Inodes limits and how to reduce inodes count

An Inode is a data structure used to store the meta data of a file. The number of inodes indicates the number of files and folders you have under your hosting account. All the shared hosting service providers maintain these limits in order to avoid disk abuse as having large number of files on the system causes IO issues resulting in slowness for all the sites on the server.

Limits

The implemented inodes limits are:

Soft limit (150,000): If your inode count is 150K, your account will be removed from automatic weekly backups.

Hard limit (250,000): When the inode count reaches 250K, no further files can be added to the account.

If your hosting account usage is normal, you will not need to check the inodes limit, however if your account is creating large number of files automatically sprouting thousands of files within a day then you may hit the inode limit and may require to clean or properly configure your account.

The good news is you can very easily get your account under the limit by following these guidelines:

  1. Delete the unnecessary files and folders under your account
  2. Delete junk or spam emails
  3. Delete cache created by many CMS

You can also contact us and we can provide you with exact location of folder where most of inodes are being used.

 

Activating and Configuring WordPress Fastest Cache

If you are running a WordPress site, it is recommended to enable the WordPress Fastest Cache plugin as it creates static html pages for your php pages, resulting in much faster page response times.

Plugin can be enabled from the wordpress admin dashboard by simply visiting Plugins -> Add New -> Search Plugins and searching for ‘WordPress Fastest Cache’.

1

2

Once Installed and Activated, simply enable the ‘Cache System’ and ‘Browser Cache’ to enable the functionality. You can enable more options as well depending on your requirements.

3

 

Enabling Cloudflare for your Domain Name

CloudFlare is a free services that protects and accelerates your site by optimising content delivery and routing traffic through their intelligent global network, blocking hacking attempts against your site so your visitors get the fastest page load times, best performance and enhanced security.

To activate cloudfalre, simply login to your cPanel at: example.com:2082 (replace example.com with your own domain name) and under the ‘Software’ section click on ‘Cloudflare’ icon. Them simply follow the steps to enable the free cloudflare service:

1_a

2_a

3_a

4_a

 

Advantages of HosterPK Unlimited Packages

Here is a list of prominent features we provide on our Unlimited packages that are not offered on the regular limited packages:-

  • More CPU, RAM Resources: With unlimited packages each account is assigned double the resources than that of normal shared packages including more CPU, RAM resources resulting in faster page loads.
  • Faster Page Loads using Varnish Cache: Aside from the more CPU and RAM resources our Unlimited packages utilize advanced varnish caching mechanism which helps in instant page loads than other normal hosting solutions.
  • More Reliability: Unlimited packages are created on servers having lesser websites than normal shared servers resulting in more reliable websites.
  • Realtime Scanning: Every file uploaded on the server through FTP or upload forms is immediately checked for malicious content so that malicious shell, mail scripts are detected and stopped from even being uploaded to the server.
  • Advanced Web Application Firewall: With the web application firewall you are protected from sql injection, cross site scripting and other multitide of website hacking  attempts, resulting in even more secure hosting infrastructure.
  •  Daily Scanning: Even if the realtime scanning and web application firewall is not able to stop malicious file from being uploaded on the server, each account is scanned daily with multiple anti-virus, anti-malware applications, making it even harder to hack your website.
  • No Automatic Suspension: On shared servers,  accounts violating acceptable usage policy (e.g. sending too many emails per hour or running resource extensive scripts) are suspended automatically. On unlimited servers we check these  manually and you are notified ahead so appropriate action is taken without suspension.
  • Faster Support: Due to structure of unlimited packages, if you face any issues regarding the servers, we are able to check and diagnose the problem much more quickly resulting in faster problem resolution.

Hope this helps.

 

Keeping your website secure and safe from hacking

Keeping website secure from hackers
Keeping website secure from hackers

Just a few days ago (May 15, 2014) we have seen the Rawalpindi Police website getting hacked. Being the premier hosting company in Pakistan, we strive to provide the best possible protection against these attacks that is why we use the secure application level firewalls so these attacks are stopped right at their footsteps.

However there are still chances that no matter how much security you implement at the server level the hacker is able to exploit some vulnerability at the application end where the server security may not be able to stop the attempt. So if the application is vulnerable no matter how much security you have in place at the server  end the site may still get hacked. It’s like closing the front door of the house but leaving a window opened for the thief to get through.

So it is vital to understand the basics of how a website gets hacked to keep the website secure. In this post I will list some of methods hackers use to hack a website and also their prevention tips:

Sql Injection:

Sql Injection is most common type of hacking attack. I will not go into technical

SQL Injection Example
SQL Injection Example

details, you can read about sql injection here.

Basically if you are using a custom developed CMS e.g. one developed by you or your programmer, then the programmer should be asked to script the application to check and avoid any type of sql injection attacks.

However if you are using a popular CMS like WordPress or Joomla etc, then make sure you are using the most recent version of the script. As an older version may contain some sql injection vulnerability which the programmer did not fixed. That is why wordpress releases new versions which contain fixes to the previous vulnerabilities and also new features.

So the reason for your WordPress website getting hacked is most likely that you forgot to upgrade to the latest version and some malicious hacker used the vulnerability present in the previous version to hack the website.

Cross site scripting

Cross site scripting or XSS is another common type of attack and its technical details can be found here. The prevention will be the same as the ones described in SQL Injection bullet above.

Tricking the user to install infected script as theme or plugin

When installing a theme or plugin/module to your WordPress or Joomla installations make sure that you are downloading the theme from a trusted source (e.g. a trusted website).

We have seen a lot of users installing themes or plugins which are cracked to get a free installation of a paid script. What happens is that the person who has cracked that script also inserts their a malicious code in the script.

So when you install that theme or plugin it will also insert the code which the hacker later exploit to deface your website or use it to send spam etc.

Using a keylogger or ftp password stealer on the users own system

This is also somewhat similar to above, however in this case the hacker is able to

trick the user to install a trojan, virus called ‘Keylogger‘ on the users local PC.

The keylogger then logs every key the user presses and later sends those to the hacker. Once the hacker get your login details they are free to access your account and modify code etc.

To avoid this scenario always install and updated anti-virus / spyware software on your local PC. Anti-spyware software like: Malwarebytes, Adware, Spybot S&D are good to scan your PC if you think you are infected.

Use of weak userid / password combination for your control panel or CMS admin page

Recently we are seeing a lot of hackers using brute force attacks against WordPress,

Weak Password
Weak Password

Joomla sites, so if you are using simply userid / password combination e.g. (UserID: admin and Password: 123456) it can result in hacker getting the admin access to the website and untimately resulting in site getting defaced or used in other malicious activity.

Hopefully these techniques will help keep your website safe and secure. Our unlimited packages have real-time security scanner, so for a secure website simply order one of our Unlimited Packages.