Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




3 posts

Wannabe Geek


# 107510 13-Aug-2012 13:26
Send private message

Hi All,

I'm looking for some suggestions.

I have a web design business and have about 20 customers currently hosting with me.

I used to have a reseller account with a certain hosting company. But they had people hack into the server a couple of times and all of my customers websites went down for a day or so.

After that, they recommended that I get a dedicated server with them so that it wouldn't happen any longer. So that's what I did.

However, recently someone has hacked into one of my websites and was sending spam. This resulted in the server getting blacklisted and many of our users could no longer send emails.

I'm starting to get really frustrated with this. I need to be able to offer my customers reliable hosting.

I'm really looking for suggestions for what a good setup / provider could be for me. All I want is for my customers to have their websites running all the time. I'm not sure if a dedicated server is right for me or whether I should be using something else.

I would try a reseller plan from another (supposedly more reliable) company but am wary about having the same problems. What happens if someone hacks into a website on reseller plans? Does everyone's account go down or just the website that got hacked into?

Cheers
Pruney

Create new topic
15269 posts

Uber Geek


  # 671801 13-Aug-2012 13:32
Send private message

That is the trouble with cheap hosting, and reseller plans can be a problem as the main host doesn't have direct control over what websites their reseller is setting up. Are you saying that their server is getting hacked, and theevery single website in your reseller plan is then getting hacked too as a result, or are they all using the same CMS that is getting hacked?
You may be best to host each website independently. Maybe you should list the specs you need for each website. PM me as I maybe able to suggest the host that I use.

Also someone hacking into your 'website' is most likely to be a problem with your website, and not with the web host. Unless you keep your website upto date with the latest security updates, it may get hacked into. A dedicated server would make no difference in this case.

You will also want a host that does decent backups. The cheap ones tend to do only daily or weekly ones, which aren't any good if the backup gets overwritten after you have been hacked.

The other thing you may want to do is to get your clients to signup to the web host directly, so you don't have to worry about providing support for hosting problems. eg Shift the support responsibility to the host. Although if it is your websites code that is getting hacked, then they will shift the responsibility back to you.

45 posts

Geek


  # 671806 13-Aug-2012 13:35
Send private message

The problem with a few shared hosting environments (like you might have had), is that all the website files and directory structures are owned by the same user and permissions, so if one website gets hacked into, effectively all other websites on that same server are at risk.

I highly recommend using a hosting provider who separates each website with its own permissions.

We run Fast-CGI PHP together with SuEXEC for our hosting server environment, which means each website runs under its own user, with its own permissions.
So if one website was hacked (due to an insecure PHP script), then no other site can be effected.
We carry this method across shared, reseller, and virtual private server hosting.

Also I would suggest looking at alternatives such as a managed Virtual Private Server (VPS) instead of a Dedicated Server, where you may not need all the excess resources in your own server.

 
 
 
 


3506 posts

Uber Geek

Trusted

  # 671812 13-Aug-2012 13:46
Send private message

Usually what happens is that the hackers will scan for servers until they find one with a security hole, usually as a result of not keeping up with security updates for the OS or web server. They thus exploit the hole for every site that is on that server. In most cases the file system permissions stay in tact and keep each site separate but because they hit every site......

Running your own dedicated server isn't probably a great option as you won't be proactively monitoring it as its not really your core business. This you have found after you were being used as a spam source and only found out after you were blacklisted - that would be something that would be picked up pretty fast with proactive monitoring of your send queues etc.

Reseller hosting with a reputable company is probably your best bet - unless you have a management contract alongside your dedicated server.




Speedtest 2019-10-14


15269 posts

Uber Geek


  # 671823 13-Aug-2012 14:00
Send private message

Ramsu: We run Fast-CGI PHP together with SuEXEC for our hosting server environment, which means each website runs under its own user, with its own permissions.


I think most hosts now do this on their linux plans, at least the better ones.

45 posts

Geek


  # 671826 13-Aug-2012 14:03
Send private message

mattwnz:
Ramsu: We run Fast-CGI PHP together with SuEXEC for our hosting server environment, which means each website runs under its own user, with its own permissions.


I think most hosts now do this on their linux plans, at least the better ones.


You will be surprised by some outfits still do run servers that are years old with insecure setups, bad permissions, etc.
I know this from comments that people make when transferring to us.




3 posts

Wannabe Geek


  # 671834 13-Aug-2012 14:23
Send private message

Thanks for all your replies.

That is the trouble with cheap hosting, and reseller plans can be a problem as the main host doesn't have direct control over what websites their reseller is setting up. Are you saying that their server is getting hacked, and theevery single website in your reseller plan is then getting hacked too as a result, or are they all using the same CMS that is getting hacked?
You may be best to host each website independently. Maybe you should list the specs you need for each website. PM me as I maybe able to suggest the host that I use.


Initially on the reseller plan it was someone else's site that was getting hacked... if I remember correctly an old OScommerce installation. That resulted in all of the users on the server going down. All of my websites are custom installations using a framework.

I was thinking about doing them independently. But thought costs could add up pretty quickly.

Running your own dedicated server isn't probably a great option as you won't be proactively monitoring it as its not really your core business.


Too true. Is reseller hosting typically monitored for suspicious activity? One of my customers alerted me to the problem during this last episode.

I have looked at VPS hosting on openhost.co.nz - They say...

To use a VPS you should be familiar with administering Linux servers. If you require a managed service, where we look after services such as mySQL and Apache please use our shared web site hosting.

...

I'm not familiar with administering linux servers so it sounds like reseller hosting on shared servers could be a good option. Any suggestions for good companies?

Cheers
Tom

 
 
 
 


15269 posts

Uber Geek


  # 671898 13-Aug-2012 17:38
Send private message

pruneyone: I was thinking about doing them independently. But thought costs could add up pretty quickly.


If your clients signed up directly with the host so paid them directly, then you don't need to worry about billing or the cost, and they also would provide support for server related problems. So you can go away on holiday without worrying about whether something has gone wrong with your reseller account. I guess it depends on whether the amount you make from that reseller account, is worth the money and the end support you have to provide to your clients. With just 20 clients, it possibly isn't worth the stress.

3506 posts

Uber Geek

Trusted

  # 671942 13-Aug-2012 20:28
Send private message

pruneyone: Thanks for all your replies.

That is the trouble with cheap hosting, and reseller plans can be a problem as the main host doesn't have direct control over what websites their reseller is setting up. Are you saying that their server is getting hacked, and theevery single website in your reseller plan is then getting hacked too as a result, or are they all using the same CMS that is getting hacked?
You may be best to host each website independently. Maybe you should list the specs you need for each website. PM me as I maybe able to suggest the host that I use.


Initially on the reseller plan it was someone else's site that was getting hacked... if I remember correctly an old OScommerce installation. That resulted in all of the users on the server going down. All of my websites are custom installations using a framework.

I was thinking about doing them independently. But thought costs could add up pretty quickly.

Running your own dedicated server isn't probably a great option as you won't be proactively monitoring it as its not really your core business.


Too true. Is reseller hosting typically monitored for suspicious activity? One of my customers alerted me to the problem during this last episode.

I have looked at VPS hosting on openhost.co.nz - They say...

To use a VPS you should be familiar with administering Linux servers. If you require a managed service, where we look after services such as mySQL and Apache please use our shared web site hosting.

...

I'm not familiar with administering linux servers so it sounds like reseller hosting on shared servers could be a good option. Any suggestions for good companies?

Cheers
Tom


You could organize to have a reseller account where you split the support e.g. the accounts still come under your reseller hosting plan but clients can still go direct to the host for support should you be unavailable etc. It means that you are wholly responsible but can have control when you need it without jumping through hoops e.g. adding email addresses, databases and other straightforward stuff.

PM'd :)




Speedtest 2019-10-14


14 posts

Geek
Inactive user


  # 672512 14-Aug-2012 21:36
Send private message

A couple of thoughts

1. Dedicated hosting means you don't have to share vulnerabilities.
2. Shared hosting means you don't have a say over what gets hosted by other people.
3. Managing a server can be outsourced to smart people :)
4. Making money on other peoples efforts often means other people don't care so much about their efforts.

Hope this helps.

15269 posts

Uber Geek


  # 672532 14-Aug-2012 22:16
Send private message

Zeon: ou could organize to have a reseller account where you split the support e.g. the accounts still come under your reseller hosting plan but clients can still go direct to the host for support should you be unavailable etc. )


I am not aware of too many that will do that, usually the terms of a reseller account is for the reseller to provide end support. The ones I have seen that do that something like that are essentially just providing discounted hosting plans to a reseller, or some may charge per support ticket. Things like setting up databases and email accounts can be setup by the end user through the control panel.

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01


NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00


New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33


IMAGR and Farro bring checkout-less supermarket shopping to New Zealand
Posted 5-Dec-2019 09:07


Wellington Airport becomes first 5G connected airport in the country
Posted 3-Dec-2019 08:42


MetService secures Al Jazeera as a new weather client
Posted 28-Nov-2019 09:40


NZ a top 10 connected nation with stage one of ultra-fast broadband roll-out completed
Posted 24-Nov-2019 14:15


Microsoft Translator understands te reo Māori
Posted 22-Nov-2019 08:46


Chorus to launch Hyperfibre service
Posted 18-Nov-2019 15:00


Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08


Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55


Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48


CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42


Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.