BingPreview Jan 2015
| Supported
|-
| Chrome 42 / OS X
| Supported
|-
| Firefox 31.3.0 ESR / Win 7
| Supported
|-
| Firefox 37 / OS X
| Supported
|-
| Googlebot Feb 2015
| Supported
|-
| IE 6 / XP No FS 1
| Unsupported
|-
| IE 7 / Vista
| Unsupported
|-
| IE 8 / XP No FS 1
| Unsupported
|-
| IE 8-10 / Win 7
| Unsupported
|-
| IE 11 / Win 7
| Supported
|}

We are disabling support for TLS 1.0 on our Shared Windows Servers.

*This is now required for PCI DSS compliance.
*This is to ensure that any connection over HTTPS is secured against "eavesdropping" from Man-In-The-Middle(MITM) attacks.
*The majority of users will not notice this change because this will only affect outdated browsers and old mobile devices.
====Internet Explorer====
#After disabling this Protocol '''Internet Explorer v.11''' [which is only supported on '''Windows 7 and up'''] will be the only version of IE that can view HTTPS Pages on the Shared Windows Servers.
#Users with '''Windows XP''' and '''Windows Vista''' will have an unsupported version of Internet Explorer, so in order to view HTTTPS Pages they will need to use an alternate browser (i.e. Google Chrome, Mozilla FireFox, Safari, etc.).
====Support/Unsupported Browsers/OS's====
*See table on the right

==Common PCI Compliance Resolutions==

===SSL/TLS Protocol Initialization Vector Implementation Information Disclosure===

aka: BEAST (Browser Exploit Against SSL/TLS) Vulnerability

'''NOTE:''' If you are on a '''shared server''' or a '''managed VPS''', please submit a support ticket [http://support.hostek.com] and attach/include your PCI scan report. The information below is for our non managed VPS customers.

* Place the following text in a file named '''TLS.reg''' and execute the file. It will add registry values to enable TLS 1.1 and TLS 1.2 support:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

* After completing the above step, go to '''Start''' -> '''Run''' -> (type '''gpedit.msc''') -> (click '''OK''')
* Navigate to '''Computer Configuration''' -> '''Administrative Template''' -> '''Network''' -> '''SSL Configuration Settings'''
* Right click on '''SSL Cipher Suite Order''' and choose '''Edit''' (Windows 2008 R2) or '''Properties''' (Windows 2008)
* Select '''Enabled''' and replace the text in the textbox under '''SSL Cipher Suites'''(not to be confused with the '''Notes''' textbox) with the following long line of text(All on a single line - no line breaks or spaces):
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_NULL_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_WITH_MD5,TLS_RSA_WITH_NULL_SHA,TLS_RSA_WITH_NULL_MD5
* Click '''OK'''
* Reboot server

===Disable SSLv2 & Strong Cyphers Only & Strong Protocols Only===
If you are on a shared server, please open a support ticket and attach the PCI scan report.

For VPS's: This generally applies to a Windows based server. If you see one of these items on your PCI scan report, download this zip [http://hostek.com/wikifiles/disablessl2-strongcyphersonly-strongprotocolsonly.zip] and extract the appropriate .reg file and put that on your VPS and double click it to make the appropriate registry change to fix the issue. Generally if one of these show on your report, we suggest running all three .reg files to fully take care of the issue at one time.

'''NOTE:''' You will need to reboot the server for these changes to take affect.

====VPS-Windows 2008 Servers====
This free tool can be used to determine if vulnerable or weak protocols or cypers are enabled, and provides the option to disable them.

https://www.nartac.com/Products/IISCrypto/Default.aspx

Changes using this tool require a server reboot to complete them.

Websites that allow testing for SSL Protocols and Cyphers:

https://www.ssllabs.com/ssltest/index.html

http://www.serversniff.net/sslcheck.php

==Visa E-commerce Security Checklist Questionaire==

Click this link to Visa E-commerce Security Checklist Questionaire [[https://wiki.hostek.com/Visa_E-commerce_Security_Checklist_Questionaire]]

==Cloud Assessment Questions==
Q: Is your organization insured by a 3rd party for losses?
A: Yes

Q: Do your organization's service level agreements provide tenant renumeration for losses they may incur due to outages or losses experienced within your infrastructure?
A: The Hostek.com SLA provides for a refund or credit limited to the dollar amount paid for the service during that monthly period. The refund or credit amount is calculated based on amount paid for the monthly service / number of minutes in a month * number of down minutes.

Q: Do you collect capacity and utilization data for all relevant components of your cloud service offering?
A: Yes. Daily.

Q: Do you provide tenants with capacity planning and utilization reports?
A: No.

Q: Do you have a documented procedure for responding to requests for tenant data from governments or third parties?
A: Yes

Q: Do you process, transmit or store any credit card related information on behalf Cisco?
A: In our St. Louis facility, we do not use Cisco. In our Dallas facility, we do.

Q: Please provide any documentation on policies and procedures for controls you have in place to protect tenant's intellectual property and sensitive data from unauthorized access.
A: Utilization of IPS and IDS. Customer has ability to lock down server access. Internal access information is stored encrypted and only available via internal access.

Q: Please provide any documentation and policies you have regarding how you may access, mine, utilize tenant data and/or metadata.
A: We do not mine nor utilize tenant data. Access to tenant data would occur if tenant asked for help in resolving a situation which may require such access.

Q: Please specify any inspection technologies used for collecting or creating metadata about tenant data usage (search engines, etc.?).
A: We do not inspect tenant data.

Q: What is the process for tenants to opt-out of having their data/metatdata accessed/mined via inspection technologies?
A: N/A as we do not inspect tenant data.

Q: Can you provide the physical location/geography of storage of a tenant’s data upon request?
A: Yes.

Q: Do you allow tenants to define acceptable geographical locations for data routing or resource instantiation?
A: No.

Q: Do you allow tenants to specify which of your geographic locations their data is allowed to traverse into/out of (to address legal jurisdictional considerations based on where data is stored vs. accessed?)
A: No.

Q: What capability do you have to use system geographic location as an authentication factor?
A: N/A

Q: Does legal counsel review all third party agreements?
A: Yes.

Q: Do you select and monitor outsourced providers in compliance with laws in the country where the data orignates, processed, stored and transmitted?
A: N/A

Q: Have you established an Information Security Management Program (ISMP?)
A: Our ISMP is being developed.

Q: Do you provide tenants with a right to audit (tenant audit)?
A: No, for security/confidential purposes.

Q: What is the process for tenants to request deletion/removal of data as needed?
Q: Provide the standards used for secure deletion of archived data upon request by tenants.
Q: What is the process to sanitize all computing resource of tenant data once a customer has exited your environment.
Q: What is time period that you retain customer data after explicit user deletion/removal?
A: When a cloud tenant cancels, their virtual machine and backup data is deleted. Data blocks are reused for new customers, which replace the old blocks.

Q: Do you manage separate production and non production environments & what controls do you have in place to ensure that the production data in not copied to non-production environments?
A: No. We have a redundant production environment, which is replicated nightly from the primary environment.

Q: Are backups and archives of data using unique encryption keys for each tenant?
A: Each tenant has their own uniquely retained archive.

Q: What is the duration for keeping backed up data? And can you provide information about your backup rotations and rotation of your backup media?
A: The backup duration depends on the plan selected. By default this will range from 5-10 days. The backups are full backups with a nightly differential, providing for a full 5-10 day restoration period.

===Identity and Access Control===

===Physical Security and Disaster Recovery===

Q: Do you require strong (multifactor) authentication options (card keys+PIN, biometric readers, etc.) for access to your physical facilities?
A: Yes.

Q: Are any of your datacenters located in places which have a high probability/occurrence of high-impact environmental risks (floods, tornadoes, earthquakes, hurricanes, etc.)?
A: No.

Q: Do you use 24X7 camera monitoring in all the access points of your datacenter and key locations within the datacenter?
A: Yes.

Q: Do you maintain liaisons and points of contact with local authorities in accordance with contracts and appropriate regulations?
A: N/A

[[Category:Infrastructure]]
[[Category:VPS]]

PCI Compliance

2015-06-09T16:58:30Z

Davidd:

__FORCETOC__

== Obtaining PCI Compliance ==

You need PCI Compliance if your website/business: '''accepts, transmits or stores any cardholder data.'''

'''If that is you:'''

Find a Quality Security Accessor such as [https://www.securitymetrics.com SecurityMetrics] or [https://trustwave.com/ TrustWave], there are many such vendors. They will help you determine the type of compliance required for your business and provide the services to achieve and maintain compliance.

'''How do I know what level / validation type?'''

The Quality Security Accessor will help you determine this and based on PCI DSS Standards.

*The level of "compliance" required (1-4) is based on transaction or monetary volume.
*The "Validation Type" determines the assessment requirements and is based on how much card data you store.

A copy of the PCI DSS is available [https://www.pcisecuritystandards.org/security_standards/index.php here].
More general unofficial details can be found at [http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard here].

=== How Hostek complements efforts for PCI compliance ===

#Insuring PCI standards can be met and kept for our own systems.
#Providing firewall protection for all servers and the option for PCI compliant firewall rules to be applied to customers environment.
#Providing VPN for customers to securely connect and manage environment remotely.
#Providing VLAN (virtual private network) for customers environment with multiple servers so their database server is completely isolated from public access.
#Including or offering Anti-Virus scanning on VPS and/or Shared Hosting servers.
#Protecting physical access to network and servers. Data centers are managed & monitored 24x7 by security cameras and on-site staff.

== Hostek.com ==

PCI compliance requires quarterly scans from a PCI compliance vendor. Hostek.com goes above and beyond this requirement by having regular scans from two different PCI compliance vendors. One vendor's scans are done quarterly. The other's scans are done nightly. This ensures that all potential PCI compliance issues are accurately identified and dealt with promptly.

===Hostek.com PCI Compliance Report===
Hostek.com PCI DSS Compliance report: [[Media:Hostek-PCI-Compliance-040115.pdf‎]]

==Datacenter==
The St. Louis, MO data center where the hostek.com equipment is housed maintains SOC 2 Certification. This replaced the SSAE16 Certification.

Certification: [[File:2014CyberconSoc2Cert.pdf]]

Audit: [[File:2014CyberconSoc2Audit.pdf]]

===Previous Certifications===
2011-12 - SSAE 16 Certification ([http://hostek.com/forms/SSAE-16_Letter_of_Cert.pdf audit report]). This replaced the SAS 70 Type 2 Certification. 
2013 SOC2 Part 1: [[File:SOC2-2013_CYBERCON_Full_Report_PART-1.pdf]] 
2013 SOC2 Part 2: [[File:SOC2-2013_CYBERCON_Full_Report_PART-2.pdf]]

==Shared Servers==

===TLS 1.0===
*We are disabling support for TLS 1.0 on our Shared Windows Servers.
*This is now required for PCI DSS compliance.
*This is to ensure that any connection over HTTPS is secured against "eavesdropping" commonly known as Man-In-The-Middle attacks.
#The majority of users won't even noticed this change because this should only affect deprecated browsers.
====Internet Explorer====
#After disabling this Protocol '''Internet Explorer v.11''' [which is only supported on '''Windows 7 and up'''] will be the only version of IE that can view HTTPS Pages on the Shared Windows Servers.
#Users with '''Windows XP''' and '''Windows Vista''' will have an unsupported version of Internet Explorer, so in order to view HTTTPS Pages they will need to use an alternate browser.
#*i.e. Google Chrome, Mozilla FireFox, Safari, etc.
====Support/Unsupported Browsers/OS's====
*Please a snapshot of this list here: https://wiki.hostek.com/images/c/c4/TLS_1.0_PCI_Compliance.PNG

==Common PCI Compliance Resolutions==

===SSL/TLS Protocol Initialization Vector Implementation Information Disclosure===

aka: BEAST (Browser Exploit Against SSL/TLS) Vulnerability

'''NOTE:''' If you are on a '''shared server''' or a '''managed VPS''', please submit a support ticket [http://support.hostek.com] and attach/include your PCI scan report. The information below is for our non managed VPS customers.

* Place the following text in a file named '''TLS.reg''' and execute the file. It will add registry values to enable TLS 1.1 and TLS 1.2 support:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

* After completing the above step, go to '''Start''' -> '''Run''' -> (type '''gpedit.msc''') -> (click '''OK''')
* Navigate to '''Computer Configuration''' -> '''Administrative Template''' -> '''Network''' -> '''SSL Configuration Settings'''
* Right click on '''SSL Cipher Suite Order''' and choose '''Edit''' (Windows 2008 R2) or '''Properties''' (Windows 2008)
* Select '''Enabled''' and replace the text in the textbox under '''SSL Cipher Suites'''(not to be confused with the '''Notes''' textbox) with the following long line of text(All on a single line - no line breaks or spaces):
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_NULL_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_WITH_MD5,TLS_RSA_WITH_NULL_SHA,TLS_RSA_WITH_NULL_MD5
* Click '''OK'''
* Reboot server

===Disable SSLv2 & Strong Cyphers Only & Strong Protocols Only===
If you are on a shared server, please open a support ticket and attach the PCI scan report.

For VPS's: This generally applies to a Windows based server. If you see one of these items on your PCI scan report, download this zip [http://hostek.com/wikifiles/disablessl2-strongcyphersonly-strongprotocolsonly.zip] and extract the appropriate .reg file and put that on your VPS and double click it to make the appropriate registry change to fix the issue. Generally if one of these show on your report, we suggest running all three .reg files to fully take care of the issue at one time.

'''NOTE:''' You will need to reboot the server for these changes to take affect.

====VPS-Windows 2008 Servers====
This free tool can be used to determine if vulnerable or weak protocols or cypers are enabled, and provides the option to disable them.

https://www.nartac.com/Products/IISCrypto/Default.aspx

Changes using this tool require a server reboot to complete them.

Websites that allow testing for SSL Protocols and Cyphers:

https://www.ssllabs.com/ssltest/index.html

http://www.serversniff.net/sslcheck.php

==Visa E-commerce Security Checklist Questionaire==

Click this link to Visa E-commerce Security Checklist Questionaire [[https://wiki.hostek.com/Visa_E-commerce_Security_Checklist_Questionaire]]

==Cloud Assessment Questions==
Q: Is your organization insured by a 3rd party for losses?
A: Yes

Q: Do your organization's service level agreements provide tenant renumeration for losses they may incur due to outages or losses experienced within your infrastructure?
A: The Hostek.com SLA provides for a refund or credit limited to the dollar amount paid for the service during that monthly period. The refund or credit amount is calculated based on amount paid for the monthly service / number of minutes in a month * number of down minutes.

Q: Do you collect capacity and utilization data for all relevant components of your cloud service offering?
A: Yes. Daily.

Q: Do you provide tenants with capacity planning and utilization reports?
A: No.

Q: Do you have a documented procedure for responding to requests for tenant data from governments or third parties?
A: Yes

Q: Do you process, transmit or store any credit card related information on behalf Cisco?
A: In our St. Louis facility, we do not use Cisco. In our Dallas facility, we do.

Q: Please provide any documentation on policies and procedures for controls you have in place to protect tenant's intellectual property and sensitive data from unauthorized access.
A: Utilization of IPS and IDS. Customer has ability to lock down server access. Internal access information is stored encrypted and only available via internal access.

Q: Please provide any documentation and policies you have regarding how you may access, mine, utilize tenant data and/or metadata.
A: We do not mine nor utilize tenant data. Access to tenant data would occur if tenant asked for help in resolving a situation which may require such access.

Q: Please specify any inspection technologies used for collecting or creating metadata about tenant data usage (search engines, etc.?).
A: We do not inspect tenant data.

Q: What is the process for tenants to opt-out of having their data/metatdata accessed/mined via inspection technologies?
A: N/A as we do not inspect tenant data.

Q: Can you provide the physical location/geography of storage of a tenant’s data upon request?
A: Yes.

Q: Do you allow tenants to define acceptable geographical locations for data routing or resource instantiation?
A: No.

Q: Do you allow tenants to specify which of your geographic locations their data is allowed to traverse into/out of (to address legal jurisdictional considerations based on where data is stored vs. accessed?)
A: No.

Q: What capability do you have to use system geographic location as an authentication factor?
A: N/A

Q: Does legal counsel review all third party agreements?
A: Yes.

Q: Do you select and monitor outsourced providers in compliance with laws in the country where the data orignates, processed, stored and transmitted?
A: N/A

Q: Have you established an Information Security Management Program (ISMP?)
A: Our ISMP is being developed.

Q: Do you provide tenants with a right to audit (tenant audit)?
A: No, for security/confidential purposes.

Q: What is the process for tenants to request deletion/removal of data as needed?
Q: Provide the standards used for secure deletion of archived data upon request by tenants.
Q: What is the process to sanitize all computing resource of tenant data once a customer has exited your environment.
Q: What is time period that you retain customer data after explicit user deletion/removal?
A: When a cloud tenant cancels, their virtual machine and backup data is deleted. Data blocks are reused for new customers, which replace the old blocks.

Q: Do you manage separate production and non production environments & what controls do you have in place to ensure that the production data in not copied to non-production environments?
A: No. We have a redundant production environment, which is replicated nightly from the primary environment.

Q: Are backups and archives of data using unique encryption keys for each tenant?
A: Each tenant has their own uniquely retained archive.

Q: What is the duration for keeping backed up data? And can you provide information about your backup rotations and rotation of your backup media?
A: The backup duration depends on the plan selected. By default this will range from 5-10 days. The backups are full backups with a nightly differential, providing for a full 5-10 day restoration period.

===Identity and Access Control===

===Physical Security and Disaster Recovery===

Q: Do you require strong (multifactor) authentication options (card keys+PIN, biometric readers, etc.) for access to your physical facilities?
A: Yes.

Q: Are any of your datacenters located in places which have a high probability/occurrence of high-impact environmental risks (floods, tornadoes, earthquakes, hurricanes, etc.)?
A: No.

Q: Do you use 24X7 camera monitoring in all the access points of your datacenter and key locations within the datacenter?
A: Yes.

Q: Do you maintain liaisons and points of contact with local authorities in accordance with contracts and appropriate regulations?
A: N/A

[[Category:Infrastructure]]
[[Category:VPS]]

PCI Compliance

2015-06-09T16:57:47Z

Davidd:

__FORCETOC__

== Obtaining PCI Compliance ==

You need PCI Compliance if your website/business: '''accepts, transmits or stores any cardholder data.'''

'''If that is you:'''

Find a Quality Security Accessor such as [https://www.securitymetrics.com SecurityMetrics] or [https://trustwave.com/ TrustWave], there are many such vendors. They will help you determine the type of compliance required for your business and provide the services to achieve and maintain compliance.

'''How do I know what level / validation type?'''

The Quality Security Accessor will help you determine this and based on PCI DSS Standards.

*The level of "compliance" required (1-4) is based on transaction or monetary volume.
*The "Validation Type" determines the assessment requirements and is based on how much card data you store.

A copy of the PCI DSS is available [https://www.pcisecuritystandards.org/security_standards/index.php here].
More general unofficial details can be found at [http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard here].

=== How Hostek complements efforts for PCI compliance ===

#Insuring PCI standards can be met and kept for our own systems.
#Providing firewall protection for all servers and the option for PCI compliant firewall rules to be applied to customers environment.
#Providing VPN for customers to securely connect and manage environment remotely.
#Providing VLAN (virtual private network) for customers environment with multiple servers so their database server is completely isolated from public access.
#Including or offering Anti-Virus scanning on VPS and/or Shared Hosting servers.
#Protecting physical access to network and servers. Data centers are managed & monitored 24x7 by security cameras and on-site staff.

== Hostek.com ==

PCI compliance requires quarterly scans from a PCI compliance vendor. Hostek.com goes above and beyond this requirement by having regular scans from two different PCI compliance vendors. One vendor's scans are done quarterly. The other's scans are done nightly. This ensures that all potential PCI compliance issues are accurately identified and dealt with promptly.

===Hostek.com PCI Compliance Report===
Hostek.com PCI DSS Compliance report: [[Media:Hostek-PCI-Compliance-040115.pdf‎]]

==Datacenter==
The St. Louis, MO data center where the hostek.com equipment is housed maintains SOC 2 Certification. This replaced the SSAE16 Certification.

Certification: [[File:2014CyberconSoc2Cert.pdf]]

Audit: [[File:2014CyberconSoc2Audit.pdf]]

===Previous Certifications===
2011-12 - SSAE 16 Certification ([http://hostek.com/forms/SSAE-16_Letter_of_Cert.pdf audit report]). This replaced the SAS 70 Type 2 Certification. 
2013 SOC2 Part 1: [[File:SOC2-2013_CYBERCON_Full_Report_PART-1.pdf]] 
2013 SOC2 Part 2: [[File:SOC2-2013_CYBERCON_Full_Report_PART-2.pdf]]

==Shared Servers

===TLS 1.0===
*We are disabling support for TLS 1.0 on our Shared Windows Servers.
*This is now required for PCI DSS compliance.
*This is to ensure that any connection over HTTPS is secured against "eavesdropping" commonly known as Man-In-The-Middle attacks.
#The majority of users won't even noticed this change because this should only affect deprecated browsers.
====Internet Explorer====
#After disabling this Protocol '''Internet Explorer v.11''' [which is only supported on '''Windows 7 and up'''] will be the only version of IE that can view HTTPS Pages on the Shared Windows Servers.
#Users with '''Windows XP''' and '''Windows Vista''' will have an unsupported version of Internet Explorer, so in order to view HTTTPS Pages they will need to use an alternate browser.
#*i.e. Google Chrome, Mozilla FireFox, Safari, etc.
====Support/Unsupported Browsers/OS's====
*Please a snapshot of this list here: https://wiki.hostek.com/images/c/c4/TLS_1.0_PCI_Compliance.PNG

==Common PCI Compliance Resolutions==

===SSL/TLS Protocol Initialization Vector Implementation Information Disclosure===

aka: BEAST (Browser Exploit Against SSL/TLS) Vulnerability

'''NOTE:''' If you are on a '''shared server''' or a '''managed VPS''', please submit a support ticket [http://support.hostek.com] and attach/include your PCI scan report. The information below is for our non managed VPS customers.

* Place the following text in a file named '''TLS.reg''' and execute the file. It will add registry values to enable TLS 1.1 and TLS 1.2 support:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

* After completing the above step, go to '''Start''' -> '''Run''' -> (type '''gpedit.msc''') -> (click '''OK''')
* Navigate to '''Computer Configuration''' -> '''Administrative Template''' -> '''Network''' -> '''SSL Configuration Settings'''
* Right click on '''SSL Cipher Suite Order''' and choose '''Edit''' (Windows 2008 R2) or '''Properties''' (Windows 2008)
* Select '''Enabled''' and replace the text in the textbox under '''SSL Cipher Suites'''(not to be confused with the '''Notes''' textbox) with the following long line of text(All on a single line - no line breaks or spaces):
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_NULL_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_WITH_MD5,TLS_RSA_WITH_NULL_SHA,TLS_RSA_WITH_NULL_MD5
* Click '''OK'''
* Reboot server

===Disable SSLv2 & Strong Cyphers Only & Strong Protocols Only===
If you are on a shared server, please open a support ticket and attach the PCI scan report.

For VPS's: This generally applies to a Windows based server. If you see one of these items on your PCI scan report, download this zip [http://hostek.com/wikifiles/disablessl2-strongcyphersonly-strongprotocolsonly.zip] and extract the appropriate .reg file and put that on your VPS and double click it to make the appropriate registry change to fix the issue. Generally if one of these show on your report, we suggest running all three .reg files to fully take care of the issue at one time.

'''NOTE:''' You will need to reboot the server for these changes to take affect.

====VPS-Windows 2008 Servers====
This free tool can be used to determine if vulnerable or weak protocols or cypers are enabled, and provides the option to disable them.

https://www.nartac.com/Products/IISCrypto/Default.aspx

Changes using this tool require a server reboot to complete them.

Websites that allow testing for SSL Protocols and Cyphers:

https://www.ssllabs.com/ssltest/index.html

http://www.serversniff.net/sslcheck.php

==Visa E-commerce Security Checklist Questionaire==

Click this link to Visa E-commerce Security Checklist Questionaire [[https://wiki.hostek.com/Visa_E-commerce_Security_Checklist_Questionaire]]

==Cloud Assessment Questions==
Q: Is your organization insured by a 3rd party for losses?
A: Yes

Q: Do your organization's service level agreements provide tenant renumeration for losses they may incur due to outages or losses experienced within your infrastructure?
A: The Hostek.com SLA provides for a refund or credit limited to the dollar amount paid for the service during that monthly period. The refund or credit amount is calculated based on amount paid for the monthly service / number of minutes in a month * number of down minutes.

Q: Do you collect capacity and utilization data for all relevant components of your cloud service offering?
A: Yes. Daily.

Q: Do you provide tenants with capacity planning and utilization reports?
A: No.

Q: Do you have a documented procedure for responding to requests for tenant data from governments or third parties?
A: Yes

Q: Do you process, transmit or store any credit card related information on behalf Cisco?
A: In our St. Louis facility, we do not use Cisco. In our Dallas facility, we do.

Q: Please provide any documentation on policies and procedures for controls you have in place to protect tenant's intellectual property and sensitive data from unauthorized access.
A: Utilization of IPS and IDS. Customer has ability to lock down server access. Internal access information is stored encrypted and only available via internal access.

Q: Please provide any documentation and policies you have regarding how you may access, mine, utilize tenant data and/or metadata.
A: We do not mine nor utilize tenant data. Access to tenant data would occur if tenant asked for help in resolving a situation which may require such access.

Q: Please specify any inspection technologies used for collecting or creating metadata about tenant data usage (search engines, etc.?).
A: We do not inspect tenant data.

Q: What is the process for tenants to opt-out of having their data/metatdata accessed/mined via inspection technologies?
A: N/A as we do not inspect tenant data.

Q: Can you provide the physical location/geography of storage of a tenant’s data upon request?
A: Yes.

Q: Do you allow tenants to define acceptable geographical locations for data routing or resource instantiation?
A: No.

Q: Do you allow tenants to specify which of your geographic locations their data is allowed to traverse into/out of (to address legal jurisdictional considerations based on where data is stored vs. accessed?)
A: No.

Q: What capability do you have to use system geographic location as an authentication factor?
A: N/A

Q: Does legal counsel review all third party agreements?
A: Yes.

Q: Do you select and monitor outsourced providers in compliance with laws in the country where the data orignates, processed, stored and transmitted?
A: N/A

Q: Have you established an Information Security Management Program (ISMP?)
A: Our ISMP is being developed.

Q: Do you provide tenants with a right to audit (tenant audit)?
A: No, for security/confidential purposes.

Q: What is the process for tenants to request deletion/removal of data as needed?
Q: Provide the standards used for secure deletion of archived data upon request by tenants.
Q: What is the process to sanitize all computing resource of tenant data once a customer has exited your environment.
Q: What is time period that you retain customer data after explicit user deletion/removal?
A: When a cloud tenant cancels, their virtual machine and backup data is deleted. Data blocks are reused for new customers, which replace the old blocks.

Q: Do you manage separate production and non production environments & what controls do you have in place to ensure that the production data in not copied to non-production environments?
A: No. We have a redundant production environment, which is replicated nightly from the primary environment.

Q: Are backups and archives of data using unique encryption keys for each tenant?
A: Each tenant has their own uniquely retained archive.

Q: What is the duration for keeping backed up data? And can you provide information about your backup rotations and rotation of your backup media?
A: The backup duration depends on the plan selected. By default this will range from 5-10 days. The backups are full backups with a nightly differential, providing for a full 5-10 day restoration period.

===Identity and Access Control===

===Physical Security and Disaster Recovery===

Q: Do you require strong (multifactor) authentication options (card keys+PIN, biometric readers, etc.) for access to your physical facilities?
A: Yes.

Q: Are any of your datacenters located in places which have a high probability/occurrence of high-impact environmental risks (floods, tornadoes, earthquakes, hurricanes, etc.)?
A: No.

Q: Do you use 24X7 camera monitoring in all the access points of your datacenter and key locations within the datacenter?
A: Yes.

Q: Do you maintain liaisons and points of contact with local authorities in accordance with contracts and appropriate regulations?
A: N/A

[[Category:Infrastructure]]
[[Category:VPS]]

Pattern Based DDOS Blocking

2014-04-14T16:37:49Z

Davidd:

This article will cover pattern-based ddos blocking in a Windows IIS environment.

==Identifying Patterns==

If you suspect that your site may be under a DDOS attack, the first place to look will be the HTTP logs. This is where the web server records information for each request made to a site. For domains added using our control panel, the default log directory will be:
C:\home\domainname.com\logs\W3SVC##
For sites added to IIS manually, the default log directory will be:
C:\inetpub\logs\LogFiles\W3SVC##
NOTE: ## represents the site's ID number as shown in IIS.

After finding the log directory, check the log with the date of the attack or the log for today if the attack is still in progress. First, glance over the log file to determine if there is truly an attack in progress. If you can identify traffic that you are certain is not normal traffic, check for patterns in that traffic that we can use to block it. Specifically, look for any combination of the following that are the same for every bad request:
URL
REQUEST METHOD
QUERY STRING
USER-AGENT

If you can identify enough of the above request details that are the same for every bad request without blocking normal site traffic, then continue to the next section to add the blocking rule.

==Creating Block Rule(s)==

In IIS, browse to the site that is being hit by the attacks, and open the URL Rewrite tool. Add a new 'Blank rule'. Enter a name and set the 'Action type' to 'Abort Request'. The rest of the options you use will depend on which request details are being matched. Below are some guidelines:

* '''URL''': The URL is specified in the 'Pattern' field.
* '''REQUEST METHOD''': Add a condition with the following details:
Condition input: {REQUEST_METHOD}
Pattern: GET (or POST or HEAD or whichever request method is being used in the attack)
* '''QUERY STRING''': Add a condition with the following details:
Condition input: {QUERY_STRING}
Pattern: ** query string pattern **
* '''USER-AGENT''': Add a condition with the following details:
Condition input: {HTTP_USER_AGENT}
Pattern: ** user-agent string **

'''NOTE:''' The 'Pattern' input fields are entered as Regular Expressions. If you are not familiar with using Regular Expressions, you may need to request assistance with setting up the proper rule.

[[User:Davidd|Davidd]] ([[User talk:Davidd|talk]]) 11:37, 14 April 2014 (CDT)

[[Category:Windows-VPS]]
[[Category:VPS]]

Pattern Based DDOS Blocking

2014-04-14T16:37:14Z

Davidd: Created page with "This article will cover pattern-based ddos blocking in a Windows IIS environment. ==Identifying Patterns== If you suspect that your site may be under a DDOS attack, the firs..."

WCP (Windows based Control Panel)

2014-02-19T16:15:25Z

Davidd:

==How To Login To My WCP Control Panel==
#To manage your domain, login to the WCP Control Panel, using the details below
#URL: '''https://wcp.hostek.com'''/
#Username:
#Password: ** same as your cp.hostek.com password **
*You can also login to the control panel through your billing control panel https://cp.hostek.com/clientarea.php
#Click on ''''My Services'''' 'Click the '''small Green arrow''' on the the notepad to the right'
#Now click the '''Login to Control Panel''' Icon'''

[[Category:Windows]]
[[Category:ColdFusion]]
[[Category:Railo]]

==Custom URL for the WCP Control Panel==
The WCP can als be accessed by wcp.your_domain.com

Setup wcp.your_domain.com as an A record for "184.175.108.65" or as a CName record for "wcp.ezhostingserver.com".

===Resellers and VPS - WCP White label Settings===
Resellers and VPS customers can setup their logo in their Reseller control panel, however those additional features will only be avaialble when using the specific domain they configured in the reseller setttings. The reseller settings will be available using ANY url, and as mentioned within these settings the reseller "URL" can be setup and other whitelabel options making WCP the ultimate Windows Control Panel

[[Category: Windows VPS]]
[[Category:Resellers]]

==Adding Additional Control Panel Logins==
*This will allow you to set up additional control panel logins for you or for others involved in editing or managing your account. You can limit the Permissions or options available for them to manage.
#Login to the WCP Control Panel, using the details below
#URL: '''https://wcp.hostek.com'''/
#Username:
#Password: ** same as your cp.hostek.com password **
#Click on the '''Control panel Logins''' tab, then click on the '''Add''' icon.
#Put the "Username, Password and if you want them to have Limited Permission.
#If you want them to have Limited Permission then check the '''Limited Permission''' box. This will load a dropdown where you can select what privlages they have to manage.
#Once you are done click the '''Save''' icon at the bottom of the screen.
#Once it has been added you or they can login by going to https://wcp.hostek.com/Login.aspx and using the username and password that you set for it.
[[Category:Windows]]
[[Category:ColdFusion]]
[[Category:Railo]]

==Unlimited Plans - Add Additional Domains==
Use these steps to add additional domains under your Windows Unlimited account.

#Login to your WCP control panel
#*Windows Unlimited: For adding a third (or more) domain select any domain from the upper right hand corner dropdown box "Domains".
#Within the "Domains" box click the "Addon Domains" icon.
#Click "Add" and enter the following:
#*Domain Name
#*Username
#*Password
#Click "Save"
#To manage the domain, you can now select it from the domains list dropdown box.
[[Category:Windows]]

==Site Details==
We recommend you review the "Site Settings" which includes many important details about your domain including:

WCP (login and select domain) > Website Settings > '''Site Details'''

*Testing URL
*Primary and Secondary DNS
*Site IP
*Web Root Path
*FTP Root Path
===IIS Version & ColdFusion Version (if applicable)===
To get your domain's IIS Version and ColdFusion Version (if applicable) log in to WCP and under the Settings section, click on the Site Details option.

==FTP Accounts==
*Adding or editing FTP accounts.
#click on the '''FTP Accounts''' tab.
#To edit one click on the little '''Pencil Icon''' to the left, to add one click on the '''Add FTP User''' tab.
#If you are adding one you will set the Username:, Password: and folder then click the #Click on the '''Save''' Icon.
[[Category:Windows]]
[[Category:ColdFusion]]
[[Category:Railo]]

==File Manager==
*Basic File Operations, file uploading and editing now supported- Zip, GZip, and Tar Archive support.
#Click on the '''File Manager icon''', then the '''Login icon''' on the next screen.
#To create files or Directory's outside the WWW root folder right click and click on the '''Create File''' or '''Create Directory''' option.
#Click the '''Continue Icon''' to add this.
#To add/edit files in the WWWroot click on the '''wwwroot file'''.
#once you are in you can add, edit or delete by right clicking and clicking on the options given.
[[Category:ColdFusion]]
[[Category:Windows]]

==Password Protect Folders==
#Under the Files section click on '''Password Protect'''.
#Click on '''Manage Protected Folders'''.
#Browse to and click on the folder that you want to set this up on and check '''Enable Protection'''.
#Select a user from the list or click on '''Manage Users''', then click '''Add''', and enter username and password then Save.

==IIS Settings==
*Setting up error pages, default pages, advanced settings, etc.
===Custom Error pages===
#Click on '''IIS Settings''' in your WCP
#Click the edit button next to the error page you want to change
#Uncheck the '''Use System Default''' checkbox
#Enter the path to your custom error page
#Click '''Save'''
===Mime Types===
#Click on '''IIS Settings''' in your WCP
#Scroll to the bottom of the window and click '''Add Mime Type'''
#Enter the extension for the Mime Type
#Enter the Mime Type information
#Click '''Save'''
*An example Mime Type is below:
<pre>
Extension: .mp3
Mime Type: audio/mpeg
</pre>

More information here: https://wiki.hostek.com/Mime_types

===Default Docs===
*Select a default document and drag it to the top position to set it as top priority
*Click '''Add''' to add a default doc
*Click the red '''X''' to delete a default doc
*Click a default doc and change the name
*For example: change '''"index.htm"''' to '''"index.asp"'''

===Advanced===
====Recycle Application Pool====
If you see a Service Unavailable message on your site, or have a general need to recycle a site's IIS Application Pool, you can do so through this section of WCP.
#Click the '''IIS Settings''' icon in WCP
#Click the '''Advanced''' tab in the '''IIS Settings''' section
#Click the '''Recycle''' button.

==PHP Settings==
If you notice you need a different version of php or want to check what version you are using you can update it to that version if it is installed to the server or can enable custom php.ini settings to use specifically for your domain.
#Click the configuration for the domain or subdomain you want updated.
#Select the version you wish to use.
#Check the checkbox if you want to enable a custom php.ini file
#Click save to save the settings.

[[Category:ColdFusion]]
[[Category:Windows]]

==DNS Editor==
'''READ FIRST''' When a new domain is added to WCP all DNS records are also created (in most cases). Clicking on the DNS Editor will open a window with these records, for editing, adding and deleting. Most times nothing needs to be done other than pointing your domain to the Primary and Secondary DNS Servers listed under [https://wiki.hostek.com/WCP_(Windows_based_Control_Panel)#Site_Details WCP Site Details].

===Create a new DNS record===
#Click '''Add DNS''' Record button
#Enter Name for record (If DNS record name is your domain name please leave this Name - text box blank as the control panel will automatically add your domain name)
#Choose the Record type (A, CNAME, MX, NS, TXT, SPF, SRV)
#Enter Data Type
#Generally leave the TTL (Time To Live) as the default 86400
#Click on the '''Save''' Icon.

===Update DNS records===
#To update an existing DNS record click the '''Pencil''' icon next to the record you would like to update.
#You will then be able to change the Name of the record, the Type of record, Data of the record, and Time to Live.
#Once updated Click on the '''Save''' Icon.

===SVR Record Fields===

<pre>
Name: _service._protocol
Type: SRV
Data: priority weight port address
TTL: 86400
</pre>

Example:
<pre>
Name: _sip._udp
Type: SRV
Data: 10 5 4030 sip.mydomain.com
TTL: 86400
</pre>

===SPF Records===
An SPF Record (simply an entry into the DNS records) is used by mail servers to know if mail coming from an address at your domain is really allowed to be sent from the sending mail server.

If you will be using our servers send email related to your domain, you would generally use an SPF record like the following:<pre>"v=spf1 a mx include:spf.hostek.com -all"</pre>

For our Resellers that don't want to use hostek.com, use an SPF Record like:<pre>"v=spf1 a mx include:spf.ezhostingserver.com -all"</pre>
'''Steps to add an SPF Record to your domain:'''
Assuming that your DNS is managed with us:
#Log in to your hosting control panel at wcp.hostek.com
#Open the DNS Editor (DNS Manager) section
#Click on Add Record.
#Leave the Name field blank.
#For the Type, choose TXT
#For the Data enter the SPF Record detail as you need, using the sample provided above.

'''Basic information related to some SPF Record options:'''

The '''"-all"''' may be adjusted on a per customer basis to any of the following depending on their needs:

'''-all''' = mail not sent from an address listed in the SPF record should be completely rejected (Hard Fail). Mail that IS sent from an address in the SPF record may be given a lower spam score by some servers.

'''~all''' = mail not sent from an address listed in the SPF record should be given a higher spam score(Soft Fail). Mail that IS sent from an address in the SPF record may be given a lower spam score by some servers.

'''?all''' = mail not sent from an address listed in the SPF record should be treated normally as if the domain did not have an spf record (Neutral). Mail that IS sent from an address in the SPF record may be given a lower spam score by some servers.

[[Category:Windows]]
[[Category:ColdFusion]]
[[Category:Railo]]

==Sub Domains==
*A sub-domain is like an extension of your domain name. For example, if your domain name were myfamily.com, a sub-domain would be in the following form: dad.myfamily.com or mom.myfamily.com etc.
*You can have a sub-domain pointed to any folder within your web site. If a visitor goes directly to that sub-domain he will be taken to that folder, not to your site's main page.
#Click on the '''Sub Domains icon'''
#Click "'''Add'''" sub Domain button
#Enter sub domain name in Name text box. This will automatically populate the Folder text box to a folder with the same name as the subdomain.
#If you wish this Subdomain to point to a different folder you can click on the folder icon and choose the directory you would like your Sub Domain to point to.
#Click on the "'''Save'''" Icon.
#This will create the sub domain record within your domains DNS zone,
*If the domains name servers are not pointed to us you will need to manually create this record where your domains DNS is hosted.
[[Category:Control-Panels]]
[[Category:Windows]]
[[Category:ColdFusion]]
[[Category:Railo]]

==Domain Alias==
*This will allow you to point 2 domains to the same website. How to create a Domain
#To create a domain alias you will click on the ''Domain Aliases icon''
#Click '''Add Domain Alias''' button
#Enter your Alias Name
#Click on the "'''Save'''" Icon.
*You will need to be sure that your Domain Alias has been registered and has the name servers pointed to the name servers found beneath the Site Details icon.

==Applications==
# Some helpful video tutorials showing how to install a select few applications easily within the WCP Control Panel are below:

*Joomla - [http://hostek.com/tutorials/joomla_Installation_tutorial.html Installing Joomla Application]

*Wordpress - [http://hostek.com/tutorials/wordpress_Installation_tutorial.html Installing Wordpress Application]

*Mura - [http://hostek.com/tutorials/mura_Installation_tutorial.html Installing Mura Application]

*Magento - [http://hostek.com/tutorials/magento_Installation_tutorial.html Installing Magento Application]

*Oscommerce - [http://hostek.com/tutorials/oscommerce_Installation_tutorial.html Installing OsCommerce Application]

==Email==
*Below is information on how to manage your email account within the WCP.
*'''FOR VPS''' You will also have "Admin" access to SmarterMail. Access webmail (click the webmail link in WCP) and login with user "admin" and the primary VPS password.

==Email Users==
*Allows you to create Email users as well as log directly into users Webmail account
#Once you are logged into your WCP account, under the Email Section
#Click '''Users''' icon
#Click '''Add Email User''' button
#Enter email user name (Example: if you need the email address "admin@domain.com" enter the user "admin")
#Enter password for Email user (**See note below regarding password requirements)
#Enter Display name (Usually set to the name of the person using the specific email account)
#Choose if you would like this user to have administrator rights
#Choose mail box size limit for this specific user
#Click on the '''Save'''
#'''NOTE Password requirements'''
*Minimum Length 6 Characters
*Must include Uppercase
*Must include Lowercase
*Must include Number
*Must include Special character
*Password cannot match username

==Edit existing Email user==
#Once you are logged into your WCP account, under the Email Section
#Click '''Users''' icon
#Click '''pencil icon''' next to user to update
#Update information
#Click '''Save'''

==Web mail==
#Once you are logged into your WCP account, under the Email Section
#Click '''Login button''' next to user you would like access the mail for
*Web Mail Provides links to access the Webmail program as well as to access mail before domain propagation to our mail server
#Click '''Web Mail icon'''
#If domain is propagated and pointed to our mail server you can click the '''webmail''' link to access the SmarterMail webmail log in screen.
#If you domain has not yet propagated to our mail server click the "Pr-Propagation Web Mail" link to access the SmarterMail webmail log in screen.

==Mail Forwarding==
#Once you are logged into your WCP account, under the Email Section
*Allows you to set up an email alias.
#Click on the '''Forwarding button'''
#Enter Alias name
#Enter address for email to this Alias to be forwarded to
#Click on the '''Save Icon'''

==MySQL database==
*MySQL Allow you to create a MySQL database under your domain
#Click on '''MySQL icon'''
#To add new database click '''Add MySQL Database'''
#Enter Database Name
#Enter Username
#Enter Password
#(If you need a coldfusion DSN place check in check box and provide Coldfusion DSN name)
#Click '''Save'''

*To create new user for existing database
#Click '''MySQL icon'''
#Click '''Add new user button'''
#Enter Username
#Enter Password
#Place check mark in check box for each database you would like this user to have access to.
#To update the password on existing database user.
#Click '''MySQL icon'''
#Click '''pencil icon next to Username'''
#enter new password
#Click on the '''Save Icon'''.

*To update the password on existing database user.
#Click '''MySQL icon'''
#Click pencil '''icon next to Username'''
#Enter new password
#Click on the '''Save''' Icon.

==PhpMyAdmin==
*Allows you to log directly into your MySQL database to manage.
#Click on '''PhpMyAdmin link'''
#If you are not logged directly into your MySQL database simply enter the server your database is located on (Can be found by clicking the MySQL icon) and enter your Username and Password.
#Once logged in your Databases will be displayed on the Left, click on '''database name''' to manage that database.
*Here is a Video that will show how to create a MySQL database and how to Backup / Restore the database through PhpMyAdmin: [http://hostek.com/tutorials/managing_mysql.html PhpMyAdmin Backup and Restore Video]

==MSSQL==
===To create MSSQL databases and users===
#Click '''MSSQL icon'''
#To add a new database click '''Add MSSQL''' database
#Enter Database Name
#Choose database size
#Enter or Choose existing Username
#Enter Password
#Choose '''Default Collation''' (Usually left as default)
#Choose '''Recovery Model''' (Usually left as Simple as we make daily full backups of all #databases which we keep for 7 days)
#Place a Check mark in the box for Coldfusion DataSource if ColdFusion DSN is needed.
#Enter ColdFusion DSN name.
#Click on the '''Save''' Icon.

===To edit an existing MSSQL database===
#Click '''MSSQL icon'''
#Click '''Pencil icon''' next to database name to edit
#Edit field necessary
#Click on the '''Save''' Icon.

===Changing the MSSQL Transaction Log (Recovery Model) Settings===
#Click '''MSSQL icon'''
#Click '''Pencil icon''' next to database name to edit
#Click the dropdown menu next to '''Recovery Model''' and select either '''Full''' or '''Simple'''
#Click on the '''Save''' Icon.

===To edit password for existing MSSQL user===
#Click '''MSSQL icon'''
#Click '''Pencil next''' to user to edit
#Update password
#Click on the '''Save''' Icon.

===To add new MSSQL user===
#Click '''MSSQL icon'''
#Click '''Add MSSQL''' User button
#Enter username
#Enter password
#Place checkmark next to each database this users needs access to
#Click on the '''Save''' Icon.

===To make an MS SQL user the DB Owner===
#Click '''MSSQL icon'''
#Click '''Pencil icon''' next to database name to edit
#Select the owner you wish to be the DB Owner
#Click on the '''Save''' Icon.

==MSSQL Tools (Shared Hosting)==
*Allows you to log directly into MyLittleAdmin to manage your MSSQL database or MyLittleBackup to backup or restore your MSSQL database.
#Click '''MSSQL Tools''' icon
#Select database to Manage/Backup/Restore
#Select User with access to database needed
#Choose myLittleAdmin button to manage your MSSQL database
#Choose myLittleBackup button to backup/restore your database

==DataSources(DSN's)==
===Create a MySQL or MS SQL Server DSN===
*Allows to create a DSN for an existing database for your domain.
#To create a MySQL or MSSQL DataSource
#Click '''DataSources''' (DSN's) icon
#Choose MySQL or MSSQL from drop down depending on the database this is connecting to
#Click '''Add DSN'''
#Choose DSN type Access/MySQL/MSSQL
#Enter DSN name
#Enter Database name DSN will be connecting to
#Enter Server (Can by found by viewing database DSN is for)
#Enter Username for database DSN is connecting to
#Enter Password for database DSN is connecting to
#Choose if it is a ColdFusion DSN
#Choose if you need Unicode Support
#Click on the '''Save''' Icon.
===Create an Access DSN===
*To create an Access DataSource
#Click '''DataSources''' (DSN's) icon
#Choose '''Access''' from drop down menu
#Enter DSN Name
#Click on Folder icon to choose correct directory Access Database is located in
#Enter Username (If one is set for your Access Database, if not this can be left blank)
#Enter Password (If one is protecting your Database, if not this can be left blank)
#Choose if it needs to be a ColdFusion DSN
#Click on the '''Save''' Icon.
===Editing DSNs===
*To edit existing DSN
#Click '''DataSources''' (DSN's) icon
#Click pencil next to DSN to edit
#Update information
#Click on the '''Save''' Icon.

==Railo Web Administrator==
The Railo Web Administrator gives you access to Railo-specific settings for your account such as Railo Datasources and other configuration options.
===Create a Railo Datasource (DSN)===
#From within your control panel, click on the "Railo Web Administrator" icon
#Inside the Railo Web Administrator click the "Datasources" link from the lefthand navigation menu.
#Select the database type, enter a name, and click ''Create''.
#Configure your datasource with all the correct server, username and password.
#*'''IMPORTANT''': If using MySQL also make sure the option for '''Alias Handling''' is enabled.
#Click the ''Create'' button, and your DSN will be available for use on your site.

==Security and SSL==
Installing a new certificate, or re-keying an existing certificate.

===Dedicated SSL===
'''VPS Hosting''' Request a static IP for sites added to your server which require SSL, we will provision the IP on the server and assign it in WCP for use with installing a Dedicated SSL.

'''Shared Hosting''' If ordering a new certificate from Hostek.com you will be assigned a static IP, if importing from another provider you will need to request a static IP be assigned before the certificate can be activated.

#Login to WCP, (select the domain, in some cases), Security and SSL, '''Dedicated SSL (click)'''
#Click '''Generate CSR (Certificate Signing Request)'''
#Fill in the requested information.
#Click Create
#Copy the '''Certificate Signing Request (CSR)''', which should be used when placing a new SSL order or re-keying an existing certificate.

===Shared SSL(shared hosting)===
#Login to WCP, (select the domain, in some cases), Security and SSL, '''Shared SSL (click)'''
#Click '''Enable'''
#The URL for your sites shared SSL will be provided.

==Usage==
To view your account's quotas and how much resources you have available:
#Log in to WCP
#Click the '''Usage''' icon

Here you can see the limits and amount used for the following resources: '''Site Disk Space, Site Bandwidth, Mail Disk Space, MySQL Disk Space,''' and '''MS SQL Disk Space''' (if applicable)

==VPS Manager (VPS Accounts)==

Overview of the '''VPS Manager''' section in the control panel.

===Service Groups===

The service groups section allows you to specify which services a domain should use when being created or when databases are added to the domain. If you only have a single VPS server, the default service group will usually be used for everything. However, if you have multiple servers, you can use this section to allow new domains to use services on both servers (I.E. Use one server for the website and another for the database). It is also possible to create service groups that offers fewer services in-case you want to create domains with no dns, no mail, or no website.

Options overview:
* '''Name''': A name you will use to reference this group of services when creating or modifying a domain
* '''Site Service''': The server on which the website for this domain will be created.
* '''Mail Service''': The server on which the mail account for this domain will be created.
* '''DNS Service''': The server on which the DNS zone for this domain will be created.
* '''MSSQL Service''': The server on which new MSSQL databases will be created.
* '''MySQL Service''': The server on which new MySQL databases will be created.

===Server Details===

This page gives a brief overview of resource resource usage on the server and the server's 'Computer Name' as configured in Windows.

===Firewall Management===

This page allows you to manage the Windows Firewall rules for some common ports.

===Service Manager===

This page allows you to start, restart, or stop some common services.

===Add Domain===

This page allows you to add new VPS domains.

===List Domains===

This page lists existing VPS domains and allows you to remove or modify them.

[[Category:Control-Panels]]
[[Category:Windows]]
[[Category:ColdFusion]]
[[Category:Railo]]
[[Category:ColdFusion-VPS]]
[[Category:Railo-VPS]]
[[Category:Windows-VPS]]

WCP (Windows based Control Panel)

2014-02-19T15:58:12Z

Davidd: /* Unlimited Plans - Add Additional Domains */

==How To Login To My WCP Control Panel==
#To manage your domain, login to the WCP Control Panel, using the details below
#URL: '''https://wcp.hostek.com'''/
#Username:
#Password: ** same as your cp.hostek.com password **
*You can also login to the control panel through your billing control panel https://cp.hostek.com/clientarea.php
#Click on ''''My Services'''' 'Click the '''small Green arrow''' on the the notepad to the right'
#Now click the '''Login to Control Panel''' Icon'''

[[Category:Windows]]
[[Category:ColdFusion]]
[[Category:Railo]]

==Custom URL for the WCP Control Panel==
The WCP can als be accessed by wcp.your_domain.com

Setup wcp.your_domain.com as an A record for "184.175.108.65" or as a CName record for "wcp.ezhostingserver.com".

===Resellers and VPS - WCP White label Settings===
Resellers and VPS customers can setup their logo in their Reseller control panel, however those additional features will only be avaialble when using the specific domain they configured in the reseller setttings. The reseller settings will be available using ANY url, and as mentioned within these settings the reseller "URL" can be setup and other whitelabel options making WCP the ultimate Windows Control Panel

[[Category: Windows VPS]]
[[Category:Resellers]]

==Adding Additional Control Panel Logins==
*This will allow you to set up additional control panel logins for you or for others involved in editing or managing your account. You can limit the Permissions or options available for them to manage.
#Login to the WCP Control Panel, using the details below
#URL: '''https://wcp.hostek.com'''/
#Username:
#Password: ** same as your cp.hostek.com password **
#Click on the '''Control panel Logins''' tab, then click on the '''Add''' icon.
#Put the "Username, Password and if you want them to have Limited Permission.
#If you want them to have Limited Permission then check the '''Limited Permission''' box. This will load a dropdown where you can select what privlages they have to manage.
#Once you are done click the '''Save''' icon at the bottom of the screen.
#Once it has been added you or they can login by going to https://wcp.hostek.com/Login.aspx and using the username and password that you set for it.
[[Category:Windows]]
[[Category:ColdFusion]]
[[Category:Railo]]

==Unlimited Plans - Add Additional Domains==
Use these steps to add additional domains under your Windows Unlimited account.

#Login to your WCP control panel
#*Windows Unlimited: For adding a third (or more) domain select any domain from the upper right hand corner dropdown box "Domains".
#Within the "Domains" box click the "Addon Domains" icon.
#Click "Add" and enter the following:
#*Domain Name
#*Username
#*Password
#Click "Save"
#To manage the domain, you can now select it from the domains list dropdown box.
[[Category:Windows]]

==Site Details==
We recommend you review the "Site Settings" which includes many important details about your domain including:

WCP (login and select domain) > Website Settings > '''Site Details'''

*Testing URL
*Primary and Secondary DNS
*Site IP
*Web Root Path
*FTP Root Path
===IIS Version & ColdFusion Version (if applicable)===
To get your domain's IIS Version and ColdFusion Version (if applicable) log in to WCP and under the Settings section, click on the Site Details option.

==FTP Accounts==
*Adding or editing FTP accounts.
#click on the '''FTP Accounts''' tab.
#To edit one click on the little '''Pencil Icon''' to the left, to add one click on the '''Add FTP User''' tab.
#If you are adding one you will set the Username:, Password: and folder then click the #Click on the '''Save''' Icon.
[[Category:Windows]]
[[Category:ColdFusion]]
[[Category:Railo]]

==File Manager==
*Basic File Operations, file uploading and editing now supported- Zip, GZip, and Tar Archive support.
#Click on the '''File Manager icon''', then the '''Login icon''' on the next screen.
#To create files or Directory's outside the WWW root folder right click and click on the '''Create File''' or '''Create Directory''' option.
#Click the '''Continue Icon''' to add this.
#To add/edit files in the WWWroot click on the '''wwwroot file'''.
#once you are in you can add, edit or delete by right clicking and clicking on the options given.
[[Category:ColdFusion]]
[[Category:Windows]]

==Password Protect Folders==
#Under the Files section click on '''Password Protect'''.
#Click on '''Manage Protected Folders'''.
#Browse to and click on the folder that you want to set this up on and check '''Enable Protection'''.
#Select a user from the list or click on '''Manage Users''', then click '''Add''', and enter username and password then Save.

==IIS Settings==
*Setting up error pages, default pages, advanced settings, etc.
===Custom Error pages===
#Click on '''IIS Settings''' in your WCP
#Click the edit button next to the error page you want to change
#Uncheck the '''Use System Default''' checkbox
#Enter the path to your custom error page
#Click '''Save'''
===Mime Types===
#Click on '''IIS Settings''' in your WCP
#Scroll to the bottom of the window and click '''Add Mime Type'''
#Enter the extension for the Mime Type
#Enter the Mime Type information
#Click '''Save'''
*An example Mime Type is below:
<pre>
Extension: .mp3
Mime Type: audio/mpeg
</pre>

More information here: https://wiki.hostek.com/Mime_types

===Default Docs===
*Select a default document and drag it to the top position to set it as top priority
*Click '''Add''' to add a default doc
*Click the red '''X''' to delete a default doc
*Click a default doc and change the name
*For example: change '''"index.htm"''' to '''"index.asp"'''

===Advanced===
====Recycle Application Pool====
If you see a Service Unavailable message on your site, or have a general need to recycle a site's IIS Application Pool, you can do so through this section of WCP.
#Click the '''IIS Settings''' icon in WCP
#Click the '''Advanced''' tab in the '''IIS Settings''' section
#Click the '''Recycle''' button.

==PHP Settings==
If you notice you need a different version of php or want to check what version you are using you can update it to that version if it is installed to the server or can enable custom php.ini settings to use specifically for your domain.
#Click the configuration for the domain or subdomain you want updated.
#Select the version you wish to use.
#Check the checkbox if you want to enable a custom php.ini file
#Click save to save the settings.

[[Category:ColdFusion]]
[[Category:Windows]]

==DNS Editor==
'''READ FIRST''' When a new domain is added to WCP all DNS records are also created (in most cases). Clicking on the DNS Editor will open a window with these records, for editing, adding and deleting. Most times nothing needs to be done other than pointing your domain to the Primary and Secondary DNS Servers listed under [https://wiki.hostek.com/WCP_(Windows_based_Control_Panel)#Site_Details WCP Site Details].

===Create a new DNS record===
#Click '''Add DNS''' Record button
#Enter Name for record (If DNS record name is your domain name please leave this Name - text box blank as the control panel will automatically add your domain name)
#Choose the Record type (A, CNAME, MX, NS, TXT, SPF, SRV)
#Enter Data Type
#Generally leave the TTL (Time To Live) as the default 86400
#Click on the '''Save''' Icon.

===Update DNS records===
#To update an existing DNS record click the '''Pencil''' icon next to the record you would like to update.
#You will then be able to change the Name of the record, the Type of record, Data of the record, and Time to Live.
#Once updated Click on the '''Save''' Icon.

===SVR Record Fields===

<pre>
Name: _service._protocol
Type: SRV
Data: priority weight port address
TTL: 86400
</pre>

Example:
<pre>
Name: _sip._udp
Type: SRV
Data: 10 5 4030 sip.mydomain.com
TTL: 86400
</pre>

===SPF Records===
An SPF Record (simply an entry into the DNS records) is used by mail servers to know if mail coming from an address at your domain is really allowed to be sent from the sending mail server.

If you will be using our servers send email related to your domain, you would generally use an SPF record like the following:<pre>"v=spf1 a mx include:spf.hostek.com -all"</pre>

For our Resellers that don't want to use hostek.com, use an SPF Record like:<pre>"v=spf1 a mx include:spf.ezhostingserver.com -all"</pre>
'''Steps to add an SPF Record to your domain:'''
Assuming that your DNS is managed with us:
#Log in to your hosting control panel at wcp.hostek.com
#Open the DNS Editor (DNS Manager) section
#Click on Add Record.
#Leave the Name field blank.
#For the Type, choose TXT
#For the Data enter the SPF Record detail as you need, using the sample provided above.

'''Basic information related to some SPF Record options:'''

The '''"-all"''' may be adjusted on a per customer basis to any of the following depending on their needs:

'''-all''' = mail not sent from an address listed in the SPF record should be completely rejected (Hard Fail). Mail that IS sent from an address in the SPF record may be given a lower spam score by some servers.

'''~all''' = mail not sent from an address listed in the SPF record should be given a higher spam score(Soft Fail). Mail that IS sent from an address in the SPF record may be given a lower spam score by some servers.

'''?all''' = mail not sent from an address listed in the SPF record should be treated normally as if the domain did not have an spf record (Neutral). Mail that IS sent from an address in the SPF record may be given a lower spam score by some servers.

[[Category:Windows]]
[[Category:ColdFusion]]
[[Category:Railo]]

==Sub Domains==
*A sub-domain is like an extension of your domain name. For example, if your domain name were myfamily.com, a sub-domain would be in the following form: dad.myfamily.com or mom.myfamily.com etc.
*You can have a sub-domain pointed to any folder within your web site. If a visitor goes directly to that sub-domain he will be taken to that folder, not to your site's main page.
#Click on the '''Sub Domains icon'''
#Click "'''Add'''" sub Domain button
#Enter sub domain name in Name text box. This will automatically populate the Folder text box to a folder with the same name as the subdomain.
#If you wish this Subdomain to point to a different folder you can click on the folder icon and choose the directory you would like your Sub Domain to point to.
#Click on the "'''Save'''" Icon.
#This will create the sub domain record within your domains DNS zone,
*If the domains name servers are not pointed to us you will need to manually create this record where your domains DNS is hosted.
[[Category:Control-Panels]]
[[Category:Windows]]
[[Category:ColdFusion]]
[[Category:Railo]]

==Domain Alias==
*This will allow you to point 2 domains to the same website. How to create a Domain
#To create a domain alias you will click on the ''Domain Aliases icon''
#Click '''Add Domain Alias''' button
#Enter your Alias Name
#Click on the "'''Save'''" Icon.
*You will need to be sure that your Domain Alias has been registered and has the name servers pointed to the name servers found beneath the Site Details icon.

==Applications==
# Some helpful video tutorials showing how to install a select few applications easily within the WCP Control Panel are below:

*Joomla - [http://hostek.com/tutorials/joomla_Installation_tutorial.html Installing Joomla Application]

*Wordpress - [http://hostek.com/tutorials/wordpress_Installation_tutorial.html Installing Wordpress Application]

*Mura - [http://hostek.com/tutorials/mura_Installation_tutorial.html Installing Mura Application]

*Magento - [http://hostek.com/tutorials/magento_Installation_tutorial.html Installing Magento Application]

*Oscommerce - [http://hostek.com/tutorials/oscommerce_Installation_tutorial.html Installing OsCommerce Application]

==Email==
*Below is information on how to manage your email account within the WCP.
*'''FOR VPS''' You will also have "Admin" access to SmarterMail. Access webmail (click the webmail link in WCP) and login with user "admin" and the primary VPS password.

==Email Users==
*Allows you to create Email users as well as log directly into users Webmail account
#Once you are logged into your WCP account, under the Email Section
#Click '''Users''' icon
#Click '''Add Email User''' button
#Enter email user name (Example: if you need the email address "admin@domain.com" enter the user "admin")
#Enter password for Email user (**See note below regarding password requirements)
#Enter Display name (Usually set to the name of the person using the specific email account)
#Choose if you would like this user to have administrator rights
#Choose mail box size limit for this specific user
#Click on the '''Save'''
#'''NOTE Password requirements'''
*Minimum Length 6 Characters
*Must include Uppercase
*Must include Lowercase
*Must include Number
*Must include Special character
*Password cannot match username

==Edit existing Email user==
#Once you are logged into your WCP account, under the Email Section
#Click '''Users''' icon
#Click '''pencil icon''' next to user to update
#Update information
#Click '''Save'''

==Web mail==
#Once you are logged into your WCP account, under the Email Section
#Click '''Login button''' next to user you would like access the mail for
*Web Mail Provides links to access the Webmail program as well as to access mail before domain propagation to our mail server
#Click '''Web Mail icon'''
#If domain is propagated and pointed to our mail server you can click the '''webmail''' link to access the SmarterMail webmail log in screen.
#If you domain has not yet propagated to our mail server click the "Pr-Propagation Web Mail" link to access the SmarterMail webmail log in screen.

==Mail Forwarding==
#Once you are logged into your WCP account, under the Email Section
*Allows you to set up an email alias.
#Click on the '''Forwarding button'''
#Enter Alias name
#Enter address for email to this Alias to be forwarded to
#Click on the '''Save Icon'''

==MySQL database==
*MySQL Allow you to create a MySQL database under your domain
#Click on '''MySQL icon'''
#To add new database click '''Add MySQL Database'''
#Enter Database Name
#Enter Username
#Enter Password
#(If you need a coldfusion DSN place check in check box and provide Coldfusion DSN name)
#Click '''Save'''

*To create new user for existing database
#Click '''MySQL icon'''
#Click '''Add new user button'''
#Enter Username
#Enter Password
#Place check mark in check box for each database you would like this user to have access to.
#To update the password on existing database user.
#Click '''MySQL icon'''
#Click '''pencil icon next to Username'''
#enter new password
#Click on the '''Save Icon'''.

*To update the password on existing database user.
#Click '''MySQL icon'''
#Click pencil '''icon next to Username'''
#Enter new password
#Click on the '''Save''' Icon.

==PhpMyAdmin==
*Allows you to log directly into your MySQL database to manage.
#Click on '''PhpMyAdmin link'''
#If you are not logged directly into your MySQL database simply enter the server your database is located on (Can be found by clicking the MySQL icon) and enter your Username and Password.
#Once logged in your Databases will be displayed on the Left, click on '''database name''' to manage that database.
*Here is a Video that will show how to create a MySQL database and how to Backup / Restore the database through PhpMyAdmin: [http://hostek.com/tutorials/managing_mysql.html PhpMyAdmin Backup and Restore Video]

==MSSQL==
===To create MSSQL databases and users===
#Click '''MSSQL icon'''
#To add a new database click '''Add MSSQL''' database
#Enter Database Name
#Choose database size
#Enter or Choose existing Username
#Enter Password
#Choose '''Default Collation''' (Usually left as default)
#Choose '''Recovery Model''' (Usually left as Simple as we make daily full backups of all #databases which we keep for 7 days)
#Place a Check mark in the box for Coldfusion DataSource if ColdFusion DSN is needed.
#Enter ColdFusion DSN name.
#Click on the '''Save''' Icon.

===To edit an existing MSSQL database===
#Click '''MSSQL icon'''
#Click '''Pencil icon''' next to database name to edit
#Edit field necessary
#Click on the '''Save''' Icon.

===Changing the MSSQL Transaction Log (Recovery Model) Settings===
#Click '''MSSQL icon'''
#Click '''Pencil icon''' next to database name to edit
#Click the dropdown menu next to '''Recovery Model''' and select either '''Full''' or '''Simple'''
#Click on the '''Save''' Icon.

===To edit password for existing MSSQL user===
#Click '''MSSQL icon'''
#Click '''Pencil next''' to user to edit
#Update password
#Click on the '''Save''' Icon.

===To add new MSSQL user===
#Click '''MSSQL icon'''
#Click '''Add MSSQL''' User button
#Enter username
#Enter password
#Place checkmark next to each database this users needs access to
#Click on the '''Save''' Icon.

===To make an MS SQL user the DB Owner===
#Click '''MSSQL icon'''
#Click '''Pencil icon''' next to database name to edit
#Select the owner you wish to be the DB Owner
#Click on the '''Save''' Icon.

==MSSQL Tools (Shared Hosting)==
*Allows you to log directly into MyLittleAdmin to manage your MSSQL database or MyLittleBackup to backup or restore your MSSQL database.
#Click '''MSSQL Tools''' icon
#Select database to Manage/Backup/Restore
#Select User with access to database needed
#Choose myLittleAdmin button to manage your MSSQL database
#Choose myLittleBackup button to backup/restore your database

==DataSources(DSN's)==
===Create a MySQL or MS SQL Server DSN===
*Allows to create a DSN for an existing database for your domain.
#To create a MySQL or MSSQL DataSource
#Click '''DataSources''' (DSN's) icon
#Choose MySQL or MSSQL from drop down depending on the database this is connecting to
#Click '''Add DSN'''
#Choose DSN type Access/MySQL/MSSQL
#Enter DSN name
#Enter Database name DSN will be connecting to
#Enter Server (Can by found by viewing database DSN is for)
#Enter Username for database DSN is connecting to
#Enter Password for database DSN is connecting to
#Choose if it is a ColdFusion DSN
#Choose if you need Unicode Support
#Click on the '''Save''' Icon.
===Create an Access DSN===
*To create an Access DataSource
#Click '''DataSources''' (DSN's) icon
#Choose '''Access''' from drop down menu
#Enter DSN Name
#Click on Folder icon to choose correct directory Access Database is located in
#Enter Username (If one is set for your Access Database, if not this can be left blank)
#Enter Password (If one is protecting your Database, if not this can be left blank)
#Choose if it needs to be a ColdFusion DSN
#Click on the '''Save''' Icon.
===Editing DSNs===
*To edit existing DSN
#Click '''DataSources''' (DSN's) icon
#Click pencil next to DSN to edit
#Update information
#Click on the '''Save''' Icon.

==Railo Web Administrator==
The Railo Web Administrator gives you access to Railo-specific settings for your account such as Railo Datasources and other configuration options.
===Create a Railo Datasource (DSN)===
#From within your control panel, click on the "Railo Web Administrator" icon
#Inside the Railo Web Administrator click the "Datasources" link from the lefthand navigation menu.
#Select the database type, enter a name, and click ''Create''.
#Configure your datasource with all the correct server, username and password.
#*'''IMPORTANT''': If using MySQL also make sure the option for '''Alias Handling''' is enabled.
#Click the ''Create'' button, and your DSN will be available for use on your site.

==Security and SSL==
Installing a new certificate, or re-keying an existing certificate.

===Dedicated SSL===
'''VPS Hosting''' Request a static IP for sites added to your server which require SSL, we will provision the IP on the server and assign it in WCP for use with installing a Dedicated SSL.

'''Shared Hosting''' If ordering a new certificate from Hostek.com you will be assigned a static IP, if importing from another provider you will need to request a static IP be assigned before the certificate can be activated.

#Login to WCP, (select the domain, in some cases), Security and SSL, '''Dedicated SSL (click)'''
#Click '''Generate CSR (Certificate Signing Request)'''
#Fill in the requested information.
#Click Create
#Copy the '''Certificate Signing Request (CSR)''', which should be used when placing a new SSL order or re-keying an existing certificate.

===Shared SSL(shared hosting)===
#Login to WCP, (select the domain, in some cases), Security and SSL, '''Shared SSL (click)'''
#Click '''Enable'''
#The URL for your sites shared SSL will be provided.

==Usage==
To view your account's quotas and how much resources you have available:
#Log in to WCP
#Click the '''Usage''' icon

Here you can see the limits and amount used for the following resources: '''Site Disk Space, Site Bandwidth, Mail Disk Space, MySQL Disk Space,''' and '''MS SQL Disk Space''' (if applicable)

[[Category:Control-Panels]]
[[Category:Windows]]
[[Category:ColdFusion]]
[[Category:Railo]]
[[Category:ColdFusion-VPS]]
[[Category:Railo-VPS]]
[[Category:Windows-VPS]]

CLR Support - MS SQL

2013-11-01T16:36:49Z

Davidd:

This page discusses support for the CLR in MSSQL.

==What is the CLR==

CLR stands for "Common Language Runtime". This is the runtime that executes .Net code. The CLR integration within MSSQL allows functions written in .Net code to be integrated with your SQL queries and stored procedures.

Using the built-in SQL language to form queries will generally give you better performance than using the CLR as MSSQL is highly optimized for use with SQL. However, there are some table structures, such as hierarchies and XML, that can be complicated to work with using traditional SQL as compared with .Net.

==Is the CLR supported?==

The CLR is supported for Dedicated/VPS servers only. We do not currently support the CLR on our shared hosting servers.

==If I am using shared hosting, what options do I have?==

Since we do not support the CLR in MS SQL on our shared servers, you will need to pull the data into a local dataset in your application code to run any .net code on it. This can be less efficient for code that works on a large rowset since it has to bring those rows over the network from the SQL server to the web server, but it will give you similar capabilities for working with the data using the .Net runtime.

----
[[User:Davidd|Davidd]] ([[User talk:Davidd|talk]]) 11:35, 1 November 2013 (CDT)

[[Category:Databases-MSSQL]]

CLR Support - MS SQL

2013-11-01T16:36:17Z

Davidd:

CLR Support - MS SQL

2013-11-01T16:36:05Z

Davidd:

CLR Support - MS SQL

2013-11-01T16:35:26Z

Davidd: Created page with "This page discusses support for the CLR in MSSQL. ==What is the CLR== CLR stands for "Common Language Runtime". This is the runtime that executes .Net code. The CLR integr..."

Ubuntu

2013-10-04T18:45:40Z

Davidd: Created page with "This article contains information related to common questions or issues related to Ubuntu VPS servers. ==How to prevent '''sudo''' from prompting for a password== These are ..."

This article contains information related to common questions or issues related to Ubuntu VPS servers.

==How to prevent '''sudo''' from prompting for a password==

These are instructions to prevent '''sudo''' for prompting for a password each time it is used.

===Step 1 - Update '''sudo''' configuration===
To prevent '''sudo''' from prompting for a password, you must modify the '''sudo''' configuration. You can use the following command to edit the configuration:
sudo visudo

Modify the following line in the configuration:

BEFORE:
%sudo ALL=(ALL:ALL) ALL

AFTER:
%sudo ALL=NOPASSWD: ALL

Save the configuration by entering: CTRL-X, Y

===Step 2 - Verify you are a member of the '''sudo''' group===
In order for this change to work for your user, you must also be a member of the '''sudo''' group. Test running a command with sudo. If you are still prompted for a password, then run the following command:
useradd -G sudo YourUsername
(replace 'YourUsername' with your actual username)

===Additional Information===
'''Sudo''' also has the ability to prompt for password on specific commands. See the below documentation for details on advanced '''sudo''' configuration.

Ubuntu documentation for '''sudo''':

[https://help.ubuntu.com/community/Sudoers https://help.ubuntu.com/community/Sudoers]

----
[[User:Davidd|Davidd]] ([[User talk:Davidd|talk]]) 13:45, 4 October 2013 (CDT)

[[Category:Linux VPS]]

Web Deploy

2013-09-16T16:02:50Z

Davidd: /* Using Web Deploy with Web Matrix */

This article contains details for using Microsoft's Web Deploy on our servers.

==What is Web Deploy==

Microsoft's Web Matrix tool, as well as several other web publishing tools from Microsoft, use what is called "Web Deploy" for publishing sites. Web Deploy not only publishes your files, but also attempts to publish any IIS and database settings necessary for the application to work.

==Requirements==

Web Deploy is only available on our Windows 2008 and above servers with IIS 7 or above. You can check your server version by logging into the control panel at https://wcp.hostek.com/ and choosing Site Details.

==Creating a Web Deploy Enable User==

Servers with Web Deploy enabled will have an additional option when adding/editing ftp users within the control panel. Under the '''Advanced''' tab, the checkbox '''IIS Management''' will be visible. Checking that option will enable the current FTP user to authenticate with the Web Deploy service.

==Using Web Deploy with Web Matrix==

In order to use Web Deploy, you must enable it for one of your FTP users. You will then use that FTP user's credentials to authenticate when publishing with Web Deploy. You can do this by adding or editing an FTP user and checking the '''IIS Management''' check box under the '''Advanced''' tab.

When publishing with Web Matrix using Web Deploy, you should use the following settings:

Protocol: Web Deploy

Server: secure##.ezhostingserver.com
(The above is available in the 'Site Details' section in the control panel. Simply remove the 'http://domainname-com.' part from the server name.)

User name: ** your FTP username **
Password: ** your FTP password **

Site name: domainname.com
(Replace domainname.com with your actual domain - do not include the 'www' on the domain name. If you are publishing to a sub-folder, add the sub-folder name to the end of the 'Site name'. Do not end with a trailing forward slash.)

Destination URL: http://www.domainname.com
(This will be the URL of the location to which you are publishing. If your domain name is not pointing to the site yet, use the full pre-propegation URL listed
in the 'Site Details' section. If you are publishing to a sub-folder, add the sub-folder name to the end of the URL. Do not end the URL in a forward slash.)

After entering the details, press the '''Validate Connection''' button to test the connection. If successful, you are ready to publish.

----
[[User:Davidd|Davidd]] ([[User talk:Davidd|talk]]) 10:41, 26 August 2013 (CDT)

[[Category:Windows]]

ISAPI Rewrite

2013-09-03T13:45:59Z

Davidd: /* SSL */

__FORCETOC__

= ISAPI_Rewrites and Redirects Version 3 =

ISAPI_Rewrite Version 3 is a powerful URL manipulation engine based on regular expressions. Hostek.com has lots of experience with Isapi_Rewrite Hosting. Here are a couple of examples of using Isapi_Rewrite Version 3:

NOTE: Place the rewrite rules in a file named .htaccess and place it at the web root (ie, /wwwroot folder) If you do not have a .htaccess file created already then use a text editor like Notpad and save the file as a .htaccess or use the File Manager in the hosting control panel to create the .htaccess file on the server.

== Simple Redirects and Rewrites ==

==== Redirecting to a different domain ====
If you need to redirect your website to another website

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine On

RewriteCond %{HTTP_HOST} ^(www\.)?domain\.com$ [NC]
RewriteRule ^(.*)$ http://www.newdomain.com/$1 [QSA,R=301]
</pre>

==== Rewrite a Folder to another Folder ====

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on
RewriteBase /

RewriteRule ^oldfolder$ /correctfolder [NC,R=301,L]
</pre>

==== Redirect File Names ====
To have your index.htm page auto redirect to index.asp user this example

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on

RewriteRule index.htm index.asp [I,O,R=301,L]
</pre>

==== Subfolder Rewrite ====
To redirect your domain to a subfolder of that domain example: www.domain.com to www.domain.com/folder

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine On

# Exclude requests already going to /subfolder to avoid an infinite loop
RewriteRule ^subfolder.*$ - [NC,L]

# Rewrite normal requests to /subfolder
RewriteRule ^(.*)$ /subfolder/$1 [L]
</pre>

==== non-www. to www. Redirects ====

Redirecting non-www version to www., example domain.com to www.domain.com

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on

RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</pre>

==== URL Rewrite ====

Suppose you have URL like www.example.com/foo.asp?a=A&b=B&c=C and you want to access it as www.example.com/foo.asp/a/A/b/B/c/

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on
RewriteRule ^(.*?\.asp)/([^/]*)/([^/]*)(/.+)? $1$4?$2=$3 [NC,LP,QSA
</pre>

==== WordPress Permalinks ====

WordPress Permalinks using mod_rewrite are for Linux, but ISAPI_Rewrite does offer the equivalent. If you want to have index.php not show in the url try using these in your .htaccess file.

If your WordPress site is in the wwwroot folder.

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
# BEGIN WordPress

#Options +Followsymlinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [NC,L]

# END WordPress
</pre>

If your WordPress site is in a subfolder.

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
# BEGIN WordPress

#Options +Followsymlinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /subfolder/index.php [NC,L]

# END WordPress
</pre>

== HTTP to HTTPS SSL Rewrites ==

==== SSL ====
Suppose you have URL like http://shop.example.com and you want your visitors to be redirected to https://shop.example.com

Here is example how to force SSL for certain folder. Simply put following rules into the .htaccess file in this folder:

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on

#Fix missing trailing slash char on folders
RewriteRule ^([^.?]+[^.?/])$ $1/ [R,L]

#Redirect non-HTTPS to HTTPS
RewriteEngine on

RewriteCond %{SERVER_PORT} !443
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)$
RewriteRule ^(.*)$ https://%2/$1 [R,L]
</pre>

====Non-www, non-HTTPS to www, HTTPS redirects====
RewriteEngine on
RewriteCond %{SERVER_PORT} !443
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R,L]

==== Shared SSL ====

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on

# handle non-www HTTPS redirects. Consecutive conditions are implicitly ANDed together.
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{HTTP_HOST} ^(?!www\.).*mywebsite\.com$
RedirectRule ^/(.*)$ https://secure#.ezhostingserver.com/mywebsite-com/$1 [R=301]

# All requests arriving to this point either use www for the hostname, or use
# HTTP for the protocol.

# handle non-www non-HTTPS redirects
RewriteCond %{HTTP_HOST} ^(?!www\.).*mywebsite\.com$
RedirectRule ^/(.*)$ http://www.mywebsite.com/$1 [R=301]
</pre>

== Site Crawlers ==

Example on how to prevent certain spiders from crawling your site.

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on

RewriteCond %{HTTP_USER_AGENT} ^Baiduspider.*$
RewriteRule .* /block.htm

RewriteCond %{HTTP_USER_AGENT} ^Yandex.*$
RewriteRule .* /block.htm
</pre>

== Wild-Card Subdomains & Variables Rewrites ==

Here is an example to show how to get the variables from positions 1 and 2 without it mattering how many items are in the URL. In other words, a good example for a rewrite rule for optional parameters.

==== Variable URLs ====
Let's say you want to have a URL display like: http://your_domain.com/some-folder/34-77-some-key-word.html
But you want that to really process a query like:http://your_domain.com/folder/search.asp?country=34&city=77

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
RewriteEngine on
RewriteRule ^some-folder/([^-]+)-([^-]+)-.*$ /folder/search.asp?country=$1&city=$2
</pre>

==== Wild-Card Subdomains ====

Rewrite all wild-card sub-domain requests to a folder without affecting "your_domain.com" or "www.your_domain.com"

<pre style="white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word">
# Ignore requests that are already rewritten
RewriteRule ^subdomainfolder/.*$ - [NC,L]

# Rewrite all requests to non-www sub-domains to /subdomainfolder
RewriteCond %{HTTP_HOST} !^(www\.)?your_domain\.com$ [NC]
RewriteRule ^(.*)$ /subdomainfolder/$1 [L]
</pre>

For more Examples and other uses please visit [http://www.helicontech.com/isapi_rewrite/doc/examples.htm#SEF Helicon Tech]

[[Category:Windows]]
[[Category:Tutorials]]
[[Category:ISAPI_Rewrite]]

Web Deploy

2013-08-26T15:41:32Z

Davidd:

This article contains details for using Microsoft's Web Deploy on our servers.

==What is Web Deploy==

Microsoft's Web Matrix tool, as well as several other web publishing tools from Microsoft, use what is called "Web Deploy" for publishing sites. Web Deploy not only publishes your files, but also attempts to publish any IIS and database settings necessary for the application to work.

==Requirements==

Web Deploy is only available on our Windows 2008 and above servers with IIS 7 or above. You can check your server version by logging into the control panel at https://wcp.hostek.com/ and choosing Site Details.

==Creating a Web Deploy Enable User==

Servers with Web Deploy enabled will have an additional option when adding/editing ftp users within the control panel. Under the '''Advanced''' tab, the checkbox '''IIS Management''' will be visible. Checking that option will enable the current FTP user to authenticate with the Web Deploy service.

==Using Web Deploy with Web Matrix==

In order to use Web Deploy, you must enable it for one of your FTP users. You will then use that FTP user's credentials to authenticate when publishing with Web Deploy. You can do this by adding or editing an FTP user and checking the '''IIS Management''' check box under the '''Advanced''' tab.

When publishing with Web Matrix using Web Deploy, you should use the following settings:

Protocol: Web Deploy

Server: secure##.ezhostingserver.com
(The above is available in the 'Site Details' section in the control panel. Simply remove the 'http://domainname-com.' part from the server name.)

User name: ** your FTP username **
Password: ** your FTP password **

Site name: domainname.com
(replace domainname.com with your actual domain - do not include the 'www' on the domain name)

Destination URL: http://www.domainname.com
(This will be the URL of the location to which you are publishing. If your domain name is not pointing to the site yet, use the full pre-propegation URL listed
in the 'Site Details' section. If you are publishing to a sub-folder, add the sub-folder name to the end of the URL. Do not end the URL in a forward slash.)

After entering the details, press the '''Validate Connection''' button to test the connection. If successful, you are ready to publish.

----
[[User:Davidd|Davidd]] ([[User talk:Davidd|talk]]) 10:41, 26 August 2013 (CDT)

[[Category:Windows]]

Web Deploy

2013-08-26T15:40:38Z

Davidd: Created page with "This article contains details for using Microsoft's Web Deploy on our servers. ==What is Web Deploy== Microsoft's Web Matrix tool, as well as several other web publishing to..."

This article contains details for using Microsoft's Web Deploy on our servers.

==What is Web Deploy==

Microsoft's Web Matrix tool, as well as several other web publishing tools from Microsoft, use what is called "Web Deploy" for publishing sites. Web Deploy not only publishes your files, but also attempts to publish any IIS and database settings necessary for the application to work.

==Requirements==

Web Deploy is only available on our Windows 2008 and above servers with IIS 7 or above. You can check your server version by logging into the control panel at https://wcp.hostek.com/ and choosing Site Details.

==Creating a Web Deploy Enable User==

Servers with Web Deploy enabled will have an additional option when adding/editing ftp users within the control panel. Under the '''Advanced''' tab, the checkbox '''IIS Management''' will be visible. Checking that option will enable the current FTP user to authenticate with the Web Deploy service.

==Using Web Deploy with Web Matrix==

In order to use Web Deploy, you must enable it for one of your FTP users. You will then use that FTP user's credentials to authenticate when publishing with Web Deploy. You can do this by adding or editing an FTP user and checking the '''IIS Management''' check box under the '''Advanced''' tab.

When publishing with Web Matrix using Web Deploy, you should use the following settings:

Protocol: Web Deploy

Server: secure##.ezhostingserver.com
(The above is available in the 'Site Details' section in the control panel. Simply remove the 'http://domainname-com.' part from the server name.)

User name: ** your FTP username **
Password: ** your FTP password **

Site name: domainname.com
(replace domainname.com with your actual domain - do not include the 'www' on the domain name)

Destination URL: http://www.domainname.com
(This will be the URL of the location to which you are publishing. If your domain name is not pointing to the site yet, use the full pre-propegation URL listed
in the 'Site Details' section. If you are publishing to a sub-folder, add the sub-folder name to the end of the URL. Do not end the URL in a forward slash.)

After entering the details, press the '''Validate Connection''' button to test the connection. If successful, you are ready to publish.

[[Category:Windows]

PowerShell Scripts

2013-08-19T20:20:34Z

Davidd:

This is a repository of PowerShell Scripts for server management tasks.

==Disk Usage Warning==

This script allows you to send an e-mail if disk free-space is below a particular percentage.

<syntaxhighlight lang="powershell">
#SETTINGS
$Computers = 'server1' # multiple servers should be formmated: 'server1', 'server2', 'server3'. The user executing this script must have administrative access to all servers.
$WarnPercentage = 15
$SmtpHost = 'mail.domainname.com'
$SmtpPort = 25
$FromAddress = 'disk-monitor@domainname.com'
$Recipients = 'admin@domainname.com' # multiple recipients should be separated with commas: 'user1@domainname.com,user2@domainname.com,user3@domainname.com'
#SETTINGS

#GET DISK OVERAGES
$Overages = Get-WmiObject Win32_LogicalDisk -Filter "DriveType=3" -ComputerName $Computers| `
Where { (100 * ($_.FreeSpace / $_.Size)) -le $WarnPercentage }| `
Select SystemName, DeviceID, @{ Name="FreeSpace(GB)"; Expression={"{0:N}" -f ($_.FreeSpace / 1GB) }}

$OverageCount = @($Overages).Length
#GET DISK OVERAGES

if ($OverageCount -gt 0) {
#SEND EMAIL
$Subject = "$OverageCount drives are below $WarnPercentage% free space"
$Body = "Warning, the following drives are below $WarnPercentage% free space:`r`n`r`n$($Overages|Out-String -Width 80)"
$SmtpClient = New-Object System.Net.Mail.SmtpClient($SmtpHost, $SmtpPort)
$SmtpClient.Send($FromAddress, $Recipients, $Subject, $Body)
$SmtpClient.Dispose()
#SEND EMAIL
}
</syntaxhighlight>

Example Usage:

powershell -File CheckDiskUsage.ps1

==GZip All Files in Directory==

This script will gzip compress all files within a folder. The original file will be replaced with a .gz file starting with the same name. This can be useful for compressing SQL backups or Log files on a schedule.

Optional parameter '''Days''' specifies how many days old a file must be in order to be gzipped. This is useful for log folders where you may want the last couple days to remain unzipped

Option switch '''-Recurse''' allows the script to include all sub-directories.

<syntaxhighlight lang="powershell">
param(
[string]$Directory = $(throw 'Parameter ''Directory'' is required.'),
[int]$Days = 0,
[switch]$Recurse = $false
)

$Date = [System.DateTime]::Now.AddDays($Days * -1)

if ($(Test-Path $Directory) -eq $false) {
throw "Directory does not exist: $Directory"
}

foreach ($file in $(Get-ChildItem -Path $Directory -File -Recurse:$Recurse|Where-Object {$_.Name -match '^(?!.*\.gz$)' -and $_.LastWriteTime -lt $Date})) {
$fsFile = New-Object System.IO.FileStream ($file.FullName, [IO.FileMode]::Open, [IO.FileAccess]::Read, [IO.FileShare]::Read);
$fsGZip = New-Object System.IO.FileStream ("$($file.FullName).gz", [IO.FileMode]::CreateNew, [IO.FileAccess]::Write, [IO.FileShare]::None)
$gzSream = New-Object System.IO.Compression.GzipStream ($fsGZip, [IO.Compression.CompressionMode]::Compress)

$gzipped = $false

try {

$BUFFER_SIZE = 1024 * 256
$buffer = New-Object byte[]($BUFFER_SIZE);
$bytesRead = -1

while ($bytesRead -ne 0) {
$bytesRead = $fsFile.Read($buffer, 0, $BUFFER_SIZE)
$gzSream.Write($buffer, 0, $bytesRead)
}

$gzipped = $true
}
finally {
$gzSream.Dispose();
$fsGZip.Dispose();
$fsFile.Dispose();
}

if ($gzipped) {
Remove-Item $file.FullName
}
}
</syntaxhighlight>

Example Usage:

powershell -File GZipDirContents.ps1 C:\FULL\PATH\TO\DIRECTORY 1 -Recurse

==Scheduled Service Restart Script==

This script can be used to restart a service via a scheduled task. The script will kill the process if the service does not stop within 60 seconds, and it will send an e-mail notification if the service does not start back up within 120 seconds and continue attempting starts every 120 seconds and sending additional notifications.

<syntaxhighlight lang="powershell">
$ServiceName = 'Name of Service' # NAME OF SERVICE TO RESTART
$ProcessName = 'ServiceProcessName.exe' # NAME OF PROCESS TO KILL IF SERVICE FAILS TO STOP

$ServerName = 'svr1.servername.com' # NAME OF SERVER FOR WARNING EMAIL IF SERVICE FAILS TO START
$EmailFrom = "autoservicerestart@$ServerName" # FROM ADDRESS FOR WARNING EMAIL IF SERVICE FAILS TO START
$EmailTo = 'address@your-mail-domain.com' # TO ADDRESS FOR WARNING EMAIL IF SERVICE FAILS TO START

# GET SERVICE
$Service = Get-Service $ServiceName

#VERIFY SERVICE IS RUNNING
if ($Service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) {

#INITIATE SERVICE STOP
$Service|Stop-Service

#WAIT UP TO 60 SECONDS FOR STOP
$Service.WaitForStatus([System.ServiceProcess.ServiceControllerStatus]::Stopped, [System.TimeSpan]::Parse('00:01:00'))

#REFRESH SERVICE STATUS
$Service.Refresh()

#CHECK IF SERVICE DID NOT SUCCESSFULLY STOP
if ($Service.Status -ne [System.ServiceProcess.ServiceControllerStatus]::Stopped) {

#KILL SERVICE PROCSES
Stop-Process -Name $ProcessName -Force

#WAIT UP TO 5 SECONDS FOR SERVICE STATUS TO UPDATE
$Service.WaitForStatus([System.ServiceProcess.ServiceControllerStatus]::Stopped, [System.TimeSpan]::Parse('00:00:05'))

#REFRESH SERVICE STATUS
$Service.Refresh()
}

#ATTEMPT TO START SERVICE
$Service.Start()

#WAIT UP TO 120 SECONDS FOR START
$Service.WaitForStatus([System.ServiceProcess.ServiceControllerStatus]::Running, [System.TimeSpan]::Parse('00:02:00'))

#REFRESH SERVICE STATUS
$Service.Refresh()

$smtp = $null
#CHECK IF SERVICE HAS STARTED AND RUN THE FOLLOWING UNTIL IT HAS
while ($Service.Status -ne [System.ServiceProcess.ServiceControllerStatus]::Running) {
if ($smtp -eq $null) {
$smtp = new-object Net.Mail.SmtpClient('localhost')
}

$smtp.Send($EmailFrom, $EmailTo, "Automated Service Restart Warning: $ServiceName", "Service '$ServiceName' has been configured to automatically restart on a schedule. It failed to start back up at $([System.DateTime]::Now) during the scheduled restart. Please check the service and verify that it starts back up.")

#ATTEMPT TO START SERVICE
$Service.Start()

#WAIT UP TO 120 SECONDS FOR START
$Service.WaitForStatus([System.ServiceProcess.ServiceControllerStatus]::Running, [System.TimeSpan]::Parse('00:02:00'))

#REFRESH SERVICE STATUS
$Service.Refresh()
}
}
</syntaxhighlight>

Example Usage:
powershell -File Restart-Service.ps1

==Task Scheduling Commands==

===Schedule to run at 2:00 AM daily===
schtasks /create /tn "Task Name" /tr "PowerShell -File C:\Scripts\Script.ps1" /sc daily /st 02:00:00 /RU System

===Schedule to run at 2:00 AM Sunday mornings===
schtasks /create /tn "Task Name" /tr "PowerShell -File C:\Scripts\Script.ps1" /sc weekly /d SUN /st 02:00:00 /RU System
----
[[User:Davidd|Davidd]] ([[User talk:Davidd|talk]]) 15:17, 10 June 2013 (CDT)

[[Category:VPS]]
__FORCETOC__