Set up two-factor authentication for your cPanel account

September 15, 2017/in cPanel, Security Tip, Web Hosting/by ConnectNC

Hosting customers may use two-factor authentication (2fa) to better secure their cPanel accounts. 2fa adds an extra level of security. It requires a smart phone app called Google Authenticator, which is available for Android and iPhone.

You should be familiar with the steps required to install an app on your phone before you begin. Unfortunately, we cannot provide support for your smart phone as a part of our hosting support. If you need help with this, please make an appointment for a 30 minute support session at our office.

First, login to your cPanel account and then use the search to find 2fa. You will see Two-Factor Authentication, as pictured below. Click on that.

Next, click the blue button that says, “Set Up Two-Factor Authentication.”

Scan the QR code with your smart phone.

Enter the code in the space provided. Click the button that says, “Configure Two-Factor Authentication.” You must already have the Google Authenticator app on your phone in order for this to step to complete.

Accept the server name displayed on your smart phone.

From now on, you will need the smart phone app to successfully login to your cPanel account.

You can reconfigure or remove 2fa by logging in to cPanel and clicking on “Two-Factor Authentication” again.

Strong Passwords Protect You and Others

May 20, 2017/in Security Tip/by ConnectNC

Using Strong Passwords

In our ongoing effort to protect our clients and ourselves from malicious actors, we require the use of strong passwords with all accounts.

How can I make sure my password is strong enough? There are a number of strong password generators on the web. One of my favorite ones is provided by Norton IdentitySafe, and can be found here:https://identitysafe.norton.com/password-generator.

If you’re curious about how long it would take to crack your current password, try entering it here:http://random-ize.com/how-long-to-hack-pass/.

It’s not uncommon for clients to proclaim, “I don’t care if someone gets into my email. I don’t have anything that matters in there.” We explain that it’s how a compromise affects others they should be concerned about. Once your email account is compromised, a spammer can use it to send out unsolicited junk. A hacker from another country can use it to send out phishing messages or malware. Many times, the perpetrator uses your contact list, so your own friends and relatives may be affected! Our mail servers may end up being blocked by other services, which means none of our customers would be able to send email anymore.

Please do your best to protect yourself and others by choosing a strong password. Change it regularly. Don’t use the same password on multiple online accounts.

If you have any questions about how to change your password, please send us a message.https://connectnc.com/clients/submitticket.php?step=2&deptid=5. Thanks for your understanding about our requirement for strong user passwords on our network services.

Please read our password policy here: https://www.connectnc.com/password-policy/

Additional storage available for pinehurst.net email accounts

February 9, 2016/in Billing, Email/by ConnectNC

Other customers may use ConnectNC’s pinehurst.net/connectnc.net email service for a monthly fee. Rates are billed quarterly and are listed below.

Monthly cost	Storage
$8.50	500 MB
$10.50	1.0 GB
$12.50	1.5 GB
$14.50	2.0 GB
$16.50	2.5 GB
$18.50	3.0 GB
$29.99	6.0 GB
$49.99	12.0 GB

Email accounts include:

Spam & virus filtering
Daily quarantine reports
Webmail
Compatible with Outlook, Microsoft Mail, Apple Mail, Thunderbird, etc.

Order here

Configuring iPad Email for Your Hosting Account

April 12, 2015/in Email, FAQ's/by ConnectNC

This article describes how to configure your iPad Mail for your ConnectNC hosting account. Please substitute your actual email account information wherever we have used yourdomain.com or chilesauce.com as examples.

This is written for an intermediate iPad user. We assume that you understand how to get to your iPad settings, and how to use your iPad to send and receive email. It’s not intended as a training article. If you need configuration or training for your iPad, we offer that as an additional service. Please contact us to schedule an appointment.

In this example, we allowed iPad Mail to use all its default settings. We did not modify anything or have to provide anything except the following three pieces of information.

Information required for mail account configuration:

Your email address
Your email account password
Your email server names (mail.yourdomain.com, where “yourdomain.com” is replaced with your actual domain name)

1. Go to Settings in your iPad. Tap on Mail, Contacts, Calendars. Tap Add Account.

2. Tap Other.

3. Tap Add Mail Account.

4. Type in your account information.

Name: Your real name as it will appear in the sender field to your recipients.
Email: Your full email address.
Description: Whatever is meaningful to you, to help you distinguish this account from others.
Incoming Mail Server Host Name: mail.yourdomain.com.
User Name: Your full email address.
Password: Your account password.
Outgoing Mail Server Host Name: mail.yourdomain.com.
User Name: Your full email address.
Password: Your account password.

Tap Next.

5. If you are presented with the following warning, “Cannot Verify Server Identity,” simply tap Continue. You will see this warning if you have not purchased and installed an SSL certificate for your domain name. If you wish to purchase and have us install an SSL certificate for you, please contact us. Otherwise, any time you encounter this warning, please tap Continue.

6. Turn off Notes and tap Save.

If you are using a cellular service, such as AT&T or Verizon to connect to the internet, please note that they may be blocking standard outbound mail ports, so you will need to contact their support to ask which ports are open for sending. If you can send mail while you’re connected to your home or office wi-fi, but cannot send while connected to a cellular service, this is a strong indication that the commonly used ports for sending are being blocked by the provider. Please contact your carrier to ask for help in this case.

Secure your communication

February 26, 2015/in Email, FAQ's, Security Tip/by ConnectNC

Contact us today for an encrypted email demo! This email encryption and spam filtering service works in conjunction with your company emails, and can work with your current email hosting provider, or we can host your email instead.

Great for:

Dentists, Physicians, Real Estate Agents, Attorneys, Financial Advisors, and any business who needs to email important client information securely!

Fake Flash Update Warning

December 2, 2014/in Security Tip/by ConnectNC

Fake Flash Update Warning

There’s a certain web site I’ve visited a few times that produces a fake flash update warning. Beware of these warnings. Adobe will never display a warning such as this when you’re surfing the web.

Here’s a screen capture.

First of all, I want to warn everyone never to click on anything like this without examining it first. There are three glaring examples of fakery to be found at a cursory examination.

#1 The URL has nothing to do with adobe.com.

#2 The message says that you are required to update your flash player. You are required to update nothing of the sort. As the saying goes, you are only required to die and pay taxes! Adobe (and other legitimate companies) will not generally display scary messages like this.

#3 This is the most important part… inside the red box, the advertiser says they are not affiliated with Adobe, the makers of Flash..

If you do accidentally click on the OK button, you will be asked to download or install something with a generic name, like “installer.exe.” Don’t do it! In my experience today, I clicked on nothing at all, and still got the download dialog box.

Well, now that you’ve determined you have detected a scam, what do you do? My advice is to close the browser. If you’re an inexperienced user, and you always seem to be getting malware, the best course of action is to go ahead and shutdown your computer without trying to click on anything at all. Press the Windows button on your keyboard to get to the start menu and click Shut down.

Be careful!

Note: I use both Windows PCs and Apple computers. I have only seen this happen on a Windows PC to date.

FBI issues another warning about tech support phone scams

November 13, 2014/in FAQ's, security, Security Tip/by ConnectNC

I’m pasting this in verbatim, because The FBI has very effectively communicated the extent of the problem. Be very careful about giving remote access to your computers to people you don’t know and trust!

3 November 2014

Alert Number
I-111314-PSA

NEW TWIST TO THE TELEPHONE TECH SUPPORT SCAM
The IC3 has produced Scam Alerts in the past advising the public of an ongoing telephone scam in which callers purport to be an employee of a major software company. The callers have strong foreign accents. The callers report the user’s computer is sending error messages and numerous viruses have been detected. The caller convinces the user to give them permission to run a program allowing the caller to gain remote access. The caller advises the virus can be removed for a fee.

Intimidation tactics used in this scam have influenced victims to pay fees associated with the removal of alleged viruses. It has been reported to the IC3 an individual who paid the required fees, later received a call advising the victim the funds paid for the services went to India and were used to purchase weapons for ISIS. The call came with an additional request for money to remove the victim’s name from a black list.

In a new twist to the tech support scam, cyber criminals attempt to defraud using another avenue. The scam is executed while a user is browsing the Internet. In this scenario, a website being viewed provided a link to articles related to popular topics. The user clicked the link and was redirected to a website which produced a window that advised the user’s computer had been hacked. Another window was displayed that contained a telephone number to obtain assistance. The user reported all attempts to close the windows were ineffective. Upon calling the number for assistance the user was connected with an individual who spoke with a heavy foreign accent claiming to be an Apple representative. During the process the user’s web browser was hijacked. Restarting the computer in an attempt to regain access to the Web produced another message with a different telephone number to obtain assistance.

The execution of this fraud is similar to what was reported in a Public Service Announcement (PSA) dated 07/18/2013. The PSA reports on a version of ransomware that targets OS X Mac users. This version is not a malware; it appears as a webpage that uses JavaScript to load numerous iframes (browser windows) and requires victims to close each iframe. The cyber criminals anticipate victims will pay the requested ransom before realizing all iframes need to be closed. The full PSA can be found at http://www.ic3.gov/media/2013/130718-2.aspx

If you are a victim of this scam or a similar scheme it is suggested:

To file a complaint at www.IC3.GOV
Resist the pressure to act quickly
Be cautious of clicking on unknown links

The POODLE exploit

October 30, 2014/in Computer, Online Computer Backups, security, Security Tip/by ConnectNC

If you’re on the web much, have any online banking accounts or watch TV news, you’ve probably heard about POODLE in the last few weeks.

Rather than reinvent the wheel, I’m going to post some links here for those of you who are interested to peruse.

What you need to know about the SSLv3 “POODLE” flaw (CVE-2014-3566)

If you use the Internet at all, you’ll want to disable SSLv3 on the apps you use, too. Here’s how you can disable SSLv3.

And, once again, I want to encourage EVERYONE to backup! Please call us if you need help setting up a backup system. Or, please just click on this link to buy Carbonite now.

Stay safe out there!

Are you backing up?

August 19, 2014/in Online Computer Backups/by ConnectNC

Avoid installing junk you don’t need

June 25, 2014/in Security Tip/by ConnectNC

For quite some time, the applications we trust and use every day have been tricking us into installing extra stuff we don’t need during the update process.

One example is Adobe Flash (pictured below). Sometimes, their “gift” to you is the Chrome browser. Other times, it’s the Ask toolbar. In this case, it’s McAfee Security Scanner. Almost always, you don’t need or want it.

You can avoid it by paying attention to the update screen and un-checking the box next to whatever it’s trying to install for you.

Avoid Installing Junk You Dont Need