Other FAQ (65 Articles)

Brute Force Attack – What it is and How to Block It

Brute-force is a method of guessing your password by trying combinations of letters, numbers and symbols. Some brute-force attacks utilise dictionaries of commonly used passwords, words, etc. in order to speed up the process of guessing users passwords. The first thing you need to do in order to protect yourself from such attacks is to choose an appropriate username and password. Try not to use common names for your username as admin, administrator, superuser. Regarding your password, try using as complicated one as possible and include numbers, special characters, upper-case and lower-case letters. There are free generators that create long and strong passwords for you to use. If you have experience issues remembering long passwords, you can use password vaults like 1Password  for example. If you detect that someone has launched a brute-force attack against your site (such attacks generate huge amount of fail login attempts in your log), you can block the attackers IP address from accessing your site completely. To do that, simply add the following line to your .htaccess file: [crayon-58d620d0613c5434251248/] Replace 123.123.123.123 with the actual IP address of the hacker. In addition, you should restrict the admin areas of your site only for your address. In case you use WordPress, that should be your 'wp-admin' folder. If you use Joomla - you'll need to protect the 'administrator' directory. Actually, that's a good practice and it's good to do it even if there is no attack against your site. The actual .htaccess rules you need to place in those folders are: [crayon-58d620d0613d2776348387/] Replace 222.222.222.222 with your IP address. To find out what is your IP, you can use one of the many sites providing that information like whatismyip.com  for example. Last but not least, please contact our Support team through your Help Desk in order to receive additional assistance on that…

What is pdftoppm and is it supported by SiteGround?

Pdftoppm is a library that handles the conversion from Portable Document Format (PDF) files to color image Portable Pixmap format (PPM) files, gray scale image Portable Graymap files (PGM) files and monochrome image Portable Bitmap format (PBM) files. Pdftoppm is not included by default in the SiteGround shared servers setup, but it can be installed on one of our dedicated servers: http://www.siteground.com/dedicated_solutions.htm Once the dedicated server is provided the library can be installed with the following command executed in the command prompt of the server: yum install xpdf …

How to clear your Internet browser’s cookies?

Sometimes you may need to clear the cookies saved by your browser. Basically the cookies represent small text files, saved on your PC with information  gathered from the websites you have visited. Usually the cookies are completely harmless, but sometimes your PC may be infected through a saved cookie. Also, if you make changes to your website you may not be able to see them until you clear your browser's cache and cookies. Here are some basic instructions on how to clear the cookies of your browser: Internet Explorer: Tools -> Internet Options -> General -> Delete Cookies (under the Temporary Internet Files section) Firefox: Tools -> Clear Recent History -> Select time frame from the dropdown menu(if you wish all cookies removed - select Everything ) -> Mark Cookies only -> Clear Now Opera: Tools -> Delete Private Data -> Details -> Mark Cookies only -> Delete Konqueror: Settings -> Configure Konqueror -> Cookies -> Management -> Delete all Google Chrome: Preferences -> Under the Hood -> Clear Browsing Data -> Select the time frame and check only " Delete cookies and other site and plug-in data " -> Clear Browsing Data Safari: Safari -> Preferences -> Security -> Security tab -> Show Cookies -> Remove All It is a good idea to clear your browser's cookies on a regular…

How to check the number of internal/external links on my website?

Keeping the number of internal links on your front page as low as possible is essential for the performance of your web site. On the other hand, the number of external links is important for your SEO ranking. You can check both the external and internal links in your pages through a website like the following one: http://www.linkvendor.com/seo-tools/outbound-links.html If you are using Linux you can execute the following command in the terminal to find the number of internal and external links: lynx –dump yourwebsite.com where: yourwebsite.com is your domain name. Bear in mind that lynx may not be included by default in your Linux distribution and it may need to be installed…

Hacked Website

The most common reasons for a hacked (defaced) website include: - Outdated web application. Every popular web application (Joomla, WordPress, PhpBB...)  has had security problems and that's why you have to use always the latest version. - Outdated web application extension. If you have installed any third party extensions, you have to keep them up-to-date just as you keep your main web application. Very often users neglect this fact and outdated extensions become easily exploited by intruders. - Weak user / administrator passwords. You must ensure that all users have strong passwords, especially the admin and the ones who can create content to your site. - Infected local computer - some computer viruses/worms are known to steal FTP logins and after that add malicious code to web files. For this reason make sure to have an updated antivirus software and scan your computer for viruses regularly. - Insecure Environment. Generally this is the least probable scenario. However, there are still web hosts which cannot properly isolate users from one another on a shared server. Other hosts cannot find the correct balance between security and usability in order to protect web sites without making them unusable. We at Siteground are proud to offer the most secure web environment along with having the best security specialists. Thus, if your website has been hacked or you have other security problems, don't hesitate to take advantage of our web hosting …

How to clean my files from malicious code?

If your website has been hacked and malicious content has been inserted into your files, you should clean them as soon as possible to prevent further damage to your hosting account. Let's say that the following code has been inserted to some of your files: <?php eval(base64_decode('malicious_code')); ?> You have to search in all of your files for this string. You can search in your files using a local website building application such as Dreamweaver. First you should download all files to your local PC using an FTP client. Once you do this, you should use the search option in Dreamweaver and search for the malicious code. Delete it from the files and the issue will be resolved. When the malicious code has been removed, you should upgrade all applications on your hosting account to their latest stable versions. To ensure you are the only one who has access to your account, you should also: 1. Update your Antivirus software to the latest version. For Windows we recommend Norton Internet Security . 2. Run a complete antivirus scan on your local computer including all hard drives. 3. Ensure your Operating system (Windows, Linux or MacOS) is up-to-date and all security patches are applied. 4. Ensure your Internet connection is secure. If you are using wireless connection the only secure encryptions is wpa2. For more information contact your router vendor or ISP. 5. Change your cPanel password. 6. Change the passwords for your web applications backends. 7. Check our  basic security guidelines and implement as many of the suggested solutions as…

URL Masking with .htaccess

In case you would like to access a certain URL for your domain name but do not display it in the web browser address bar - here is how you can accomplish it using an .htaccess file. A sample rewrite rule will look like this: RewriteEngine On RewriteRule ^something/?$ /something/else/ This way each time someone accesses: http://yourdomain.com/something the actual content that will be displayed will be for: http://yourdomain.com/something/else while the URL will remain…

How to prevent directory listing?

By default, if you don't have an index file in a web accessible folder, when accessed through a browser, its contents will be listed. In order to secure additionally SiteGround shared servers, they were patched to disallow directory listing out of the box. To prevent the listing of the folder's contents on your server, you should add the following line to the .htaccess file in the folder (if there is no .htaccess file, you can easily create a new one…

How can I reinstall my script

If you wish to reinstall your script, first you have to remove your current installation in order to avoid any errors caused by the existing files in the installation directory. If you need any of the old data, it is highly recommended to back it up before deleting it. The uninstall process consists of the following steps: Drop the MySQL Database Delete the directory /home/your_cpanel_user/public_html/ $DIRECTORY /     (where $DIRECTORY is the name of the script directory) If your script is installed in public_html, do not delete the whole directory. Simply delete all files related to the script. Once the script is uninstalled, you may install it again in the same…

What is data scraping and how can I stop it?

Data scraping (also called web scraping) is the process of extracting information from websites. Data scraping focuses on transforming unstructured website content (usually HTML) into structured data which can be stored in a database or spreadsheet. The way data is scraped from a website is similar to that used by search bots - human web browsing is simulated by using programs (bots) which extract (scrape) the data from a website. Unfortunately, there is no efficient way to fully protect your website from data scraping. This is so because data scraping programs (also called data scrapers or web scrapers) obtain the same information as your regular web visitors. Even if you block the IP address of a data scraper, this will not prevent it from accessing your website. Most data scraping bots use large IP address pools and automatically switch the IP address in case one IP gets blocked. And if you block too many IPs, you will most probably block many of your legitimate visitors. One of the best ways to protect globally accessible data on a website is through copyright protection. This way you can legally protect the intellectual ownership of your website content. Another way to protect your site content is to password protect it. This way your website data will be available only to people who can authenticate with the correct username and…

How to redirect non-www URLs to www?

In order to redirect all of the requests for yourdomain.com to www.yourdomain.com , you should set the appropriate rewrite rule. This can be done by adding the following lines at the beginning of the .htaccess file in your public_html folder:   RewriteEngine On RewriteCond %{HTTP_HOST} ^yourdomain.com [NC] RewriteRule ^(.*)$ http://www.yourdomain.com/$1 [L,R=301] From now on, when someone accesses http://yourdomain.com s/he will be redirected to http://www.yourdomain.com .   Using this method is safe because it should not create any redirection loops or interfere with other rewrite…

How to redirect www URLs to non-www?

In order to redirect all requests for www.yourdomain.com to yourdomain.com , you should set the appropriate rewrite rule. This can be done by adding the following lines at the beginning of the .htaccess file in your public_html folder:   RewriteEngine On RewriteCond %{HTTP_HOST} ^www.yourdomain.com [NC] RewriteRule ^(.*)$ http://yourdomain.com/$1 [L,R=301]   From now on, when someone accesses http://www.yourdomain.com s/he will be redirected to http://yourdomain.com . Using this method is safe because it should not create any redirection loops nor it should interfere with other rewrite…

How to run simple shell scripts directly from a browser?

To be able to run shell scripts directly from the browser, you should add this rule to your .htaccess file: Options ExecCGI AddHandler cgi-script .sh This tells the webserver to treat .sh files as CGI scripts. To test this, let's try printing today's date in your browser. To do this, create a file called date.sh with the following content: #!/bin/bash DATE="$(date)" echo "Content-type: text/html" echo "" echo "<html><head><title>Test</title></head><body>" echo "Today is $DATE <br>" Save the file and change its permissions to 755 . Now open www.yourdomain.com/date.sh and the output you get should be similar to this: Today is Wed Jan 21 09:01:38 CST 2009 …

How to use Server Side Includes (SSI) in your pages

By default, if you want to use Server Side Includes in your files, they have to be with .shtml or . shtm extension. Alternatively, you can add the following line to your .htaccess in order to specify different file types that should be checked for such includes: AddHandler server-parsed .extension You can then add code to your pages that will be processed by the web server. This code should be in the following format: <!--#'<tag><variable set> '--> Below, you can find a brief explanation on how Server Side inclusions are structured and how they work. <!--#" is the opening identifier, each Server Side inclusion should start with those symbols. <tag> specifies the command that you can to send to the server. This can be: echo, include, fsize, flastmod, exec, config , odbc, email, if, goto, label, break . <variable set> is a set of variables and their values. They should be added depending on the used tag. --> is the closing tag. All of your SSI code should end with it. Here is an example of how to include a PHP file into an existing page using SSI: <!--#include virtual="/another-file.php" --> You can find a detailed explanation on all the advantages that Server Side Includes has at the following address: http://http-server.carleton.ca/~dmcfet/html/ssi.html …

How to reduce the number of inodes my account uses?

The number of inodes equals the total number of files and folders on your web hosting account. In case your account has reached the limit on the number of inodes it contains, here are some tips on how to reduce their number: 1. Remove all files/folders you don’t need There may be some backup files/folders placed outside your public_html web root folder or situated inside it, which are generated by an extension installed inside your website application, i.e. Akeeba backup for Joomla. If you need some of these files you can download them locally on your computer through FTP and after that remove them from your hosting account. 2. Check the number of cache files you have Applications such as Joomla can generate a lot of cache files, which are increasing the amount of the inodes for your hosting account. You should regularly check your cache folder and reduce the number of cached files you keep. Most of the applications, which are caching content have the so-called Purge cache functionality inside their administrative area, which can be used for clearing such files. SiteGround team is available 24/7 via our Helpdesk to assist you with cleaning up the inodes on your account. Just post a ticket with a list of the files and folders you do not need and wish to be removed and we will assist you. If you have a large number of files/folders and reducing their number is not a suitable option for you, you may consider upgrading your account to a higher hosting plan with a higher inodes quota. In your User area -> Order section you may choose the upgrade option that best suits your…

How to compress my CSS with gZIP?

In order to compress your CSS files with gZIP there are two things that you should do. First, add the following line to the .htaccess file in your public_html folder: [crayon-58d620d06181b892144223/] By doing this, you allow the server to process .css files through PHP. Next, add the following lines at the very beginning of your .css file(s): [crayon-58d620d061826716481186/] By doing this, you will enable the gZIP compression for your CSS file. For bigger websites there will be a significant improvement in the loading speed of your pages. You can also use the Apache modules called mod_deflate and mod_expires in order to compress your CSS, js and image files. You can place the following rewrite rules inside the .htaccess file situated in the public_html folder: [crayon-58d620d06182e034305722/] You can check the effect using this optimization tool – http://analyze.websiteoptimization.com…

How to enable gZIP compression for your pages?

The gZIP compression of your files improves the performance of your website and highly decreases its loading time. Some applications have internal support to compress their pages. For example, in Joomla you can turn on the Gzip compression from Global Configuration > Server > Gzip Page Compression set to Yes. You can test whether the compression is working by using this useful tool - http://www.gidnetwork.com/tools/gzip-test.php If you are not using a web application that has internal methods for enabling the compression, you can enable it directly from your cPanel > Optimize Website. Alternatively, you can add the following lines to your .htaccess file: [crayon-58d620d061ac7497379512/] Basically, the user makes a request for your website, the server compresses your page (this significantly reduces its size) and transfers it to the customer's computer. On the visitor's end the file is being decompressed and visualized. The time needed for file compression is much less than the time to transfer a big file over the…

Vista Telnet

Telnet is a useful application for troubleshooting various connectivity problems. Unfortunately, Windows Vista does not have it installed by default. However, it is very easy to install telnet on Windows Vista by following these simple steps: 1. Launch Control Panel, select ' Classic View ' and double-click on ' Programs and Features '; 2. Click on ' Turn Windows features on or off '; 3. Locate the Telnet client from the list and check its box; After following the above steps you will be able to use telnet with Windows Vista.…

How to use the “hosts” file?

The hosts file is used to map hostnames to IP addresses. With the hosts file you can change the IP to which you resolve a certain domain name. This is particularly useful when you wish to see how a website will look when hosted on a different server without having to wait for a DNS change to propagate, or avoiding any DNS changes at all. The path to the hosts file, depending on the operating system you are using, is: Windows - SystemRoot > system32 > drivers > etc >  hosts (by default the system root is c:Windows , so if you are using Windows, your hosts file is most probably c:Windows/system32/drivers/etc/ hosts ) Linux - /etc/ hosts Mac OS X - /private/etc/ hosts Now let's say that you wish to resolve your domain domain.com to IP 1.2.3.4. In this case the entry you should add to your hosts file would be: [crayon-58d620d061cbd925251054/] In Windows 7 you might have difficulties editing the hosts file due to the required access level. In order to edit the file navigate to Windows -> Start .  Search for Notepad , right-click on the corresponding icon and select Run as Administrator . This should launch notepad with elevated privileges. Next, open the hosts file from the File menu, edit and save it. For the permission issue, try the following steps: Take ownership of the hosts file and change the permission for it. 1. Right click on the hosts file and click Properties . 2. Switch to the Security tab and click on the Advanced button. 3. Navigate to the Owner tab and click Edit… . 4. Highlight your user account or the Administrators group and click OK twice to quit the Advanced Security Settings dialog box. 5. On the Security tab under the Properties dialog box click Edit… . 6. Highlight the Administrators group, check the box for Full control under Allow and click OK . You may need to clear your cache before you can properly resolve the domain to the new…