All GlobalSign branded SSL Certificates (excludes AlphaSSL) issued on and after 22nd December 2011 will start benefitting from FREE Malware Monitoring on their websites.

If you have a GlobalSign SSL Certificate from XDnet your site will benefit from daily HackAlert scans which can identify any pages infected by drive-by downloads and provide alarms for “zero-day” malware threats hidden in your websites, protecting you and your users from the damaging effects of malware.

If malware is detected by HackAlert it will instantly email you with details, including the offending code snippet of the malware so you can quickly remove it from your website.

Every day thousands of websites are hacked and used to distribute malware to the websites visitors. Such malware is developed to compromise PCs and spread viruses, hijack computers or steal personal information.

Unless remedied quickly, an infected website will quickly be flagged or blacklisted by Google for hosting malicious content, you can expect traffic to your site to drop significantly when potential customers see worrying warnings about your website potentially harming their computers.

HackAlert acts as an early warning system against zero-day attacks. By passively monitoring your website and identifying breaches quickly – giving you time to remove malicious code before too much damage is caused.

Malware left on your site can cause untold damage to your brand and permanently associate your brand/site with malware and untrusted with users and search engines. Sites found to be hosting malware or malicious code may also be suspended by XDnet Web Services until the offending items are removed.

We are pleased to announce that XDnet have  now officially partnered with CloudFlare.

As a certified partner we can provide users with easy integration with CloudFlare direct from cPanel with the click of a button!

Enabling your site to use CloudFlare is easy and brings huge benefits to both you and your users, on average sites using CloudFlare:

• Load 40% faster
• Uses 60% less bandwidth
• Sees 65% fewer requests
• Is vastly more secure!

During my time on the web I have noticed how many users have misconceptions about HTTPS or SSL, so hopefully this should help clear a few things up and ensure your clear about what SSL does… and doesn’t do and how to be safe on the web.

Firstly i would like to explain a bit about HTTPS and to try and clear up some of the misunderstandings a lot of people seem to have about it.

HTTPS:// which stands for Hyper-Text Transfer Protocol Secure, which is a secure connection between you and the server. HTTPS is NOT a protocol in it’s self. HTTPS is exactly the same as HTTP except it has a extra layer of “security” called SSL (Secure Sockets Layer). When comparing HTTP and HTTPS the only “physical” difference is HTTPS uses a different TCP port (usually 443) where as HTTP uses 80 (or 8080 depending on server set up).

SSL was developed by Netscape for you guessed it sending files and information via the web without nosy neighbors peeking. SSL uses a cryptographic key system. This system uses two keys which encrypt the data being sent, the first being the public key which is known to every Tom, Chris and Rumpelstiltskin and then we have the Private key known only to the intended recipient of the data.

I have come across quite a few people who assume that because a web-page has “Secure” it means their information, which often includes full credit card details, are secure for the short journey across cyber-space and the comfy stay in a little server on the other side of the world. However often what most do not understand is this is not the case, yes the information can not be easily sniffed or taped on its connection between you and the server, but it does not secure its safety when it reaches the server OR how the webmaster as well as every one who has access to the server (which can often be a lot) do with your information.

Just because a server uses SSL (which any body with a website and a spare £23 ($45)ish can obtain, without any security checks for the website i might add, doesn’t mean the server can’t be hacked or even be already hacked.

Dodgy webmasters, not only do you have to worry about your personal information being sniffed or viewed on transfer, while it’s sitting on the web server and crackers seeing it, But what about the actual website Administrator? what is he suddenly thinks hey, i have a database full of all the transaction details  from when i have sold naff to over the net…

Getting security certificates validated by browsers.

Now virtually all modern browsers are both SSL capable and show some type of alert if the incoming SSL certificate  is self signed or invalid.

I would like to make this perfectly clear, ANY webmaster can set up a secure connection for his/her website(s) and it will have EXACTLY THE SAME level of security as a certificate signed by a authority, the only difference being that many browsers have been “told” by the “certification authorities” that your site is OK!

Other wise your browser experience is hindered by warnings (especially with browsers such as Internet Exploerer 7 and Google Chrome who refuses to show the page unless you accept)

If you would like more information about setting up SSL of purchasing a SSL Certificate through XDnet  – Just Ask! and we can help with the process.

Hopefully this post has helped users understand what SSL does do – offer an extra layer of protection to your data, but also helps to understand the importance of not providing personal information to any website on the internet, if you have doubts about the intentions of the webmaster, try asking them about their policies and how they might use your data, if they can’t answer honestly about how they process your information, don’t risk it.