FAQ IT/Security/URL

1. What’s the recommended way to use my custom domain for my event site?
2. Can I use URL forwarding to my site?
3. How can I make my custom domain redirect to my auction site?

A: Unfortunately, due to SSL certificate limitations (e.g., the use of https:), it is NOT possible to use a CNAME to point directly to your event site. While it's technically feasible to obtain a separate SSL certificate, this would require a dedicated IP address for your event site and reconfiguration of network hardware—steps that are not supported within our current hosting environment.

Instead, we recommend using URL forwarding with your preferred custom domain. Most domain registrars offer a forwarding service that will automatically redirect visitors from your custom URL to the actual URL of your auction site.

An added benefit of using URL forwarding is flexibility—once your event ends, you can easily reuse the same custom URL for future events by simply updating the redirect to point to your new event site.

1. Do you store credit card information in your database?
2. Are backups encrypted or protected?
3. How do you back up customer data?

A: Your data is always accessible through the report export feature on your website. You can customize your reports to include exactly the information you need and save them as CSV files. This flexibility allows you to perform advanced reporting using your preferred tools or to easily migrate your data into donor management systems or other fundraising software.

Our Data Backup Policy:

To ensure your data is secure and protected, we follow a robust multi-tier backup process:
 

1. Our databases use transaction logging, enabling recovery up to the last recorded transaction in the event of an unexpected system failure (such as a power outage or reboot).
2. We back up the database every four hours on the local server. These backups are compressed and encrypted for added security. Please note, we do not store any credit card or financial information in our databases. We keep seven days’ worth of these backups locally for quick recovery or forensic review.
3. A redundant standby database server continuously mirrors the primary database. This standby server also creates local backups every 20 minutes to ensure data redundancy.
4. We perform daily offsite backups of all databases and websites to Amazon S3, providing an additional layer of protection.
5. Prior to any large-scale data changes—such as imports, migrations, or restorations—we create a local backup of the specific event data tables. This enables us to roll back only that event’s data to a point before the change, if needed.

All customer images are securely stored in the cloud using Amazon S3 and delivered through their CloudFront edge caching service. Since image data is less critical, we rely on Amazon’s backup infrastructure to maintain its safety.

If you have any questions about your data or backup procedures, please don’t hesitate to reach out—we’re here to help!

1. What happens if one of your servers goes down?

A: Thank you for your thoughtful questions—we truly appreciate your interest in our infrastructure. We're considering adding a page to our documentation that outlines our server setup more fully, and your inquiry helps reinforce the value of that.

Here’s an overview of our current setup:
We operate in a co-located environment with both redundant application and database servers. At the moment, these servers are configured in a passive failover setup. However, we’re in the process of expanding our server capacity. This week, we’ve installed additional servers (currently undergoing testing) that will be deployed in an active/active configuration, enabling continuous availability with minimal or no disruption during failovers.

In terms of data safety, we maintain on-site backups as well as off-site backups using Amazon S3. In the unlikely event of a catastrophic failure, we have the capability to resume operations using Amazon EC2 or another remote solution.

We’re co-located at Alchemy Communications in Los Angeles, a professional data center that provides:

• A/B redundant power
• Multi-homed internet connectivity through diverse fiber paths
• Access to a secure dark fiber ring with failover across alternate sites

To date, we’ve never had an unplanned outage. We typically provide at least 48 hours' advance notice for any scheduled maintenance, which we aim to perform during low-traffic periods (usually late Monday or early Tuesday mornings). Once our active/active configuration is fully live, maintenance will be even more seamless, with no interruption to customer access.

Event Connectivity Tip
While our system infrastructure is robust, one common challenge customers face is connectivity at the event venue itself. We strongly recommend:

• Testing your venue’s internet connection well in advance
• Having a backup connection, such as a 4G/5G hotspot or mobile modem
• Ensuring you have the tech contact’s number for your venue on hand

In case of connectivity loss, it's always a good idea to have printed guest and item lists as a backup. This allows your team to continue with check-in, purchases, and check-out on paper and enter the data later. We also suggest collecting reliable contact information (email or phone number) from attendees at check-in, so you can easily follow up post-event if needed.

We hope this information is helpful and reassuring. Please don’t hesitate to reach out with any further questions—we’re here to support your success every step of the way.

1. Why is the from email address on emails sent from my site showing Schoolauction.net?
2. Why are we receiving emails from different @schoolauction.net addresses?
3. How can I change the from email address on emails sent from my site?
4. How can I ensure schoolauction.net emails don't go to spam?

A: Our system-generated emails are sent from specific addresses, depending on the type of notification:

Our system-generated emails are sent from specific addresses, depending on the type of notification:

• notification-oa@schoolauction.net – Used for messages from the Online Administrator
• notification-dn@schoolauction.net – Used for Donation-related communications
• notification-co@schoolauction.net – Used for Checkout notifications
• notification-general@schoolauction.net – Used for general or unspecified communications
• do_not_reply@schoolauction.net – Used for automated messages that do not accept replies

To ensure important emails reach your recipients, we recommend adding these addresses to your email whitelist or safe sender list.

You can also manage the “From” addresses used for your guest communications under:
Admin > Site Settings > Customize Your Site > Email/Text Messaging > Email "From" Addresses.
 

1. Can I edit my event name in my site’s URL?
2. How do I update the URL to reflect my new event name?
3. Why can’t I just rename the existing URL?

A: Changing your URL requires some effort, but it's possible under certain conditions:

Your base URL contains a subdomain (the organization nickname chosen when you first signed up) and a path (/event name):

http://nickname.schoolauction.net/auction2023

Neither can be edited after creation but, with effort, a new account and/or event site can be created. This is reasonably easy when you are between events - but extra steps are required to merge data from an existing site to a newly created account and/or event site.

If you would like to create a new account, we can merge your existing account to the new one with the desired URL. Be aware that this will NOT change the base URL of any existing event sites, but all sites created under the new account will display the new URL.

If you would like to create a new account: 
1. Start a new Free Trial Site here: https://www.schoolauction.net/
a. You will be asked for an email address. If you use the same address as the original account, you will need to provide the password. This will allow your current account manager credentials to be used on both sites.
b. This process requires you to create a new event as well - you can reuse the same event name or create a new name - as desired.
c. Specify the name you want to show in the new URL in the Org Nickname field. This form shows a preview of what your new URL will look like. . .

2. Once the new account is set up as you desire - let us know and we will merge the two accounts for you.

3. If you have an existing event site that needs to be merged into a new site with the desired URL - specify both the old and new URLs.

If you would like to keep the existing account name but create a new event name:
1. Create a new event site with the desired name: Creating a New Event

2. Once you've created your new event site, you should migrate any settings and data from your old site that you'd like to keep. Migrating (Copying) Settings and Data From a Previous Event Site + Video

3. Contact the support team to let us know you are ready to have the old site with the incorrect URL deleted. 

Note: You will no longer have access to anything on this site once it is deleted so make sure you have migrated any/all information you are interested in keeping.

This process ensures you can manage your URLs effectively and align them with your organizational needs. If you have any questions or need further assistance, please feel free to reach out to our support team. We're here to help!
 

1. How do you ensure our auction data and transactions are secure?
2. Is SchoolAuction.net PCI compliant?
3. How can assure my guests that vaulting a credit card through our site is safe?

A: At Tofino Auctions and SchoolAuction.net, we take security seriously. 

Our auction management software is carefully developed and continuously maintained to meet all PCI compliance standards set by the credit card industry.

Additionally, we do not store any credit card information on our servers or on your devices. All payment details are securely transmitted and—if needed—safely stored by your selected credit card gateway provider.

Your data security is a top priority.

1. Can I get a short URL for my auction site?
2. How can I shorten our site URL?
3. How do I request a redirect using a short URL

A: Using "framing" or "domain masking" to overlay another URL on your auction site can cause several issues. Since most pages on your auction site are secure, masking the domain name may trigger security warnings for your guests, which can be inconvenient.

What does work effectively is domain forwarding. You can log in to your registrar's system and adjust the settings so that your new "friendly" domain name redirects visitors to the URL of your auction site without masking it. This way, you can still use your preferred domain name in all your marketing materials. When people type it in, it seamlessly directs them to the full site URL.

To see how this works, click on this link: schoolauction.help. 

This URL forwards you to support.tofinoauctions.com, maintaining a clean and straightforward user experience. Typically, users don't pay much attention to the address bar after the initial redirect.

Additionally, we can set up short URLs that also redirect to your site from domains we manage, such as:

• bid-here.net
• attendthis.org

These short URLs would include a slash and a unique code after the base URL, like attendthis.org/oacc17.

Just let us know if you want to go that route.
 

1. Why does a user see a security warning when I share a link to the event site?
2. Why can't some users access pages I've sent them?

A: Rest assured that your event site is equipped with the necessary security measures and holds current certification.

Users may encounter a security warning under the following circumstances:

• Entering www. before the site URL: The security certificate is valid for your site's specific URL, which does not include www. Please ensure all promotional materials and links do not contain www. Some older versions of Internet Explorer may automatically insert www.
• Attempting to access unauthorized pages: This occurs when an Admin/Chair mistakenly shares a link to an admin page that the recipient does not have permission to view.
• Using framing services to alter the URL: Framing services redirect traffic from a "friendly" URL to a different one. However, such practices are viewed suspiciously by security tools and may trigger alerts, potentially blocking certain actions. Event sites cannot be framed as it disrupts functionality across multiple pages.

We strive to maintain a secure environment for your event site. If you have any concerns or encounter these issues, please reach out to us for assistance.

1. Can I shorten my site URL?

A:While the URL of your site cannot be changed directly, you can utilize a service that allows you to create a shorter, customized URL for redirection to your site. We recommend using Bitly, a service that simplifies URL shortening and customization.

Here's how you can proceed:

1. Create an Account: Visit https://bitly.com/ and sign up for an account.
2. Shorten Your URL: Follow the prompts on Bitly to shorten your URL. You'll have the option to customize the shortened URL to suit your needs.

It's important to note that not all URL redirection services operate in the same way. Services using domain framing may inadvertently disrupt certain functionalities of your site, albeit not immediately noticeable. Therefore, we recommend Bitly as a reliable option that has been successfully used by others in the past.