It’s important to be proactive when managing your website security. The objective is to minimise the risk of hacking to ensure its available to your online customers. A common mistake is to to just ‘set and forget’ once your website is online and not worry about maintaining it. We urge you not to assume that your site won’t get attacked in the vastness of the Internet because at some point it will at least get probed by people with malicious intentions.

The painful task of having to restore your site after it has been compromised takes time, effort, money and importantly takes your focus away from working on your business success.

Dealing with a compromised website could mean potentially losing your website data completely if you haven’t taken the necessary steps. Our advice is to take the time to ensure that your website is secure as possible to reduce your risk.

At Modica we host a large number of websites from small and medium enterprise businesses using Wordpress, right up to extremely large and complex government websites. These tips are targeted more at smaller website owners but the logic applies to any website on the Internet.

1. Keep your site version current

If you’re using Wordpress to manage your website, you’ll know that periodically there are new versions released. At the time of writing this article Wordpress is up to version 3.3.2. Each version that is released can include important security patches the remove any known bugs and weaknesses that have been discovered from previous versions. If your site is on an old version then it’s in much more danger of being hacked. Upgrading your Wordpress site to the current version is as easy as one click once you’re logged in. My advice to you is login now, and check that you’re on the current version. The same logic applies if your site is built using Joomla, Drupal, Silverstripe or any other content management system.

2. Use Strong Passwords

The stronger your password, the less likely that a hacker can force their way into your admin area and take control of your website. We recommend that your passwords should be at least 12 characters long and contain a mixture of letters, numbers and special characters. For passwords our advice is the longer the better. Words taken from the dictionary are also the easiest for a hacker to beat so it’s best to mix them up.

Where possible try and use a pass-phrase instead of a password because they are stronger and also easier to remember than just a random selection of numbers and letters.

Unsure what a pass-phrase is? An example would be “The quick brown fox jumps over the lazy dog,” becomes “tqbfjotld”. Check out the Wikipedia article for more information.

To highlight the dangers of easy passwords, Mashable has posted a list of the 25 worst passwords of 2011.

Here are the top 5:

1. password
2. 123456
3. 12345678
4. qwerty
5. abc123

Lastly, here is some great advice from Google on passwords including what to avoid.

3. Backup, backup, backup.

At Modica we keep backups of all the sites we host. You can also purchase additional backup capacity which includes daily, weekly, monthly and then 6 monthly backup versions of your site to ensure you have a copy to roll back to in case of problems arising.

For our clients using our shared website hosting platform we encourage all of them to make their own personal backups of their site. It is best to take a backup periodically so that should the worst happen you won’t lose all of your important data and recent website history.

Summary

To recap our top three tips -

1. ensure you’re on the most recent version for your site CMS
2. use strong passwords and
3. protect yourself with periodic backups. Overall these strategies are about minimising the risk of your website on the Internet.

If you’re concerned about your site hosting or security feel free to call and talk to the team at Modica. We’d be happy to answer your questions about hosting your website.

Author: Jono Tucker
Modica Senior Account Manager

TSB Bank is a text banking client of the Modica Group so it was with a certain apprehension that I downloaded their new in-house iPhone App MyBank for review. We have seen a number of Banking iPhone applications roll out over the last few years and a good number of them have been clunky, ugly and lacking features!

Not so the new App from TSB. The look and feel is elegant and the features you need are there and easy to use.

The initial sign up process was very quick and simple. It did make me a little nervous though because the App uses some new branding and you aren't 100% sure it's their App, and they ask you for your internet logon details (which probably breaks your terms and conditions with the bank). I think a little more positive reinforcement that you are in the right place when handing over your details would keep confidence high.

I do appreciate that they have made the login simple and easy. Most banks cannot resist making it so secure you can't really use the application or come up with a password that works. There are two annoying quirks around login that it would be nice to see addressed - remembering my username and if you accidentally hit the home button on your iPhone it logs you out immediately of your current session.

The look and feel of the App is quite elegant and some of the theme and design features give you some nice personalisation options. Personally these are a nice to have but I wonder if the effort to include them will be put to good use by the TSB’s customers.

The comprehensive features for paying bills and people means you can use your iPhone to do everything you need, which is rare as the bank security team normally wants to cull this. Of special note is the ability to create new payees instantly and customise almost every part of your account details - I like that!

A full list of features (well as far as I can tell) are;

• Full Payee and payments management functionality
• Balance and history for all accounts
• Ability to open new accounts
• Transfers between your accounts
• Secure mail and chat with the bank
• Fully customisable themes + imagery
• Management of your alerts
• Forex rates
• All of your account information with the ability to edit
• Customisable home page features

One really interesting part of this launch is the inclusion of Bump Pay (http://bu.mp/labs). Bump Pay enables two smartphones using Bump apps to transfer card or account payments data by tapping against each other. The transactions require physical contact, rather than the near-field communication wireless technology that drives most tap-and-pay mobile phone payments and is the favored technology of large mobile payments initiatives such as the Google Wallet and the telecom-driven ISIS.

TSB....this is huge. You have it live, launched and ready to go. Come talk to us and all the other mobile solution providers and lets get it to market!

As a parting comment..... I have been a TSB customer for about 25 years and they are amazing. They are sometimes accused of being a little stuffy but this App, whilst being almost too comprehensive is seriously top quality.

Stuart Wilson

You know what it's like: you're on a team trip to Bay of Babes for some, err, training and the guys and gals gather in your room, spy the mini-bar fridge and drink it dry before moving on to the next room. It's a great joke and all are boasting about hangovers in the morning when you all go down to reception to pay.

"So, are you all going to contribute the $1,200 for the mini-bar bills," asks a weary manager, "Or did you think you are so nice that we'll toss it in free?"

Nah, pleading ignorance and claiming it's the first time away from mum and you didn't know they charged for this stuff. "You charge for it? You can't be serious? The bottles didn't have price tags."

Pleading ignorance, even if you are a little, um, ignorant, doesn't cut it anymore. Hotel managers were over the joke even before your mum tried it 40 years ago.

Fast forward a few decades and it's the same joke with a new twist. Phone companies may charge the equivalent of a hotel mini-bar for bits of roaming data, but it's not 1995 anymore. Pleading ignorance to international roaming rates is as dumb as drinking the mini-bar dry and not expecting to pay. "You charge more for roaming internationally? Really? I had no idea."

Media outlets report the faux outrage every time someone tries it on and cops a thousand dollar plus databill. Nope, leave both caps alone when your roaming foreign climes: the little whisky ones and the smart phone data ones. Or, at least read your network provider's data caps and roaming charges before you hit the hotel rooms. The joke has worn off phone companies too.

IPv6 enablement has become part of our standard hosted service offering, and we have been blogging about it and presenting to clients to help educate them and show how easy it can be.

Whether you are completely new to the subject or have your own allocation of addresses from APNIC, We are more than happy to talk you through our experiences or answer your questions so you can get your external facing websites ready!

If you are interested in finding out more about how to enable IPv6 for your organization, or are keen to take part in this year’s IPv6 day email us at IPv6@modicagroup.com

As a web hosting company, the issues surrounding lack of IPv4 addresses and the introduction of IPv6 are not new to us. What many other types of business are not aware of however, is how best to approach the subject in relation to their organization, what they need to do and when, or often, where to start.

Firstly we advocate the approach that we took here at Modica with our own infrastructure – start with the basics. It’s all about small wins and manageable deployments. If you keep it managed and controlled it will not eventuate into a huge project full of cost / risk and dreaded scope creep.

That’s the purpose of this blog post.It’s about helping you develop your own project plan and showing you that this is actually straightforward and simple.

We are interested in looking at how you can segment and organize the rollout.

Getting your web-hosting provider to add dual stack reachability does not need to be hard or costly.
Whilst this can be a very technical subject, most of that knowledge is with the hosting provider’s infrastructure team, and if they have experience of enabling IPv6 they can make this a really easy process for you. 
This is a small project, easily controlled and gives you some instant public wins.

Breaking off these chunks will allow you to see the wood clearly and not worry about the trees.

The most challenging task for most organizations will be updating the internal network. This will require some good planning and an organized rollout, sound testing, a dedicated project manager and internal expertise, however, there are still ways to keep this as easy as possible. isolated rollouts and internal user groups for example.

Keep in mind that if you have knocked off the easy bits first you can focus on this larger task without distractions.

Final point: don’t let anyone fool you that this is another Y2K. You have plenty of time to get this sorted and do it right first time.

So, if it is so easy, how do you go about getting your public website enabled?

Well, first thing you do is ask your current hosting provider if they are IPv6 capable. If the answer is no, don’t panic and switch providers just yet. Ask them what their plans are and when they intend to make this a service they offer.
If the answer is still no, or the time frames don’t suit you then look around by all means.

Hopefully however, the answer was along the lines of “yes, of course” in which case they should then provide you with a breakdown of the work needed for your site and the costs involved. Again, there is no magic involved here, so anyone unable to clearly articulate this should get a red flag, not the privilege of your business.

Who is actually doing this I hear you ask?
Well, last year on June 8th World IPv6 day took place. This was organized and sponsored by the Internet Society and supported by five major companies. Facebook, Google, Yahoo, Akamai Technologies and Limelight Networks.
For this day only, these major websites (and many others) enabled IPv6 for 24 hours.
Whilst this may seem a little unnecessary, it was a great opportunity to organizations to set them selves a goal – get the public facing websites accessible and see what issues it would expose. – A real world test if you like.
We made our own website available, as well as a number of client sites (they bravely volunteered!) This gave us some real world experience of what life will be like in the future, allowed us to identify any issues (with IPv4 availability also you won’t see these) and put in place fixes quickly.

(We only encountered one trivial issue that was fixed quickly incidentally.)

This year on June 6th the same large sites are taking part in IPv6 day again (as well as many others). This time however, they won’t be switching it off!

Many of our IPv6 enabled clients are NZ Govt departments, and we shared the stories of our enablement process and challenges at the Practical IPv6 for Govt seminar on 23rd Feb in Wgtn.

If you are interested in learning more about our IPV6 enabled hosting and how you can do it for your organization you can email your questions to IPv6@modicagroup.com or directly to me at bernadette.moody@modicagroup.com

If you are keen to do some research of your own, here are some great resources to look at.

http://www.ipv6.org.nz/
http://internetnz.net.nz/
http://www.ipv6.govt.nz/

According to the Hitchhiker's Guide to the Galaxy, the meaning of life is 42. That may be so, and impossible to argue intelligently either for or against, but why is the maximum length of an SMS 160? Who says so?

If you're one of the many Modicagroup users who contacts your customers directly using our email-to-text service, you might occasionally have wondered why the 160-character limit is imposed. It's not something we set, but its origin is interesting.

In 1985, a German communications researcher, Friedhelm Hillebrand, was trying to find out how much available space, or bandwidth, there was in the GSM cell phone standard to piggy back a text message along with voice. He hit his typewriter keys at home and banged out random messages and responses. Then he read a few postcards and found that around 160 characters should have been enough for people to communicate meaningfully using text messaging. He only had electronic space for 128 characters so he tweaked the specification and found he could squeeze in another 32, and 160 became the magic number.

He's written about that and the development of the GSM cellular technology and you can buy the book, but his love of numbers has caused him to add several to the price, so, only if you really, really need to know, should you buy it.