CAUTION, it’s a trap: What is Social Engineering?

What is social engineering, and how did that come into existence?

Social engineering or “human attack” is a set of psychological and sociological techniques, approaches and methods that make it possible to obtain confidential information.

“Hi! I ended up in a difficult situation. Can you borrow 50 euros?” Have you received such messages on social networks from your “friends”? This means that you have already encountered social engineering. Cybercriminals are increasingly using such techniques to steal valuable data (including your finances) because the human factor is still a weak link in any security system.

Cybercriminals who use these techniques in practice are called social engineers. When trying to access a system or valuable data, they exploit the most vulnerable link: the person. The simplest example is a phone call. An attacker pretends to be someone else, trying to obtain confidential information from the caller, playing on the person’s feelings, tricking or blackmailing him. Unfortunately, many people continue to be hooked on such fishing lines and trustingly tell social hackers whatever they need. And the scammers have a lot of techniques and tricks in their toolbox. We will talk about them a little later.

Nowadays, social engineering has become strongly associated with cybercrime, but this concept appeared a long time ago and originally did not have a pronounced adverse meaning.

People have been using social engineering since ancient times. In ancient Rome and ancient Greece, for example, there was great respect for specially trained orators who were able to convince their interlocutors that they were “wrong.” These people participated in diplomatic negotiations and worked for the good of their state.

By the early 1970s, telephone hooligans began to appear many years later, disturbing the peace of citizens just for fun. But someone figured out that this was an easy enough way to get important information. And by the end of the 1970s, former telephone hooligans had become professional social engineers, capable of masterfully manipulating people, identifying their complexes and fears by mere intonation.

When computers came along, most engineers changed their profile, becoming social hackers, and the terms “social engineering” and “social hackers” became interchangeable.


Good examples of Social Engineering

Sometimes all you have to do is ask. One example is the $40 million theft from The Ubiquiti Networks in 2015. No one hacked into the operating systems or stole data – it was the employees themselves who broke security rules. Fraudsters sent an email in the name of the company’s top executive and asked backers to transfer a large sum of money to a specified bank account.

You may have seen “Catch Me If You Can,” based on the true story of legendary con man Frank William Abagnale, Jr. In five years of criminal activity, his counterfeit checks totaling $2.5 million ended up circulating in 26 countries around the world. While fleeing prosecution, Abagnale showed amazing skills in impersonating a pilot, a sociology professor, a doctor, and a lawyer.

And did you hear how Victor Lustig not only filled the U.S. with counterfeit bills and left Al Capone “fooled” but also sold the Eiffel Tower, the treasure of Paris? (Twice, by the way). All this was made possible by social engineering.

These real-life examples of social engineering show that it easily adapts to any conditions and any environment. By playing on a person’s personal qualities or lack of professional qualities (lack of knowledge, ignoring instructions, and so on), cybercriminals literally “hack” a person.


The most popular methods of Social Engineering

An attack on a person can be performed in many scenarios, but hackers use a few of the most common techniques.

Phishing

The method of collecting user credentials for authorization is usually mass email spamming. In a classic scenario, the victim receives a fake email from some well-known organization asking him to click a link and log in. To gain credibility, the scammers make up some serious reasons for clicking on the link: for example, they ask the victim to renew the password or enter some information (name, phone number, bank card number, and even a CVV code).

And it seems like the person does everything as it says in the letter, but… he’s caught! The criminals have thought of his every move, which is why they can get people to do what they want.

Trojan

The virus is named after the Trojan horse from the Greek myth for a reason. Only the bait here is an email message that promises quick profits, winnings, or other “mountains of gold” – but the result is a virus through which attackers steal the data. Why is this type of data theft called social engineering? Because the virus creators know how to disguise the malware, you will surely click on the right link, download and run the file.

Quid pro quo.

Using this technique, the attacker pretends to be a technical support employee and offers to fix problems in the system, although in reality, there are no problems with the software. The victim believes that the problems exist and, following the hacker’s instructions, personally grants him access to important information.

Pretexting

Another technique used by cybercriminals is called pretexting (a scripted action). To obtain information, the criminal pretends to be an associate of yours who supposedly needs your information to perform an important task.

Social engineers pretend to be bank employees, credit services, technical support, or your friend, relative – someone you trust by default. To appear more trustworthy, they give the potential victim some information about her: name, bank account number, the real problem she had previously contacted the service with.


Reverse Social Engineering

The technique aims to get the victim to come to the social engineer himself and give him the necessary information. This can be accomplished in several ways:

Advertising

Attackers may advertise their services as computer wizards or other specialists. The victim contacts the hacker himself, and the criminal not only works technically but also extracts information through communication with his client.

Implementing special software

At first, the program or system is working properly, but then a failure occurs, which requires the intervention of a specialist. The situation is set up so that the specialist who will be approached for help is a social hacker. By fixing the software, the hacker performs the necessary manipulations for the hack. And when the hack is detected, the social engineer remains above suspicion, telling that he helped you.


How to protect yourself?

If you do not want to become another victim of social engineers, we recommend the following rules of protection:

  • Don’t use the same password to access external and corporate (work) resources.
  • Install antivirus – all major antivirus programs have built-in malware checks.
  • Do not work with important information in front of other people. Scammers can use the so-called shoulder surfing – a type of social engineering when the theft of information takes place over the victim’s shoulder – by peeking.
  • Remain skeptical and alert. Always pay attention to the sender of emails and the site’s address where you are going to enter some personal data. If it is a mail on the domain of a large organization, make sure the domain is the same, and there are no typos. If in doubt, contact the technical support or a representative of the organization through official channels.
  • Don’t go to suspicious sites or download suspicious files because one of the best social engineering helpers is curiosity.
  • Familiarize yourself with your company’s privacy policy. All employees should be instructed on how to deal with visitors and what to do if an illegal intrusion is detected.

We hope that our post will help you protect yourself from scammers. We are always ready to share our useful experiences!

Securing Files & Directories using ACLs in Linux

Our top priority is to secure and protect data from unauthorized access. We are all aware of the permissions we set using some handy Linux commands like chmod, chown & chgrp. However, these default permissions sets have some limitations and at times do not work to meet our requirements. For example, we cannot set different permissions sets for different users on the same directory or file. This is where Access Control Lists (ACLs) come into place.
 
Linux Access Control Lists
Let’s say, you have two users, ‘user1‘, and ‘user2‘. Each having a common group say ‘qhgroup’. User ‘user1‘ want that only ‘user2‘ user can read and access files owned by ‘user1‘ and no one else should have any access to that.
 
ACLs (Access Control Lists) enable us to do the above trick. These ACLs allow us to grant permissions to a user, group, and any set of users that are not in a user’s group list.


How to Check ACL Support in Linux Systems

Before proceeding, you must have support for ACLs on the current Kernel and mounted file systems.
Run the following command to check ACL Support for file system and POSIX_ACL=Y option (if there is N instead of Y, then it means Kernel doesn’t support ACL and needs to be recompiled).
 
[root@quantumhost ~]# grep -i acl /boot/config*

CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_REISERFS_FS_POSIX_ACL=y
CONFIG_JFS_POSIX_ACL=y
CONFIG_XFS_POSIX_ACL=y
CONFIG_BTRFS_FS_POSIX_ACL=y
CONFIG_F2FS_FS_POSIX_ACL=y
CONFIG_FS_POSIX_ACL=y
CONFIG_TMPFS_POSIX_ACL=y
CONFIG_JFFS2_FS_POSIX_ACL=y
CONFIG_NFS_V3_ACL=y
CONFIG_NFSD_V2_ACL=y
CONFIG_NFSD_V3_ACL=y
CONFIG_NFS_ACL_SUPPORT=m
CONFIG_CEPH_FS_POSIX_ACL=y
CONFIG_CIFS_ACL=y
CONFIG_9P_FS_POSIX_ACL=y


Install Required Packages

Before starting playing with ACLs make sure that you have the required packages installed. Assuming you are on a Debian based system
 
[root@quantumhost ~]# apt-get install nfs4-acl-tools acl

 

Check Mounted File System for ACLs Support

Now, check the mounted file system that whether it is mounted with the ACL option or not. We can use ‘mount‘ command for checking the same as shown below.

[root@quantumhost ~]# mount | grep -i /dev/sda1

/dev/sda1 on / type ext4 (rw,relatime,errors=remount-ro)

 
But in our case ACL is not shown by default. So, following we have the option to remount the mounted partition using the ACL option. But, before we continue, we have one more option to make sure the partition is mounted with the ACL option or not, because for the recent system it can be integrated with the default mount option as this is in our case.
 
[root@quantumhost ~]# tune2fs -l /dev/sda1 | grep acl
Default mount options: user_xattr acl
In the above output, you can see that the default mount option already has support for ACL.
 


Before Setting Default ACLs
To determine the default ACLs for a specific file or directory, use the ‘getfacl‘ command. In the example below, the getfacl is used to get the default ACLs for a folder ‘Music‘.
 
[root@quantumhost ~]# getfacl Music/

# file: Music/
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:other::rw-

 
Setting Default ACLs
To set the default ACLs for a specific file or directory, use the ‘setfacl‘ command. In the example below, the setfacl command will set a new ACLs (read and execute) on a folder ‘Music’.
 
[root@quantumhost ~]# setfacl -m d:o:rx Music/

 
Show permissions after setting the ACLs

[root@quantumhost ~]# getfacl Music/

# file: Music/
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:other::r-x


How to Set New ACLs on a File

Use the ‘setfacl’ command for setting or modifying on any file or directory. For example, to give read and write permissions to user ‘user1‘ on a file.
  
# setfacl -m u:user1:rw /user1/file
 


How to Set New ACLs on a Folder

Use the ‘setfacl’ command for setting or modifying any file or directory. For example, to give read, write and execute permissions to user ‘user1‘ on a folder recursively.
  
# setfacl -Rm u:user1:rwx /user1/folder
 


How to View ACLs

Use the ‘getfacl‘ command for viewing ACL on any file or directory. For example, to view ACL on ‘/user1/file‘ use below command.
 
# getfacl /user1/file

# file: /user1/file
# owner: user1
# group: user1
user::rwx
user:user1:rwx
group::rwx
mask::rwx
other::---


How to Remove ACLs

For removing ACL from any file/directory, we use x and b options as shown below.
 
Remove only specified ACL from file/directory;
 
# setfacl -x ACL file/directory


Removing all ACL from file/directory

# setfacl -b file/directory


Note
: After implementing ACL, you will see an extra ‘+‘ sign for ‘ls –l’ output as below.
 
[root@quantumhost user1]# ls -la

total 4
drwxrwx---+ 2 user1 user1 4096 Apr 17 17:01 file
 

Transfer files with Rsync

What is Rsync?

Rsync stands for “remote synchronization”. It is a remote and local file synchronization tool that helps you efficiently transfer files.

Rsync is faster than tools like Secure Copy Protocol (SCP) as it uses the delta-transfer algorithm that minimizes the data transfer by copying only the sections of a file that have been changed.

Some of the extra features included with Rsync:

  • Pipelines file transfers to minimize latency costs
  • Supports copying links, devices, owners, groups, and permissions

With that said, you are able to transfer files from local  to  remote, or remote  to  local. Rsync does not support remote  to  remote file transfers.


Rsync in action

Now we know what Rsync is, let’s see how it works.

Rsync works similarly to other remote server management tools like SSH and SCP.

Basic syntax of Rsync.
rsync [options] source destination

Transfer a file from your local system to a remote server. It is also called a “push” operation.
rsync local_filepath user@remote-host:remote_filepath

Transfer a file from a remote server to your local system, also called a “pull” operation.
rsync user@destination-server:destination_filepath source_filepath

Keep in mind that Rsync uses SSH for remote file-transfers by nature. Make sure you have SSH (Secure Shell) enabled on the destination system.


Rsync lets you add additional options. Let’s look at a few useful options.

Transfer recursively

A recursive file transfer can be executed if you add the -r option. This is useful when working with folders. Here is an example:

rsync -r user@remote-host:remote_folder/ local_folder

Archive option

The archive option (-a) preserves special and device files, modification times, permissions from the source folder, and is also used to preserve symbolic links while transferring files.

The archive option also syncs files recursively, so it is used more than the recursive option. Here is how you use it:

rsync -a user@remote-host:remote_folder/ local_folder

Use Compression

You can also compress files using the -z option. Compressing files will reduce the network load and speed up the file transfer.

rsync -az user@remote-host:remote_folder/ local_folder

Show the progress

For large file transfers, it is useful to see or follow the progress of the operation. You can use the -P option to know the progress of the file transfer. As Rsync is a very robust file transfer tool by nature, you can also resume file transfers if they are interrupted.

rsync -aP user@remote-host:remote_folder/ local_folder

Verbose option

The verbose option (-v) can help you understand every step of the file transfer.

rsync -av user@remote-host:remote_folder/ local_folder

To get a list of all the options, use the help command
rsync --help

How to set Rsync speed limit for bandwidth control with –bwlimit option

Syntax:

rsync --bwlimit=KBPS source destination
rsync --bwlimit=KBPS [options] source destination

Examples:

You set I/O limit in 5000 KBytes per second:

Local transfer

rsync --bwlimit=5000 source_filepath destination_filepath

Local to remote transfer

rsync --bwlimit=5000 source_filepath user@destination-server:destination_filepath

Another option is to use trickle, It is a userspace bandwidth manager.

Syntax:

trickle -u uploadLimit program
trickle -d downloadLimit rsync
trickle -u {UPLOAD_LIMIT} -d {DOWNLOAD_LIMIT} program-binary

For example:

trickle -s -d 5000 -u 5000 rsync source_filepath destination_filepath
trickle -s -d 5000 -u 5000 rsync -avr source_filepath user@destination-server:destination_filepath

Conclusion

Rsync simplifies the whole file transfer process by offering a robust, versatile, and flexible tool compared to alternatives like SCP.

Rsync is great for maintenance operations, backups, and general file operations between local and remote machines.

Mitigate attacks with iptables, fail2ban and ipset

In this short article, we will describe useful steps to prevent attacks and other malicious attempts.

Assuming we do the configuration on a Debian-based system.


First of all, we need to install the necessary tools
apt-get install ipset iptables-persistent fail2ban

Let’s start adding some rules to iptables.

Drop invalid packets to the mangle table
iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP

Drop TCP packets that are new and are not SYN
iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP

Drop SYN packets with suspicious MSS value
iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP

Block packets with bogus TCP flags
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,FIN FIN -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP

SSH brute-force protection
iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --set
iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 10 -j DROP

Protect against port scanning
iptables -N port-scanning 
iptables -A port-scanning -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s --limit-burst 2 -j RETURN 
iptables -A port-scanning -j DROP

Save the rules to the iptables start-up config
/sbin/iptables-save > /etc/iptables/rules

Let’s take a look at fail2ban

Enable fail2ban on startup and start the service
systemctl enable fail2ban
systemctl start fail2ban

Now we need to setup ipset and his blacklist

Create blacklist with ipset utility (once)
ipset create blacklist hash:ip hashsize 4096

At this stage we have ipset blacklist create.

It’s time to set more iptables rules to match with blacklist and drop traffic
iptables -I INPUT -m set --match-set blacklist src -j DROP
iptables -I FORWARD -m set --match-set blacklist src -j DROP

Don’t forget to save the rules to the start-up config

/sbin/iptables-save > /etc/iptables/rules

Now you can manually fill the blacklist

Take a look in /var/log/fail2ban.log to see who attempted to get access to your server.

tail -40 /var/log/fail2ban.log

Add a specific IP address to your newly created blacklist
ipset add blacklist <write here the ip you want block>

That’s it. If you want to check which IP addresses are on your list
ipset list blacklist

At this point, we have decent security for common script kiddies. But if we want to have more view on our connections we need to use the ss command:

Usage: ss [ OPTIONS ]
 ss [ OPTIONS ] [ FILTER ]
 -h, --help this message
 -V, --version output version information
 -n, --numeric don't resolve service names
 -r, --resolve resolve host names
 -a, --all display all sockets
 -l, --listening display listening sockets
 -o, --options show timer information
 -e, --extended show detailed socket information
 -m, --memory show socket memory usage
 -p, --processes show process using socket
 -i, --info show internal TCP information
 -s, --summary show socket usage summary
 -b, --bpf show bpf filter socket information
 -E, --events continually display sockets as they are destroyed
 -Z, --context display process SELinux security contexts
 -z, --contexts display process and socket SELinux security contexts
 -N, --net switch to the specified network namespace name

-4, --ipv4 display only IP version 4 sockets
 -6, --ipv6 display only IP version 6 sockets
 -0, --packet display PACKET sockets
 -t, --tcp display only TCP sockets
 -S, --sctp display only SCTP sockets
 -u, --udp display only UDP sockets
 -d, --dccp display only DCCP sockets
 -w, --raw display only RAW sockets
 -x, --unix display only Unix domain sockets
 -f, --family=FAMILY display sockets of type FAMILY
 FAMILY := {inet|inet6|link|unix|netlink|help}

-K, --kill forcibly close sockets, display what was closed
 -H, --no-header Suppress header line

-A, --query=QUERY, --socket=QUERY
 QUERY := {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink}[,QUERY]

-D, --diag=FILE Dump raw information about TCP sockets to FILE
 -F, --filter=FILE read filter information from FILE
 FILTER := [ state STATE-FILTER ] [ EXPRESSION ]
 STATE-FILTER := {all|connected|synchronized|bucket|big|TCP-STATES}
 TCP-STATES := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|closed|close-wait|last-ack|listen|closing}
 connected := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}
 synchronized := {established|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}
 bucket := {syn-recv|time-wait}
 big := {established|syn-sent|fin-wait-{1,2}|closed|close-wait|last-ack|listen|closing}

Check who is connected at the moment to your server with ipv4
ss -t4 state established = check who is connected at the moment to your server with ipv4

What are floating IPs and how do they work?

Each Cloud server on QuantumHost automatically comes with one IPv4 and one IPv6 net (/64). You can also add floating IPs for a small fee.

Floating IPs help you to create highly flexible setups. You can assign a floating IP to any server. The server can then use this IP. You can reassign it to a different server at any time, or you can choose to unassign the floating IP from servers altogether.

You can use floating IPs globally. This means you can assign a floating IP to a server in one location and later reassign it to a server in a different location. For optimal routing and latency, you should use floating IPs in the location where you create them.

For floating IPs to work, you must configure them inside the operating system of the server you use.

To temporarily configure a floating IPv4 “1.2.3.4”, you can run

ip addr add 1.2.3.4/32 dev eth0

Please note that this configuration will not survive a reboot.

To configure the first IPv6 address of floating IPv6 netblock 2a01:4f8:2c17:2c::/64, you should run:

ip addr add 2a01:4f8:2c17:2c::1/128 dev eth0

 

How do I permanently configure a floating IP?

Floating IP Persistent

If you are using more than one floating IP, then the number on the interface (eth0:1) will be increased (example eth0:2).

On Debian based distributions (Ubuntu versions before 20.04, Debian):

  1. Access the server via SSH.
  2. Create the configuration file and open an editor:
    touch /etc/network/interfaces.d/60-my-floating-ip.cfg
    nano /etc/network/interfaces.d/60-my-floating-ip.cfg
  3. Paste the following configuration into the editor and replace your.Float.ing.IP with your floating IP:
    IPv4:

    auto eth0:1
    iface eth0:1 inet static
    address your.Float.ing.IP
    netmask 32

IPv6:

auto eth0:1
iface eth0:1 inet6 static
address one IPv6 address of the subnet, e.g. 2a01:4f9:0:2a1::2
netmask 64

4. Now you should restart your network. Caution: This will reset your network connection:

sudo service networking restart

Ubuntu 20.04:

  1. Access the server via SSH.
  2. Create the configuration file and open an editor:
    touch /etc/netplan/60-floating-ip.yaml
    nano /etc/netplan/60-floating-ip.yaml
  3. Paste the following configuration into the editor and replace your.Float.ing.IP with your floating IP:

IPv4:

network:
version: 2
ethernets:
 eth0:
  addresses:
  - your.float.ing.ip/32

IPv6:

network:
version: 2
ethernets:
 eth0:
  addresses:
  - your.float.ing.ip/64

4. Now you should restart your network. Caution: This will reset your network connection:

sudo netplan apply

On RHEL based distributions (Fedora, CentOS):

  1. Access the server via SSH.
  2. Create the configuration file and open an editor:
    touch /etc/sysconfig/network-scripts/ifcfg-eth0:1
    vi /etc/sysconfig/network-scripts/ifcfg-eth0:1
  3. Paste the following configuration into the editor and replace your.Float.ing.IP with your floating IP:
    IPv4:

    BOOTPROTO=static
    DEVICE=eth0:1
    IPADDR=your.Float.ing.IP
    PREFIX=32
    TYPE=Ethernet
    USERCTL=no
    ONBOOT=yes

    IPv6:

    BOOTPROTO=none
    DEVICE=eth0:1
    ONBOOT=yes
    IPV6ADDR=one IPv6 address of the subnet, e.g. 2a01:4f9:0:2a1::2/64
    IPV6INIT=yes
  4. Now you should restart your network. Caution: This will reset your network connection:
    systemctl restart network

What is SEM, also known as Search Engine Marketing?

As the owner of a website, you want to do as much as possible to get high in the search results of search engines. The higher your website is in this ranking, the more visitors will come to your website! Many visitors only look at the top four or five results in the search engine. One of the methods you can use is SEM, which stands for Search Engine Marketing.

SEM consists of two individual components, namely SEO and SEA. SEO refers to Search Engine Optimization. SEA stands for Search Engine Advertising, advertisements within search engines. In this article, we will take a closer look at how both components work and what SEM can do for your website.

The goal of SEM for websites

The main purpose of SEM for websites and online stores is to increase the number of visitors. In this way it is possible to increase the revenue of a web store or to increase the number of requests for a proposal on a website. With SEM you look at both short term and long term results.

Functioning of SEO as a part of SEM

As previously stated, SEO is one of the two components of SEM. Search Engine Optimization is focused on the long term and will yield little results in the short term. With SEO you try to get your website or web store higher in the search results, on the most important keywords. Part of SEO is, for example, writing quality texts that appeal to a reader and improve your rankings in the search results. Another important part is link building. You try to get other websites to link to your website.

In addition to SEO, SEA is also essential

The other part of SEM is SEA, which stands for Search Engine Advertising. This is primarily focused on the short term and can be quite an expensive one over a longer period of time. The goal of SEA is to attract new visitors and potential customers by advertising within a search engine. You don’t have to wait until your website is higher up in the search results, but are immediately at the top! The more popular a keyword is, the higher the costs for using SEA will be. Google works with an auction system.

Posted in SEO

What is Apache?

If you are delving into the world of web servers, chances are you will eventually come across the product name “Apache. Many have heard this name before but have no idea what exactly Apache is. Especially for these people, we have prepared this article. This article will explain what Apache is and which famous modules Apache has to offer.

Overview of Apache

Apache is also known as Apache HTTP Server. This is a product of the Apache Software Foundation. Apache is an open-source web server, which you can use with Windows, macOS, Linux, and other Unix operating systems. You use this webserver to combine various databases, scripting languages, programming languages, and template languages.

At the point when Apache was simply presented, the opensource webserver was not exceptionally famous. This changed when Apache 2.0 showed up available. What makes this form significantly better and consequently substantially more well known than Apache’s principal adaptation is the way that Apache 2.0 has a superior secluded design. Since the 2.0 arrival of Apache, it is additionally conceivable to utilize the worker as a strung web worker. Particularly on Windows, this gives better execution.

Apache’s market share

At the end of 2014, about 37 percent of all websites used Apache. In Belgium, the web server’s market share is the highest. As many as 65 percent of Belgian domains use this server. Therefore, Apache’s market share can certainly be called large.

Popular modules for Apache

Apache has many modules. Some popular modules for Apache, are the following:

  • mod_php – This is a module to run PHP web applications on the server.
  • mod_wsgi – This is a module to run Python web applications on Apache. Previously, this module was also called mod_python.
  • mod_proxy – This is a module to turn Apache into an HTTP proxy.
  • mod_perl – This is a module to run CGI in Perl, on the Apache webserver.
  • mod_ssl – This is a module to give Apache support for SSL, for an encrypted connection between you and the webserver.
  • mod_rewrite – provides a flexible and powerful way to manipulate URLs using an unlimited number of rules.

In addition to these modules, Apache has many other modules. These modules make the server absolutely complete.

Why do I need sitemap.xml and what is it for?

To make your website work for your business, you need to work in detail on many of its parts. Visibility on the Internet can be ensured in different ways, for example, by engaging on social networks or paying for advertising. But one of the main methods of presenting the site to potential customers – is still indexing the pages in search engines.

You can have a beautifully designed site with many features and a well-designed interface by a professional UX/UI designer’s hands. You can regularly publish expert articles filled with keywords according to all canons of SEO, use plugins for optimization and correctly write meta tags. But there is another factor that must take into account – this file sitemap.xml. Experienced webmasters are well aware of what it is. And if you are creating your site and have not heard of Sitemap, this article is for you.

What is sitemap.xml?

Sitemap.xml is a sitemap that lists all the pages that need to be indexed by search engines. It is a file with a list of links with the extension .xml. By the way, you can create a Sitemap and in the form of a text file. Txt, but we’ll talk about it a little later.

Sitemap.xml is designed exclusively for search engines. Robotic systems can see what pages should be indexed, their priority, and the last update date with its help.

What are the components of the sitemap.xml file, and what does it look like?

A sitemap looks like a list of links with tags. The sitemap.xml file must always include the location of the page. Besides, you can specify the update frequency and priority.

Let’s try to model a sitemap. Suppose you have a simple single page. In the simplest case, if you write the Sitemap yourself in notepad, it will look something like this:

<urlset>

<url>

<loc>https://location-of-your-website.com/home</loc>

</url>

</urlset>

Here <urlset>, <url> and <loc> are required tags.

But you can also add how often the page is updated and when it was last modified. Then the Sitemap will look like this:

<urlset>

<url>

<loc>https://location-of-your-website.com/blog</loc>

<lastmod>2021-11-8T08:30:01+01:00</lastmod>

<changefreq>daily</changefreq>.

</url>

</urlset>

Let’s dwell on the newly introduced attributes:

<lastmod>. showed when changes were last made to the page.

<changefreq> defines the frequency of changes to the page. In our example, it says daily, which means daily changes. We can define any frequency, such as hourly, monthly, yearly, or always. You can also specify that the page never changes. This option is appropriate for old archived pages that search engines will still index.

You’ve decided to create another page for your blog. Now you can prioritize them. With it, the search robot will rank the pages according to the priority you set. There is a scale for this, with a minimum priority of 0.1 and a maximum of 1. If you do not prioritize yourself, the search engine will do it for you, and the priority of each page will be equal to 0.5.

The final view of the site map:

<urlset>

<url>

<loc>https://location-of-your-website.com</loc>

<lastmod>2019-11-11T03:30:01+01:00</lastmod>

<changefreq>daily</changefreq>

<priority>1</priority>

</url>

<url>

<loc>https://location-of-your-website.com/blog</loc>

<lastmod>2020-10-10T03:30:01+01:00</lastmod>

<changefreq>daily</changefreq

<priority>0.6</priority>

</url>

</urlset>

The <priority> attribute is responsible for the priority. This code search engine will consider the main page of the site as a priority and not the blog.

But there is a second option. If Sitemap – a text document with the extension .txt, links will go in a row in a column. In this case, the file will be called sitemap.txt, and it will look as follows:

  • https://location-of-your-website.com/home
  • https://location-of-your-website.com/blog

For such a one-page site, you can use this option. But if you need to specify the frequency of updates or highlight higher-priority pages, the only sitemap.xml will do.

Are there any limitations for sitemap.xml?

Yes, and there are several:

  • The number of links. It is allowed up to 50 thousand links in one file.
  • File size. The file must not weigh more than 50 MB.
  • Location; will place the file in the root folder. The main nuance here is that the site map should be in the same directory with its links. For example, the file is located at https://location-of-your-website.com/catalog/sitemap.xml. This means that it can not be a link https://location-of-your-website.com/blog, but https://location-of-your-website.com/catalog/blog – can. And if the Sitemap is located at the link https://location-of-your-website.com/sitemap.xml, then it can include any page with the same domain.
  • Domain. From the previous point comes one more limitation. The domain of the Sitemap and all links in it must be the same. You can not specify the address https://location-of-your-website.com
  • /sitemap.xml in the file, following the link https://location-of-another-website.net

Protocol. If the link to the Sitemap looks like https://location-of-your-website.com/sitemap.xml, then the addresses specified in the file must have the HTTPS protocol. In the above case, it is correct – https://location-of-your-website.com/home, wrong – http://location-of-your-website.com/home.

The file should also include the robots.txt file. To do this, add a line with the file address. In the example in our article, it would look like this:

Sitemap: https://location-of-your-website.com/sitemap.xml

So Sitemap will be able to find robotic systems, which is the purpose of its creation.

How to create a sitemap.xml?

If your site is a business card with three pages, you can create a sitemap manually. For such resources will be sufficient and a text file with a list of links. For large resources, this option is not suitable. But the routine is easy to automate. To do this, you can use:

  • Site map generator in CMS. If you use a content management system, the Sitemap will be generated automatically.
  • A third-party sitemap generator. If you suddenly do not use a content management system or have your engine, you can use the generator sitemap.xml. There are many such proposals on the Internet, so you can safely choose a resource with good reviews. For small and simple sites are free versions of generators. And if your resource hundreds of thousands of pages, you have to pay, albeit a small amount of $ 2. Some service providers offer monthly payment plans so that the site map can be updated and dynamic. The costs will also not be high and will hardly exceed 5$/month. There are more expensive programs starting at $20, so you should check the price.
  • Plugin. You can generate a sitemap with the help of an SEO-plugin. For example, YoastSEO. This is, without exaggeration, the most popular plugin for SEO optimization of a site on WordPress. You can also use narrowly targeted plugins, such as Google XML Sitemaps, it automatically generates a file, after which you only need to send a link to it to Google Search Console. We have already written about them in more detail when dealing with SEO-plugins for WordPress.

You can also create your script to generate a sitemap if you don’t want to use ready-made solutions.

How much does a sitemap affect its indexing in search engines?

We will not confidently state that the mere presence of a sitemap.xml file will bring your resource to the top of search results. However, Sitemap – is an essential component. It facilitates the scanning of your resource search engine crawlers, i.e., it works as a clue to the search engines.

Our verdict: the presence of sitemap.xml not always leads pages to the first lines in search results but helps them not fall to the last. Without it, you can not do it, especially if you are serious about promoting your site. And you can not do without good hosting. If your resource is not enough of shared hosting resources and you are looking for more powerful options. We offer VPS/VDS hosting and offer several rates depending on your website needs – contact us to choose the best variant for you!

What is a web server, and which one to choose?

We often talk about servers and tell you which are the best to choose for business purposes. As a reminder, you can rent a cloud VPS/VDS server on QuantumHost for your business or other purposes. But today, we will discuss another important thing – the webserver. Let’s understand what it is, how it works, and which option is better to choose for your website.

What is a web server?

A web server is a server that receives a request from a user in the form of a URL, processes it, and sends the necessary data in the form of HTML pages, documents, media files, and media streams. It refers to both software and hardware. Like software, a web server consists of several components necessary to process user requests. Among them, the HTTP server is a must. Suppose we consider the web server as “hardware,” the computer hardware on which the documents are stored (the user sends a request to retrieve them). The hardware must be connected to the network so that the client can retrieve the requested data from the server.

Web servers often get confused with application servers or use these terms as synonyms. In part, they can be called analogs, but not really. There are several differences between web servers and application servers. A web server is HTTP-only and is intended mostly for sending static data. An application server supports HTTP and other protocols such as RPC and others, and their primary purpose is to transmit dynamic, i.e., always changing, content. Initially, they had different tasks. Now web servers often support PHP, Python, and other scripting languages to interact with static and dynamic data. And among the components of the majority of application servers, there are web servers used as proxy servers.

But this is a topic for a separate article. Within this publication framework, it is essential to understand how a web server works and what algorithm is used to interact with the user.

How does the webserver work?

Let’s look at a typical example that all Internet users encounter daily.

A user wants to go online and visit a particular site. To do this, he opens the browser on his computer or phone. When the program opens, he enters the desired URL into the address bar, goes to the saved address in the bookmarks, or clicks on a link to an already open resource. It doesn’t matter how, but it goes to the site. After a few seconds, the requested page appears on the screen with text, pictures, videos, and other content.

This is what the process looks like from the point of view of any ordinary person. Now let’s understand the necessary internal procedures.

The user opens the client application. It is often a regular browser from Google Chrome or Mozilla Firefox, installed on any device that supports this feature. It can be a PC, smartphone, tablet, or even a game console that can install a web browser. The client transmits a request via the HTTP protocol, which goes to the webserver. Going to the URL is the process of sending the request. The web server processes it and sends the user the requested data. It can be an ordinary HTML page, images, or other media files. The web server sends resources to the user using the same HTTP protocol.

If we briefly describe the procedure, we get the following sequence:

  • The client sends an HTTP request.
  • The web server receives the request and processes it.
  • The web server sends an HTTP response.
  • The client receives the requested resources.

The above steps cover the fundamental way web servers work. Now that sites are not limited to simple static pages, the transfer of resources is a more complicated process. For example, web servers provide the ability to securely receive and send data via HTTPS protocol, support scripting languages to send dynamic content, etc.

Thus, every Internet user unknowingly comes into contact with web servers daily.

An overview of the three most popular web servers

The first web server in history was CERN’s httpd, launched in 1991. Now there are many of them, so it is not so easy to decide on the choice.

If we consider the Russian-language Internet statistics, then in 2020, Nginx, Cloudflare, and Apache held leadership among web servers. Nginx accounts for more than half of the sites – 66.21%. Cloudflare takes second place – it is used in 8.51% of cases. Apache web server is used on 5.45% of platforms.

The top three most popular servers in 2020 are:

  • Apache.
  • Nginx.
  • IIS.

Given world statistics, we will consider these web servers as the most popular.

Apache

Apache HTTP Server was introduced by developers back in 1996. This is one of the first web servers on the market. After launching the software in free access, Apache surpassed all competitors and continues to lead today. Apache is used for 40.89% of sites.

About ten years ago, Apache was used as the primary and only web server. Now, with more data and with them increased the number of connections, it is always enough. Apache is often used as the main webserver and combined with other solutions. The web server is freely available and can be used for free.

Apache is a cross-platform software. It supports all major operating systems, including Microsoft Windows, Mac OS, and UNIX-like operating systems. Architecturally, Apache consists of a kernel, which performs the necessary tasks and many add-ons. The kernel is always running. The modules can be plugged in and unplugged so that we have some control over the server’s functionality.

Nginx

Nginx was created by a Russian developer Igor Sysoyev who released the product in 2004. It is the only Russian web server on this list, which is popular in other countries – it accounts for 23.77% of all sites worldwide. Nginx is used by ordinary website owners and market giants, such as Facebook, Pinterest, Netflix, Tumblr, Instagram, and many others. Like Apache, Nginx is open-source. But it can only be used on UNIX-like operating systems.

During the development were taken into account some major shortcomings of existing web servers, including Apache. Thanks to this, Nginx perfectly copes with the increasing load and can easily handle several thousand requests at a time.

When it comes to flexibility, however, Nginx lags behind other products. For example, the modules have to be selected and compiled with the kernel-they are not mounted dynamically. However, plugging the modules themselves can be considered a plus because users can choose only necessary modules and avoid installing other modules manually.

IIS

IIS, or Internet Information Services, is a product of Microsoft. Therefore, it can only be used on the Windows operating system. Version 1.0 was released in 1995. Now a web server IIS is used on 16.45% of all sites in the world.

Technically, this is a package of servers with the main component in the form of a web server. Unlike Apache and Nginx, IIS is not freely available but is bundled with the Windows NT operating system.

In terms of functionality and performance, IIS is approximately on par with the more popular free solutions. The developers pay great attention to security and improve it with the release of each new version – in this matter, IIS surpasses Apache and Nginx. Because the solution is a commercial one, users can count on Microsoft support, which is especially important for large businesses. Significant disadvantages – work only on one platform and the need to buy a license Windows. Although the second factor indicates that IIS is conditionally free, it is already in the package.

If you own a site without a web server, you can not do it. It is good that there are many products on the market and they can be combined. For example, many believe that the best combination of Apache + Nginx. The main task is to choose the right option in terms of performance, security, and cost.

Plugins for an online store on WordPress, which will help organize successful sales

WordPress is not designed exclusively for online stores. The engine is widely used for different areas – business cards, blogs, and corporate portals. Thanks to its versatility, convenience, and, of course, free access, WordPress has been at the top of the CMS ratings for years. And in terms of interface simplicity, it outpaces the competition, making it convenient even for beginners. Throughout the world, the engine is used for a third of all websites on the Internet.

For online stores, WordPress will also be the right choice. But to break into the field of e-commerce and make a lot of money on sales will not work without installing plugins. You will not be able to create a convenient resource for yourself and your visitors. There is good news! There are hundreds of plugins for WordPress sites – paid and free. Many of them are designed directly for online stores. We have prepared a list of the top plugins that will help you organize sales if you use WordPress, and today we tell you about each’s strengths and weaknesses.

Best plugins for creating online stores on WordPress

Our list includes 3 of the most popular and used plugins. Among them:

  • WooCommerce;
  • WP eCommerce;
  • eShop.

Let’s take a closer look at each of the plugins.

WooCommerce

WooCommerce has more than 5 million active installations confirm this during its existence and is the most popular WordPress plugin for an online store.

Immediately after installation on the site appear standard sections for online stores – catalog, personal page of the buyer, shopping cart, checkout. Then in the settings, you can choose location, currency, product characteristics, such as color. This is enough for a simple novice store. Edit the previously set parameters can be on the admin page.

The plugin allows you to configure a convenient way to receive online payments. You can choose either PayPal or Stripe. These services are not the most suitable for runes. Besides, WooCommerce enabled websites can integrate with other platforms. There are more than a hundred options to add by installing additional extensions. The site owner can choose a convenient shipping option and specify the territory to which it applies.

Essential marketing tools are provided by default to promote products and increase demand. You can set discounts, conduct promotions, send visitors coupons to buy products from the catalog.

The plugin also allows you to get sales data and view statistics. WooCommerce’s own analytics system will be enough to manage sales. If desired, you can also integrate analytics from Google.

Use WooCommerce is free. The plugin is freely available, and this does not mean that it lacks in its capabilities. You can sell or resell anything you want in any quantity – and merch of a band with a catalog of 10 t-shirts and cosmetics from AliExpress. If the functionality is not enough, WooCommerce can be extended by plugins, such as auto-unloading products to marketplaces or booking products that are not in stock. They can also be free, and then the online store site’s cost will only include payment for hosting and domain. There are also paid extensions – with them, the costs will increase but will consist of premium features & support from the plugin developer.

WP eCommerce

Before the release of the now popular WooCommerce, this plugin was in the lead. Now, WP eCommerce is used by more than 60,000 websites, which is why it takes second place in the ranking.

The plugin allows you to manage products in the admin panel – go to the section with the appropriate name. Here the user can add or delete items, create categories, add product labels. A handy feature of WP eCommerce is the ability to create several different variants of the same product. For example, if you sell electric guitars of the same model but in different colors, you don’t need to create additional cards – add several variations of the same product.

You can also use WP eCommerce to distribute coupons for store products. This tool is also in the product line management tab. The user can select the specific products that the promotion code applies to and set the expiration date.

Like WooCommerce, WP eCommerce is also available for free. But if you want to expand its functionality, you’ll have to install additional extensions. In most cases, the price starts at $12.

The plugin is mainly used for Western online stores, so useful information in communities and forums can only be found in English. The interface is less clear than in WooCommerce, so that beginners may have problems. There are also fewer tools and features provided in this plugin. But overall, WP eCommerce – not a bad plugin for online sales if you are willing to understand it and buy extensions.

eShop

At the moment, eShop has been downloaded more than 10 thousand times, which makes it one of the most popular plugins for online stores in WordPress. It has the necessary tools you need for online sales, but some nuances are better to consider before installing it.

Management is done through the eShop tab on the admin panel. Here the user can work with products, customize the catalog display mode, and choose delivery methods. It’s also possible to track the status of orders, work with the product database, and view documents uploaded to the site. eShop provides the ability to configure emails to customers – for this purpose; the plugin provides ready-made templates that you can fix at your discretion.

The main problem is that the plugin is in English.

‘By the way, talk about extensions: eShop has them, and they are free. But there are just over 20 of them, which may not be enough for a large online store. The plugin itself is also free, which can be considered its clear advantage.

Conclusions

By all parameters wins WooCommerce, is a simple, convenient, and functional plugin, which by default has all the necessary tools for the organization of sales in the online store. WooCommerce is free, many extensions for it are also freely available. It is also easy to get started with, even if you have not encountered online stores before. Its popularity and several million downloads only confirm the quality of the plugin.

But that doesn’t mean that the other products on the list don’t need consideration. WP eCommerce and eShop are also free, and if you want to test them, you don’t have to spend money. They also have strengths, and some users may find the interface more user-friendly.

If you decide to use WooCommerce, however, it is worth choosing your hosting responsibly. Vital if your online store is a large site with thousands of catalog items. The power of regular shared hosting might not be enough, so we recommend considering VPS hosting – with it and the store’s work, and as a result, sales will be stable and uninterrupted.