DDoS and hacker attacks are going to be the norm for 2016.
Emails running through your hosting account are putting your site at risk in ways you can’t imagine. Learn about the real threats to your site via your email, why it puts you in a bind for changing hosts quickly, and why you need to take care of this sooner rather than later.
This post is part of the Successful Site Owner Series
But It’s Free
The reason most site owners run their domain-related email through their host is because it’s convenient and free.
And, so that their email looks like this: [email protected]
That ride is over.
How I Hacked a Site Via Email
One of my fellow security buddies issued a challenge to find the IP of a brand new domain that was hidden behind CloudFlare. He didn’t make it easy, but I did find it via the MX record for the domain-related emails.
If emails had not been on the host I would have never found it, and neither would any other hacker’s bots. It takes a human a lot of time to dig that hard and fortunately for those of us with smaller sites (meaning smaller than enterprise level), there’s no profit in them wasting that time.
Email MX Records are the Weak Link
Hide your IP immediately if you have a new site or have recently moved to a new host. That way it will never get listed and the bots will never find it.
My favorite way to do this is via CloudFlare, which has a super free tier of service. You’ll have the opportunity to hook it up via your host. Don’t. It’s way easier to manage directly via CloudFlare.
If you’ve been at the same host for a while, then it’s likely your IP address was already picked up by bots and listed publicly. Hiding your IP address via something like CloudFlare will help, but may not be as effective as having done it sooner.
And MX records are not the only thing that can expose your IP address. You can hide all the others at CloudFlare too.
Space and Inodes
You’re renting space from your host. Stuff that takes up that space includes:
- Core site files
- Extra files (PDFs, audio, video)
- Host files – required to run your account
- Error logs – up to three kinds
Depending on how you have your email set up, it can be taking up a LOT of extra space on your site. Plus, you’re chewing up your system resources with it.
Hosts have lowered the ceiling on system resources.
Inodes – There is a limit to how many files you can have on your site, regardless of size. They are called inode connections.
Your account can be terminated for having too many inode connections.
Some hosts are better than others about notifying you of this fact.
All hosts are tightening security. They have had to lower the ceilings on resource overages to protect themselves and to strongly encourage you to take more responsibility for your own stuff. Old emails piling up is one of those problems.
The number one culprit I see taking up too much space and too many inode connections is old emails – like emails from 4 years ago.
Most folks use an email client to retrieve their emails from the mailbox on the server. Examples are Outlook and Thunderbird.
But, they don’t have them configured to sync both ways, meaning that the emails are sent to their local client, but a copy is still left on the host.
When they delete an email on their client, it is not deleted on the host, thus the buildup of old emails.
How to Check Emails on Host
The point is to move your emails off your host. And that will be so much easier if you clean that closet out first.
From your hosting control panel, go to Disk Space Usage.
(If you don’t have cPanel, this may look different or be unavailable to you.)
You can see the distribution of your files.
Clean it Up
Most hosts offer direct access to your emails (meaning sans a client) through internal services like Squirrel Mail.
I would suggest that you start by cleaning up your client and then synching to your host mailbox again first. (Meaning that you do a retrieval for new email.)
Then see what’s left on the host and delete everything you can. If you have everything on your local client (meaning on your computer) then delete the copy on the host.
Check Your Inodes
You’ll need to check with your host provider to see how to check your inodes because each one may be different, even if you have cPanel.
It may also be listed under userquota and buried in the tmp folder in the root. You may be able to access that easily via File Manager in cPanel.
Again, check with your host. This kind of support is part of what you are paying them for.
These screenshots were taken at A2 Hosting (aff link).
This is the kind of ease you pay a host for, so you can manage your own account.
Where to Take Your Emails
There are several good choices when it comes to moving your emails off your host.
Gmail is free and there is a way to set up an alias so your reply address looks like it’s coming from your domain.
Google Apps is better. Your MX record can be set to run your domain emails through GApps. And you get way more than just email. I moved my entire back office to GApps and it has revolutionized the way I work. I’m far more productive and efficient. (One change cut my emails to 1/3 the volume!) And, you can still use Outlook and other email clients with it, if you have one already.
What’s best about Gmail both the free and paid versions, is that it is an encrypted connection. So, you get protection from man-in-the-middle attacks too. (You know that SSL thing Google wants everyone to use? It’s an encrypted connection.)
Zoho is another free email cloud service.
Rackspace Email is another good choice that specializes in integrating Office 365 and Outlook.
But it’s not Free
That’s your excuse for putting your site and your host server and everyone else’s site on that server at risk?
The problem is not the problem;
the problem is your attitude about the problem.
GApps is $5/mo or $50/yr. Rackspace is $2/mo.
If you’re planning to make money from your site, then start thinking like a business owner and realize that there is a cost to doing business. The free ride is over. It’s up to you to do your part.
Get a Handle on Your Emails
Help yourself. Beyond that, help the hosting company you’re with help keep everyone safer.
Your files are not sitting on a server in isolation (unless you own the server). It’s time we all start thinking like a community of site owners. Think of it like being a store owner in a mall. If you don’t take proper security measures, then you put you and all other store owners around you at risk.
No store owner goes without basic security.
Start with your emails and get safe.