DNSstuff.com
Sep
30th

Finding A Cheap Dedicated Server

You know the old story … cheapest isn’t always best. However, with a little bit of research and some due diligence you can usually find a good deal on a dedicated server.

Firstly, it’s important that we define ‘cheap’. The price range for a fairly fast dedicated unix server (i.e. Linux/Fedora/RedHat etc with single high end pentium 4 processor, at least 80GB hard drive, 1GB of ram and WHM installed) varies from around $US120.00/mth to $US180.00/mth. That price range is based on my own experience and research so there will obviously be some that are a little higher or a little lower but you will find that most of the larger hosting providers fall somewhere in that range and then go considerably higher for multi-processor servers, extra RAM etc. If you are just looking to host a fairly busy site or a bunch of smaller sites then this type of server should be more than enough. There are quite a few servers available in lower price brackets. These are generally referred to as ‘budget priced’ dedicated servers and they are also quite suitable for many applications but keep in mind that it is BUDGET hosting and as such may not have the same service guarantees or customer support level as the higher price brackets.

Many people get confused about the terms ‘Virtual Private Server’ or ‘Virtual Dedicated Server’ and how they compare to a genuine dedicated server. The only difference between ‘Virtual’ dedicated and standard shared hosting are that there are less people using the server and you have more control over the server resources. It’s still a bit of a gamble though and performance will vary depending on who is in the ‘neighbourhood’. Being a shared server, whilst there may only be 3 or 4 others sharing the server, you only have to have one of those people giving the server a real hammering and it will affect you. If you are serious about having a dedicated server then you need to be looking for a real dedicated server that you don’t have to share with others.

As usual, I’ll only list hosts that I have had personal and positive experience with. Some of them are affiliate links and some aren’t. I’m not big on affiliate programs but they help pay for the pizza, so they can’t be all bad!

First though, here are some links to a few of the better web hosting directories and forums:

Website Host Directory

Web Host Directory

Web Hosting Talk

APlus.net is probably the fastest host I’ve worked on (other than Rackspace). I had a contract to set up an online job finder script and most of the time it was like the server was in the room next to me rather than on another continent! The couple of times I contacted technical support their responses came in less than an hour and my client also had several pre-sales discussions using their live chat service. All in all it was a very pleasant experience.The only negative comment I would have is that they use a Plesk control panel. I’m CPanel/WHM through and through, so take that as a personal opinion rather than an objective analysis :).Now…here’s how to find the best deals. At the time I added this link there was a big special on their homepage as soon as you clicked through. If they aren’t running that special, then look at the menu on the left and click on ‘Value Servers’. They are running a $49 special with no setup fee. The $49 server doesn’t have a high end CPU but it still should give you much better overall performance than a Virtual Private Server. It’s also great for techies who want a server to do some development on or any business that wants a secondary DNS and MX server.

Another place to look for good, cheap dedicated server deals is at Layered Technology. They often have a range of cheaper servers available on their Server Specials page.

I’ll add to this list as I find more places for good deals, but if you know of any others, please leave a comment or submit a ticket to our helpdesk with the details so we can add it in.

Sep
22nd

How Do Hackers Get In?

The most common ways that unauthorised persons gain access to your web site and/or hosting account are:

  • Weak Passwords – If you use simple, plain english passwords then you are an easy target.
  • Script vulnerabilities – These are generally ‘back doors’ that are caused by insecure programming code.

Passwords are entirely within your control. You can choose to use weak passwords or you can choose to use strong passwords. Many people use weak passwords because they want something that is easy to remember. If remembering passwords is a problem, then I would strongly suggest you use Roboform. Roboform can not only store all your passwords securely (they are encrypted when stored) but can also generate good, strong passwords for you at the click of a button. You can also easily back up the Roboform files that contain your username and passwords.

Script vulnerabilities are a lot more difficult to keep track of. New bugs and issues that allow unauthorised access are found each day in hundreds of different scripts and programs. In this case you should exercise due diligence. Do a search for the program name before you buy it and add ‘security problem’ in the search term … like ‘some_script security problem’. Taking a few minutes to check whether there are any known and/or makor security issues can save you a lot of stress in the long term. Most professional scripts and many open source scripts have regular updates and patches are often released to plug any known holes. It is in your interest to stay informed of these types of issues.

Sep
20th

6000 Accounts Hacked

Filed under Industry | Leave a Comment

You may have seen mention of this on Digg. Layered Tech sent out an email to all customers about a possible security breach. They’re one of the larger hosting companies, and also one that I recommend so I have an obvious interest in the story. I have 3 dedicated servers at LT. Unless you followed the link at Digg though, and read the email it could be a little misleading. Like most ‘hacking’ stories there was a lot of emphasis placed on the ‘hacked’ part and not much attention paid to the actual email that LT sent out.

The way I read it, Layered Tech detected unauthorised access to their support system. It’s unknown if the person actually retrieved any information, so, as a precaution they are suggesting that all customers change their passwords. Now that’s really open to interpretation. If you take it at face value then it says ‘something bad may have happened but we’re not sure .. so let’s be on the safe side’.On the other hand, I’m not sure whether any hosting company would want to come right out and say ‘hey, someone got 6000 login details .. better change your password quick!’. Only time will tell I guess.
The implications are huge of course. Many communications in their support system would include the root passwords for dedicated servers. At the same time though, if your server is properly protected then there is only a minimal risk of compromise. By properly protected I mean that you have a firewall installed with rules in place that only allow SSH access from specific IPs (i.e. yours and LT support) and you have your SSH server listening on a port other than port 22. You should, of course, have all of your data backed up as well and never keep sensitive information such as credit card details anywhere on your server.

People tend to jump on these incidents when they happen but the reality is that virtually any server can be compromised by an ‘elite’ hacker. By taking several precautionary measures though, you can prevent 99% of computer criminals from remotely compromising your server.