Enabling Cloudflare for your Domain Name

CloudFlare is a free services that protects and accelerates your site by optimising content delivery and routing traffic through their intelligent global network, blocking hacking attempts against your site so your visitors get the fastest page load times, best performance and enhanced security.

To activate cloudfalre, simply login to your cPanel at: example.com:2082 (replace example.com with your own domain name) and under the ‘Software’ section click on ‘Cloudflare’ icon. Them simply follow the steps to enable the free cloudflare service:






Advantages of HosterPK Unlimited Packages

Here is a list of prominent features we provide on our Unlimited packages that are not offered on the regular limited packages:-

  • More CPU, RAM Resources: With unlimited packages each account is assigned double the resources than that of normal shared packages including more CPU, RAM resources resulting in faster page loads.
  • Faster Page Loads using Varnish Cache: Aside from the more CPU and RAM resources our Unlimited packages utilize advanced varnish caching mechanism which helps in instant page loads than other normal hosting solutions.
  • More Reliability: Unlimited packages are created on servers having lesser websites than normal shared servers resulting in more reliable websites.
  • Realtime Scanning: Every file uploaded on the server through FTP or upload forms is immediately checked for malicious content so that malicious shell, mail scripts are detected and stopped from even being uploaded to the server.
  • Advanced Web Application Firewall: With the web application firewall you are protected from sql injection, cross site scripting and other multitide of website hacking  attempts, resulting in even more secure hosting infrastructure.
  •  Daily Scanning: Even if the realtime scanning and web application firewall is not able to stop malicious file from being uploaded on the server, each account is scanned daily with multiple anti-virus, anti-malware applications, making it even harder to hack your website.
  • No Automatic Suspension: On shared servers,  accounts violating acceptable usage policy (e.g. sending too many emails per hour or running resource extensive scripts) are suspended automatically. On unlimited servers we check these  manually and you are notified ahead so appropriate action is taken without suspension.
  • Faster Support: Due to structure of unlimited packages, if you face any issues regarding the servers, we are able to check and diagnose the problem much more quickly resulting in faster problem resolution.

Hope this helps.


Keeping your website secure and safe from hacking

Keeping website secure from hackers
Keeping website secure from hackers

Just a few days ago (May 15, 2014) we have seen the Rawalpindi Police website getting hacked. Being the premier hosting company in Pakistan, we strive to provide the best possible protection against these attacks that is why we use the secure application level firewalls so these attacks are stopped right at their footsteps.

However there are still chances that no matter how much security you implement at the server level the hacker is able to exploit some vulnerability at the application end where the server security may not be able to stop the attempt. So if the application is vulnerable no matter how much security you have in place at the server  end the site may still get hacked. It’s like closing the front door of the house but leaving a window opened for the thief to get through.

So it is vital to understand the basics of how a website gets hacked to keep the website secure. In this post I will list some of methods hackers use to hack a website and also their prevention tips:

Sql Injection:

Sql Injection is most common type of hacking attack. I will not go into technical

SQL Injection Example
SQL Injection Example

details, you can read about sql injection here.

Basically if you are using a custom developed CMS e.g. one developed by you or your programmer, then the programmer should be asked to script the application to check and avoid any type of sql injection attacks.

However if you are using a popular CMS like WordPress or Joomla etc, then make sure you are using the most recent version of the script. As an older version may contain some sql injection vulnerability which the programmer did not fixed. That is why wordpress releases new versions which contain fixes to the previous vulnerabilities and also new features.

So the reason for your WordPress website getting hacked is most likely that you forgot to upgrade to the latest version and some malicious hacker used the vulnerability present in the previous version to hack the website.

Cross site scripting

Cross site scripting or XSS is another common type of attack and its technical details can be found here. The prevention will be the same as the ones described in SQL Injection bullet above.

Tricking the user to install infected script as theme or plugin

When installing a theme or plugin/module to your WordPress or Joomla installations make sure that you are downloading the theme from a trusted source (e.g. a trusted website).

We have seen a lot of users installing themes or plugins which are cracked to get a free installation of a paid script. What happens is that the person who has cracked that script also inserts their a malicious code in the script.

So when you install that theme or plugin it will also insert the code which the hacker later exploit to deface your website or use it to send spam etc.

Using a keylogger or ftp password stealer on the users own system

This is also somewhat similar to above, however in this case the hacker is able to

trick the user to install a trojan, virus called ‘Keylogger‘ on the users local PC.

The keylogger then logs every key the user presses and later sends those to the hacker. Once the hacker get your login details they are free to access your account and modify code etc.

To avoid this scenario always install and updated anti-virus / spyware software on your local PC. Anti-spyware software like: Malwarebytes, Adware, Spybot S&D are good to scan your PC if you think you are infected.

Use of weak userid / password combination for your control panel or CMS admin page

Recently we are seeing a lot of hackers using brute force attacks against WordPress,

Weak Password
Weak Password

Joomla sites, so if you are using simply userid / password combination e.g. (UserID: admin and Password: 123456) it can result in hacker getting the admin access to the website and untimately resulting in site getting defaced or used in other malicious activity.

Hopefully these techniques will help keep your website safe and secure. Our unlimited packages have real-time security scanner, so for a secure website simply order one of our Unlimited Packages.

How to run a website as an online income source

This post is aimed at:

  • Average Pakistan internet user or web surfer, who spends most of his time online playing games, watching movies and other similar activities.
  • A beginner internet user who wants to explore the world of internet and want to run a website about his hobbies or passion.
  • People who have their own income stream but want to have a 2ndary source of income.

ایک وب سائٹ کو کیسے ایک آن لائن انکم سورس کے طور پر استعمال کیا جا سکتا ہے (اردو ٹیوٹوریئل)

Please do not take this as some get rich quick guide, as that is not the point of this post, but instead to help the user to make their time worthwhile online.

So you will have to spend time and use your creativity in order to be successful. For example if you are willing to give 2 to 3 hours of your day each day for next year or year and half, the year after that you will be satisfied and proud of your achievements. 

Okay so what this post is NOT for:

  • Money making guide
  • Get rick quick scheme
  • Due to scope of this article, this may not be suited for existing developers, or webmasters.

One more thing I would like to clear is that you do not need to have expertise in web development, as you can learn along the way, or require a lot of budget (the basic package for a year can cost you just around 1700 per year). But again your time and some creativity will be required in order to run and host your website, blog, online store etc.

Okay now that the basics are out of the way lets dive into it:

Basically here I will guide you on how you can utilize your spare time in something creative and constructive like hosting a website and generating some income out of it e.g.

  • You can host a blog about your favourite hobby and then display paid ads to earn.
  • Expand your local shop / business into online website selling your products to even wider range of customers.
  • Run an affiliate website to market products and earn commission.
  • Work as freelancer online and put your complete portfolio on your website
  • And many hundreds of other methods

As you can see there so  many ways to make money using the online businesses and we cannot cover all these in a single post so we will cover the very basics in this article and in the coming months will cover other methods as well. In this article we are covering the very basic like:

  • Purchase a web hosting package for your website.
  • Create a website about your passion or hobby (e.g. cricket, fashion, politics, entertainment), using easy to use CMS like WordPress.
  • And how to apply for different add serving networks so you can earn when visitors visit your page and click on the ads as serviced by the program.
Hosting a website with wordpress and adsense as an income source

For brevity I am just going to outline the steps here, you can see the video above which will follow each step so there is no point writing all the steps in detail here. So here are the steps (please watch the video above for complete details):

  1. Visit our website http://www.hosterpk.com/
  2. Choose a hosting package.
  3. Select a domain name and complete the order
  4. Once the payment is cleared you will get your hosting account details. We usually send those within 30 minutes of the deposit confirmation
  5. Now that your domain / website is online we can go ahead to install wordpress from the control panel provided
  6. Once wordpress  is installed its time to get a theme matching your hobby or passion.
  7. Now the hard part: content generation. As long as you are interested in your passion this should not be very difficult.
  8. Once you have the content and sites look and feel is how you want you can go ahead and apply for ads from some ad network like adsense.
  9. Once ad network approve your website, now your website is making money, very little at start but if are generating new and unique content and get regularly it is only matter of time before search engines start to notice your website and more and more visitors see your site resulting in more clicks.
  10. That’s it, sit back and enjoy!

Some WordPress and Adsense Resources:

If you have any questions regarding this article please do leave your comments in the section below and I will try to answer each of your queries as soon as possible.

Web Hosting Pakistan: How to choose wisely

It has been over 5 years for me in web hosting business and during this period I have come to deal with a lot of clients, searching for a good web hosting company in Pakistan. A company which can host their website at reasonable price, give timely support, provide quality service and above all a hosting company which you can trust. However sometimes the visitor ends up buying a service from a shady host and ends up with troubles like:

  • No after sale support
  • Unable to even contact the web host
  • The web hosting company goes out of business, leaving clients nothing
  • Domain thefts
  • Upon renewal the hosting company demanding more charges than the 1st year.
  • And many other such issues…

So in this post I would outline some of the common pitfalls that clients face when choosing a hosting company in Pakistan and also a few guidelines on how to make a more informed decision to avoid inconveniences later.

Single Person Hosts

Single Person Host
Single Person Host

When searching for a web host through Google or purchasing through someone you know (friend, developer), make sure you do not end up with a host that is run by a one person. There are plenty of “hosting companies” in Pakistan which are being run by a single person which means you are at the mercy of that one person. It is important to avoid these kind of hosting services if you consider your data to be important. Below I will list a few points which you can use to detect if you are dealing with a proper company or a shady one.

Domain Ownership Issues

Domain ownership issues
Domain ownership issues

Another common issue client face is domain ownership disputes when dealing with shady hosting companies. Basically you purchase a domain name and work hard to build traffic to the website or if it is a company domain name and is associated with your brand and all your emails are working from there. Then one day you need to renew the domain only to find out you are unable to contact the person who registered the domain name. They are either out of business or they want far more amount to renew the same package. Another effect would be the loss of data in case of you are not able to contact the company, and don’t have the backup available locally.

Avoiding the Issues

Here are some of the steps you can use when searching for a hosting company through searching Google. If you are going to purchase through some person then it is also best to confirm their website address and make sure they have the followings:
1. A landlines number:- The best option is to use a host who have a Toll Free Number listed prominently on their website. Otherwise they should at-least have a landline number listed. The site who have only cell # listed should be avoided at all cost, as it is strong indicator of single person host.

Toll free number listed on HosterPK Website
Toll free number listed on HosterPK Website

2. Bank Accounts with Company Name:- Another way to verify authenticity of a host is to check their payment methods and make sure they have their account names listed under their company name e.g. for hosterpk.com we use ‘HosterPK Pakistan’ in our bank account titles. The bank accounts should not be a person name. This means the company has an NTN number.

HosterPK Bank Account Titles
HosterPK Bank Account Titles

3. Company Address:- Make sure there is a company address listed in the contact us page of the host’s website.

HosterPK Company Info
HosterPK Company Info – Address, Landlines, Cell #, Toll Free – Clearly mentioned on Contact Us page.

4. Contact the host:- Before purchasing, contact the host with a any query e.g. how long time will it take for the account activation, or call them to see if they reply.