Hostek.com Wiki - User contributions [en]

Hostek infrastructure

2019-06-17T22:51:53Z

Joshm: Replaced content with "This page have been moved to: https://community.hostek.com/t/hostek-infrastructure/336 Category:Infrastructure"

This page have been moved to: https://community.hostek.com/t/hostek-infrastructure/336

[[Category:Infrastructure]]

Hostek infrastructure

2018-05-07T23:28:18Z

Joshm:

A significant amount of effort and expense goes into designing and maintaining the network infrastructure to ensure maximum performance and availability of services hosted by hostek.com. Below are some of the highlights of the hostek.com infrastructure.

==Bandwidth providers==

Hostek.com utilizes multiple Internet bandwidth providers. By utilizing multiple vendors for Internet bandwidth, service to the hostek.com network avoids interruption from vendor maintenance and outages. See image below.

[[File:Bw_providers.png|link=|Internet bandwidth providers]]

==Server and storage hardware==

Hostek.com is proud to utilize Dell servers and Dell Compellent storage arrays.

==Server virtualization with high availability==

Our web servers are virtualized utilizing VMWare vSphere. With VMWare High Availability, should a physical server fail, any virtual machine will be automatically migrated to another physical server and powered on, and resume normal operations. This operation can be completed with the affected virtual machines back in service often in 3-5 minutes! This is an amazingly short time frame to recover from a failed physical server.

Another added benefit to virtualization is that resources such as CPU, RAM, and disk space, can be quickly allocated based on utilization patterns. This ensures optimal performance for your site or mail server with minimal down time.

==Redundant power==

Electricity is provided from two separate power feeds. In addition, our equipment is protected with UPS systems and diesel generators. Servers and storage devices have redundant power supplies, each on separate feeds to help prevent loss of data due to power failures.

==Storage==

Virtual machines, along with their data (i.e. your web site files, email, etc.) reside on enterprise SAN arrays. These arrays have the following features:

*Disks configured in high performance RAID configurations for redundancy
*Redundant storage controllers
*Redundant network adapters
*Redundant storage networking switches
*Redundant power supplies connected to redundant power feeds
*All servers are connected to the storage network via multiple paths for performance and redundancy

All SAN volumes are cross replicated to disparate SAN each day. In the event of failure on one SAN array, replicated data can be access on the second SAN array and vice versa.



[[File:Storage_Diagram.png|link=|figure 2]]



==IT security==

*'''Note''' This section is not a comprehensive guide to our IT security. This just serves to highlight some of the general points.

===Firewall & IPS===
Perimeter firewall and Intrusion Prevention System (IPS) with the following features:
*Highly available for redundancy
*Stateful packet inspection
*Deep packet inspection for known malicious attack patterns
*DDoS (Distributed Denial of Service) protection mechanisms

===SPAM filtering===
All inbound email is filtered using multiple real-time RBL and content inspection technologies.

Additionally, outbound mail from our Windows web servers are checked with anti-SPAM content filters to prevent delivery of mail from your site from being disrupted by compromised mail submission forms from other tenants on the server your site resides on.

===Anti-virus===
Our servers run commercial anti-virus products from reputable software vendors.

==Backups==

For our Shared and Reseller customers, we perform daily backups of all web, email, and database servers. For VPS customers, we backup the full virtual machine if a Nightly Backup option is selected. We strongly recommend for VPS customers to choose a backup option.

Backups for VPSs are stored off-site in most cases in a location that is in a different geographical area than the primary site. This means that should a major disaster occur in the area where the servers running your VPS reside, your data is safe in another location.

==Physical security==

===Restricted access to premises===
The buildings housing our datacenter have a comprehensive security system which include but not limited to the following:
*24x7 on-site security
*Access codes
*Biometric hand scanners
*Electronic proximity readers
*Security surveillance system

===Fire suppression system===
Our equipment is protected by a pre-action, dry pipe fire suppression system.

==PCI Compliance==

[https://wiki.hostek.com/index.php?title=PCI_Compliance Click here] for details on hostek.com's PCI Compliance.

[[Category:Infrastructure]]

File:Storage Diagram.png

2018-05-07T23:26:56Z

Joshm:

File:Bw providers.png

2018-05-07T23:25:38Z

Joshm:

PCI Compliance

2018-01-05T16:54:52Z

Joshm:

__FORCETOC__

== Obtaining PCI Compliance ==

You need PCI Compliance if your website/business: '''accepts, transmits or stores any cardholder data.'''

'''If that is you:'''

Find a Quality Security Accessor such as [https://www.securitymetrics.com SecurityMetrics] or [https://trustwave.com/ TrustWave], there are many such vendors. They will help you determine the type of compliance required for your business and provide the services to achieve and maintain compliance.

'''How do I know what level / validation type?'''

The Quality Security Accessor will help you determine this and based on PCI DSS Standards.

*The level of "compliance" required (1-4) is based on transaction or monetary volume.
*The "Validation Type" determines the assessment requirements and is based on how much card data you store.

A copy of the PCI DSS is available [https://www.pcisecuritystandards.org/security_standards/index.php here].
More general unofficial details can be found at [http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard here].

=== How Hostek complements efforts for PCI compliance ===

#Insuring PCI standards can be met and kept for our own systems.
#Providing firewall protection for all servers and the option for PCI compliant firewall rules to be applied to customers environment.
#Providing VPN for customers to securely connect and manage environment remotely.
#Providing VLAN (virtual private network) for customers environment with multiple servers so their database server is completely isolated from public access.
#Including or offering Anti-Virus scanning on VPS and/or Shared Hosting servers.
#Protecting physical access to network and servers. Data centers are managed & monitored 24x7 by security cameras and on-site staff.

== Hostek.com ==

PCI compliance requires quarterly scans from a PCI compliance vendor. Hostek.com goes above and beyond this requirement by having regular scans from two different PCI compliance vendors. One vendor's scans are done quarterly. The other's scans are done nightly. This ensures that all potential PCI compliance issues are accurately identified and dealt with promptly.

===Hostek.com PCI Compliance Report===
Hostek.com PCI DSS Compliance report: [[Media:Hostek-compliance.pdf‎]]

==Datacenter==
The St. Louis, MO data center where the Hostek.com equipment is housed maintains SOC 2 certification.

The Ashburn, VA datacenter where Hostek.com equipment is house maintains SOC 2 and SOC 3 certifications.

===Previous Certification Types===
SOC 2 replaced the SSAE 16 certification.

SSAE 16 replaced the SAS 70 certification.

==Shared Servers==

We support PCI compliance on our shared hosting servers. If your PCI scan shows any issues that are not directly related to your web application, you can attach the report in a support ticket so that we can address any issues.

===TLS 1.0===

{| class="wikitable floatright"
| colspan="2" | Browser Support w/ TLS 1.0 Disabled
|-
| Browser / OS
| Status
|-
| IE 11 / Win 8.1
| style="background-color: #AAFFAA" | Supported
|-
| IE Mobile 10 / Win Phone 8.0
| style="background-color: #FFAAAA" | Unsupported
|-
| IE Mobile 11 / Win Phone 8.1
| style="background-color: #AAFFAA" | Supported
|-
| Java 6u45
| style="background-color: #FFAAAA" | Unsupported
|-
| Java 7u25
| style="background-color: #FFAAAA" | Unsupported
|-
| Java 8u31
| style="background-color: #AAFFAA" | Supported
|-
| OpenSSL 0.9.8y
| style="background-color: #FFAAAA" | Unsupported
|-
| OpenSSL 1.0.1l
| style="background-color: #AAFFAA" | Supported
|-
| OpenSSL 1.0.2
| style="background-color: #AAFFAA" | Supported
|-
| Safari 5.1.9 / OS X 10.6.8
| style="background-color: #FFAAAA" | Unsupported
|-
| Safari 6 / iOS 6.0.1
| style="background-color: #AAFFAA" | Supported
|-
| Safari 6.0.4 / OS X 10.8.4
| style="background-color: #FFAAAA" | Unsupported
|-
| Safari 7 / iOS 7.1
| style="background-color: #AAFFAA" | Supported
|-
| Safari 7 / OS X 10.9
| style="background-color: #AAFFAA" | Supported
|-
| Safari 8 / iOS 8.1.2
| style="background-color: #AAFFAA" | Supported
|-
| Safari 8 / OS X 10.10
| style="background-color: #AAFFAA" | Supported
|-
| Yahoo Slurp Jan 2015
| style="background-color: #AAFFAA" | Supported
|-
| YandexBot Jan 2015
| style="background-color: #AAFFAA" | Supported
|}

{| class="wikitable" style="float: right; margin: 0 0 .5em .5em"
| colspan="2" | Browser Support w/ TLS 1.0 Disabled
|-
| Browser / OS
| Status
|-
| Android 2.3.7
| style="background-color: #FFAAAA" | Unsupported
|-
| Android 4.0.4
| style="background-color: #FFAAAA" | Unsupported
|-
| Android 4.1.1
| style="background-color: #FFAAAA" | Unsupported
|-
| Android 4.2.2
| style="background-color: #FFAAAA" | Unsupported
|-
| Android 4.3
| style="background-color: #FFAAAA" | Unsupported
|-
| Android 4.4.2
| style="background-color: #AAFFAA" | Supported
|-
| Android 5.0.0
| style="background-color: #AAFFAA" | Supported
|-
| Baidu Jan 2015
| style="background-color: #FFAAAA" | Unsupported
|-
| BingPreview Jan 2015
| style="background-color: #AAFFAA" | Supported
|-
| Chrome 42 / OS X
| style="background-color: #AAFFAA" | Supported
|-
| Firefox 31.3.0 ESR / Win 7
| style="background-color: #AAFFAA" | Supported
|-
| Firefox 37 / OS X
| style="background-color: #AAFFAA" | Supported
|-
| Googlebot Feb 2015
| style="background-color: #AAFFAA" | Supported
|-
| IE 6 / XP No FS 1
| style="background-color: #FFAAAA" | Unsupported
|-
| IE 7 / Vista
| style="background-color: #FFAAAA" | Unsupported
|-
| IE 8 / XP No FS 1
| style="background-color: #FFAAAA" | Unsupported
|-
| IE 8-10 / Win 7
| style="background-color: #FFAAAA" | Unsupported
|-
| IE 11 / Win 7
| style="background-color: #AAFFAA" | Supported
|}

We are disabling support for TLS 1.0 on our Shared Windows Servers.

*Disabling TLS 1.0 is now required for PCI DSS compliance.
*This change is to ensure that any connection over HTTPS is secured against "eavesdropping" from Man-In-The-Middle(MITM) attacks.
*The majority of users will be unaffected by this change because it will only affect outdated browsers and old mobile devices that do not support TLS 1.1 or TLS 1.2.
====Internet Explorer====
#After disabling this protocol '''Internet Explorer 11'''(only supported on '''Windows 7 and up''') will be the only version of Internet Explorer that can view HTTPS pages on the shared Windows servers.
#Users with '''Windows XP''' and '''Windows Vista''' will have an unsupported version of Internet Explorer. In order to view HTTPS pages these users will need to use an alternate browser (Example: Google Chrome, Mozilla FireFox, Safari, etc.).

====Support/Unsupported Browsers/OS's====
*See table on the right
 

==Common PCI Compliance Resolutions==

===SSL/TLS Protocol Initialization Vector Implementation Information Disclosure===

aka: BEAST (Browser Exploit Against SSL/TLS) Vulnerability

'''NOTE:''' If you are on a '''shared server''' or a '''managed VPS''', please submit a support ticket [http://support.hostek.com] and attach/include your PCI scan report. The information below is for our non managed VPS customers.

* Place the following text in a file named '''TLS.reg''' and execute the file. It will add registry values to enable TLS 1.1 and TLS 1.2 support:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

* After completing the above step, go to '''Start''' -> '''Run''' -> (type '''gpedit.msc''') -> (click '''OK''')
* Navigate to '''Computer Configuration''' -> '''Administrative Template''' -> '''Network''' -> '''SSL Configuration Settings'''
* Right click on '''SSL Cipher Suite Order''' and choose '''Edit''' (Windows 2008 R2) or '''Properties''' (Windows 2008)
* Select '''Enabled''' and replace the text in the textbox under '''SSL Cipher Suites'''(not to be confused with the '''Notes''' textbox) with the following long line of text(All on a single line - no line breaks or spaces):
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_NULL_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_WITH_MD5,TLS_RSA_WITH_NULL_SHA,TLS_RSA_WITH_NULL_MD5
* Click '''OK'''
* Reboot server

===Disable SSLv2 & Strong Cyphers Only & Strong Protocols Only===
If you are on a shared server, please open a support ticket and attach the PCI scan report.

For VPS's: This generally applies to a Windows based server. If you see one of these items on your PCI scan report, download this zip [http://hostek.com/wikifiles/disablessl2-strongcyphersonly-strongprotocolsonly.zip] and extract the appropriate .reg file and put that on your VPS and double click it to make the appropriate registry change to fix the issue. Generally if one of these show on your report, we suggest running all three .reg files to fully take care of the issue at one time.

'''NOTE:''' You will need to reboot the server for these changes to take affect.

====VPS-Windows 2008 Servers====
This free tool can be used to determine if vulnerable or weak protocols or cypers are enabled, and provides the option to disable them.

https://www.nartac.com/Products/IISCrypto/Default.aspx

Changes using this tool require a server reboot to complete them.

Websites that allow testing for SSL Protocols and Cyphers:

https://www.ssllabs.com/ssltest/index.html

http://www.serversniff.net/sslcheck.php

==Visa E-commerce Security Checklist Questionaire==

Click this link to Visa E-commerce Security Checklist Questionaire [[https://wiki.hostek.com/Visa_E-commerce_Security_Checklist_Questionaire]]

==Cloud Assessment Questions==
Q: Is your organization insured by a 3rd party for losses?
A: Yes

Q: Do your organization's service level agreements provide tenant renumeration for losses they may incur due to outages or losses experienced within your infrastructure?
A: The Hostek.com SLA provides for a refund or credit limited to the dollar amount paid for the service during that monthly period. The refund or credit amount is calculated based on amount paid for the monthly service / number of minutes in a month * number of down minutes.

Q: Do you collect capacity and utilization data for all relevant components of your cloud service offering?
A: Yes. Daily.

Q: Do you provide tenants with capacity planning and utilization reports?
A: No.

Q: Do you have a documented procedure for responding to requests for tenant data from governments or third parties?
A: Yes

Q: Do you process, transmit or store any credit card related information on behalf Cisco?
A: No

Q: Please provide any documentation on policies and procedures for controls you have in place to protect tenant's intellectual property and sensitive data from unauthorized access.
A: Utilization of IPS and IDS. Customer has ability to lock down server access. Internal access information is stored encrypted and only available via internal access.

Q: Please provide any documentation and policies you have regarding how you may access, mine, utilize tenant data and/or metadata.
A: We do not mine nor utilize tenant data. Access to tenant data would occur if tenant asked for help in resolving a situation which may require such access.

Q: Please specify any inspection technologies used for collecting or creating metadata about tenant data usage (search engines, etc.?).
A: We do not inspect tenant data.

Q: What is the process for tenants to opt-out of having their data/metatdata accessed/mined via inspection technologies?
A: N/A as we do not inspect tenant data.

Q: Can you provide the physical location/geography of storage of a tenant’s data upon request?
A: Yes.

Q: Do you allow tenants to define acceptable geographical locations for data routing or resource instantiation?
A: No.

Q: Do you allow tenants to specify which of your geographic locations their data is allowed to traverse into/out of (to address legal jurisdictional considerations based on where data is stored vs. accessed?)
A: No.

Q: What capability do you have to use system geographic location as an authentication factor?
A: N/A

Q: Does legal counsel review all third party agreements?
A: Yes.

Q: Do you select and monitor outsourced providers in compliance with laws in the country where the data orignates, processed, stored and transmitted?
A: N/A

Q: Have you established an Information Security Management Program (ISMP?)
A: Our ISMP is being developed.

Q: Do you provide tenants with a right to audit (tenant audit)?
A: No, for security/confidential purposes.

Q: What is the process for tenants to request deletion/removal of data as needed?
Q: Provide the standards used for secure deletion of archived data upon request by tenants.
Q: What is the process to sanitize all computing resource of tenant data once a customer has exited your environment.
Q: What is time period that you retain customer data after explicit user deletion/removal?
A: When a cloud tenant cancels, their virtual machine and backup data is deleted. Data blocks are reused for new customers, which replace the old blocks.

Q: Do you manage separate production and non production environments & what controls do you have in place to ensure that the production data in not copied to non-production environments?
A: No. We have a redundant production environment, which is replicated nightly from the primary environment.

Q: Are backups and archives of data using unique encryption keys for each tenant?
A: Each tenant with a nightly backup has their own uniquely retained archive.

Q: What is the duration for keeping backed up data? And can you provide information about your backup rotations and rotation of your backup media?
A: The backup duration depends on the plan selected and the nightly backup option chosen. For Shared customers, backups range from 7-14 days. For VPS customers choosing our Nightly Backup option; 5-30 days depending on option selected. The backups are full backups with a nightly differential, providing for a full 5-10 day restoration period.

===Identity and Access Control===

===Physical Security and Disaster Recovery===

Q: Do you require strong (multifactor) authentication options (card keys+PIN, biometric readers, etc.) for access to your physical facilities?
A: Yes.

Q: Are any of your datacenters located in places which have a high probability/occurrence of high-impact environmental risks (floods, tornadoes, earthquakes, hurricanes, etc.)?
A: No.

Q: Do you use 24X7 camera monitoring in all the access points of your datacenter and key locations within the datacenter?
A: Yes.

Q: Do you maintain liaisons and points of contact with local authorities in accordance with contracts and appropriate regulations?
A: N/A

[[Category:Infrastructure]]
[[Category:VPS]]

PCI Compliance

2018-01-05T16:50:46Z

Joshm:

__FORCETOC__

== Obtaining PCI Compliance ==

You need PCI Compliance if your website/business: '''accepts, transmits or stores any cardholder data.'''

'''If that is you:'''

Find a Quality Security Accessor such as [https://www.securitymetrics.com SecurityMetrics] or [https://trustwave.com/ TrustWave], there are many such vendors. They will help you determine the type of compliance required for your business and provide the services to achieve and maintain compliance.

'''How do I know what level / validation type?'''

The Quality Security Accessor will help you determine this and based on PCI DSS Standards.

*The level of "compliance" required (1-4) is based on transaction or monetary volume.
*The "Validation Type" determines the assessment requirements and is based on how much card data you store.

A copy of the PCI DSS is available [https://www.pcisecuritystandards.org/security_standards/index.php here].
More general unofficial details can be found at [http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard here].

=== How Hostek complements efforts for PCI compliance ===

#Insuring PCI standards can be met and kept for our own systems.
#Providing firewall protection for all servers and the option for PCI compliant firewall rules to be applied to customers environment.
#Providing VPN for customers to securely connect and manage environment remotely.
#Providing VLAN (virtual private network) for customers environment with multiple servers so their database server is completely isolated from public access.
#Including or offering Anti-Virus scanning on VPS and/or Shared Hosting servers.
#Protecting physical access to network and servers. Data centers are managed & monitored 24x7 by security cameras and on-site staff.

== Hostek.com ==

PCI compliance requires quarterly scans from a PCI compliance vendor. Hostek.com goes above and beyond this requirement by having regular scans from two different PCI compliance vendors. One vendor's scans are done quarterly. The other's scans are done nightly. This ensures that all potential PCI compliance issues are accurately identified and dealt with promptly.

===Hostek.com PCI Compliance Report===
Hostek.com PCI DSS Compliance report: [[Media:Hostek-compliance.pdf‎]]

==Datacenter==
The St. Louis, MO data center where the hostek.com equipment is housed maintains SOC 2 Certification. This replaced the SSAE16 Certification.

===Previous Certification Types===
SOC 2 replaced the SSAE 16 certification.

SSAE 16 replaced the SAS 70 certification.

==Shared Servers==

We support PCI compliance on our shared hosting servers. If your PCI scan shows any issues that are not directly related to your web application, you can attach the report in a support ticket so that we can address any issues.

===TLS 1.0===

{| class="wikitable floatright"
| colspan="2" | Browser Support w/ TLS 1.0 Disabled
|-
| Browser / OS
| Status
|-
| IE 11 / Win 8.1
| style="background-color: #AAFFAA" | Supported
|-
| IE Mobile 10 / Win Phone 8.0
| style="background-color: #FFAAAA" | Unsupported
|-
| IE Mobile 11 / Win Phone 8.1
| style="background-color: #AAFFAA" | Supported
|-
| Java 6u45
| style="background-color: #FFAAAA" | Unsupported
|-
| Java 7u25
| style="background-color: #FFAAAA" | Unsupported
|-
| Java 8u31
| style="background-color: #AAFFAA" | Supported
|-
| OpenSSL 0.9.8y
| style="background-color: #FFAAAA" | Unsupported
|-
| OpenSSL 1.0.1l
| style="background-color: #AAFFAA" | Supported
|-
| OpenSSL 1.0.2
| style="background-color: #AAFFAA" | Supported
|-
| Safari 5.1.9 / OS X 10.6.8
| style="background-color: #FFAAAA" | Unsupported
|-
| Safari 6 / iOS 6.0.1
| style="background-color: #AAFFAA" | Supported
|-
| Safari 6.0.4 / OS X 10.8.4
| style="background-color: #FFAAAA" | Unsupported
|-
| Safari 7 / iOS 7.1
| style="background-color: #AAFFAA" | Supported
|-
| Safari 7 / OS X 10.9
| style="background-color: #AAFFAA" | Supported
|-
| Safari 8 / iOS 8.1.2
| style="background-color: #AAFFAA" | Supported
|-
| Safari 8 / OS X 10.10
| style="background-color: #AAFFAA" | Supported
|-
| Yahoo Slurp Jan 2015
| style="background-color: #AAFFAA" | Supported
|-
| YandexBot Jan 2015
| style="background-color: #AAFFAA" | Supported
|}

{| class="wikitable" style="float: right; margin: 0 0 .5em .5em"
| colspan="2" | Browser Support w/ TLS 1.0 Disabled
|-
| Browser / OS
| Status
|-
| Android 2.3.7
| style="background-color: #FFAAAA" | Unsupported
|-
| Android 4.0.4
| style="background-color: #FFAAAA" | Unsupported
|-
| Android 4.1.1
| style="background-color: #FFAAAA" | Unsupported
|-
| Android 4.2.2
| style="background-color: #FFAAAA" | Unsupported
|-
| Android 4.3
| style="background-color: #FFAAAA" | Unsupported
|-
| Android 4.4.2
| style="background-color: #AAFFAA" | Supported
|-
| Android 5.0.0
| style="background-color: #AAFFAA" | Supported
|-
| Baidu Jan 2015
| style="background-color: #FFAAAA" | Unsupported
|-
| BingPreview Jan 2015
| style="background-color: #AAFFAA" | Supported
|-
| Chrome 42 / OS X
| style="background-color: #AAFFAA" | Supported
|-
| Firefox 31.3.0 ESR / Win 7
| style="background-color: #AAFFAA" | Supported
|-
| Firefox 37 / OS X
| style="background-color: #AAFFAA" | Supported
|-
| Googlebot Feb 2015
| style="background-color: #AAFFAA" | Supported
|-
| IE 6 / XP No FS 1
| style="background-color: #FFAAAA" | Unsupported
|-
| IE 7 / Vista
| style="background-color: #FFAAAA" | Unsupported
|-
| IE 8 / XP No FS 1
| style="background-color: #FFAAAA" | Unsupported
|-
| IE 8-10 / Win 7
| style="background-color: #FFAAAA" | Unsupported
|-
| IE 11 / Win 7
| style="background-color: #AAFFAA" | Supported
|}

We are disabling support for TLS 1.0 on our Shared Windows Servers.

*Disabling TLS 1.0 is now required for PCI DSS compliance.
*This change is to ensure that any connection over HTTPS is secured against "eavesdropping" from Man-In-The-Middle(MITM) attacks.
*The majority of users will be unaffected by this change because it will only affect outdated browsers and old mobile devices that do not support TLS 1.1 or TLS 1.2.
====Internet Explorer====
#After disabling this protocol '''Internet Explorer 11'''(only supported on '''Windows 7 and up''') will be the only version of Internet Explorer that can view HTTPS pages on the shared Windows servers.
#Users with '''Windows XP''' and '''Windows Vista''' will have an unsupported version of Internet Explorer. In order to view HTTPS pages these users will need to use an alternate browser (Example: Google Chrome, Mozilla FireFox, Safari, etc.).

====Support/Unsupported Browsers/OS's====
*See table on the right
 

==Common PCI Compliance Resolutions==

===SSL/TLS Protocol Initialization Vector Implementation Information Disclosure===

aka: BEAST (Browser Exploit Against SSL/TLS) Vulnerability

'''NOTE:''' If you are on a '''shared server''' or a '''managed VPS''', please submit a support ticket [http://support.hostek.com] and attach/include your PCI scan report. The information below is for our non managed VPS customers.

* Place the following text in a file named '''TLS.reg''' and execute the file. It will add registry values to enable TLS 1.1 and TLS 1.2 support:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

* After completing the above step, go to '''Start''' -> '''Run''' -> (type '''gpedit.msc''') -> (click '''OK''')
* Navigate to '''Computer Configuration''' -> '''Administrative Template''' -> '''Network''' -> '''SSL Configuration Settings'''
* Right click on '''SSL Cipher Suite Order''' and choose '''Edit''' (Windows 2008 R2) or '''Properties''' (Windows 2008)
* Select '''Enabled''' and replace the text in the textbox under '''SSL Cipher Suites'''(not to be confused with the '''Notes''' textbox) with the following long line of text(All on a single line - no line breaks or spaces):
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_NULL_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_WITH_MD5,TLS_RSA_WITH_NULL_SHA,TLS_RSA_WITH_NULL_MD5
* Click '''OK'''
* Reboot server

===Disable SSLv2 & Strong Cyphers Only & Strong Protocols Only===
If you are on a shared server, please open a support ticket and attach the PCI scan report.

For VPS's: This generally applies to a Windows based server. If you see one of these items on your PCI scan report, download this zip [http://hostek.com/wikifiles/disablessl2-strongcyphersonly-strongprotocolsonly.zip] and extract the appropriate .reg file and put that on your VPS and double click it to make the appropriate registry change to fix the issue. Generally if one of these show on your report, we suggest running all three .reg files to fully take care of the issue at one time.

'''NOTE:''' You will need to reboot the server for these changes to take affect.

====VPS-Windows 2008 Servers====
This free tool can be used to determine if vulnerable or weak protocols or cypers are enabled, and provides the option to disable them.

https://www.nartac.com/Products/IISCrypto/Default.aspx

Changes using this tool require a server reboot to complete them.

Websites that allow testing for SSL Protocols and Cyphers:

https://www.ssllabs.com/ssltest/index.html

http://www.serversniff.net/sslcheck.php

==Visa E-commerce Security Checklist Questionaire==

Click this link to Visa E-commerce Security Checklist Questionaire [[https://wiki.hostek.com/Visa_E-commerce_Security_Checklist_Questionaire]]

==Cloud Assessment Questions==
Q: Is your organization insured by a 3rd party for losses?
A: Yes

Q: Do your organization's service level agreements provide tenant renumeration for losses they may incur due to outages or losses experienced within your infrastructure?
A: The Hostek.com SLA provides for a refund or credit limited to the dollar amount paid for the service during that monthly period. The refund or credit amount is calculated based on amount paid for the monthly service / number of minutes in a month * number of down minutes.

Q: Do you collect capacity and utilization data for all relevant components of your cloud service offering?
A: Yes. Daily.

Q: Do you provide tenants with capacity planning and utilization reports?
A: No.

Q: Do you have a documented procedure for responding to requests for tenant data from governments or third parties?
A: Yes

Q: Do you process, transmit or store any credit card related information on behalf Cisco?
A: No

Q: Please provide any documentation on policies and procedures for controls you have in place to protect tenant's intellectual property and sensitive data from unauthorized access.
A: Utilization of IPS and IDS. Customer has ability to lock down server access. Internal access information is stored encrypted and only available via internal access.

Q: Please provide any documentation and policies you have regarding how you may access, mine, utilize tenant data and/or metadata.
A: We do not mine nor utilize tenant data. Access to tenant data would occur if tenant asked for help in resolving a situation which may require such access.

Q: Please specify any inspection technologies used for collecting or creating metadata about tenant data usage (search engines, etc.?).
A: We do not inspect tenant data.

Q: What is the process for tenants to opt-out of having their data/metatdata accessed/mined via inspection technologies?
A: N/A as we do not inspect tenant data.

Q: Can you provide the physical location/geography of storage of a tenant’s data upon request?
A: Yes.

Q: Do you allow tenants to define acceptable geographical locations for data routing or resource instantiation?
A: No.

Q: Do you allow tenants to specify which of your geographic locations their data is allowed to traverse into/out of (to address legal jurisdictional considerations based on where data is stored vs. accessed?)
A: No.

Q: What capability do you have to use system geographic location as an authentication factor?
A: N/A

Q: Does legal counsel review all third party agreements?
A: Yes.

Q: Do you select and monitor outsourced providers in compliance with laws in the country where the data orignates, processed, stored and transmitted?
A: N/A

Q: Have you established an Information Security Management Program (ISMP?)
A: Our ISMP is being developed.

Q: Do you provide tenants with a right to audit (tenant audit)?
A: No, for security/confidential purposes.

Q: What is the process for tenants to request deletion/removal of data as needed?
Q: Provide the standards used for secure deletion of archived data upon request by tenants.
Q: What is the process to sanitize all computing resource of tenant data once a customer has exited your environment.
Q: What is time period that you retain customer data after explicit user deletion/removal?
A: When a cloud tenant cancels, their virtual machine and backup data is deleted. Data blocks are reused for new customers, which replace the old blocks.

Q: Do you manage separate production and non production environments & what controls do you have in place to ensure that the production data in not copied to non-production environments?
A: No. We have a redundant production environment, which is replicated nightly from the primary environment.

Q: Are backups and archives of data using unique encryption keys for each tenant?
A: Each tenant with a nightly backup has their own uniquely retained archive.

Q: What is the duration for keeping backed up data? And can you provide information about your backup rotations and rotation of your backup media?
A: The backup duration depends on the plan selected and the nightly backup option chosen. For Shared customers, backups range from 7-14 days. For VPS customers choosing our Nightly Backup option; 5-30 days depending on option selected. The backups are full backups with a nightly differential, providing for a full 5-10 day restoration period.

===Identity and Access Control===

===Physical Security and Disaster Recovery===

Q: Do you require strong (multifactor) authentication options (card keys+PIN, biometric readers, etc.) for access to your physical facilities?
A: Yes.

Q: Are any of your datacenters located in places which have a high probability/occurrence of high-impact environmental risks (floods, tornadoes, earthquakes, hurricanes, etc.)?
A: No.

Q: Do you use 24X7 camera monitoring in all the access points of your datacenter and key locations within the datacenter?
A: Yes.

Q: Do you maintain liaisons and points of contact with local authorities in accordance with contracts and appropriate regulations?
A: N/A

[[Category:Infrastructure]]
[[Category:VPS]]

SSH

2017-04-03T13:53:20Z

Joshm: /* Configuring alternate SSH port for your VPS */

==SSH==
The dedicated IP and port for SSH access on Linux VPS servers will be included in the email with server details. Alternatively we have an alternate port which can be used for SSH however this will need to be configured. Please email support for the alternate port number and follow the steps below.

==Configuring alternate SSH port for your VPS==
*'''NOTE''' You must be familiar with editing Linux text files from a command prompt to proceed.

#Contact support for the alternate SSH port to use.
#:If you have requested your VPS to not be behind our perimiter firewall and you are 100% managing your own firewall, then you can use any TCP port that you wish
#Add the alternate TCP port to the cPanel firewall:
##Log into WHM of your server
##Scroll down and select ''ConfigServer Security&Firewall''
##Click ''Firewall Configuration''
##Edit the TCP_IN line, adding the alternate SSH port, being careful to have comma before and after the number
##*Pay close attention to the formatting of the current entries in this line. Syntax errors will result in your VPS firewall failing to restart
##Click Change button at the bottom
#Configure SSH to use the new port:
##SSH into your VPS on the default port 22
##Edit the /etc/ssh/sshd_config file
##Change the line "Port 22" to "Port ####" (without quotes) where #### is the alternate port
##Save your changes
##Run the following command to restart the ssh service:
##:''service sshd restart''
##*'''NOTE''' Do not disconnect your ssh session after restarting the service until you verify with a new session that your changes are successful. Otherwise you will not be able to correct any syntax errors in the sshd_config file
##While your SSH session is still open, launch a new ssh session to your server, connecting on the new port 4805
##*If you get a connection failed, check the /etc/ssh/sshd_config file for syntax errors and correct. Run the command "''service sshd restart''" (without quotes) after making any changes to the sshd_config file.

==Connecting to your server with a SSH key==

To connect via SSH you'll first need to download an SSH client such as Putty http://www.putty.org/. If you are on a shared server, the Hostek.com support team will need to enable access for you to see the area below.

To generate a new key:
#Click 'SSH/Shell Access' within the cPanel home page (once logged in).
#Click 'Manage SSH Keys'.
#Click the 'Generate a new Key' icon.
#Fill in the appropriate information.
#*Note: You should consider your needs when choosing a key type, bearing in mind that RSA keys yield a faster confirmation of identity, while using DSA keys will speed up key generation and signing times.
#Click Generate Key to generate the new SSH key and automatically install it to the server.

==View or Download SSH Key==
To view or download a key:
#Click View/Download next to the corresponding key in the appropriate table. You will be directed to a new page.
#Click Download Key to download the key. You can also copy the key and save it on your computer.

==Convert SSH private key==
To convert a private key and save it onto the server:
#Enter the key's passphrase into the box.
#Click Convert. You will be directed to a new page.
#Click Download Key to download the converted key to your desktop.

==Authorize and Deauthorize SSH Key==
'''Note: You will need to authorize a key before using it to connect to the server.'''
To authorize or deauthorize a key:
Click Manage Authorization next to the corresponding key in the appropriate table. You will be directed to a new page.
Click Authorize or Deauthorize.

[[Category:Linux-VPS]]

SQL Server 2014

2016-03-08T13:15:59Z

Joshm:

==SQL Server Management Studio==

Versions of SQL Server Management Studio older than the 2014 version may be able to connect and run queries. However, most functions will require that you use the 2014 version of Management Studio. In order to obtain SQL Server Management Studio 2014, first go to the following URL:

https://www.microsoft.com/en-us/download/details.aspx?id=42299

Next, select the orange download button. A new pop-up will appear. Scroll down to the very bottom. If you have a 32-bit Operating System, select the check box next to the following and choose 'Next':

"MgmtStudio 32BIT\SQLManagementStudio_x86_ENU.exe"

If you are running a newer 64-bit Operating System, select the check box next to the following and choose 'Next':

"MgmtStudio 64BIT\SQLManagementStudio_x64_ENU.exe"

[[Category:Databases-MSSQL]]

CPanel

2016-02-11T20:53:49Z

Joshm:

{{DISPLAYTITLE:cPanel}}

==cPanel Help==
===cPanel Documentation===
*The link below will send you to the cPanel Documentation, this will familiarize you with the interface and it's functions:
#https://documentation.cpanel.net/display/ALD/cPanel+User+Documentation
#For a different version of cPanel, please see this page: https://documentation.cpanel.net/pages/viewpage.action?pageId=1507796
===cPanel Video Tutorials===
*The link below will send you to our SmarterMail Video Tutorials Wiki:
#https://wiki.hostek.com/CPanel_Tutorials#cPanel
===Helpful Links===
*This link will take you to our Shared SSL Wiki:
#https://wiki.hostek.com/Shared_SSL#Linux_cPanel_Customers
*This link will take you to our Default Document Wiki:
#https://wiki.hostek.com/Default_document#Changing_the_Default_Document_in_Linux_cPanel
*This link will take you to our MIME Types Wiki:
#https://wiki.hostek.com/Mime_types#Adding_MIME_Types_in_Linux_cPanel
===cPanel Demo===
*Here is a link to our cPanel Demo for you to test and see if you like cPanel:
#https://cp4.hostek.com:2083/login?user=demouser&pass=DemoPassword1$

==Advanced DNS Zone Editor==
*'''Important:''' When a Domain is added to cPanel all DNS records are automatically generated for that domain in our system(in most cases).
#First you must Login to cPanel
#*(Example: <nowiki>http://myawesomedomain.com/cpanel</nowiki>)
#Under the '''Domains''' section click on '''Advanced DNS Zone Editor''', which will take you to the DNS Records in our system.

===Add a Record===
*To add a new DNS Record, perform the following steps:
#Login to cPanel
#*(Example: <nowiki>http://myawesomedomain.com/cpanel</nowiki>)
#Under the '''Domains''' section click on '''Advanced DNS Zone Editor'''
#If this account owns more than one domain, select the domain that you wish to manage from the Domain menu.
#Select any record type, here are some definitions:
#*Type: '''A Record''':
#**This record maps hostnames to IP(IPv4) Addresses. A records are essential because they allow DNS servers to identify and locate your website and its various services on the Internet. Without appropriate A records, your visitors cannot access your website, FTP site, or email accounts.
#**Remember cPanel configures your DNS records so that visitors can resolve your website and its services, such as FTP and email.
#**Only add A Records when you add a service that cPanel & WHM or your service provider does not provide.
#*Type: '''AAAA Record''':
#**This record maps hostnames to IPv6 addresses.
#*Type: '''CNAME Record''':
#**This record creates an alias for another domain name, which DNS looks up. This is useful, for example, if you point multiple CNAME records to a single A record in order to simplify DNS maintenance.
#**'''Note:''' You cannot point a CNAME record at an IP address.
#*Type: '''SRV''':
#*This record provides information about available services on specific ports on your server.
#**'''Note:''' The SRV record must point at a hostname with an A (or AAAA) record. You cannot point an SRV record at a CNAME record.
#*Type: '''TXT''':
#*This record contains text information for various services to read. For example, TXT records can specify data for the SPF (Sender Policy Framework) or DKIM (Domain Keys Mail Identifier) email authentication systems.
#Enter the appropriate information for the record type that you select.
#Click '''Add Record'''.

===Edit a Record===
*To edit a record, perform the following steps:
#Login to cPanel
#*(Example: <nowiki>http://myawesomedomain.com/cpanel</nowiki>)
#Under the '''Domains''' section click on '''Advanced DNS Zone Editor'''
#If this account owns more than one domain, select the domain that you wish to manage from the Domain menu.
#Click Edit next to the record that you wish to edit.
#Change the information in the text boxes as necessary.
#Click Edit Record to save your changes, or click Cancel to discard them.

===Delete a Record===
*To delete a record, perform the following steps:
#Login to cPanel
#*(Example: <nowiki>http://myawesomedomain.com/cpanel</nowiki>)
#Under the '''Domains''' section click on '''Advanced DNS Zone Editor'''
#If this account owns more than one domain, select the domain that you wish to manage from the Domain menu.
#Click Delete next to the record that you wish to remove.
#Click Delete.

==MX Entry/Record Management==
*This feature allows you to route a domain's incoming mail to a specific server by modifying your MX Records/MX Entries.

===Configure Email Routing===
*'''Warning:''' Misconfigured MX entries can completely disable your ability to receive mail.
*To change how your server routes mail for a [your] domain, perform the following steps:
#Login to cPanel
#*(Example: <nowiki>http://myawesomedomain.com/cpanel</nowiki>)
#Under the '''Email''' section click on '''MX Entry'''
#Select the desired domain from the menu.
#Select one of the following options under Email Routing:
#*'''Automatically Detect Configuration''': The server uses the current MX record or records for the domain to select the appropriate configuration from the list below.
#*'''Local Mail Exchanger''': The domain accepts mail even if an MX record with higher priority exists. The server routes mail to both domains when this happens.
#**'''Note:''' Choose this option if your server uses smart hosts or another gateway service to filter mail.
#*'''Backup Mail Exchanger''': The domain acts as a backup mail exchanger and holds mail in the queue if the primary exchanger is offline.
#**'''Note:''' Configure the primary MX entry to point to the appropriate exchanger.
#*'''Remote Mail Exchanger''': The domain does not accept mail. Instead, it sends it to the primary mail exchanger.
#**'''Note:''' Configure the primary MX entry to point to the appropriate exchanger.
#Click Change.

===Add a New MX Entry===
*To add a new MX entry to the domain, perform the following steps:
#Login to cPanel
#*(Example: <nowiki>http://myawesomedomain.com/cpanel</nowiki>)
#Under the '''Email''' section click on '''MX Entry'''
#Under the Add a New Record section, enter the priority of the new MX entry in the Priority text box.
#**'''Remember:''' Lower values denote higher priority. The highest priority is 0.
#**The primary mail server or servers (those with the lowest priority values) receives mail that is sent to your domain.
#**Backup, or secondary, mail servers (those with higher priority values) are for backup or other purposes.
#**If you assign the same priority value to multiple mail servers (and needs this level of mail server) the system distributes mail to those servers randomly.
#In the Destination text box, enter the hostname of the new mail exchanger.
#**'''Important:''' You must specify a fully qualified domain name (FQDN). You cannot specify an IP address here.
#Click Add New Record.

===Delete a MX Entry===
#Login to cPanel
#*(Example: <nowiki>http://myawesomedomain.com/cpanel</nowiki>)
#Under the '''Email''' section click on '''MX Entry'''
*To delete an MX entry, perform the following:
#Click Delete next to the appropriate MX entry in the MX Records list.
#Click Delete to confirm.

===Edit an MX Entry===
#Login to cPanel
#*(Example: <nowiki>http://myawesomedomain.com/cpanel</nowiki>)
#Under the '''Email''' section click on '''MX Entry'''
*To edit an MX entry, perform the following:
#Click Edit next to the appropriate MX entry in the MX Records list.
#Change the Priority or Destination as desired.
#Click Edit to confirm.

==cPanel File Permissions==
{| class="wikitable floatright" border="1" cellpadding="4" cellspacing="0" style="margin: 1em 1em 1em 0; background: #f9f9f9; border: 1px #aaa solid; border-collapse: collapse;"
| colspan="2" style="text-align:center;" | '''User, Group, and World, Permissions'''
|-
| style="background-color: lightgrey; text-align:center;" | Permission
| style="text-align:center; background-color: lightgrey;" | Description
|-
|style="text-align:center" | 0
|style="text-align:center" | No Permission
|-
|style="text-align:center" | 1
|style="text-align:center" | X
|-
|style="text-align:center" | 2
|style="text-align:center" | W
|-
|style="text-align:center" | 3
|style="text-align:center" | WX
|-
|style="text-align:center" | 4
|style="text-align:center" | R
|-
|style="text-align:center" | 5
|style="text-align:center" | RX
|-
|style="text-align:center" | 6
|style="text-align:center" | RW
|-
|style="text-align:center" | 7
|style="text-align:center" | RWX
|-
|}
{| class="wikitable" align="right" border="1" cellpadding="4" cellspacing="0" style="margin: 1em 1em 1em 0; background: #f9f9f9; border: 1px #aaa solid; border-collapse: collapse;"
| colspan="2" style="text-align:center;" | '''Permissions breakdown'''
|-
| style="background-color: lightgrey; text-align:center;" | Permission
| style="text-align:center; background-color: lightgrey;" | Description
|-
|style="text-align:center" | R
|style="text-align:center" | Read
|-
|style="text-align:center" | W
|style="text-align:center" | Write
|-
|style="text-align:center" | X
|style="text-align:center" | Execute
|}
*There are 2 methods used when adjusting file/folder permissions.
#Login to the File Manager in cPanel
##When you have selected a file or folder click the '''key icon''' at the top to change the permissions.
#Use a FTP client to connect to the server
##Select the file and choose the change permission option.
##If an option is not listed right click the file and select file permissions.
*The the right you will see a breakdown of the Permissions:
*Default file and folder permissions:
#'''Files:''' 644
#'''Folders:''' 755

==cPanel Webmail==

===Accessing Webmail===
#Log in to '''cPanel''' (i.e. '''<nowiki>http://www.yourdomain.com/webmail/</nowiki>''')
#Click on '''Webmail'''.
#Click on '''Go to Webmail Login'''.
#Choose one of the three available Webmail Programs: '''1)NeoMail 2)Horde 3)SquirrelMail'''
#For this tutorial we will use '''SquirrelMail,''' but all three are fairly similar.
#From the main screen Click on '''Options'''. (From here you can change many settings within your Webmail.)
*'''Note:''' You do not have to login to cPanel in order to access your Webmail.

===Creating Folders and Sub-folders===
#While in the '''Options''' menu, Click on '''Folders'''.
#Place the desired name into the '''box''' below the '''Create a Folder''' title.
#If you already have a folder created, you can use the '''drop-down menu''' right below the name box, to choose a sub-folder location.
#Click on '''Create'''.
#In order to see the new folder listed, Click on '''Refresh Folder List'''.
*'''Note:''' You can create as many folders as you need.

===Adding an Entry to the Address Book===
#While in the '''Options''' menu, Click on '''Addresses'''.
#All of the fields are required, except for the 'Additional Information' box.
#Click '''Add Address'''

===Composing Email===
#While in the '''Options''' menu, Click on '''Compose'''.
#To select a Email Address from your Address Book, click on '''Addresses'''
#You can choose how to send them, by ticking the boxes beside: '''To''', '''CC (Carbon Copy)''', or '''BCC (Blind Carbon Copy)'''.
#Click on '''Use Addresses'''.
#Next, fill out your '''Subject''' and the body of the message.
#You can also send an attachment, just '''Scroll Down''' to the bottom of the page.
#Beside the '''Attach''' box, Click on '''Browse'''.
#Choose the file.
#Click on '''Add'''
#To complete everything, Click on '''Send''' on the bottom of the page.

===Deleting and Moving Mail===
*Video tutorial [http://hostek.com/tutorials/cpanel-x3-webmail.html here]
#From your '''Inbox'''
#Tick the box next to the email(s) of choice.
#To trash your Email(s) Click on '''Delete'''.
#To place your Email(s) in a different folder, Click the '''drop-down menu''' and choose the folder you wish to move the Email(s) to.
#Click on '''Move'''

===Create an Email Account in cPanel===
*Video tutorial [http://hostek.com/tutorials/cpanel-x3-popemail.html here]
#Login to cPanel.
#Click on '''Email Accounts'''.
#There will already be a '''Default Email Account''' listed.
#Fill out the boxes labelled: '''Email''', '''Password''', '''Password( Again)'''.
#Be sure to choose the correct domain name (If you have Parked Domain and/or a Addon Domain) ''' '@ drop-down menu' '''.
#You can set the '''Mailbox Quota Limit''' if you wish.
#Click on '''Create'''
#Click on '''No''' (This can be done later.)
*From the '''Email Accounts''' page you can '''Access Webmail''', '''Change Quota''', '''Change Password''', '''Configure Mail Client''', and '''Delete'''.

===Create a Default (Catchall) Email Address in cPanel===
*Video tutorial [http://hostek.com/tutorials/cpanel-x3-catchall.html here]
*Logging in to cPanel.
#Click on '''Default Address'''.
#Enter the desired email address in the '''Forward to Email Address''' box.
#Now Click on '''Change'''.
*'''Note:''' All emails sent to an address you have not defined, will go to the email address you enter.

==cPanel Mailing Lists==

===How to Create a Mailing List===
#In your cPanel account click on '''Mailing Lists''' under the '''Mail''' section.
#Type in your '''List Name''' in the text box.
#Type a secure but memorable Pass-phrase in the '''Password''' field.
#Confirm the password in the '''Password (Again)''' field.
#Then click on '''Add Mailing List'''.

===How to Reset the Mailing List Password===
#In your cPanel account click '''Mailing Lists''' under the '''Mail''' section.
#Under the '''Functions''' area click on '''Change Password'''for your Mailing List.
#Type a secure but memorable pass-phrase in the '''Password''' field .
#Re-type to confirm the password in the '''Password (Again)''' field.
#Then click on the '''Change Password''' tab which will reset your password.
*'''Note:''' You may also generate/use a Random Password by clicking on '''Password Generator''' and then copy and pasting it into both password text boxes.

==Forwarding==
===How to add an Email-level Forwarder===
#In your cPanel account click '''Forwarders''' under the '''Mail''' section.
#Clink on '''Add Forwarder''' button.
#In the '''Address to Forward''' section type in a Username you would like to set.
#Next type in the '''Destination''' email address, into the section '''Forward to email address'''
#Then click on '''Add Forwarder''' button to complete.
*Note - You may '''Delete''' and '''Trace''' the forwarding address you created under the '''Functions''' section.

===How to add a Domain-level Forwarder===
#In your cPanel account click '''Forwarders''' under the '''Mail''' section.
#Clink on '''Add Domain Forwarder''' button below.
#Choose the appropriate domain and type in the '''Destination''' email address in the '''To''' section.
#Then click on the '''Add Domain Forwarder''' button to complete.

==How to view the Access Logs==
#Login to cPanel
#In the '''"Logs"''' section, click on '''"Raw Access Logs"'''
#Click on the link for the log file you want to download
#Unzip the '''.gz''' with a program such as 7zip
#Open the file with notepad or your favorite text editing program

==How to find the publishing folder==
*Also referred to as the "webroot" or "home path", the publishing folder is where you put site files.
*This directory is live, "published" to the web.
*Our Linux/cPanel plans use the folder "public_html" as the publishing folder.
#You can confirm this by viewing the '''"Stats"''' section in your cPanel.

==cPanel Errors==
===Error Handling===
*The link below will send you to our Error Handling Wiki:
#https://wiki.hostek.com/Error_Handling#cPanel
===Excessive 404 errors causing IP address to be blocked===
*On our shared Linux cPanel servers, generating excessive "''404: File does not exist''" errors will result in the IP address of the visitor generating the errors to get temporarily blocked.
*The purpose for this temporary block is for performance and manageability of the server and your site.
*Consider this: Assume that one visitor generates the full number of ''404: File does not exist'' errors within a few minutes minutes and the site in question has 100 visitors over the course of the day. That is 20,000 errors in one day getting logged. So over the course of a month that is over 600,000 additional errors for the site being logged. With no restrictions, a busy site with bad code generating multiple 404 errors could very well generate millions of errors being logged in a very short amount of time. Now multiply that by the number of sites on the server. As you can imagine, this can quickly cause the server error log to swell to an unmanageable size.

===Common Errors===
*This wiki goes over known cPanel errors that appear often and provides fixes and/or workarounds for them.
<pre> Sorry, cannot determine nameserver IPs. Please make sure that the domain is registered with a valid domain registrar.</pre>
*This is caused by the VPS not being able to lookup whois info for the domain.
*A work around:
#Log in to WHM.
#Select Server Configuration.
#Select Tweak Settings.
#Select the Domains tab.
#Change the setting for Allow unregistered domains.
#Click Save.

==AwStats==
AwStats is a software that displays website traffic statistic. AwStats includes statistical information for monthly, daily, and hourly averages in easy to read graphs and tables.

===How To Access and Use===
#First, access your cPanel. If you are unsure of how to access your cPanel, first consult your Account Welcome E-mail. If you no longer have the Account Welcome e-mail or are unsure of the correct credentials, submit a ticket at https://support.hostek.com for assistance.
#Next, find the AwStats button under Metrics. You will now see your domain with an hourglass View icon next to it. If you have multiple domains, you may see multiple domains to select.
#Once you select the hourglass View icon next to your domain, you will be redirected to AwStats.

*After being redirect to AwStats, you see will many options on the left. Under 'When', you can choose to see statistical information for the entire month, each day with the month, each day of the week, and even each hour during the day.

*Under 'Who', you can see the location (by IP) of visitors who have accessed your website, Hosts, Authenticated users, and Robots (bots) who have accessed your website.

*Under 'Navigation', AwStats provides information on how long visitors stayed on your site, types of files requested, downloads from your site, most popular URL's, the operating system of visitors, and browsers used by visitors.

*Next, the 'Referrers' section shows what websites your visitors were referred from, if any.

*Last, under the 'Others' section you are able to view HTTP status codes thrown by visitor. You can see the wiki at https://wiki.hostek.com/HTTP_Errors for more status code information.

[[Category:VPS]]
[[Category:Control Panels]]
[[Category:cPanel]]
[[Category:Linux-VPS]]
[[Category:VPS]]
[[Category:cPanel]]
[[Category:Misc-Email]]
[[Category:cPanel-Mail]]
[[Category:Linux-VPS]]
[[Category:cPanel-VPS]]
[[Category:WHM]]
[[Category:Reseller]]
[[Category:Lucee]]
[[Category:Railo]]
[[Category:Email]]
[[Category:Tutorials]]

WCP (Windows based Control Panel)

2015-12-24T14:38:48Z

Joshm: /* VPS/Server Manager (VPS Accounts) */

==How To Login To My WCP Control Panel==
#To manage your domain, login to the WCP Control Panel, using the details below
#URL: '''https://wcp.hostek.com'''/
#Username:
#Password: ** same as your cp.hostek.com password **
*You can also login to the control panel through your billing control panel https://cp.hostek.com/clientarea.php
#Click on ''''My Services'''' 'Click the '''small Green arrow''' on the the notepad to the right'
#Now click the '''Login to Control Panel''' Icon'''

[[Category:Windows]]
[[Category:ColdFusion]]
[[Category:Railo]]

==Custom URL for the WCP Control Panel==
The WCP can als be accessed by wcp.your_domain.com

Setup wcp.your_domain.com as an A record for "184.175.108.65" or as a CName record for "wcp.ezhostingserver.com".

===Resellers and VPS - WCP White label Settings===
Resellers and VPS customers can setup their logo in their Reseller control panel, however those additional features will only be available when accessing the control panel using the specific domain they configured within the Reseller Setttings of the control panel. The Reseller settings will be available using '''any''' URL, and as mentioned within these settings the reseller '''URL''' can be setup and other whitelabel options (custom control panel logo, favicon, etc.) making WCP the ultimate Windows Control Panel.

[[Category: Windows VPS]]
[[Category:Resellers]]

==Adding Additional Control Panel Logins==
*This will allow you to set up additional control panel logins for you or for others involved in editing or managing your account. You can limit the Permissions or options available for them to manage.
#Login to the WCP Control Panel, using the details below
#URL: '''https://wcp.hostek.com'''/
#Username:
#Password: ** same as your cp.hostek.com password **
#Click on the '''Control panel Logins''' tab, then click on the '''Add''' icon.
#Put the "Username, Password and if you want them to have Limited Permission.
#If you want them to have Limited Permission then check the '''Limited Permission''' box. This will load a dropdown where you can select what privlages they have to manage.
#Once you are done click the '''Save''' icon at the bottom of the screen.
#Once it has been added you or they can login by going to https://wcp.hostek.com/Login.aspx and using the username and password that you set for it.
[[Category:Windows]]
[[Category:ColdFusion]]
[[Category:Railo]]
[[Category:Lucee]]
==Unlimited Plans - Add Additional Domains==
You will want to follow these steps in to generate a +1 Control Panel for a separate Domain. (Please note the difference between Registration and Hosting: [https://wiki.hostek.com/Domain_Registration_and_Domain_Name_Management#Domain_Registration_Information_vs._Domain_Hosting_Information '''here''')] This would be under your Windows Unlimited account, or your Windows Business/Pro plan.

#Login to your WCP control panel
#*Windows Unlimited: For adding a third (or more) domain select any domain from the upper right hand corner dropdown box "Domains".
#Within the "Domains" box click the "Addon Domains" icon.
#Click "Add" and enter the following:
#*Domain Name
#*Username
#*Password
#Click "Save"
#To manage the domain, you can now select it from the '''Domains''' drop-down list/box.
[[Category:Windows]]

==Site Details==
We recommend you review the "Site Settings" which includes many important details about your domain including:

WCP (login and select domain) > Website Settings > '''Site Details'''

*Testing URL
*Primary and Secondary DNS
*Site IP
*Web Root Path
*FTP Root Path
===IIS Version & ColdFusion Version (if applicable)===
To get your domain's IIS Version and ColdFusion Version (if applicable) log in to WCP and under the Settings section, click on the Site Details option.
===How to find the publishing folder===
*Also referred to as the "webroot" or "home path", the publishing folder is where you put site files.
*This directory is live, "published" to the web.
*Our Windows/WCP plans use the folder "wwwroot" as the publishing folder.
#You can confirm this by clicking on the '''Site Details''' button in your WCP.

==FTP Accounts==
*Adding or Editing FTP Accounts.
#Login to WCP: https://wcp.hostek.com
#Click on the '''FTP Accounts''' button in WCP.
##To Edit a FTP Account click on the '''Pencil Icon''' next to the one that you're trying to modify.
###Make any edits by typing into the boxes here.
###Click '''Save'''
##To Add a FTP Account click on the '''Add FTP User''' button.
###Type in a proper '''Username''', '''Password''', and a '''Folder'''.
###The '''Folder''' box can be left blank to give the FTP Account access to the root of your website.
###Click '''Save'''

==Virtual Directories==
*Adding virtual directories to your site.
#Log in to WCP
#Click on Virtual Directories under the Files section
#Click Add
#Enter the virtual path you need
#Enter in the actual physical path it is mapped to
#If this is to be an application, check the Create Application Folder check box
#Click Save

==Application Folders==
To create and manage Application Folders on your site
#Log in to WCP
#Click on Application Folders under the Files section
#Select the site or sub-domain from the drop down box
#Click continue
#Select a folder
#Click Add Application to make it an application folder

[[Category:Windows]]
[[Category:ColdFusion]]
[[Category:Railo]]

==File Manager==
*Basic File Operations, file uploading and editing now supported- Zip, GZip, and Tar Archive support.
#Click on the '''File Manager icon''', then the '''Login icon''' on the next screen.
#To create files or Directory's outside the WWW root folder right click and click on the '''Create File''' or '''Create Directory''' option.
#Click the '''Continue Icon''' to add this.
#To add/edit files in the WWWroot click on the '''wwwroot file'''.
#once you are in you can add, edit or delete by right clicking and clicking on the options given.

*Upload and Download functions
#To upload a file, right click the File Manager page, and click Upload
#Select the file you wish to upload by clicking Choose File
#Give this file a new name or keep the existing default name

#To download a file, right click the file you want to download
#Click Download File. Note: This will send you to a new page.
#Now your browser will be downloading the file in question. Simply check your Downloads folder or hit Ctrl+J to open the Downloads section of your browser and move this file where you want it.

*NEW: Use the search bar at the top of the File Manager to quickly search the file you're looking for.

===Windows Permissions===
Read, Write, and Delete permissions are set by default on our servers. If you wish to modify this, it can be done through File Manager:
#Login to WCP
#Open File Manager
#Find the File or Folder you wish to change the permissions for and '''right-click on it'''
#Select '''Permissions'''
#Check or Uncheck any of the boxes here:
##'''Inherit permissions from parent folder:''' When checked this takes the permissions that the folder above it has given to it
##'''Read Only:''' this will prevent deleting or updating this file through scripts, ftp, and the file manager
##'''Read Permissions:''' allows reading via scripts and browsing
##'''Write Permissions:''' allows writing via scripts
#Click '''Save'''

===Access Logs===
====How to view the Access Logs through WCP====
#Login to WCP
#Click on '''"File Manager"''' under the '''"Files"''' section
#Double Click on the '''"Logs"''' folder
#Double Click on the '''"W3SVCxxx"''' folder
#Right-Click on the access log file you want to view
#Click '''"Edit"''' to view the log
#If you can't view the logs, please see the steps below on how to do this through FTP.
====How to view the Access Logs through a FTP Client====
#Connect to the Server with a FTP User that has access to view above the "wwwroot" folder.
#Open the '''Logs''' folder
#Open the '''W3SVCxxx''' folder
#Download the log file that you wish to download, these are sort by date.
#Next you'll simply view the content in a Text Editor such as NotePad.
##If you downloaded a compressed(zipped) log, you'll need to first unzip it with a program like 7zip.

[[Category:ColdFusion]]
[[Category:Windows]]

==Password Protect Folders==
#Under the Files section click on '''Password Protect'''.
#Click on '''Manage Protected Folders'''.
#Browse to and click on the folder that you want to set this up on and check '''Enable Protection'''.
#Select a user from the list or click on '''Manage Users''', then click '''Add''', and enter username and password then Save.

==IIS Settings==
*Setting up error pages, default pages, advanced settings, etc.
===Custom Error pages===
#Click on '''IIS Settings''' in your WCP
#Click the edit button next to the error page you want to change
#Uncheck the '''Use System Default''' checkbox
#Enter the path to your custom error page
#Click '''Save'''
===Mime Types===
#Click on '''IIS Settings''' in your WCP
#Scroll to the bottom of the window and click '''Add Mime Type'''
#Enter the extension for the Mime Type
#Enter the Mime Type information
#Click '''Save'''
*An example Mime Type is below:
<pre>
Extension: .mp3
Mime Type: audio/mpeg
</pre>

More information here: [https://wiki.hostek.com/Mime_types Mime Types]

===Default Docs===
*Select a default document and drag it to the top position to set it as top priority
*Click '''Add''' to add a default doc
*Click the red '''X''' to delete a default doc
*Click a default doc and change the name
*For example: change '''"index.htm"''' to '''"index.asp"'''

===URL Forwarding===
#In your [https://wcp.hostek.com/ '''WCP'''] click on the '''IIS Settings''' button
#Navigate to the '''Redirects''' tab
# If you need a specific folder to redirect somewhere, you can find it using the '''Browse''' button
##If you simply want the whole site to redirect, leave this box '''blank'''
#Click '''Save'''. (See below for details on the other options.)
*'''Permanent Redirect''': Specifies that the server should return the redirect status code 301 rather than the default 302. A 301 status code lets search engines know that the content has been permanently moved and that only the new URL should be indexed.
*'''Exact URL''': If this is unchecked, then the request URL without the server name is passed along with the query string to the destination URL. This is equivelent to appending the $V$Q variables at the end of the destination URL.
*'''Exclude Sub Directories''': This means that the folder you choose will not redirect.

===Advanced===
====Recycle Application Pool====
If you see a Service Unavailable message on your site, or have a general need to recycle a site's IIS Application Pool, you can do so through this section of WCP.
#Click the '''IIS Settings''' icon in WCP
#Click the '''Advanced''' tab in the '''IIS Settings''' section
#Click the '''Recycle''' button.

==PHP Settings==
If you notice you need a different version of php or want to check what version you are using you can update it to that version if it is installed to the server or can enable custom php.ini settings to use specifically for your domain.
#Click the configuration for the domain or subdomain you want updated.
#Select the version you wish to use.
#Check the checkbox if you want to enable a custom php.ini file
#Click save to save the settings.

==ColdFusion==
===ColdFusion Error Logs===
====Server Error Logs====
This section will show any recent errors for your site that were found within ColdFusion's server-wide exception log. Use the dropdown to choose how many hours back you'd like errors retrieved.
====Application Error Logs====
This section will show errors created via the cflog tag on your site. For security purposes, your cflog logs will only appear hear if you have given the file name in the cflog tag the name of your domain, ''without the www.'' For example, if your domain is ''your_domain.com'' you would set the file attribute for the cflog tag like: ''file="your_domain.com"''.
 
''Note'': Please set the ''type'' of the ''cflog'' tag to either '''error''' or '''fatal''' on our production servers. Use of the ''information'' type is strongly discouraged.
 
'''Reference''': [https://wikidocs.adobe.com/wiki/display/coldfusionen/cflog CFLog Documentation]

===Clear Template Cache===
Within this section you can click the '''Clear Template Cache''' button to clear cached ColdFusion pages for your site.

===ColdFusion Version===
Within this section of WCP, you can choose which version of ColdFusion you'd like your site to use.

''Note'': You can also specify different ColdFusion versions for different subdomains on your site.
[[Category:ColdFusion]]
[[Category:Windows]]

==DNS Editor==
'''READ FIRST''' When a new domain is added to WCP all DNS records are also created (in most cases). Clicking on the DNS Editor will open a window with these records, for editing, adding and deleting. Most times nothing needs to be done other than pointing your domain to the Primary and Secondary DNS Servers listed under [https://wiki.hostek.com/WCP_(Windows_based_Control_Panel)#Site_Details WCP Site Details].

===Create a new DNS record===
#Click '''Add DNS''' Record button
#Enter Name for record (If DNS record name is your domain name please leave this Name - text box blank as the control panel will automatically add your domain name)
#Choose the Record type (A, CNAME, MX, NS, TXT, SPF, SRV)
#Enter Data Type
#Generally leave the TTL (Time To Live) as the default 86400
#Click on the '''Save''' Icon.

===Update DNS records===
#To update an existing DNS record click the '''Pencil''' icon next to the record you would like to update.
#You will then be able to change the Name of the record, the Type of record, Data of the record, and Time to Live.
#Once updated Click on the '''Save''' Icon.

===SVR Record Fields===
*A SVR Record is a "'''S'''er'''v'''ice '''R'''ecord". It's a specification of data in the Domain Name System defining the location (i.e. the hostname and port number) of servers for specified services.

<pre>
Name: _service._protocol
Type: SRV
Data: Address/Hostname
Priority: Priority Number
Weight: Weight Number
Port: Port Number
TTL: 86400
</pre>

Example:
<pre>
Name: _sip._udp
Type: SRV
Data: sip.mydomain.com
Priority: 10
Weight: 5
Port: 4030
TTL: 86400
</pre>

*If you are a '''VPS Client''' with a Windows Server and a SmarterMail Active Sync license wanting to use Autodiscover for Outlook, please refer to this SmarterMail Article [https://portal.smartertools.com/kb/a2752/set-up-autodiscover-for-smartermail.aspx here].

===MX Records===
Here are steps to setup the correct MX Records for our MailSystem:
*Note: These are setup by Default, and shouldn't need to be added unless changes were made.
#Go into the '''DNS Editor''' in WCP.
#Click '''Add Record'''.
#In the '''Record Name''' form put " '''mail''' ".
#Beside '''Type''' select '''A'''.
#Beside '''Data''' put the IP Address of your MailServer.
##You can find your MailServer by clicking the '''Site Details''' button in WCP.
##The IP Address can be found by PINGing the server, or by performing a WHOIS search.
#Once this is done click '''Save'''. Now you have an '''A Record''' labeled "mail.'''yourdomain'''.com".
#You'll want to click '''Add Record''' again.
#Leave the Record Name blank this time.
#Beside '''Type''' select '''MX'''.
#Beside '''Data''' put "mail.'''yourdomain'''.com".
#Once you click '''Save''', you will then have an '''MX Record''', which points to "mail.'''yourdomain'''.com".
*Congratulations! Now all you need to do is wait for DNS Propagation, which is the 2-to-12hr time period it takes for the internet to update with these new changes.

===SPF Records===
An SPF Record (simply an entry into the DNS records) is used by mail servers to know if mail coming from an address at your domain is really allowed to be sent from the sending mail server.

To have WCP create an SPF record for you, you can click '''SPF Record''' under the '''Email Section''' and then click the '''Create''' button, or you can use the steps below to create one manually.

If you will be using our servers send email related to your domain, you would generally use an SPF record like the following:<pre>"v=spf1 a mx include:spf.hostek.com -all"</pre>

For our Resellers that don't want to use hostek.com, use an SPF Record like:<pre>"v=spf1 a mx include:spf.ezhostingserver.com -all"</pre>
'''Steps to add an SPF Record to your domain:'''
Assuming that your DNS is managed with us:
#Log in to your hosting control panel at wcp.hostek.com
#Open the DNS Editor (DNS Manager) section
#Click on Add Record.
#Leave the Name field blank.
#For the Type, choose TXT
#For the Data enter the SPF Record detail as you need, using the sample provided above.

'''Basic information related to some SPF Record options:'''

The '''"-all"''' may be adjusted on a per customer basis to any of the following depending on their needs:

'''-all''' = mail not sent from an address listed in the SPF record should be completely rejected (Hard Fail). Mail that IS sent from an address in the SPF record may be given a lower spam score by some servers.

'''~all''' = mail not sent from an address listed in the SPF record should be given a higher spam score(Soft Fail). Mail that IS sent from an address in the SPF record may be given a lower spam score by some servers.

'''?all''' = mail not sent from an address listed in the SPF record should be treated normally as if the domain did not have an spf record (Neutral). Mail that IS sent from an address in the SPF record may be given a lower spam score by some servers.

[[Category:Windows]]
[[Category:ColdFusion]]
[[Category:Railo]]

==Sub Domains==
*A sub-domain is like an extension of your domain name. For example, if your domain name were myfamily.com, a sub-domain would be in the following form: dad.myfamily.com or mom.myfamily.com etc.
*You can have a sub-domain pointed to any folder within your web site. If a visitor goes directly to that sub-domain he will be taken to that folder, not to your site's main page.
#Click on the '''Sub Domains icon'''
#Click "'''Add'''" sub Domain button
#Enter sub domain name in Name text box. This will automatically populate the Folder text box to a folder with the same name as the subdomain.
#If you wish this Subdomain to point to a different folder you can click on the folder icon and choose the directory you would like your Sub Domain to point to.
#Click on the "'''Save'''" Icon.
#This will create the sub domain record within your domains DNS zone,
*If the domains name servers are not pointed to us you will need to manually create this record where your domains DNS is hosted.
[[Category:Control-Panels]]
[[Category:Windows]]
[[Category:ColdFusion]]
[[Category:Railo]]

==Domain Alias==
*This will allow you to point 2 domains to the same website. How to create a Domain
#To create a domain alias you will click on the ''Domain Aliases icon''
#Click '''Add Domain Alias''' button
#Enter your Alias Name
#Click on the "'''Save'''" Icon.
*You will need to be sure that your Domain Alias has been registered and has the name servers pointed to the name servers found beneath the Site Details icon.

==Applications==
# Some helpful video tutorials showing how to install a select few applications easily within the WCP Control Panel are below:

*Joomla - [http://hostek.com/tutorials/joomla_Installation_tutorial.html Installing Joomla Application]

*Wordpress - [http://hostek.com/tutorials/wordpress_Installation_tutorial.html Installing Wordpress Application]

*Mura - [http://hostek.com/tutorials/mura_Installation_tutorial.html Installing Mura Application]

*Magento - [http://hostek.com/tutorials/magento_Installation_tutorial.html Installing Magento Application]

*Oscommerce - [http://hostek.com/tutorials/oscommerce_Installation_tutorial.html Installing OsCommerce Application]

==Email==
*Below is information on how to manage your email account within the WCP.
*'''FOR VPS''' You will also have "Admin" access to SmarterMail. Access webmail (click the webmail link in WCP) and login with user "admin" and the primary VPS password.

===Email Users===
*Allows you to create Email users as well as log directly into users Webmail account
#Once you are logged into your WCP account, under the Email Section
#Click '''Users''' icon
#Click '''Add Email User''' button
#Enter email user name (Example: if you need the email address "admin@domain.com" enter the user "admin")
#Enter password for Email user (**See note below regarding password requirements)
#Enter Display name (Usually set to the name of the person using the specific email account)
#Choose if you would like this user to have administrator rights
#Choose mail box size limit for this specific user
#Click on the '''Save'''
#'''NOTE Password requirements'''
#*Minimum Length 6 Characters
#*Must include Uppercase
#*Must include Lowercase
#*Must include Number
#*Must include Special character
#*Password cannot match username

===Edit an Existing Email User===
#Once you are logged into your WCP account, under the Email Section
#Click '''Users''' icon
#Click '''pencil icon''' next to user to update
#Update information
#Click '''Save'''

===Webmail===
*Web Mail Provides links to access the Webmail program as well as to access mail before domain propagation to our mail server
#Once you are logged into your WCP account, under the Email Section
#Click '''Login button''' next to user you would like access the mail for
#Click '''Web Mail icon'''
#If domain is propagated and pointed to our mail server you can click the '''webmail''' link to access the SmarterMail webmail log in screen.
#If you domain has not yet propagated to our mail server click the "Pr-Propagation Web Mail" link to access the SmarterMail webmail log in screen.

===Mail Forwarding===
*Allows you to set up an email alias.
#Once you are logged into your WCP account, under the Email Section
#Click on the '''Forwarding button'''
#Enter Alias name
#Enter address for email to this Alias to be forwarded to
#Click on the '''Save Icon'''

===SPF Records===
*Allows you to set up a SPF record.
#Once you are logged into your WCP account, under the Email Section
#Click on the '''Advanced''' button and then the '''SPF Record''' button
#Click the '''Create''' button

===Domain Keys (DKIM)===
*Allows you to set up Domain Keys(DKIM).
#Once you are logged into your WCP account, under the Email Section
#Click on the '''Advanced''' button and then the '''Domain Keys''' button
#Click '''Enable'''

===Mail Logs===
#Once you are logged into your WCP account, under the Email Section
#Click on the '''Advanced''' button and then the '''Mail Logs''' button
#Select an email account
#Select a date and log type
#Click on Search

==MySQL database==
*MySQL Allow you to create a MySQL database under your domain
#Click on '''MySQL icon'''
#To add new database click '''Add MySQL Database'''
#Enter Database Name
#Enter Username
#Enter Password
#(If you need a coldfusion DSN place check in check box and provide Coldfusion DSN name)
#Click '''Save'''

*To create new user for existing database
#Click '''MySQL icon'''
#Click '''Add new user button'''
#Enter Username
#Enter Password
#Place check mark in check box for each database you would like this user to have access to.
#To update the password on existing database user.
#Click '''MySQL icon'''
#Click '''pencil icon next to Username'''
#enter new password
#Click on the '''Save Icon'''.

*To update the password on existing database user.
#Click '''MySQL icon'''
#Click pencil '''icon next to Username'''
#Enter new password
#Click on the '''Save''' Icon.

==PhpMyAdmin==
*Allows you to log directly into your MySQL database to manage.
#Click on '''PhpMyAdmin link'''
#If you are not logged directly into your MySQL database simply enter the server your database is located on (Can be found by clicking the MySQL icon) and enter your Username and Password.
#Once logged in your Databases will be displayed on the Left, click on '''database name''' to manage that database.
*Here is a Video that will show how to create a MySQL database and how to Backup / Restore the database through PhpMyAdmin: [http://hostek.com/tutorials/managing_mysql.html PhpMyAdmin Backup and Restore Video]

==MSSQL==
===To create MSSQL databases and users===
#Click '''MSSQL icon'''
#To add a new database click '''Add MSSQL''' database
#Enter Database Name
#Choose database size
#Enter or Choose existing Username
#Enter Password
#Choose '''Default Collation''' (Usually left as default)
#Choose '''Recovery Model''' (Usually left as Simple as we make daily full backups of all #databases which we keep for 7 days)
#Place a Check mark in the box for Coldfusion DataSource if ColdFusion DSN is needed.
#Enter ColdFusion DSN name.
#Click on the '''Save''' Icon.

===To edit an existing MSSQL database===
#Click '''MSSQL icon'''
#Click '''Pencil icon''' next to database name to edit
#Edit field necessary
#Click on the '''Save''' Icon.

===Changing the MSSQL Transaction Log (Recovery Model) Settings===
#Click '''MSSQL icon'''
#Click '''Pencil icon''' next to database name to edit
#Click the dropdown menu next to '''Recovery Model''' and select either '''Full''' or '''Simple'''
#Click on the '''Save''' Icon.

===To edit password for existing MSSQL user===
#Click '''MSSQL icon'''
#Click '''Pencil next''' to user to edit
#Update password
#Click on the '''Save''' Icon.

===To add new MSSQL user===
#Click '''MSSQL icon'''
#Click '''Add MSSQL''' User button
#Enter username
#Enter password
#Place checkmark next to each database this users needs access to
#Click on the '''Save''' Icon.

===To make an MS SQL user the DB Owner===
#Click '''MSSQL icon'''
#Click '''Pencil icon''' next to database name to edit
#Select the owner you wish to be the DB Owner
#Click on the '''Save''' Icon.

==MSSQL Tools (Shared Hosting)==
*Allows you to log directly into MyLittleAdmin to manage your MSSQL database or MyLittleBackup to backup or restore your MSSQL database.
#Click '''MSSQL Tools''' icon
#Select database to Manage/Backup/Restore
#Select User with access to database needed
#Choose myLittleAdmin button to manage your MSSQL database
#Choose myLittleBackup button to backup/restore your database

===To Backup and Download Your MSSQL Database===

#Click '''MSSQL Tools''' icon
#Select database to Backup.
#Select User with access to database.
#Choose the myLittleBackup button.
#Click 'Backup Databases' at the top left of the new page.
#Select your database from the drop-down.
#Click 'OK' on Step 2 if the information looks correct.
#Name your backup and give it a description.
#Click 'Backup'.
#Click the link provided to download your SQL backup file.

===To Restore an MSSQL Backup===

#Click '''MSSQL Tools''' icon
#Select database to Backup.
#Select User with access to database.
#Choose the myLittleBackup button.
#Click 'Restore databases'
#Choose the database you want to restore into.
#Click 'Choose File' and select the SQL backup file on your computer. (Example SQL backup format: Backupname.bak)
#Click Upload.
#Click the backup file you just uploaded and press OK.
#Click Restore.

==DataSources(DSN's)==
===Create a MySQL or MS SQL Server DSN===
*Allows to create a DSN for an existing database for your domain.
#To create a MySQL or MSSQL DataSource
#Click '''DataSources''' (DSN's) icon
#Choose MySQL or MSSQL from drop down depending on the database this is connecting to
#Click '''Add DSN'''
#Choose DSN type Access/MySQL/MSSQL
#Enter DSN name
#Enter Database name DSN will be connecting to
#Enter Server (Can by found by viewing database DSN is for)
#Enter Username for database DSN is connecting to
#Enter Password for database DSN is connecting to
#Choose if it is a ColdFusion DSN
#Choose if you need Unicode Support
#Click on the '''Save''' Icon.
===Create an Access DSN===
*To create an Access DataSource
#Click '''DataSources''' (DSN's) icon
#Choose '''Access''' from drop down menu
#Enter DSN Name
#Click on Folder icon to choose correct directory Access Database is located in
#Enter Username (If one is set for your Access Database, if not this can be left blank)
#Enter Password (If one is protecting your Database, if not this can be left blank)
#Choose if it needs to be a ColdFusion DSN
#Click on the '''Save''' Icon.
===Editing DSNs===
*To edit existing DSN
#Click '''DataSources''' (DSN's) icon
#Click pencil next to DSN to edit
#Update information
#Click on the '''Save''' Icon.

==Lucee Web Administrator==
The Lucee Web Administrator gives you access to Lucee-specific settings for your account such as Lucee Datasources and other configuration options.
===Create a Lucee (formerly Railo) Datasource (DSN)===
#From within your control panel, click on the "Luce Web Administrator" icon
#Inside the Lucee Web Administrator click the "Datasources" link from the lefthand navigation menu.
#Select the database type, enter a name, and click ''Create''.
#Configure your datasource with all the correct server, username and password.
#*'''IMPORTANT''': If using MySQL also make sure the option for '''Alias Handling''' is enabled.
#Click the ''Create'' button, and your DSN will be available for use on your site.

==Security and SSL==
Installing a new certificate, or re-keying an existing certificate.

===Dedicated SSL===
'''VPS Hosting''' Request a static IP for sites added to your server which require SSL, we will provision the IP on the server and assign it in WCP for use with installing a Dedicated SSL.

'''Shared Hosting''' If ordering a new certificate from Hostek.com you will be assigned a static IP, if importing from another provider you will need to request a static IP be assigned before the certificate can be activated.

#Login to WCP, (select the domain, in some cases), Security and SSL, '''Dedicated SSL (click)'''
#Click '''Generate CSR (Certificate Signing Request)'''
#Fill in the requested information.
#Click Create
#Copy the '''Certificate Signing Request (CSR)''', which should be used when placing a new SSL order or re-keying an existing certificate.

===Shared SSL(shared hosting)===
#Login to WCP, (select the domain, in some cases), Security and SSL, '''Shared SSL (click)'''
#Click '''Enable'''
#The URL for your sites shared SSL will be provided.

===Manage IPs===
This tool allows you to specify if an IP is blocked or allowed, and whether your site is by default denying access.

To block an IP:
#Grab the IP you need blocked from a log or from an email
#In the Deny IPs tool click Add
#Paste or type in the IP
#Choose Block in the drop down menu (By default it's set to Block)
#Click Save

To block all IPs (Useful if your site is not live yet):
#Click the Settings tab at the top
#Open up the drop down menu next to Default Access
#Choose Block (By default this is Allow)

==Stats==
*SmarterStats provides very detailed traffic information about your site's day-to-day activities for up to 14-months.

===Enabling SmarterStats===
#Login to WCP here https://wcp.hostek.com/
#Click on the '''Stats''' button
#Click '''Enable SmarterStats'''
*This will start processing log information from now on, and will report it's findings for your review.

===Resetting a SmarterStats Account Password===
#Login to WCP here https://wcp.hostek.com/
#Click on the '''Stats''' button
#Select the '''Pencil''' icon on the left-side of the chosen user
#Type a new password in the password box and click '''Save'''
#Select '''Login''' (on the right-side of the chosen user)
#Type in the new password that was just setup and click '''Login'''

==Usage==
To view your account's quotas and how much resources you have available:
#Log in to WCP
#Click the '''Usage''' icon

Here you can see the limits and amount used for the following resources: '''Site Disk Space, Site Bandwidth, Mail Disk Space, MySQL Disk Space,''' and '''MS SQL Disk Space''' (if applicable)

==Cron Jobs==
To add Cron Jobs to your site:
#Log in to WCP
#Click on the Cron Jobs button under the ColdFusion section
#Click Add
#Enter a name
#Enter the URL to be executed
#Select a quick time interval or click advanced and set up your interval
#Click save

==VPS/Server Manager (VPS Accounts)==

Overview of the '''VPS/Server Manager''' section in the control panel.

===Service Manager===

This page allows you to start, restart, or stop some common services.

===Service Groups===

The service groups section allows you to specify which services a domain should use when being created or when databases are added to the domain. If you only have a single VPS server, the default service group will usually be used for everything. However, if you have multiple servers, you can use this section to allow new domains to use services on both servers (I.E. Use one server for the website and another for the database). It is also possible to create service groups that offers fewer services in-case you want to create domains with no dns, no mail, or no website.

Options overview:
* '''Name''': A name you will use to reference this group of services when creating or modifying a domain
* '''Site Service''': The server on which the website for this domain will be created.
* '''Mail Service''': The server on which the mail account for this domain will be created.
* '''DNS Service''': The server on which the DNS zone for this domain will be created.
* '''MSSQL Service''': The server on which new MSSQL databases will be created.
* '''MySQL Service''': The server on which new MySQL databases will be created.

===Server Details===

This page gives a brief overview of resource resource usage on the server and the server's 'Computer Name' as configured in Windows.

===Firewall Management===
This page allows you to manage the Windows Firewall rules for some common ports.
[[File:Firewall mgmt.png]]

===Restricting Access to a Port===
If you wish to restrict access to a port on your VPS do the following
*Open the Firewall Management section within your control panel's VPS Manager
*Click the pencil icon (edit) next to the service you wish to secure ''(eg. SQL Server, MySQL, Remote Desktop)''
*In the window that appears, choose one of the following from the ''Port Status'' dropdown menu:
**'''Closed''': Prevent any public access to the port
**'''Restricted''': Only allow select IPs access to the port
*Click ''Save'' once you've made your changes. 
''Example: Restricting Access to SQL Server Port'' 
[[File:Firewall sql.png]]

===List Domains===

This list gives various details about existing domains on the appropriate VPS. This allows you to Rename, Remove, and/or Modify domains.

====Rename Domain====
#Login to '''WCP''': https://wcp.hostek.com/
#Go to the '''Server Manager''' area
#Click on the '''List Domains''' button
#Click on the '''Pencil''' icon next to the domain you wish to Rename.
#Click the '''Rename Domain''' button
#Type the name you would like change to in the '''New Name''' box.
#Click '''Save'''
#Wait for a success result

*If you encounter any errors in this process please let support know by submitting a ticket here: https://support.hostek.com/

====Add Domain====

This section allows you to add new VPS domains (Web sites). 
[[File:Wcp-vps-add-domain.png]]

After clicking the ''Add Domain'' button enter your site's domain name, FTP username & password, then select the service group and IP address if applicable. Once you click '''Save''' your new domain will be added to the server.

====Remove Domain====

*Steps to Cancel/Remove a domain from WCP:
#Login to https://wcp.hostek.com
#Once logged in, click on the '''Account VPS Manager''' icon.
#Click '''List Domains''' then click on the '''trash-can icon''' next to the domain you want to remove. (Please see Step 6 for Permanently Deleting your Domain(s))
#If it throws an error please check and remove the following first
#*Subdomains
#*Domain Aliases
#*Databases & DSN
#Normal Deletions will only disable the domain. This is for your convenience in case this was done on accident, or you change your mind in the future.
#To Permanently delete Domains, please see the following steps:
##Login to your WCP (https://wcp.hostek.com/) and navigate to your '''Account VPS Manager'''.
##Click the '''List Domains''' button.
##Click the '''Pencil Icon''' next to the domain.
##Select Force Removal.

====Adding Static IPs====
#Click List Domains
#Click the Pencil icon next to the domain you want
#Under the IP click the drop down box (Note: you will need a static IP first. To order one, email support@hostek.com to request one added to your VPS)
#Click Save

[[Category:Control-Panels]]
[[Category:Windows]]
[[Category:ColdFusion]]
[[Category:Railo]]
[[Category:ColdFusion-VPS]]
[[Category:Railo-VPS]]
[[Category:Windows-VPS]]

===ColdFusion===

====Allowed IPs====
The Allowed IPs section of ColdFusion allows you to add your IP for remote ColdFusion Administrator access.

*Steps to Allow an IP address
#Select Allowed IPs, followed by the Pencil Icon next to your server name.
#From here, you can select Add to allow additional IPs or the Pencil Icon next to an existing IP to edit.

====ColdFusion Admin====

#Select the ColdFusion Admin button to receive login buttons for both ColdFusion Admin and Server Monitor. Make sure your IP is allowed access by using the Allowed IPs button.