How To Secure A Shared Hosting Server
Dec 18, 2007
how to secure a windows and a linux server used for shared hosting?
View 0 Replies
Apr 10, 2008
A friend is looking for shared hosting with secure ftp, or pgp encryption or both. Do you know of any host that offers them? Would a vps have these features?
View 5 Replies
Nov 5, 2009
We have several VPS's reselling shared hosting, and as we grow our shared hosting operations, I've realized how its almost impossible to have every user, developer or who ever is accessing our shared accounts to properly lock down their scripts eg set proper permissions... But what I don't get is how larger shared hosting providers (which we plan on becoming) fully lock out homedir/User A from being able to access, view or write to homedir/User B's files no matter if User A's executed scripts, processes, protocols is requesting User B's files...
View 2 Replies
Jan 21, 2007
In a shared environment you can't rely on your customers to lock down their stuff and they are trusting you to take reasonable precautions to protect their stuff at the same time... This should be basic security but its almost impossible it seems to achieve in a shared env.
Obviously there are VPS's with completely isolated layers but in a shared env it shouldn't be too big of a request to have one persons stuff not easily visible by another person no matter if SSH is being used or a script of any kind.. bottomline... think of a hotel ... a "shared environment"... one guest can't just go in someone else's room easily. The hotel owner ensures that guests rooms are not available for other guests to access, this is a reasonable policy and the hotel owner would be in deep s**t if other guests had access to other guests rooms....
Here are the reasons why I think "secure shared hosting" is essentially a paradox...
1. False sense of security - SuPHP, Suexec, open_basedir..
Problem is even if you're using SuPHP or open_basedir or other security practices, someone on that server could still possibly "view" other users files which could include database config files and other files that you wouldn't want someone to read/access. These files could include xml, dat, txt etc any other file that a user might not want another user in another homedir to access that isn't protected by SuPHP or SuExec...
2. People often say.. well its your users responsibility "Rely on your end users to choose proper permissions for their files"... This is like relying on your hotel guests to deadbolt their door instead of having an autolock on their door when they close it.
I'm sure your clients would expect you to "section off" their account reasonably from another user however these doesn't seem possible at least with Apache that requires "nobody" to have to access files... And the problem is you can't rely on your users.. Besides, most open source scripts (WP, Joomla, Magento) and people here in this forum recommend 644/755 permissions as being the ideal permissions for most files/folders however if a user makes all of their files 644/755 other users can still possibly access those files.. You still would be giving world-readable access... Many people still use PHP as an Apache DSO, so under normal circumstances where scripts are installed in pub_html a user is FORCED to use world-readable permissions on their config files for their apps to run. For instance with our cPanel install, when we provision accounts in WHM, it creates .htaccess files with 644 permissions .. well why would it do this if .htaccess shouldnt be read by other users .. same goes with xml files, or other non-php/cgi files outside or inside the pub_html directories of a users homedir/ that shouldnt be viewable by world users...
Bottomline, until "world" readable/writable/executable permissions completely are ignored in a users homedir/ for not just PHP/CGI but for any file I think shared hosting security no matter what patches you have added to Apache or your system (Suhosin ,SuPHP etc) ... is a paradox... It shouldn't even be possible in any home dir no matter how responsible/irresponsible a user is for one user to be able to view another users stuff. The whole point and reason panels such as WHM or any panel uses the /home dir is to separate that users files/mail/etc from another users.. So, logically, there's no reason why a script would need access to anothers home dir/ knowing its a shared environment and on a shared hosting env it shouldn't be allowed to go outside of that users /home/ dir ...
So I think a server admin should be able to enable a "mod_shared host" lets say in WHM or something that will get rid of global permissions eg there will only be 64 not 644 for any file in /home/<user>/... If someone chmods something to anything in Y ... XXY ... Y is completely ignored and set to 0...
If the server admin wants to override such settings, there could be an override feature but by default, just as PHP open_basedir restrictions settings in WHM work for PHP, the same should go for all files/scripts part of a home dir (any extension), under normal shared hosting shouldn't be accessible by any method (FTP, SSH, any apache module/process - CGI, Java etc) regardless of DSO, SuPHP...
Until then... How could large shared hosting providers sleep at night knowing that they are not protecting everything in their users home directories? This should be a simple and reasonable request that a user would expect when signing up for Shared hosting... Obviously there are other possible security leaks, breaches can occur but this should be basic security...
Shared hosting shouldn't be like open kindergarten cubbies with a curtain protecting the contents, instead, anyone signing up for shared hosting would expect their host to at least have a high school locker with a pad lock ....
Or am I missing something? Is there a solution already for this reasonable security practice of protecting users from each other user without referring them to a VPS or a dedicated? How do the big shared hosting operations have a large shared environments with hundreds of users on a box NOT allowing others to view/access other peoples stuff?
I've asked people on cPanel forums as well as our hosting provider, everyone has mixed responses and no real "answer" so I wanted to get your thoughts...
I'm running a shared hosting environment and I'd like to know if it's even possible to secure the Apache while it's running mod_php. I know I could go suPHP with PHP-CGI, but that'd increase drastically the server load.
View 2 Replies
Apr 29, 2008
So what should I do to best secure the server?
So far now I did:
Installed mod_security and mod_evasive.
Set disable_functions = ini_restore, popen, exec, shell_exec, system, passthru, proc_open, proc_close
Set open_basedir to user's directory on virtualhost
Is that would be a secure environment for my users?
I have a small reseller account but all the domains are managed by myself. Security has not been a problem because the sites are simple, but now I have a need to deliver and recieve private files. I know how to keep the website itself secure writing my own sessions, using explicit variables, storing sensitive data outside of the web directories and that sort of stuff but it is my 'neighbors' that bother me. If one of them gets hacked or I get a bad neighbor sharing the server I do not want them to have access to my files and passwords.
View 14 Replies
May 6, 2008
A few years ago I wrote a browsing script that I found out had the ability to escape my own area and roam freely around every area on the server with unlimited access to every file. When I complained about it, the server admin said that I had nothing to worry about. When I pressed the issue I was told that nobody could invade my files because it was against the rules to go into other people's account. It turned out most server administrators left things open to eliminate scripting problems for their users and there was really no way to lock down a server without breaking a lot of scripts. At the time I moved to a more secure server but they eventually opened things up because of too many complaints and help requests.
Have things changed? Have they worked out the issues with shared servers? Is there a way to tell if my host has implemented proper safeguards (if any viable ones exist)?
Do website builders generally go with shared hosting or dedicated server? I mean, if they work on several websites would they get a dedicated server instead of shared? From what I understand through reading shared hosting is basically if you only have one website. So one with multiple websites would go with a dedicated server?
View 12 Replies
Oct 26, 2009
I`m building some Xeon Nehalem servers for shared hosting with cPanel. The servers will be:
View 13 Replies
Aug 12, 2008
Dell PowerEdge R410
Xeon Nehalem E5502
12GB DDR3 RAM
3ware raid controller
But for shared hosting, is it worthy to have a RAID-10, or would a RAID-1 be enough?
We have some Xeon E3xxx servers running with RAID-1 hosting more than 1000 accounts, we hadn`t had any IO/load problem so far.
I am working on creating a social networking website. It will have approximately 2500 members with about 1/2 using video. I spoke to 2 different programmers through rent-a-coder. One told me to get a dedicated server through GoDaddy that runs me about $120/mo. The other programmer told me that there was no way that I would need that much and I could get a shared hosting package for $10-$20/mo and that would work fine. He said that a dedicated server wouldnt be necessary unless I was getting a ton of hits to my site or needed to host multiple sites. I inquired about it with GoDaddy and when I mentioned I was doing a social networking site, they said I would need the dedicated server. I am hiring someone to build the site since it is beyond what I am capable of, so I am clueless on who is correct.
View 14 Replies
Dec 18, 2008
VPS or Dedicated Server?? Or stick with shared hosting?
View 3 Replies
Mar 16, 2009
I currently use a shared hosting reseller account with HostGator for $24.95 which gives me 24 GB disk space and 250 GB RAM and allows me to host unlimited domains. It has cPanel, WHM and it is managed. I've used them for two years and they are awesome! Currently, I have about 20 very small domains hosted under my hosting account: all are very small and require no bandwidth or disk space whatsoever. EXCEPT, I have two or three domains which are solely used for e-commerce which is why I am considering upgrading to a VPS or dedicated-server.Background on the business:Users visit the site (300 visitors a day) and use the shopping cart to place an order for the software which ranges from $50-$300. An account is created for them in which they can login to download the software packages which range from 10 MB to 100 MB file size. They then install it on their computer and activate it with the license key number. Upon activation, the installed software connects with our backend of our website to update their account with their computers fingerprint. Each time the software is executed, their computer connects with our licensing server to verify legitimate usage. Our backend has access to their billing information and licensing; therefore, security is a must.We have about 4,000 users. Recently, with the business growing, I am not sure if I should be looking for a VPS or dedicated-server solution. With HostGator I'm paying $300 a year (and everything is running seamlessly). Or, I can switch to VPS for $500/yr and dedicated server for $2000/year. My budget is open, though I don't want to get anything that is overkill for the logistics of my business. What I current use and need:*Space: Up to 10 GB *Bandwidth: Up to 100 GB*Reliable, 99.9%+ uptime and MANAGED server*Daily backups*Good support (i.e. installing SSL certs, firewall)*Secure*cPanel*Allow me to host other my other non-business websites (1 big forum with 500 visitors/day and 19 very small parked sites) *IONCube support*I will have to get SSL for a few of my sites. And for that, IÃ¢ÂÇÂÖll need dedicated IP addresses. I would prefer if there is a VPS or dedicated server solution which has a package for multiple dedicated IP addressesQuestions:1) For my business, would you recommend VPS or dedicated-server or do you think I am fine with what the shared hosting reseller account with HG I have already? If a VPS or dedicated server is justified, which provider do you recommend that suits my needs?2) Will I truly see a notable and significant improvement by upgrading from my current state to a VPS or dedicated server?3) Will I need a firewall to ensure security for the 4,000 clients? How can I optimize the security of my clients?4) Privacy is a very important concern (not that I'm doing anything illegal). I use GoDaddy to do a private whois so it does not reveal my name or address. If I switch to VPS or dedicated server, should I be concerned that people can use the IP address of the website to identify me? What approaches can I take to protect my privacy?5) What do you think of slicehost.com? I was recommended to use this. I thought maybe the 256 slice plan would be appropriate for me, but I don't know what linux distribution to use: Ubuntu, CentOs, Fedora, Gentoo, Debian, etc. Heck, I don't even know the differences and I don't plan on playing around with anything on the server.I really appreciate your help in this matter. I am a totally newbie when it comes to this hosting stuff.
Hi, is anyone know the advantage of VPS hosting vs shared hosting? I found a cheap VPS plan at in2net.com. I can get 15G space, 200G bandwidth and 256 RAM for $9.95 a month. My site starts getting a lot of users, it might be an issue with shared hosting. My site also hosts a forum, and currently has 1000 unique visitors and 8000 pageviews daily. Sometime the forum has 30-50 concurrent members.
View 14 Replies
Nov 24, 2007
So, I'm just wondering in my case, wihch one would you choose, VPS or shared hosting? since they are the same price. I don't know how to manage servers, but my friend has a unmanaged server at theplanet, and he hasn't managed the server at all since he had it. So, if a VPS host comes with all the scripts installed, in this case, it doesn't require any management, am I right?
oh, one more quesiton, is the plesk control panel works like whm panel? where each client has his own control panel?
I have a reseller shared hosting plan that allows for 50 sub-accounts and I'm using about 20. I am looking at getting a VPS with between 256 - 394 mb RAM and am wondering if I were to move all of my accounts to the new VPS would I be ending up with less RAM to use for all of my sites.
View 11 Replies
Oct 27, 2009
To put this another way how do most reseller plans manage RAM usage? Do each of my sub-accounts have access to say 64 mb RAM so that if I were to use all 50 sub accounts I would have access to 50*64 mb.
From what I've experienced and read with shared hosting my thought is I could end up with less access to server resources, CPU and RAM, with a VPS plan - though with VPS the resources are more guaranteed rather than being dependent on the usage of other accounts on the server.
The reason I am looking at a VPS account is that I have a site that will likely have 1000s of users with a server intensive script (Moodle) and I know it would violate the reseller account agreement. So maybe my plan should be to keep the reseller account and use it for my database driven sites and use the VPS for the server intensive site and my html based sites.
Also, my VPS choice seems to be narrowed down to Liquidweb, JaguarPC and Zone - has anybody heard of any negative experiences with Liquidweb? I can't find any.
I have Apache 2.0 running with cPanel. I'm wondering if it's better to upgrade to 2.2.
View 2 Replies
Jun 1, 2008
Will I see performance improvements? Will I face any issues?
My head is about to explode with all the information available in regard to regular shared hosting verses VPS verses dedicated server and I still don't have an answer. It will probably be of some benefit to say that I have virtually no experience in any of this aside of having previously published a small website. Of course there are no worries when it comes to something small however, now I am getting into something much larger and am pretty much sitting here like a scared rabbit in the face of trying to make the right host decision.
View 3 Replies
Feb 15, 2008
Let me start by saying that my site is a reverse auction type of site that will also have a forum, blog, small auction venue etc. Users will be uploading files and communicating within the site as well. It might help to say that it is similiar to getafreelancer.com. We won't have a technical theme but the set up is similiar.
My question is....I don't know what kind of host to go with! I originally thought IX but then read up on the dishonesty involved with claims of unlimited bandwidth. Then I thought about VPS which I guess is different from regular hosts but I'm not clear as to why. It's still shared isn't it? Finally, I'm thinking about a dedicated server. I have found a place called server4you.com that has reasonable prices but I still need to check them out. The problem with this option is that I have absolutely no understanding of the tech side of dealing with my own server. I know that some companies offer a managed option but they are so expensive and I don't even know what that would entail.
Plus what about security, how does that work with a dedicated server. For example, when shared hosting companies list options that come with a package, SSL is always mentioned for e-commerce hosting. How would I secure my own site?
How in the world is someone supposed to know how much space they need before they publish? You really can't determine data transfer ahead of time. I am in dire need of some good options that won't bleed me dry and I barely know of the right questions to ask.
I am just reading a bit about the memcache module. Does anyone have an opinion if this is suitable for installation on a regular shared hosting server?
View 2 Replies
Sep 10, 2008
I'm currently with Steadfast Networks for my VPS (Linux). We are now in need of shared MS Exchange Hosting plan. Although I found some companies offering Exchange Hosting, they do not offer VPS's. Does anyone knows of any reliable company offering both?
View 3 Replies
May 28, 2008
I want someone (well maybe except Rackspace) who is reliable, has good feedback and provides good uptime and customer service.
I'm familiar with shared hosting but a complete novice to virtual servers, I'm getting the following error message when I go to my new virtual server IP [url]
View 1 Replies
Mar 23, 2007
Now am I getting that because...
a) I need to set something up in the PLESK control panel thing or
b) Is it a DNS issue? Its only been 30 hours since the migration from shared hosting.
I was told when I upgraded that I wouldn't have to do anything and there would be no interruption as the site www.mydomain.com would continue to use the shared hosting until the virtual one was set.
Is it a question of waiting for the DNS to update so it points to [url]: or do I have to set something up?
=We are trying to integrate eBay.com feeds into our site and for some reason we are not able to get expected results on current shared hosting server. We tested the same on another server and we are able to get the right results. And the current host doesn't allow us to access the server logs unless we upgrade the account to VPS and Dedicated server. But we are pretty new to launch the site, hence we don't want to buy any VPS or Dedicated server for now. Now we are looking for another shared hosting who can offer to access server logs.
View 0 Replies
Oct 27, 2009
if I should have a PHP accelerator on my shared hosting server like eAccelerator or xCache.
View 1 Replies
Apr 15, 2008
I heard APC is not compatible with Zend Optimizer, which is a must have in shared hosting environments, please correct me if I'm wrong.
Is it going to help as far as server performance
View 7 Replies
Oct 29, 2008
if I run my forum website(MySQL) on dedicated server
and load member photos from cheap shared hosting?
When i try to upload a image files to the linux based shared hosting server application with java and .Jsp files
View 1 Replies
Oct 8, 2008
(using apache common file upload) the following exception is getting...!
java.security.AccessControlException: access denied (java.io.FilePermission /var/chroot/home/content/h/e/r/heritageameric/html/heritageshopping/abc.txt write)
Hosting people suggesting me that i need .htaccess file to solve and get write permission..!
But iam completely new to this .htaccess file concept..!
I have built a server so I can co-locate it to be used for shared hosting. The specification is high, compared to most dedicated server offerings, so I was considering splitting it up into different virtual machines for different purposes. The specification is: Intel Xeon 3230 (4x 2.66ghz), 8GB DDR ECC RAM, Seagate Cheetah SAS 15,000rpm (4x 147GB), Adaptec RAID 5405 (RAID 6 Array with Battery Backup), Dual on-board NIC, etc.
View 2 Replies
Oct 23, 2009
The original plan was to use this machine as just one linux server, but I am concerned most of its potential will not be exploited. So I am exploring the possibility of setting it up as 2 Virtual Machines, installing Linux on one and Windows on the other. This way I can offer hosting for ASP and ASP.NET, and possibly MS SQL and/or Exchange depending on costs for their licences.
What Microsoft licences are suitable for servers used for shared hosting? From what I can gather there are several ways of being licenced, but I can't figure out which is the most cost effective. It seems you buy the server OS edition that supports your requirements, then pay another licence per user (CAL?) - I haven't got a clue how many users I will need to have though. Then if you want to use MS SQL, DNS or Exchange you need the correct edition - and buy licences for these too.
Does anyone know roughly what I should be looking to pay for what? I would ideally like to have MS SQL, DNS and Exchange - but am aware that the licence could be so expensive that it wouldn't be worth doing.
View 9 Replies
Feb 9, 2009
I've had a couple dedicated servers with 1and1 for a while now(about 6mos). I have to say that my overall experience was pretty good. At the time the prices where pretty good, and are very comparable to most hosts. I received the speeds promised, the server was setup very quickly.
The only negative I had with the server was the kernel. I attempted to install vmware on they system however they did not have the headers needed by GCC to compile vmware. It was an annoyance, but I just opted to update the kernel since there where a few releases since their custom built kernel was made. Once I was running the new kernel the vmware process went smoothly, and everything worked perfectly.
As for 1and1's support team, I have to say their standard support I would not rate a 10/10, however their dedicated server support team, and one particular rep I've come to know in their sales / abuse department (more on the abuse dpt. later) are very knowledgeable. And always addressed any issues or questions promptly. Which honestly no issues besides vmware stand out in my mind, which was just a minor inconvenience, which you would find on most hosts. Since its an un-managed root server your responsible for keeping the system up to date, and run the latest kernels anyway right?
Ok, so I mentioned I came to know a rep out of the abuse department of sales. Now this isn't particularly related to my dedicated servers but I did have one of their hosting packages. Well I never kept tabs on the site and the scripts had a couple vulnerabilities, php5 wasn't enforced.
Anyway to make a long story short, the site was hacked and fake bank sites and other scripts where loaded onto the server. Which is where The abuse department came into play. Now I know (getting off topic, but it may be the same with a dedicated server) hosting companies don't want to run sites like these, and I thought that the way these companies usualy handle these types of situations are to send a take-down notice to their client, as its possible they may not even know its there. But 1and1 opted to completely disable all access to the server, http, ftp, ssh, everything. So at first I didn't know what happend. I call up tech support that night(prob around midnight -- 24/7 tech support is always great), they let me know the account was dissabled do to an abused related complaint. They told me I would have to wait until morning when their sales department opens(as abuse is located in sales).
So I call up the number they gave me the next morning. And meet Bob (I'm calling him bob because his name escapes me at the moment). He was very pleasant and understanding that I needed my site up as soon as possible. He looked at my account he saw I had been with them for about a year and a half, and said he didn't think I had posted any of the content anyway(he disabled it himself imagine that haha). He emailed me links to all the files in question, informed me that php5 was not forced and recomed I fix it. Since that was the only reason we had this isue in the first place. He was also able to tell me what files the hacker used to exploit and gain access to the server, as well as searched the the user directory for any backdoor scripts. Which he did find some and sent me the locations in the email.
So, finally we got of the phone he re-enabled the server. I went through the email went through everything, I just opted to delete everything as i felt the whole system was compromised anyway, and re-upload the site. I forced php5 for all php scripts and never heard anything about it again... and the site still runs today!
Their normal tech support isn't all the great, at least not when it comes to apache. I inquired about mod_rewrite not working and the first rep i spoke to didn't know what i was talking about, I explained in more detail, she put me on hold for about 10-20mins and researched it. Said she found details about my issue and shot me an email. I checked the email, it contained how to moddify headers using MS ASP which has nothing to even do with my "LINUX" shared hosting plan.
I called in a second time frustrated, remember I usually talk to guys from their dedicated server support. When I spoke with the second rep. The first thing I asked Him was if he was familiar with "Apache Mod_Rewrite" (exact words) are you familiar with this, and if not can you please give me to someone that is. He assured me he knew what I was talking about, I explained the situation, and what the other rep sent me was completely off topic. He apologized and assured me he knows exactly what I'm talking about.
He sent me an email with another link to their FAQ yet again. However this time is was on creating 403 redirects in apache. Well I do admit at least they got closer this time right? I laughed and walked out of the room. Took a shower and relaxed. Finally, I decided I'd take one last look at .htaccess configs before trying another call. I played around with different setting and... eureka! I found the solution; for some reason mod rewrite on 1and1's shared hosting servers doesn't support sub-directories; that is you need to access the files in your root directory to successfully process a rewrite.
So whats the moral of the story? Call Dedicated Server Support! lol
So anyway since this is a dedicated server review. So for my Dedicated server experience I would rate it a "9 out of 10".
For my overall experience with 1and1, I would rate it an "8 out of 10". Not the best I ever had, but I would do business with them. There are other minor issues I've had with their shared hosting, but I don't feel like getting into them.
Anyway hope that helps sombody, I kno it was a long post... so for the people that read it all congrats, because I lost concentration over about 80% of that post lol
Little humor there.. anyway thanks for read'n the post... just my little contribution to WHT.
I don't know where to ask this question so hopefully I'm in the right forum. I have a friend that owns his own company and travels alot. He needs a place where he can store his work files (mostly document like word, excel, pdf, drawings, etc...) which contains very sensitive information. He need a place where he or the people in his team can transfer files and that he can setup access levels for his users. He need access to his files with a secure tool such as sftp or something else that you guys can recommend.
View 3 Replies
Oct 19, 2009
Also, since some files can be very large he requires a good transfer speed from everywhere in the world. He's looking at around 100GB of storage space and a very high transfer allowance. He will probably need to host his website also. Do you guys think it's better to host the files and website separately?
How to secure server from Shell scripts like c100,c99,locus and so on.
View 3 Replies
Jun 20, 2006
Please provide me clear instructions if possible.
and let me know what we can do if a server is already infected with these shell scripts.
I work for a small web design firm with about 100 clients/domains and we are starting the search for a new hosting provider. We need a managed dedicated server with an offsite backup. We are also looking for a company that knows what they are talking about. If we have a Linux or server question they need to be able to give us a quick straight answer. Also, if they could help us transfer all our hosting accounts from our current server over to the new one that would be a BIG plus.
View 5 Replies
Apr 23, 2009
We have been thinking about Rackspace or 1and1.com but were wondering what the community thought. Any recommendations?
I'm trying to find at least three web hosting companies to choose from to host a Joomla websites on a shared server. Would consider dedicated if the deal was right. I have a friend of mine who wants to create a church website, and is looking for the best deal. I use Netfirms which I have never had an issue with, but I didn't want to be bias, and would like give him other options to choose from.
View 12 Replies
Jan 28, 2009
Is there a good WebHosting Review site, I could check out, or maybe someone could recommend their top three. I reading threw the forums here and I noticed there are not that many complaints with Hostgator. Again, I just want to see if there was anything out there better.
Who can recommend a secure/affordable video streaming hosting site to me?
View 7 Replies
Apr 2, 2009
Setting up a members video site.
Best if the web host can come with a ready members template and shopping cart/payment service where I can just upload my videos.
This question gets asked a lot in our Helpdesk and I figured I would post our knowledgebase article here to help anyone else wondering the Pros and Cons of Unlimited Domain Shared Hosting vs. Reseller Hosting. If anyone has anything else to add, I appreciate any feedback on how we can improve our KB article.
View 12 Replies
Jul 31, 2014
Given the present state of shared hosting, many clients may ask "Why would I need a Reseller account if I can host unlimited Addon and Parked domains within a single shared hosting account?". There is certainly enough Disk Space and Bandwidth provided in many of today's hosting packages, so why bother to purchase a Reseller account?
Many don't realize the drawbacks of hosting large numbers of domains within a single hosting account until they've already packed tens of them onto a single package.
So how do you know whether a Reseller account or Shared Hosting account is right for you? The answer is in how you plan to provide access to others and how "mission-critical" the sites are. You should consider the following factors when deciding on hosting a large number of domains:
1. Who will be managing these sites?
2. How important is site security between sites?
3. Will these domains need dedicated SSLs?
4. How resource intensive will these sites be (RAM, CPU, MySQL)?
In a nutshell, Reseller plans are for those who wish to host websites for other sub-clients and a shared hosting package is for a single individual managing multiple personal domains. We'll go over the 4 points above in greater detail.
1. Who will be managing these site?
If you personally own multiple domains and wish to host them within the same hosting space, you can easily do so with an Addon or Parked domain. An addon domain will allow you to host a new domain within a subdirectory of your hosting space. A parked domain will allow you to have multiple domain names point to the same content. Since addon domains reside within the same user space as your main domain, you can manage all of your domains with a single login. You can see the problem if you want to provide another user with access. Since all accounts are managed with a single set of login credentials, if you give another user access to their addon domain you are also giving them access to your main domain. If you have vital information stored on your main domain and you are hosting another domain as an addon domain for someone else, you cannot provide them access to their hosting without compromising the integrity of your main domain.
When hosting sites as a Reseller, your clients in turn will want access to their account and will want exclusive rights to their disk space and server resources. With a Reseller account, each sub-account you create gets its own username, password, and isolated user space on the server. Individual clients of yours have access to their user space and their user space alone. In addition to the isolation with regards to access concerns, each account also gets their own cPanel access. All of the same great features that you use to manage your sites can also be given to your clients. Next time client Y wants to add an email account, you don't have to do it for them for fear of giving them access to your cPanel, you can simply give them their login details and they can manage their own email accounts.
2. How important is site security between sites?
This is along the same lines as point 1. This is not necessarily related to who you are hosting for, but what content you are hosting. Imagine that you are a webmaster and you are hosting your own personal site-in-a-box community forums (such as PHPBB or vBulliten) on your main domain and a company website for a paying client on an addon domain. It is not uncommon for popular scripts to have security flaws in older versions. Script authors will often update security flaws in later versions of their software. For this reason, it is very important to keep scripts up to date on your site. But let's assume you forget to update your scripts for a couple of months and an unscrupulous individual takes advantage of a well known security hole. Using this exploit, they gain access to your forums and any subdirectories. Since you are hosting another domain as an addon, they now have access to this domain's content as well. A site defacement on this company's site may not bode well for you when they are considering you for web master services in the future.
If these two domains had been separate into two individual users (i.e. two subaccounts created through a Reseller), their content would've been inherently isolated server side by Linux's user management. Sure, your forums still would've been affected by the security hole, but the break-in would've been isolated to your site alone.
Going back to our example, let's say that instead of a corporate website as an addon domain you are hosting an image gallery site for all of your cats. In this case, it may not be a big deal if a compromise in your main domain spreads to your addon domain. After all, they are both owned by you and you're only losing some time and effort to restore these sites from your local backups (which I'm sure you've actively maintained ). But then again, you are losing time and time is money. If these sites had been separated into individual users, again, you'd only have to restore one site's content.
The idea here is isolation. Reseller plans provide you with the peace of mind to know that if one of your users doesn't keep up with their site's content as actively as they should, their actions won't negatively impact the content hosted on other domains. If you and those you host in your addons are diligent webmasters, maybe this point won't have much bearing on your decision. Only you can say for sure.
3. Will these domains need SSLs?
As of this writing, SSL certificates must have a dedicated IP address to be installed. If you are hosting multiple domains on the same shared hosting package, you can still install an SSL (or purchase a dedicated IP address and install one) but you are limited to exactly one SSL on your account. If you are hosting multiple domains on the same package (and consequently the same IP), you must choose which domains gets to have the dedicated SSL.
Sub accounts of Resellers can each be placed onto separate IP addresses and, as a result, can each have their own dedicated SSL installed.
Of course, both shared accounts and Resellers' sub accounts can use the server's shared SSL free of charge. However, some clients prefer to see their domain in the URL bar when they visit https.
4. How resource intensive will these sites be (RAM, CPU, MySQL)?
We've already established that disk space and bandwidth will be no problem. But what about CPU, RAM, and MySQL resources?
It's important to be aware of the resource needs of your website. As administrators, we have to make sure all users "play nice" on the server. We can't have user X eating all of the CPU cycles computing pi to the trillionth decimal place while you are trying to serve web pages to your loyal visitors. We have to monitor the actions of all of our users and in the event someone is stepping beyond the bounds of acceptable resource consumption, we have to take action. In most cases, this entails disabling the abusive script, but in extreme cases we have to suspend the abusive user account to prevent other domains from encountering performance degradation on their sites.
If you are hosting 100 domains as addon domains, all serving nothing but static HTML pages, maybe you will stay off the radar.
But considering most sites are more complicated than static HTML, you may want to be aware of how many sites you host as addons and what content they serve. If you're hosting the latest and greatest Joomla modules, with up to date news feeds, integrated forums modules, polls, blog posts, etc your site can certainly require a degree of CPU to serve your pages. Now imagine you have 5 or 10 of these sites all hosted as addon domains. The resources these sites need to generate their content can quickly add up and before you know it you've got a friendly email from Acenet, Inc. in your inbox wondering why your user is consuming 2 of the 8 CPU cores on the server. That may be an exaggeration, but you get the idea. In the event your resource usage becomes so excessive that we have to suspend your user, now all of your sites are down instead of whichever one may be the direct cause of the spike in CPU, RAM, or MySQL consumption.
If each of these had been separate Reseller accounts, the offending account could've been suspended temporarily while we work through the cause, leaving the rest of your domains live and kicking.
The conclusion here is that you need to be aware of the needs of your sites in a general sense. Hosting unlimited domains within a shared hosting space is certainly a nice feature. For those webmasters who have multiple presences on the web, it's very convenient to be able to manage all of their personal domains from a single control panel. For those entrepreneurs who are hosting multiple domains for other individuals, the features and security associated with a Reseller plan and the inherent isolation of Linux users is a must have.
I'have a problem with my aps setup on sanbox.When i create on customer ccp when i click finish i have this error. I must only test.
View 3 Replies
Jul 13, 2005
Error: Instance of application with id 124 and version '1-4' can not be provided: There is no resource of class 'Shared hosting Apache' with provisioning attributes 'Web Cluster' in subscription with id 1.:There is no resource of class 'Physical hosting (IIS)' with provisioning attributes 'Web Cluster' in subscription with id 1..If i add the shared hosting apache resourse i get this error : There are no "apache" services that satisfy given attributes: "Web Cluster".
I am developing a website for a client of mine (the client is a close friend and know's that he is getting a newbie). This site will be larger (project wise) than anything that I have ever done (everything I have done in the past has been FrontPage). We will be using several third party applications that need to run on the server as well as our own custom developed applications. We do not yet know how much access to the server's deeper structures we will need for all of the applications that we want loaded on our server to run. Things we have in mind: oscommerce, mysql, php5, apache, linux, vbulletin, blogger, phpbb, adserver, ect... Would these things run ok on a shared host and would I have full authority to configure them without needing full access to the server? Or will I need access to the entire server (dedicated server) in order to have full customization capabilities? I guess all I am trying to figure out at this point is will shared hosting for a large project limit our abilities to use 3rd party apps, or do most 3rd party application designers build their stuff to work in a shared hosting environment anyway? If we need to get a dedicated server we will, but if we can get away with shared hosting for a while (especially during development when the site will not be generating revenue) it would be nice to avoid the price of a dedicated server. Many thanks for your comments, insight, and expertise! Also, if anyone can sight some common scenarios that may require a dedicated server over a shared hosting plan, that may help me to understand what the limitations of a shared hosting plan vs. a deicated or virtual dedicated server are.
View 2 Replies