Tutorial Web Hosting for Dummies Complete Part II Getting to Know the Essential Services
In this part . . .
✓ Discover hosted e-mail and how to use it.
✓ Manage your website files and back them up.
✓ Discover what databases are and how they can help you.
✓ Find and read log files to help you see what’s going on with your website.
✓ Install scripts such as WordPress to make your site better and easier to maintain.
Chapter 3 Using Hosted E-mail
In This Chapter
▶ Understanding hosted e-mail
▶ Using e-mail addresses @yourdomain.com
▶ Becoming an e-mail master
E-mail has become one of the most used (and sometimes overused) forms of communication in the 21st century. I have difficulty corresponding these days with people who don’t use e-mail. I barely remember how to stick a stamp on an envelope, let alone know what to do with the envelope when it’s ready to send.
Many people have e-mail addresses that end in something like @gmail.com or @aol.com. These addresses are generally free, and e-mail messages are easy to retrieve and send. When you’re first starting out on the Internet, taking the free e-mail account that is offered to you is a sensible idea. After all, you have to start somewhere.
When you purchase your own domain name, though, you open a whole new world of possibilities that make your address more memorable, more unique, and more personal. You can have an e-mail address that ends in @yourdomain name.com.
For example, I own the domain name PeterPollock.com. (It seemed sensible because it’s my name.) So now, instead of being PeterIsAwesome@ gmail.com, my e-mail address can be Peter@peterpollock.com. It’s far easier for people to remember and is much more personal.
Your web hosting gives you the capability to create e-mail addresses at your domain just like I have with Peter@peterpollock.com. In this chapter, I show you how to create your own e-mail address and explain why you may want to do so.
Enhancing Your Brand with a Personalized E-mail Address
The concept of creating a brand is all the rage these days. Whether that brand is for your business, club, or organization or whether it’s your personal brand, people everywhere are telling you that your brand image is important.
When I first started writing this book and was telling my friends about it, one of the first things people said to me was, “Oh, one of those yellow books?” The For Dummies brand is known worldwide for its distinct cover design and its easy-to-understand content — and that’s no accident.
Branding helps people identify you in the crowd. Hundreds of people and businesses are competing for consumers’ time and attention, and a strong brand image helps some stand out above the rest.
Personalized e-mail addresses are part of enhancing your brand image and brand recognition. For example, if you’re in business and your website is tinycarspares.com but your e-mail address is peterthedude2487@aol. com, then there is a disconnect between you and your business. If you don’t trust your own business enough to have an e-mail address related to it, why should your customers trust you to still be in business next month?
Changing your e-mail address to one that connects you directly to the business encourages people to think that you believe in your business, and it gives them cause to do the same.
Even if you don’t run a business as such but are trying to promote yourself, your blog, your website, or whatever it may be, aligning your e-mail address with your domain name provides a sense of legitimacy, longevity, and purpose.
Creating E-mail Addresses
Your web hosting control panel is where you create e-mail addresses. You can have multiple addresses, depending on the limits set by your web host, so you can have one for yourself and give one to each of your employees, associates, family members, or whomever you want to give them to.
You need three things to create an address:
✓ The name of the e-mail address you wish to create
✓ A password
✓ The mailbox size
To create an e-mail address in cPanel, use the following steps:
1. Log in to your control panel and find the section labeled Mail or Email. In Figure 3-1, the section is labeled Mail.
2. Click the Email Accounts icon.
The Email Accounts screen opens, as shown in Figure 3-2.
3. Enter the e-mail address in the top box.
4. Enter your desired password in the next two boxes.
You can also click the Password Generator button to create a secure password, but the generated password will be quite difficult to remember.
5. Enter your desired mailbox quota or click Unlimited.
Read the “Selecting the right mailbox size” section later in this chapter for information about how to determine the size of the mailbox.
6. Click Create Account.
Your e-mail address is now created and ready for use.
Picking a name
Picking the name to use for your e-mail address can be tricky. Do you want it personalized to you or do you want it more general? Do you want to repeat a word from your domain name or do you think that would look a little odd?
Take my e-mail address, for instance. My domain name is PeterPollock.com, so what should I put before the @ sign in my e-mail address? I was hesitant to use Peter because I already had Peter in the domain name, but eventually I decided to just go for that because I couldn’t come up with anything else that was professional and easy to remember. That said, my e-mail address is Peter@peterpollock.com.
I could easily have picked info@peterpollock.com or contact@peter pollock.com but for this particular domain name, those choices seemed too impersonal. When it’s your business e-mail address, something more general might actually be better, though. It comes down to personal choice, and there are no real rules that define what you should or shouldn’t use. As a general guideline, your e-mail address should be
✓ Memorable. Your name is memorable. CEO@ is memorable; peterthe dude2487@ is not memorable.
✓ Short. You don’t want to make your e-mail address so long it doesn’t easily fit on a business card or is a mouthful to say.
✓ Simple. Avoid tricky spellings, or people may get it wrong when trying to e-mail you and the mail will not arrive.
Picking more than one name
Sometimes the solution to choosing the right name is to have more than one name. Even if there is just one of you behind the website, additional mailboxes can add legitimacy, professionalism, and a way of keeping different types of mail separate.
For instance you may want a personal e-mail address of Bob@tinycar parts.com to give to suppliers and your best customers but not want the
whole world writing to you there. In that instance, it might be worth creating a second e-mail address of Service@tinycarparts.com or contact@ tinycarparts.com.
You can then choose whether to have them as completely separate e-mail accounts or whether to forward one to the other. See the “Forwarding Mail” section later in this chapter for details on how to set up a forwarder.
Selecting the right mailbox size
Selecting the correct mailbox size depends very much on your hosting plan. Many web hosts count the size of your mailboxes as part of your web space allowance, which can severely limit what size the mailboxes can be.
Every e-mail that comes in or that you send out has a physical size. That size is made up of how much data is in the e-mail — including how long it is and whether or not it has any attachments.
An average size for an e-mail that is just text is less than 10K. That means a mailbox that is 100MB in size could hold around 10,000 e-mails.
However, if people are sending you images, each image can easily be 2MB so a 100MB mailbox could only hold 50 e-mails with 2MB images in them.
I normally recommend a mailbox size of around 250MB, which gives you plenty of room for mail, including mail with attachments. If you regularly delete unnecessary mail and attachments, a mailbox of that size can keep you going for years. I currently have two full years of e-mails in my 250MB mailbox, and I still have plenty of space left.
If having plenty of space for mail is important, select Unlimited or put in a really high number. You can only use up to whatever your plan limit is, but at least you won’t hit an arbitrary limit on the way. (See Figure 3-3.)
Reading and Writing E-mail
After you have created your e-mail addresses, you need to be able to read the e-mail that comes in and send e-mail out from those addresses. There are two ways to do this:
✓ Webmail
✓ A mail client
Each has its own advantages, and you may find there are times where both come in handy. Just because you regularly use one does not mean you can never use the other(s). They work in tandem.
The webmail advantage
Webmail is where you log into your e-mail account through your browser. You normally go to webmail.yourdomain.com or mail.yourdomain.com, depending on how your particular host configures its servers.
Here are some of the benefits of using webmail with your hosted e-mail addresses:
✓ Webmail can be used on any Internet-connected computer with a browser.
✓ It’s easy to use and you don’t need your laptop to be able to read your e-mail.
✓ Most hosts have a couple of different webmail interfaces for you to choose between, so you can pick the one that works best for you.
Going offline with mail clients
Webmail is very popular, but it has one big drawback: You can’t read or write e-mail if you’re offline.
This is an increasingly connected world but there are times when you’re out of range of an Internet connection, or your connection goes down for some reason. What do you do then? Many businesses are suddenly disabled because they can’t access their e-mail to read customer requests and orders.
The great advantage of using a mail client is that it downloads your mail to your computer so that you can read and write offline. The disadvantage is that you have to configure a mail client on every computer you use, which, if you don’t always use the same computer, can be very frustrating.
Reading Your E-mail in a Browser (Webmail)
Webmail is simply a browser interface into your mailbox.
Your mail is stored on the server, and a webmail client (a browser-based application) enables you to see what mail is currently stored and which items have not yet been read.
Many different webmail clients are available, each with its own strengths and weaknesses.
cPanel installations come with four different webmail clients:
✓ Horde
✓ RoundCube
✓ Squirrel Mail
✓ AtMail
Your host can select which of those are available to you and can add others.
You can access your webmail in two ways:
✓ Through a direct URL. Your web host will be able to tell you what the
URL is, but it’s most likely to be either webmail.yourdomain.com or mail.yourdomain.com. (See Figure 3-4.)
✓ Through your control panel. Most control panels have an easy link to click to take you directly to your webmail login screen.
Your login details should be your e-mail address as the username and the password you set up when you created the e-mail address.
After entering your login details, your host should give you a choice of webmail clients if there’s more than one option. (See Figure 3-5.) You can use a different client every time you log in, if you want, until you find the one you prefer.
Select your preferred client and you will be taken to your e-mail.
Some hosts enable you to set your favorite webmail client to automatically load when you log in. For example, in cPanel, just click [Enable AutoLoad] beneath the client of your choice after you log in.
Reading Your E-mail in a Mail Client
Many e-mail clients are available, depending on which operating system you use. Some are free and some are commercial.
On Windows-based computers, the top free clients include Mozilla Thunderbird, Opera Mail, and Windows Live Mail. The top paid clients include Microsoft Outlook, Postbox, and The Bat!
For the Macs, popular free clients include Apple Mail, Mozilla Thunderbird, and Opera Mail. Popular paid clients include Postbox, MailMate, and Microsoft Outlook.
On Linux, all the most popular clients are free and include Mozilla Thunderbird, Evolution, and Zimbra.
Whichever client you choose, you have to configure it to connect to your server for sending and receiving e-mails. There are two ways to connect to your server: POP3 and IMAP. Both are configured through the same configuration wizard in your e-mail client, but they work in an importantly different way.
POP3
When you download your mail using POP3, the mail is downloaded to your computer and the computer remembers the last e-mail it downloaded. That way, the next time your computer checks for new mail, it knows which e-mails it has already downloaded and ignores them.
You then choose in your e-mail client’s option settings how often to delete mail from the server. You can do it anytime from immediately to never. (See Figure 3-6.)
Apart from that, what you do with the local copy of the mail after you’ve downloaded it is up to you — and it won’t affect anything on the server.
POP3 can be useful when you find that you’ve inadvertently deleted one of the e-mails you downloaded and need to get it back. You can log in to the server through webmail or through a different e-mail client and re-download the e-mail.
The disadvantage of POP3 comes if you read e-mails on more than one device — say a laptop at work and a desktop at home or your desktop and your smartphone. Each client keeps its own record of what it has downloaded and what it hasn’t, regardless of what you’ve downloaded elsewhere. This means that you can download your e-mail at work and go through and delete all the junk to leave only the e-mails you need. When you get home, though, your computer has no way of knowing what you deleted at work and downloads the whole day’s worth of e-mails again and tells you they’re all unread.
IMAP
IMAP works in a similar way to POP3 except instead of just downloading new e-mails, it synchronizes the e-mail in your e-mail client with what’s on the server. When you delete an e-mail locally, IMAP then deletes that e-mail from the server the next time the client and the server synchronize.
This is a great advantage if you read your e-mail on more than one device. Wherever you check your mail, you always see what you’ve already read and what you’ve replied to even if you read the messages on a different computer or device.
The disadvantage, though, is that there’s no fail-safe system. After you’ve deleted an e-mail, it’s gone, no matter which device you try to look for it on.
Whether you use POP3 or IMAP is up to you. If you are using one and decide that the other would be more suited to you, you can switch without any problems. However, you should not try to use both concurrently or it may cause problems.
Reading Your E-mail on Your Mobile Device
Mobile devices, whether they are smartphones or tablets, can give you full e-mail functionality providing they have an Internet connection.
You can, if you wish, use webmail through your mobile browser, but most webmail clients do not display very well on the smaller screens typically found on mobile devices.
Most mobile devices come with clients preinstalled that handle mail either through POP3 or IMAP. There are some alternative clients that you can download onto your device, but all have their weaknesses.
Becoming Friends with Your Auto-Responder
Auto-responders, or auto-replies, can be really useful tools or the bane of your existence, depending on how you use them. Many people dislike receiving automated replies when they’ve spent time crafting an e-mail, but used the right way, auto-replies can be helpful.
The idea of an auto-responder is that it automatically replies to every e-mail you receive. This can be useful when
✓ You go on vacation and want to let people know you won’t respond until after a certain date.
✓ You’re particularly busy and need a way to tell people they may get a delayed response to their e-mails.
✓ The e-mail box is for a customer service e-mail address or something similar. An auto-responder can let the customer know that his query has been received and can give him an estimated response time.
✓ You have an e-mail address that is only used for sending mail and replies are not read by anyone, and you want to notify the sender that she has contacted that e-mail address.
To configure an auto-responder, you have to create an e-mail message that is automatically sent when necessary. The following steps demonstrate how to set up an auto-responder in cPanel. Other control panels differ slightly in the steps necessary to set one up, but the general process is the same:
1. Log in to your control panel and navigate to the mail section.
2. Click Auto Responders.
The Modify/Add Auto Responder screen opens. (See Figure 3-7.)
3. In the Email box, enter the e-mail account you want the autoresponder to be associated with.
4. In the From box, type the name you want the e-mail to say it’s from.
This could be your name or Customer Service Team or whatever is most relevant.
5. In the Subject box, type the subject line you want the reader to see. This could be something like Out of Office or Thank you for your inquiry.
6. Type the main topic of your e-mail message in the Body box.
What you enter here will vary depending on the purpose of the autoresponder, but in general your message should explain why the auto-response has been sent and give some time frame for a non- automated reply.
7. Set the start and stop dates for the auto-response.
This is important. You don’t want your auto-responder still telling people you are on vacation when you’ve been back a week.
One of the biggest frustrations for e-mail users is getting unnecessary autoresponder messages. Here are a few rules you should follow when using auto-responders:
✓ Make sure your vacation notification is off when you get back. ✓ Don’t set up an auto-responder that says you’ll reply within two hours if you rarely reply the same day.
✓ Don’t give too little information. “I’m on vacation” doesn’t tell the recipient anything. He doesn’t know when to expect a reply.
✓ Don’t give too much information. People don’t need your schedule for the next two weeks. A simple explanation that you’re busy and an idea of when they can expect a reply are sufficient.
Forwarding Mail
Mail forwarding can be useful and can simplify your life dramatically. The following are some examples of when you might want to use a forwarder:
✓ You want to create an e-mail address at your domain for people to use but prefer to use your personal account for sending and receiving messages: In this instance, you can forward your mail to your personal e-mail address and respond to it from there.
✓ You change your e-mail address and don’t want to lose e-mails that come in to your former address.
✓ People might spell your name wrong and you want to catch e-mails with a misspelled address: For example, if your name is Michele but you find that people often spell it Michelle (double “l”), then you could forward any mail to michelle@yourdomain.com to michele@yourdomain.com.
✓ You have more than one domain extension: For example, you may own the domain name yourdomain.com and also buy the names your domain.net and yourdomain.org as well. You can then redirect all the e-mail from the additional domains to your primary domain. That way when someone sends an e-mail to Joe@yourdomain.org, it will be forwarded to you at Joe@yourdomain.com.
✓ You want e-mails to a particular address to be forwarded to a group of people: For instance, you may have an e-mail address of complaints@ yourdomain.com that is monitored by the customer service manager. The board of directors might decide that they all want to see every complaint that comes in, so you can set up a forwarder to forward the e-mail to a mailing list. See the “Using Mailing Lists without Being a Spammer” section later in this chapter for more details.
Forwarders do not have to have a physical mailbox associated with them, but they can if you want them to.
Here’s an example of a way to use a forwarder. Your new orders come into an address called sales@yourdomain.com. Someone looks at the orders and enters them into the system. Your warehouse manager gets frustrated, though, because the responsible party never remembers to add the sales into the system until the very last minute, and it’s always a rush for the warehouse to find everything needed for the orders. To solve the problem, you could set a forwarder to forward all new orders to the warehouse so they know what’s going to be coming their way. The e-mails still go to sales@ yourdomain.com, but they’re forwarded to a second e-mail address as well.
Here’s another example: Kate leaves the company, which means she doesn’t need an e-mail address anymore and you delete it completely. You then realize that some customers might only have her now-deleted e-mail address and will no longer be able to contact the company. You do not need to set up the mailbox again; you can simply set up a forwarder to forward any e-mail originally addressed to kate@yourdomain.com to another person’s mailbox.
The following steps demonstrate how to create a forwarder in cPanel. Other control panels differ slightly in the steps necessary to set one up, but the general process is the same:
1. Log into your control panel and find the mail section.
2. Click the Forwarders icon.
3. Click the Add Forwarder button to add a new forwarder.
A Forwarders screen opens from which you can set the specifics of the forwarder. (See Figure 3-8.)
4. Enter the address you want to forward in the Address to Forward field.
5. In the Forward To field, enter the address you want the mail to be forwarded to.
This has to be a real address, either that of an individual or a mailing list.
Depending on your host, you may also be able to select some different forwarding options (see Figure 3-9):
✓ Discard with Error to Sender: Send e-mails straight to the trash after notifying the sender of the message that the e-mail address no longer exists.
✓ Forward to a System Account: Some system administrators like to use a system e-mail account that is a background account without a real address. Messages can’t be sent from this type of account, but it is used to receive important notifications about the server.
✓ Pipe to a Program: Some software can receive e-mails such as orders and read the details automatically. If you have software that can do this, you need to set up a pipe to receive the e-mail. Your software designer should be able to tell you the correct path for the pipe.
Using Mailing Lists without Being a Spammer
Mailing lists are often associated with spammers — for good reason. People pay good money to buy lists of e-mail addresses so that they can send unsolicited mass marketing e-mails.
Mailing lists are not all about spam, though. They can form a useful and important role in your daily operations.
Some web hosts do not provide a server-based solution to creating mailing lists, but most do in some form or another.
Mailing lists, sometimes called groups, are simply collections of e-mail addresses that can be e-mailed simultaneously by sending just one message.
You can create mailing lists for any group of people, such as
✓ Family members
✓ Customers
✓ Members of your organization
✓ Committee members
✓ Your staff
Mailing lists can be incredibly useful and time saving. When you use them well, they can enhance your sales, marketing efforts, and community building. Here are a few rules to remember when using lists:
✓ Give people an easy way to unsubscribe from the list.
✓ Do not send e-mail to a list more often than you say you are going to.
✓ Do not send too many e-mails to a list.
✓ Do not sell or market your list unless you have the consent of every list member.
In the U.S., you must also abide by the CAN-SPAM Act rules, which cover any e-mail sent with the purpose of advertising a commercial service or product. You can find details of the CAN-SPAM Act by visiting the FTC website at http://business.ftc.gov and searching for CAN-SPAM.
Some control panels include mailing list management programs such as Mailman. You can find them by logging into your control panel and looking for the mail section. Mailing list management will be labeled Mailing Lists or Mail Groups.
Using Server-Based Anti-Spam
The single biggest hurdle when hosting your own e-mail addresses is filtering spam.
If you have an account with Gmail, Yahoo! Mail, or one of the other many free e-mail providers, it is almost certainly filtered for junk and viruses by some pretty sophisticated software.
When you first create your own hosted addresses in your control panel, they most likely have no filters on them at all, which can make for a messy — and dangerously vulnerable — e-mail account.
Most web hosts provide optional spam filters that you have to turn on and configure yourself.
These different spam filters work in different ways and require some monitoring and configuration, but they will help you greatly reduce the amount of spam you receive.
Many filters are available. BoxTrapper and SpamAssassin are two of the most common filters.
Find your options by logging in to your control panel and looking for the Mail section. In that section, if your host provides them, you will see some spam protection options.
On cPanel, for example, BoxTrapper and SpamAssassin are almost always installed. Here’s how they work.
BoxTrapper
BoxTrapper prevents any e-mail address from sending mail to you unless it is on a whitelist.
A whitelist is a list of allowed e-mail addresses. Users can also create a blacklist that contains banned e-mail addresses. The same terms are used to apply to IP addresses when dealing with website security.
E-mail addresses can get onto a BoxTrapper whitelist in two ways:
✓ You manually add them to the list ✓ The senders verify they are real.
BoxTrapper sends an e-mail to any unverified senders asking them to respond to prove that they are legitimate senders. Spammers who send out e-mails automatically en masse using fake e-mail addresses can’t reply to the verification message, and BoxTrapper will block messages that come from those addresses. See Figure 3-10 for the BoxTrapper Configuration screen.
BoxTrapper holds blocked e-mails in a queue for moderation, so you have to remember to log in periodically and check for legitimate e-mails that inadvertently have been blocked. This can be a pain to do, especially if you get large quantities of junk and have to pick through the junk in the queue to find real, non-spam messages.
I generally recommend using BoxTrapper only if you use your e-mail address for correspondence from a limited number of people. If you’re giving your e-mail address to lots of people and particularly to companies that send automated e-mails, BoxTrapper can be more of a headache than a helper.
SpamAssassin
According to its creators, SpamAssassin is “an automated e-mail filtering system that attempts to identify spam messages based on the content of the e-mail’s headers and body.”
The basic concept is that, when enabled, SpamAssassin reads any e-mails you receive and gives them a score on a scale of one to ten on how likely it is that the e-mail is spam.
The system it uses is complicated but fairly effective. SpamAssassin has a series of hundreds of rules that it tests the e-mail against; the e-mail receives a score for each rule. For instance, SpamAssassin looks at the title and if the title has the word cheap in capitals, it gets a score of one. If the subject has something like replica watch in it, then it might get a score of somewhere around three. All the scores are added to give the message its total spam score. See Figure 3-11 for the SpamAssassin configuration screen.
When SpamAssassin determines that an e-mail is spam, it alters the subject line of the e-mail to have ***SPAM*** at the beginning so you can set your mail clients to filter out any e-mails with that in the title.
SpamAssassin also has the option for you to set a score above which e-mails are automatically deleted. The default value is five, but you can change it to anything between one and ten. Ten is the most conservative setting, so if you set it at ten only the e-mails that are most definitely spam will be automatically deleted. One is the least conservative, so setting the auto-delete value to one means there is a far higher chance that a legitimate e-mail will be deleted.
Using a Remote Mail Service with Your Domain Name
The Domain Name System (DNS) has been designed so that you have almost unlimited ability to control different aspects of your domain’s behavior.
This means that although you have taken out a hosting plan for your website, your e-mail for that domain name does not have to be handled by the same server.
Which server processes your e-mail is controlled by what are called MX records. (See Chapter 9 for in-depth details about MX records.) If you want, you can have a different server handle your e-mail addresses. This is actually a good idea, as it means that if your web server goes down, your e-mail still works, and vice versa.
If you want to host your e-mail on a different server than your website, you can either take out another hosting plan just for the e-mail, or you can use one of many third-party companies that specialize in hosting e-mail.
One of the most popular third parties is Google, which will enable you to use the Gmail system with your own e-mail address. This means that if you like the Gmail interface but want to use your own domain name for your e-mail address, you can have the best of both worlds through Google Apps.
Google Apps are free for individuals and small groups. To register for Google Apps, go to http://google.com/apps. Google has recently changed the layout of the site to reflect its emphasis on selling the service to businesses, but if you click Pricing in the top navigation on the Apps page, you can find a link to sign up for free as an individual. (See Figure 3-12.)
60 Part II: Getting to Know the Essential Services
When you sign up, Google walks you through what you need to do to use the service, which normally includes the following:
✓ Creating a Google Apps account
✓ Uploading a file to your website (see Chapter 4 for help)
✓ Changing your MX records to point your mail to Google’s server (see Chapter 9 for more information).
Chapter 4 Managing Files
In This Chapter
▶ Transferring files to and from your server
▶ Connecting to your server
▶ Securing your files
Knowing how to manage your files is one of the most important parts of web hosting. Being able to upload new files and download backups is
essential to a healthy, up-to-date website.
In this chapter, you find out how to use the File Transfer Protocol (FTP), what software you need to do it, and how to use FTP to protect your website.
As I explain in Chapter 1, FTP is like the loading bay at a store or business. It is how you get files into your site and how you get them out again.
There are a number of protocols used on the World Wide Web, and all are there to help your computer and the web server it connects to understand what you want to do. The FTP tells your computer and the server that you want to copy entire files from one place to another.
When using FTP, your computer will not try to display the contents of a file and the server will not try to process the file’s contents at all; the server simply copies the file to the location you tell it to. FTP, and its more secretive cousin, Secure File Transfer Protocol (SFTP), are useful for adding content to and backing up content from your website.
Both FTP and SFTP normally require usernames and passwords, but you can configure FTP to not require a login, which is known as an anonymous login.
It is quite dangerous to use anonymous logins because they essentially give free access to your files to anyone. There are situations where anonymous logins are useful, though — just be careful not to give everyone access to essential files.
Unleashing the Power of FTP
To use FTP, you need four things:
✓ An FTP client
✓ The FTP address for your server
✓ The correct port for connecting via FTP
✓ Your FTP login details
With these four things, you can log in and see your server in a way you’ve never seen it before.
Finding your FTP details
When you signed up for hosting with your web host, you should have received an e-mail giving you all the details you need for your hosting account. That e-mail would have provided your FTP details. See Figure 4-1 for an example.
If you didn’t receive such an e-mail or no longer have it, your host may have a dashboard where you log in to manage your account, and you might be able to access to that original e-mail through the dashboard.
If you still can’t locate the original e-mail, log in to your hosting control panel and go to the Files or Websites section. There you should be able to find an FTP accounts management facility, which will have the details you need.
The details you are looking for are your username and password, the FTP address of the server, and the port it uses.
FTP addresses come in a few different forms and might be one of the following:
✓ Your domain name
✓ Your domain name preceded by ftp — for example, ftp.your domain.com
✓ The server’s IP address — for example, 192.168.1.1
✓ Your host’s FTP domain name — for example, ftp.yourhost.com
Generally, even if your host tells you that you should use a real name, such as ftp.yourdomain.com, using the server’s IP address also works (if you know what that is).
You also need to know the correct port to use. This is normally 21 for FTP or 22 for SFTP — but your host might have changed it for security.
Every server has ports that it can open or close. These are simply connections via which different programs can connect to it. Your host will have configured a port to listen for an FTP connection. You will not be able to connect via FTP to any port that is either not configured for FTP or is closed. For server security, you should only open the ports you need. Imagine it like the doors and windows of your house. If you leave them all open, you are simply inviting thieves in and you can’t possibly watch all the windows and doors all the time to spot intruders. Instead, you only open the doors and windows you need — and then lock them when you’re away!
Installing an FTP client
An FTP client is a program that enables you to connect using FTP.
Both Windows and Mac OS X have built-in FTP clients, which are useable if you have something quick and simple to do, but are not very feature-rich. You ideally want to install a program specifically designed as a dedicated FTP client.
For Windows, free clients such as FileZilla or Free FTP from CoffeeCup do the job very well. Alternatively, you can go for commercial products such as CuteFTP or CoffeeCup’s Direct FTP.
For the Mac, free clients Cyberduck and FileZilla are both quite popular. Commercial clients include Transmit by Coda and YummyFTP from YummySoftware.com.
Although FileZilla is one of the most popular free FTP clients, it has one major problem: It stores your passwords in a plain text file. This means that hackers can navigate to that file on your computer and can easily read your FTP usernames and passwords if they are stored there. The simple way around this issue is to not use FileZilla’s built-in facility for remembering your password.
Installing an FTP client is simple. The following example uses FileZilla because it’s my favorite FTP client, but you’ll find the installation process is essentially the same for any client. Here are the steps:
1. In your browser, go to filezilla-project.org.
2. Click Download FileZilla Client.
Be sure to download the client and not the server; the two are quitedifferent.
3. Select the appropriate download for your computer.
You can download a FileZilla version for Windows, Linux, and Mac, with variants depending on the hardware you use. If you use Windows, there is also the choice between a zip file and a self-installer. Unless you know you need the zip file, select the installer.
4. Click on the downloaded file to install the client on your computer. For full details on how to install FileZilla on your operating system, go to
http://wiki.filezilla-project.org/Client_Installation.
Using FTP
Open your FTP client and you are prompted to enter your server login details. The example in Figure 4-2 shows the initial screen in the FileZilla client.
In the boxes on the screen, enter the following information:
✓ Your server name (sometimes called the host or hostname).
✓ Your username.
✓ The password.
✓ The port number your server uses. Unless your host has told you to use a different port, the port should be 21.
Click Connect and the client starts to negotiate a connection with the server. After the connection is made, you see a list of files and folders that are available on the server.
I recommend using a client that shows you the files on both your local machine and the remote server side by side (as FileZilla does — see Figure 4-3).
You can use the client to copy, move, delete, and create files and folders just like you can with the file manager on your computer.
Uploading files to the server is as simple as selecting the files you want to upload from the local column (the one on the left) and dragging them with your mouse over to the remote server column.
Dragging files from the remote column to the local column copies those files to your local machine.
Determining file location
The way web servers work, one folder is designated as the folder that is open to the Internet. This folder is called the Document Root. All files and folders in the document root are accessible to the Internet. Everything outside of that folder is protected from view by anyone online.
Each domain and subdomain in your hosting plan has its own document root. This is the highest level of folder that the Internet can see for that domain or subdomain.
The document roots for each domain or subdomain are found inside the document root for the primary domain.
Your host can tell you which folder is the document root. It is usually a folder called html or public_html. Any files that need to be visible to one of your visitors’ web browsers must be placed within the document root.
Click the folder in your FTP client to open it so that you can upload your files into the correct place.
FTP accounts can be configured to have the document root as the highest level folder that the FTP user can see. This has the advantage of protecting system files from being accidentally deleted by you or anyone else who gets your FTP details. See the “Creating New FTP Accounts” section later in this chapter, for details on how to set the root folder for new FTP accounts.
Some hosts configure the default FTP account to have the document root as its root. If that is the case with your host, you are automatically taken into the document root when you log in via FTP. You then do not have to click to go into another folder before uploading your files.
Securing FTP
You can make your FTP uploads and downloads more secure in one of two ways: through Secure File Transfer Protocol (SFTP) or Transport Layer Security (TLS).
SFTP
SFTP is a more secure way of uploading and downloading files than FTP. When you use FTP, data is sent unencrypted, so someone who intercepts the data can easily read it. SFTP encrypts the commands and the data to provide a much more secure form of transport.
To use SFTP (also known as secure FTP or SSH file transfer protocol), your host has to have configured the server to be able to accept a secure connection from you. Most shared hosts do not allow this because giving clients SSH access opens doors for clients to get into areas of the server that the host does not want them messing with.
The FTP and SFTP protocols work quite differently, and your host needs to have opened a specific port and allowed you SSH login permission to be able to connect with SFTP. If you do have SFTP access, the following steps show how to make a connection using FileZilla. Other clients may differ slightly in layout but require that you enter the same information:
1. In your FTP client, select File➪Site Manager and create a new site.
2. Select the Protocol drop-down box and click SFTP.
The Site Manager dialog box opens, as shown in Figure 4-4.
3. Enter the Host name, Username, and Password, which are normally the same as you would use with FTP.
4. Enter the correct setting in the Port field.
5. Click Connect and your client attempts to negotiate a secure connection. If the client cannot connect, check with your host to confirm whether it allows SFTP connections.
TLS
TLS offers a similar level of security to SFTP but is favored more highly by hosts because it does not require that the client have SSH access to the server.
The following steps describe how to connect using TLS and FileZilla:
1. Choose File➪Site Manager and create a new site or select an existing one.
2. Enter your FTP details as normal.
3. Click in the Encryption drop-down box (see Figure 4-5) and select either Explicit TLS or Implicit TLS.
See the “Explicit TLS versus Implicit TLS” sidebar for more information.
4. Connect as normal.
Explicit TLS versus Implicit TLS
Explicit TLS creates a normal connection to the packet will be secured. Implicit TLS requires that server and then negotiates with the server for you use port 990 instead of the usual port 21. the connection to be made secure when data is transferred. Which type of TLS you use is up to you, but for various reasons, explicit TLS is often consid-Implicit TLS creates an immediate secure ses- ered more secure.sion. It is implied that every command and data
Setting and managing file permissions
File permissions are a powerful security tool created to give the server administrator the capability to define exactly who can read, write, and execute any given file.
Each file has its own permissions, which are either expressed in a textual form (drwxrwxrwx) or in numerical form, such as 755. See Figure 4-6 for file permissions shown in three-digit format in FileZilla.
Each user can be added to multiple groups, and each file can be in one group. This enables you to restrict who has access to the file. member of the public group. That means all users are in the public group.
You can set file permissions any way you want, but generally the owner has the most access, the group has the same or slightly less access, and the public’s access is the same as or less than the group’s access.
The three permissions for each of these users are
✓ Read: Permission to read the contents of the file
✓ Write: Permission to write to the file (or overwrite or delete it)
✓ Execute: Permission to execute a file if it is a program or script
You might be wondering why someone would ever be given permission to execute a file but not to read it. The answer is simple: Executing a file means that you ask the server to do whatever the file is written to do. That could be displaying something on a screen or running a procedure. The file might contain passwords, usernames, database names, or other sensitive information it needs to perform its function, and although you might want to give somebody permission to execute that file, you might not want that individual to be able to see the usernames and passwords that are held in the file.
Breaking down the textual form
When the permissions are displayed in the format drwxrwxrwx, it’s far easier to understand what you’re looking at if you break it into four parts:
d | rwx | rwx | rwx
The first character can be (d) to signal that the file is actually a directory or folder, (-) to indicate that it’s a file, or (l) to indicate that it’s a link.
The next set of three characters indicates the permissions for the owner. All three characters must be represented either by their letter or by a (-). A letter indicates that the owner has that permission. If a dash is used in place of a letter, then the owner does not have that particular permission. For example, rwx means that the owner has Read, Write, and Execute permissions.
In another example, -wx means that the owner does not have Read permission (because there is a - in place of the r), but she does have Write and Execute permissions.
The second instance of rwx sets the permissions for the group, and the last instance sets the permissions for the public.
So if you have a file and you want to give the owner read, write, and execute permissions, the group read and execute permissions, and the public only execute permissions, it would look like this:
-rwxr-x--x
Decoding the numeric form
The other way permissions can be represented is as three numbers. The three-number system ignores whether you’re providing permission to a directory, file, or link, and assigns values to each set of permissions. Each file has a three-digit number representing the permissions; the first digit shows the permissions for the owner, the second digit shows the permissions for the group, and the third digit shows the permissions for the public. The values are
✓ r = 4
✓ w=2
✓ x=1
You get the number for each type of user by adding up the values of each of the permissions.
For example, if the owner has full read, write, and execute permissions, the score for the owner would be 4+2+1=7.
If the group had r and x permissions but not w then the score would be 4+1=5.
In the previous example where the permissions are –rwxr-x--x, the numeric representation would be 751.
Your FTP client should include a visually obvious way of setting file permissions, such as check boxes. For example, in FileZilla, you change file permissions by right-clicking the file whose permissions you want to change and selecting File Permissions at the bottom of the pop-up menu to open the Change File Attributes dialog box. See Figure 4-7.
If you have SSH access to the server, you can set file permissions, file owners, and file groups from the command line using commands chmod, chown, and chgrp. See Chapter 16 for more information.
Creating New FTP Accounts
You may want to create additional FTP accounts for a variety of reasons, such as the following:
✓ You want to give someone else FTP access to your site.
✓ You want to give someone FTP access to just a certain part of your site. ✓ You add a domain or subdomain and want to create an account with
direct access to it.
Your control panel gives you the facility to create additional FTP accounts. The following example uses cPanel to create new FTP accounts:
1. Log in to your control panel.
2. Find the Files section of the panel and click FTP Accounts. An FTP Accounts page appears, as shown in Figure 4-8.
3. Enter the username and password you want the new account to have.
4. Enter the directory you want to be the top-level directory this account can see.
Users of the account will not be able to navigate above this directory. For example, you may have an images folder to which you want to give other people access so they can upload new images. Type the path from the document root to that directory, and that account will only be able to see the images directory and anything in or below it.
5. Click Create FTP Account.
You can add as many accounts as your host will allow. To remove accounts you no longer need, go back to the same place and select the delete icon next to the account you no longer need.
For security purposes, it is a good idea to delete any unnecessary accounts and change the passwords at least monthly.
Managing Files through Your Control Panel
Your control panel also gives you a handy way to manage your files without the need of an FTP client. This is something common to almost all control panels but is sometimes labeled slightly differently. For example, most hosts call it the File Manager, but DreamHost calls it WebFTP.
Using the File Manager is pretty much the same with all hosts, although the exact screen sequence to connect varies slightly from host to host. Here is how it is done with cPanel:
1. Log in to your control panel.
2. Click the File Manager icon in the Files section.
3. In the pop-up box that asks you which directory you want to start at, select Web Root to go to the document root of your primary domain. (See Figure 4-9.)
4. If you want to show hidden files, which are also called dot files, click the option to do so.
The hidden files are files whose names begin with a period, such as.htaccess.
Hidden files are hidden for a reason: so you don’t accidentally delete them as they are generally important.
5. If instead you want to see the hidden files so that you can move, edit, or delete them, select the Show Hidden Files check box to force those files to appear on the next screen.
Be careful with dot files. When you can see them, you can delete or change them just as you can any other file, and you will not be prompted that it is a normally hidden file. If you are deleting a number of files and don’t want to delete your dot files, it’s best to keep them hidden.
6. Click Go to open a new window with the files laid out similarly to how they are laid out in your file manager on your computer. (See Figure 4-10.)
You can perform functions on files such as moving, editing, or deleting them by selecting the file you want to change and clicking the appropriate icon at the top of the window. Alternatively, you can right-click the file to bring up a contextual menu.
The File Manager in cPanel is fairly full-featured and can be used in place of an FTP client for simple tasks, but using an FTP client is much easier when you’re handling multiple files.
Performing Backups through FTP
If there’s one thing you should take away from reading this book, it’s the importance of backups. It’s easy to be blasé and cavalier about backups — at least until you have a serious problem.
That feeling in the pit of your stomach when you see that your website has suddenly vanished and you start scrambling to remember when your last backup was is unforgettable after it happens.
An online daily (or at the very least, weekly) backup solution is essential. If you don’t regularly download a full backup, you’re playing Russian roulette with your website.
My advice is to do a full website backup at least once a month and store it on your computer, a backup drive, or a USB memory stick for quick retrieval if you need it.
To do a full backup, log in to your server through FTP and drag everything from the document root to a folder on your computer.
It may take a while, but eventually all the files will be copied to your computer and you can then do what you like with them to store them.
If you have databases connected to your account, you should also back them up. In fact, you should back up your databases more frequently than your files. See Chapter 5 for details on how to back up your databases.
Chapter 5 Working with Databases — It’s Essential
In This Chapter
▶ Understanding databases
▶ Figuring out how to use databases
▶ Maintaining databases
▶ Creating database backups
Say the word database and many people run for the hills. The realm of databases can seem like an area that is way too technical and too
advanced for most web users. Don’t worry, though; by reading this chapter, you find out that databases aren’t so scary.
In fact, working with databases is easy when you have the right knowledge, and they are powerful, essential tools for building fast, dynamic, modern websites.
In this chapter, I explain what databases are; how they work; and how you can use, modify, and protect them.
Understanding That Databases Are Information Storage Systems
In essence, a database is simply a structured way to store information (data). We all have and use databases on a regular basis, although we don’t necessarily think of them like that.
Your address book is a good example of a database you use regularly. It holds names, addresses, phone numbers, and other information. Your address book has the following qualities:
✓ It stores information.
✓ It is indexed (by alphabet) for the quick retrieval of information.
✓ It has a data retrieval system. In this case, the database retrieval system is comprised of your hands and eyes as you search through the address book.
✓ It sometimes requires a cleanup.
A database is an electronic version of your address book. A database has the following qualities:
✓ It stores information. This information can be anything you want. ✓ It is indexed for the quick retrieval of information. Indexing links pieces of data and keeps data stored in a quickly searchable order,
✓ It has a data retrieval system. The retrieval system is called a query. You make the query and the computer does the hard work of searching for what you want.
✓ It sometimes requires a cleanup. Like your address book, the database can get messy with deleted and changed entries, so some easy cleanup is required every now and then.
Databases can store pretty much any information you want and — as long as you have set up the databases correctly — they can index that information well for extremely fast look-ups.
Every database is made up of three elements:
✓ Tables
✓ Fields
✓ Records
A table is a new store of information, and you can have as many tables in a database as you want.
For instance, if you computerize the paper “databases” you use at home, you might have a table for names and addresses, another table for your Christmas card list, and another for recording important events (such as baby’s first words, when baby started walking, and so on).
Each table is broken up into fields. For example, your names and addresses table might have fields for first name, last name, address, town, ZIP code, birthday, and phone number.
When you first create a database, the table is empty, but it’s ready to have information entered into it, just like after you purchased a new address book.
To fill the database, you create records, one per person or event inside the table. Each record consists of a set of data in each of the fields.
You can set various properties for each field. For example, the birthdays might have to be in a specific date format, and the ZIP code might have to be five digits long to be accepted. That way, information remains consistent through all the records, which helps in indexing and retrieving data.
You can also set which fields are required and which are optional. A new record cannot be stored unless all the required fields are completed, but it can be stored without any data in the optional fields. For example, in the names and addresses table, you could set the first name and last name of the person as required fields. After all, what is the use of storing someone’s address if you don’t also store the name of the person who lives there?
You can set many other rules for fields, too, such as that the data in them has to be unique. You don’t want the same person’s name multiple times on your Christmas card list, so in this instance, you might make the name field a unique field to prevent you from sending more than one Christmas card to each person.
You can also do all sorts of other exciting things, such as linking fields between tables. This task is outside the scope of this book, but you can explore a book that’s specifically about databases if you want to learn more. Suffice it to say that databases can be flexible and large, and with them, you can do things you have never previously dreamed possible.
Making Your Site Dynamic with Databases
Databases are great for storing customer details and sales records, and you can certainly use them for that purpose, but databases have another forte, too: generating dynamic websites.
Think back a few years to the early days of building websites. In those hal cyon days, sites were built by creating each page individually and crafting each part of every page to look exactly the way you wanted it. If you wanted to make a change to your design across your site, you had to change every single page to update it with the new design. It was monotonous and difficult — especially if you had a big website.
New technologies were created to help make websites more manageable. You could include one page inside another, so, for instance, you could have a file called header.html, and make it so that every page you created from then on showed header.html at the top of the page. That way you could get a uniform design or menu system across your whole site and only had to change one file (header.html) to update the entire site.
Cascading Style Sheets (CSS) introduced more flexibility by enabling you to create a style sheet in which you defined default styles for your whole site. For example, you could define in the style sheet that every time you placed text on a page and called it a header, it would display in a particular font at a particular size.
Style sheets are actually a form of database, though you may not think of them that way. Each section of the style sheet has a unique name and definitions of the style associated with that name. Your browser then references that style sheet and searches through it for the information it needs using the name as the index. A style sheet is a fairly rudimentary database, but it’s a database nevertheless.
Websites continued to grow, though, and users wanted websites to have up-to-date information and content. Businesses were creating websites, and their customers wanted to be able to go to the website to find out what was new and exciting.
The result is that companies had to start writing regular update messages and keep an archive of old messages. Each message or announcement was on a different page; as a result, the number of files in a website could rapidly become huge. If you add something new even once a day, by the end of a year you have 365 more pages on the site than you had at the beginning of the year.
Consequently, sites became slow and unwieldy, so some bright spark came up with the idea of using a database to hold the pages. At first glance, that may sound incredibly difficult but it actually is not. What you need to do is separate design and content.
Websites, like everything else, follow certain design rules, and those rules have to stay the same across the whole site to maintain visual consistency.
Therefore there is a basic framework for each page that might look some thing like this:
✓ A header area at the top which contains the site logo and name
✓ A navigation area underneath the header with links to all the different areas of the site
✓ A content section, where the information specific to that page goes
✓ A sidebar at either the left or the right to share more links, ads, and additional content
✓ A footer at the bottom that contains copyright information, credits, and extra site links
The dawn of Content Management Systems (CMSs) made it possible for the text for any particular page to be held in a database while the design of the page is handled separately. The two are automatically melded together for displaying the site on a visitor’s computer.
All of a sudden, design and content were separated. People realized that you only had to create the design once and after that, it was just a case of putting the content in the right places.
When you look at most websites, you see a space on the screen for the bulk of the text. This is called the content area. Having an area on the page designated to content is an opportunity for a database to come into play.
You can update your site regularly simply by using a database to change the content in the content area. The design stays the same; only the content changes.
Create a database with a table for content in which each record is a new article and has fields in it for the date and the text or figures you want to change on the site. The content from the database is fed into a file that specifies how the page will look. The database simply looks for the appropriate record and delivers the content from that record.
It can seem a bit magical.
Suddenly, you have a website that only has a few files that define how the site should be displayed and a single database that can hold the thousands of records of content.
By using a database, you also have the possibility of including a search facility on your site so that your visitors can use keywords to search for older content. It’s difficult to search a site made up of thousands of different files, but it’s quick and easy to search a database.
The database is what makes a site dynamic. The pages don’t exist as indi vidual files; instead, they are created when the user wants to view them by pulling data from a database and feeding it into a display template.
Having a database also makes changing the site design easier. Because you don’t have to update thousands of files with the new design, you update the one or two files that hold your website design, and the content is automatically pulled from the database into the newly designed pages. Slick!
Choosing a Database Technology
As with all things, there are many database technologies to choose from. In this section, I tell you about four and give examples of when and why you might use them. For more information about databases, I recommend the excellent PHP, MySQL, JavaScript & HTML5 All-in-One Desk Reference For Dummies by Steve Suehring and Janet Valade (John Wiley & Sons, Inc.).
SQL (Structured Query Language)
SQL (pronounced as either S-Q-L or “sequel”) is a language designed specifically to handle data stored in a Relational Database Management System (RDBMS) database. This sounds complicated, but really it isn’t. SQL is simply a way of getting data into and out of a database.
SQL is used in products such as Oracle and Microsoft SQL, which provide tools for using, manipulating, and developing with SQL.
SQL has a set of standards that define how it operates. However, these standards are either ignored or interpreted so differently by the companies that develop SQL products that despite the fact that their databases are written in the same language, there is often little or no portability between them.
Portability refers to the ease of moving something from one system to another. It is also shortened to just the word port, as in, “It’s difficult to port the database between systems.” In this particular case, an SQL database created with one company’s tools might simply not be recognized at all by a similar tool from another company. Hence “there is little or no portability.”
In theory, you should be able to develop a database product in Microsoft SQL and then query it using an Oracle system if you want to. In practice, it doesn’t work quite that smoothly; the two don’t play nicely with each other.
Products that use SQL are commercial and cost money to buy. There are some very powerful tools created by the companies to help you use SQL, though, and so the commercial products are still very popular.
MySQL
If you are really unsure about databases, your best option is to use MySQL. It’s free, easy to use, and almost universally accepted by web hosting companies.
MySQL (pronounced My S-Q-L or My Sequel) is a free version of SQL developed by Michael Widenius and David Axmark and named after Michael’s daughter, My.
MySQL is based on the SQL standards, but it does not comply with them fully. It was written with its source code freely available under a GNU GPL (General Public License).
You can administer MySQL from a command line or by using one of many Graphical User Interfaces (GUIs). Its popularity has grown incredibly over the last few years because it comes preinstalled by most web hosts, who also install the phpMyAdmin GUI for it.
MySQL is free, easy to use, powerful, and robust enough for most purposes.
It is the database used by popular applications such as WordPress, Joomla, Drupal, and phpBB, and it is the database language behind sites such as Google, Wikipedia, Twitter, and Facebook.
Microsoft Access
Microsoft Access is a database technology developed by Microsoft (who else?) for use in its Office suite of products.
Access has been well integrated into Office so that all of the office suite products can easily use databases created with it. Access has been continually updated by Microsoft for many years, so it offers an easy-to-use, integrated system that can be valuable for small businesses.
Access is not well suited to the web, though. It does not offer great portability between systems, so although it is great for in-house applications, it is not the best choice for building a website.
PostgreSQL
PostgreSQL (sometimes called Postgres) is a free Object-Relational Database Management System (ORDBMS).
The differences between MySQL and PostgreSQL are fairly significant in terms of how they work behind the scenes, but fairly small in terms of performance for the average website.
PostgreSQL, like MySQL, has been around for a while now and has proven itself to be stable, full-featured and, more recently, as fast as MySQL.
Creating a New Database
You need to create your database within your control panel and create a special database user who has permission to access it.
When you are installing a web application or script that requires a database from your control panel, the installer will most likely be able to create its own database and user. When you are installing a script from elsewhere or are building your site manually, you need to create a database and user yourself.
The exact steps required to create a database vary from control panel to control panel, but most are essentially the same as the following steps, which are for cPanel. To create a new database automatically, do the following:
1. Log in to your control panel.
2. Click the MySQL Database Wizard in the Databases section.
3. Type a name for the database.
On most control panels, the name of the database can be a maximum of
eight letters.
4. Click Create Database.
5. Type a username.
On most control panels, the username can be a maximum of seven letters and should be a word unique to the user.
6. Type a password for the user and then retype it in the next box.
You can use the password generator to generate a very secure pass-
word, but don’t forget to make a note of what it is!
7. Click Create User.
8. Select the privileges the new user will have on the database.
Unless you know of specific privileges you want to exclude the user from
having, it’s best to click All Privileges.
9. Click Next Step.
Alternatively, you can create a database manually by using the following steps:
1. Log in to your control panel.
2. Click MySQL Database in the Databases section.
3. Type a name for the database.
On most control panels, the name of the database can be a maximum of
eight letters.
4. Click Create Database.
5. Scroll down to the section titled MySQL Users and type a username. On most control panels, the username can be a maximum of seven letters and should be a word unique to the user.
6. Type a password for the user and then retype it in the next box.
You can use the password generator to generate a very secure pass-
word, but don’t forget to make a note of what it is!
7. Click Create User.
8. Scroll down to the Add User to Database section and select your database and username from the drop-down menus.
9. Click Add.
10. Select the privileges the new user will have on the database.
Unless you know of specific privileges you want to exclude the user from having, it’s best to click All Privileges.
11. Click Make Changes.
Managing Your Database
As the vast majority of database-using websites use MySQL, this section focuses on how to manage a MySQL database. Some of the principles are the same for managing other types of databases, but consult a guide to your particular database product to ensure you keep your database healthy.
Databases, as I say earlier, are simply information storage systems. Imagine a database being like a wall full of mailboxes. Each mailbox can hold one piece of information and there are an infinite number of mailboxes.
As an example, say you are creating a database of all your customers. Each customer takes up one mailbox, and you keep an alphabetical index of which customer’s records are in which box.
At first, you only have a couple of dozen customers, so little space is required, making it easy to pull out the record for any given customer fairly quickly. Over time, though, new customers come, some of the old ones go, and, before you know it, you have hundreds or even thousands of customers. Your index is full of records that have been crossed out, and new entries have been squeezed in here, there, and everywhere.
To get to the most recent customer’s records, you have to walk miles down the wall of mailboxes to find the right one. Even if you know its location, it takes a long time to get to it.
More frustrating than that, even, is the fact that some of the mailboxes you walk past are empty because the customers’ records have been removed for one reason or another.
In short, over time, left unchecked, your mailbox wall becomes a mess that makes finding things slow and laborious.
What you need is a little cleanup and maintenance. Go through the whole wall; move everything together so there are no empty mailboxes in the middle; create a new, clean index; and pick up off the floor any records that might have somehow fallen out of their boxes. With a little work, the system is repaired so that storing and retrieving customer files becomes much easier again.
Exactly the same is true for an electronic database. Over time, things are deleted; some items get re-created at a later date and some do not; records get corrupted; indexes get jumbled; and everything slows way down.
You can use tools, such as phpMyAdmin and MySQL Workbench, to automatically fix, clean up, and optimize your databases and to manually view, edit, and delete records. These tools are powerful and give you a way to look behind the scenes at the content of your database as well as poke around and do whatever you need to do.
Database management is essential, but can also be dangerous. Data can be lost or corrupted easily if you select the wrong command or accidentally click in the wrong place. Always back up your database before performing any maintenance, even automatic maintenance, and proceed with caution.
Four essential commands
You can use four built-in commands in MySQL to keep your database in top condition:
✓ Analyze: This command improves performance by analyzing a table for key indexing information to help MySQL make decisions on how to join tables and search for data.
✓ Check: This command checks for corruption in a table. This is mostly used if you have had a server crash or are experiencing weird data inconsistencies or issues.
✓ Repair: The repair command only needs to be run if the check command finds errors. It goes through and re-indexes and repairs the data in the affected tables. Obviously, the repair command cannot fix data that is completely missing or corrupt, but it is a useful tool for fixing many problems.
✓ Optimize: Running the optimize command regularly keeps your database running quickly and smoothly by defragmenting it, sorting the indexes, and updating the index statistics.
If you are proficient with using a command line, these options can be run from there. If you are a beginner, the easiest and safest way to run these commands and to do other maintenance work on your database is through a GUI. I recommend two: phpMyAdmin, which is used through a browser, and MySQL Workbench, which is a program you install on your computer.
phpMyAdmin
phpMyAdmin is the go-to tool for quick, easy MySQL administration. Installed automatically on most web servers, it offers an intuitive and easy way to manage your databases through your browser.
phpMyAdmin is available on almost all control panels. Use the following steps to log in to phpMyAdmin:
1. Log in to your control panel.
2. Click on the phpMyAdmin icon, which may be in the databases section or may be somewhere else, depending on your control panel.
3. If asked, enter the user details for your database.
You set up the user details when you create the database (refer to the earlier section, “Creating a New Database”). If the database was set up automatically by a script you are using, there is usually a configuration file that holds the username and password. For example, if you are using WordPress, the wp-config.php file in the root of your WordPress folder has the details you need. Some hosting software does not ask for a username or password to give you access to the management areas.
The phpMyAdmin front panel opens and you see a page similar to Figure 5-1.
A column on the left side lists your databases. Depending on your hosting plan limits, you could have a number of databases listed here, one for each web script you have installed.
There may also be a database listed called information_schema. This is a kind of master database that holds information about the makeup of your other databases. It should be impossible to edit or delete it, but steer clear of it, just in case.
The right-hand column displays information about the server and options for what you can do.
To start managing your database, in the left column click the name of the database you want to manage.
Be sure to select the correct database. Over time, you may have created more than one database, and it’s important to select the right one. Check your web script’s configuration file for the name of your database if you are not certain.
Click your database to bring up a list of the database tables in the left column and also in the right (see Figure 5-2). How you use all the options on this page is out of the scope of this book. PHP, MySQL, JavaScript & HTML5 All-in-One For Dummies, by Steve Suehring and Janet Valade (John Wiley & Sons, Inc.), is a good source of information about the functions in phpMyAdmin, but there are a few specifics I will point out:
✓ Select the Browse option next to any table to see and edit the data held in that table.
✓ Do not click Empty or Drop. These commands completely empty or
delete the table. Unless you are sure you want to do this, you should avoid these options completely to minimize the risk of doing damage.
✓ The column labeled Rows shows the number of records in that table.
This can be useful to help you find the table you’re looking for. For instance, if you have a blog, the table with the most rows is probably your blog posts.
✓ The Overhead column is important for maintenance. The Size column shows you how much space the table is taking up. The overhead is then calculated by taking the actual amount of data in the table from the table size. If there is a number in the Overhead column, it shows you that there is wasted space and the table needs to be optimized. (These columns are not shown in Figure 5-2.)
You can run the table maintenance commands using one of two ways. Use the following steps to use the first method:
1. Click on the name of the table.
2. Click Operations on the menu along the top of the window and scroll
to the bottom of the page until you see the Table Maintenance section.
3. Click the command you want to run.
A Flush option is also available. This command flushes the internal caches, which can sometimes help speed up the database. (See Figure 5-3.)
Alternatively, you can use the following steps when viewing the database structure:
1. Select the table(s) you wish to work on.
2. Scroll to the bottom of the table list and click the drop-down list (see Figure 5-4).
3. Select the command you want to run from the list.
MySQL Workbench
Although phpMyAdmin and other browser-based tools for managing databases are good, there may be times when you want something a little more powerful. That’s where MySQL Workbench comes in.
MySQL Workbench is a free database design and administration tool made by Oracle that joins together two previous products: MySQL Query Browser and MySQL Administrator.
Installing MySQL Workbench
To download and install the Workbench for most operating systems, use the following steps:
1. Go to http://dev.mysql.com/downloads/workbench/.
2. Scroll down the screen to the download section, and then select your operating system (OS) from the drop-down box. (See Figure 5-5.)
3. Click the Download button for the appropriate installer.
4. Install the software as appropriate for your OS.
Open MySQL Workbench and you are presented with the three columns shown in Figure 5-6:
✓ SQL Development: This section gives you an SQL window where you can run any SQL commands you need on your database. This is useful for manually running maintenance commands, querying data, and editing data.
✓ Data Modeling: Useful for more advanced database users, this section helps you design and analyze databases. This is a design tool rather than a maintenance tool, but it can be very handy when you’re creating and dealing with complex database structures.
✓ Server Administration: Some of the facilities in this section require remote administration to be switched on at the server, and many hosts won’t allow that. Even without that, though, the Server Administration section shows you some useful information about the health of the server and provides an essential database backup facility (see the later section, “Backing Up Your Database,” for more details.)
Figure 5-6:
MySQL
Workbench opening screen.
Configuring MySQL Workbench
After you open MySQL Workbench on your computer, the next thing you need to do is set up a connection to your server. Follow these steps:
1. Click New Connection in the left column.
2. Give your connection a name and select your connection method. (See
Figure 5-7.)
You can find out the correct connection method for your server from your host.
3. Enter your hostname, port, and username.
The port is usually 3306, unless your host advises you otherwise.
4. Choose to store your password in the vault if you want your computer to remember it for you (or in Keychain if you’re on a Mac).
If you don’t choose to store the password, you are asked for it every time you connect to the server.
5. Click Test Connection.
The software attempts to connect to the server using the details you entered. If it is successful, you see a message telling you that the connection was successful and the connection parameters are correct. You can then click OK to complete the setup.
If the connection is not successful and the error message says that “Host xxxxxxx is not allowed to connect to this MySQL server,” (see Figure 5-8) move on to Step 6.
6. Make a note of the name of the host it says is not allowed to connect.
7. Log in to your hosting control panel.
8. Look for an option labeled Remote MySQL and select it.
9. On the Remote Database Access Hosts page, enter the hostname exactly as you copied it down from the error message.
10. Click Add Host.
11. Return to MySQL Workbench and test the connection again.
12. If it still fails, check with your host to confirm that you are allowed remote connections.
Next, use the following steps to set up a connection to the server in the Server Administration section:
1. Click New Server Instance in the right-hand column of the Workbook home page.
2. Select Take Parameters from Existing Database Connection, and select the connection you just created from the drop-down box. (See Figure 5-9.)
3. Click Continue.
4. When the connection check is complete, click Continue again.
5. Select whether to use remote management and click Continue.
6. Enter a name for the Server Instance and click Finish.
Return to the home page, and your connections will appear in the boxes on the screen (see Figure 5-10). To use the SQL Development or Server Administration tools, click the connection you just created.
If you have more than one server, you can create multiple connections. Just make sure to give them obvious names so you can tell which is which.
Backing Up Your Database
Sites that use databases must make database backups a priority. The site design can be easily re-created in the event of corruption or loss, but the data in databases is much harder to rebuild — unless you have a good backup.
Your host may already back up your database as part of its normal backup routines, but it is still wise to ensure that you have a recent copy held locally just in case.
Your web script may have the facility to back up your database automatically or you may be able to use a plug-in to create a backup. Back up your database either to another server (Dropbox or a similar service is a good place to back up to), or you can have a backup e-mailed to you if it isn’t too large.
Do not make the backup of the database on the same server as the master copy. If the server goes down, you will not be able to access either the master or the backup. Not good!
If you cannot back your site up automatically — or even if you can and you’re a little paranoid about your precious data (like I am about mine) — you can also back up the data manually using one of the tools I mention earlier in this chapter.
Backing up using phpMyAdmin
Use the following steps to make a backup using phpMyAdmin:
1. Log in to phpMyAdmin.
2. Click the database you want to back up.
3. Click on the Export tab (see Figure 5-11).
4. Click Go to download a complete database backup.
Alternatively, you can select only the options you require and then click Go.
The database downloads to your default download folder. Store it in a safe location — in a different folder on your hard drive, on a USB memory stick, or on a DVD.
You can also make backups using MySQL Workbench by following these steps:
1. Open MySQL Workbench and open a connection to your server in the Server Administration section.
2. In the column on the left of the Admin area, click Data Export.
3. In the right column, select the database(s) you want to back up.
4. Select whether to Export to a Dump Project Folder or a Self-Contained
File (see Figure 5-12).
5. Select the folder you want to save the backup in.
6. Click Start Export.
The Export Progress screen appears and notifies you when the export is complete.
The difference between exporting to a project dump folder and exporting to a self-contained file is that the first option creates a folder with separate files for each table in your database. This enables you to modify and restore any individual table without touching the others. The second option, however, creates a single file that holds all the tables. Which you choose is a matter of personal preference.
Restoring from a Backup
Restoring a database from a backup can be one of the most nerve-racking and risky tasks you can undertake as a website owner. Use the following two simple rules, though, and it will be a lot less stressful and intimidating:
✓ Remember to make a backup of your database before doing anything to it. The database may have corruption or may be causing issues of some
kind, but, if possible, always make a backup of what is there, just in case you need it later.
✓ After you have made a backup, remove any tables that you are going to restore. You can do this using the Drop command.
MySQL will not just overwrite data in a table; it will attempt to append the new data to the end of the table, meaning you can end up with duplicated data and a bigger mess than when you started.
Do not just empty the table because the issue may be in the structure of the table itself. Drop the table completely so it is completely re-created when you do the restore.
After you’ve done these two things, you will have the peace of mind that you have a backup of the original data, or what’s left of it, and a have created a clean, empty space to upload into.
Restoring from a backup is simply the reverse of creating a backup.
Restoring a backup using phpMyAdmin
Use the following steps to restore a backup using phpMyAdmin:
1. Open phpMyAdmin.
2. Select the database you want to restore to.
3. Click on the Insert tab.
4. Select the file you want to restore from by clicking Choose File.
5. Click Go.
All tables in the file you selected are restored to the database. If you have not dropped all the tables you are restoring, the restore may fail with an error due to duplicate records being created.
Restoring a backup using MySQL Workbench
Use the following steps to restore a backup using MySQL Workbench:
1. Open MySQL Workbench.
2. Under Server Administration, click the server you wish to restore to.
3. On the right column, click Data Import/Restore.
4. Select whether to import from a dump folder or self-contained file, depending on how you backed it up.
5. Browse to the file you want to restore from and select it.
6. Click Start Import.
It is important to make regular backups of your database so that if you do ever have to restore from the latest backup, the amount of data lost is minimized.
Chapter 6 Protecting and Speeding Up Your Site by Understanding Logs
In This Chapter▶ Getting to know logs
▶ Knowing how to find and read logs
▶ Using logs to spot intruders
Just the mere mention of log files is enough to send better men than I running for the hills. Log files are big, scary-looking, and seem like they’rewritten in a foreign language. Even I still feel like I have to take a deep breath before diving into one.
They’re really not that scary, though. Log files are full of useful nuggets of information and can quickly help you make your site faster and more secure — when you know where to look!
Log files are created by the server and the software that runs on it to literally keep a log of everything that happens. Each piece of software, if it’s well written, will keep logs of events, particularly errors, so that you can go back to see what the server was doing when it got the error and exactly what error occurred.
Reading Logs
There are, essentially, two types of logs:
✓ Logs that can be displayed graphically. These are logs that record details of activity, which can then be read and analyzed by a program to display the results in a more easily readable form.
✓ Logs that must be read manually. These are generally logs that record events such as errors or access attempts.
Most control panels come with graphical log-reading software installed called stats. The following are some of the most popular programs:
✓ Awstats
✓ Logaholic
✓ Webalizer
There are many other programs, and some hosts design their own stats packages, but they all essentially do the same thing. They read the visitor logs and use statistical tools to create an analysis of what’s been happening on your site.
You may be surprised at the breadth of information that can be gathered by the server from visitors without their knowledge. Statistical tools collect the following information:
✓ The page where the visitor arrived (the landing page)
✓ The pages the visitor went to and how long he spent on each
✓ The site he had been on before arriving at your site
✓ What search terms he used if he found you because of a web search
✓ Which links on your site he clicked
✓ Where in the world he is located (down to the city)
✓ What browser he used to view your site
✓ The screen resolution of the device he visited the site with
✓ How many colors the screen was set to display
✓ What operating system was used
✓ How often the visitor has come to your site
The trick is not in gathering the data; your server will do that for you automatically. The trick is in reading and analyzing the data to help you improve your site.
Using Logs to Identify Speed Bumps on Your Site
Everybody hates speed bumps in the road. You have to slow your car to cross a speed bump, and still everyone inside gets shaken up like gelatin in an earthquake. Nobody likes having to slow down, and speed bumps make the traveling experience less enjoyable so you try to avoid them whenever possible.
The same goes for websites. People don’t like slow websites. We’re all getting spoiled these days by fast Internet connections, and research shows that web users will click away to another site if yours takes more than two seconds to open. A faster site retains more visitors; with a slower site, visitors may click away to a competitor’s site.
In the same way that drivers avoid streets with speed bumps, web users avoid sites with speed bumps, too.
A number of factors affect the speed of your site, including the following:
✓ The server you are on. Generally, being on a dedicated server means your site will be delivered faster than on shared servers.
✓ The platform you use to build your site. Some platforms are faster than others, but speed also depends on your site design and the type of server it is on.
✓ The size and number of images you use on your site. Bigger pictures take longer to load — it’s that simple.
✓ The number of bells and whistles you beautify your site with. Cool effects and widgets can make a site look good, but they can also slow the site down to a crawl if you use too many.
✓ The geographical location of your server. The farther away your server is from your visitors, the longer it takes the information to get to their screens.
The information your server gives you can revolutionize how you manage and develop your site, and it’s fairly easy to read. In the next couple of sections, you find out how analyze your stats for speed bumps.
Opening web stats
To demonstrate how to read stats, I’m going to focus on the Webalizer stats program, which is installed on most cPanel and Plesk systems. All stats programs display the information differently because their focus differs depending on what their developers think is most important.
I generally view at least two stats programs whenever I’m doing site analysis because little bits of information often are displayed on one program and not another.
Use the following steps to open Webalizer:
1. Log in to your control panel.
2. Search for the stats or logs section.
In cPanel, the section is usually called Logs and is about halfway down the screen. (See Figure 6-1.)
3. Click Webalizer.
4. Click the magnifying glass next to the domain for which you want to
view statistics.
If you have multiple domains hosted in the same account, Webalizer enables you to pick the one you want to view statistics for.
5. Select the month you are interested in from the 12-month summary page.
The summary page gives a broad overview of various statistics by daily average and monthly total. This can be useful to spot trends, but the real gems are hidden on the next page.
You’ve opened Webalizer, so the trick now is to glean useful information from it. I now walk you through it section by section.
Mastering the terminology
First you need to learn what each term in the statistics means. In the statistics, you see the following headings:
✓ Hits: The total number of requests received by the server in that period.
✓ Files: The total number of files delivered by the server. This is lower than the number of hits because the server doesn’t deliver a file if the user’s computer already has a cached copy of it or if the request is for something that doesn’t exist.
✓ Pages: This is the total number of actual page views, not a count of all the component parts that make up a page.
✓ Visits: The number of times your site has been visited. The way it calculates this is by counting all page requests from one person within a certain time period as one visit. So if you go to a site and read four pages, four page views are recorded, but only one visit is recorded. If you do not request to see another page within 30 minutes of your last request, your next page view is classed as the first in a new visit.
✓ Sites: The number of unique IP addresses that have requested pages from your site. This figure can be misleading because multiple people in the same office can have the same address; in this case, multiple people may view your site but they are recorded as just one individual. On the other hand, one person could look at your site from her phone and her computer, both of which might have different addresses; in this case, you see two site records for only one real person. The Sites statistic gives you a rough idea of the number of unique visitors to your site, though.
✓ Hostname: Every device has its own unique hostname. It can have multiple IP addresses but can only ever have one hostname.
✓ Kbytes: Every file that makes up your site and every page has a physical size, measured in bytes. The number of bytes of data that need to be sent to deliver a file or page is added up by the server every time it receives a request. This figure is a measure of the total amount of data that was sent in response to requests from visitors for pages and files. This figure is also referred to as the amount of bandwidth used. If your host gives you a certain amount of bandwidth per month, that is calculated by the total number of bytes of data requested from your site during that month.
✓ Response code: When a request is made for data from the server, it logs a response code relating to how successful it was in completing the request, called a HTTP response code. For example, a code of 200 means OK — in other words, it did exactly what it was asked to do. On the other hand, code 404 means Not Found, meaning the request was for a file or page that doesn’t exist.
HTTP response codes were defined in the HTTP/1.1 standard (RFC 2616) and are thus standardized across the Internet. There are dozens of possible codes, split into five categories, each starting with one of the numbers 1 to 5. The number 1 provides informational codes, the number 2 shows success codes, 3 refers to redirection codes, 4 indicates client error codes, and 5 identifies server error codes. See Chapter 10 for details on how to create custom error pages that will display to the user when a specific error code is generated.
Reading your web stats
Now you know what all the terms mean. Next, I explain each section on the Webalizer page and how you might use it.
✓ The first section of data gives you overall monthly statistics. The following sections all break down the details in this first section.
✓ The next two sections show you the daily usage of your site. The details are shown in graph form: The days are numbered along the bottom axis, and three lines plot statistics for three types of data. Those results are then given in numerical form, by day, and show how many hits, files, pages, visits, sites, and KBytes were recorded. It also gives a percentage of the total monthly usage for each day. This is very useful for determining if a day or days had particularly high usage. If so, you should investigate why that was and see if there are ways you can spread the visits out more evenly. In simple terms, the more visitors you have at once, the slower the site goes. It’s like a shopping mall: When nobody is around, you can get in and out quickly, but on Black Friday, it’s a whole different story!
✓ The next two sections look at data transfers across the month and break them down by hours of the day. You can also analyze this to see if the site is particularly busy during certain hours.
✓ The next section shows you the top 30 Uniform Resource Locators
(URLs) requested in the month. This basically identifies the most frequently requested pages and files.
✓ The next section shows the top ten URLs by KBytes. This is one of the most important sections for speeding up your site because it shows which files and pages contain the most data and take the longest to load. Figure 6-2 shows the top ten URLs by KBytes from one of my customers’ sites. If you look at the first line, one file has used more than 39 percent of the data but has had only 0.22 percent of the hits. Looking along the line, you can see it’s a PDF file so that’s not unreasonable. It’s a download and visitors understand that downloads can take time. The next line, though, shows that one image has had 3 percent of the total hits but has used 13 percent of the KBytes. Looking further down, this is a disproportionately high amount of data, so it suggests that this image is a lot larger (in file size) than any of the others on the site and thus loads slower than the others. Seeing that suggests that you look at what that image is and why it’s using up so many resources, and maybe find ways to optimize it so it doesn’t slow the site down so much.
Figure 6-2: Top ten
URLs in
KBytes as shown in Webalizer.
✓ The next section shows the top ten entry pages. An entry page is the first page viewed on any given visit. For blogs, this will show which post was most popular in the month. For other sites, though, this can really help you with your site Search Engine Optimization (SEO). Ask yourself why visitors are arriving at those pages first and whether those pages then make people want to stay to browse around. Discovering why certain pages are more popular can help you optimize other pages on your site to increase their popularity. Additionally, if you’d rather that people first land on a different page, it can help you modify the site accordingly.
✓ The next section shows you the top ten exit pages. The exit page is the last page a person sees before leaving your site. If the entry and exit page lists are fairly identical, then it means visitors are only viewing one page on your site before leaving. The site is not drawing them in to go to other pages. If the exit pages are not all the same as the entry pages, you might ask yourself why people leave the site after going to those top ten pages. Is there something offensive on them or do they maybe need some work to make them more “sticky”?
✓ The next two sections show the top visiting sites by hits and by
KBytes. For most of us, this is fairly meaningless, but it can show you if one person is visiting a disproportionate number of times and you can investigate why.
✓ The next section shows the top referrers. Referrers are pages that request a page or file from the server. Most referrers will be pages from your own site because pages on your site have multiple objects on them and so when a page is displayed, it has to request every object it needs to be complete. For example, if you have ten images on a page, every time that page is viewed, it has to make ten requests from the server and thus has referred ten files. It can be useful to look through and find the top referrers that are not internal (on your site) so you can see which sites — and which pages from those sites — are sending the most visitors your way.
✓ The top 20 search strings show up next. This refers to the searches people did on search engines that resulted in those individuals clicking on a link to your site. This information can be very eye-opening because it reveals how people find your site.
✓ The next section is the top 15 user-agents. That’s simply a big name for browsers — the programs you use to view web pages. Every browser will potentially display your website slightly differently. When you design your site, you should test it in multiple browsers to ensure that it looks right in all of them. Knowing which browsers your visitors use most can help you optimize your site for each browser and show you which browser you should concentrate on when redesigning your pages.
✓ The final two sections show what countries your visitors are in. Knowing where your visitors are can help you both in the marketing and ongoing design of the site and also in knowing where your server should be located. For instance, if the majority of your visitors are in Europe, then hosting your site on a server in Europe may be a good idea. That way, you will help speed up server response times to those visitors.
Other stats programs show slightly different statistics. Look around at the programs available to see what useful information you can glean from them.
The data you see displayed in any stats program will be fairly accurate, but you might find that the results differ between stats programs even on the same server. The reason for this is that these programs use statistical analysis tools and formulas to come up with the data they display. None is perfect.
Finding Your Logs
Log files are everywhere — and I do mean everywhere. Finding the right ones can be a chore, but here are some of the main files and locations:
✓ Linux has a main log folder located at /var/log/. A quick look in the /var/log/ folder on one of my servers showed more than 50 different log files with a further 10 subfolders that contain more log files. Those log files include everything from which software updates have been run to what mail has passed through the server.
✓ Depending on the control panel software installed, there may be File Transfer Protocol (FTP) logs somewhere. In cPanel, they are in the root of your hosting space in the /access-logs/ folder. In Plesk, they reside in /usr/local/psa/var/log/xferlog.
✓ Each different control panel generates its own log files. cPanel has logs in /usr/local/apache/logs/, /usr/local/apache/domlog/, and in /usr/local/cpanel/logs.
✓ Your web platform and scripts may generate their own error_log files too, which will be scattered around your hosting space.
To view most of the log files, you need root access to the server. You won’t be able to get to those log files you’re on a shared server, but you should have access to them on a Virtual Private Server (VPS) or dedicated server.
Error logs in your hosting space should be freely available to you without root access. They can help you find and fix problems that are occurring in your website.
It is important that you familiarize yourself with the log files so you can track down the source of any problems that might occur.
Spotting Security Breaches Using Your Log Files
The big question is always about security. How can you keep your site secure and guarantee that it won’t get hacked?
The short answer is this: You can’t.
Everything is hackable given enough time, devious brains, and resources. There are things you can do, though, to protect yourself somewhat. I discuss those things in Chapter 8. Here, though, I open the door a crack and show you some things you can do to track down the source of your problems if you do get hacked.
The first thing to do is to check your FTP log files. In cPanel, those are found in /home/youraccount/access-logs/.
If you have been hacked, then it is most likely that some of your files have been altered. Use FTP to look at the date stamps on your files to see when the affected ones were last changed and thus find out when the attack happened.
Then download the logs to your computer via FTP and open them. I recommend the free Notepad++ (http://notepad-plus-plus.org) software for editing and viewing logs.
The FTP log should have lines of data looking a little like this:
Fri Nov 16 11:11:33 2012 0 97.182.220.213 248 /home/daytutor/public_html/.
htaccess a _ o r daytutor ftp 1 * c
The information in that line of data breaks down like this:
✓ Fri Nov 16 11:11:33 2012 is the date and time, obviously. ✓ 0 is the number of whole seconds the transfer took. This transfer took less than a second.
✓ 97.182.220.213 is the IP address of the computer that did the transfer.
✓ 248 is the size of the file transferred (in bytes).
✓ /home/daytutor/public_html/.htaccess is the file transferred and the full path to it.
✓ a is the type of transfer. It can be either a for ASCII or b for binary. ✓ _ [underscore] represents the action taken. The _ means no action, C means compressed, U means uncompressed, and T means Tar’ed.
Tar originally meant Tape ARchive and was a system developed for con-
verting data into a single stream for recording onto backup tapes. The technology is still used today but it’s mostly used to collect files into a single archive file and store them on any media. A tar file usually has the file extension .tar and is uncompressed. You can use additional compression software to compress .tar files, in which case the file extension is changed to indicate what compression software was used. For example, a .tar file compressed using the gzip program will have the extension .tar.gz. ✓ o is the direction of the transfer. The o is for outgoing, i is for incoming, and d is for deleted.
✓ r represents the type of user. r is for a real user, and a is for an anonymous user. Note: “Real” does not mean human; it means the login used a username/password combination.
✓ daytutor is the username used to log in.
✓ ftp is the service used (this normally will be FTP).
✓ 1 is the authentication method. The 1 is a valid authentication method as defined by RFC931. A 0 means no authentication was used. ✓ * indicates the user ID of the user who made the transfer (if said user were logged into the server at the time). The * means the user was not logged in.
✓ c is the completion status. A c means the transfer was complete. An i means it was incomplete.
In the example, you can see that it was a file called .htaccess that was transferred out using FTP by user daytutor on November 16, 2012, at 11:11.
However, the big question is who did the transfer. All you know is that the person used the username daytutor and had the IP address 97.182.220.213.
The first thing you should do is go to http://www.whatsmyip.org, which will tell you what your IP address is so you can compare the two. If the IP address in the file is not the same as yours, it may signal a security breach.
If the IP address is not yours, does anyone else have FTP access to your server? Do you use a backup system on another server that uses FTP to connect to this one?
Go to your preferred search engine and enter the IP address. This will give you a list of sites that can show you the geographical location of the device that uses that IP address. If the IP address is for a server, it should also show the hostname of the server.
You can also go to a site such as http://network-tools.com and enter the IP address there. If the IP address is connected with a server, you may get more information about the server from Network Tools.
There’s little else you can do to track down who uses that IP address, unfortunately, but you might be able to draw some conclusions from what you learn about the IP address. For example, I once helped a client whose site had been hacked, and the IP address told us which city the hacker was in. As it turned out, it was a small city and just happened to be the city where someone who had a vendetta against him lived. Coincidence? I don’t think so!
Next, go to your server’s firewall settings and deny that IP address access to your server. This won’t stop some hackers because they can simply switch IP addresses, but at least it stops attacks coming directly from that IP address again.
The battle against hackers is a never-ending one. I wish I could say that wasn’t the truth, but it is the reality in which we live. Although the battle may be ongoing, the prognosis is not that grim. Applying good security to your site and regularly checking your logs for suspicious activity can help you keep your site running healthily. Read more about securing your site in Chapter 8.
Chapter 7 Building Your Site Using Scripts
In This Chapter
▶ Understanding scripts
▶ Deciding which scripts you need
▶ Finding useful scripts
▶ Safely installing scripts
Your web host’s only concern is providing you with the space and facilities to house your website. The design and functions of the site itself are not your host’s responsibility.
In earlier chapters, I compare your host to a landlord. The landlord provides the building, but adding furniture and decor is your job. Most hosts help by providing you with easy access to some free scripts that help you build your site. Scripts are prewritten pieces of website code that you can use to add functionality to your site. They range from small add-ons such as a contact form or guest book to full-blown site creation tools that enable you to create a whole site in minutes.
Most web hosting control panels include a set of installable scripts designed to help you build awesome, highly functional websites with little or no programing knowledge. You can also find countless other scripts available to download online.
Although your host may provide some easy-to-install scripts, it will not generally give you free support in using the scripts.
In this chapter, I tell you what kinds of scripts you can find, where to find them, how to install them, and how they can help you.
Making Life Easier with Scripts
Why reinvent the wheel? In the case of websites, why try to create something from scratch when you can skip the hard part and get straight on with customizing your site to look, work, and feel the way you want? Literally hundreds of scripts exist, and you can install them to do everything from control your entire site to add small pieces of functionality.
All scripts provide you with a customizable framework that you can adapt to give your website functions you otherwise wouldn’t have — unless you learned to code the functions yourself.
In this ever-changing world of computer and mobile technologies, terms are being coined and used interchangeably fairly indiscriminately. You may hear scripts referred to as apps, applications, programs, or solutions. In general, they all mean the same thing; it just depends on what terms the speaker is familiar with. You may also hear the word platform, which normally refers to a whole-site script, such as WordPress or Joomla. Scripts help you incorporate specific functions into your website. For example, you can find scripts that fall into the following categories:
✓ Blogs: Scripts such as WordPress, which give you complete blogging solutions, really come under the platform title but are lumped together with other scripts because they are free and easy to install.
✓ Portals/Content Management Systems: Joomla, Drupal, and Mambo are probably the most well-known content management system (CMS) scripts, and they provide you with an easy way to create a site and keep it regularly updated.
✓ Forums: Scripts such as phpBB and Vanilla provide a complete solution to anyone who wants to have a bulletin board or forum system on his or her site.
✓ Image Galleries: Image gallery scripts enable you to easily add rotating image galleries and slide shows to your site.
✓ Calendars: Calendar scripts enable you to do everything from displaying and managing a calendar of upcoming events to creating an online reservations system.
✓ Polls: Polls and surveys are popular tools for reader engagement, and many scripts are available that enable you to add a poll to your site wherever you want it.
✓ E-commerce: E-commerce scripts add sales, client management, and invoicing capabilities to your site. The e-commerce title covers scripts from generic systems like osCommerce to custom-made scripts for specific industries.
This list of script categories isn’t comprehensive: You name the functionality you want, and there’s a script to help you get it. And if you don’t find what you need in your web host’s control panel, you can search online for hundreds more that you can download.
Most scripts are free, but some may be free only for a trial period, after which you have to pay a subscription fee to use them fully. Check first whether you will have to pay to use a script before committing the time and effort to testing it.
Choosing the Right Script
With such a variety of scripts available, making the right choice can seem overwhelming. When you use the following steps, you can quickly find the right script for your needs:
1. Break down exactly what you want to achieve with your website.
Be specific. Separate the functionality you need into parts, if necessary. You may want a site where you can share information about your organization or group, but also want a forum where your visitors can chat about certain things. You probably need two different scripts to do both.
2. Do some research online.
Open your search engine of choice (Google, for example) and search for
phrases such as “best site creation script” or “top website poll script.” Phrases like these can help you find the type of script you need to achieve your goals.
You can also search your web host’s control panel for likely scripts. All
control panels are laid out slightly differently, and so it can sometimes take a little bit of hunting to find the installable scripts. Even with standard control panels like cPanel, the hosting company can customize the headings and the look and feel of the menus.
What you’re looking for is an area that has a list of different categories or names similar to the list in the section “Making Life Easier with Scripts,” earlier in this chapter. See Figure 7-1 for an example list in a standard cPanel installation.
3. When you find scripts that seem like they might do what you want, search again for people’s opinions on those scripts.
A good way to look for opinions on the scripts is by searching again for the name of the script plus the word “review” or “issues.” You’ll quickly find which scripts work well and which ones just frustrate people. Pick two or three scripts so that you can evaluate the differences between them.
4. Install and test the scripts. (See the later section, “Installing Your Chosen Script,” for information on how to install scripts.)
Take a little time to try to master each script; don’t get discouraged just
because you don’t understand how it works at first click. You’ll quickly see which script has the best functionality for your needs and which is easiest to work with.
After you choose your script(s), take a step back and ask yourself whether incorporating the script’s functionality will really help you achieve your goals for your site. It’s easy to get awestruck by the functions scripts can give you and start building something that isn’t exactly what you need to achieve based on cool features you’ve discovered.
Installing Your Chosen Script
You can install scripts either through your control panel or by downloading them from the web and installing them manually.
Each method has both advantages and disadvantages, but where possible, I recommend installing scripts through your control panel.
Installing from your control panel
Installing scripts safely is easy, when you know how. Just follow these simple steps and you’ll breeze through it in seconds. Most control panels use either the Softaculous or Fantastico script installer systems, but they are not necessarily labeled that way.
If you install a script into the root of your hosting space, it could overwrite any files you already have in there. So be careful where you install your scripts.
1. Look through the script installation area of your control panel to find the script you want to install.
2. Click the script icon or name to view a page that gives you a little more information about the script and what it can do for you.
3. Click on the Install tab.
If your control panel is using the Softaculous installer, you see an Install tab at the top of the screen. Clicking on the tab takes you to the Install screen. Other installers also have an Install tab or button prominently displayed.
4. Install your script in a test folder.
As part of the install process, you should be asked which folder you
want to install your script into. Softaculous labels it In Directory. Type a new folder name into this box. At this stage, I suggest using a naming system for the folders that will enable you to test multiple scripts independently without disturbing anything else on your site. You might want to call it xxx-test (where xxx is the name of the script).
You can then easily find where your test installations for each script are.
5. Complete any other information the installer asks you for.
This might include a username and password (don’t forget to note what they are) and your site name.
6. Click the Install button at the bottom of the page.
After you’ve picked the script or scripts you need for your site, run the install again and install a fresh copy in the folder you are actually going to use it in and start customizing it to fit your needs.
Watch the tutorial on the For Dummies website at www.dummies.com/go/ webhostingfd to see how it’s done.
Installing from a downloadable script
Installing scripts that you find online is a little trickier than using the installers in the control panel, but don’t get discouraged. It’s easy enough when you know how.
You need the following things to install a downloaded script:
✓ The script downloaded from its online location.
✓ A File Transfer Protocol (FTP) client and your FTP details.
✓ For some cases, a manually created database.
When you find the script you want to test or use, the website you find it on should have installation instructions. Here are some things you need to check:
✓ Server requirements: Most script authors tell you the minimum server specifications required to run their scripts. Compare those to what you know about your server before attempting an install. If you aren’t sure what your server’s specifications are, contact your web host to find out.
✓ Find the installation instructions: If there are no installation instructions on the website, double-click the file after you have downloaded it to your computer to open the file in your file manager. You should see a text file labeled something like InstallInstructions or Readme.txt.
If you can find no installation instructions at all, it’s probably best to steer clear of using the script. The authors of well-written scripts generally take the time to document their work. Scripts where the author hasn’t taken the time to write instructions are often more sloppily written — and potentially harmful.
✓ Is the script safe? If you install a script on your site that causes the server problems, your host may delete the script without warning you, or the host may even suspend or cancel your account. Try to first find some reviews of scripts you are going to test to make sure other users haven’t had problems with them.
✓ Download it in the right format: Most scripts can be downloaded in
multiple formats. If you are unfamiliar with the terms .tar and .gz, then the best format to download is a .zip file. You can open these files directly on both PCs and Macs.
Although the installation instructions differ between scripts, the following directions are basically what they are going to tell you to do:
1. Download the script .zip file from the website.
The zip file is like a suitcase. Everything you need is packed into it. Downloading a script is normally as simple as clicking a Download button on the website where you found it.
2. Extract the files from within the .zip file.
In Windows, double-click the file to open it and then click Extract All from the menu at the top of the screen.
3. Upload the files to your hosting space.
You need to create a folder and use FTP to do this. See Chapter 4 for information on how to use FTP.
4. Navigate to a certain file to activate or install the script.
The instructions may tell you to Open install.php, which means you need to open your web browser and go to http://yoursite.com/ your_script_folder/install.php.
There may also be other instructions about tasks you need to do, like create a database and edit a file to put the details of your database in. For these, you need to either use the database wizard in your control panel or manually create a database. See Chapter 5 for details on how to create databases.
Typically, .tar and .gz files are smaller than .zip files, which means faster downloads. You can also open them on Linux machines. If you don’t have the choice of downloading a .zip file and you don’t have a way to open the file, you can download free .zip extractors, such as 7-Zip (www.7-zip.org), which will open it for you.
thank you for making this blog The Professional Website Secret Hosting this is so useful. if you want to know about server hosting or are interested in best Italy VPS Hosting you can ask us for more details and services.
BalasHapusKomentar ini telah dihapus oleh pengarang.
BalasHapusExcellent information about Professional Website Secret Hosting. If you are searching for hosting services visit- Greece VPS Server for more details and services.
BalasHapusYour blog content is so amazing and different from others you always share outstanding information for us like the Professional Website Secret Hosting. If you are interested to know server hosting you can choose the best Malaysia Dedicated Server it offers an amazing hosting solution to users.
BalasHapusVery nice blog!! Thanks for sharing. The longer this blog is, the more useful information it is doing. I really appreciated your blog and was very impressed to see this. Check out Brazil Dedicated Server Hosting with the best IT Company, Onlive Server!
BalasHapus