Freezone for Small Firms

Home

Contents

Introduction
Domain Registration
Email Services.
Web page hosting
Forms and Scripts
Secure Server Support
Ease of use
Technical Support
Costs
Conclusions

1. Introduction

This is one of a series of assessments of various Service providers for hosting sites belonging to a small business. They all follow a common format and end with conclusions on the overall suitability. I have been using Freezone as one of suite of "Free" ISP's almost from when they started. I registered my own domain name through them because, at the time, they were the cheapest by far both for registration and for the annual charges. Since July 1999 all my main email has come through them and they have provided the web space. The links have been fast both for use as a DUN connection, uploading the site or for email. They used Telinco (which is now called Tiscali after a series of takeovers and mergers) as a backbone and for provision of many of their services and the very small number of times they have been down all the other providers using Telinco have also been down. They are now offering a number of packages in addition to the free service which is not advertised for new users but may still be available. These packages offer remarkable value are very suitable for a small business. A very important attribute is that they offer free virus checking of all incoming and outgoing email and trapping of spam even with the free services . They were one of the first to do so and it is included on every email box.

2. Domain Registration

Freezone offer reasonable value for domain registration and their service works well. I had one of the first .com domains they registered - they are more difficult than a .co.uk but they had it up within 24 hours, although, through some communications failure, I had repeated reminders from Internic in the USA to pay for months before Freezone finally convinced them that they had paid on my behalf. Their new system for domain registration looks just as simple.

3. Email Services.

Freezone offer a number of packages. The basic "starter" hosting package at £1.49 per month offers a 5 mailboxes and unlimited aliases which is perfectly adequate to start with. You get more independent POP or IMAP boxes with the more expensive packages (200 with the "Essential" package at £3.99 per month) which I have.

They also have an email only package at 0.99p/month with a FREE domain name which offers:

Up to 50 email mailboxes which are dual purpose POP and IMAP which is extremely useful
2GB storage space
Catch-All Email Account
Unlimited Aliases/Forwarding
Unlimited Auto-Responders
Unlimited Mailing Groups
Web Based Email
SMTP/Outgoing Mail with authenticated option on ports 25 and 587
Mail Security & Management: includes Alias Management, Advanced Anti-spam & Anti-virus Protection on every mailbox.

I use their dial-up connection in preference to others I have available when away from broadband in the UK as it is fast and reliable and works well via a mobile telephone. You do not however need to send emails using their own Network as they provide an authenticated SMTP mail server which I use on broadband at home and abroad although I have noticed a few networks such as Xtra in NZ now prevent use of even authenticated SMPT servers other than their own. There is also an excellent and very comprehensive webmail package for when you are away from base. I have written a new page about Howto Send Email from Anywhere which covers the use and advantages of Authenticated SMTP and use of Freezone when traveling to complement my general page covering Global Communications and Computing which includes some coverage of the Advantages of IMAP Mailboxes which are included as standard with Freezone.

You have a control panel to administer your email account(s) so you can set up the POP and IMAP mail boxes, aliases, virus checking, spam checking and mail forwarding etc as well as controlling your web space. The control panel has recently changed from one provided by Ensim to one from Plesk that is even easier to use.

A very important attribute is that they offer free virus checking of all incoming and outgoing email and trapping of spam. This is not a complete substitute for a good virus checker routinely updated but it is an important first line of de fence as it is likely to be kept up to date on an hourly basis whilst even systems such as McAfee which automatically interrogate for updates are likely to fail to update before the first email collection of the day is complete.

4. Web page hosting

The "Starter" package provides 50 Mbytes web space, a monthly transfer of 1 Gbyte whilst the "Essential" package provides 500 Mbytes of Web space (with 20 subdomains) and monthly transfers of 10 Gbytes/month which should be more than adequate for a small firm. My web space has been very simple to access via FTP and has proved very reliable in operation and offers fast access to the visitor. They have recently added the option of password protecting areas of the site. The instructions are very good on their support pages and I did not need to do any special configuration.

There is a useful free analysis of site statistics (Webalizer) which is part of the hosting packages. It provides a daily and monthly analysis of Hits, Files, Pages, Visits and Kbytes downloaded in both graphic and tabular form. You also have information on the popular pages and geographic distribution of visitors etc. Web site statistics are an important tool in assessing the performance of ones web site and improvements to it and many service providers charge for providing such an analysis whilst here it is free even on the £1.49/month "Starter" package.

5. Forms and Scripts

FormMail - a public script to convert a form to an email

A script is provided for forms even on the "Starter" package which is the well known FormMail. This, like many scripts for forms sorts out and checks all the input fields and emails the results to an address you specify then redirects (jumps) to another page. Formmail is installed in a cgi-bin in a shared area and needs no configuration to make use of it and checks it is being called from a domain owned by Freezone. FormMail uses a number of standard variables (Set up as HIDDEN inputs) for configuration for your own use. It can check that emails addresses which have been input are valid formats and that important fields have been filled in before it will accept the Form and email it on - overall it allows a lot of configuration if required but will also do a good job with just the defaults. Freezone used to provide an example of its use on their support pages which I have slightly modified to demonstrate more of FormMails strengths - the complete code for a page with example form follows.

<html><head><title>Freezone Form Example</title></head><p>
<center><h2> This is an example of a form.</h2></center>
<form METHOD=POST ACTION="cgi-pub.freezone.co.uk/cgi-bin/formmail.pl"><p>
<input TYPE=hidden name="recipient" value="admin@yourname.co.uk"><p>
<input type=hidden name="required" value="name, email"><p>
<input TYPE=hidden name="subject" value="Example web site form" ><p>
<input TYPE=hidden name="redirect" value="http://www.yourname.co.uk/form_response.htm" ><p>
Name:<br>
<input NAME="name" size=35><p>
Email address:<br>
<input NAME="email" size=35><p>
Phone Number:<br>
<input NAME="phone" size=35><p>
Comments:<br>
<textarea NAME="comments" ROWS="5" COLS="30"></textarea><p><br>
<input TYPE="submit" VALUE="Submit">
<input TYPE="reset" VALUE="Erase">
</form>
</body>
</html>

I have only made use of a small number of the hidden variables available in the example above. For more information on FormMail you should visit the author Matt's at Script Archive I you get a response saying that that yourdomain is not the referrers list this means your domain has not been added to those permitted to use the script and an email to support@freezone.co.uk will get it quickly added - it is dome on a server basis they do not always add new servers until needed for security.

PHP Scripting for form handlers on Freezone

Freezone has a very powerful scripting language called PHP available on the "Starter" and upwards packages which is ideal to write your own form handlers. This gives far more flexibility and a much more professional look than FormMail. You do have to take some care however as any scripts which take user input are open to abuse and one has to do some checks to make sure others are not using your script and your bandwidth to send spam. One way this is done by spammers is by injecting extra addresses on the end of the email address they give and central scripts like FormMail carry out a number of checks, even so early versions were abused considerably. It therefore seems appropriate to cover how to use PHP for forms in a reasonably secure manner.

Firstly PHP is very simple to get to grips with. Typing of variables is very weak and you can drop in and out of PHP as often as you like on a web page. There are lots of useful functions with meaningful names and it is well documented at uk.php.net with starter tutorials as well as comprehensive reference material. Perhaps the only unusual thing to note when looking at or modifying my script is that Strings can be enclosed in " " or ' ' quotes but variables which always start with a $ are handled differently in the case of " " the enclosed variables are recognised and substituted whilst with ' ' this does not occur. Try this simple program - put in a file called strexample.php and upload it to your site. Obviously it will not work locally as PHP is server side scripting and runs on your web server to deliver an HTML page to the browser.

php
$example = "Hello World";
echo "In double quotes we get: $example <br>"; // gives Hello World
echo 'In single quotes we get: $example'; // gives $example
?>

If you forget all error checking and security you can do a form to email in a single line of script! The following will send you an email if you put in your details and upload it as a .php file it is however only secure as has all the addresses 'hard wired' so read what follows rather than just try to modify it

<?php mail("someone@yourdomain","Test Message","Hello World", "From: website@yourdomain\r\nReply-To: someone@yourdomain\r\nX-Mailer: PHP/" . phpversion() ); ?>

The following is the 'guts' of the new code for my feedback form for PHP which can be dropped into the body of an HTML page. It is well commented and the PHP functions are mostly self explanatory from their names. You can look them up at uk.php.net - only a dozen or so functions and environment variables are used here which demonstrated the power of PHP. This script carries out some error checking to make avoid being used as a spam relay however the main checking of the parameters should be done by JavaScript on the page from which the form is submitted as there is no provision to correct errors here. It first strips out invalid characters from the form input to prevent hacking. It then checks that the script has not been called directly and checks it is called from a permitted domain. For security all of these are 'hard wired' into the script.

<?php
/* Script Handler for forms on Freezone. */

echo "<center><h3>Form from $email on $feedback_page</h3></center>";

/* Set up for domain checks */

$domain1 = 'yourdomain';
$domain2 = 'yourseconddomain'; // if required
$referrer=strtolower($_SERVER["HTTP_REFERER"]);
$pos1 = strpos($referrer, $domain1);
$pos2 = strpos($referrer, $domain2);

/* Check that the script has not been called directly by checking
 the parameter has been set  */
if (!isset($_POST['email'])) {
	echo "<p>Error - possibly called directly 
rather than from a web page</p>\n";
	}
/* Now check it is called from a permitted domain */
	elseif (($pos1 === false) && ($pos2 === false) ) {
    echo "Not called from a valid domain</p>\n";
	}
/* Then check any other required parameters are set */
	elseif (empty($email) || empty($commentbox)) {
    echo "<p>Required parameters were not completed 
- please use back button and try again</p>\n";
	}
/* and finally check email address is reasonable ie do we have 
alphanumeric characters + an @ sign + a . + only 2 to 4 alpha characters. 
Thanks to tim at rocketry dot org for this code */
	elseif(!eregi("^[[:alnum:]][a-z0-9_.-]*@[a-z0-9.-]+\.[a-z]{2,4}$", $email))
 { 
    echo "<p>$email - This is not a reasonable email address 
- please use back button and try again</p>\n";
	}
	else {

/* Success - write what you are sending to the page then send out the email */

/* This code first converts the string to HTML characters then changes
various forms of line end to the HTML break tag to avoid a spaghetti
output from the form input. It processes \r\n's first so they
aren't converted twice. It then compacts multiple breaks. 
Any Additional backslashes are removed by stripslashes() */

	$str = str_replace( array("\r\n","\n","\r"),'<br>',htmlspecialchars($commentbox));
	for( $i = 5 ; $i >=0 ; $i -= 1 ) {
	$str = str_replace( array("  <br>","<br>  <br>","<br> <br>","<br><br>"),'<br>' , $str);
	}
	$str = stripslashes($str);
		
/* Now write to the page so the form filler has a record */

	echo "An email with your input has been sent with: <p>";
	echo "<b>SUBJECT:</b> Form from $email on $feedback_page<br>";
	echo "<b>REPLY-TO:</b> $email<br>"; 
	echo "<b>CONTENT:</b> $str<br>"; 

/* Finally send the email using mail() */

	mail("you@yourdomain","Form from " . $email . "on" . $feedback_page , $commentbox , 
"From: website@yourdomain\r\nReply-To: " . $email . "\r\nX-Mailer: PHP/" . phpversion() ); 
	}

/* If you use this please acknowledge that this is based on a PHP Script
 provided by Peter Curtis at www.pcurtis.com */
?>

The following code can be added to the page to reduce the chances of the script being cached. It works by generating raw HTTP headers and must be before any HTML at the top of the file even before the <!DOCTYPE declaration. For some reason do not have any /* */ type comments in it or you may lose output!


<?php
header("Cache-Control: no-cache, must-revalidate"); // HTTP 1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Pragma: no-cache"); // HTTP 1.0
?>

My own forms use a generic version of this script which you can use to send me a message if you have any comments or even if you have found it useful.

Saving Forms on the Server

The alternative to sending the output of a form as an email is to put it into a file on a protected area of ones web site to download later, having perhaps notified oneself by sending an email. With PHP, Secure (SSL) web space and password protected private folders becoming more readily available this is an option when forms contain confidential information. Freezone's Plesk servers offer private password protected folders as standard on all the package I use and I have been experimenting with PHP scripts to write files. It is not to a point of providing scripts here but I have found that it is easy in PHP to read .htm files and one can write and append to files almost as easily - including those in the password protected areas - provided that they already exist and that the permissions have been set to read and write for the owner group and other in advance. This can be done using the Freezone Plesk control panel's file manager or ones FTP package if it has the facility (In WS_FTP LE right click on a remote file to get to CHMOD (unix only)).

As far as I can tell one can not create new files or change permissions from a PHP script on the Freezone Plesk servers - a reasonable and sensible restriction on the grounds of security but one which does limit one to 'log' type files where one is appending each form in turn. The other way is to read the file into a string so you can add the new entry at the top and perhaps truncate at a given length.

The functions to look up on PHP.net to start you off are fopen(), fread(), fwrite() feof(), fclose() and the test functions file_exists() and is_writable(). NOTE file_get_contents() is only available on PHP 4.3 or higher and file_put_contents() is only on PHP 5.0 and higher - Freezone uses PHP 4.3.11

Encrypted Files

I have also been looking at encrypting data and the conventional ways using a `command line` call have now been blocked on security grounds and for very good reason. The support staff, in particular Kevin, have been very helpful on a number of occasions and have recently set up some extra facilities for me to try out which I hope will enable me to send the form output as an encrypted email in pgp format without the security issues the methods I had been trialing on my own server. Not many ISPs offer this level of support and I suspect you would have to show you knew what you were doing and exactly what you needed before they could offer this level of flexibility.

6. Secure Server Support

Freezone say they can provide a Shared Secure Server to support credit card transactions etc. I have not tried this out but the usual way it works is that a sub-directory on a Secure Server (https://secureservername.freezone.co.uk/yourdirectory/ ) is mapped to a directory on your site for FTP upload but is accessed directly by the full https:// address in your HTML on your pages (and is also seen in the browser by the visitor) if you have an individual certificate. It is possible one will need ones own cgi-bin for the secure form or Freezone may provide a common one. The cost are £19/year for a shared certificate where the secure space shows assecure.freezone.co.uk/yourdomain/ and £49/year for an individual certificate and fixed IP address.

7. Ease of use

Freezone is extremely easy to register for and get up and running for a small commercial site. I did not need to do any fancy configuration and you could get everything other than forms working on their free web space then transfer across. I was an early user and in my case their Domain Name Server was just pointed at my existing site on one of their servers and the email redirected to my existing mailbox and that was it. 24 hours after registering a Domain Name I could be accessed as both http://www.pcurtis.com or http://www.freezone.co.uk/pcurtis/ and anything@pcurtis.com arrived in my mailbox pcurtis@freezone.co.uk. Now one has easy to use control panels and setup is again very easy.

8. Technical and Administrative Support

I have called their technical support a few times - initially on the free service it cost 50p a minute but it is now on an 0845 number even if you are just using the free service. Even more surprising I have always got an answer very quickly - none of this long holds listening to not so soothing music whilst the phone bill ticks up. The support staff are also knowledgeable and most problems are fixed on the spot. I use the email support on occasion for less urgent matters and turn round is usually less than a day with any technical problems fixed or information provided first time. They also offer a Chat type service.

The Administrative side has made the occasional error in the early days but they have always been very helpful and responsive. They have always immediately acknowledged when they have made an error and apologised - very rare in this day and age. For a long time they left me on an early tariff which offers excellent value whilst allowing me use of the major new enhancements in facilities as they occur. They did not even complain when I dropped back a tariff when their new limits exceeded anything I aspire to for web space and traffic.

9. Costs

The free services are now poorly advertised for new customers although I know of many old accounts which are still honoured, several used as backups by people I support. Freezone Technical Support assured me that the Free email and webspace service is still available via http://www.freezone.co.uk/signup/ - I think they have done very well out of that introduction and have may loyal customers now using their full services. The basic "Starter" business package has however now fallen to £1.49 a month plus VAT and currently includes registration or transfer of your Domain Name. Most businesses will be able to use that initially and the next package, the "Essential" that I have is £3.99 a month offers enough for quite a reasonable size firm, it even has a MySQL database. I get over a thousand visitors per day and only use 20% of the bandwidth and web space limits that package offers. Secure transactions will cost circa an extra £19 - £49 a year when you need them and £14.99 a year gives you full Ecommerce with shopping carts and all with free support. I have been with them for 8 years which is a long time in the internet game.

10. Conclusions

I have been very pleasantly surprised so far with Freezone. I originally saw it as a cheap way to register a Domain Name and to eventually move to a different host. I have seen absolutely no reason to move away and Freezone has grown from being a small free ISP to being a full provider for businesses. The I asked they told me they had 12,000 business sites as well as 100,000 free users registered and a staff approaching 50 but as yet I do not see any of the problems of fast expansion which plague others and one can still get personal attention when required. The access, email and web space has been available for a very high percentage of the time over the years I have been using them as my prime ISP.