Top 10 Online Threats

The strategies hackers use to break into your site can be complicated but the results are usually pretty simple – lost revenue. Here are the 10 most common threats identified by the Open Web Application Security Project:

1. Injection.

It’s not uncommon for web applications to have injection flaws, especially SQL injection flaws. A hacker who finds one will send malicious data as part of a command or query. The attacker’s message tricks the app into changing data or executing a command it was not designed to obey.

2. Cross-site Scripting.

Cross-site Scripting flaws occur whenever an application sends user-supplied data to a web browser without validating it first. Hackers use these flaws to hijack users away from the site or deface it, thereby costing the site owner in lost business.

3. Insecure Direct Object References.

Applications that lack checks to verify a user is authorized to view particular content can be manipulated to access private data.

4. Broken Authentication.

When account credentials and session tokens aren’t properly protected, hackers can assume users’ identities online.

5. Cross-site Request Forgery (CSRF).

A CSRF attack tricks unknowing site visitors into submitting forged HTTP requests via image tags, XSS, or other techniques. If the user is logged in, the attack succeeds.

6. Security Misconfiguration.

Security misconfiguration flaws give hackers unauthorized access to system data via default accounts, unused pages, unpatched flaws, unprotected files and directories.

7. Insecure Cryptographic Storage.

Many web applications don’t do enough to protect sensitive data such as credit card numbers, Social Security numbers and login credentials . Thieves may use this data for identity theft, credit card fraud or other crimes.

8. Failure to Restrict URL Access.

Often an app will protect sensitive interactions by not showing links or URLs to unauthorized users. Attackers use this weakness to access those URLs directly in order to carry out unauthorized actions.

9. Insufficient Transport Layer Protection.

Applications often fail to authenticate, encrypt and protect the confidentiality of network traffic. Some use weak algorithms, expired or invalid certificates or use them incorrectly. This allows hackers to “eavesdrop” on online exchanges. An SSL Certificate typically neutralizes this threat.

10. Invalidated Redirects & Forwards.

Web applications often redirect or forward legitimate users to other pages and websites, using insecure data to determine the destination. Attackers use this weakness to redirect victims to phishing or malware sites, or use forwards to open private pages.

More about Top 10 Online Threats

What is Hosting?

Make sure friends, family and customers can see your website.

Hosting is what makes it possible for others to view your website over the Internet. Without it, you’re the only one who will ever get a look. LuckyRegister – Cheap Domain Registration, Domain Hosting Services – serves up…

  • One-click set-up
  • Unlimited storage and bandwidth
  • Scalability to fit your needs
  • 24/7 secure monitoring

Fast sites = happy visitors

Did you know a 1 second delay in your website page load time can cause a 7% reduction in conversion? This can have a huge impact on your bottom line which is why we work hard to maintain top page load times in the industry.

  • Fastest page load times using cPanel for Linux
  • High-performance servers for fastest load times
Fast, secure, powerful hosting, now with cPanel® for Linux®
Fast, secure, powerful hosting, now with cPanel® for Linux®


App installs just a click away

Our one-click install process has all your Web hosting app needs covered, making it easy to build, enhance and manage your site.

  • Need a content management system (CMS) for your Website? Joomla and Drupal are just a click away
  • Maybe you want to sell products on your website. Try Magneto with one-click.
App installs just a click away
App installs just a click away


Powerful hosting made easy

With its user-friendly control panels featuring cPanel®, our Hosting puts you in charge. And thanks to our award-winning data centers, lightning-fast load times and 24/7 monitoring, you know your site will always be safe, secure and online – guaranteed*.

Powerful hosting made easy
Powerful hosting made easy


Award-winning security keeps your site safe

Keeping a website secure is a full time job. That’s why our security team is on the job 24/7, monitoring your site for suspicious activity and protecting it against brute force and DDoS attacks.

Award-winning security keeps your site safe
Award-winning security keeps your site safe

More about our web hosting plans

Fast, secure, powerful hosting, now with cPanel® for Linux®


Fast sites = happy visitors

Did you know a 1 second delay in your website page load time can cause a 7% reduction in conversion? This can have a huge impact on your bottom line which is why we work hard to maintain top page load times in the industry.

  • Fastest page load times using cPanel for Linux
  • High-performance servers for fastest load times

Important Notification About Our SSL Offerings

Due to Registration Authority regulation changes from ICANN (the Internet’s governing body), we’ve made two changes to our SSL offerings.

Maximum Issuance Length

This new regulation sets the maximum length of time for which we can issue SSL certificates to 39 months.

Because we only offer SSL certificates on an annual basis this means customers will only be able to:

  • Purchase new certificates with a maximum issuance length of 3 years
  • Renew existing certificates for a maximum of 3 years

This policy is set to completely take effect on July, 1 2014.

Fortunately, this regulation change doesn’t impact SSL certificates we’ve already issued that fall outside the 39-month limit. However, when those customers’ SSL certificates are up for renewal, they cannot renew them outside the new maximum issuance length of 3 years.

Free SSL Credits Only Offered for 1 Year

Starting July 1, 2014, free SSL certificate credits offered with some products are only free for the first year. After the certificate’s first year, customers will have the option to renew their SSL certificates for our renewal pricing.

An Example of the Change

Previously, free SSL credits were given to customers for the same length of time as the parent product’s purchase length. If a customer purchased an Ultimate-level hosting plan for 5 years, they received a credit for a free SSL with a 5-year issuance length.

However, that credit would fall outside the maximum issuance length we can offer because of this new regulation. This use-case is what compelled us to change the issuance-length of free SSL credits. To adhere to ICANN’s policy and create a consistent user experience, we’ve decided to offer free SSL credits with a 1-year issuance length.

Starting July 1, 2014, if a customer purchase an Ultimate-level hosting plan for 5 years, the free SSL credit they receive expires one year from the date of purchase. At its expiration, our customers can choose to renew it for our SSL certificate renewal price.

Customers with existing certificate credits greater than 3 years can continue to use them until July 1, 2015. After that date, using either a 4- or 5-year issuance length credit will create a certificate with an issuance length of 3 years.

Build your business with .US – On Sale! $3.99/year

Who can register .us domain names?

The U.S. Nexus Requirement ensures that only individuals or organizations that have a substantive connection to the United States can register .us domain names. To qualify for a .us domain name, you must be:

A natural person (i) who is a citizen or permanent resident of the United States of America or any of its possessions or territories, or (ii) whose primary place of domicile is in the United States of America or any of its possessions.

An entity or organization that is (i) incorporated within one of the fifty (50) U.S. states, the District of Columbia, or any of the United States possessions or territories or (ii) organized or otherwise constituted under the laws of a state of the United States of America, the District of Columbia, or any of its possessions or territories.

An entity or organization (including a federal, state, or local government of the United States, or a political subdivision thereof) that has a bona fide presence in the United States.
Domain names can be up to 63 characters, with a minimum of three characters, and can contain letters (a to z), numbers (0 to 9), and hyphens (except at the beginning or end of the domain name). You cannot register domain names with special characters such as & and #.

Register your .us domains now

.Asia cheap domain registration, On Sale! $4.99/year*

Connect with an entire region with a single domain.

The .ASIA Top-Level Domain (TLD) is an ICANN-sponsored domain extension that represents the Asia-Pacific region. A .ASIA domain gives you exposure to the region as a whole, as opposed to individual countries, such as a .JP or .CN domain extension. This is particularly useful for companies that conduct business in different Asian countries. Securing a .ASIA domain gives you regional recognition, makes it easier to manage your Web presence, and increases your exposure to the growing number of Internet users in the Asia-Pacific region.

.ASIA is available to individuals, businesses, organizations, and community groups, as long as one of your contacts lives in the Asia-Pacific region.

What can a .ASIA do?

  • Help you reach millions of Internet users in Asia with a combination of global recognition and regional significance.
  • Give your company, organization or event an online identity with an Asian flavor.
  • Protect your brand from competitors who might wish to take advantage of the name recognition generated by your popular .COM.

Register your .asia domains now

CA Cheap Domain Registration Sale!

Perfect for individuals, groups, and businesses located in Canada.

For a limited time offer customers a great price on new, first-year .CA domain name registrations.

The promotional price is just CAD 9.99, so don’t miss out on this offer.

Note: The promotional sale price above is for CAD only. Purchases made with a different currency will be converted to USD 12.99, upon checkout.

Get your .ca cheap domain registration now!

Multiple Products’ Retirement Details

We are retiring the following products on June 2, 2014:

  • InstantPage®
  • SmartSpace®
  • Quick Blogcast®
  • For Sales & Starter Pages
  • Website Protection Site Scanner (more info)

Because this impacts your business, we wanted to let you know about our schedule to complete these tasks.

Retirement Details

March 14, 2014 — The products we’re retiring will no longer be available for sale on your Reseller storefront.

April 2, 2014 — We will email all customers with products impacted by this retirement, letting them know that in 60 days the products will no longer be available in their accounts as of June 2, 2014.*

This email will also include suggested alternatives to the products we’re retiring. You can view the list in our article How do the upcoming product retirements affect me? Before April 2, this article is only visible to you — your customers cannot view it.

Mid-May, 2014 — We will email customers a final notice approximately two weeks before June 2 reminding them about the pending removal of their accounts.*

June 2, 2013 — Customers will receive a cancellation notice of any accounts we remove from our system.*

*These notices will only go to customers who have unused free Website Protection credits, which we offered with Unlimited Hosting accounts and SSLs. We are notremoving any active Website Protection accounts at this time.

Website Protection Details

How we’re handling Website Protection Site Scanner’s retirement differs from the other products.

  • Website Protection Site Scanner will be replaced by a new product called SiteLock in mid-March. SiteLock offers great features customers have been requesting from Website Protection Site Scanner, including the ability to remove malware from infected sites. We’ll have more details about that product when we get closer to its release date.
  • We are not removing any active Website Protection accounts. However, we are removing unused free Website Protection credits on June 2.

Refund Details

When we cancel these accounts on June 2, we will also issue refunds to In-Store Credit for any additional time remaining on their accounts. This will not impact your commission whatsoever.

If you provide your customers our support number, our billing department will be available to assist customers with any issues they have with their refunds.