European Web Site Using US Servers - EU Data Privacy Regulation
Oct 11, 2008
We are developing a new web site that will be collecting private information (no credit cards - only names, phones, email addresses and potentialy addresses etc).
Our company will be based in the EU and the target audience will largely be located in the EU.
We were thinking of using some of the very respected US companies like theplanet or softlayer that have very good prices for a quality service instead of the more expensive and less flexible EU based solutions.
But I was wondering whether this would violate the EU privaxy regulations (not sure if softlayer or theplanet are part of the US Safe Harbor) or whether there would be a way to cover ourselves (e.g. special contractual binds with the provider (which i am hoping would be part of their standard SLA/T&C) or by mentioning in the Terms & conditions of our site that data will be stored in the US.
Can anyone recommend hosting provider (dedicated or VPS) that has a strong and clear policy with respect to data on the the server?
We currently have accounts with Liquidweb and ThePlanet. Their policies are fine as far as they go, but they seem focused on things credit card info used to purchase service, and tracking of activity on their web sites.
That's all very nice, but I am worried about data stored on our servers, etc. I need to be sure that they won't turn over information to 3rd parties without our consent or being compelled by a subpoena, warrant or court order, and I want to be sure that any data center they rent space in won't do the same.
I've just initiated myself to splitting the load between servers... in this case, one server delivers all the html/php/mysql/emails, another serves all the images... its an auction site so there are loads of images.
Just did some testing using Firebug, with 20 5-10kb thumbnails loaded from the image server, everything else from the original server... the results speak for themselves:
no browse cache: current - 11.7 seconds test - 5.6 seconds
refresh (checks modified date on some/all files I believe): current - 8.6 seconds test - 4.1 seconds
I'm not testing scientifically or anything but these times were fairly consistent over a few dozen trials. Obviously also there are other factors with network connections, server loads etc. From my primitive knowledge I figure that if you fork the requests down 2 or more paths, instead of just 1, then you are virtually doubling the amount of requests that are taking place, hence the page loads faster.
Is this consistent with what others have found? In this case I figure the images are the common denominator so having them on the 2nd server makes sense. I also understand that databases, emailing and other processes can be split onto a separate server...
On a final note, can I get a recommendation...
#server 1: hosts html, css, javascript, PHP, MySQL databases, and sends emails... php 5 is required and security is very important
#server 2: hosts images and will possibly stream videos... basically just a file system we can access from another site
What would be the advisable server specs and operating systems for each? They would not be under a heavy load for some time, but the idea is that they could be further expanded if necessary. I understand that lighthttpd is good for serving images?
and finally, I also require: - a good host - a backup solution
if anyone could recommend anything to me at this point that would be great!
P.S. don't worry, i'm not setting the servers up myself - but i'm kindof in the position where I have to make the decisions!
I will purchase web hosting and domain name services. What am I to do for protecting private details ? Are there any special points to pay attention to?
I own a domain, and made sure it was private. Should I count on my contact information remaining private? How easy would it be for someone to get at it (can an angry person call my registrar and get the info?)
How do I keep users from spying on each others files? If I chmod -x /home/ all kinds of crap breaks. Would setting 660 along with setfacl u:apache:rwx work?
I suspect that the internet service provider I'm using is compromising my privacy. If someone who works in the ISP company decides to check up on their customers...
1) Is it possible for them to track which websites the customer has been to?
2) If they wanted to, can they gain access to the things that the customer types, like email passwords, or even email content?
--------------
Reason why I posted this is below:
I live in a country where personal privacy isn't all that respected. Recently, I've encountered a problem. It seems that some people are aware of some info that I post in the web. Now, I posted those info under an anonymous ID, and didn't tell anyone about it at all, and no one else uses my computer. So, how did it get leaked? It's most likely not malware (keyloggers, trojans etc.) because I'm very careful in that aspect.
Would it be possible to split website components transparently across 2 servers and make it look like a single site? For example: run a forum on ServerA and a wiki on ServerB, but with the same base URL? Doing this will allow me to buy smaller servers instead of a single huge server.
A friend and I ordered a dedicated AlphaRed server, drawn in by the excellent pricing.
We were problem-free for a few days, until I noticed my irssi (IRC chat client) screen detach. I assumed I accidentally pressed something, and continued chatting. Then it happened again, and a few more times. I looked at the last people to login to my shell, and it showed that an AlphaRed employee had logged into both 'root' and my personal shell. The employee was reading my chat logs in real-time.
The AlphaRed employ did not only read my chats, but participated as well. You may find logs that here: pastebin.ca/raw/1057127
Some excerpts:
05:05:40 <@infid3l[eMo]> hm.. 05:05:48 <@infid3l[eMo]> =D i love finding hacked shells 05:05:52 <@infid3l[eMo]> especially when they're on my network 05:06:01 <@infid3l[eMo]> and then snatching control of them =D =D 05:06:44 <@lifelike> = d 05:06:53 <@infid3l[eMo]> so whats up ppl 05:06:58 <@infid3l[eMo]> sorry to break into your conversation =D
and:
05:08:00 <@infid3l[eMo]> lol=D 05:08:30 <@infid3l[eMo]> I guess infid3l wants the screen back 05:08:35 <@infid3l[eMo]> eh, i'll give it back. 05:08:41 <@lifelike> lol who u 05:08:42 <@infid3l[eMo]> I'm watching you =D 05:08:55 <@infid3l[eMo]> I'm Alpha Red's network admin 05:08:59 <@lifelike> looool 05:09:01 <@infid3l[eMo]> I run the network this box is on
I then realized that this AlphaRed employee thought that I had somehow hacked the machine and gained root access. This box was unmanaged, yet the employee did not consult the owner to verify that I was a legitimate user. When the employee discovered I had not hacked the box, he claimed that IRC daemons were against the AUP. Below is the only mention of IRC in the AUP:
``11. Clients running IRC daemon are required to take immediate action on notification of any botnet or suspected
DMCA activity on the server. Such action shall include immediately closing any channels related to such activity.
Clients refusing to take such action or provide access to Alpha Red to take such action will have all access to the IRC daemon ports blocked and may be terminated without further notice.'
When I made the employee aware of this, he claimed there were complaints made about the IRC server. When I asked what the nature of the complaints were, he said he was not at liberty to discuss it. I personally doubt there were any complaints, as the IRCd was completely legitimate and exclusive.
I talked to the employee via ``wall'' messages via the root shell for a while. When I mentioned how unprofessional his way of dealing with the situation was, he told me he had control over the network and he didn't have to be professional.
While talking on the phone the employee told me I should have notified AlphaRed about running an IRCd. Nowhere in the AUP did it say anything about notifying AlphaRed. The employee acted like it was common sense -- which to me, it wasnt.
With no evidence of illegitimate activity, AlphaRed still refuses to allow an IRCd to run on our box. Even though it was their mistake, we are the ones paying for it.
AlphaRed offered no apology, and only left us inconvenienced.
I am working with a software package that processes uploaded videos then stores them on the server (similar to a youtube clone script) then embeds them in a page for watching / sharing. The software is basic, doesn't have multi-server capabilities. Is there a way to have the directory the software stores the files in actually mapped to another server so when people watch the movies all the embedding is done on the current server, however the video source is streamed from the second server.
I guess something like a sym-link ? (not sure if that's the right term).
Just looking for some pointers so I can fiddle and get a working outcome.
What are the different ways to have 2 dedicated server work together so i have 0% down time.
I have 2 D. servers. My goal or mission is?
I want to use both servers for web hosting.
Some url will be hosted with one server and the other url will be hosted on other server. For exmaple on Server ONE, i will host X and Y url. But on server TWO i will have a mirror of data for X and Y url.
This means i will have Data of accounts on both servers but one server will host dns of some urls, while other server will host nds of other urls. But both server will have same hosting accounts (mirror = THIS IS DONE THROUGHT WHM/CPANEL).
HOWEVER MORE IMPORTANT, I want to have all my hosting accounts(url) on both server so if my one sever goes down i will I can have the other server have all url ready to work.
I am tryig to do this WITH-IN my domain dealer WITH NS.
If not, what can I do to make use of both of my servers so if one goes down I can not have down time per say. At the same time I will not ran into this email problems? Plus use both server for hosting, too?
My forum is becoming more and more active and i would like to know how to setup a website on two servers. Ive seen many sites using www0.example.com and www1.example.com. Is this difficult to do?
Here is what I am trying to do, to set up a WordPress powered site to be run across two servers for load balancing. The two servers are dedicated and I have the load balancing software installed and set up. I need to set up the site so that both of them are accessed, but to also have the same content. The main concern is for the same content.
WordPress uses a MySQL database to place all of the content there, so the main thing I would need is to set up the databases so they are synched on both servers, so that the same content is showing up on both of the servers, and so I don't have to manually upload data to the database every few hours, that would suck. I have already found a script to connect to a remote mysql server, it is called HyperDB, but I was wondering if there are any better ways.
I found EuroVPS before I found this forum but when I went to their website I couldn't find anything on their Terms of Service. Do they allow adult content and what are their privacy terms?
Anyone know a good registrar who accepts Paypal payments with a .com domain price of around $10 or less and privacy option for about $2 or less? I also need to be able to set nameservers in a control panel.
Registerfly and GoDaddy didnt work... both ask credit cards and I only have Paypal.
I'm trying to see what the most cost effective way of doing this is.
I basically want to separate our business IP and our mail IP's.
So if I'm browsing the internet I have the regular IP that Comcast sets us up with.
If I am doing any emails, basically having one computer that runs off a different IP address. So when we send emails from that computer it would have the different IP address.
I want to do it in the most safe and legal way possible.
Why can't we have Unlimited data on dedicated servers? People say data costs alot of money so dedicated server providers cannot offer unlimited monthly data, but why don't hosting companies lay their own underground/underwater cables coz then they cud charge what they want? Or talk to the current cable owners and see if they can get unlimited data deals.
When u think about it, when u get satellite tv, they don't say u can only watch 100 hours of tv per month, coz u can watch as much tv as u want,yet the satellite still uses data, so y is this not the same for dedi providers?
