Archive for July, 2007
We get this a lot when talking to customers, namely they bring up an example of a web hosting outfit who is offering a cheaper rate or more bandwidth for a lower price.
Example. We have a client who pushes about 620 gigs of data a month on one of our dedicated servers. They stream a large amount of videos (no, it is not what you think).
Now the way we work, being a specialty web host and all - is we do not employ limiting software for our clients as far as how much of the “pipe” they can use. So, that means their customers get to access that data up to 100 MBPS if they can download that fast. The bottom line is that if you suddenly get national attention and a rush of traffic because you were mentioned on Oprah - we want you to be able to withstand that and not have your website go down. We’d rather come back and talk if it continues rather than have some cost-saving software on our end cut you off at the knees.
It is all about the server’s connection to the Internet (the “pipe” if you will), so to put it into perspective – here’s what you get with different hosts.
——————————————————-
Typical Shared Hosting Account = as low as 256k/sec
Typical VPS / Virtual Private Server = 1.5mps
Typical Basic Dedicated Server = 10mps
Typical High-end Dedicated Server (Like Us) = 100mps
——————————————————-
That’s why the question “How much Bandwidth do I get?” is such a loaded one. It’s quality –vs- quantity.
Your shared web hosting account may offer “unlimited” data transfer a month – but to move that 620 gigs of data would take exactly:
264 Days 2 Hours 3 Minutes 33.76 Seconds on a share hosted –vs- 19 hours on our servers.
If you run a Point of Sale System ( POS ) & or Store on the same server, then performance is impacted by everything going on on that server.
July 26th, 2007
It’s 3:00pm PST as I write and I just got another “tip” from some ambiguous article archive I apparently opt-in on about starting a home business.
This is probably the 100th or so of these I have gotten recently and it’s time to spill the beans.
Most of these so-called author’s do nothing else except send out articles on how to run a home-based business. Kind of funny in a way, because they do nothing else except send small paragraph-length emails that are horribly devoid of any real useful information about small business, starting a home-based business or anything else along the lines of this topic.
So, here’s Tom’s tips for the home-based or start up business. It doesn’t matter if you are large or small - here’s the straight talk you need:
1) Don’t be stupid.
This is key. This may be unavoidable for some.
2) Don’t “try” different marketing approaches without quantifying the results.
That means if you spend $125 on a yellow page ad, you better be asking your clients where they heard of you when they do call so you can tell if it’s a good investment. That goes double for keyword advertising like: Google, Overture, Sprinks, etc.
3) Your idea may totally “suck”.
Don’t be afraid to revise your idea. Columbus was looking for quicker route to India, but things worked out for him pretty well. Just because you have “an idea” doesn’t mean it is a good idea.
4) Don’t copy someone else’s plan.
That means avoid MLM, quick-turning real estate or home-based franchises that do not have a corporate office, UNLESS you’re really good at conning and recruiting other people.
5) Don’t believe the “pay yourself first hype”
If you’re building an enterprise that has employees, facilities, etc.. you should probably pay them first… it’s bad karma otherwise.
6) If you do have a successful run, you’re next is more likely to fail on your next idea.
See #3 above. Hubris & pride are killers. Ask the dot-com folks or as we see here in Redmond, WA - Former Microsoft millionaires who cannot start a successful venture on their own. Funny stuff. I started buying up the expired domain names of some of these companies who failed miserably, but still turned moi down when interviewing for them back in 98′ - 99′ when I was a young buck.
7) You don’t always have to “spend money to make money”, but quit being such a damn tightwad.
You rarely succeed on cheap hosting, programming, design or PayPal-only ecommerce sites. It costs you more in the long run when you’re cheap.
8) There is no 8th thing.
9) It’s not quick. You cannot get rich quick unless you play the lottery. You should focus on building a solid business slowly over time. We’re in year 4 and doing well using this principal. That goes doubly for the web. The web should be a channel for your business, nothing more. If you have no experience running an online store… find someone who does. You can’t expect to jump or transition an existing business into ecommerce without finding good help.
10) 60% of all business’s fail within the first four years, but for you we give you 11 months.
Don’t “try” to succeed. That is a half-assed approach that is bound to fail. Make a plan, write it out. Distill your offering down to 1-2 sentences that describe your service, product or whatever it is that you are doing to make money. Darn, now I have to split this one off into #11:
11) Don’t use ambiguous language.
You’re not the best. You’re not fooling anyone. Your brand new company that has a poor Google page rank or an Alexa ranking of 5,000,000+ (not good) and no visitors isn’t “The World’s Premier Provider of Technology-based Solutions for the Proactive Development and Deployment of Widgets.”
Look it’s easy:
Proposal Kit.com – Get the client, close the deal. Make more money from the jobs you take with easy to use contract, proposal and estimating templates.
Template Kit.com – Start your next project half-finished. Get a jump on development with our immediately downloadable source code templates.
Proposal Packs – Upgrade your image and your bottom line. Deploy proposals ranging from 3 – 32 pages in length. Our Wizard gets you up and running in minutes.
July 18th, 2007
Securing your servers & applications is always at the forefront of any “good” development group’s conscience.
If it is not, then heck, you are amateurs and your company deserves to whither and die because this is not a business where the”Fisher Price - My First Web Company” type of stuff cuts it.
This applies to the following people or companies:
- Web Freelancers who deploy open source or use community-grown contributions and freeware code for their clients.
- Companies & Developers who deploy or base customer-applications or tools off of open source or other frameworks.
- Companies and Freelancers who DO NOT watch to see if what they are deploying for their clients and customers later develops security flaws, exploits or other nasties.
- Web Hosts who run VPS or Dedicated Servers for their clients.
- Probably YOU - if you are still reading this.
Bottom line is that it is often a “company-ending” event when a server gets hacked and you are not prepared both legally (read that as you have strong contracts in place to protect you from these events) - and defensively to limit the damage.
IMPORTANT - If you are hosting web sites for your clients and letting them install any number of applications like Bulletin Boards (PHPBB), CMS’s (Mambo / Joomla), Shopping Carts (OSCommerce, Zen-Cart) or even Blogs like this one - AND - you do not understand any of what we are about to list off - then you should call us TODAY (877-239-3083) because you definitely need some quick and inexpensive help to secure your business.
For anyone who has even watched a company, client or server burn because a “guestbook” compromised their entire server - this is for you.
For anyone who lets their clients install applications via Fantastico or PLESK Application Vault - then this is for you.
For anyone who does not know what scripts & applications their clients are currently running on servers you are responsible for - then this is for you.
Kevin Huisman, our Development Manager and “server watchdog” recently posted the following:
For everyone interested in server security stuff, we thought we’d pass on a bit of info.
We had been using some home-grown rules to combat hack attempts, and decided to really do some research into finding a more comprehensive rule set. Sort-of a “why reinvent the wheel”…
There is a great site to become familiar with — http://www.gotroot.com that has a really comprehensive set of rules for multiple issues - IP and proxy black lists, known bad useragents, comment spam, etc.
Some of the rule sets make sense to use verbatim:
- Rule Exclusions
- Comment spam blacklist
- Compromised/Hacker boxes blacklist
- Anti-Proxy protection
- Bad UserAgents blocking
- Anti-Proxy protection
- “Google Hacks” signatures
- Known rootkits/worms
And so on…
There’s also a badips.conf file found in the “All in one” downloads that isn’t directly linked to from their list. It’s another set of IPs to ban, and it’s specifically for Apache 1.x / ModSecurity 1.9x, which usually fits the bill on most older versions. They retired it in Mod Security 2.x. rules, since there seems to be a better way of doing it in that version.
You should also look at what they call “Just in Time” protection, a set of rules that combat known vulnerabilities in specific open source web apps.
They have rules for squirrel mail, phpbb, formmail.cgi/pl, Coppermine, and a whole host of others.. You may not really need the bulk of the rules if you do not specifically run those web apps. You can just use those you need on each server.
It is recommended that rather than a wholesale deployment of all possible rules - you merely go through and whittle the list of rules down and remove those that do not apply to the web app versions you are using. Many times you simply find that even with these rulesets some of them maye .conf files are actually behind the versions of the web apps you’re using such as when specific files with specific known vulnerabilities that have been fixed since the rules were created. This is a bit of a lower priority at this time, since it probably doesn’t save much in the way of speed or processor.
As far as processing/speed goes, it’s a fairly big set of rules when you combine them all together, and we noticed that it takes a few beats longer to restart apache, but once it’s running, we haven’t seen any significant slowdowns.
Individual results may vary based on how many domains and traffic each of your servers or VPSs have.
July 13th, 2007
