Herself's Webtools

I was asked to help set up a website for a local non-profit. Last time I set up a custom domain name for Blogspot with GoDaddy it was totally painless. It sure wasn’t this time. 404 errors, name servers that wouldn’t update and Google’s directions on Blogger just don’t work.

Here is what does work.

1) Log onto Google
– go to your blog
– go to settings then publishing
Your domain = http://www.yourdomain.com
Be sure to put in the www
Do not check the box for the redirect.
Save settings.

[ click on image for larger view ]

2) Log onto your GoDaddy Account
– go to Domains then My Domains
– check that the name servers are ‘Default Parked Nameservers

3) Go to Total DNS Control and MX Records
– under cnames set host www to points to ghs.google.com

[ click on image for larger view ]

4) Go to Forwarding
– Forward Enabled
– Forward To: http://www.yourdomain.com
– Redirect type 301 Moved Permanently

[ click on image for larger view ]

That’s it. If everything is correct all should be well in a couple of hours. Possibly as long as two days but I’ve never had it take more than a couple of hours. Just replace herselfsgreenthings.com with your domain name in each of the three pictures.

[ I just set that up temporarily to solve this problem. That domain will probably be reverted to its proper home by the time you read this. ]

Hosting companies seem to attract more fly by night businesses than just about anything else online and its hard to find a hosting company you can stay with for any length of time. I’ve moved to my fifth hosting company in 10 years and here’s what I’ve learned along the way.

The first hosting company I had was and still is an excellent hosting company. Problem is they didn’t keep up with the times on the tools and services they offered. I was with them for about 8 years.

Then I converted my old website to blogs and moved to Blogger. While an excellent free service, the servers would be flakey a couple days a month, the same days every month, and it is extremely limited in what you can host and do there. I lasted nine months there.  Wordpress.com hosting is nice but also extremely limited.

So on to the next hosting company, GoDaddy. While popular and offering more tools than my original hosting company, the servers are not the speediest.  It’s a good starting jump for a first website, but not a good hosting company if you run multiple websites and like to get in and play with everything. I was with them about a half a year.

Notice the times with each company seem to be shrinking?

Then I looked at a company that offered cPanel. The tools were excellent, they weren’t. They lasted a week.

Now I’m on yet another company. This one also offers cPanel, the servers scream ( at least so far ) and all is well. At least for this week. I’m seriously hoping it’ll stay good for several years. Time will tell.

It is almost impossible to find accurate information about which hosting companies are good and reliable and which are fly by nights. Since many of them now use cPanel, moving when times get bad should be easier. Less things should get lost and need re-configuring.

If you are switching hosting companies here are a few tips:

1) Don’t prepay until you know you the company is reliable. Start out month by month and if they do well, they pay for longer times to get the discounts. If they turn out not to be a fly by night, or the service is not good, you’ll never see your pre-paid fees again.

2) Do not let a hosting company register a free domain name for you. If you find out you don’t like them, they will be holding your domain name hostage. Register your own domains and keep them safe somewhere else.

3) Backup, backup, backup. To your home computer not to the hosting company server.

4) No matter how careful you are you will find missing things. Do not delete or close your old account until you’ve checked and re-checked your new hosting setup. Give it a week, there’ll almost always be something you forgot to backup.

5) When choosing a hosting company give preference to ones with cPanel. It makes ongoing maintenance of your sites and relocating ( if needed ) much easier.

TimesToCome is my personal website. It has been online since 1997. Not once has it been hacked or compromised in over ten years. Not a single website of dozens I’ve put up has been compromised in ten years.

Today TimesToCome was totally taken down and compromised by the evil robot Cuill Twiceler Bot. A quick Google search will show you I’m not the only webmaster who’s had problems with Cuill.

It totally hammered TimesToCome, rapidly downloading over 1600 files before crashing the website. ( It’s a small website, I don’t know how they found that many combinations of pages to download. ) And when all was said and done four directories, two Coppermine and two Wordpress were totally compromised with all *php files converted to 0777 permissions.

I strongly recommend you block this robot in your .htaccess file.

I was lucky and discovered the problem less than an hour after it was compromised. Cuill Twiceler answered my email stating they will not hit my website’s IP again. I don’t trust anyone who doesn’t know what his robot has been up to. So I will be blocking them anyhow using .htaccess files.

*** Follow up ***
More details emerge.
Some unknown ( except for ip number ) entity uploaded some php files hidden in a *.jpg file to the albums/userpics directories in Coppermine.

When Cuill-Twiceler stomped all over my site like Godzilla does to Toyko it tripped that file. Even though the exploit did not work as planned it converted the image file extension to a *zip file extension, then ran a function int that file that converted all the php, htm and html files to 777 permissions in all directories on the website. It failed to create an iframe in the Coppermine files directing it to some porn site because the wonderful people at my hosting company don’t let their servers run files with world permissions.

Since there were not links to the compromised file the robot never should have found them and triggered them. The robot is badly broken.

I strongly urge anyone using Coppermine to upgrade. The upgrade was painless.

As always keep an eye on any image directories you have on a website. Those seem to be where most exploits park themselves. Any program that allows the general public to upload an image or zip file to your server without verifying what’s in it makes you vulnerable. The person who uploaded the file or a crazy robot can then trigger the script that is inside the file.

See also:
I don’t like spiders and bots
What everyone ought to know about bots

More information:
Cuill banned from over 10,000 websites
Digital Point: Several webmasters banning Cuill for bad behavior
Twiceler banned across server farm
Twiceler sucking up bandwidth
Twiceler needs to be reined in
Guards out for Twiceler
Evil entity Twiceler
How to stop Twiceler