We often get questions and inquiries directed to us that are e-mailed directly to us and not through our online ticket system. The online ticket system is an important aspect of the service that we provide.

Our online ticket system has recently been redesigned to make it easier to complete and submit a ticket. You can always access our Account Management Area at:

http://www.amshelp.com
(You may want to bookmark this link for future reference)

Where there are two links to our ticket system, the Contact Form and Support Ticket link. Either of these links will take you to a page where you can submit a ticket.

Sending us a direct e-mail, bypassing the online ticket system, is not recommended. The four main reasons for this are:

• Account ownership verification

• Anti-spam and spam overload

• Cataloging and referencing

• Receipt confirmation

Account ownership verification
For some tasks, whether they be support, sales, or billing related, require some form of verification that you are who you say you are. For example, if I wrote in to my host requesting that the MX records for domain name to be changed, I would be flabbergasted and upset if they did not require some form of account verification before making the changes. The MX records tells the rest of the Internet where to deliver mail that is address to your domain name. If no verification is asked for to validate the request, then potentially anyone could make this request, which is a huge security issue.

Sending your account password in plain e-mail is never recommended. Our online ticket system uses SSL to secure the connection and uses encryption to encrypt the password fields. By using the online ticket system you can enter your account password, or the last four digits of the credit card used to pay for the account, and we can verify that you are in fact the owner of the account, which can be used to validate your request.

Anti-spam and spam overload
Nobody likes spam. Everybody receives spam. We receive a ton of spam messages everyday. Weeding through these spam messages can be a daunting task. Our online ticket system bypasses all of our anti-spam filters and anti-spam measures and those messages go directly to our customer service representatives. This means that if you send us an e-mail, and choose not to use our online ticket system, you run a great chance that the message will get lost in our daily spam clutter. While we try to read through all of the e-mail messages we receive and pick out what is spam/what is not spam, what was incorrectly marked as spam/what was not incorrectly marked as spam, etc, this task can be simplified if clients would just use our online ticket system, and then those messages would go directly to our customer service representatives where the issue can be looked at and resolved quickly. By choosing not to use our online ticket system you may experience delays in having your inquiry looked into, because we cannot continuously monitor the messages that bypass our ticket system. Simply put, inquiries that are raised through our online ticket system get a greater priority.

It is worth mentioning that once a ticket has been opened, you can continue to reply back on that ticket, just be sure to preserve the subject line (Having “Re:” in the subject is acceptable). Our ticket system works by recognizing and letting open ticket messages pass through our e-mail system and go directly to our customer service team. Once a ticket is opened, replies to that ticket are designed to pass through our system.

We do ask that you keep a ticket to one issue. If you open a ticket and then two weeks later experience a completely separate issue that you want looked into, please open another ticket. This helps with the third point.

Cataloging and referencing
This is more of an internal aspect. When you submit a ticket through our online ticket system it is assigned a unique ID number. This allows us to catalog and reference that ticket ID to a particular issue. If a support ticket is raised and our techs and system administrators need to collaborate on that issue, they can easily tell each other that this is in reference to ticket number xxxxxx.

This also allows us to catalog issues. If you experience an issue that perhaps we have not dealt with before, we can make a note of this and the ticket ID and catalog it. This way if someone else experiences this issue in the future, we can refer back to this ticket ID to see what steps were taken to resolve the issue.

Likewise, having the ticket ID helps you – the client – because you have something to reference later. Which brings us to our fourth reason.

Receipt Confirmation
Our online ticket system is designed to provide the submitter with a receipt, a confirmation that the ticket was received. This receipt confirmation works similar to an auto-responder, but it is not the same as an auto-responder.

We have one server that sits in our service cabinet in our office. All online ticket submissions are sent directly to that server. That server then distributes out the ticket to the appropriate customer service area. Once it has done this, it sends a confirmation message back to the ticket submitter, letting them know that the ticket has been received and dispatched to the appropriate party. This is why there may be a slight delay between submitting a ticket and receiving the ticket receipt confirmation.

This receipt confirmation serves two main purposes. One, it lets you know that we did receive your message and that we will be responding shortly. If you do not receive the receipt confirmation, then this likely means that you did not successfully complete the online ticket form or that you used an e-mail address that is unable to receive messages, in which case you won’t receive our replies from our customer service representative. You may want to check your spam box for delivery of the receipt confirmation message. If you do not receive a receipt confirmation within 10 to 15 minutes of submitting the ticket, then go ahead and submit a new ticket as we may not have received your first try.

Secondly, the receipt confirmation message provides you with details about the ticket. The receipt confirmation message will be sent to the e-mail address that we will be replying to and it also gives you the ticket ID of that request. If, for some reason, you never receive a reply back from our customer service team or if you wish to further reference the incident, you can always refer to that ticket ID.

These are all reasons why we stress using our online ticket system. Because we want to insure that you get quality and prompt service for any issue or question you might have, using the online ticket system insures that this will happen. Not using the provided online ticket system causes you to run risks in how your inquiry will be received and handled.

Scott

We are beginning the roll-out of PHP 5.2.14 on our servers. This is the latest version of the PHP 5.2 tree, and consequently the final release of the PHP 5.2 release tree.

For those interested the release notes for PHP 5.2.14 can be found at the link below

PHP 5.2.14 Released!

For the vast majority of users, you will not see any changes. These minor PHP upgrades (i.e. 5.2.13 to 5.2.14) are generally just security updates and have little or no bearing on the operation of any scripts.

As stated, this is expected to be the final release of the PHP 5.2 tree. Some security issues may be addressed if they come up with this version. But basically the PHP developers are encouraging users to upgrade to PHP 5.3. We don’t yet have a roadmap for putting PHP 5.3 on our servers, we will be investigating that in the weeks ahead.

For users that want to get a head start on this, you should e-mail or contact the vendors or developers of the scripts that you are using on your website and see if they are compatible with PHP 5.3. If they are not, point the vendor or developer to the PHP 5.2.14 release notes which states that the PHP developers are encouraging the adoption of PHP 5.3 and that every effort should be made to get the script ready for PHP 5.3.

Thank You
Scott

This is a continuation of our Security Guide see the previous post.

Lately the most prevalent method of hacking a website is not based on outdated scripts or even server-side related. It is a client-side issue, meaning your local computer, the computer you are using right now to read this.

Hackers are using viruses, trojans, spyware, adware, keyloggers and general malware to hack your personal computer and steal your account information (among other things). They can then use this information to access your hosting account and hack your website to include malicious code.

It used to be that the term virus was a straightforward term. Viruses were written and each virus would have a certain signature that virus scanner companies would identify and would write a definition for it. While traditional viruses still remain a threat on your personal computer, the field has actually been expanded to include trojans, spyware, adware, keyloggers (all of which I will refer to as malware from here on out) and just general malicious code. Identifying a threat on your computer is no longer as simple as identifying a virus with a virus scanner, malware detection software must also be used and even then some threats are undoubtedly going to slip through the cracks.

For the purposes of this article I am going to focus on malware on the Windows operating system. This isn’t to say that Linux, Macs, and other operating systems do not have their fair share of viruses and malware, it just seems that Windows malware is more prominent.

If you do not already have anti-malware software installed on your computer, I recommend installing Microsoft’s Security Essentials suite. Microsoft Security Essentials acts as both an anti-virus solution and an anti-malware solution. I have read plenty of good reviews about the software and it seems to be the best around.

What to do if you already have malware or suspect that you have malware installed on your computer?
You may have received a message from us where perhaps someone uploaded malicious content to your hosting account and we suspect that your computer is infected with malware. Or if you just suspect that your account information has leaked out. How do you find what is responsible? How do you resolve it?

Well, the issue is multiplied if you have used multiple computers to access your account. If you have only accessed your account from an administrative perspective (i.e accessed FTP or your cPanel, etc.) from your one computer at home then this would be your target machine. However, if you’ve accessed the administrative aspect of your hosting account from multiple computers (say your home computer, your work computer, your laptop, and a public computer at a library) then identifying which computer is infected is increasingly difficult. You really can’t know which computer is infected and thus you have to scan all of these computers for viruses and malware (except for the public computer at the library, they may not take kindly to you running extensive scans).

The process of scanning for viruses and trojans is long and exhaustive. You may have heard the saying An ounce of prevention is worth a pound of cure. This is true in this regard as well. The more securely you can operate, the less likely you are to become infected, and not be in this predicament.

Scanning for Viruses
You should scan the suspected computer (or computers) for viruses using an up-to-date virus scanner. Generally any anti-virus program will work, but two free ones are AVG and Avast! Just make sure that you have updated to the most recent definitions database for the anti-virus program. In general scanning with multiple anti-virus programs is better, because one program might identify something that another program missed. However you cannot keep two anti-virus programs installed at the same time. So you would have to uninstall or remove an anti-virus program before installing a new one. Scanning with multiple anti-virus programs is not required, I just mention it in case you are increasingly vigilant in your endeavor to find the culprit software.

As stated before, virus scanners won’t necessarily catch everything because today’s threats aren’t necessarily viruses but more malware or malicious code/applications.

Scanning for Malware
If you do not already have any anti-malware software installed on your computer, again I recommend installing Microsoft Security Essentials. But if you suspect that you already have malware installed on your computer and you do not have Microsoft Security Essentials installed, then do not install it right now. Instead I recommend following the steps below.

As with virus scanning, using more than one malware scanner is best. However, unlike virus scanning, using multiple malware scanners is much more effective. Results from different malware scanners is more likely to vary versus results from different virus scanners. This is because virus scanning is fairly straightforward and most virus scanners will search for the same thing. This is not true with malware and malware scanners. Different malware scanners will use different methods to find and detect malware or potential malware. For this reason, I believe it is more important to use multiple malware scanners than it is to use multiple virus scanners.

Note, the anti-malware programs listed below may detect cookies or Tracking cookies, these generally aren’t good but they aren’t really malware in the sense that they could do any real damage to your computer. Removing these Tracking cookies is probably a good thing, but they aren’t considered malware for our purposes.

If you suspect that your computer (or computers) has malware and you do not have any current anti-malware detection software installed, I would follow these steps:

1. Install and scan with MalwareBytes
Install MalwareBytes onto your computer and run it to detect malware. MalwareBytes is an anti-malware solution that comes highly recommended within the anti-malware community.

MalwareBytes Website

Once you have installed MalwareBytes, run it, and be sure to update the definitions to the latest version. Then search for malware on your computer. If it finds anything, resolve the issue accordingly. The scope of this article isn’t able to tell you specifically how to deal with it, because the infected or affected files may have more importance to you. You just need to be able to decide for yourself how to deal with it.

After you have resolved the issues that Malwarebytes has found and/or after a clean run you will want to remove MalwareBytes from your computer. Use Windows’ Add/Remove system to remove the program from your computer.

2. Install and scan with Adaware
Install Adaware on your computer and run it to detect spyware/adware/malware. Adaware is another program that has won some awards for being the best malware detector.

AdAware Website

Once you have installed Adaware, run it and update the Adaware definitions to the latest version. Then use the program to scan your computer for malware. If it finds anything, you will need to resolve those issues accordingly. Again, the scope of this article is not able to tell you specifically how to deal with Adaware’s findings, you will have to decide for yourself how to proceed with its results.

After you have resolved the issues that Adaware has found and/or after a clean Adaware scan, then you will want to remove Adaware from your computer. Again, use Windows’ Add/Remove system to remove the program from your computer.

3. Install and scan with Spybot Search & Destroy
Install Spybot Search & Destroy on your computer and run it to detect malware. Spybot Search and Destory is recommended by anti-malware experts as a solid malware detection program.

Spybot Search & Destroy Website

When you install Spybot Search & Destroy one of the questions will be to enable Tea Timer in the install. You do not have to install this. Tea Timer is Spybot’s real time scanner. It runs in the background constantly looking for malware on your computer. This won’t be necessary because we are going to remove the program after we have scanned with it. When you run Spybot Search & Destroy make sure that you update its definitions so that you are using the latest version. Scan your computer for malware with Spybot Search & Destroy and resolve any issues that it may identify.

After you have resolved any issues that Spybot Search & Destroy found and/or after a clean scan, then you will want to remove Spybot Search & Destroy from your computer using Windows’ Add/Remove system to remove the program from your computer.

4. Install and scan with Microsoft Security Essentials.
Install Microsoft Security Essentials on your computer and run it to detect any malware on your computer.

Microsoft Security Essentials Website

After you install Microsoft Security Essentials make sure that you update it to include the latest malware definitions. Then scan your computer for malware and resolve any issues that it discovers.

I left Microsoft Security Essentials last because if you do not already have any anti-malware software installed on your computer, then you should consider leaving it on your computer. If you already have anti-malware software on your computer or if you feel comfortable with another product, then you can remove Microsoft Security Essentials and leave or reinstall the anti-malware program of your choice.

If none of these scans detected any malware on your computer (or computers) and you still believe that malware is on your computer, the best thing to do is to discuss this at the Badwarebusters.org online community. Describe your symptoms and someone there may be able to help you identify or resolve the malware problem you are experiencing.

Steven

Next Post Password Security

Update June 17th 2:51PM CDT – The mail systems have been converted over to the new system and are up and operational. We are continuing to test this software.

Update June 17th 2:16PM CDT – Mail systems are offline while systems are converted to the new mail software.

Update June 17th 11:32AM CDT – Our current efforts to correct this issue with the current software have not yielded anything. We are going to try changing the mail software on the server. Some users may experience the symptoms described below.

We are investigating some issues with IMAP on the soft1 server. We have reports of slow IMAP response on the server. We are currently investigating the issue and looking for ways to resolve the issue.

It may become necessary to change some of the backend software on the server to fix this. Most users will not notice any changes if this software is changed.

Users who have their IMAP account set up to automatically purge their trash may notice issues with this if the software is changed.

The main issue that users may see affects those users who use POP to check their mail, but leave the messages on the server. This change in software may cause your e-mail application to redownload all of your mail messages. Again, this would only affect individuals who have their e-mail account set to download via POP and leave a copy on the server.

No determination has been made if it will be necessary to change the software on the server, but it is one option we are looking at.

If we do update the software on the server an update will be posted here and on our support ticket pages.

This would only affect accounts that are on the server soft1.wznoc.com.

How to determine if this affects you:
See if you are on soft1. Log into your cPanel. If the location bar changes to https://secure.amsnac5.com:2083 then your account is on soft1. You can also click the expand stats link in the left side once you log into your cPanel and read the label Hostname. If this says soft1.wznoc.com, then you are on soft1.

You can also visit our website:

http://www.amshelp.com/identify.php

and enter your domain name to see what server you are located on.

Steven

Some of you may have noticed the changes being brought about in cPanel 11.25. We have not yet updated all of our servers to cPanel 11.25, but are in the process of rolling this update out to all of our servers.

Some changes are being made as a result of this upgrade. These are detailed below.

New cPanel/Webmail Login
The login system for accessing your account has changed. For more information see the link below
New cPanel Login System

User Backup System
We have redesigned the user backup system so that you can create a backup of your account and keep it in a safe place. For more information see the link below
User Backup System

Secure FTP over TLS
Our servers now support secure FTP sessions for securely transferring your files. This replaces our SFTP system. For more information see:
FTP over Explicit TLS

These are just some of the changes that are coming about with the cPanel 11.25 update.

Steven