Looking for suggestions for hosting setup

Forums › IT Pro and developers › Looking for suggestions for hosting setup

pruneyone

3 posts

Wannabe Geek

# 107510 13-Aug-2012 13:26

Hi All,

I'm looking for some suggestions.

I have a web design business and have about 20 customers currently hosting with me.

I used to have a reseller account with a certain hosting company. But they had people hack into the server a couple of times and all of my customers websites went down for a day or so.

After that, they recommended that I get a dedicated server with them so that it wouldn't happen any longer. So that's what I did.

However, recently someone has hacked into one of my websites and was sending spam. This resulted in the server getting blacklisted and many of our users could no longer send emails.

I'm starting to get really frustrated with this. I need to be able to offer my customers reliable hosting.

I'm really looking for suggestions for what a good setup / provider could be for me. All I want is for my customers to have their websites running all the time. I'm not sure if a dedicated server is right for me or whether I should be using something else.

I would try a reseller plan from another (supposedly more reliable) company but am wary about having the same problems. What happens if someone hacks into a website on reseller plans? Does everyone's account go down or just the website that got hacked into?

Cheers
Pruney

mattwnz

15269 posts

Uber Geek

# 671801 13-Aug-2012 13:32

That is the trouble with cheap hosting, and reseller plans can be a problem as the main host doesn't have direct control over what websites their reseller is setting up. Are you saying that their server is getting hacked, and theevery single website in your reseller plan is then getting hacked too as a result, or are they all using the same CMS that is getting hacked?
You may be best to host each website independently. Maybe you should list the specs you need for each website. PM me as I maybe able to suggest the host that I use.

Also someone hacking into your 'website' is most likely to be a problem with your website, and not with the web host. Unless you keep your website upto date with the latest security updates, it may get hacked into. A dedicated server would make no difference in this case.

You will also want a host that does decent backups. The cheap ones tend to do only daily or weekly ones, which aren't any good if the backup gets overwritten after you have been hacked.

The other thing you may want to do is to get your clients to signup to the web host directly, so you don't have to worry about providing support for hosting problems. eg Shift the support responsibility to the host. Although if it is your websites code that is getting hacked, then they will shift the responsibility back to you.

Ramsu

45 posts

Geek

# 671806 13-Aug-2012 13:35

The problem with a few shared hosting environments (like you might have had), is that all the website files and directory structures are owned by the same user and permissions, so if one website gets hacked into, effectively all other websites on that same server are at risk.

I highly recommend using a hosting provider who separates each website with its own permissions.

We run Fast-CGI PHP together with SuEXEC for our hosting server environment, which means each website runs under its own user, with its own permissions.
So if one website was hacked (due to an insecure PHP script), then no other site can be effected.
We carry this method across shared, reseller, and virtual private server hosting.

Also I would suggest looking at alternatives such as a managed Virtual Private Server (VPS) instead of a Dedicated Server, where you may not need all the excess resources in your own server.

freitasm

BDFL - Memuneh
64959 posts

Uber Geek

Administrator

Trusted

Geekzone

Lifetime subscriber

# 671809 13-Aug-2012 13:41

Moved to correct sub-forum. Please use correct forum folks!

My technology disclosure | Digital Transformation | Enterprise Content Management | Customer Relationship Management | Data Insights, Business Intelligence and Advanced Analytics

Zeon

3506 posts

Uber Geek

Trusted

# 671812 13-Aug-2012 13:46

Usually what happens is that the hackers will scan for servers until they find one with a security hole, usually as a result of not keeping up with security updates for the OS or web server. They thus exploit the hole for every site that is on that server. In most cases the file system permissions stay in tact and keep each site separate but because they hit every site......

Running your own dedicated server isn't probably a great option as you won't be proactively monitoring it as its not really your core business. This you have found after you were being used as a spam source and only found out after you were blacklisted - that would be something that would be picked up pretty fast with proactive monitoring of your send queues etc.

Reseller hosting with a reputable company is probably your best bet - unless you have a management contract alongside your dedicated server.

Speedtest 2019-10-14

mattwnz

15269 posts

Uber Geek

# 671823 13-Aug-2012 14:00

Ramsu: We run Fast-CGI PHP together with SuEXEC for our hosting server environment, which means each website runs under its own user, with its own permissions.

I think most hosts now do this on their linux plans, at least the better ones.

Ramsu

45 posts

Geek

# 671826 13-Aug-2012 14:03

mattwnz:
Ramsu: We run Fast-CGI PHP together with SuEXEC for our hosting server environment, which means each website runs under its own user, with its own permissions.

I think most hosts now do this on their linux plans, at least the better ones.

You will be surprised by some outfits still do run servers that are years old with insecure setups, bad permissions, etc.
I know this from comments that people make when transferring to us.

pruneyone

3 posts

Wannabe Geek

# 671834 13-Aug-2012 14:23

Thanks for all your replies.

That is the trouble with cheap hosting, and reseller plans can be a problem as the main host doesn't have direct control over what websites their reseller is setting up. Are you saying that their server is getting hacked, and theevery single website in your reseller plan is then getting hacked too as a result, or are they all using the same CMS that is getting hacked?
You may be best to host each website independently. Maybe you should list the specs you need for each website. PM me as I maybe able to suggest the host that I use.

Initially on the reseller plan it was someone else's site that was getting hacked... if I remember correctly an old OScommerce installation. That resulted in all of the users on the server going down. All of my websites are custom installations using a framework.

I was thinking about doing them independently. But thought costs could add up pretty quickly.

Running your own dedicated server isn't probably a great option as you won't be proactively monitoring it as its not really your core business.

Too true. Is reseller hosting typically monitored for suspicious activity? One of my customers alerted me to the problem during this last episode.

I have looked at VPS hosting on openhost.co.nz - They say...

To use a VPS you should be familiar with administering Linux servers. If you require a managed service, where we look after services such as mySQL and Apache please use our shared web site hosting.

...

I'm not familiar with administering linux servers so it sounds like reseller hosting on shared servers could be a good option. Any suggestions for good companies?

Cheers
Tom

mattwnz

15269 posts

Uber Geek

# 671898 13-Aug-2012 17:38

pruneyone: I was thinking about doing them independently. But thought costs could add up pretty quickly.

If your clients signed up directly with the host so paid them directly, then you don't need to worry about billing or the cost, and they also would provide support for server related problems. So you can go away on holiday without worrying about whether something has gone wrong with your reseller account. I guess it depends on whether the amount you make from that reseller account, is worth the money and the end support you have to provide to your clients. With just 20 clients, it possibly isn't worth the stress.

Zeon

3506 posts

Uber Geek

Trusted

# 671942 13-Aug-2012 20:28

pruneyone: Thanks for all your replies.

That is the trouble with cheap hosting, and reseller plans can be a problem as the main host doesn't have direct control over what websites their reseller is setting up. Are you saying that their server is getting hacked, and theevery single website in your reseller plan is then getting hacked too as a result, or are they all using the same CMS that is getting hacked?
You may be best to host each website independently. Maybe you should list the specs you need for each website. PM me as I maybe able to suggest the host that I use.

Initially on the reseller plan it was someone else's site that was getting hacked... if I remember correctly an old OScommerce installation. That resulted in all of the users on the server going down. All of my websites are custom installations using a framework.

I was thinking about doing them independently. But thought costs could add up pretty quickly.

Running your own dedicated server isn't probably a great option as you won't be proactively monitoring it as its not really your core business.

Too true. Is reseller hosting typically monitored for suspicious activity? One of my customers alerted me to the problem during this last episode.

I have looked at VPS hosting on openhost.co.nz - They say...

To use a VPS you should be familiar with administering Linux servers. If you require a managed service, where we look after services such as mySQL and Apache please use our shared web site hosting.

...

I'm not familiar with administering linux servers so it sounds like reseller hosting on shared servers could be a good option. Any suggestions for good companies?

Cheers
Tom

You could organize to have a reseller account where you split the support e.g. the accounts still come under your reseller hosting plan but clients can still go direct to the host for support should you be unavailable etc. It means that you are wholly responsible but can have control when you need it without jumping through hoops e.g. adding email addresses, databases and other straightforward stuff.

PM'd :)

Speedtest 2019-10-14

Judge

14 posts

Geek
Inactive user

# 672512 14-Aug-2012 21:36

A couple of thoughts

1. Dedicated hosting means you don't have to share vulnerabilities.
2. Shared hosting means you don't have a say over what gets hosted by other people.
3. Managing a server can be outsourced to smart people :)
4. Making money on other peoples efforts often means other people don't care so much about their efforts.

Hope this helps.

mattwnz

15269 posts

Uber Geek

# 672532 14-Aug-2012 22:16

Zeon: ou could organize to have a reseller account where you split the support e.g. the accounts still come under your reseller hosting plan but clients can still go direct to the host for support should you be unavailable etc. )

I am not aware of too many that will do that, usually the terms of a reseller account is for the reseller to provide end support. The ones I have seen that do that something like that are essentially just providing discounted hosting plans to a reseller, or some may charge per support ticket. Things like setting up databases and email accounts can be setup by the end user through the control panel.