Friday, 12 December 2014

We’re pleased to announce that Public Folders will be available in Hosted Exchange 2013 on December 17, 2014.


In March 2014, Microsoft announced new limits on Exchange 2013 public folders. The limits were due to a new folder storage architecture in the 2013 release.  At that point Thexyz removed public folders from our Hosted Exchange 2013 product in order to maintain server stability until Microsoft could provide an update. In August 2014, Microsoft released the software update to improve public folder limits, and Thexyz began applying the new guidance to our Hosted Exchange 2013 product. Microsoft's update still has limits on public folders. In order for Thexyz to offer public folders without exceeding those numbers, we will apply folder usage limits to all customer accounts.

Public Folder in Exchange 2013

You will be able to add Public Folders to your Exchange 2013 domain. We are improving your Public Folder experience by moving the management tools into Control Panel; from here you can create, delete, and edit folders.

• Create up to 25 Public Folders total (including subfolders) per email domain.
• Store up to 250 MB of content in each folder.
• Create, rename, delete, and mail-enable folders directly in the Control Panel.
• See real-time provisioning status of your folders in Control Panel.
• Users who manage folders through Outlook will need a Limited Admin account in the Control Panel. Public Folder administration will no longer be available in Outlook.
• End-user permission management for changing read/edit/delete access rights is not available in the first release.
• For Exchange 2013 customers whose folders are above the new limits, Thexyz will NOT automatically decrease their number or storage size. For these users, an example folder structure may display “33 of 25 folders.”  Customers with more than 25 folders may not add new folders until they are below the limit. Folders that are over the 250MB storage quota will not accept new items until content is removed to get below the quota.

Why are there limits on Public Folders

The 25 folder and 250 MB per-folder limits ensure each Exchange environment does not exceed the inherent Public Folder limits that Microsoft placed on Exchange Server 2013. Without these limits, Thexyz would jeopardize the stability of our customer’s email and uptime.  We are not willing to compromise stability and reliability, which is likely one of the reasons you chose us to host your email. As Microsoft raises the limits (as they have stated they plan to do), we plan to raise ours as well.

The new Public Folder administration tools will be live in Control Panel on December 17, 2014.

Saturday, 6 December 2014

The name servers records turn a floating domain into a fully functional host by anchoring it to a certain server on the web.


Since the availability of a web server might at times be compromised, most domain names have two name servers – the main one (NS1) and a backup server (NS2), which takes over if the first one is experiencing problems.


To further secure your online presence, we’ve also added a second (NS3) and a third (NS4) backup name server to each host.


 Geographical location-based name server backup service


We’ve learned from experience that the use of different networks to handle name resolution within one and the same data center is not a solid guarantee for online availability. This is why we've implemented backup name servers in three different locations around the globe – NS2 in the Chicago data center (already existing), NS3 in the UK data center and NS4 in the Finnish data center. This way, in the event of a massive network disruption in the Chicago data center, each next-level backup server will be able to take over the job from the previous one in the chain.

A backup name server (NS3) in the UK data center


While implementing the location-based backup service, our admins first added a name server in the Pulsant data center in Maindenhead, UK. The UK facility has direct connections to international backbones and a very secure infrastructure. Also, the UK is a country with a lower risk of natural disasters like tsunamis and hurricanes, as compared to the USA.


 A backup name server (NS4) in the Finnish data center


We’ve selected the data center in Finland to house the fourth name server for a reason. Located in an underground compound, which used to accommodate the Finnish Defence Forces, the data center can withstand even an atomic bomb attack.

Apart from the natural protection against disasters of all sorts, the facility offers an iron-clad security system, which further guarantees the flawless performance of the sites hosted there.

Monday, 1 December 2014

Thexyz admins located a series of unauthorized attacks on CMS-based sites on our platform over the weekend, which appeared to be part of the CryptoPHP hacker ‘campaign’. CryptoPHP is a threat that uses a backdoor to access Joomla, WordPress and Drupal themes and plugins to compromise web servers.

This turns out to be a global phenomenon, which was discovered by experts in the Netherlands through a compromised Joomla plugin on a customer’s site.The plugin had been downloaded from a legitimate-looking site that offers a list of free, compromised themes and plugins.

What is the CryptoPHP malware all about?

By downloading and installing pirated CMS themes and plugins on their own sites, users also install the CryptoPHP backdoor, which empowers attackers to exercise remote control over their sites.

The CryptoPHP malware can inject infected content into the compromised sites and even update itself.

However, the main purpose of the malware is to conduct blackhat SEO operations. Experts have detected links and text injected into the compromised pages with the sole purpose of tricking crawlers into giving the hacker sites backlink credit and a pagerank.

Experts have identified thousands of plugins that have been backdoored using CryptoPHP, including both WordPress and Joomla plugins and themes and Drupal themes.

The exact number of websites affected by CryptoPHP has not been determined yet. However, specialists have reasons to believe that they are at least a few thousand.

How are sites on our platform affected by CryptoPHP?

Unfortunately, a few CMS sites on our platform became the target of CryptoPHP hackers as well. Upon locating the attack, our admins made a thorough investigation of the affected sites and found out that they all contain files like ‘social.png’, ‘social0.png’, or ‘social1.png’, etc. in their code, which are actually PHP scripts instead of PNG files.

They have managed to clean all infected sites of the malware. However, they cannot guarantee that CMS users will not be compromised again if downloading a pirated CMS theme or plugin from the web.

What should I do to make sure I am not affected?

If you have ever installed pirated or untrusted WordPress/Joomla/Drupal plugins/themes/templates, you are potentially susceptible to a CryptoPHP attack.

This is why, you need to take immediate measures and check your sites for files named ‘social.png’. If the file is a PHP script instead of a PNG file, you are probably vulnerable.

Also, if you realize that you are infected, you can resolve the problem temporarily by activating the Outgoing Connections Firewall from your Web Hosting Control Panel:

The attacked sites are trying to make outgoing connections to certain IP's, so this will help you pause the attack until you find a way to resolve the problem.

The best way to protect yourself from the CryptoPHP malware is by making sure you download CMS themes/plugins from from trusted developers’ sites and popular marketplaces.

Here you can find the whole report by the Dutch company, which diagnosed and publicized the CryptoPHP malware:

Wednesday, 1 October 2014

Beware of domain renewal scam emails sent by 'ICANN'

ICANN, the global domain name coordinator, has raised awareness of a global scamming issue regarding domain renewals.
The latest ‘fashion’ among cybercriminals is sending registrants domain renewal emails, which pretend to be coming from ICANN.
The scam emails are only aimed at misleading the registrants into giving their financial information on the phishing sites they are redirected to from the email notifications.
The Anti-Phishing Working Group (APWG) has managed to outline a few common characteristics of the emails sent by scammers:
  • The scam email encourages the recipient to click on a link to renew the domain online at an attractively low price.
  • The ‘renewal promotion’ email appears to be sent by ICANN. It features ICANN’s branding and logo in the body of the message.
  • The fake renewal page that the email leads to also tries to mimic a page managed by ICANN.
While ICANN has initiated a thorough investigation of this aggressive scam campaign, they recommend that registrants also take steps to protect their personal information.
So, if you receive an email similar to the one described above, you should keep in mind the following notes:
  • Any email that offers domain renewal services from ICANN is NOT authentic, since ICANN does not process domain registrations or collect fees from registrants directly. All domain expiration notifications are sent from us - your hosting provider.
  • You should contact our support team directly for any concerns about the status of your domain name.
  • To help ICANN fight this global scam practice, you can report any scam email received at A copy of the scam email is required for maximum investigation results.

Thursday, 25 September 2014

Patch To Bash Command Interpreter on Linux and Unix systems.

In response to customers inquiring about the latest Linux bash vulnerability known as "ShellShock". We have, as of last night applied the latest available patch to all VPS, Dedicated and Shared hosting servers. We will continue to apply updates as they become available.

Testing for the vulnerability

It is possible to test for this flaw from a shell script on a Linux system using the following command:
env var='() { ignore this;}; echo vulnerable' bash -c /bin/true

An affected version of bash will output “vulnerable”.

Friday, 19 September 2014

The domain backordering service allows you to attempt to re-register a desired domain that is soon to expire, the moment it is brought back to the pool of available domains.

This is a great way for you to try to lay hands on website names that are, first of all, easy to remember and spell, and second – have already a certain search engine credit because of their age.

Backordering a domain (for now, this is only possible for .COM and .NET domains) on our web hosting control panel. Below is an example of how you can backorder an attractive domain with a few clicks in Thexyz control panel.

For the purpose of this tutorial let’s say that you want to register a domain for your new website, which offers spy gadgets.

1. In the Thexyz Web Hosting Control Panel, go to the Domain Backorders section of the Domain Manager:

2. Using the domain search controls, you can refine your search results to get only suggestions you are interested in.

In this example, we have selected to get results for short domains (between 2-6 characters), which feature letters only and words from the dictionary. Also, to narrow down our search, we have specified the keyword ‘spy’ to be featured in the domain. These are all basic requirements for an attractive, keyword-worthy domain name.

3. When ready with the search specifications, just click on the SEARCH button to get a list of all available relevant options:

 4. Take a close look at the available options and select the one that you find most attractive for your site. In our example, the suggestion looks like a great match for our spy gadget site:

 5. When ready with your choice, just click on the Backorder link on the right:

 6. You will be now taken to your Control Panel wallet from where you can place your order for the selected domain. If you do not have credits in your wallet yet, you can refill it from the Wallet section by clicking on the Refill Wallet button on the top right:

Once you manage to get your backordered domain, you will be able to renew it at a regular price.

Please note that placing a backorder does not guarantee that you will register the domain you have requested, Since domain backordering is a first-come-first-served process, we might be unsuccessful in our attempt to register the domain for you.
Also, the deposited amount is non-refundable, so if we do not succeed in registering the domain for you, you could use the funds for another service of your choice.
Thursday, 28 August 2014
As part of our continuing effort to improve the security of your email accounts, we will be making a change to our list of restricted file attachments. Beginning on Monday Sept 15, 2014, we will no longer allow executable (.exe) files inside of compressed (.zip) attachments. Incoming messages containing a restricted file attachment will be rejected and the sender will receive a “bounced” email notification informing them of the restriction. This change will further help to protect your email accounts from malware, specifically emerging threats which may not be detected by our multiple levels of virus detection.
Monday, 25 August 2014

If you are using Thexyz Webmail with your own domain you may have noticed the "Chat" menu item which was recently added. This is a new feature that was added in the spring of 2014. It was originally introduced for users with their own custom webmail site. After some feedback from our users we have decided to open up the chat system to all users with their own domain.

If you do not see chat when you login to webmail it is because you using one of our domains.
Thursday, 21 August 2014

Thexyz now has a new affiliate program that allows users of our service to refer new users to Thexyz. For every new user referred you will be awarded a commission payment of 25% of the sale price.

Every user of Thexyz is already enrolled in the affiliate program, if you are do not currently have an account or service with Thexyz, you can apply to be an affiliate. If you do not know your password for the site, you can use the 'reset password' link to reset it.

There are banner ads and html text links available in the affiliate area and if you have any questions about the program do not hesitate to contact the support team.
Friday, 8 August 2014

Along with recent security concerns, the reasons to get your site protected with an SSL certificate are growing as Google announced yesterday that HTTPS is now a ranking signal used in its search algorithm. Google has been pushing the use of HTTPS (HTTP over TLS/Transport Layer Security) for quite some time, and called for “HTTPS everywhere” at a recent Google I/O.

The company says it’s seeing more and more webmasters adopting it, and that over the past few months it’s been running tests taking into account whether sites use secure encrypted connections as a signal. You can read the full blog post on the Google Webmaster Blog here.

“We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”

If you’re already serving on HTTPS, you can test its security level and configuration using this Qualys Lab tool. If you have not secured your site with HTTPS then you can purchase an SSL certificate below cost price from Thexyz which also includes free installation!
Tuesday, 22 July 2014

These days, websites are faced with the challenge of delivering a large amount of dynamic content to visitors in a shorter amount of time.

Normally, servers would load pages every time they are requested, which could have a slow-down effect on the speed at which a frequently accessed page is served to the visitor.

Also, the repeated queries to the database server can lead to a non-cost-effective resource usage. Luckily, there are tools like Memcached that can help you streamline the data reading process and hence reduce the load on the server and the waste of valuable resources.

What is Memcached? 

Basically, Memcached works as a caching layer between the requests of the visitors and the server itself.
Technically speaking, Memcached caches data and objects in the server’s RAM so that the frequently requested data can be served directly from the memory instead of the database server/API.
You can find Memcached in the Advanced section of your Web Hosting Control Panel.
Here is an illustration of the way Memcached works during the first and each following request:

First user request

When a user opens a page for the first time, the request is sent straight to the database server and, in the meantime, the data is stored in the Memcached server. 

Second user request

The next time the user makes a request for the same page, the data will be retrieved directly from the Memcached memory instead of the database server.
This will significantly reduce the number of times a database is read and in the meantime will make pages load much faster.

If you have a traffic-intensive, database-driven website like a large e-store, a busy blog, a news portal, etc., which serves hundreds of visitors per day, then using Memcached is indispensable.

Memcached works as a caching layer for some of the most traffic-heavy sites such as YouTube, Reddit, Facebook, and Twitter. Some popular CMSs like Joomla and WordPress support it too.

How to work with Memcached?

Working with Memcached requires a proper installation and a good control of its settings. This is why, we offer Memcached with all our web hosting plans, so our system will take care of the installation and the memory allocation procedures for you.

Here is an example of how to create a basic Memcached instance on our servers:

In the Thexyz Server Web Hosting Control Panel, select Memcached from the Advanced section and click on the Create an instance button on the top right.

In the popup window, leave the Status as it is selected by default and then just select the memory allocation that you want to use for this instance.

Memcached is included by default with the advanced hosting packages at Thexyz Server.

All other packages offer it as an upgrade option. Also, you can always upgrade the current Memcached memory quota of your plan from the Upgrade Services menu of the Control Panel.

A recent correction to the way mailbox storage quota is calculated has caused a number of mailboxes reflect a dramatic change in size. The new calculations are accurately representing the usage of the mailbox. Mailboxes that are over quota will need to be reduced below their quota to resume sending and receiving.

Thursday, 26 June 2014

Nominet, the authority that manages UK domains, has finally released the plain .UK domain extension for open registration alongside the popular .CO.UK TLD.

What are the main benefits of .UK domains?

The .UK domain extension is a new exciting 'webatory' for present and future website owners whose personal or business online presence is somehow related to the UK. It is an excellent choice for those of you who have always dreamt of having a short and memorable domain with the much-easier-to-spell-and-type .UK ending.

Do .CO.UK domain owners have rights over the new .UK equivalent?

According to Nominet, every .CO.UK domain holder will be the first to be offered the shorter .UK equivalent of their current address. They will have 5 years to decide whether they want to use it in addition to, or instead of the domain they already have. Nominet will be contacting these customers personally to ensure that they are aware of this right.

How do I register a .UK domain for my site?

You can register a .UK domain for 1-10 years or from your Control Panel. The registration procedure is the same as that for .CO.UK, .ME.UK and .ORG.UK.
If you are having troubles registering your .UK domain, please open a support ticket from the Help Center for more information.
Tuesday, 24 June 2014

Canada's Anti-Spam Legislation (CASL) is coming into effect on July 1, 2014, we wanted to make sure the small business owners in the Thexyz community are properly prepared and compliant with the road ahead.

If you have not heard about this new legislation, CASL (Bill C-28) is a new set of regulations that aims to crack down on unwanted spam messages and is considered to be the toughest anti-spam law in the world. CASL requires all businesses that are selling or promoting products or services through email to prove they have consent to reach out to new, existing and potential customers.

The CASL aims to reduce spam, viruses and increase consumer confidence in e-commerce, failure to comply can result in tough penalties, up to $1-million for an individual and up to $10-million for a business. Here’s what you need to know, and some tips for making sure your business is compliant.

Is just mass email affected?

CASL applies to any commercial electronic message (CEM) sent by any medium, including your company's email, SMS or social media account, that promotes your business or encourages participation in a commercial activity, such as selling or promoting products, services or a business event, that communicates directly with a consumer. The only way you can send one of these direct messages legally is by obtaining explicit or implied consent from the recipient first.

What you should follow when sending CEMs

1. Consent: You must have implied or expressed consent to send a message. If a CEM is intended to be sent to a non-customer, then an analysis of whether proper consent exists needs to occur before the electronic message is sent. Express consent may be obtained orally or in writing, with clear disclosure of the purpose for which the consent is being sought and a statement that the recipient can withdraw his or her consent. In either case, the onus is on the person who is sending the message to prove they have obtained consent to send the message.

The Canadian Radio-Television and Telecommunications Commission (CRTC) is enforcing compliance and recommends that organizations protect themselves by tracking whether consent was obtained in writing or orally, when it was obtained, why it was obtained and the manner in which it was obtained.

2. Unsubscribe Mechanism: In every CEM you send you must provide a way for recipients to unsubscribe from receiving messages in the future. The unsubscribe mechanism should be accessible by the same electronic means that the message was sent. For instance, a CEM sent via SMS may state that an end-user can unsubscribe by texting the word "STOP". Another possibility is including a hyperlink clearly and prominently in an email that allows the end-user to unsubscribe by simply clicking it. The hyperlink may also be to a webpage that is readily accessible without delay and is at no cost to the recipient, the unsubscribe request should come into effect within 10 days

3. Identification: You must clearly and simply identify yourselves and anyone else on whose behalf the message is sent.This includes providing your company's name, mailing address and either a telephone number providing access to an agent or a voice messaging system, an email address or a website. You also need to include a sentence clearly stating that the individual can opt out of your communications at any time. This message should be located near the unsubscribe mechanism if possible.

Six simple tips for staying CASL compliant

1. Reach out to existing and prospect clients by email before July 1. If you ask for their consent electronically, you must do so by July 1 and have them opt-in by checking a box that says they’re willing to receive electronic communications. After July 1, this process will be an offence.

2. Those who don’t have consent by July 1 will need to get it through other means, such as a telephone call. Recall that consent under CASL is also implied if you have an existing business relationship or existing non-business relationship with the person or company.

3. Establish a procedure for new customers. You can ask for consent when they are buying on your website or asking permission when taking their first order, as long as the opt-in requirements are met (written or oral).

4. Maintain an accurate and current list of recipients’ consent to receive messages. Instances of express and implied consent should be handled separately to ensure clarity and compliance.

5. Educate your employees on the new policies that need to be implemented as a result of the act.

6. Remember that consent isn't transferrable. Beware of any businesses bearing lists because if anyone claims you can “Blast your ad to over 10,000 legitimate addresses for a price,” or “Buy a database with a million email addresses for only $100,” they are selling you spam lists that could result in receiving a large penalty.

If you still have any questions or comments regarding CASL please feel free to leave them below and we’ll respond as soon as we can.
Friday, 20 June 2014
In recent months, Touchdown has been purchased by Symantec and the development has been put on hold. 


It is only iOS devices like an iPhone or an iPad that support ActiveSync with the native Apple Mail app. With TouchDown you can now add support for ActiveSync on the Mac desktop too. This will allow you to sync your email, contacts and calendar with your mobile device and webmail.

You can then setup your account with Thexyz by following the directions below.

Enter your full email address and email account password.

Leave the domain field blank and enter: in the Server Name field.

Use the recommended settings to ensure optimal efficiency.

Your email, contacts and calendar should begin syncing and may take sometime for the initial sync to take place.

Monday, 9 June 2014

This tool was retired in 2015, you can read more here and find a workaround.

All you need to do is login to webmail and head to the settings menu where you can as many external accounts as you wish. You just need incoming pop server, email address and password to verify the account. Once verified the 'Check external email' button will appear in the menu.

Tip: Add a filter to deliver the mail from external email to a sub-folder. This way you can keep your email‎ organized and separate from your mail account. To do this you just need to add a sub-folder to your inbox and then add a filter in the settings menu.

Add Gmail As An External Email Account

Friday, 6 June 2014

Two New Domains Added To Thexyz Webmail

We have today added two new domains to Thexyz Webmail from the .xyz registry. 

Both of these extensions are now available for you to host email with. You could have or and be one of the first people to use email on this new domain extension that was just publicly released this week. Take a look at all the domains now available for webmail here.

Get your .xyz email today!
Friday, 30 May 2014

You can now back order .COM and .NET domain names through Thexyz Domain Control Panel. 


Domain backordering is a service that helps you attempt to acquire a domain name as soon as they expire and become available for registration.  


How does domain backordering work?


Through the help of the advanced domain search filters in the Domains Backorder section of Thexyz domain CP, you will be able to narrow down the list of domains expiring to within 5 days and see only those containing your given keyword.

For instance, you can specify the number of characters in a domain (between 2-64 characters); whether it should contain letters, numbers or dashes; whether you want it to contain a specific word, or only words featured in the dictionary, etc.
After you've indicated your search requirements, just let us know if you want us to generate a list of .COM or .NET domain names.

When done - click on the Search button.

In the search results, you can quickly filter out domains that you are not interested in.
When you place a domain backorder, we'll start monitoring the domain and try our best to snatch it up for you the moment it becomes available for open registration.
Note: Placing a backorder does not guarantee that you will acquire the domain name you have requested, because this is a first-come-first-serve process where we might be unsuccessful in our attempt to register it for you.

What is the price of a backordered domain?

To backorder a domain, you will need to deposit $20 USD in your wallet. The amount is non-refundable, so if we do not succeed in registering the domain for you, you can try to backorder another domain name or use the funds for another web hosting related service.
Thursday, 15 May 2014

With Thexyz Webmail you have the choice of using your own domain or one of our domains. Using your own domain offers more features and benefits than using one of ours. I am going to list some of the reasons in this post to show you how the $14.95 per for a domain is well worth it.

Full Admin Control

When you use your own domain for Thexyz Webmail, you also get access the the admin area which enables additional features such as unlimited email aliases. You can also change your email address and edit your password yourself.

Microsoft‎ SharePoint Included

When using your own domain with Thexyz Webmail you also get a free hosted SharePoint site which includes 250MB of storage. This storage can be upgraded as needed.

Custom Webmail Site

When you use ‎your own domain, you also have the option to upgrade to use your own branded webmail site. This will let you use your own logo on login and webmail pages, you can also add notifications and messages to webmail. A great way to add notifications to all members of your domain. Using your own domain also adds the option to use webmail chat.

Secure Webmail Chat

Using your own domain with a custom webmail site adds a secure instant chat feature directly to webmail. This way you can chat instantly with other members of your domain.

Take Your Email Account To Different Providers

Unlike when you use your email account with the domain of your ISP or with free email providers. You are not tied down to using one service with your own domain. This means that can migrate your email service from different providers.
Monday, 12 May 2014

Secure IM Chat Now Available For Webmail

Thexyz Webmail chat allows teams the ability to instantly chat with other users in the same domain. This feature is available as a one time upgrade to a custom webmail site.  The chat system gives teams a secure platform to instantly chat with other members of their domain. You can chat directly inside webmail without the distraction from other services. Although there are other services providing free online chat, they often come with distractions like ads, non-business related requests and so on. With Thexyz Webmail chat you know your team will not be distracted by others as they only have the ability to chat with team members with the same domain email address.

To add chat to your companies webmail, you will need to upgrade to a custom webmail site.

Friday, 2 May 2014

We have built a new login page for Thexyz Webmail!

Take a look here: and let us know what you think. We will be launching the new site soon.The new page has taken into consideration some feedback from users, larger email and password fields, encryption option and remember me check box.
Thursday, 1 May 2014

Thank you for your patience as we continue to work through a recent DNS issue. We are currently experiencing a service disruption with one of our major DNS providers that is causing connectivity issues to our hosted email environments. Our provider is aware and actively working to remedy the issue. We will update this issue as we have more information.

We have received isolated reports from some users who are experiencing connectivity issues to our Email environment. We are currently investigating the situation and will have it resolved as soon as possible. Webmail has not been affected and is fully functional.

Additional updates will be posted as they become available. Thank you for your patience.

This issue has now been resolved.

Tuesday, 22 April 2014

Good news! BlackBerry 10 smartphones and BlackBerry Playbook now support ActiveSync so Thexyz Premium Email syncs calendars and contacts now without the need for additional apps or Exchange.

To get your BlackBerry setup just follow the instructions below. Although these screenshots are for a BlackBerry Playbook, a smartphone is much similar.

1. Go to the settings screen and under Accounts, select "Email, Calendar and Contacts."

2. Now hit the "Advanced Setup" button at the bottom of the screen.

3. On this screen select "Microsoft Exchange ActiveSync."

4. Leave the domain field blank, enter your full email address as username and email password. The server address is: and port should be 443.

5. If you scroll down you will see some more settings, turn SSL and Push on and then hit continue where you can choose to sync your email, contacts and calendar.

Monday, 21 April 2014

Outlook 2013 Works Like Exchange With Thexyz Mobile Sync

With Microsoft Outlook 2013 you can setup Thexyz Premium Webmail to work like an Exchange account. It works by sending and receiving email through the IMAP protocol. You can then add an additional account as ActiveSync compatible service and then calendars and contacts will sync with your mobile devices and webmail. 

To get started with Outlook 2013 lets setup an email account as IMAP.

Fill out the information needed as listed below:

Email address: Your full email address
Password: Your email password
Incoming server:
Outgoing server:

Click the "More Settings ... " button

Then click on the Advanced tab

Incoming port: 993
Outgoing port: 465

Turn SSL on for both

 Then Click Outgoing Server tab

Check the box that says "My outgoing server (SMTP) requires authentication."

Click "OK"

The account will send a test message and then you can open Outlook 2013. 

Once open, click 'File" at the top left and then "Add Account"

Then select " or Exchange ActiveSync compatible service" and click "Next"

On this next screen enter your email address and email password for Logon information and the Mail server:

Click "Next" and it will the authenticate the settings

Then you should see a screen that tells you "You're all set!" Your calendars and contacts will start to sync. Please note that although calendars will sync with past events, contacts will only start to sync from now on. You will need to export your contacts from webmail and then import them into Outlook.

Sunday, 13 April 2014

What is Heartbleed?

Here is a link that should help explain what the Heartbleed bug is:

Are my users affected?

Any service or website that is connected to the internet and uses SSL encryption is potentially vulnerable to the Heartbleed bug.

Did you fix the issue?

Yes, upon receiving the news that Heartbleed existed and a patch was made available, we immediately patched our services to remediate any potential vulnerability. We also re-issued our SSL certificates.

If it's been patched, then why should I change passwords?

While we have applied the patch earlier this week, there is still a potential that your password could have been previously exposed and extorted as it passed through the internet via the encrypted SSL tunnel. Again, we have no confirmed reports of suspicious activity or hijacked passwords, but in the spirit of security we strongly urge users to proactively update their passwords. We urge you to do your diligence and change any online passwords you may have and confirm with your other providers (hosting, banking, social media, etc) that their SSL protocols have been patched.

Will you force a password change?

Since we have no confirmed compromise and do not assume there was any with the Heartbleed bug, we are simply notifying our customers and strongly urging them to change their passwords.

Can you setup a policy to force users to change passwords on next login?

Unfortunately, we cannot provide this service at this time.

Is there a way to mass change passwords?

  1. Administrators can change passwords on individual mailboxes via the control panel at
  2. Email users can change their own passwords via the Webmail portal at

How can I send a message to email all of my users?

You can send an email to everyone on your domain. To email everyone, log into the control panel, and perform the following steps:
  1. Mouse over the Go to section drop-down menu and select Domains.
  2. In the Tools section, click the Email Everyone link.
  3. If you have multiple domains, select the appropriate domain name. Or, to change domains at any time, click the change domain link.
  4. Click the Email Everyone link.
  5. Enter the following information in the spaces provided:
    • Sender's Name—Enter the first and last name of the sender.
    • Sender's Email Address—Enter the email address of the person sending the email.
    • Subject—Enter a subject for the email.
    • Message Body—Enter the message for your email.
  6. Click the Send button.

I have changed passwords for my users and now they are reporting various password issues, what happened?

  • Check to see if that mailbox is currently locked by looking in the Control Panel for that specific user mailbox.
  • Check what devices they're using to connect to their HEX mailbox! PC at work, iMac at home, work-issued iPhone, personal iPad, etc. Why? If they're Exchange account is set up on any of these devices AND they updated the password recently, they're going to need to update all of their devices for that new password. Meaning, any one of these could be locking out the mailbox.
  • Unlock the mailbox through the Control Panel. Once it shows that it's no longer locked using the aforementioned tools, have your user log into Outlook Web App ( to verify that they are, in fact, using the correct password.
  • Clear out remembered passwords. Particularly on Windows or Macs, we see issues with the Credential Manager (Windows) or Keychain Access (Mac) remembering the "old" password.
    • Once this is cleared out, have them open their email client again. Since you just had them clear the Credential Manager for this account, they should be prompted for the email address and password again.
    • Have them re-enter that information correctly. It would be safe for them to "remember" the password. This, in turn, will create a new entry in the credential manager.
Thursday, 10 April 2014

Everyday Thexyz support team deal with multiple requests from users that they have forgotten their password. When we look back at our logs, we can see that password related issues are the most common type of problem that our users deal with. These support requests can be prevented by adopting a Password Policy. Whether you are a company or a single user, you are going to need a system in place to ensure you remember your password. An IT network can be as secure as can be, but it can be weakened tremendously by a weak password. 

A strong password is a minimum of of 8 characters in length, includes uppercase and lowercase letters, numbers and special characters.

With recent password breaches at Apple, Yahoo, Linkedin and we can see that most people use really simple passwords, and the same password.

Most popular passwords

  1. 123456
  2. password
  3. welcome
  4. ninja
  5. abc123
  6. 123456789
  7. 12345678
  8. sunshine
  9. princess
  10. qwerty

Top base words

  1. password
  2. welcome
  3. qwerty
  4. monkey
  5. jesus
  6. love
  7. money
  8. freedom
  9. ninja
  10. writer
  • It takes 10 minutes to a crack a lowercase 6-charachter password
  • Adding 2 uppercase letters extends 6 years to crack the password
  • If your password 10 characters, with 4 uppercase, 1 number and a special

Varied password restrictions

There is no universal criteria for creating a password, websites impose restrictions like:
  • Maximum 8 characters
  • Maximum 16 characters
  • Maximum 64 characters
  • No symbols or special characters
  • No “.” allowed
  • No “#,$,%” allowed
  • Cannot start with a number
Length is becoming less of a restriction these days, as I learned from a thread at Stack Overflow.

So now we know what not to use, we can get started created a secure password.

How To Create A Secure Password

Tips to keep in mind...
  • Change your passwords periodically
  • Do not use the same password for multiple sites

1. Pick a base word

This is a word that will be difficult to guess, it should not be password or qwerty or anything that can identity you. Some good random ideas could be:
  • school
  • panda
  • swiss
  • tequila

2. Vary your base word

Select your base word and make different variations to vary your password for different sites. For the purpose of this tutorial I have chosen the word “school” as my base word.

school can be varied to become the following
  • school
  • Sch00l
  • $CH00l
  • sKH00l

3. Add additonal words

Create another word used or series of words to make your password unique for different sites.

Using my “school” base word, I am going to make different passwords for different sites, without making it easy for a hacker to guess any other password it they know one.

  • Email password: sCH00lbooks
  • Facebook password: scho0Lmates
  • Twitter password: scho0Lbird
  • Youtube password: scho0Lwatch
  • Bank password: $ch00Lnumblock
  • A low security version: Schooldays

4. Dealing with change

Some sites will periodically advise you to change your password, to keep your password practice consistent, you could adopt some of the following sequences:
  • Planets
  • Seasons
  • Moon phases
  • Current favorite video game
  • Year
Passwords would change like this (using low security version as example):
  • SchooldaysMars > SchooldaysVenus > SchooldaysMoon
  • SchooldaysWinter > SchooldaysSummer > SchooldaysFall
  • SchooldaysWaxingcresent > Schooldaysthirdquarter > Schooldayswaninggibbous
  • Schooldaystetris > Schooldaysangrybirds > Schooldaysdoom
  • Schooldays2011 > Schooldays2012 > Schooldays2013
If we were to apply this to our list it would it would look like:
  • Email password: sCH00lbooksMars
  • Facebook password: scho0LmatesWinter
  • Twitter password: scho0LbirdWaxingcresent
  • Youtube password: scho0Lwatchtetris
  • Bank password: $ch00Lnumblock2011
After a change it could look like:
  • Email password: sCH00lbooksVenus
  • Facebook password: scho0LmatesSummer
  • Twitter password: scho0Lbirdthirdquarter
  • Youtube password: scho0Lwatchdoom
  • Bank password: $ch00Lnumblock2012

A great tip for added security

Another great tip I learnt when working at other tech companies was that when they write down a password they add 3 random characters to beginning or end of the password. When entering the password you disregard these additional characters. If someone was to see your secret password list, this would prevent them from knowing your internal policy for writing down passwords. 
When writing your passwords down you could add 3 random characters to the end like so:
  • Email password: sCH00lbooksVenusRfd
  • Facebook password: scho0LmatesSummery4e
  • Twitter password: scho0Lbirdthirdquarterr32
  • Youtube password: scho0Lwatchdoom0po
  • Bank password: $ch00Lnumblock2012032
Password requirements for Thexyz Webmail users and Microsoft Exchange users.

If you have any other password tips for a secure password, please leave a comment below.
Wednesday, 9 April 2014
Upon learning of the recent Heartbleed issue, an update was made to the SSL certificate for secure mail servers, some customers may be prompted to accept the new certificate. Users should accept the new certificate which should clear the pop up.

At this time we have no reason to believe any sensitive user information was accessed due to the recent Heartbleed issue, however, out of an abundance of caution, we recommend that all users change their password as soon as possible.
Monday, 7 April 2014

Over the past few weeks our system administrators have detected an unusually high amount of traffic towards WordPress login pages.

We have analyzed the traffic and have come to the conclusion that is part of a global massive bruteforce attack against WordPress sites.

Unlike hacks that focus on vulnerabilities in software, a Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in. Often deemed 'inelegant', they can be very successful when people use passwords like '123456' and usernames like 'admin.'

They are, in short, an attack on the weakest link in any website's security: You.

Due to the nature of these attacks, you may find your server's memory goes through the roof, causing performance problems. This is because the number of http requests (that is the number of times someone visits your site) is so high that servers run out of memory.

This sort of attack is not endemic to WordPress, it happens with every webapp out there, but WordPress is popular and thus a frequent target.

As such we would like to offer you few very simple tricks to protect your wordpress site:

Limit Access to wp-admin by IP

If you are the only person who needs to login to your Admin area and you have a fixed IP address, you can deny wp-admin access to everyone but yourself via an .htaccess file.

Create a file in a plain text editor called .htaccess or simply edit the existing one (if any) and add:

# Block access to wp-admin.
order deny,allow
allow from x.x.x.x
deny from all

Where x.x.x.x is your IP address. You can add multiple IP addresses by adding the line: allow from x.x.x.x as many times as IPs you wish to whitelist.

Password Protect /wp-admin folder

You can easily password preotect your /wp-admin folder via your hosting control panel: Advanced -> Password Protection
1. Select your host i.e. the website where wordpress is installed.
2. Browse the path to the /wp-admin folder and select it.
3. Enter the username and password you want to use and hit PPA.

Update your robots.txt file

Add the following lines in your robots.txt file or create a file named robots.txt with the following content:

User-agent: *
Disallow: /wp-admin
Disallow: /wp-login.php
Disallow: /administrator

This will essentially block the indexing of those folders in the search engines as the brute force attackers generate lists of such URLS ( intitle: Log In and inurl: wp-login) with the help of the major search engines. This method is more of a long-term prevention as it will take few months for the search engines to update this information but it should resolve any bruteforce attempts for good.

Our partners at TweakDorks also have an affordable WordPress security hardening service here.
Sunday, 6 April 2014

We asked our in-house developer Perry Toone a few questions about managing a website after we made a few minor changes to our website over the past few months.

Many of the changes we made to become fully compliant with Google's updated terms.

What was a key factor in the recent improvements?

I would say that the biggest area of improvement is speed. Many of the recent changes were made based on improving page load time.

How do you measure page load time?

It is as simple as visiting a website and measuring how many milliseconds it takes to load. There are as couple of useful tools I used to check which also break down all the elements of a page, which allows you to see what exactly is putting the greatest load on the server. Pingdom is one and Google has one too.

What did you do to reduce the page load time?

I reduced the size of all images and then compressed then. I then complied all the css and JavaScript code into one file. This shaved off a couple of bytes which slightly improved the page load time. I then looked at which elements on the page where causing the highest load on the server, and took steps to either replace or remove them.

What was causing the highest load on the server?

Third party JavaScript was the biggest. This is hosted on another server which in turn ensures a slower page load time. We were using AddThis social connect buttons and the AddThis share widget. When I saw how much removing AddThis helped with reducing load time, I had to get rid of them.

What did you use instead of AddThis?

The AddThis social tools area really good, they are easy to setup and have a lot of customization functionality. The only thing negative with them is how many milliseconds they add to the page load time. I built custom social icons for the footer which removed reliance on JavaScript, as for the share buttons (found on Thexyz forum) I used this lightweight option from digital point.

What if you have to use third party applications?

Displaying them in Ajax or i frame is a good practice to help increase the page load time of these elements. Also if the third party application goes down, it ensures your site load is not affected.

Do you have any other tips for reducing page load time?

Use css as much as possible. Buttons are a good example of this. Instead of using an image you can create some fancy looking buttons with css. I also posted a tutorial on this here.

Is improving the page load really that important?

Yes. Not only does Google now say that it does have an impact on how they rank websites, it also improves the user experience. Nobody wants to wait a few seconds for a website to load.

Friday, 4 April 2014

After three years of development Thexyz is retiring the cloud backup software in favor of an open source platform called OwnCloud. This allows us to offer our users with more features and apps developed by a dedicated community. You can take a look at the additional apps supported here

We will continue to offer a managed cloud backup hosting service, the only difference will be that the software will not be developed in-house.

If you are currently using Thexyz Cloud legacy software your application will simply stop backing up files. You are advised to contact support for a free upgrade on one of our new servers or if you no longer have a subscription, you can order a new one here. This ensures maximum compatibility, adds many new features and gives our small team more time to work on what we do best which is supporting our email users.

Subscribe by email

Enter your email address:

Subscribe to more feeds

Trending Posts

Blog Archive


News (65) Web Hosting (48) security (25) Email (19) webmail (19) Advertising (15) Thexyz Cloud (14) Tutorials (13) Video (4) resellers (2)