The Ecommerce Experts

Most people decide on hosting for a key reasons, features (or simply speaking to a supplier that doesn’t use too much jargon and can describe what you are asking for) reliability (speed and stability) and, importantly, price.
But, as Harry Hill would say “Which is best? There’s only one way to find out”
So it’s time for a fight:
A three way scrap between the key contenders, the ultimate prize fight to see which element is the king of hosting decisions – Features vs Reliability vs Price.
Right?
But wait, why do some companies, literally, home in on location first? That isn’t in the mix from the first pass at what is important.
Why is it that the first element for the most successful companies focussed on where their market actually is and not on the big 3 of features, reliability or price?
The reason is purely down to a need to maximise their audience and get greater sales from more visitors. It’s all about search engines and success. Search engines fanatically try to narrow down results to give the most relevant responses and are increasingly moving towards local identifiers. Choices will be made by search software over “where is this site?” and “what location does the person doing the search most want to have returned” This often means that, whilst spelling mistakes are expected and catered for, different use of language (color anyone?) and expressions mean that the anticipatory devices in modern search technology are looking for different things.
There are also a number of factors that are less obvious, such as timezones: Automatic and planned manual maintenance routines on servers are scheduled for the period of lowest server activity, a server in America, for example, will have very different usage patterns than one in the UK which could cause inconvenience just when you don’t need it.
Service response is also, often, a critical consideration. It is unlikely that offshore companies will have the same support people working the hours that you do.
Now, I am not saying that the elements of features, reliability and price are not equally important, clearly they are, but they should be part of a wider decision. If you want the best search engine returns and are running a business in the UK targeted at UK consumers, then start with hosting in the UK.

A common browser message when visiting a reported compromised site

What is a malicous code attack?

Does the image to the right look unfortunately familiar?
If so then you (your website) have most likely been the victim of a malicious attack on your website.
Malicious attacks on your website usually happen when someone or something has compromised the HTML and files on your website and inserted some malicious code.

What does it do?

This malicious code (or malware) has the primary intention of being executed when ever innocent browsers of your site open the page where this code is situated. It can take the form of Javascript, Java applets , browser plugins or other pushed content. When these scripts are executed the end result is usually to compromise the “host” machine for other purposes such as the sending and broadcasting of unsolicited SPAM email or the further propagation of a virus.

What to look for

The first time most people know about any attack against their website is when they see a message like the image above. By this point the malicious code has already been doing what it is designed to to – running on unsuspecting browsers as they view your website. Lists such as Google’s SafeBrowsing blacklist are regularly updated with compromised sites to ensure that other innocent browsers get notified before the malicious code is executed.

You can, however,  spot the malicious code before this point e.g. If your normally fast-loading home page suddenly takes a long time to open it could be because some other code is trying to execute at that point. If your most commonly accessed pages e.g. your index.html page, changes slightly or is edited with a new modified date that has not been actioned by you on the server then the file may have been compromised. If the source code of your home pages have changed and have some unexpected code within them then they may have been compromised.

How can this happen?

Malicious code can appear on your site in 3 main ways. 1) It is uploaded from your compromised machine by FTP or 2) Your FTP details for your server have been compromised and the amended file(s) have been uploaded from elsewhere or 3) (less commonly) some scripting language e.g. PHP on the website has been compromised and used to dynamically change the content of the pages on your hosting area.

What can you do?

First you must reset all FTP and server access details. This ensures that any compromised details are immediately invalid.
Secondly you must identify and remove the malicious code from the website which can sometimes mean deleting everything from your hosting area. This prevents any further visitors from falling victim to the code.
Thirdly you must recheck and rescan your local machine(s) to ensure there is no virus or other malware on your machines that could be involved in either the uploading of amended files or the compromising of FTP from your machine. (some viruses/trojans primary purpose is to scan a local machine for evidence of FTP details which it then serves to a drone server on the internet which in turn passes these details to hackers and other malicious code writers).
[Edit: Recommend that you run the anti-virus and anti-malware scans after rebooting the computer into SAFE MODE - thanks Chris]

How to avoid it

Make sure you have an excellent ftp and server access password policy in place. Change your password regularly.
It always amazes us how many people have very basic passwords and never, ever change them.
Make sure that your local machine(s) have the most up to date anti-virus and firewall software installed on them and that you run regular (weekly or even daily) scans on your machines to ensure they are fully protected.

What to do next

Once you are happy that you have resolved the issue and neutralised the malicious code you can approach the SafeBrowser blacklist sites and submit a reconsideration request of your website at:

http://www.stopbadware.org/home/reviewinfo

For ecommerce merchants the above image acts as an instant “closed door” to potential customers which can severely effect business. Prevention is by far and away the best method however if this does happen to you then follow the steps above and you should be able to minimise the damage caused and hopefully protect yourself against any future attack.

What is a custom 404 page and why do you need it?

When you go to a website and see a page saying that the link requested was not found with a message something like ” 404 error, the page was not found”.

This may happen because you have misspelled the URL, the page you requested does not exists or it has been moved any many more possible reasons..

What you usually do when you see this type of error page which does not tell anything about what might have happened? You may go back to your favourite Search engine and go to a different site or try and remember competitor website and go there or give up.

If this is happening to your site, think what you will be losing.

Having a custom 404 page makes it so that if someone lands on a 404 page, they at least know they’ve reached the right site.

Here is an example of a custom 404 page:

Step One: Creating/Modifying the .htaccess File

This step may not be necessary in all situations. Some web hosts already configure their web server so that it will look for a specific file in your web directory when a certain document cannot be found. If so, simply skip this step.

If your web server is not an Apache web server, you will have to find out from your web host what you need to do to enable the server to serve your customized file when a file cannot be found. This article only applies to websites that are hosted on Apache web servers.

Otherwise, the first thing you need to do is to add the following line to a file named .htaccess (note the preceding period). In most instances, no such file will exist, and you can simply create one with a text editor (such as Notepad on Windows). Incidentally, if you are using Notepad on Windows, you will need to enter ".htaccess" (including the opening and closing quotation marks) into the “Save As” dialog box when you create the file, otherwise Notepad will append a “.txt” extension behind your back when it creates the file. And unless you configured Windows to show you the full filename, you won’t even realise that it has done so.

You will of course need to put a notfound.html file in the main web directory for the above directive to work.

The “ErrorDocument 404″ directive essentially tells the Apache web server that whenever it cannot find the file it needs in that directory and its subdirectories, it is to use the document specified in the URL that follows.

One .htaccess file in your main web directory will do the trick for that directory and its subdirectories. However, if you want a certain subdirectory to show a different 404 File Not Found message, you can always place a different .htaccess file into that directory. This will override any .htaccess files you have in the parent directories.

Step Two: Creating Your Error Document File

What should go into your custom 404 File Not Found page?

It is not good enough to simply let your visitors know that the file could not be found. In order not to lose them, you will need to provide them some way to locate the document they want, or they will leave.

Your page should have one or more of the following things:

1. A link to your main page, with a suggestion that the visitor can find what he/she wants there.
2. If you have a search engine for your website, you should definitely put a search box on that page. Many people prefer to simply type a query than to scan through your site map.
3. A link to your site map, which lists all the pages on your website.
4. If you know of frequently mistyped URLs on your site, you can even put links to the correct location directly on the page, so that visitors who arrive there from outside can quickly get to the correct page. Remember, you don’t want to lose that visitor, so do all you can to help him/her.
5. Any other navigational aids that you may have — for example, if you have a drop down navigation menu on your normal pages, you should probably put one here as well.

If you like, you can even put a simple form on the page to allow your visitors to inform you of the broken link. However, the primary aim of this page is not to help you track bad links, but to make sure your visitor does not leave your site if what he/she wants can be found there.

Incidentally, you should make your 404 page larger than 512 bytes, even when you are testing. Otherwise Internet Explorer (IE) will load what it calls its built-in “friendly HTTP error message” instead of your 404 page. The Chrome browser behaves no better.

Step Three: Testing the Error Document

When you’re satisfied with your page, upload it together with your .htaccess file to your website. Then test it by typing a URL that you know does not exist.

Your error page should load up. From this error page, test to see that the links here lead to the pages you intended it to lead.

Common Errors with a 404 Custom Error Page

1. The most common error people have with their custom error page is making a mistake in the URL they put in their .htaccess file. This leads the web server into a loop when a visitor tries to access a missing file. When a file cannot be found the server tries to load the file specified in your ErrorDocument directive. But that file does not exist too, so it tries to load the file specified in that directive. You get the idea. Make sure you test your error file by typing in a non-existent URL. Do not test it by typing its real URL — that will of course work but it will prove nothing.
2. Another common error is to forget that your 404 Error Page may be loaded either from the main directory or from a subdirectory or even your CGI-BIN directory. When you put links on your 404 Document Not Found page, such as hyperlinks leading to other pages on your site or links to images (such as your logo), be sure that you use the full URL and not a relative link. That is, use things like
   <a href=”http://www.yourdomain.com/sitemap.shtml”>Site Map</a>

   instead of

   <a href=”sitemap.shtml”>Site Map</a>

   The first will work even if the 404 page appears for a missing file in a subdirectory, but the second will not. H2Q4WG3GCCM4