* jacky.yourdomain.com
* johnny.yourdomain.com
* harry.yourdomain.com

You may be installing WordPress 3 to use the Multi Site features that will require wildcard DNS hosting. In any case your domain should be functioning and propagated before you attempt setting up a wildcard subdomain.

In cPanel Login to your account and look for your subdomain control panel applet.

Now you want to add a subdomain that will point to the location of your content. For WordPress 3.0 install choosing the directory with your .htaccess file as your target. If you only have one domain and site on your account you can point to your base public_html directory.

Click Create and you are ready to add subdomain hosting including WordPress 3.0 Website.

If you have problems because you are hosting many addon domains meaning many domain names with independent sites then you should make sure that the wildcard is pointing to the directory with WordPress 3.0 in it.

You will need to go into WordPress and enable your Network Options after you add your wildcard.

Please also see the cPanel’s website and review documentation .

It is not unusual for individuals who are busy with their day to day work to overlook which registrar the domain was registered with. The Domain Renewal Group try to take advantage of this fact. They feel it is quite legitimate to catch people off guard and scam them for money. A quick google search on their company turned up lots of information about this scam. In fact all the results I see in Google are complaints about this company rather than any services they provide.

If you read the letter carefully, you realise that they are using an approach called slamming, which tricks you into switching your domains to another company. Specifically, they are highlighting each domain that is due to expire and that I risks associated with losing the domain name unless you renew with them. They don’t highlight any risks such as losing all your email and website when you switch over to them.

Although the letter states that it is not a bill, it has been designed to look like an invoice. An interesting aside is that they offer other variants of your domain name in the hope they can SCAM you registered other domains too.

If you receive a letter like this from Domain Renewal Group or from anyone else contact your own registrar or the person who maintains your website before parting with any money.

We encourage all customers to forward any and all spam to ACMA. In order for ACMA to do anything about the spam you have received, you must include the full email headers in the email that you forward.

Full e-mail headers are needed to investigate any phishing attempt so that the source of a message can be revealed. To retrieve the full headers from a message, you will need to locate it within your e-mail client. Instructions for locating and copying e-mail headers in different e-mail clients can be found at: www.spamcop.net.

Below is a quick set of instructions in how to reveal email headers in Outlook 2003 and Outlook 2007

1. Open the offending email.
2. Click on the word View in the menu bar.
3. Select the option Options.
4. The Message Options dialog will apear.
5. Right-click on the text in the Internet Headerssection.
6. A submenu will appear.
7. Choose the option Select All.
8. The text will appear in inverse video, indicating that it is selected.
9. Right-click on the selected text.
10. A submenu will appear.
11. Choose the option Copy.
12. Click on the Close button.
13. The Message Options will disappear and you
    will return to the offending email. Now you have the message in your buffer.

A Sample phishing mail

Below is a more detailed look at email headers, it is not for the faint hearted.

Return-Path: 
Envelope-To: peter@example.com
Received: from [84.120.132.215]
 (helo=84-120-132-215.onocable.ono.com)
 by example.com with smtp (NetMail-SMTP 1.16);
 Sun, 10 Oct 2004 03:40:32 +0200 (CEST)
Date: Sun, 10 Oct 2004 05:39:35 +0300
From: CitiBank 
MIME-Version: 1.0
To: peter@example.com
Subject: CITIBANK REMINDER: UPDATE YOUR DATA

The sample above shows a very typical mail header. In this case it is even a so-called phishing e-mail, offering a link to a faked website which looks like the one of a bank, but then captures (fishes) your log-in data to use it for fraud. We have changed the recipient’s address to peter@example.com for privacy reasons. Let’s look at the header lines one by one.

Return-Path: This line is not created by the sender but inserted by the receiving e-mail server using the address behind MAIL FROM in the SMTP dialogue. It is not verified. In most cases (but not all) it is the same as in the From: header line which your e-mail client displays as the sender’s address. Since there is only one MAIL FROM during the SMTP dialogue, there should be only one Return-Path line. An empty address like <> is allowed if the mail is from a Mailer-Daemon or a similar automated sender which cannot receive answers.

Envelope-To: For routing the received e-mail to the intended recipient(s), many e-mail systems insert this line using the address(es) from RCPT TO in the SMTP dialogue. While this is not really necessary for mails where all recipients are behind To: or Cc:, it allows the correct routing even for a Bcc: addressed e-mail. Unfortunately, the syntax is not standardized. “X-Envelope-To:”, “Delivered-To:” or “X-Pop3-Rcpt:” are some alternative forms. Angle brackets around each address are optional.

Received: While our example shows only one Received line, two or more of them are typical for most e-mails. Each mail server the e-mail passes on its way from the sender to the recipient inserts its own. The topmost is the newest, created by the server nearest to you, and you should rely on this one only, since all following lines may be faked. If there is only one Received line in the header, the sender did not deliver it via the SMTP smarthost of his local provider, but sent it directly to your server or your provider, which is very typical for spam and viruses. The format of Received lines is not always exactly the same, but in most cases it consists of this information:

• IP address: If the topmost Received line is created by your local mail server or your provider, the true IP address of the sender is shown here (which is 84.120.132.215 in our sample above).


• HELO identification: The HELO command is used by the sending SMTP client to identify itself (…ono.com here, obviously an ISP in Spain). Note that HELO should display the reverse-DNS name of the IP, which surprisingly is the case in this phishing e-mail, but for many spam and virus mails it is just a fantasy name. If the IP address is not in your local LAN, a HELO name without dots is definitively faked. In the sample above, the sender apparently used a reverse DNS request to find out his local domain name in order to send a realistic HELO string.


• Mail server name and system: The line "by example.com with smtp (NetMail-SMTP 1.16)" shows the (or at least one) domain of the server receiving this e-mail, the protocol used (typically SMTP) and the server software (the NetMail SMTP module in this sample).


• Recipient (optional): The recipient’s address is sometimes given behind the keyword "for" in the Received line. This may be useful for BCC-addressed mails. If there is no Envelope-To line (or similar), then this may be the only place where the intended recipient address can be seen. However, this field is optional. Furthermore the SMTP standard only allows one address there, so this information is often suppressed for multi-addressed mails.


• Date and time: Assuming that the clocks of all systems involved are not too inaccurate, you can see when a specific server received this message. Note that the local time zones may be different. The difference to GMT/UTC is given as a signed 4-digit number. For instance, +0200 means 02 hours and 00 minutes earlier than UTC. Some systems add the name of the time zone in brackets for better readability. A few proprietary, typically American systems replace the number by the time zone name like EDT (Eastern
  Daylight Time), but this is a bad idea since it is often ambiguous: EDT is valid in the US (UTC+4) as well as in Australia (UTC+11).

Date: The date and time when this e-mail was created. It is not necessarily the time when the message was actually sent to the Internet. The format is the same as the one used in Received: lines described above. Since it depends on the client’s system clock, it may be more inaccurate than the times in the Received lines created by well-adjusted servers.

From: The alleged sender of this e-mail. If an answer is requested to a different address than the one behind From:, a Reply-To: line is added with the address where an answer should go to. Both may be completely faked. It is crystal-clear that citibank.com would never send their mails over a cable access of ono.com in Spain. For most normal mails, the From: line shows the same address as the Return-Path information in the header, but this is not required. Typical From lines are (comments added in brackets):

From: CitiBank  (as in sample above)
From: "CitiBank"  (quoted real name)
From: antifraud.ref.num1@citibank.com (no real name given)

The From: address in the sample above is faked, of course: The word “antifraud” and the name of the bank are simply intended to confuse the recipient.

To:, Cc: Displays the recipients except the ones sent as Bcc. Some badly implemented clients even send a Bcc line, but this does not conform to the standard since Bcc addresses should not be visible to other recipients. When sending an e-mail, the SMTP dialogue uses RCPT TO for all destination addresses, so the things behind To and Cc (just as all the other content of the message header and body) are completely irrelevant and may be even faked. The possible address formats are the same as for From (see above), multiple addresses can be separated by commas.

Subject: The subject of the e-mail. It is interesting that it is uppercase-only in this sample; this fact could add some percent to a probability value that an e-mail is unwanted spam.

Net Solutions uses cPHulk which enables a brute force password protection system. With cPHulk, you can set a threshold for authentication attempts on services like POP3, cPanel, WHM, FTP, etc. After a certain amount of attempts, the attacker will no longer be able to authenticate.

BFD Protection is necessary as, there are literally thousands of attempts made every day to gain access to peoples accounts. Users will never notice as cPHulk works in the background blocking access to IP addresses originating from China, Taiwan, Russia, etc.

So while BFD may be seen as an inconvenience if you get locked out, imagine the risks of allowing someone else to gain access to your account by password guessing. What would you have to lose?

Account Level Blocks

This will block access to a specific account for a period of time. If you find yourself blocked and continue to try and authenticate while you are blocked, the time will get extended.

IP Address Level Blocks

This will block your IP address. Block of this type will prevent you from having any access to the server including access to CPanel itself.

Thresholds

Account Level

• How long an account is locked out when it reaches the failure limit: 5min
• Maximum Failures by account: 15

IP Address

• Number of minutes a remote IP is locked out when it reaches the failure limit: 15min
• Maximum Failures by remote IP Address:5
• Maximum Falures by remote IP before IP is blocked for two weeks:30

I got blocked from my own server by BFD! Now what?

In most cases once you have been blocked by your server’s BFD system the easiest way to regain access is to simply create a Support Ticket with our support team. (No need to feel embarrassed. We fix issues like this all the time!)

The vast majority of cases that our support department handles involving customers who are blocked by their own servers are due to FTP clients that contain a saved password. If someone in your company, group, organization, or household changes the password to that FTP account and doesn’t notify you to update your saved password it is quite easy to end up blocked by the server. Most FTP clients automatically reconnect several times if the initial attempt fails, and once your FTP client with the bad password attempts to login several times and fails the server’s BFD system will kick in and block your IP address.

Customers in an office environment that utilize a private network connected to the internet may find their entire office blocked by their server. This happens (usually in a small/home office situation) when multiple computers are sharing a single internet connection, meaning they also share the same public facing IP address. Once a single computer on that local network gets blocked by the server all of the other local computers will find themselves blocked as well.

While this can cause some initial panic there is no need for concern. Even if you are temporarily blocked by your own server that does not mean it is down. It may be ignoring your requests for a short while but it is still working away, handling the tasks from other visitors to your web site(s).

What is FTP?

FTP stands for File Transfer Protocol.  Both HTTP and FTP protocols deal with transferring data across the Internet. FTP is used to upload and download files from your computer to a web server. Download http://fireftp.mozdev.org

Once downloaded follow the the on-screen intructions to install fireftp.

Using Fire FTP

1. Click on Tools the select FireFTP
2. Once FireFTP is open follow these steps to Connect to your Server.
3. Click on Manage Accounts
4. Select New…
5. Go to the "Account Name" field and enter the hostname (usually the website name, i.e cityofmonash.com)
6. Go to the "Host" field and enter the hostname (as above)
7. Go to the "Login" field and enter your FTP username as setup in VHCS2 (ie ftp@cityofmonash.com)
8. Go to the "Password" field and enter your FTP password (please note this is case sensitive
9. Click OK to save the account information and to close the dialog.
10. Click on "Connect" to establish a connection.
11. Click OK on the FireFTP pop-up and fireftp will connect to the FTP server

Once you have Connected, you will  find that the local files are on your left and the remote files on your right. You can click on a local file and press the arrow pointing to the right to upload a file to the server.

Similarly, you can click on a file on the right side and press the arrow pointing to the left to
download a file from the server to your computer.

Where should I publish the website content?

All website content files need to be placed in the htdocs directory or folder.

What filename should I use as the default page for my Website?

The web server will look for the following files when no page in the URL is provided.

index.html index.cgi index.pl index.php index.xhtml (all files are case sensitive)

What file permissions should I use?

The UNIX security model allows you to set different levels of access to a file for different groups of people. This allows you to let the web server modify a file via a CGI script, for instance, while preventing other users from having normal access to the file. There are three groups in terms of file access, and three different permission types they can receive.

File Permissions And Groups

The groups are:

• User – the ‘user’ group consists only of the owner of the file (your account, in most cases)
• Group – the ‘group’ group consists of the other users on the server — you can usually remove their permissions entirely if you think it is necessary
• Other – the ‘other’ group consists of everyone else — most importantly, the web server falls into the ‘other’ category

The potential permissions are:

• Read – the ‘read’ permission allows a user or program the ability to read the data in a file
• Write – the ‘write’ permission allows a user or program the ability to write new data into a file, and to remove data from it
• Execute – the ‘execute’ permission allows a user or program the ability to execute a file, if it is a program or a script

Setting Permissions

You can set permissions via FTP by right-clicking (clicking and holding for Mac users) on the file and select Properties in fireftp.

Most of your html files will do fine with a permission of 644 (Owner=Read+Write Group=Read Other=Read). Most script files will need a permission of 755 (Owner=Read+Write+Execute Group=Read+Execute Other=Read+Execute).

Can FireFTP resume downloads?

Yes it can. If you lose your connection, FireFTP will automatically try to reconnect and resume downloading. After this, you can resume a file just by trying to download it again. FireFTP will notice that you have a partial file already downloaded and will ask you whether you want to resume from where you left off click "Resume".

How do I rename a file/make a directory/delete files?

Right-click on the file lists. A context menu will appear showing the available functions you have, along with related keyboard shortcuts.

What is the "View on the Web" feature and what do you put in "Host" and "Prefix" for it to work?

The "View on the Web" feature is primarily designed for web developers so that they can preview images and webpages within FireFTP (using Firefox's latest Canvas technology). It can be found on the "Account Manager" dialog, under the Advanced tab.

If experiencing problems with your connection, follow these steps.

• Do you have the latest versions of FireFTP and Firefox? The latest version can be found at http://fireftp.mozdev.org/
• Are you behind a firewall? Try turning it off temporarily to see if it is the source of your problem. If so, you might have to configure your software to allow FireFTP to access the Internet.
• Does your server allow only active mode? Try turning off "Passive Mode" in FireFTP under your account's configuration options. This is found on the "Account Manager" dialog, under the Connection tab.
• Do you use a proxy? Try setting the proxy under Preferences in the Connections sub menu.
• Have you been able to connect with other FTP clients? Please check to see if the problem is reproducible with other FTP clients.

This should allow your FTP client to establish a connection.