Friday, 12 December 2014

We’re pleased to announce that Public Folders will be available in Hosted Exchange 2013 on December 17, 2014.


Background:


In March 2014, Microsoft announced new limits on Exchange 2013 public folders. The limits were due to a new folder storage architecture in the 2013 release.  At that point Thexyz removed public folders from our Hosted Exchange 2013 product in order to maintain server stability until Microsoft could provide an update. In August 2014, Microsoft released the software update to improve public folder limits, and Thexyz began applying the new guidance to our Hosted Exchange 2013 product. Microsoft's update still has limits on public folders. In order for Thexyz to offer public folders without exceeding those numbers, we will apply folder usage limits to all customer accounts.


Public Folder in Exchange 2013


You will be able to add Public Folders to your Exchange 2013 domain. We are improving your Public Folder experience by moving the management tools into Control Panel; from here you can create, delete, and edit folders.

• Create up to 25 Public Folders total (including subfolders) per email domain.
• Store up to 250 MB of content in each folder.
• Create, rename, delete, and mail-enable folders directly in the Control Panel.
• See real-time provisioning status of your folders in Control Panel.
• Users who manage folders through Outlook will need a Limited Admin account in the Control Panel. Public Folder administration will no longer be available in Outlook.
• End-user permission management for changing read/edit/delete access rights is not available in the first release.
• For Exchange 2013 customers whose folders are above the new limits, Thexyz will NOT automatically decrease their number or storage size. For these users, an example folder structure may display “33 of 25 folders.”  Customers with more than 25 folders may not add new folders until they are below the limit. Folders that are over the 250MB storage quota will not accept new items until content is removed to get below the quota.

Why are there limits on Public Folders


The 25 folder and 250 MB per-folder limits ensure each Exchange environment does not exceed the inherent Public Folder limits that Microsoft placed on Exchange Server 2013. Without these limits, Thexyz would jeopardize the stability of our customer’s email and uptime.  We are not willing to compromise stability and reliability, which is likely one of the reasons you chose us to host your email. As Microsoft raises the limits (as they have stated they plan to do), we plan to raise ours as well.

The new Public Folder administration tools will be live in Control Panel on December 17, 2014.

Saturday, 6 December 2014

The name servers records turn a floating domain into a fully functional host by anchoring it to a certain server on the web.

 

Since the availability of a web server might at times be compromised, most domain names have two name servers – the main one (NS1) and a backup server (NS2), which takes over if the first one is experiencing problems.

 

To further secure your online presence, we’ve also added a second (NS3) and a third (NS4) backup name server to each host.

 

 Geographical location-based name server backup service

 

We’ve learned from experience that the use of different networks to handle name resolution within one and the same data center is not a solid guarantee for online availability. This is why we've implemented backup name servers in three different locations around the globe – NS2 in the Chicago data center (already existing), NS3 in the UK data center and NS4 in the Finnish data center. This way, in the event of a massive network disruption in the Chicago data center, each next-level backup server will be able to take over the job from the previous one in the chain.

A backup name server (NS3) in the UK data center

 

While implementing the location-based backup service, our admins first added a name server in the Pulsant data center in Maindenhead, UK. The UK facility has direct connections to international backbones and a very secure infrastructure. Also, the UK is a country with a lower risk of natural disasters like tsunamis and hurricanes, as compared to the USA.

 

 A backup name server (NS4) in the Finnish data center

 

We’ve selected the data center in Finland to house the fourth name server for a reason. Located in an underground compound, which used to accommodate the Finnish Defence Forces, the data center can withstand even an atomic bomb attack.


Apart from the natural protection against disasters of all sorts, the facility offers an iron-clad security system, which further guarantees the flawless performance of the sites hosted there.













Monday, 1 December 2014

Thexyz admins located a series of unauthorized attacks on CMS-based sites on our platform over the weekend, which appeared to be part of the CryptoPHP hacker ‘campaign’. CryptoPHP is a threat that uses a backdoor to access Joomla, WordPress and Drupal themes and plugins to compromise web servers.

This turns out to be a global phenomenon, which was discovered by experts in the Netherlands through a compromised Joomla plugin on a customer’s site.The plugin had been downloaded from a legitimate-looking site that offers a list of free, compromised themes and plugins.

What is the CryptoPHP malware all about?

By downloading and installing pirated CMS themes and plugins on their own sites, users also install the CryptoPHP backdoor, which empowers attackers to exercise remote control over their sites.

The CryptoPHP malware can inject infected content into the compromised sites and even update itself.

However, the main purpose of the malware is to conduct blackhat SEO operations. Experts have detected links and text injected into the compromised pages with the sole purpose of tricking crawlers into giving the hacker sites backlink credit and a pagerank.

Experts have identified thousands of plugins that have been backdoored using CryptoPHP, including both WordPress and Joomla plugins and themes and Drupal themes.

The exact number of websites affected by CryptoPHP has not been determined yet. However, specialists have reasons to believe that they are at least a few thousand.

How are sites on our platform affected by CryptoPHP?

Unfortunately, a few CMS sites on our platform became the target of CryptoPHP hackers as well. Upon locating the attack, our admins made a thorough investigation of the affected sites and found out that they all contain files like ‘social.png’, ‘social0.png’, or ‘social1.png’, etc. in their code, which are actually PHP scripts instead of PNG files.

They have managed to clean all infected sites of the malware. However, they cannot guarantee that CMS users will not be compromised again if downloading a pirated CMS theme or plugin from the web.

What should I do to make sure I am not affected?

If you have ever installed pirated or untrusted WordPress/Joomla/Drupal plugins/themes/templates, you are potentially susceptible to a CryptoPHP attack.

This is why, you need to take immediate measures and check your sites for files named ‘social.png’. If the file is a PHP script instead of a PNG file, you are probably vulnerable.

Also, if you realize that you are infected, you can resolve the problem temporarily by activating the Outgoing Connections Firewall from your Web Hosting Control Panel:

The attacked sites are trying to make outgoing connections to certain IP's, so this will help you pause the attack until you find a way to resolve the problem.

The best way to protect yourself from the CryptoPHP malware is by making sure you download CMS themes/plugins from from trusted developers’ sites and popular marketplaces.

Here you can find the whole report by the Dutch company, which diagnosed and publicized the CryptoPHP malware: https://foxitsecurity.files.wordpress.com/2014/11/cryptophp-whitepaper-foxsrt-v4.pdf


















Friday, 21 November 2014

Password Reset is here!


After many months of development, a secure password reset tool has been added to webmail. 


When you next login to webmail, you will be asked to enter a mobile phone number. This is used to send you a numeric code to verify the phone. Then if you ever forget your password, you can request a reset by receiving a SMS code to your phone.

Wednesday, 1 October 2014

Beware of domain renewal scam emails sent by 'ICANN'


ICANN, the global domain name coordinator, has raised awareness of a global scamming issue regarding domain renewals.
The latest ‘fashion’ among cybercriminals is sending registrants domain renewal emails, which pretend to be coming from ICANN.
The scam emails are only aimed at misleading the registrants into giving their financial information on the phishing sites they are redirected to from the email notifications.
The Anti-Phishing Working Group (APWG) has managed to outline a few common characteristics of the emails sent by scammers:
  • The scam email encourages the recipient to click on a link to renew the domain online at an attractively low price.
  • The ‘renewal promotion’ email appears to be sent by ICANN. It features ICANN’s branding and logo in the body of the message.
  • The fake renewal page that the email leads to also tries to mimic a page managed by ICANN.
While ICANN has initiated a thorough investigation of this aggressive scam campaign, they recommend that registrants also take steps to protect their personal information.
So, if you receive an email similar to the one described above, you should keep in mind the following notes:
  • Any email that offers domain renewal services from ICANN is NOT authentic, since ICANN does not process domain registrations or collect fees from registrants directly. All domain expiration notifications are sent from us - your hosting provider.
  • You should contact our support team directly for any concerns about the status of your domain name.
  • To help ICANN fight this global scam practice, you can report any scam email received at compliance@icann.org. A copy of the scam email is required for maximum investigation results.

Thursday, 25 September 2014

Patch To Bash Command Interpreter on Linux and Unix systems.

In response to customers inquiring about the latest Linux bash vulnerability known as "ShellShock". We have, as of last night applied the latest available patch to all VPS, Dedicated and Shared hosting servers. We will continue to apply updates as they become available.

Testing for the vulnerability

It is possible to test for this flaw from a shell script on a Linux system using the following command:
env var='() { ignore this;}; echo vulnerable' bash -c /bin/true

An affected version of bash will output “vulnerable”.

Friday, 19 September 2014


The domain backordering service allows you to attempt to re-register a desired domain that is soon to expire, the moment it is brought back to the pool of available domains.

This is a great way for you to try to lay hands on website names that are, first of all, easy to remember and spell, and second – have already a certain search engine credit because of their age.


Backordering a domain (for now, this is only possible for .COM and .NET domains) on our web hosting control panel. Below is an example of how you can backorder an attractive domain with a few clicks in Thexyz control panel.

For the purpose of this tutorial let’s say that you want to register a domain for your new website, which offers spy gadgets.

1. In the Thexyz Web Hosting Control Panel, go to the Domain Backorders section of the Domain Manager:


2. Using the domain search controls, you can refine your search results to get only suggestions you are interested in.


In this example, we have selected to get results for short domains (between 2-6 characters), which feature letters only and words from the dictionary. Also, to narrow down our search, we have specified the keyword ‘spy’ to be featured in the domain. These are all basic requirements for an attractive, keyword-worthy domain name.

3. When ready with the search specifications, just click on the SEARCH button to get a list of all available relevant options:

 4. Take a close look at the available options and select the one that you find most attractive for your site. In our example, the suggestion spyapt.com looks like a great match for our spy gadget site:


 5. When ready with your choice, just click on the Backorder link on the right:

 6. You will be now taken to your Control Panel wallet from where you can place your order for the selected domain. If you do not have credits in your wallet yet, you can refill it from the Wallet section by clicking on the Refill Wallet button on the top right:



Once you manage to get your backordered domain, you will be able to renew it at a regular price.

Please note that placing a backorder does not guarantee that you will register the domain you have requested, Since domain backordering is a first-come-first-served process, we might be unsuccessful in our attempt to register the domain for you.
Also, the deposited amount is non-refundable, so if we do not succeed in registering the domain for you, you could use the funds for another service of your choice.

Trending Posts

Subscribe by email

Enter your email address:

Delivered from Thexyz Blog

Tags

News (77) Web Hosting (46) Advertising (19) Tutorials (16) Thexyz Cloud (13) Video (5) Email (3) resellers (3)