Search Amazon.com:
Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«79 »
  • Post
  • Reply
Bob Morales
Aug 18, 2006

HYPER-THREADING


Maneki Neko posted:

Are you counting the costs of paying Vmware for ESX licenses? You can't use free ESXi in a hosting environment, if that was your plan.

I think the license agreement says you specifically cannot use it to resell VM's.

Adorai:

What kind of disk subsystems would you plan on running?

I think the biggest thing that the big VPS providers have are the tools that allow people to create a VM almost instantly, and also give them the ability to buy more disk/bandwidth and add VM's on the fly. They also have a built-in backup service now.

It sounds like the guy from prgmr.com has quite a few customers, and you should be able to duplicate his setup fairly easy.

You should get a bunch of free beta testers from this thread while you break your system in

Adbot
ADBOT LOVES YOU

Rufus Ping
Dec 27, 2006





Phiberoptik posted:

What domain registrar's are you guys using that are cheap and reliable? Godaddy's prices have gone up a lot over the years.

thirding namecheap, you can usually find discount codes for them here, and remember to add in the free ssl cert when you buy domains

adorai
Nov 2, 2002

10/27/04 Never forget

Bob Morales posted:

What kind of disk subsystems would you plan on running?
If the longmode patch is in RHEL 6 I am going to use two nexentastor guests, on seperate hosts, clustered with raid6 volumes mapped directly to them and sandforce or intel SSDs for ZILs. After my first few hosts I'll buy a few disk shelves, use IOMMU to pass a SAS controller straight into the nexentastor guests and have true HA storage, but that piece takes some actual cash so I want to wait until I know my business can support that.

eightysixed
Sep 23, 2004

You can walk into a movie theater in Amsterdam and buy a beer. And I don't mean just like in no paper cup, I'm talking about a glass of beer. And in Paris, you can buy a beer at McDonald's. And you know what they call a Quarter Pounder with Cheese in Paris?


Are you going to run a closed beta like Bob said? This might be a good idea so you can test time needed/customer wants/feasibility et al.

adorai
Nov 2, 2002

10/27/04 Never forget

eightysixed posted:

Are you going to run a closed beta like Bob said? This might be a good idea so you can test time needed/customer wants/feasibility et al.
When I actually start, I will almost certainly advertise it to goons with an "as is" disclaimer.

Tsaven Nava
Dec 31, 2008

by elpintogrande


Unrelated to my questions a few pages back:

I have a customer that wants simple hisname@hiscompany.com e-mail address. Doesn't need a web site yet, but might want one in the future. Only needs a couple e-mail addresses, nothing fancy or complicated, and would be okay accessing it via a web-based interface.

1and1 has some e-mail only packages for $0.99/mo, which looks to suit the need fine. Is there any reason NOT to go with them? I've checked, and the domain name he wants is available.

Rufus Ping
Dec 27, 2006





Tsaven Nava posted:

Unrelated to my questions a few pages back:

I have a customer that wants simple hisname@hiscompany.com e-mail address. Doesn't need a web site yet, but might want one in the future. Only needs a couple e-mail addresses, nothing fancy or complicated, and would be okay accessing it via a web-based interface.

1and1 has some e-mail only packages for $0.99/mo, which looks to suit the need fine. Is there any reason NOT to go with them? I've checked, and the domain name he wants is available.

namecheap + google hosted email is marginally cheaper and probably better in every respect (use a coupon from here - the one for September should be posted soon)

Tsaven Nava
Dec 31, 2008

by elpintogrande


Cheaper how? Looks to be a few bucks more then 1and1 (Although seriously even with domain registration it's $18 vs $24. OMG $6/year it will bankrupt him)

However, what do you mean with google hosted email?

IOwnCalculus
Apr 2, 2003


http://www.google.com/apps/

You don't need any web hosting to go with it, you can essentially just point the domain at Google and get a GMail interface for your private domain name.

Tsaven Nava
Dec 31, 2008

by elpintogrande


Oh, so I just need to pay the $8 a year or whatever to register the domain, and um. Magic happens?

Also, Google Apps pricing looks to be $50/year, which is WAY more then any of the hosted options I saw.

less than three
Aug 9, 2007

Fire Sights and LED Lights

ESC 2010 Never Forget

Tsaven Nava posted:

Oh, so I just need to pay the $8 a year or whatever to register the domain, and um. Magic happens?

Also, Google Apps pricing looks to be $50/year, which is WAY more then any of the hosted options I saw.

No, just pay for the domain.

The $50/year is for premium service which doesn't have the adwords in GMail.

http://www.google.com/apps/intl/en/group/index.html

Bob Morales
Aug 18, 2006

HYPER-THREADING


Tsaven Nava posted:

I have a customer that wants simple hisname@hiscompany.com e-mail address. Doesn't need a web site yet, but might want one in the future. Only needs a couple e-mail addresses, nothing fancy or complicated, and would be okay accessing it via a web-based interface.

1and1 has some e-mail only packages for $0.99/mo, which looks to suit the need fine. Is there any reason NOT to go with them? I've checked, and the domain name he wants is available.

1. Make him buy the domain name (Better yet, sell it to him for more)
2. Add his domain to your Hostgator/Dreamhost/Godaddy account (unlimited domains, remember)
3. Add his email address to that (unlimited email, remember)
4. Charge him $4.95 a month or whatever

Rufus Ping
Dec 27, 2006





Tsaven Nava posted:

Oh, so I just need to pay the $8 a year or whatever to register the domain, and um. Magic happens?

Also, Google Apps pricing looks to be $50/year, which is WAY more then any of the hosted options I saw.

What Forums Poster less than three said.

- buy the domain for $9/year (I recommend namecheap, use the coupon codes from retailmenot)
- sign up to google apps for free (you don't need the paid one)
- use namecheap's free DNS or afraid.org or whatever
- point the MX records for the domain at google as per their instructions
- charge him $9/year + whatever profit you want to make

revmoo
May 25, 2006

Reverend Moo

Namecheap has been really great to me. The free ssl cert is great and the free DNS is even better. I switched from paying for my DNS to the free Namecheap service and haven't had any problems since. Also they have decent chat support which I prefer when working on web stuff because you can't paste over the phone.

Tsaven Nava
Dec 31, 2008

by elpintogrande


Is there any reason not just to pay the $10 for a domain through Google Apps and use their free/standard service? I've got no idea what MX records are or how I would "use" their DNS.

oh god how did this get here I am not good at this internet thing

DarkLotus
Sep 30, 2001

Goon Tested, Goon Approved
Individual, Reseller, ASP.NET, VPS and Dedicated Servers


Tsaven Nava posted:

Is there any reason not just to pay the $10 for a domain through Google Apps and use their free/standard service? I've got no idea what MX records are or how I would "use" their DNS.

oh god how did this get here I am not good at this internet thing

That will work too, definitely keeps things simple for you.

huhmz
Jun 5, 2005


Was wondering if someone can recommend a provider for my particular needs, it feels like I've looked at so many providers that either don't seem serious or don't match my requirements. Getting a little bit tired so I thought I would just ask. Requirements:

  • Not in Sweden/US/UK.
  • Fully dedicated servers.
  • Full access to KVM like ILO2/DRAK/ILOM
  • Allowed to install OS ourselves
  • Multiple IP's (like 12-14) will be needed
  • Real rack mounted server gear (not high tower workstations)

The location requirement is due to gambling laws and the clients wishes. Also because sensitive data is going to pass through we need total control hence the other requirements. Will be running a hypervisor, probably XenServer with Linux on top.

Im a datacenter dude by trade but I confess I've never had to dealt with this stuff outside my job. Suggestions?

Acer Pilot
Feb 17, 2007
put the 'the' in therapist





revmoo posted:

Namecheap has been really great to me. The free ssl cert is great and the free DNS is even better. I switched from paying for my DNS to the free Namecheap service and haven't had any problems since. Also they have decent chat support which I prefer when working on web stuff because you can't paste over the phone.

FYI: If you want to renew the SSL cert, you can't use another free SSL cert lol

Lord Dekks
Jan 24, 2005



My sister is a artist and I put a little website together for her with a online portfolio/gallery of her paintings etc for her to put on her business cards and let people know when she is next exhibiting etc, and went through Lithium Hosting, which for her needs is ideal. I don't know how it'd be for a high volume site (the first request sometimes takes a few seconds to load but after that everything is pretty much instantaneous speedwise) but for the number of visitors she gets, I'm very happy with the price.

A cautionary tale though, as R1CH said, cpanel makes it easy to install packages but its easy to mess them up if yo udon't know what you're doing. I had some folder permissions setup wrong in Joomla when I first set everything up, and found a load of rogue spam links inserted into one or the folders, which was completely my own fault for not taking the time to sit down and read through what the different permissions were and how to lock everything down (after I nuked the site restarted from scratch).

a llama
Mar 10, 2010

by T. Finn


cPanel itself doesn't really offer the ability to install scripts automatically, it's actually a third party product called Fantastico that ties into cPanel and offers this.

I would recommend staying far away from a server with Fantastico on it as it has in the past had a large number of security flaws and typically doesn't secure the script as much as someone who knows what they are doing or even reads a guide.

DarkLotus
Sep 30, 2001

Goon Tested, Goon Approved
Individual, Reseller, ASP.NET, VPS and Dedicated Servers


a llama posted:

I would recommend staying far away from a server with Fantastico on it as it has in the past had a large number of security flaws and typically doesn't secure the script as much as someone who knows what they are doing or even reads a guide.

That's not even a fair statement. Fantastico is just as good as a novice user that just follows a simple guide. If a server is setup properly, one users scripts won't affect anyone else security wise. As long as a person keeps their 3rd party apps up to date, they will run less of a chance of being exploited.

a llama
Mar 10, 2010

by T. Finn


DarkLotus posted:

That's not even a fair statement. Fantastico is just as good as a novice user that just follows a simple guide. If a server is setup properly, one users scripts won't affect anyone else security wise. As long as a person keeps their 3rd party apps up to date, they will run less of a chance of being exploited.


http://www.exploit-db.com/moaub-1-c...-vulnerability/

DarkLotus
Sep 30, 2001

Goon Tested, Goon Approved
Individual, Reseller, ASP.NET, VPS and Dedicated Servers



I'm not arguing that there isn't the potential for exploits within Fantastico, my arguement was that using Fantastico to install wordpress is just as harmless as someone downloading wordpress and installing it themselves.

Exploits will exists as long as there are people developing software, all we can hope for is that the developers fix the issues promptly.

Edit: That is a really bad exploit and I'm waiting to hear back from the Fantastico Developer about a fix before I disable Fantastico on all my servers. With my test of it, I wasn't able to access user data from one account to another but I was able to access files that are normally not accessible via PHP or the user.

Edit2: From Netenberg:
We are working on a fix in this regard.

However, we must say that this is not a real exploit at all. The scripts run under cPanel will have the same permission as the cPanel user and therefore is not able to access "restricted" files.

1.
> Locally Exploitable
> Yes

2.
> Now your PHP code will execute without /safe_mode/Disable_function/
> Mod_security due to cpanel php.ini must be run with execute permission.

These two items are the key here.

In any case, we will fix this issue at the earliest.

DarkLotus fucked around with this message at Sep 3, 2010 around 18:52

a llama
Mar 10, 2010

by T. Finn


I'm not sure what strange argument you're making but in your own words:

quote:

Exploits will exists as long as there are people developing software, all we can hope for is that the developers fix the issues promptly.

I don't see how you can back Fantastico as a good product considering the point you made yourself is that every single piece of software will have bugs. Why would you add another layer of software to an equation that doesn't need it. It is just going to make it more vulnerable.

When you install cPanel on your server, you're installing a product backed by a company with over 125 employees dedicated to fixing, releasing and testing it's product.

When you install Fantastico on your cPanel server, you are installing a product that may have a development staff of 10 people, limited resources and unknown amounts of potential issues.

dvgrhl
Sep 30, 2004

Do you think you are dealing with a 4-year-old child to whom you can give some walnuts and chocolates and get gold from him?


a llama posted:

I'm not sure what strange argument you're making but in your own words:


I don't see how you can back Fantastico as a good product considering the point you made yourself is that every single piece of software will have bugs. Why would you add another layer of software to an equation that doesn't need it. It is just going to make it more vulnerable.

When you install cPanel on your server, you're installing a product backed by a company with over 125 employees dedicated to fixing, releasing and testing it's product.

When you install Fantastico on your cPanel server, you are installing a product that may have a development staff of 10 people, limited resources and unknown amounts of potential issues.

This isn't a good argument at all. The number of staff involved has nothing to do with security. Some of the biggest companies (Adobe, Microsoft, and yes Apple) have the most security issues despite having hundreds or thousands of employees.

a llama
Mar 10, 2010

by T. Finn


I am sure you would immediately deploy a new enterprise product by a small company you have never heard of over a software company with a major track record and a budget that can successfully support the product.

The fact of the argument is that Fantastico is a poor product with poor support and quality assurance that shouldn't be deployed in a serious environment. If you really need your users to install an automated version of Wordpress, use the pre-built feature already in cPanel or give them a proper guide on how to do it themselves.

You'd honestly be surprised by the amount of cPanel servers that are compromised entirely because of this product.

a llama fucked around with this message at Sep 6, 2010 around 10:01

samglover
Sep 19, 2008

R!

We are running a 40k+ visitor per month WordPress blog on A2 Hosting's "unlimited" shared hosting. We are apparently using up too much processor time, and they want us gone.

I guess we need a managed VPS or dedicated server. All I want is my regular cPanel interface. I don't want to have to learn to administer a server. I am also terrified of moving everything over with minimal downtime, so a little hand-holding may be in order.

Where should I go?

dvgrhl
Sep 30, 2004

Do you think you are dealing with a 4-year-old child to whom you can give some walnuts and chocolates and get gold from him?


samglover posted:

We are running a 40k+ visitor per month WordPress blog on A2 Hosting's "unlimited" shared hosting. We are apparently using up too much processor time, and they want us gone.

I guess we need a managed VPS or dedicated server. All I want is my regular cPanel interface. I don't want to have to learn to administer a server. I am also terrified of moving everything over with minimal downtime, so a little hand-holding may be in order.

Where should I go?

You should check out a Wiredtree VPS. They are managed, and they will also migrate your site over for you. Their service is great, and response times to tickets are always really fast, usually less than 15 minutes. Liquidweb is another host on the same level of service/price. Those are typically the top 2 recommended managed VPS providers over at Web Hosting Talk.

a llama
Mar 10, 2010

by T. Finn


cPanel has account migrations that are almost entirely automated so all you need to do is find a VPS provider you trust.

samglover
Sep 19, 2008

R!

a llama posted:

cPanel has account migrations that are almost entirely automated so all you need to do is find a VPS provider you trust.

We already tried a VPS with HostGator, and before I get my cPanel interface, I've got to learn how to set up DNS servers, user accounts, and all kinds of stuff I have no idea how to do. We gave up.

I need fully-managed hosting.

I'll check out WiredTree, dvgrhl. Thanks!

MisterAlex
Dec 4, 2004

For Blood, Comic Mischief, Mature Humor, Nudity, Strong Language, Suggestive Themes, Use of Alcohol, and Intense Violence.

Online Interactions Not Rated.


I signed up for a free year with JustHost and removed my credit card information shortly after sign-up. A year later, and I got an invoice in my email telling me that my card has been successfully charged. Don't use this service if you don't plan on staying with them.

a llama
Mar 10, 2010

by T. Finn


samglover posted:

We already tried a VPS with HostGator, and before I get my cPanel interface, I've got to learn how to set up DNS servers, user accounts, and all kinds of stuff I have no idea how to do. We gave up.

I need fully-managed hosting.

I'll check out WiredTree, dvgrhl. Thanks!

http://docs.cpanel.net is pretty useful whenever you get around to it.

Mortanis
Dec 28, 2005

It's your father's lightsaber. This is the weapon of a Jedi Knight.

Can anyone recommend a good Windows VPS? The caveats are that we need maybe a hundred IPs for sites we've got with SSL right now, and a decent amount of hard drive space and bandwidth. I'm extremely tired of managing my own hardware, but sadly the legacy sites I need to keep running are ColdFusion and it just works best on Windows.

StabbinHobo
Oct 18, 2002

nothing beats the hobo life, stabbin folks with my hobo knife

I haven't had to deal with shared hosting in almost 10 years, so I'm curious how the whole "mod_php run by the same user for everyone" thing got solved? For instance how do dreamhost/hostdime/1&1/godaddy keep me from writing a phpscript that includes the database username/pass from another customers account such that I can destroy/steal their data? In 2000 people tried to deal with it via mostly "safe mode" (which was a disaster), "open_basedir" (which maybe works? I don't remember) and mostly just obfuscation. I remember some hosts were dabbling with php-as-cgi and I see suPHP exists now, but I'm less interested in what I could homegrow than what the big hosts actually do right now today.

JerikTelorian
Jan 18, 2007

That's right. I'm DOCTOR Light. P-H-D


I'd appreciate some advice regarding unmanaged VPSs.

I've been running a small game (Minecraft) server on my home connection for a few weeks now and would like to move to a VPS due to bandwidth constraints. VPSNOC's Gold plan seems just what I need.

I tried to sign up today but was stymied by some options. Ordering asks for a hostname (no big) and NS1 and NS2 -- namesevrers, I think, which I know nothing about. I am under the impression that I need to have a domain to utilize this server. I suppose I could get one through GoDaddy if needed, but would like to avoid that.

The server is only for some friends (~10) and I. Can we just use the server IP for navigation? We'll only need this for the game, a mumble server, and perhaps a light http server to host game world maps. Alternatively, could I simply point a DynDNS to the server IP and save some cash?

I thought I had enough skill to handle an unmanaged VPS but am a bit scared now. I don't doubt that I'll be able to configure the server once I get to the console, but I'd like to know what the experience is up to that point. How much fooling around with domains will I need to do to make it accessible (if not pretty)?

Kaninrail
Dec 9, 2007

The most dreaded of all hobos are the squeegee-wielders. Run them over.


Stacie posted:

Hey guys, we added a new coupon code 'goons' which will give you 50% off on any product we offer (except service extras) when selecting a monthly billing cycle.

Pretty much allows you to purchase a shell hosting or a web hosting package for under a buck.

Enjoy and let me know if you run into any problems.

http://www.amdwebhost.com

Just ordered an account from you guys, the deal seems pretty good. I had to put my paypal order through to get it into the sales queue, do you guys just issue a refund for the discount amount after the order is processed?

Aleksei Vasiliev
May 7, 2007

Fuck the cowboys. Unf. Fuck em hard.

JerikTelorian posted:

The server is only for some friends (~10) and I. Can we just use the server IP for navigation? We'll only need this for the game, a mumble server, and perhaps a light http server to host game world maps. Alternatively, could I simply point a DynDNS to the server IP and save some cash?
You can probably just give them fake info for the DNS and it'll work fine. Or DynDNS will work. DynDNS is a real DNS.

a llama
Mar 10, 2010

by T. Finn


StabbinHobo posted:

I haven't had to deal with shared hosting in almost 10 years, so I'm curious how the whole "mod_php run by the same user for everyone" thing got solved? For instance how do dreamhost/hostdime/1&1/godaddy keep me from writing a phpscript that includes the database username/pass from another customers account such that I can destroy/steal their data? In 2000 people tried to deal with it via mostly "safe mode" (which was a disaster), "open_basedir" (which maybe works? I don't remember) and mostly just obfuscation. I remember some hosts were dabbling with php-as-cgi and I see suPHP exists now, but I'm less interested in what I could homegrow than what the big hosts actually do right now today.

To be honest, if you have the proper database name, username and password that can authenticate to the database with full permission, there isn't anything on the majority of those platforms that can stop you from destroying the database. MySQL runs as a single process for the entire server and the way that databases are mapped are that they simply have a username prefix on them, the security feature being the username and password that you add to the database in order to have read/write access to it; if someone on the same server as you can crack that, then they can do whatever they want to your database.

suPHP makes sure that all PHP processes are run as the user that spawns them. It also enforces secure permissions and ownership on all files across the server.

JHVH-1
Jun 28, 2002


You can set a user's php to only work in their home directory and /tmp/ so they can't even do anything with php outside of the directory. Usually this is part of the suphp setup on something like cpanel. You can also limit functions by disabling certain ones if you want to be even more restrictive.

Adbot
ADBOT LOVES YOU

Bicycle SexFucker
Aug 15, 2007

I have zero interest in marriage.


Anyone else having major issues with Nixihost's mysql? Looks like it's down for them. I can hardly access cpanel.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«79 »