A2 Host Post - February 2012
February 1st, 2012A2 Hosting Opposes SOPA/PIPA
We’ve had a number of customers contact us regarding our stance on SOPA and PIPA. We have posted our stance against both bills on our site, but wanted to re-iterate this in our newsletter. A2 Hosting wholeheartedly opposes these bills.
As you may know, there’s been a lot of news regarding these bills as of late. I would love to give an update of the status of SOPA and PIPA, but it seems one moment the bills are dead and seemingly an hour later there’s a report they’re stronger than ever.
Let’s talk about what we do know though. Even if these bills officially die, there’s always a strong threat similar bills could appear. This means it’s more important than ever for the A2 Hosting Community to band together and not be satisfied until these bills are dead and Congress knows we don’t want similar legislation. Ever. Sure you can sign as many online petitions as you want, but your representatives in Congress need to hear from you. We strongly urge you to contact your U.S. Senators and U.S. Representative to let them now how you feel.
New TLDs For Your Visitors’ Enjoyment
We’ve had a number of requests from our customers to expand on the amount of TLDs we offer, so we’ve done just that. For quick domain purchases, log into your My A2 Hosting account.
The new available TLDs are:
- .me
- .me.uk
- .mobi
- .tel
- .co
- .us.org
And our personal favorite…
.Pro
Developer Depot - PHP Practices to Protect Your Project
The most commonly exploited vulnerabilities are usually the ones easiest to avoid. That is to say, most of the exploits an attacker might use to gain unintended access to your site or database result from bad coding practices rather than bugs in the software platform (such as a LAMP stack). Let’s focus on some practices PHP developers can adopt to combat some of the most common attack vectors. These are really simple and hopefully advanced developers are already living by them.
Don’t use eval. It’s a tempting tool that allows you to do lots of neat tricks, and it exists in JavaScript and other languages as well. Regardless of the language; don’t use eval. It is the #1 most common attack vector for finding vulnerabilities in PHP code. Sure, you can in theory use eval safely, but we’re all human and we all make mistakes. Whether you’re in a rush, up too late writing code or both, it only takes one slip up with eval to create a giant security hole in your software. Not only do you need to worry about your own code, but what’s worse is trusting code others have written using eval, especially if it’s encoded and you can’t verify for yourself. It’s best to just have it disabled and not use it at all. When we run into software using eval, we contact the developers and request they accomplish the task another way.
Use a framework, PDO or prepared MySQL statements. This one is easy to skip over when you’re in a hurry, but it’s how you can avoid the other most common security vulnerability; MySQL injections. You might think you’re safe simply using mysql_real_escape_string, but it’s not enough. To truly protect yourself from MySQL injections, you should be using either a class which creates prepared statements and sanitizes inputs for you, or at least preparing your own statements before execution.
Validate all user input. Have specific constraints of what kind of data you’re willing to accept from user input, and make sure the values of those variables matches what you’re expecting. Not only for values you are expecting the user to supply, but also for values the user is *capable* of changing, those you aren’t expecting such as GET and POST fields. You might think it’s safe to simply read “./sections/$_REQUEST[’section].tpl”, process it and output the result, but if a malicious user supplies an unexpected value such as “../config/dbconfig.php; “, you have a serious vulnerability. Make sure any values that can be supplied by the user conform to expectations before using them.
These are just three very simple tips for avoiding common attack vectors, but there’s much more out there. Make sure you’re up to date on the current Best Practices and employ them in your code. Don’t wait until after your site is compromised to start worrying about these issues.
Marketing Mojo – Your Changing World Of Google Search
Google has offered personalized search results for awhile now. Certain search results are given an organic ranking boost because they are considered particularly of interest to the searcher, based on their previous searches and interests. Google has taken this a step farther with Search plus Your World. This new feature is available (it’s still being rolled out for some users) when logged into your Google account while searching.
Search plus Your World is comprised of 3 new search features:
- Personal Results – Shows information like Google+ posts designated specifically for a searcher that only they can see.
- Profiles in search – Helps searchers find people they’re close to or likely interested in following.
- People and Pages – Helps searchers find people and G+ pages related to a topic.
You have to think that Facebook might be a little concerned with these new features. Think about your daily search habits. Many people go to Google for information and use Facebook to see what’s new with people in their social circles and what they’re sharing. Now Google users can get both in one place. If someone you’re close to has posted about a topic you’re searching for, you’re getting a personalized recommendation right in your results.
Before it was viewed as merely nice to have a Google+ profile; this may no longer be the case. The web is clearly a crowded place, especially if you’re trying to etch out a name for yourself. That task might have become easier with Google+ and Search plus Your World.