Web Hosting

How And When To Offer SSH Access To Your Customers

If you’re running on a Unix or Linux server, then you likely access your files systems via SSH on a daily basis. However, this might be well and fine for an administrator like you, but should you also be offering the same access to your customers? SSH is particularly vulnerable to attacks by unwanted intruders, and by giving out that kind of power on a limb you may be greatly compromising the security of your system.

The need for SSH access largely depends on the kind of services you’re offering. Giving customers that level of connection puts them as close to administrator status as they’ll ever get. Also, giving each user a secure password makes it that much easier for a hacker to gain access to your server: With that many backdoors left laying around, you’re only increasing the likely hood of an attack.

That being said, telling customers flat-out that you won’t offer SSH access may alienate a large portion of the available market. If you have a consumer that demands this kind of connection, then it’s best to cave. However, be sure to follow the tips below to ensure your server remains secure, even with the risks involved:

1. Jail Your Users: If you are granting users SSH access, be sure to jail each of those sorry saps to their home folders. This way they cannot easily see the other files laying about your server, and aren’t likely to accidentally tamper with any of them. Likewise, this makes a truly unfortunate break-in less of a concern, as any hackers—armed with nothing but a security code—will be no better than the user himself.
2. Setup A New Port, Sailor: By default, SSH travels through port 22. Be sure to change this, at least for your users, that way common exploits cannot be turned against. It also prevents hackers from gaining the same access as you’ve got—a truly tragic situation, and one you definitely want to avoid!
3. Don’t Put-Out By Default: As mentioned, only offer SSH services when a customer requests it. It’s simple enough, and will save you a lot of headaches that never use, nor want, the service.
4. Insist On Country Strong Passwords: Make your users have secure passwords, and don’t hesitate to reject weak ones. Likewise, have your consumers change their security codes often. Don’t be afraid to exert your status as server master, and insist that they keep up with a monthly regime of code changes.

Enkompass: A Windows Control Panel For The Masses

So, you finally bit the bullet: You gave in and used a Windows-based web host, contrary to the popular, Linux-oriented hosting. Before we say good for you, though, we just want to point out one sad fact—there aren’t many quality, Windows-ready control panels out there for managing your new content. At least, there aren’t many as easy to use or as user friendly as you might like. Thankfully, though, there are a few, and one of our favorites (Enkompass) is even the brainchild of the same developers that brought you cPanel/WHM.

Enkompass is easily one of the best control panels around for your Windows-based server. If you’re looking for a fresh face to add to your account, you could certainly do a lot worse. We aren’t here to sell you the software, but we will tell you what we like about it. Starting with the following:

1. It Looks Like cPanel, Smells Like cPanel: Like we said, Enkompass comes straight from the guys that made cPanel, one of the easiest to use and most familiar control panels around for UNIX-based servers. With that in mind, if you’re use to cPaneling your servers, you’ll instantly be at home with Enkompass. It looks and behaves about the same, making it an easy transition from one to the other.
2. Plays Well With Others: Reason number two is simple—Enkompass works well with other utilities. For instance, it plays like a good kid with Windows Server 2008 and Microsoft IIS7 Server. Not to mention full support for MySQL and Microsoft SQL Server 2005-2008. It also takes full advantage of Active Directory, providing enhanced scalability.
3. Scripting? We Got Loads Of It! Another reason we like Enkompass is its compatibility with a wide variety of scripting platforms. This puppy can handle .NET, ASP, PHP, Perl, AJAX, Silverlight, XML, and others, making it an all-one resource for the coder in you.
4. You Get The Literature: The last reason we think Enkompass is just wonderful has to do with its documentation. As a cPanel port for Windows (more or less, don’t shoot us Windows server geeks!) you still get access to the wealth of troubleshooting literature available for the Linux edition. Because both services behave more or less the same, the communities are entirely integrated, allowing you to take full advantage of already existent resources.

Choosing The Right Linux Distro For Your LAMP VPS

Running a LAMP VPS on your server means needing to pick the perfect Linux operating system to go along with your server space. It’s a tough decision, and considering almost every expert you talk to will send you to their favorite distribution, you can very quickly end up going nowhere fast. We understand your plight, though, and before you dive into the wild forest that is Linux Land, let us guide you toward making an informed decision.

We’ll cover four of the larger Linux distributions, each of which you’re likely to be recommended to by an industry professional. For our full guide to choosing a distro, check below.

Frst Off, What is CentOS and RHEL?

Essentially, both CentOS and Red Hat (or RHEL) are the same version of Linux. They both operate on the same kernel version, 2.6.9, and both are available as open-source software through the GNU Public license agreement. However, the first difference between the two is that CentOS can be had for free (as in totally free) whereas Red Hat comes with a mandatory support bundle that costs a small chunk of change.

Other than that, there’s not a lot of face-value difference between the two. Purchasing Red Hat earns you a spot on the stellar Red Hat Network, providing over-the-phone or internet-based tech-support anytime you so desire. Both come with over-the-air updates, but there’s currently no official CentOS support. Essentially, if you’re looking between the two, you’ll want to consider how important cost and tech support are to you, as both offer stellar editions of only one.

Debian vs. Ubuntu — Prize Fight

Debian and Ubuntu share a lot in common: Ubuntu is essentially a derivative of Debian Linux, while both services offer a GNOME-based desktop environment. However, they both also support KDE, as well as a few other Linux environments. That being said, Ubuntu has taken the time to customize its interface with a few graphical extras, while Debian is essentially just a vanilla view of Linux.

The largest difference between the two comes during their installation. Common wisdom dictates that Ubuntu is the easiest to install, as it supports a mostly automated process that does all the hard work for you. However, Debian is only complicated if you make it: The installer allows for customization at every step, but there’s also an automated manager if you’d prefer it.

Are Search Engine Optimization Companies – Worthy of the Cost?

Search engine optimization is a true example of the modern cyber economy, in a way that can seem unreal if you think about it for too long.  It’s sort of the 21^st century equivalent of a gold rush: companies fight tooth and nail to get the very best “land” available, even if that land is nothing more than a few 0s and 1s on a machine thousands of miles away from them.  Land which constantly shifts by someone else’s directive.  Land which looks different depending upon how you look at it.  Land which can suddenly be yanked out from under you without you knowing it.

Seems a touch hallucinatory, doesn’t it?  You might feel the desire for something of a technical shaman to guide you through this wonderland.  But do you actually need one?  There isn’t an easy answer to this question.  Let’s try to summarize the arguments for both cases.

The argument for “yes”

The important thing to remember about search engine optimization is that it is a continually evolving cat-and-mouse game.  Like playing the stock market, there cannot by definition be any one way, because if there was, everyone would be using it, and you’d have to find something new to one-up everyone.

This, combined with the increasing rate at which search engines change their algorithms, and the eternally growing size of the web that they are indexing, make it harder each day to keep up with the Joneses.  This is an effort that you could work at every day if you wanted to, which means that it’s also a job you could pay someone else to do.  Let’s not forget also that there are “white hat” and “black hat” methods, meaning methods that are considered fair and unfair play, and not knowing the difference can in worst-case scenarios result in your site being blacklisted.

The argument for “no”

You should be relying on far more than search engine results to drive traffic to your site anyway.  While all of the above will constantly change, what won’t change are links to your site that customers/users can reliably use to find you: add in old school advertising to that list as well.

Moreover Google and other search engines have for some years been giving personalized results, meaning that there’s no one right measure anymore of how your site does in various searches: while a company can simulate this by pretending to be multiple users with different preferences, this is a lot of work for quickly diminishing returns.

Then remember that your site will naturally fluctuate in the ranking no matter what you do, and that not all traffic to your web site becomes paying customers (or whatever equivalent is important to you).  You need to try to estimate just how much extra traffic you’re getting, how much that is resulting in extra business, and whether or not the amount you are paying for this higher ranking is worth it (and how much higher is it?  Be sure to check yourself now and then).

There’s no good answer to this: Google has become one of the prime economic forces no matter what your business is, and other search engines like Bing only add to this importance, as well as the difficulty in doing it yourself.  This is a tricky one.  Take careful stock in the differences in your traffic, do the math, and remember that in the end, there’s still no substitute for just having a quality web site that represents a quality business.

A Look at Dirt Cheap, Quality, Web Hosts

Ah, cheap web hosting, how you please us so! It’s every webmaster’s dream to find a host that’s high on quality, and very low on price. There are a few out there, but sifting through the wave of terrible (but oh-so-cheap) hosts can be quite the mess. We understand your woes, though, and to help you along, we’ve compiled this short list of some of the best and cheapest web hosts around.

Host Papa

Nothing perks up our interest quite like the word “unlimited.” Unlimited bandwidth, unlimited transfer, unlimited storage space, and unlimited potential. Life without boundaries is a blissful existence, and thankfully, Host Papa offers just that.

If you’re looking for cheap web hosting, it doesn’t get much cheaper than Host Papa: The service clocks in at $3.95 a month, making it one of the lower-priced offerings around. For that money, though, you’ll get unlimited everything, plus a ton of ad credits with popular search engines (including Google and Yahoo) and enough MySQL to choke a horse. It’s bargain-priced, effective, and uncapped—sounds like a deal to us!

WebHostingHub

This one’s another site to throw under the cheap, reliable, and with great tech support category. WebHostingHub costs about the same as Host Papa, coming in at just under $4. The site also offers unlimited disc space and bandwidth, which is a nice touch. There’s also an instant set-up feature that comes complete with a free domain name. Not to mention round-the-clock tech support in case your site explodes during the night. It’s yet another cheap and quality offering, making WebHostingHub easily worth a look!

 HostGator

Love it or hate it, HostGator definitely qualifies as a cheap and professional-grade web host. This legendary service claims to host over 5-million domains, and it’s got the lineage to prove it. Plans start at the dirt-cheap $3.71 a month level, offering several different flavors of unlimited. Among these include unlimited bandwidth, unlimited disc space, and unlimited email. There’s also $100 Google Adwords credit, heaps of site-building utilities, and an easy-to-use cPanel interface.

That’s it for our list today. There are plenty of other cheap and quality web hosts out there, though, and our compendium is far from a totality! Just remember to always do your homework, and to not be snookered by a too-good-to-be-true price. Do the research, and you’ll be just fine: Especially if you use one of our recommendations.

How To Deal With A Possible Intruder On Your Server

You’re cruising through your server’s inner network one fine day, when all of a sudden you notice an unfamiliar name accessing your files. This user may have come through SSH, or any other access method, but no matter the entry port, you certainly don’t want them accessing your files. Before panic sets in and you find yourself pulling the plug on your hard-earned hardware, use the following steps to first ensure that you do have a hacker onboard. Only when you’ve made certain should you blow the whistle—remember that neither customers nor colleagues appreciate a Boy Who Cries Wolf.

Did You Forget A User?

Think about it: Did you create a user with this designation, and then forget about it as the seasons rolled by? Perhaps you left a user behind a long time ago with a weak password, or just haven’t seen this user log-in for a while, and are now experiencing an uncomfortable case of deja vu.

Is This An Authorized Robot?

Remember that many of your other servers, such as your database server or your web server, operate within the system as “false” human users. There are also several different services running under the hood that do their jobs in this manner. Before freaking out about a human intruder, check the designation of the “hacker.” If it’s something similar to nobody, noname, sys, or apache, then you’ve not got a problem, just a working robot. If you’re unsure, but think the user might still be a script, do a quick Google search for the user’s name.

 What Are They Doing In There?

The next step is to check what the user is actually doing: Are they running a script or program you’re familiar with? This is where things start to heat up, in a software sense: If the user is running a standard application like Apache, then don’t worry your pretty little head. However, if they’re operating a script you’ve never seen, it’s time to do a bit more digging—you may actually have a real intruder on your hands.

 What To Do If Nothing Else Has Worked

If you’ve come this far, then you might genuinely have an intruder on your server. If so, the root user is the only one with the ability to create new accounts. With that in mind, check your root password and account for changes: Plug-ins and extras you have installed may also grant accidental access to the superuser. You may need to hire a security expert to check out your system, if there’s no obvious infiltration.

Drupal – An Essential Primer

While not quite the most commonly used content management software package in existence, Drupal is certainly one of the most popular.  One estimate states that it is used as the backend for 1.5% of all of current websites worldwide.  The beginner user who is wondering whether or not to use Drupal could use a quick primer of the essential elements of Drupal. Continue Reading »

IPv6: What it is, and What You Need to Know

We seem to be living in an era of ticking timebombs of one variety or another.  One of the ones that has caused serious concern in the tech world but is almost unknown outside of it is the exhaustion of IP addresses using the old IPv4 model.  At first this seems amazing.  There are 2³² addresses in IPv4, equal to more than 4 billion available.  Then again, when you consider that there are approximately 7 billion people in the world, maybe it’s not so amazing.

Learning from the lessons of previous timebombs (remember that little Y2K scare?), IPv6 supports a whopping 3.4 x 10³⁸ addresses, or about 340 billion billion addresses (340 undecillion, for those of you who want to impress your parents).  That should hold us for a while.  It appears through a few tricks that we’ve avoided the worst of the predictions regarding address exhaustion of the old system, and universal acceptance of IPv6 appears ready to begin at the start of the year.

The beginner webmaster trying to weave their way through this gobbledegook may wonder exactly what this all means for them.

For once, the answer you wanted to hear

In general, for you this means nothing.  These changes are mostly taking place in the “wiring under the board”, so to speak.  All of the systems that need to be modified in order to make way for these changes are already occurring, or have already occurred.  Operating systems have been including support for this change for a long time, with Windows support going all the way back to Windows 2000.

Last year a number of major web sites held a “World IPv6 day”, and the results were promising.  This appears to be one area in which, for the most part, the problem was identified in time, and the solution proposed and implemented with no significant disruption.

So really, nothing at all?

Well, do make sure that you aren’t using any IP addresses anywhere on your web site.  Consider this a good opportunity to remind yourself that this is a bad idea to begin with.  IP addresses change all the time as it is, mathematical constraints or not.

Also note that this will change some of your security protocols.  Not only will you have to update all of your web and email filters, but at least one company is predicting that blacklists will become obsolete entirely.  With that many IP address, the thought is that individual IP addresses to hackers will become like cheap store bought cell phones to various types of ne’er-do-wells: a disposable tool that will make tracking far more difficult.

In general, it’s a good idea to keep an eye on the tech world at the start of the year to make sure that the unforeseen consequences to this change aren’t anything that affects your little corner of the web.  New developments always have a way of doing that.

So then why did you tell me all this?

Nevertheless for the most part, this is one that you can leave to the “experts.”  So why did we even bother writing about it?  Well, it is a big change on a technical level, which means that it’s one that you’ll hear about more and more as the switchover time comes closer.  So since you’ll probably be curious, doesn’t it make you feel good for once to be told that you don’t have to worry about it?

Linux Server Logs Explained

It’s a jungle out there, and when things go wrong in web hosting, they often go terribly wrong. It’s a tragic fact of life that not all technology is full-proof (or fool-proof) but just because you’ve encountered a problem doesn’t mean it’s the end of the world. In fact, with the handy help of a little bit of Linux log files, you’ll soon have your system right as rain!

What Are Log Files?

Log files are essentially transcripts of all the processes that are run underneath your operating system. They track what scripts are initiated, as well as how each initiation goes. If there’s an error that occurs, the log will say what kind of error it was, when it occurred, and what process caused the issue. A good way to think about logs is to imagine them as tiny memos for meetings within your operating system. They function in a similar manner, and they’re every bit as helpful.

The logs we’ll be talking about here are standard for most Linux operating system varieties—If you’re using a Windows-based server, you’ll have to look elsewhere for information specific to your platform. However, no matter what Linux branch you’re running, you can expect to find most, if not all, of the files we mention. This is inherent to the way the operating system is constructed, and is yet another boon for using Linux on your servers.

Where Are The Logs, And What Do They Do?

All of the log files we’ll be mentioning can be found under the /var/log section of your hosting Linux server. Within this directory, you’ll see a number of files, including the following, which we’ll explain:

boot: This here’s the log file for every time your server has been booted. If you’ve recently needed to reset or reboot your hardware, and encountered an error during the process, check here to find out exactly what went wrong.

daemon: A daemon is a specialized script that runs in the background without your input. This file shows you exactly which daemons have been called recently, as well as how they’ve been performing.

auth: This is an important one. Within this log you can track how many times users have connected to your server, as well as when they did so. More importantly, you can track how many times a user failed to log-in correctly, helping you keep an eye open for any unwanted intruders.

Apple iPhone 4S vs. Blackberry 9900

The Apple iPhone 4S and the Blackberry Bold 9900 are currently in competition with one another. Some people argue that the iPhone is better while other people argue that the Blackberry 9900 is better. Each individual has their own specific preference when it comes to these phones. Both of these phones have a lot to offer the average users. From different apps and features, it can be hard to choose which of these phones is the better option. The Apple iPhone 4S is considered to be the best phone that Apple has come out with while the Blackberry 9900 is facing the same reputation as well. The best way to decide which of these phones is better out of the two is to determine what types of features each product offers along with the price of the product. Below are just some of the features that come along with the Apple iPhone 4S.
Continue Reading »

Cheap VPS hosting – Considering the Top 5 Options

Virtual Private Server hosting is one of the hottest current trends in web hosting.  Although the technology is still a bit young and there’s still a lot more efficiency to be garnered, its popularity is causing it to be one of the fastest growing segments of web hosting. Thus, many hosts are now willing to offer VPS hosting at greatly reduced rates.

As always cost should be one of only many factors one takes into account when making an important business investment, especially with a product as new as this.  Nonetheless, our economy often demands that we do it cheap, and so if you are one of the people who needs to cut costs, here are a few hosts that can give you a quality VPS hosting account without wrecking your checkbook.

1) HostGator

$15.96 per month for VPS hosting is very hard to beat. Many web hosts have shared hosting accounts that cost more than that.  HostGator is one of the oldest web hosts around, meaning that they have the years of technical experience necessary to guide them through these early years.  Considering that such a major technology presents with it significant potential security concerns, this is no small deal.

2) 1and1.com

1&1 is one of the legends of web hosting, so it’s no surprise that they’ve managed to get into the VPS hosting game, and get into it cheaply.  Their “Virtual Server L” comes at $29/month, and their web page goes into extensive technical detail about what comes with your semi-server, including more 1,024MB of RAM and a terabyte of monthly traffic.

3) Superb

It seems that all of the cheapest VPS hosts are also some of the oldest.  Superb offers a number of VPS solutions, the most economical of which clocks in at $25/month.  The Linux plans guarantee the user a certain amount of CPU units per month, and 4 different Linux operating system variants, not counting that each of them come in either 32-bit or 64-bit.  Windows servers offer the same for Windows 2003 or Windows 2008 servers.

4) Galaxy Visions

Galaxy Vision’s VPS plans start at $29.99 for Windows VPS accounts and $34.99 for Linux VPS accounts.  This gets the user an impressive 50GB of space (high for a bottom-level VPS account) and a guaranteed CPU rate of 500 MHZ.  They also claim to offer “Unmetered Premium Bandwidth”.  We’re always a bit skeptical of “Unlimited” promises, especially on a VPS account (which by its nature is shared), but for this kind of deal it’s certainly worth looking into.

5) myhosting.com

myhosting.com brings us back to the very inexpensive end of the spectrum.  Their lowest plans start at $15.95 and allow you to specify certain account level features.  If you need something a little more pre-configured their Developer VPS and Business VPS plans are available for $18.95.  All of these plans come with a good list of supported software features.

Expect this to be the trend. As VPS becomes more and more the rage the price will continue to drop and many hosts will join these ranks.  Still if you want to take advantage of this now, the above mentioned are solid hosts that should be able to deliver for the price.