I am a customer with WiredTree for quite a while now and I wanted to tell you about my recent experience with them. My web hosting itself has seen many moves over the years. I started out with shared web hosting at some smaller hosts, but back in 2003 I opened a reseller account with HTTPME.com. Then one of my websites grew and grew and I needed a dedicated server. I sold that website in 2009 for a nice 5-digit price tag and retired the dedicated server. I still had my reseller accounts with HTTPME the entire time. [Read more…]
In my recent article here I showed you how to secure your WordPress installation. WordPress is a very popular blogging and content management software. It has grown a lot over the years and the more it became popular the more it became a target for sophisticated attacks from hackers and criminals. So, it is extremely important that webmasters like me and you keep their WordPress installations up to date and secure.
WordPress has been target of many sophisticated attacks, but not too long ago some hackers went back to the basics (so to speak) and they are attempting brute force attacks against the login pages of a WordPress installation. These hackers took control of over 100,000 computers – most likely some sort of a bot net – and they are using these computers and their Internet IP addresses to run automated attacks against other websites.
As an example, my own website (http://www.webhostingresourcekit.com) uses WordPress. I am not using it as a blogging software, but more like a content management system as you can see. When I noticed the increase in attacks against my website I took additional action. I had already secured WordPress through plugins and other measures, but I did not want to risk to become victim of a brute force attack. So, I added the extra protection by forcing an additional layer of password protection onto my WordPress login and administration area. These 2 layers are independent from each other and even if one would guess the first level user ID and password, it makes it much more difficult to start automated attacks. I am not saying it is impossible to hack my website, but it takes care of most automated attacks. Online security is like security in real life. You can protect your house with extra locks, motion detectors, a sophisticated security system, and a lot of other security measures, but if someone wants to break in they will still break in. However, the common thief will fail and it will take more a more sophisticated criminal to get past the extra layers of security. The ROI for such an endeavor has to be worth the additional effort and most people will simply shy away and pick easier targets (aka somebody else’s house). The same strategy applies to your website (or mine for that matter).
The attackers mentioned above are running dictionary attacks against WordPress. They use common knowledge that the default user ID for most installation is called “admin” and they know that too many people are not using complex passwords, but passwords based on words found in common dictionaries. They combine the “admin” user account with easy to guess passwords and then run their sophisticated attacks from over 100,00 hijacked computers so that it is almost impossible to block these attacks based on where they come from.
So, when I wrote my tutorial on how you can secure your WordPress installation with just a few simple steps I did look at my website statistics and posted a screenshot to show the number of attacks. After just 2 days my website had recorded over 4,500 attacks. A day later I took another look and the number had more than doubled. Over 10,000 dictionary based attacks in roughly 3-4 days – that is quite a bit. For one if I would have used an easy to guess password my website would have been open for the attacker, but secondly these attacks also add load to my web server. Load means that the website slows down and makes the visitor experience less pleasant. The load issue is secondary, but still important.
Here is an article by Forbes magazine that describes the same situation I am talking about. They mention 90,000 IP addresses, while I have seen other reports mentioning over 100,000 IP addresses. At that level it does not matter. But when even the mainstream media starts writing about it, the issue should not be ignored. The article at Forbes shows a few steps on how to secure your website and it is a good start, but do not stop there. It pays off to go the extra mile when it comes to security.
Just a few days ago I talked to a friend about my different online ventures. He was amazed by the number of domain names I own (roughly 145 at this point). He asked me if I would have a website for each domain name I own. I actually declined and mentioned that I have roughly 60% of my domain names developed with their own website. Thinking about his overall reaction I think it is important to point out how easy it is to bring up your own website. [Read more…]
Ever wanted to start your own Web Hosting Business, but did not have all the information you need? The Web Hosting Resource Kit now offers a unique web hosting business startup training program. As far as I know, this is the one and only training program where you can learn how to become a web host starting a web hosting business from the ground up. This training program offers exclusive content not found anywhere else. [Read more…]
Last month I wrote about a new series of Dell servers that were now available at The Planet. The servers start at $99 which is dirt cheap considering how much you get in return. The new Dell Pentium G6950 servers are work horses with lots of processing power and The Planet has them at the introductory price of $99 per month available. This promo apparently is a great success (no wonder), however any introductory offer has to come to an end and so is this one.
The Planet is pulling the plug on the promo offer and the price is going up from $99 to $129. Sure, this is still very cheap – especially compared to many competitors, but if you are in the market for a great, brand name dedicated server – now is the time to make your move. The Planet offers great service and these servers are no exception. This offer expires soon, so check out the Planet for cheap dedicated web servers.
Click here to visit The Planet to get all the details and to lock in your rate.
About The Planet
The Planet dot com is a web hosting providers specialized in large data center environments to provide very affordable web servers to customers.
Yesterday I wrote about how expensive a local web host can be when hosting your business website with such a company or a local web designer. Many small businesses use a local web designer to get an online presence and then are kind of held hostage by these web designers. While I support honest, local web designers there are some who take advantage of small business customers and charge an arm and a leg for web hosting without providing real value in return.
Yesterday I provided information on how to gain control of your domain name as a first step in the process of moving your business website to a different provider. Today I am going to show how to gain control of the files that actually make your website which is hosted under your domain name. Just taking control of your domain name is not enough as you would lose your website and your content unless you also gain control and physical ownership of your website.
I am assuming you are dealing with a web designer of some sort who is difficult to work with and makes it difficult to move away from him/her. You might have to get a little tricky to get copies of your website in those cases to avoid a situation where the web designer turns hostile and makes it impossible to move away without a major hassle. Any good web designer should respect your wish to use a cheaper web host. Anyway, how can you get a copy of your website? For one you need to determine if your website is just made out of static files or if there is an actual CMS (Content Management System) is used that also has a database backend. Your goal is to be able to upload everything to the new web host at one point and to have a working website.
One good way to ask for what makes your website is actually a valid business reason. Remember 9/11? When the towers of the World Trade Center went down many business were destroyed. Anyone who did not have an offsite copy of their data had lost all business records. 9/11 triggered a large wave of disaster recovery procedures where businesses realized how fast a fatal incident could wipe a business. As a result business started recording business procedures and stored them offsite with critical business data and backups of data. You can use the same reason to request a current copy of your website from your web designer. Explain that you are creating a disaster recovery plan which also includes the website and the web designer. What happens if the web designer gets hits by a bus tomorrow? How can you get your website? Properly explained it will be difficult for the web designer to deny you a copy of what you own anyway. Let’s take this a step further and use the same situation to have the web designer document your website at the same time. This will make it easier for your new webmaster or web designer to put all the bits and pieces together.
That’s it for today. In part III of this article I will provide detail f how to put all this together and how to move your website to a new webhost.
You need a new web host. You do a Google Search for “Web Hosting” and you feel a little overwhelmed by the 252,000,000 results Google presents in return. Admittedly, choosing the right host can be a overwhelming endeavor – no doubt. Now what? You pick a couple of web hosts and look at their websites, investigate pricing and hosting features. Now more confusion – all these web hosts pretty much look alike. Same pricing (though sometimes prices are $0.50 higher or lower), same features, same bandwidth and disk space and even the website design looks somewhat familiar going from host to host. It almost makes the impression they are running their web hosting business of the same blue print or the same manual.
Now, where do you turn to find a new web host? While you can use one of the many web hosting comparison websites (including my own list of web hosting recommendations), the best way is usually to follow the recommendation of a friend or family member. Personal recommendations are the best way to pick a new web host.
But when these personal recommendations are missing, how can you choose the right web host? Use common sense, spend some time researching and then create a list of 3 possible web hosts you like to try out. Verify that each webhost offers a money back guarantee and then move forward. Using a web host that offers a money back guarantee is important as it allows you to leave quickly without occurring any cost. Important in my opinion is the choice where you register your domain name. I personally do not want to be tied to a certain web host by registering the domain name I use through the web host. I prefer 3rd party domain name registries like NameCheap as an example. I keep control over the domain name. If I would try a new web host and have my domain name registered through the web host, they might either keep the name or charge a higher than normal price or make it really difficult to leave. What good is a money back guarantee if you have to leave your domain name behind?!
So, register the domain name at NameCheap (or if really necessary at Godaddy (be warned of the many upsells Godaddy has)), then work your way through the list of 3 web hosts that you like to try. Keep a good backup of your website so that you can easily move to a new web hosting provider as needed. Some web hosts offer better pricing if you pre-pay for 12 months or more. While this is a good deal, you might want to go month to month first and once you like a web host, contact their billing department and switch your payment option and pre-pay. Or at least pick the lowest pre-payment option and then upgrade later on. Do not let the lowest price force you into a decision you do not feel comfortable with. Every webhost will want you to stay and so it is never a problem to change your hosting plan option later on.
Here are my 3 favorite web hosts at the moment. Feel free to make them your list of web hosts to try out.
IPower Web Hosting just announced one of their rare sales deals. You can save 50% on their “Unlimited Pro Plan” which usually costs $7.95. This sale is on only for a limited time and so if you are in the market for a new web hosting account and want a reliable web host, then check out this deal:
Disk Space = Unlimited
Bandwidth = Unlimited
Free Domain Name Registration = included
Domans allowed = unlimited
Price: $3.95 per month
Founded in 2001, IPOWER has established itself as a leader in the web hosting industry, providing a comprehensive suite of online services for small and medium-sized businesses worldwide. IPower has build up a great reputation in the Web Hosting Market and provides very good web hosting. The one thing that separates them from many other web hosting providers is the fact that they have their own web control panel that gives customers access to over 200 different options and tools.
About this Sale
This sale is definitely limited in how long this price will last. If you are in the market for web hosting and are not happy with your old web host, I highly recommend to check out IPower Web Hosting. They offer a money back guarantee so that you are under no obligation whatsoever.
Sometimes the web hosting market rather looks like a farmer’s market or a zoo. Hostgator, Host Monster, Shark Host, and FatCow + many many more mainly smaller web hosting companies decided to use an animal as part of their business name. While Host Gator is around for a long time, the other companies are mainly newcomers to the web hosting scene over the last 2 years maybe. Initially it might look funny or silly seeing a hosting company calling itself something like Fat Cow, but in the long run I think it is not such a good move. Initially the silly name might attract attention of customers, but what about the time when the interest fades away. Starting off getting attention is a good thing, but as with every startup at one point you are no longer a startup company. You have become part of the establishment no matter how hard you try not to.
The next issue I see is the market these webhosts are trying penetrate. A business name like Shark Hosting or Fat Cow is not really something I would consider a good choice when in the market for web hosting as a small business owner. Business owners need stability and reliability, but do silly company names for web hosts have a high trust factor? I doubt it and a couple of business owners I talked to would never sign up with such a company.
If you pick an animal name for you web hosting business (or any business whatsoever) and you want to grow big you need to establish a brand name. A brand name is not just your business name that is around after 2 years or so – a brand name is much more. This was the route Host Gator has taken and they have really taken web hosting to the next level. These guys can get away with a silly company name and silly company logos and banners. Others still have to prove them self and need to spend way more resources on building up the trust factor compared to web hosting providers that decided to work with a more conservative name as their business name.
If you have a Linux web server on the Internet you can be sure it is going to be attacked in one way or the other. When the server gets setup by your dedicated server web host, it is only barely secured. Before doing anything else you should put some basic level of security onto the system and then later on harden the server and make it really secure. I highly recommend to outsource the task of securing an Internet facing web server, but this list below gives you a basic idea of tasks to look into:
1. Change default ssh port (even use SSH keys if possible)
2. Disallow root login and require login via different user accounts and then SU to root as needed
3. Disable any unneeded services
4. Install a good software firewall or better go hardware firewall
5. Disable dangerous or unused PHP functions
6. Install mod_security
7. Install a virus scanner like ClamAV
8. Mandatory Virus scan any FTP uploads
9. Install a root kit detection tool
10. Have root email notification of changes on the server send to an email account not hosted on the same server
11. Use complex passwords with at least 10 character minimums and special characters required
Of course this list is incomplete and only high level, but unless you outsource the task of securing your server this list should give you a few good hints of how to secure your new dedicated server. Or get a fully managed dedicated server from a company like LiquidWeb in the first place and concentrate on growing your website and not your frustration. LiquidWeb will take good care of you.