Tag: priority

Values have to rescue our society

Holger Thomas asked:

Industrial revolution initiated an enormous development of industry. Suddenly projects never thinkable before became feasible, and people were streaming into the factories, where the owner never seemed to get enough workers in order to fulfil the orders. But human-beings fooled themselves when they thought this could go on and on for ages. When customers started placing fewer orders, the factory suddenly had too many workers; the owners fell behind with paying the wages, and so people had to stay at home and had to cope with the loss of income and of their jobs.

Not so long ago we went through another revolution – the information and communication technology revolution. Entire production processes became fully controlled by microprocessors, sensors started measuring parameters on site, and computer-controlled robots started taking over jobs formerly executed by the ordinary worker. This had a similar effect on society – at first there was a big boom until the market became tight, and dictated by the necessity of making profit, many jobs were lost and people let go.

If you look at it today – there are not too many opportunities left of how we can make society right. Should we continue destroying more jobs than we can create, it might take a while alright, but at the end of the day, there will be only a hand full of people who actually work and have an income. We can’t afford to let everybody behind. We can’t afford to leave entire continents exposed to impoverishment.

So is it the battle to become rich, or is it the incredible pressure in some parts of society, what drives society? In most cases it is a bit of both. But we have to ask ourselves: Which are the values we follow? I think the central values are key to this. As long as everything is about money, society is bound to fail.

We need to think about what is important to us. There are social values that do count, but often become forgotten or we give priority to other things. What about friends, about caring for other people, about charity? Do we really have to wear the latest fashion, have the latest car, gadget or buy our entire furniture new when we move? Do we really have to do everything ourselves in order to save money? Shouldn’t we give other people an opportunity to earn some money too? Isn’t the right balance of every angle of our life better for us? These are just questions, I know. And there are certainly more questions than answer. But please do me a favour and think about it…

X-cart Security

Jon Peters asked:

X-Cart makes it easy for nearly anyone with the desire to establish an e-commerce store to do so, however not everyone has the background knowledge to know to address security issues. Many store owners begin designing, adding products, and focusing on sales and SEO without ensuring that their x-cart e-commerce store is developed in a secure environment with a focus on security. Once established often x-cart store owners are not aware of what is required to maintain their x-cart in a manner that keeps it secure over time.

The purpose of this tutorial is to assist you in understanding:

The importance of X-Cart security

Hosting X-Cart in a secure environment

How to secure your X-Cart

Maintenance of x-cart security

The importance of X-Cart security

Website security should always be a priority, but is absolutely crucial when dealing with e-commerce stores that transact and store sensitive customer data such as email addresses, phone numbers, addresses, and credit card information. Reading through the x-cart forums you will find many x-cart store owners who have had the misfortune of having their x-cart hacked/exploited. Having worked with x-cart since 2002, I’ve had many of those store owners come to me asking what can be done to fix their store, and I have repeatedly heard the common response that nobody had ever talked to them about security and they were unaware of anything that needed to be done. Believe me when I say that if you are not aware of what is required to secure and maintain your x-cart, it is by sheer luck that your x-cart has not been hacked or exploited and it is only a matter of time before you become a victim. That said, by reading this tutorial you are well on your way to understanding and performing x-cart security to keep you and your customers safe.

Hosting X-Cart in a secure environment

The environment on which your x-cart is hosted is the base for all security, and if your host and/or server is not secure, all the security settings on your x-cart are not going to keep you from being exploited. There are generally two types of hosting: a shared server where you purchase a plan with a host and they provide you space for your site to reside on a server with many other clients, or a dedicated server, which is a computer where you can host your site(s) exclusively (a VPS is essentially a combination allowing dedicated server privileges in an environment shared with less users than with shared hosting).

Secured Shared Hosting

The main benefits of shared hosting is the reduced cost available by sharing the server with other users, and having the server company manage the server security. These same benefits can also pose a security threat however, as the sites of other clients can jeopardize your security if their sites are breached, and if you rely on a server company to secure a server and they fail to do so correctly, you can find yourself in serious trouble. To combat these potential problems, it is imperative that you host with a trusted hosting provider who makes server security a priority. View our recommended X-Cart Hosting providers.

Dedicated Server

Unmanaged

I unfortunately often see x-cart store owners establish or move to an unmanaged dedicated server without knowing the onus of security that falls on them in doing so. When working with an unmanaged server, you are responsible for ALL server security. This includes the configuration of all your server settings, as well as keeping your kernel, os, php/mysql, control panel, etc. up-to-date as new branches and patches are released. This is a daunting task for anyone not very experienced with server security, and is not recommended for the average user.

Managed

Surprisingly, having a managed server does not necessarily mean your server is secure. When purchasing a managed plan, it is important to know what the server provider will and won’t do as part of your managed plan; it is not uncommon for someone to established a managed server and setup their site(s) thinking the host will take care of security, only to find their server exploited to which the server company responds saying they only perform security tasks upon request. If you rely on your host for a fully managed security package it is important that you work with a trusted hosting provider who takes security seriously, and ensure that all aspects of security are accounted for.

Server Management Companies

Personally, I recommend an unmanaged dedicated server package and then using the services of a server management company such as EZSM or ServerWizards. These companies will configure your initial security settings, put processes in place to manage your security, and keep your server up-to-date as upgrades and patches are made available.

How to secure your X-Cart

After securing the hosting environment, it is necessary to address security with x-cart itself. Taking the following steps will make great strides in securing your x-cart:

Ensure you have a secure https connection for your store using a valid SSL certificate.

Do not use the “master” x-cart admin account. To change this, login using your “master” x-cart admin account, create a new administrator with a username that is less generic. Log in as that new user and delete the “master” user account.

Immediately password protect your admin and provider directories. You can usually password protect these directories using a control panel such as cPanel, or you can use .htaccess and .htpasswd files (run a quick google search if you are unsure how).

Be aware of your site’s file permissions, as having loose file permissions in conjunction with an exploit, can allow someone to write and execute files on your website – this is a very common exploit against x-cart so take this seriously. In general your file chmod permissions should appear as follows:

File Type Permission

*.php 644

*.tpl 644

*.pl 755

*.sh 755

/catalog/ 777

/files/ 777

/images/ 777

/var/ 777

/var/* folders 777

/var/* files 666

Turn off the option of sending credit card information in e-mails in the General Settings -> E-Mail Options section of your x-cart admin section.

Unless you are using the subscriptions module, do not store credit card information in your database. To disable, or to ensure that this setting is disabled, open your config.php file and ensure the $store_cc variable is set to false:

$store_cc = false;

It is always a good idea to log into your x-cart admin section using https so that the data you transact during the x-cart session is encrypted. The following code will force your x-cart admins/providers to login using https:// by redirecting them when http:// is used.

Add this code to the .htaccess of your admin section (adjust your url):

# Force https on the admin section

RewriteEngine On

RewriteCond % !443

RewriteRule ^(.*)$ https://www.your-domain.com/xcart-dir/admin/$1 [R=301,L]

Add this code to the .htaccess of your provider section (adjust your url):

# Force https on the provider section

RewriteEngine On

RewriteCond % !443

RewriteRule ^(.*)$ https://www.your-domain.com/xcart-dir/provider/$1 [R=301,L]

The following .htaccess code, which can be placed in an .htaccess file in your store’s root directory (same directory as / and cart.php), will prevent access to sensitive areas of the x-cart file structure. If you are on a server that does not support .htaccess files, you will want to find alternate ways to block access to these files.

(NOTE: Change http://www.yourdomain.com/x-cart-path/ to the url to your error_message.php file.)

Options +SymlinksIfOwnerMatch -Indexes

RewriteEngine on

# Block access to sensitive directories

RedirectMatch permanent ^.*/.pgp/.*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/patch..*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/sql/.*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/schemes/.*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/skin1_original/.*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/Smarty.*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/upgrade/.*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/var/.*$ http://www.yourdomain.com/x-cart-path/error_message.php

# Block access to sensitive file types

RedirectMatch permanent ^.*.(ini|tpl|sql|log|conf|bak)$ http://www.yourdomain.com/x-cart-path/error_message.php

# Block access to sensitive files

RedirectMatch permanent ^.*/COPYRIGHT http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/INSTALL.*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/NEW.*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/README http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/UPGRADE.*$ http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/VERSION http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/include/version.php http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/config.php http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/top.inc.php http://www.yourdomain.com/x-cart-path/error_message.php

RedirectMatch permanent ^.*/install.php$ http://www.yourdomain.com/x-cart-path/error_message.php

Maintainance of x-cart security

A big mistake I see with users of software is thinking they can setup the software and run the software for an indefinite period of time. It is imperative with x-cart, and all software you run for that matter, that you apply security patches and upgrade as new releases are available. While the patches and upgrades do require time and/or money to apply, neglecting to do so can be potentially fatal to your business and they need to be made a priority.

X-Cart provides security and release bulletins that you can sign up for in your x-cart client account. Be sure to sign-up for these bulletins and stay on top of your security.

Article copyright 2007 WebsiteCM.com and may be republished provided all content is left intact including author information, copyright notice and website links.

Top 7 Do’s and Don’ts of Being an Entertainer

Nariman Taweel asked:

Entertaining at an event is an important responsibility. Whether it is a corporate event, social event or wedding there are certain things that all entertainer should do and also things they should avoid.  By following these do’s and don’ts will guarantee success and avoid failure.

1.       Be Punctual – Being late to any event is unacceptable and demonstrates unprofessional behaviour.  As an entertainer your time is being paid for so there is no excuse for being late.  In fact being early will allow you to mingle with the guests and or attendees. This will assist you in building a strong rapport with the guests at the event and if asked for feedback attendees will be more inclined to be positive.

2.        Ensure you are prepared – It is essential to know your audience.  This is especially important in a corporate environment.  At a corporate event you should attempt to present something knew or provides strategies for applying some common sense work practices.  Never patronise your audience.  At a social event it is a priority to set up before the guest arrive.  As an entertainer you don’t want the guest to see you struggling with you equipment. 

3.       Make sure that you are relevant – Make sure that you meet the client’s needs and understand the theme or desired outcome of the event.  As an entertainer the worst thing you could do is to present something those conflicts with the theme or is repetitive.  Ensure you know what other entertainers are presenting so that you alter your act to be different and innovative.

4.       Always attempt to position yourself in front of the event or so as to allow all attendees or guests to get a good view of you.  You are after all the entertainer and it is your job to capture the attention of all at the event.

5.       Familiarise yourself with key people’s names such as any guests of honour, people you may have to introduce, the birthday girl or boy or event the CEO of the company at the event.   

6.       Enthusiasm is the key to engaging the crowd and as a professional entertainer you should have some strategies for this in your bag of tricks. A good entertainer will excite and inspire a crowd and keep them wanting more.

7.       Provide Varied Entertainment – If you are entertaining for any length of time, you should attempt to split the time up into different activities.  You don’t want the guest and the attendees to be bored or become distracted, so varying the activities will be essential in keeping an upbeat vibe and the interest of all.

Following these simple rules will ensure that you are a hit at any event.  As entertainers you want the hosts to have had a positive experience and consider you for their next event.  WOM is an entertainer’s most constructive marketing tool.

For more information visit http://www.nusuevents.com.au

HP Pavilion DV6-1250US 15.6-Inch Entertainment Laptop | Ready2Beat

From the Manufacturer Want a notebook PC that makes it easy to manage numbers?

More:
HP Pavilion DV6-1250US 15.6-Inch Entertainment Laptop | Ready2Beat