Web hosting

[WYD-KEN]

I didn't want to hijack SickPuppy thread.

I was curious about what others do for web hosting. shared,VPS or dedicated.

We use one of our dedicated servers and rent a cpanel lic. to host websites for our clients.

Downside to that, when somthing goes wrong it can be a bear to fix.

[studeggle]

We host our own on colocated machines, to much work to screen potential web hosters and it doesn't cost much too slide the web services into one of the datacenters we're allready collocated at.

[lpgservers]

We host ourselves, simply put it's a security nightmare for a real company to put their customer's info at risk.

[Goran]

Same here, own dedi for hosting webbies!

[SickPuppy]

We host ourselves, simply put it's a security nightmare for a real company to put their customer's info at risk.

 

If you think your account information can't be hacked just because you are running your website on your own server just ask Visa, they had 4000 Credit Card accounts compromised when their dedicated server was hacked.

 

We do not store or collect any Credit Card or other personal information. The only thing that a hacker could gain access to would be the customer's name and address. Nothing that isn't already published all over the internet.

 

We use a third party payment processor to collect credit card payments.

[Admin-Nation-Servers]

If you think your account information can't be hacked just because you are running your website on your own server just ask Visa, they had 4000 Credit Card accounts compromised when their dedicated server was hacked.

 

We do not store or collect any Credit Card or other personal information. The only thing that a hacker could gain access to would be the customer's name and address. Nothing that isn't already published all over the internet.

 

We use a third party payment processor to collect credit card payments.

 

 

Same.

 

--

 

I've been checking lots of peoples dedi boxes and they have rdp open to the world (Not stalking lol), and if you are using Administrator accnt via rdp it could be bruteforced fast (depending on length of password), my suggestion if you absolutely need rdp open, disable the administrator accnt, and create another username that cannot be guessed easily, that alone will stop many bots.

 

Also many people just turn off their firewall, as soon as you create one box with a secure firewall policy you can export the policy and use it on the rest of your boxes.

 

I've had fellow companies servers get hacked for something that could've taken them 5 minutes to do.

 

It should be critical to secure all possible known exploits, my suggestion get PCI certified. http://www.mcafeesecure.com/us/

[lpgservers]

If you think your account information can't be hacked just because you are running your website on your own server just ask Visa, they had 4000 Credit Card accounts compromised when their dedicated server was hacked.

 

We do not store or collect any Credit Card or other personal information. The only thing that a hacker could gain access to would be the customer's name and address. Nothing that isn't already published all over the internet.

 

We use a third party payment processor to collect credit card payments.

 

We don't collect credit card information at all as it isn't legal for us to do so without meeting compliance. I'd rather leave the compliance standards up to a third party site to deal with the legalities. However, having your databases open to anyone who works for the hosting company your with is ludicrous in my opinion. Who knows if they use outsourced support from India or wherever or not and then they take that information to sell your customers info or anything else. Simply put, it's a nightmare and no way would I risk that when it is so easily avoided.

[Derek]

We store all credit card information from clients that pay using direct credit card. We use Fire Host (http://www.FireHost.com) in which we have 2 VPS'es from them one is only used for the mySQL databases as that is the only way to be PCI compliant. We pay just over $400 a month for the two VPS'es but I can tell you it's well worth it as they are not your average support team (way above your average managed host).

 

They host Kevin Mitnick (http://www.mitnicksecurity.com) in which he has yet to been hacked since he has moved to Fire Host (all other hosts he was hacked weekly). They all host a bunch of other large businesses such as ABC etc.

[tehrichie]

We store all credit card information from clients that pay using direct credit card. We use Fire Host (http://www.FireHost.com) in which we have 2 VPS'es from them one is only used for the mySQL databases as that is the only way to be PCI compliant. We pay just over $400 a month for the two VPS'es but I can tell you it's well worth it as they are not your average support team (way above your average managed host).

 

They host Kevin Mitnick (http://www.mitnicksecurity.com) in which he has yet to been hacked since he has moved to Fire Host (all other hosts he was hacked weekly). They all host a bunch of other large businesses such as ABC etc.

 

Firehost is big bucks, but I hear so many great things about them. Awesome to see a satisfied customer.

[SickPuppy]

having your databases open to anyone who works for the hosting company your with is ludicrous in my opinion. Simply put, it's a nightmare and no way would I risk that when it is so easily avoided.

 

I don't understand what it is you are trying to protect. Unless you are collecting information like date of birth or SSN from your customers there is nothing that needs to be secured. Their name, address, for most cases their phone numbers, and email address are all public record and can be obtained with little effort.

 

Who knows if they use outsourced support from India or wherever or not and then they take that information to sell your customers info

 

If you were running a Porn site I could see trying to protect the identity of your customers but you rent game servers.

 

We store all credit card information from clients that pay using direct credit card.

In Derek's case he needs to be concerned, he is collecting CC information. At $400 a month, I would rather use a third party processor and let them worry about security and compliance standards.

[lpgservers]

I have a privacy policy and I adhere to it. I don't collect dob nor ssn, however, I take my customer's information very seriously as I hope that those I do business with do as well. I just run things differently than you, not that one way is better than the other, simply a difference of opinion. The aspect which I like is that I'm fully responsible for managing the web server and all aspects of it. I'm not relying on some other company that I really don't know with one of the most important facets of my business.

[dimitrifrom31]

Topic was about solutions you use for your customers web hosting, not whats ur own solution for your own company website.

 

 

I gave up webn hosting a long time ago for various reasons, main ones are :

 

- there are tons of free (and ads free aswell) solutions now all over the web including php support and mysql db.

- web hosting = lot of time for support/maintenance and low money => I chose to focuse on game/voice servers only.

[powerpc]

To me the the biggest problem was to find a host with all the features i want.

 

Yes we are using a webhosting, i don't see the problem about that.

If it is to big security problem to you/someone then you can host your own sql server, then someone ask.. why not host we if you host your own sql¿

 

I do not want to use much time on install/update all things like etc. apace,php,sql,ioncub/zend,backup,whatever....

 

And to me, its not secure if don't know what you are doing.

I don't see the problem to spend etc. $200 a year for all that

 

Happy hosting ~;-)'>

 

Sorry the BAD English

[Admin-Nation-Servers]

Guys remember to change your servers SSL settings if you are hosting the website yourself.

 

Default: Ssl Version 2 (v2)

 

Reason (from pci): Connections encrypted using SSL 2.0, reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.

 

Fix

Use: SSL 3.0 or TLS 1.0

 

Tutorial to change SSL: http://forums.iis.net/t/1151822.aspx

[WYD-KEN]

Topic was about solutions you use for your customers web hosting, not whats ur own solution for your own company website.

 

 

I gave up webn hosting a long time ago for various reasons, main ones are :

 

- there are tons of free (and ads free aswell) solutions now all over the web including php support and mysql db.

- web hosting = lot of time for support/maintenance and low money => I chose to focuse on game/voice servers only.

 

Do you think not offer web hosting hurts your business?

Web hosting is a pain in the butt!

[dimitrifrom31]

Do you think not offer web hosting hurts your business?

Web hosting is a pain in the butt!

 

Not at all, a wise customer will NEVER rent his game server AND web server at the same GSP. Reason is pretty much simple : most often web hosting is "offered" but when the customer stops renting his game server he looses his website.

For those who really need web hosting I just redirect them to one of the dozen free and trustful web hosters.

 

And idd web hosting is a pain, thats a full tiem job but thats not my job, im hosting game servers, dont need headache for nothing with web hosting.

[Josh205]

I'm curious as to how many GSP's also don't offer webhosting because of the extra work involved.

[SickPuppy]

Do you think not offer web hosting hurts your business?

Web hosting is a pain in the butt!

 

Use a web hosting reseller that way you don't have to maintain or update anything. It is easy and there are quite a fre resellers out there.

[ECF]

Web hosting is simply support intensive as was already pointed out. Reselling is a decent way to go if you do not want the headaches of the support. However clients are still going to contact you for certain things such as "How do I setup a fast redirect for my server?"

[SickPuppy]

Web hosting is simply support intensive as was already pointed out. Reselling is a decent way to go if you do not want the headaches of the support. However clients are still going to contact you for certain things such as "How do I setup a fast redirect for my server?"

 

I agree it does increase support but if you are using a reseller the increased support is small compared to the advantages of offering web hosting.

[SickPuppy]

Not at all, a wise customer will NEVER rent his game server AND web server at the same GSP. Reason is pretty much simple : most often web hosting is "offered" but when the customer stops renting his game server he looses his website.

 

Web Hosting for a game server provider is called an anchor product. The customer has all of their services at the same location. This makes it less likely that the customer is going to migrate those services to another company.

 

This is why we only offer Ventrilo, Teamspeak, and Mohawk to customers that rent game servers. We also offer free web hosting accounts to customers that rent 20 slot servers.

 

Offering web hosting is not hard using a reseller.

[dimitrifrom31]

Web hosting is simply support intensive as was already pointed out. Reselling is a decent way to go if you do not want the headaches of the support. However clients are still going to contact you for certain things such as "How do I setup a fast redirect for my server?"

 

 

thats why I got fast redirect auto setup and im giving customers a list of free web hosts if they really need one. Thx god most of them are already using free hosts, might be a french/european specificity tho idk cuz we had some providers offering free web hosting years ago. Right now you can get unlimited accounts each of 10Gb disk space, mysql and php, no ads at all for free.