Salam and hello everyone. I just got a news from Amanz regarding Nuffnang Malaysia website which has been hacked by Gaysec. Gaysec is probably a group of hacker or an individual which recently has leaked several users database from several well known websites such as TM Streamyx, Geng Blogger, CIMB and the latest one is Nuffnang Malaysia. Nuffnang Malaysia website is currently inaccessible and it has been placed into maintenance mode. If you didn’t know, Nuffnang is one of the largest blog advertising network in Malaysia and south east Asia, hence this incident would be great challenge for Nuffnang to ensure their website’s security is always at optimum level as well as to ensure their customers and users’ privacy are protected properly. This incident should be a good lesson to Nuffnang.

There is no official announcement from Nuffnang regarding this issue.

Update by Nuffnang Malaysia.

Update: Official community announcement by Nuffnang Malaysia regarding last night security breach.

It seems it takes a long time for Nuffnang ads in this blog to load and this ads loading issue has caused slow page loading for this blog. Hence, I’ve disabled all Nuffnang ads in this blog for a while.

p/s: It is good to know that Gaysec’s objective is not more than just to pointing out the security holes of the websites they have hacked, rather than damaging the system.

Salam and hello everyone. So, for this time, I want to share with you all one method that you can use to secure your hosting bandwidth from being “stolen” by some irresponsible people. Since some people have requested this tutorial hence, for this time, I’ll guide you guys on how to set this simple setting on your hosting CPanel so you’ll be able to control which websites can directly link any files from your hosting and of course this is one of the ways to set which websites you want to share your hosting bandwidth. Sound complicated? Actually, it is not that complicated, it is just a simple setting that will be done in few steps.

So, are you ready? Here we go. First thing first, login into your CPanel account. Usually the URL to access your cpanel is http://yourdomain/cpanel.

Ok, here is the first step. Scroll down until you find this icon named Hotlink Protection under Security tab. Click that icon.

The below screenshot will appear and you can see all those URLs and some setting there.
If you ever yet do any setting on this before, the default setting for this is “the hotlink protection is currently disabled”. If it is so, enable it by simply click enable button and the hotlink protection now enabled.

Ok, now is the important step, you need to list down all websites URL that you will allow to access the files hosted on your hosting. For example, if you have second website with the URL yourdomain.org and you want to allow this domain to use all files hosted in your current hosting. Hence, you’ll need to enter the web url which is with and without www. So, for this case, what you’ll need to enter are http://www.yourdomain.org and http://yourdomain.org in URLs to allow access box. This is a must otherwise your current hosting will block this domain from accessing your files in your current hosting. Get it?

Next step is, if you notice, below the URLs to allow access box, there’s another setting you can set up which is which types of file you want to protect. As default, it’ll list jpeg, gif, png, jpg and bmp. And in my case I’ve added another file extension, which is .swf. So, if you’ve another types of file, for example compressed zip file with extension .zip. What you need to key in is ,zip. (Note: comma should be included to separate this file type with other file types) See the screenshot for details.

And for the check box, just check it as allow direct access.

Another important step is the last part which is the url for the image or file to replace the original image/file that has been linked from your hosting without your consent. You can host this replacement image/file at any free hosting image/file hosting such as Photobucket or Flickr. Simply put the link for the picture that you’ve hosted at Photobucket or Flickr into the “Redirect request to this URL” text field.

Now, you’re done! Simply press ok and now you can try either your hosting protection is working or not by selecting any images/files from your hosting with the extension as what you’ve entered before, for example an image file with .jpeg extension. Now try to display or insert the image that you’ve hosted in your hosting to any blogs or websites that currently not in your allowed URLs list. Publish it and see what will happen. What you will see is not the image that you’ve hosted on your hosting, but the image that you’ve hosted on the free image hosting. If it is what you see, it means your protection now is working. If it is not, try to recheck your allowed URLs list, maybe you insert the image in your allowed URLs.

For others to test it from my hosting, you can try to insert the image below from this URL ( http://izzatruslan.com/wp-content/uploads/2009/04/hotlink-test.jpg ) which is hosted on this blog’s hosting.

Then, insert the image to any of your blogs, publish it and see what you’ll get. The image you should get is as below. If you see the image below, that’s means my hosting protection is working.

I hope this simple tutorial can help you to prevent others from illegally linking any files from your hosting and steal your hosting bandwidth. This tutorial might benefits those who paid for hosting with low monthly bandwidth and for me, you should control your hosting bandwidth usage otherwise your websites/blogs will be inaccessible when your hosting is running out of bandwidth. And for those who paid for hosting with high monthly bandwidth, you also might consider to apply this bandwidth protection. The reason is simple, you paid for it. If you don’t mind people take it from you, then it’s okay.

Remember one thing, without bandwidth, your websites/blogs are inaccessible. Until next time, hope this simple tutorial will help you to secure your hosting bandwidth.

p/s: Do leave your comment if you’ve any questions across your mind. Thanks.

Salam and hello all. Have you ever checked your hosting directory can be browse or not? Don’t get what I mean? Ok, since most blog using WordPress as the platform, here is an example on how to check either your hosting directory can be browse or not. Try type in this URL on your browser, http://yourdomain.com/wp-content/plugins/. What can you see? If the result gives you a 404 error, it means that your hosting directory browsing and indexing is turned on. If not, it means you still not enabled it. Hence, in this entry I’ll show you how to enable this setting on your hosting. To do this you should have administrator privilege for your hosting. Ok, here are the simple steps on how to do this.

• First thing first, login into your cpanel account.
• In your cpanel account locate this icon named Index Manager. Usually it located at the bottom of your Cpanel in Advanced section. Ok, click Index Manager.

• This pop-up will come out after you click the Index Manager icon. Select Web Root for directory selection. Then, click Go.

• Next, you’ll see this screenshot. Click on public_html that located at the top of the directory list.

• Then, you’ll see this setting. Ok, here is the final step, select No Indexing. And lastly, click Save.

So now you’re done already. Test it out to make sure it works. Enter the same URL as mentioned before and see what the result you’ll get. If your WordPress theme have custom 404 error page, you’ll see this page otherwise your hosting 404 error page. Ok that’s it.

Why you need to turn off your directory browsing and indexing? One thing is to protect your blog and hosting from outsider who wants to steal files on your hosting. Other thing is to prevent other people to know what plugins you currently used on your blog, what files already uploaded to your upload folder and etc. I see there are many blogs out there still allowed this directory browsing but if you really want others to know about what you hosted on your hosting, then you don’t have to worry much. Ok, hope this simple entry will help you and if got any questions, drop your words below.

p/s:Sorry for lack of update recently, I’m currently working on my new Bahasa Melayu blog. I’ll tell about it later.

Salam and hello everyone. Just got confirmation from Serverfreak website regarding the DDOS issue. It seems like the network still attacked by the DDOS. Here is the message from the website,

CBJ2 Network attack by DDOS
Dear Customers,
Currently our network in CBJ2 being attack by DDOS at 140mbps. We are resolving this issue now ASAP.
We will update once it has been resolved.
Source: ServerFreak Support

Hope it will stop soon. I’m sorry if you can’t access this blog in some times, can’t do anything. Just wait for the attack to stop.

The domain ServerFreak.com.my also inaccessible, if you want to access Serverfreak, use this domain Web-Hosting.net.my

	PROTECT YOUR FAMILY GET QUOTE Compare Quotes Mortgage Buy to Let Mortgages Visit Now

Salam and hello everyone. If you notice yesterday, the connection to this website quite slow and sometimes got internal server error message. At first, I didn’t know what the cause of this matter but last night, while chatting with Sam (Serverfreak Support), he said the servers have been attacked by DDOS attack hence cause the network and connection to the server becomes slow.

What is DDOS attack? Mr. Wiki got the answer.

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even DNS root servers.

I didn’t chat too long with Sam since at the time I chat with him, there’s another DDOS attack. But anyway, hope this problem can be solve asap. Anyway, sorry for any inconveniences for those who are surfing this blog.

But I think the attacks already stopped since the connection to the blog quite fast right now, maybe need time to fully recover from the attack. Anyway, thanks for Sam for his hard work. He already didn’t sleep for 5 days. Ok, that just for your information.

I also noticed that some of other blogs which are hosted at Serverfreak also inaccessible such as Knizam.com and Topotato.com. I don’t know if the problem is cause by the same reason but it seems I can’t access their website in the past few days. I already tried to connect to their blog using both UMobile and Maxis Broadband but still I got the page tells the page can’t be viewed. At first I thought it might be because of the ISP itself, but trying on another ISP also come out with the same result. Till now I still can’t access their blog.

p/s: have you experienced ddos attack before?

UPDATE: IzzatRuslan.com was down for 3 hour 30 minutes from 7.35am today, so sorry for any incoveniences. But, the connection seems going back to normal already. (3.34PM)

hi there!

This is my new blog and new blog url, and this will be the blog that i will blogging after this and later on. So, say goodbye to my previous blog at blogger.com. Personally said, i’m happy blogging at blogger.com and blogger.com for me is the best free blog platform ever. After blogging about 10 months, i decided to own my own domain and hosting for my blog. Before this, about 2 years ago, i already have a domain for myself, but seem at that time i really busy with my study (preparing for SPM exam) so i don’t have time to manage it so it is just a waste.LOLS..

Anyway, i registered my domain and hosting last 3 days from ServerFreak, for this time i decided to host with them, seem i received lots of positive feedback from their current customers, Cypherhackz also hosted with them..hhuhu.. about the domain, why it be izzatruslan.com? At first i wanna name it as izzat.com or izzat.net, but seem looks like my name really popular..lols.. all the domains are not available except for izzat.info which i’m not interested..haha So, as the result, i came out with izzatruslan.com, combining my name and and my dad name. I think it much much more suitable to show that this is a personal blog. izzatruslan.com was successfully registered under ServerFreak on 11 Feb 2008 plus 1 GB hosting plan for 1 year. If i satisfied with their service, i might consider to stay with them for another years. Hopefully, what i heard from their current customers are true.

So start from this time, i’ll blogging here which currently running under WordPress platform. For the beginning, i used this simple template from deanjrobinson called redoable and i planned to create and design my own WordPress theme after this. Who wanna guide me for this? One of the reason why i moved from blogger to my own hosting is because, I wanna run my on WordPress on my own hosting as i know WordPress is the best blog CMS platform. Do you think so too?

So if you noticed, i already transferred all my previous posts from my previous blog here, oh..don’t get me wrong. All the posts there are still there, i just transferred/imported/copied here so you’ll get the same that you got there, easy for you if you want to find back about my previous posts. But, for the next and next posts after this, it’ll be here, no more posts will be there. Thanks to WordPress by providing this great feature so i can import my posts from previous blog easily.

So thats all for this time, as usual, if you’ve any comment/suggestion to speak out. Just leave your comment at comment section. If you find any error or bug please inform me. Thanks