More space and increased price for web hosting
Written by: Jon Eivind Malde

cPanel shocked the entire web hosting business 27th June when they overnight drastically increased their prices without any kind of warning to their partners. cPanel is the control panel we use for our web hosting service and is the foundation for the service we deliver to you.

Increased pricing for cPanel

We have calculated that our prices are 7 times higher now than before the change. The hosting business in general have been in turmoil since the change and cPanel has received a lot of complaints from upset partners in all channels. A quick search online will get you a lot of “colorful” feedback about the change.

cPanel price increase

We have ourselves notified cPanel about what we consider to be unacceptable business practice. cPanel does not listen to their partners unfortunately and we are forced to either accept the change or find alternative solutions to be able to continue to deliver stable and good services to our customers.

Our thoughts

cPanel is promising that the price increase will result in a better product for you, but such a radical increase is hard to digest when the price was far from low initially. We have considered other solutions, but unfortunately there are no other solutions that are good or stable enough compared to cPanel. We could develop our own solution, but that requires a lot of time, time we do not have as the change is already upon us.

We believe that what is most important to you as our customer is that we keep delivering a secure and stable service. With that in mind we do not have any other choice than to keep offering web hosting with cPanel. Our goal is however to deliver what is best for our customers at any given time at as competitive prices as possible. You can, in other words, rest assured that we will not stop considering other alternatives. Our loyalty to cPanel is nonexistent and cPanel will have to deliver on their promises to avoid changes.

Increased pricing and space

We have to increase the prices for the following web hosting plans due to the change:

PlanOld priceNew price
Pro Medium5.50€6.50€
Pro Premium12.00€14.00€

The prices will be effective from 15th September for all customers. This gives you the chance to order new or upgrade with the old pricing until that date.

As we increase the prices we also want to add more value to the services. Due to this we also increase the included disk space:

PlanBeforeAfter
Pro Medium15GB30GB
Pro Premium30GB100GB

All customers with those web hosting plans have already been upgraded to the new limits.

Happy Tom with thumbs up

Summary

This change was not planned so we hope for your understanding for why we reached this decision. We also hope that the increased disk space can make up for some of the increase in price.

Malicious code on your web hosting account?
Written by: Jon Eivind Malde

We have started handling any malicious code found on your web hosting account faster and better while also warning you by email. The system is gradually being used on more and more servers and will soon cover all web hosting servers. When the system is in use on all servers you will get a warning within minutes if something is found on any of your accounts.

Why are we doing this?

Malicious code represent a risk to all clients on a server as well as other users online. Hackers can do any of the following with malicious code:

  • Extract all data you have stored in the account/website or insert code to continually have access to your data without you or your clients knowing about it.
  • Send spam or phising emails (which will blacklist the IP addresses of the server and result in email delivery problems for all users on the server).
  • Attack other servers online/your visitors to spread virus/malware or participate in DDoS attacks.
  • Run code to overload the server to impact yours and other websites on the server.

When we find mailcious files we will follow these steps (where next step is only performed of the previous failed):

  1. Check backup for clean file and automatically restore.
  2. Clean file for mailcious code.
  3. Put file in quarantine.
  4. Delete file.

Put in other words; We try to do the least invasive to your website first and use the more drastic actions only when needed. Due to the risk malicious code represents we have to go to these lengths to keep you, your visitors and the Internet as a whole safe.

What system are you using?

The system we use is called Imunify360 and is provided by CloudLinux (who also provide us with the OS we use on all our web hosting servers). We have been using Imunify360 since CloudLinux launched the system in the beginning of 2017 and have been working together on how it should work since. We finally feel the system is mature enough to use more actively and integrated with our own systems. That is why we start handling these files now.

Imunify360 logo

Imunify360 does a lot more than just finding malicious code in files. Among other it:

  • Stops attacks on your website with a web application firewall (WAF).
  • Stops brute force attacks (attempts to find out your password) on services such as SSH, IMAP and more.
  • Patches software on the server which has known vulnerabilities such as the kernel (without having to reboot the server).
  • Stops processes running malicious code while also tracking down the orgin of the attack in the logs.
  • Finds blacklisted domain names.

Imunify360 is in other words an important part of the security of our web hosting servers, and will gradually become more important as the software evolves.

Where can I see the files that have been found?

You have full access to the files and log in the control panel (cPanel) as shown in the guide Malware scanner in Imunify360. You will also be able to restore files from quarantine and white list files identified as malicious when they should not have been (false positive).

Some files mentioned in the emails we send might have been found a long time ago. We could have chosen not to report these, but we do in case they might be important for you. In such old incidents it might also be that the files mentioned are not in your log as Imunify360 did not log these in the same way as they do now.

What should I do if files are found on my web hosting account?

You should first check if your website is working as it should. If the files have been restored from backup or cleaned it should not be necessary to do anything. If they are put in quarantine or deleted you should check if the website solution you use have that file and if it contains malicious code. Ask the provider of the solution or us if you are in doubt.

You should follow the tips in the guide How to secure your website against hackers after checking the files.

Questions or comments? We would be happy to hear from you 🙂

Free SSL certificates with AutoSSL
Written by: Jon Eivind Malde

Back in 2016 we partnered with Symantec (now Digicert) to deliver free SSL certificates to our customers. AutoSSL, cPanel`s solution for free SSL certificates, was also recently launched at the time. However we chose to work with Symantec instead as we believed their solution would be best for our customers.

Tom showing free SSL certificate with AutoSSL.

Background

The two solutions differed in that Symantec`s solution envisioned that you start with a free SSL certificate and add extra functionality as you grow. In other words – the SSL certificate is tailored to your needs. The AutoSSL solution had a very different strategy where the goal was only to deliver free SSL certificates for domains hosted on cPanel. However, at that time AutoSSL was not very well integrated into cPanel and there were issues with the solution.

Why free SSL certificates with AutoSSL

Symantec did unfortunately never live up to what they envisioned and what we envisioned for our customers. There have barely been changes since we started working together. Meanwhile AutoSSL has continually improved in terms of usability and integration in cPanel. As a result of that – the sooner the better – we had to acknowledge that we chose wrong solution back in 2016. We have now discontinued working with Symantec to deliver free SSL certificates and we have already made AutoSSL available to all our customers on all web hosting packages. The last remains of free SSL from Symantec will be removed from our website in a matter of days.

Advantages with AutoSSL

The advantages for you with the new solution is that:

  • All (sub) domains on the web hosting account will be covered instead of just a single (sub) domain
  • The certificates are issued/renewed automatically instead of you having to manually issue/renew them on our website
  • Parked domains is also covered by free SSL certificates now. This is particulary handy for those using the 1-page website builder on their domain name.
  • The forwarding package is also covered by free SSL certificates now
  • If you forget to renew a SSL certificate it will be automatically replaced by a free SSL certificate (so that you avoid having an error on your website for all visitors)
  • You will get free SSL certificate also for mail.yourdomain.com (where yourdomain.com is your domain name) and will be able to setup your email client with SSL using the hostname mail.yourdomain.com instead of cpanelX.proisp.no (where X represents the server number)
  • Other useful addresses such as webmail.yourdomain.com and cpanel.yourdomain.com can be accessed with https without any warnings as they will also be covered.

Disadvantages?

You might ask yourself if there is any disadvantages with the new solution when you see the list of advantages. Yes, there is. We don’t get to show you the advantages paid SSL certificates can do for you beyond what the encryption only free SSL certificates delivers. You also don’t get to setup your own SSL certificate specifically tailored to you like Symantec envisioned. But, fear not 🙂 We will eventually add tips about paid SSL where suitable based on analysis of your needs. For example during diagnose of your web hosting – in time.

What about you who already have SSL from Symantec?

If you have:

  • Only free SSL certificate this will be automatically replaced when it expires.
  • Free SSL certificate with site seal we will replace this with a PositiveSSL certificate at the same price as your site seal. You will in other words get a paid certificate with 30% discount. The disadvantage is that you have to change site seal, but if you need help to do that we are more than happy to assist.
  • Free SSL certificate with wildcard (Basic SSL Plus) we will replace this with a PositiveSSL wildcard certificate at the same price. You will in other words get a paid certificate with discount.

How often are free SSL certificates issued?

The new solution issues/renews SSL certificates once per night for all (sub) domains on all web hosting packages that doesn’t already have SSL certificates or have certificates that are about to expire. You can follow the guide “Install free SSL certificate with AutoSSL” if you need to issue a free SSL certificate before it is issued automatically.

Feel free to contact us if you have any questions or comments regarding the change 🙂

Acronis backup – our new backup solution
Written by: Jon Eivind Malde

We’ve been using R1soft backup as backup solution for all our services since 2007. The solution worked well for us initially. Much was promised in terms of upcoming new features for our clients. What was promised was unfortunately never delivered no matter how many times we pointed this out.

In addition to the fact that the product has not developed significantly over the years, we’ve also experienced an increasing number of errors with the solution. Anyone can have errors, but for us the amount became larger than what we considered acceptable. Every second counts when we need to restore from backup and having to deal with errors in the middle of a disaster recovery can significantly delay when we are back to normal operations.

Choosing new backup solution

In the past year, we have tested many backup solutions to find the one that provides the best user experience and functionality for our customers. At the same time, it has also been important that the performance must be at least as good as before. Acronis’ backup solution differed significantly from the other solutions and became the natural choice, although the solution is 3 times as expensive for us as our previous solution. Don’t worry – you won’t have to pay more. There is a saying “You get what you pay for …” and it seems to be the case here 🙂

Acronis

Acronis delivers solutions to more than 5 million end users and 500 000 businesses in more than 150 countries worldwide. They have won numerous awards for their solutions since its inception in 2003.

Here are some of the advantages compared to R1soft backup:

  • Faster backup restore (testing was up to 10 times faster)
  • It is now possible to restore email addresses, forwarding etc. (which is then correctly set up on the server)
  • Imunify360 (security software on our servers) will automatically replace files that are infected by malware from backup if there are uninfected files there
  • When logging in via cPanel you do not have to enter your username and password as you sometimes had to before
  • Improved logging so you can see what’s restored and when it’s finished
  • Generally less errors during restore operations

Transition information

As of April 15, all web hosting accounts will be covered by Acronis backup. Unfortunately, in the transition there will be smaller backup entries available via cPanel. If you need older backups, please contact support so we can restore this for you during this period. This is not ideal for either you or us, but we hope for your understanding in our efforts to improve our service to you. We apologize in advance for the inconveniences it causes for customers who want to restore from older backups.

The transition to Acronis will also enable us to offer you more
related solutions. We will publish more information about this as it is launched.

Our new backup restore guide:
Guide for restoring backup from Acronis

Do you have questions or comments? Then we would love to hear from you 🙂

SSL certificate – how to choose the right one?
Written by: Jon Eivind Malde

The demand for SSL certificates have been increasing rapidly the last couple of years. The reason for this is most likely because security have become more important as there are continuously new cases of hacking and cyber-attacks. Google and the web browser community have also contributed to the increasing demand. Not having an SSL certificate will cause a warning to appear for the user in the web browser. Here at PRO ISP we receive daily inquiries regarding SSL and the most common questions are:

 

What is an SSL certificate?

SSL certificates are used to create a secure connection so that the information being sent cannot be monitored or altered by anyone. In other words, it ensures safe communication. On a website with SSL certificate, the URL will contain an S so it will say https:// instead of just http://.ssl certificate secure not

SSL certificates are not only used for web servers, but for any type of service where secure communication is required (email, FTP for example). However, it’s mostly on websites that you will notice the use of SSL due to the visible indicators to increase end user trust and confidence in the browser. We will elaborate more about this later.

SSL certificates also have another function. The certificates are issued by certificate authorities (CAs). These issuers have a set of rules to follow for when a certificate can be issued – in the same way as there are rules for issuing passports or driver’s license.

There are currently 3 levels of validation for SSL certificates and each level have higher requirements than the previous level. The requirements verify control and ownership of the domain. Each level is meant to provide increased trust for the client that you are who you say you are. As each level require more information to be verified the price is usually higher for each level.

The levels are:
1. Domain validation (DV)
2. Organization validation (OV)
3. Extended validation (EV)

1. Domain validation (DV)

The easiest certificate to get issued is domain validated certificate. This certificate only verifies that you control the domain, which can be done via email, DNS and file. This part is done automatically for all our clients who order certificates for web hosting at PRO ISP. All our web hosting includes a free Basic SSL certificate which is a domain validated certificate. This only takes a few second to issue.

This is how a DV certificate will look in a web browser:

ssl certificate google
The difference between a free Basic SSL certificate and a paid DV certificate:

  • Site seal is not included for the free certificate, but is included in all the other certificates. You can however add a site seal to your free Basic SSL, which is cheaper than purchasing a SSL certificate. If you are wondering how a site seal looks on a website, look on the bottom at proisp.eu. Clicking the site seal will provide more information about the website and what is verified. Site seal is used to show visitors the owner of the website has secured the website and show what has been verified by a third party. This increases the chances for the first-time visitors to more quickly establish enough trust to the website so they may contact you or make a purchase. The site seal included with certificates typically contain more information the higher level they are, as well as being more expensive. The site seal for proisp.eu is one of the ones with most verified information as well as issued from the worlds most recognized brand when it comes to security online.

ssl certificate norton site seal

  • Paid certificates have a warranty covered by the issuer if the certificates have been issued to someone performing fraud and issuer should have known about. Visitors of the website is covered by this warranty. The warranty is another way to ensure the visitor to have trust in the website.
  • About 5% of our clients are denied Basic SSL by the certificate issuer due to information on the domain, domain name or contact information seeming suspicious. In these cases, a manual review is required by the issuer and you will need to purchase a SSL certificate instead.

2. Organization validation (OV)

Organization validated certificates must in addition to domain validation also validate the information regarding the organization/company. Private parties can therefore not purchase these. Required documentation is that the organization:

  • Exists
  • Own/operate the domain
  • Operates from the correct address
  • Can be contacted through public available contact information

In a web browser the URL will look the same for OV as DV certificate, but the visitor can check which organization and address the certificate has been issued to, as shown below.

ssl certificate details

The site seal for OV certificates contains more information (company name), the warranties are higher and there are some available extra functions such as malware and PCI scanning. As there is more to verify for OV it usually takes the issuer around 1-2 days from order to the certificate is issued. This is also reflected on the price.

3. Extended validation (EV)

EV SSL certificate requires the highest level of validation before being issued. Basically, most of the same information as OV certificates but the difference is there are fewer approved sources as well as the validation process is more thorough and more documentation is required. Compared to OV certificate there is overall more to validate on each check point. The most visible difference is seen in the web browser. This is how our URL is seen in the web browser:

 

 

You can clearly see who is the owner of the website as the company name is shown next to the URL.

Since there is more to validate for the certificate issuer it usually takes 2-7 days to issue EV SSL certificates. These certificates are normally the most expensive.

What do I need SSL certificate for?

  • Safe communication
    In today’s society with increased focus on protection of privacy and security, secure communication is essential to maintain both.
  • Higher ranking in search engines
    Search engines have added SSL as a part of their algorithm ranking and it is estimated websites with SSL have about 5% better results than websites without.
  • Faster loading websites
    Web browsers have chosen to support the new HTTP/2 protocol when using SSL/TLS only. HTTP/2 can reduce the loading time with 20-30%. All our web hosting supports HTTP/2, but only when you have an SSL certificate your website will use HTTP/2 instead of the older HTTP/1.1 protocol.
  • Avoid warnings in the web browser
    Web browsers shows a warning that the website is not secure when inserting data into a form and the website is not using SSL. In the future a warning will be shown for all websites not using SSL.
  • Increase conversions
    A conversion is a visitor performing a desired action on your website. This could be a purchase, registration or anything else. All paid SSL certificates contain many benefits to increase conversions, such as site seal, warranty, malware scan and increased visibility in search engines. These benefits will help increase the trust for your website while showing your customers you are serious about security.
  • Company name visible in web browser
    EV SSL certificate clearly shows the owner of the website and that it has been validated from a secure third party. A message to show you have been through the most thorough check and give you the highest level of trust with your customers.

Which SSL certificate should I choose?

Which SSL certificate is the right one for you will depend on what kind of website you have and how it is used. Some have several domains and websites with different needs and therefore may need many different certificates.

Generally, we recommend you consider who your visitors are and what you want them to do. These questions should be answered:

  • To what extent does users notice if the website is secure?
  • How much will it mean for the visitors to see the website is secure?
  • Will indicators showing that the website is secure, or to show who you say you are, increase trust for your website and its visitors?
  • Will increased trust to your website increase the likelihood of visitors doing as you want them to?

If the visitors will not notice it the website is secure, and it will not increase the likelihood of visitors doing as you want them to, you do not need more than our free SSL certificate or Start SSL (RapidSSL). Even though it may not matter much, it would not be negative to add a site seal included in the certificate on your website.

Some of the recommendations below are for wildcard (plus) and multi-domain certificates. These are explained in further details in “SSL certificates that cover more than one address”.

SSL recommendations for:

Simple personal website

Typically, simple blogs with personal information or simple websites with few pages. To avoid warnings in the future that the website is not secure it is a minimum requirement to use SSL. Since there is no need for increased trust there is no need to pay for a certificate unless the free Basic SSL could not be issued.

Recommendation:

Simple website for a company

A small website with information about the company and a contact form could have different need for SSL. Depending on what type of clients (IT and security related versus non IT related such as carpenters for example) we have different recommendations.

Recommendations for not IT related clients:

Recommendations for IT, security, web shop or similar related clients:

Larger website for a company

A larger website with information about the company and a blog, web shop or more.

Recommendations:

Several websites for a company on several domains

Here the same recommendations as mentioned above applies. You should consider each website separately as mentioned above.

It’s it usually best to order a certificate for each website, but if you have a good overview of the domains it may be best to consider Premium SSL multi-domain. If you do not need to increase trust we recommend Comodo Positive multi-domain SSL.

If you want a certificate for alias domains on the same web hosting you will need to use a multi-domain certificate for these. This also applies to other sub domains and domains pointing to the same folder on the web server. Read more about SSL certificates that covers more than one address.

SSL certificate not to be used for website

SSL certificate not to be used for websites are often used for email services. They are also used for other services such as FTP, APIs/apps and other services that require SSL. They have in common that they only need the security SSL provides. It is therefore no need for a higher-level certificate than DV certificate.

Since you can only use basic SSL with our web hosting, you will in most cases need a DV certificate (such as Start SSL) which covers one domain.

  • If you have several sub domains on the same domain you wish to use for such services, we recommend you use Start SSL Plus.
  • If you are securing several addresses for several domains, we recommend Comodo Positive multi-domain SSL.5

 

Contact us for further questions

Hopefully this information will help you find the right SSL certificate for your need. If you are still unsure which one to choose, it is more important that you are using SSL – then which one it is.

Do not hesitate to send us feedback or questions. Should you have any questions please contact us.

SSL certificates that covers more than one address
Written by: Jon Eivind Malde

Wildcard certificate

If you have web hosting with PRO ISP it is not only the website you should consider making secure when it comes to SSL. You are most likely using email and other services you are not aware of should use SSL. This is especially important if there are many users of these services. Wildcard SSL certificates will the best choice in this case. The following addresses are useful to secure with SSL on our web hosting (in addition to the website itself):

  • webmail.exampledomain.org
    You can connect to http://webmail.exampledomain.org without any problem unsecured, but we recommend you always use https instead with the alternate address you have been given (which is a bit more difficult to remember). The benefit of SSL on webmail.exampledomain.org is that you can use this address with https and it is easier to remember for all the email users on the domain.
  • mail.exampledomain.org
    This address is used typically in email clients as host name when setting up email addresses. If you do not have a certificate on this address users will receive a warning regarding the SSL certificate not being the same as the address. The warning will not appear if you have installed a valid SSL certificate and you will avoid any confusion for the email users. Be however aware you may just as well use exampledomain.org as host name in the email client. The reason why many still use mail.exampledomain.org is probably because the address traditionally has been used for this.
  • cpanel.exampledomain.org
    This is the address you can log into cPanel with. If you do not have a certificate on this address we recommend you always use https instead for the alternative address you have been given. The benefit of SSL on cpanel.exampledomain.org is that you can use the address with https and it is easy to remember.
  • ftp.exampledomain.org
    Many people use this address for FTP (up-/downloading of files) service. Several FTP clients are now using SSL/TLS automatically and these will show a warning for the error on the certificate unless you are using your own certificate.For many of the addresses above it is not possible to install a certificate for each address. There is however a type of SSL certificate that covers most of the addresses above and that cPanel sets up to secure all the addresses with: Wildcard SSL certificate.This certificate will secure all sub domains of the domain the certificate is issued for and will in the example above be *.exampledomain.org. You will in other words be able to use it for all the addresses above, as well as other sub domains you create, for example webshop.exampledomain.org.

 

When should you consider using Wildcard SSL certificate?

We would recommend this in two cases:

  • If you have several sub domains you wish to secure, as it will be easier to operate fewer certificates, and cheaper then several certificates.
  • If you have several users for webmail, email clients, cPanel or FTP as you will not have confusing errors and you can use easier addresses to reach the services.
    Be aware there are not any Wildcard certificates for EV certificates.

Multi-domain SSL certificate

As the name indicates, multi-domain certificates can secure several addresses. Typically, it will secure a total of 3 or more addresses with the option to purchase more. The benefit of this certificate versus the wildcard certificate is that you can purchase several domains and sub domains on the same certificate. For example, you can secure the following in one certificate:

  • exampledomain.org
  • abc.proisp.no
  • proisp.eu

You can normally secure up to 100 different wildcard addresses in one certificate (even more in some cases).

When should you consider using multi-domain SSL certificate?

We would recommend this in the following cases:

The same recommendations for wildcard if there are a few sub domains to be secured.
cPanel prevents the installation of more than one certificate on domains and sub domains pointing to the same folder on the webserver. Typically, our clients have this problem when using alias domains where they would use mycompanyname.no, mycompanyname.com, mycompanyname.se all pointing to the same holder. You will then need to use a multi-domain certificate to secure these domains – if not it is only possible to secure one of them.

When you want to secure several (sub)domains with an EV certificate:
If you are in full control and have a clear overview of your domains this certificate would be practical. In many cases we however see there are issues with issuing, reissuing and renewal if you have many domains on one certificate. The reason could be errors in the information registered on one domain, a configuration that has been altered or other issues that causes delays.

Due to this we recommend you avoid use of a multi-domain certificate unless you:

  • Have full control and a good overview of the domains.
  • Do not have any problems with several addresses pointing to the same folder on the web server.
  • You don’t have many sub-domains
  • There are wildcard multi-domain SSL certificates as well!