HOSTILICA

Menu

Client Area

April 2021

Google FLoC
News

Google FLoC in a Nutshell

/

Google FLoC beta: Google announced that they launched the beta of Google FloC and that around 5% of Chrome’s users will be included in this experiment. For those of you who don’t know FloC is short for Federated learning of cohorts and is Google’s alternative for third-party cookies. Instead of letting third-party cookies track you individually, FloC let’s your browser do all the work on your Chrome browsers will use algorithms to create a huge number of groups or “cohorts,” groups of people that share certain qualities and interests. Each person’s individual browsing history will be kept private and won’t be shared with anybody, but the browser itself will look at the history and then assign the user to one of the cohorts. FLoC backlash FLoC has received a lot of backlash from the community because, in essence, google FLoC is a summary of your browsing history which raises a lot of privacy and security concerns. The backlash is so severe that multiple browsers such as Edge and Safari refused to support it. The Electronic Frontier Foundation (EEF) has openly called the FLoC a terrible idea in their article, calling it just as bad or even worse than third-party cookies. The EEF has a few reasons to call FLoC a bad idea. The first one is that FLoC is supposed to be made to prevent fingerprinting (the practice of gathering many discrete pieces of information from a user’s browser to create a unique identifier for that user) and Google promised that cohorts will at least contain thousands of users meaning each user’s behavior will be hidden with thousands of other users however this might give fingerprints a head start since instead of searching for millions they will only have to search within thousands and that’s not even considering the fact that some fingerprinter can already track and in this case they will have a lot more info than they already have. Another big company that attacked FloC is WordPress. WordPress like the EEF thinks that FLoC is a bad idea; however, they are taking much more drastic measures against it. WordPress is proposing to block FLoC entirely and treating it like a security issue. Another thing that has the community attacking FLoC is that nobody really asked for it. While FLoC may be a better alternative for third-party cookies, third-party cookies are already in the process of dying out and nobody asked for a better alternative. The problem with third-party cookies isn’t who is moderating it, the problem is with the targeted ads and privacy.   Conclusion While we don’t think that FLoC is inherently a bad or evil idea, there are some problems with it that Google needs to address before committing to this standard and expecting people to accept it.

what is DNS?
Web Hosting

DNS explained!

/

The Domain Name System or DNS as it is more commonly known is undoubtedly one of the most important and underrated parts of the internet. Without DNS, the internet as we know it today will simply cease to exist. Most of us know that the internet is made of large groups of servers connected to each other via wires and that each server is identified by a unique number called IP addresses, but we cannot possibly remember the IPs for every website; it’s just way too hard remember all of them, so we use Domain names such as hostilica.com. When you enter a URL into your browser, it will first check if it has the IP address in the cache. If it doesn’t, it will send a request or query for the more tech-savvy of you to the DNS server (think of a phone book for the internet), which matches the URL to the IP address which operates the website. But how does it work? A DNS request is first sent to a recursive name server typically operated by your ISP. IF the recursive name server has the IP address you’re trying to visit already stored, it will forward the request to one of the root DNS servers, which are responsible for managing all the TLDs such as .com or .net. The root server then forwards your request to the appropriate TLD server, who will then contact an authoritative name server that contains a list of IP addresses and their matching URLs and is updated every time someone buys or registers a domain. Once the requested IP address is found, it is sent back to the recursive name server, which sends it back to you and both your computer and the recursive server will save that IP address for a while so that they don’t have to go through the same process each time you want to access that website.   Problems with DNS DNS usually works very well; however, since computers and recursive servers will try to use their own cache, this can cause a problem, especially when websites change IP addresses.   DNS propagation: When any information about the website servers change, this change needs to propagate through all the servers around the world which are involved in the DNS process, which can take up to 72 hours (typically a few hours in most cases) which might lead your website to be unavailable for users in different locations. You can check this article in order to learn more about DNS propagation.   Local computer cache: As we mentioned above, the computer will cache a website IP and try to access a website through the saved IP address. This will cause a problem if the IP address for the server changes. However, it’s easily corrected by removing all IP addresses stored in the system, just fire up cmd in windows as an administrator and typing ipconfig/flushdns   DNS poisoning: Every system has its vulnerability that hackers will try to use and DNS is no exception. Hackers use a technique called DNS poisoning where an attacker will change the DNS cache on your computer to point to malicious sites that look legit sites to try to steal sensitive information like passwords and credit card information.   Conclusion The domain name system is the backbone that makes up the internet as we know it and without it we wouldn’t have the same easy experience we have to today when we access an online website or service.

What is website defacement
Security, Web Hosting

What Is Website Defacement and How to Avoid It

/

Have you ever wondered what website defacement is and how to prevent it? If not, then it is high time that you do some research for yourself. Defacing a web page is to change its appearance (when viewed by the user) by removing, adding, or altering files in the webserver, which is generally done by defacers. Defacers are hackers who hijack your website and replace the hosted website with their own. A defacing attack is considered as an electronic form of graffiti and vandalism. Defacing attacks are generally executed via one of five ways: 1-Unauthorized access: This one is relatively simple. A hacker has somehow gotten the credentials to access your web hosting and changed the website files directly. This can be done by various methods, such as phishing, brute force or a vulnerability in your CMS. 2-SQL injection: Also known as SQLI is a common attack in which the attacker tries to guess how your database works and how it is structured and sends malicious queries to display data that is not intended to be displayed; this includes but not limited to sensitive company data and user lists. After gaining some information, the hacker can then gain administrative rights to your database and manipulate the site as he sees fit. 3-Cross site scripting (XSS): The difference between cross site scripting (XSS) and other similar types of attacks (e.g. SQL injection) is that it targets the users of a web application not the web application itself. The way it works is that hackers scan for vulnerabilities in your web application and injects malicious code into the web application. The malicious code can be a trojan horse that modifies your content. 4- DNS hijacking: DNS hijacking is also known as DNS redirection. It’s a type of attack in which DNS queries are incorrectly resolved in order to direct users to malicious sites. DNS hijacking is executed by installing malware on users’ computers, hacking their routers or hijacking DNS servers. How to protect your website from these attacks You can protect your website from website defacement attacks by following security best practices below: Following the principle of least privilege The principle of least privilege (PoLP) is a concept in information security. All users are given the minimum level of access or permission to do their jobs. By limiting access and permissions to your website, you decrease the risk of a compromised account doing damage. Never use the default admin or email When setting up a server or cms, always change the default user, password, and directory because hackers know them all too well and try to use them to gain access to your website. Limit the use of addons and plugins The more plugins or addons you add to platforms such as Joomla and WordPress, the more likely you are to have vulnerabilities in your website because some of these plugins don’t follow best code practices and are not well updated. Needless to say, you should constantly update your cms and plugins. Use SSL/TLS Always use SSL on your websites because this encrypts all communications between the user and your website, preventing Man In the Middle attacks (MITM), which can be used to deface your website for a specific user. Scan for vulnerabilities Regularly check your website for vulnerabilities and take the time to remove them completely. This can be time-consuming and may even break some of your website’s functions, but this is the best way to make sure your website is secure and reduces the chance of your website getting hacked. All plans of Hostilica comes with sitelock lite to help you scan for malwares Conclusion Making sure your website is secure is not an easy feat. Still, you should always take your security seriously and never ignore the risk of getting hacked, and it will have serious consequences that you may not be able to recover from. Always make sure that you follow security best practices when creating and maintaining a website.

Web Design

What is a Website Builder?

/

So you’ve been researching web development because you want to make a website for your business or even a personal (blog) website, but you’re not tech-savvy enough to build a website yourself and don’t have the budget to hire a web developer. What do you do? Well, the answer is very simple, use a website builder. But what is a website builder? I hear you asking yourself. To put it simply, a website builder is a piece of software that allows you to quickly build a website without needing to have any coding or technical skills. So how do they work? Website builders have predefined templates installed in them, so the base code is already set. They then allow you to change the template by letting you upload your own pictures, branding images and change the text; website builders also have drag and drop mechanics that enable you to make a place for text boxes, buttons, menus, images, etc. That’s what makes them very easy to use and allows you to build a website within a few minutes. There are two types of website builder: Offline website builders: In the case of offline website builders, you download and install the software on your computer, fire up the software, and when you are done, save the files and upload it to your server. In that case, you don’t need to be online in order to work on your website. However, you will have to have little technical experience to buy your hosting account and upload the files to the server. Online website builders: You don’t need to install any kind of software on your computer since Online website builders are web-based; you just need a browser (google, firefox) and an internet connection. The advantage of online website builders comes in twofold. Firstly, you can work on your website from anywhere and you don’t need a specific computer to access your work. Secondly, you don’t need any kind of technical expertise to upload the files since they are tied directly to your server if you buy them from your hosting provider. So what should I look for in a website builder? Of course, not all website builders are built equal, so here are a few things to consider while searching for a website builder: Multimedia support: Having multimedia support is something you should always make sure your website builder supports, especially if you are building a blog because people expect quality content, including pictures, videos, and audio, not just a bunch of text. Mobile responsiveness: According to google analytics, over 50% of all online traffic was generated by users in 2016, So your website should be able to adapt well on small mobile screen sizes and not all website builders do this well. That’s why you should make sure your website builder has built-in mobile responsiveness. Ease of use: You are using a website builder because you don’t have time or technical experience, so there’s no reason for the experience to be frustrating. Always try a website builder before you buy and make sure you are comfortable using it. Performance: You should always test your website loading speed yourself because people don’t have the patience to wait for a website to load. You can also check Google’s performance tool here. SEO: SEO is short for search engine optimization. A website won’t get traffic all by itself; after your website gets crawled by search engines such as Google and Bing, it gets ranked according to criteria set by the search engine, and the higher you rank, the higher you will be in search engine result pages (SERPs). That’s where SEO comes in. You have to make sure it has built-in SEO functions to enable you to make SEO-friendly URLs,alt-text, All metadata, XML sitemaps and robot.txt. Too busy to do the research No worries, Hostilica is got you covered and you don’t need to waste your time because Hostilica provides you with a web builder that ticks all the boxes. Weebly is one of the most powerful web builders out there. It also comes for free with all of our web hosting plans.

Scroll to Top