MikeJ

Well, I don't want to scare anyone, because in the majority of cases, you aren't going to have a problem, but I do want to clarify a couple things. Pulling traffic off a network and making sense of it is extremely easy. It's not as mumbo jumbo as you may think, and there are many tools that will make sense of it for you. Getting onto the network in the first place is the harder part. That would require them to either already be on your network, or gain access to a machine on it. I have seen many cases were this has happened, though. One of the worse is when a company hired me a couple years ago to do some work one weekend. I went on their firewall to change a ruleset, and found that the firewall had been compromised, a sniffer was installed to look for specific data (accounts, passwords, etc...), and the captures were being emailed offsite on a periodic basis so the culprit could parse the data at their leisure. Everything else they left alone so as not to raise any flags. The thing is, in many cases they don't want your account for what's in it... they want your account for what they can do with it (DOS attacks, spamming, anonymous hacking, etc....). So in that sense, your account login *is* valuable to them.

There are proposals out there similar to this, but not so much for tracing, but for allowing. That is, policies focused on some way of authenticating that an email server is valid for certain domains. Basically, they would help figure out what to allow, not help trace what shouldn't be allowed. Somewhat along those lines, one such solution that already exists is Sender Policy Framework (SPF) ( http://spf.pobox.com/ ). Basically, the way it works is you define what servers are valid for your domain. So if you have an SPF record defined, and someone attempts to spoof your address from a non-valid server (such as what viruses do), a mail server that checks SPF will deny the email. It's beginning to gain popularity as more major providers incorporate it into their mail systems. AOL, for example, will require companies on their whitelist to have SPF configured by the end of the summer or they will be booted off their whitelist (which means it'd be harder to send email to AOL customers). Users may not have static IP addresses, but the mailservers they send email through should be on static IP's. Many major providers will already block any email from dynamic ip blocks.

Sssssh! Don't interupt her when she's on a streak.

:blackhole: uses your bandwidth because it receives the email before deleting it (can't really avoid that). :fail: uses up your bandwidth twice because it receives the email, hits a fail condition, and then sends the email back out (bounces it) to the sendor (or the sender as far as it can figure out which in the case of spam is usually fake). The majority of spam messages are pretty small though, so as far as your overall bandwidth usage, it should still be relatively negligable. I get in excess of 2,000 spams a week and I barely even notice the bandwidth usage from it.

He said weren't.

Please use the following URL's: http://www.schmingle.com:2082/ - cPanel http://www.schmingle.com:2095/ - webmail This is a known problem we have currently with the latest cPanel update that will hopefully be corrected soon.

Yes.

I installed it yesterday on my Mac. The smart update looks nice, and it renders as well as Mozilla, but beyond that I haven't noticed much significant difference yet (although I still use Mozilla as my default browser... mozilla seems to work better on the mac overall than firefox so far, and is more configurable).

It's not anything I could imagine you having an issue with. I just meant in general, if it's not illegal and doesn't break TCH rules (which a dating site shouldn't), you should be fine. An example of illegal for a dating site would be allowing underage people to participate.

If you could let us know the reason behind the questions, we might be able to provide a more appropriate answer. If you are concerned about location, all TCH datacenters should respond well to California. We could provide you with IP addresses in each datacenter to compare. If you are worried about spam blocks, all of TCH's addresses are pretty clean, and we are vigilant about keeping them that way.

No. To stealth forward to an external link requires the apache proxy function enabled, which we do not enable. Your best bet would probably be to look at ways of doing the same either through functions like frames, or using a domain or web forwarding service.

Use the SSL link (available from the main website): https://ssl.totalchoicehosting.com/supportdesk/ I know the forums link to the nonsecure version of the page, which we should probably change.

That should be no problem with hosting a dating site on TCH servers as long as it's legal.

"IP01services.Net does not send or support unsolicited email, this email is sent to you because you have been exclusively selected and invited to receive IP01's services." Classic.

When it comes to Fridays, thinking is one faculty that I have very little left of.

Lydia

Just do a search on their website for the hosting provider (such as "totalchoice" for TCH). Click on one of the results and you should find a way to the rating and user comments. And welcome aboard Dennis! Thumbs Up

I'll start with the simple questions first since you mentioned it still says version 2.2. Are you certain you extracted the tch_gbookphp.tar.gz inside your guestbook directory, and it did so without any errors?

I see two cows. What does that mean?

Yea, Thomas. Just the way you wrote your post could make it sound like changing your password frequently on a vulnerable advanced guestbook would get around the problem (which it won't). I didn't want to give anyone a false sense of security. But in general, yes, changing your password every so often is indeed a good idea. Thumbs Up

Just FYI, if you're running version 2.2 of the advanced guestbook, changing your admin password won't do a thing. The reason it's so easily hacked is because they don't need your password. The only way to correct that is to upgrade or remove version 2.2.

Go into your default emails option in the control panel and set the default email address (catch all) to :fail: to have emails to invalid addresses bounce. If you get a ton of email (spam) to invalid addresses, consider :blackhole: as a possible alternative. While it won't bounce back a response, it's much easier on the servers (it just deletes mail delivered to invalid addresses).

There are no current plans to add any new webmail packages in the forseeable future. Sorry.

While I like Invision a little better than phpBB, phpBB is GPL'd (open source, always will be free), and Invision is no longer free for any version 1.3.1 and beyond. The version of Invision available in cPanel is version 1.2, so that is indeed free (just without any support from the authors). If you aren't concerned about running the latest versions, you are ok. But they have changed their license as of 1.3.1 (and they are in the process of releasing a version 2.0 of their software) to include the following: So take that into account when making a decision.