TTL is My Superpower

TTL Power Over the Internet

Understanding TTL makes you a master over domain propagation. Time To Live notifies the world to expect changes and when. If you know what it is and how to use it to your advantage, you can command the world to take notice.

Servers update your domain information by passing updated information, one to another on a schedule controlled by TTL.
Servers update your domain information by passing updated information, one to another on a schedule controlled by TTL.

We have all seen notices from domain registrars that changes to your domain may take 24 to 72 hours to take effect. IT professionals call this propagation. The process is like a pre-school game, whispering a message in the ear of the person next to you. Even sitting next to you, the last person doesn’t get the news until they’re told. Servers actually update their information about websites and email (DNS and MX) by passing the information around. Unless a system knows¬† about an update, it can take a very long time to catch up with your new sub domain or mail provider.

TTL tells those servers when to update routing tables down to the second. So, a TTL of 14400 is 240 minutes or four (4) hours. Every request for DNS information needs to be answered, so server administrators extend Time To Live for as long as possible. It spreads out the requests so they don’t compete with the other important tasks the server performs.

What’s a webmaster to do?

Knowledge is power and Time to Live can be changed. You can change the TTL of a single subdomain or an entire server. For example, you can move your mail between servers and providers almost instantly by changing the MX record from 14400 to 300. Now, when you move to another mail server, all your mail will follow within five minutes. We use the same method for moving a domain between servers or every domain when migrate servers.

You need to plan for the maximum benefit. you can’t change your TTL to 300 and start making immediate changes. Nothing can happen until the old Time to Live expires. The safest way make a change requires changing the TTL and waiting for the old time to expire. So, if the old time was eight hours, we change TTL to five minutes then walk away for eight hours or longer.

We can be confident that over the eight hour wait, the major routing systems got our notice that the new time is five minutes. You can change anything mail servers, A records and CNames and the internet will obey your command.

Your DNS Control Means Everything

DNS Control or Nothing

DNS control means everything to your online presence and I still see avoidable problems all the time. This just happened and I had to drop everything to warn everyone once again. As a domain owner, you need to control a couple things. Short of apocalypse, you need to know these things with absolute certainty.

  • your domain registrar
  • your contact points (phones and email) are current with your registrar
  • where your DNS controls are and how to access them

The first two items manage ownership of your domain name. Don’t give control to anyone you wouldn’t trust with your wallet or your kids. In particular, the second item, keeping your contact information current, will save you hours, if not days, trying to regain control of your name if you need to move or update something. For example, updating mail services or subscribing to online data feeds like an MLS plug-in for realtors. Maybe you’re reading this and thinking about moving your website to us (please do) you will need to keep that information current.

DNS control is the last part of that puzzle. All those directions, where the mail server is located, subdomains you use, sometime even site verifications may have to be done from your DNS records. It is absolutely the heart and soul of your online existence. On the other hand, like a set of keys, they get lost constantly.

Today’s incident involved a website that was once hosted by one of our resellers. The site doesn’t live on our servers anymore, but somehow my name came up. The name servers for the domain were with our technology partner CloudFlare. Security represents a major focus of the services from CloudFlare, we were not going to get much information there, and the email address used to control the account was lost. The simplest solution would be getting control of the CloudFlare account and updating the DNS records, but that’s not possible. Fortunately, the registrar was known to the person who called us.

They are going to have an interesting Memorial Day weekend. Hooking up a new email provider created this pre-weekend panic. The solution involves moving DNS control away from CloudFlare only to hook it all up again manually. I wish them luck.

Please, learn from this post. Share it with any friends who own a domain name and maybe we can save someone else from this fate.

Website Wednesday with LyonsHost

Website Wednesday

Website Wednesday rolls off the tongue pretty easy and we hope the idea works for you as more than a catchy phrase. Nearly half way through a year of amazing changes, it past time to get rolling with our social media outreach. We are going to try a few things to see what works best, but I’d like to see how far Periscope can take us. You can follow our hash tag #websitewednesday for more information.

Live Streaming

For those who don’t know, Periscope is a streaming video application which was acquired by Twitter in the past year. It should allow Barbara and me to show off the technology we use to deliver useful websites into the hands our clients and hosting customers.

WordPress basics along with some tips, tricks and time savers will be our first Website Wednesday topic on May 25 at 4:00pm eastern time. We can show you a few sites and answer questions posted through Periscope and Twitter.

Feedback Welcome

Your feedback will make this experience better for everyone. Let us know what you want to learn about. Is there a topic that you want to learn more about related to your website or your website hosting? Right now, we have a list of topics that we think will be interesting, but you are ultimately in charge. Send a tweet. Leave a comment, or post to our Facebook page.

We look forward to a great conversation on Wednesday.

CRM Is Essential for Small Business Too

CRM inspires passion with me. You can normally implement CRM in your business workflow with only a little extra effort. That effort pays back handsomely in saved time and easier acquisition of information after your first few interactions. Mostly, it provides a level of confidence and insight when those around you play guessing games. Few other tools give you such insight into questions of how and why things happen in your business.

What it means

CRM stands for customer relationship management. It accomplishes much more than your contact database. CRM tracks and highlights the workflow of getting customers and ultimately how you interact with those customers over time.

CRM shows it all.

Tracking the ROI on marketing campaigns and media as well as professional memberships takes those items out of murky guesstimates into solid numbers. Something as simple as recording new customer contact helps you measure advertising campaign effectiveness like a pro. Before you know it, those feelings of what works and doesn’t work can backed with names and numbers that can validate what you thought you knew or help you cut loose from a losing proposition.

By analyzing internal processes and workflows to see where you might be leaking potential sales, CRM helps you locate what processes (like complicated paperwork) might be turning away customers or making delays when you try to close deals. More than other tools, it even shows if one method of sales closes more than others you use. Are you missing an opportunity by not doing more business with existing customers through your website? You can track that too.

a graph of CRM relationships
CRM Tracks all of your customer and constituent relationships.

CRM applications have been gamified to bring friendly competition to your sales team. Specialized¬†CRM applications exist for associations and non-profit groups as well as verticals for specific industries. We use an application made just for hosting companies and I’ve written about CiviCRM before.

What about your small business? Do you think that you’re not big enough for such a powerful piece of software? Does the learning curve frighten or intimidate you? It shouldn’t. Day to day, just the process of taking the kind of notes that you probably already keep feeds valuable data into your system. The pay off comes back as reports on those notes. Most of us never have the time to sort through all of our notes to digest the bigger picture. A good CRM does that for you. Ask for a report on sales by product and get it back in seconds. Want to track that product through your different sales channels? It could hardly be easier.

Ready to learn more about how to include CRM in your hosting? Need help with installation or configuration or choosing one of the free applications included with our hosting? Call our office at 850-942-9442 in Tallahassee or open a ticket or leave a comment below. We’d love to hear from you.

Secure Enough or is Your Site Secure?

“Secure Enough” for What?

When you tell yourself, or a web professional that the site is secure enough , you accept a lot of risk without really understanding the consequences.

When we speak to people about website security, they often respond with concerns about payment fraud, and identity theft. Users try to address those problems by using third-party payment gateways or externally hosted shopping carts. Those users miss real security risks because they make the mistake of trying to scale headline news stories to their own small businesses. If they are so small, then why would they be a target?

A Different Game

“Why would anyone want to hack my website,” you say to yourself. ” I don’t even store personal identifying information on my website. There’s nothing to gain from hacking my website.” True enough, but you missed the real reasons that someone wants your website. I had designed websites since 1992 but only started hosting in 2003. back then, I still believed those reassuring stories about my security.

Fool Me Once, Shame on You

We now prevent everything I’m about share, but like a neighborhood watch, we still rely on user observations to prevent the unforeseen.

One night I watched a hacker from Brazil defaced my website while I watched. My introduction to script kiddies had begun. At the time, we had a live chat feature on our website and it tracked the user he moved from page to page until he found exactly what he wanted. The next thing I knew, they defaced my website. My page displayed unfriendly content about the USA along with skulls and self glorifying statements about how this person was the greatest hacker of all time. My education launched at a running pace.

What if they already stole the credit cards?

One client faced that scenario from an IP in West Africa. Orders were never completed, but each order started and progressed to the stage of entering credit card data. His bank charged him for every card number verified. The scammer nickled and dimed him into a slow froth. We identified the IP range and blocked it. Then they moved to another IP range in another country. Eventually we had everything locked down tight. The problem presented to us was manual input. Manual input made the otherwise normal behavior hard to block. How would we know manual input from automated input? All the user names were adjacent letters on a qwerty keyboard, ljlj and fdsd.

Losing a day’s productivity is bad enough and being bled one drop at a time with bogus charges is no picnic either. That’s not the worst of it. If you feel “secure enough” you could miss the real threat. Everything, including perspective changes over time. Many people treat their websites like a home in the country or a small town where you know every neighbor. Things have changed since my first page written in HTML in 1991. Our network represents a nice neighborhood, but we pay a cost to preserve that feeling, for very good reasons.

They Want Your Website

Your site represents a great target because of the of the value it offers to illicit operators. Most attacks target servers with good reputations. Like the criminal who covers his tracks by operating out of an upscale neighborhood, hackers seek out servers with good reputations to exploit for spam and phishing.

Real time Black Lists (RBL) represent one of the key tools to protecting users from spam. When servers start to spew spam, they get listed on any number of RBLs, like http://multirbl.valli.org/. Websites and email get blocked quickly this way. Getting listed can mean having all of your email banned for 24 to 72 hours depending upon the list and how you manage the incident. In an environment like ours, one bad incident can block hundreds of email users.

Ever get that warning from your browser that it doesn’t trust a page? Someone thought they were secure enough that they didn’t need to update their content management system, like WordPress or Mambo. Hackers subsequently placed a hidden website inside the unsuspecting owner’s site. It might look like a bank or day trading company site, or even Amazon.com. The fake site has a login screen, then it might even forward you to the real website, so you never know that you gave away your login.

We see attempts at phishing and variations on hacked email or spam programs embedded in websites. We run multiple firewalls and file scanners on the servers, websites and email. From time to time a legitimate website owner or developer gets blocked, not for any fault of theirs. We can usually fix that in minutes. Users who believe in “safe enough” still pose the biggest threat.

Most users ignore website updates because they think it’s complicated or expensive. That’s no longer true. Newer content management systems update themselves with a single click. As an Installatron hosting partner, LyonsHost also offers an option for completely automated software updates. Installatron also updates your plugins for you so most updates happen without the user getting involved.

Hopefully you won’t settle for “secure enough” any longer. If you need a hand, please contact Barbara or Jonathan.