Google is now actively Penalising websites not secured by SSL security certificates – is your site one of them?

Starting with the release of Chrome 62 in late October, Google will mark any website with an insecure form “Not Secure.”

If you haven’t added SSL to your website, you may want to—an important deadline is coming up. Starting in October with the release of Chrome 62, Google will be marking any website with an insecure form “Not Secure.” This isn’t just a warning for pages with an insecure login/password field, now it’s any field—anywhere a user can input information.

The warning for an insecure password field.

This is keeping with Google’s push for universal encryption. The company has continued to ramp up pressure for websites to add SSL. And Google doesn’t plan to stop at just warning Chrome users about insecure forms, either. Google plans to roll out a warning for all HTTP websites sometime in 2018.

So heed this warning, if your website is anything more than a blog or a personal website, you need to encrypt. Whether you’re just collecting an email address as part of a capture strategy or you’ve got a signup form somewhere, you’ll be sorry if you don’t secure it before Chrome 62 drops in October.

“Not Secure” warnings kill conversions

Nothing is going to kill your conversion rate faster than Google placing a “Not Secure” warning in your address bar or drop an interstitial warning when a customer attempts to type in one of your website’s fields.

And it’s not just Google, the other browsers are also adopting similar policies with regard to encryption and insecure websites.

Think about it, people tend to trust their browsers. When one of them tells a user that he or she is not safe on a website, the vast majority of people are going to leave. Nobody is sitting at their computer saying, “this seems like a worthwhile risk to take.”

So remember, if your website has any forms on it—install SSL. Waiting until Google flags your website is playing with fire. It’s time to add SSL.

Annual pricing for a secure SSL certificate starts at just $55 and Hostcake can take all the hassle out of purchasing, installing and testing your SSL certificate with our Installation Service for just $99.

Click HERE to buy or for further information.

 

Hostcake Server Migration: How to Check Your Domain Name Hosting and Update if needed to point to our new Website Hosting in Sydney

hostcake-logo-300

How to Check Your Domain Name Hosting and Update if needed to point to our new Website Hosting in Sydney

 

If your internet domain name (the name typed after the ‘www’ for your website) is NOT administered by Hostcake then when we move our Hosting environment from USA to Sydney on March 31st you will need to EITHER

update your Domain Hosting yourself so it points to the new Server                     OR

transfer your domain management to Hostcake so we can manage this for you leaving nothing at all for you to do!

To check if your domain name is ALREADY being administered by Hostcake all you need to do is a “Whois” Whois Lookup

Scroll DOWN the Whois page and enter your domain name (without the www bit). Enter the “Captcha” password and your Domain Details will be listed.

If the “Registrar Name” is listed as TPP Wholesale Pty Ltd then your domain name is ALREADY being administered by Hostcake which means you can sit back and relax!

If your “Registrar Name” is anything else however then you will need to decide how to update your Domain Hosting so it points to the new website location after March 31st.

 

Option A – Transfer Your Domain Management to Hostcake

The simplest and easiest option is to let us look after things for you and transfer your domain administration to Hostcake. To do that simply email support@hostcake.com.au and supply us with:

 

  1. Your domain name (s).
  2. Your “Domain Password”. You can obtain your Domain Password by logging into your current Domain Host Provider’s Control Panel. An alternative and easier way to obtain your Domain Password if your domain ends in .com.au is to request your Domain Password to be supplied to you via email. Just click HERE to recover your .com.au domain password to obtain your Domain Password. If that link does not work go to this website address: http://admin.auda.org.au/password_recovery/blank_recover_password.faces
  3. Your current domain host Control Panel logon details. (the username and password) – (these are helpful as some domains are “locked” and we can not transfer them without firstly unlocking them)
  4. Your best telephone contact number and email address

Once we receive your details we will lodge a “Transfer Request” which will send an email to the email address registered with your Domain Name. You need to approve the Transfer Request and then typically within one or two days your Domain Name will migrate to our Administration System.

 

 

Option B – update your DNS records by yourself

 

Your domain host will provide your account details and their contact details on the annual invoice they send you for your Domain Name Registration. Contact them and tell them that at 6 PM on March 31st you need your “A Records” updated to the following:

 

www                                                   to point to          221.121.154.159

yourdomainname.com.au      to point to         221.121.154.159

(where “yourdomainmame.com.au” will be your own internet domain name for your website)

Some domain hosts are happy to do this for you however many don’t offer such a service and expect you to do this on your own. You can of course take up Option A (above) and let us handle this for you instead.

 

Any questions?

Please email Hostcake at support@hostcake.com.au

What is the domain password/EPP code/auth code?

When transferring a domain name between registrars or changing the ownership of a domain name, you will need to provide a Domain Authorisation code. A domain authorisation code can also be referred to as an auth code, an EPP code, or a domain password. Depending on which registrar your domain is registered through and what type of domain you have, the steps to obtain your domains authorisation code may differ. The instructions below outline how to obtain your domains authorisation code through Hostcake and by using the auDA website:

My domain is registered with Hostcake and I can access the account

If your domain is currently registered with us, the auth code may be found within the Console. Follow the instructions below to obtain your auth code.

  1. Log into your Account via the Client Portal
  2. Manage the domain you want to make changes to
  3. Click Domain Name
  4. The auth code will be displayed beneath the heading EPP Password Information, clickShow to view your password
  5. If you have a .au domain, you will need to click on View, located next to Current domain password (Auth-Info) in order to see your auth code

Depending on the type of domain you have registered, the domain auth code may not be visible in your Admin Console. If you have access to the Console and have followed the steps above but cannot locate your domain auth code, please contact our support team for assistance. We can organise to have the domain auth code emailed to the admin email contact listed in your domains WHOIS contact details.

My domain is registered with Hostcake and I can’t access the account

.au domain name (com.au, net.au, org.au)

Use this link below to have your Client Portal password reset.

If you no longer have access to the current registrant email address, then it will need to be changed in order to receive the EPP code. The best way to do this is to complete a Password Recovery Form.

Password Recovery Form

There are several pieces of information that you must provide in order for us to complete the password recovery process.

***Please note that this form is only used if you wish to change the registrant email address. If you still have access to the registrant email address, please logon your Hostcake Client Portal to obtain the EEP code.

We will need the domain name in question, as well as the current registrant details. If you are unsure of the registrant details, you can perform a Whois search on your domain name here.

It is important to note that the registrant and the registrant contact are two separate entities, and just because you are the registrant contact, does not necessarily mean you are the registrant. The nature of the registrant will determine what further documentation is required.

SOLE TRADER

If the registrant entity is a Sole Trader (an ABN assigned to an individual), then all we require is the photo ID of that person, and the desired registrant email address.

COMPANY

If the registrant is a company or a similar entity, then additional information is required. In order to prove that you are authorised to act on behalf of this entity, we will need an offfical ASIC extract of the registrant entity. These can be obtained from the ASIC website.

This can be obtained by searching for your ABN/ACN on the ASIC wesbite. Once on the page, scroll down to the bottom of the page and click the link to obtain the Company Extract – Current company information.

An example extract can be viewed here.

Accompanying the ASIC extract, we will also need the Photo ID of one of the directors or proprietors listed on the extract, as these are the people authorised to act on behalf of this entity.

***While other documentation may be accepted, this is our preferred method of verification as it contains all of the relevant information, and is useful document to have for any future methods of verification, and is used in a number of other processes.

Generic TLD domains (com, net, org, biz)

  1. Visit http://who.is/
  2. Check the Admin Contact email address is one you have access to
  3. If the email is correct please contact us to get the password sent. If the email is not correct please contact Hostcake Support

My domain is not registered with Hostcake

.au domain name (com.au, net.au, org.au)

If you own a .au domain name, you may use the instructions below to get the auDA to email the domain auth code to the registrant email address listed in your domains WHOIS contact details, if the email is not correct you will need to contact your current registrAUDAar.

Visit the Auda Password recovery form.

  1. Enter the domain name and the captcha code
  2. Click [Recover]. The auDA auth code recovery service will display the Registrar of Record, the Registrant Name, and the Contact Email for the domain
  3. Click [Email] to have the auth code sent to the contact email address. If this email address is not correct, contact that Registrar of Record to request assistance

Generic TLD domains (com, net, org, biz)

To recover the auth code for a gTLD domain, contact the registrar of record for that domain for assistance. To find the registrar for a given gTLD:

  1. Visit http://who.is/
  2. Follow the onscreen instructions to perform a look up against your domain
  3. The results from the WHOIS look up will display the current registrar for your domain

How can I protect my website against hackers?

How can I protect my website against hackers?

you have been hacked

 

It is critical that your website is kept safe and secure from hackers. Although Hostcake employs a range of measures to keep our web servers secure, individual customer accounts can still be exposed and maliciously hacked. The following strategies should be used as precautions against hacker activity.

Keep your scripts and plugins up to date

This is an extremely important measure – make sure you keep abreast of the latest updates to any scripts you run, especially if they are popular and widely used (for example, Joomla and WordPress) well as any shopping carts, etc. Once a vulnerability is exploited, it spreads through the internet like wildfire. Most scripts cannot auto-update themselves, so you will have to do this manually. We also strongly suggest you consider subscribing to a website maintenance service that will take care of this task for you. Just like a car you can’t create your website and expect it to run trouble free without any form of servicing.

Hide your website admin area (very important!)

Hackers will scan and probe directories, using automated scripts, looking for tell-tale files like login.php, adminlogin.php and so on. It is certainly recommended that if you are using the well known “Word Press” website format that you DON’T name your admin user “admin”, try something more random. A WordPress plugin such as “WordFence” will help protect your site from repeated password guessing attempts.

Maintain strong passwords

Make sure you use strong passwords (at least 12 characters, with symbols and numbers where possible). This mitigates the possibility of a brute force and dictionary attack. Use different and unique passwords for your cPanel, MySQL databases, WordPress or Joomla and email accounts. If you need some secure passwords, try the random password generator in your Cpanel logon. It’s also good practice to change your passwords every month to maintain the security of your accounts.

Keep your own PC up-to-date and virus free

This tip is very important! Many customers have infected their own websites because their computer was compromised and used to attack the website. Make sure you set your Windows Update setting to ‘automatic’ (for Windows 10 users this is already in place) and always leave your firewall on (either the Windows firewall or the one provided by your antivirus software should do). Also, make sure you are running an up-to-date virus scanner. If your computer does get infected, hackers can potentially install a keylogger on your PC. Keyloggers record everything you type and send it back to the hacker, thereby compromising all your secure accounts.

Don’t log into your account at internet cafes or via unsecured wifi

You don’t know what is on the internet cafe PC, and therefore you shouldn’t trust it. Even if the internet cafe owner is legitimate, someone may have installed malicious software on the computer, capturing all your passwords and login details. Similarly, if you use a Wifi point, someone might be ‘listening in’ and intercepting your details.

Containment principle

Our servers are set up in a way that contains any damage or hacking activity to the affected user account. Therefore, if you make any mistakes and are hacked, only your user account will be affected. However, if you are affected, the best and quickest way to recover is to restore from backup.

Restoring from a backup

If your account is compromised, restoring from your last known good backup is preferred. Using this method you can be sure that none of your files have been tampered or modified. Although we keep our own backups of your websites, we urge all our customers to periodically make their own backup. Once your account is restored, you can then use the tips above to prevent it being compromised again.

Please contact us as Hostcake support if you would like further information.

support@hostcake.com.au

Safe Browsing!

USB drive

Formatting a USB drive for Mac and PC

A useful tip for those of you who have both MAC and Windows computers…

A client who has a MAC home computer had bought an external USB hard drive and it worked on the MAC computer but not on the Windows computers at his office. As it turns out the way the MAC formats the new drive makes it unreadable by Windows computers. Read more