4 Reasons Why Shared Hosting is Like Fast Food

Everyone wants a great deal. Getting as low a price as possible, within reason, is essential to power your business with a shoestring budget. It’s easy to have a feeling with a business that the cheap solution is necessarily the best – you’re treating the challenge pragmatically, with as little investment as possible. Plus, the most affordable option is often the most widely available, since everyone wants to control their costs.

 

When we need hosting, as with any other business service, we want to quickly get the plan without any hassle. In wanting to check “get hosting” off our list and keep moving forward, it’s easy to set aside the health of our site. It’s a similar challenge to driving along and needing a bite to eat. The highly processed choices of fast food chains are available immediately, right on the side of the road. We can get a meal quickly, and we know it won’t cost us much. However, we know the health benefits can be devastating.

 

Steve Woody of Online Mastery suggests that shared hosting is digital junk food for your online presence. He says he feels that many people are not being cautious when it comes to the infrastructure they use to back their sites. Understandably, people who used shared hosting for their businesses are “[t]rying to increase the bottom-line and reduce cash-flow,” he says, adding that “[i]t’s easy to play naive and deal with the consequences later.”

 

Here are four reasons why it’s a good idea to go another route than shared hosting:

 

Reason #1 – You are expendable.

 

Want to be treated like a king? Unfortunately, you won’t get VIP treatment as a fast food or shared hosting customer. Shared hosting companies make money off their volume of customers – so they could really care less about whether one account stays or goes.

 

With a shared account, “there is only so far a host will ‘bend over backwards’ for you,” explains Jonathan Bailey of Bloggingpro. “If you want a host that is willing to do more for you and work with you more, you need to consider spending more money.”

 

Reason #2 – The information is misleading.

 

Shared hosting may be sold as if it is designed for smart and healthy business growth. However, like fast food, the hosting companies that focus on shared hosting are simply trying to cut costs and sell as many of plans as they can. Does the burger you eat ever look like the one in the picture? Similarly, your shared plan might not live up to the way it’s sold. One example of unreasonable shared hosting expectations is the notion of unlimited resources, which is protected with “fair use” clauses in fine print.

 

Reason #3 – Performance.

 

A shared server cuts costs for all businesses by allowing numerous people to share the same resources. It would probably annoy you to be reliant on the same cellular data plan that is being used by all the other people on your block, but that is essentially the idea with shared hosting.

 

What if you suddenly need a huge amount of resources? Think about that issue of scalability. “If one website is taking up too many resources these servers have a failsafe and the website gets shut down to prevent others from being affected,” says Woody.

 

How is this like fast food? Well, fast food is intended, like other food, to provide you with energy. However, it may be likelier that a low-nutrition meal filled with additives will leave you with symptoms of anxiety and chronic fatigue syndrome. Don’t feed your site so many French fries and chalupas that it can’t get up off the couch.

 

Reason #4 – Security.

 

Security should really be viewed as a necessary priority in an era of increased hacking and open sourcing of DDoS botnet code. You may think you don’t need to worry about hacking until you grow more. However, it’s important to know how vulnerable a site of a small business is if it does get compromised: 3 in 5 small businesses are bankrupt six months following a hack.

 

A shared server does not have the kind of distinction, separation of data, that any business should really want. It’s not a particularly careful way to host sites. What if a malicious threat such as E. coli comes along and wants to enjoy your site? Don’t let your site get food poisoning from shared hosting.

 

Why Shared Hosting is Dangerous – Exploration of Attack Steps

 

My point in this article is of course not simply to draw this parallel with fast food. It’s to suggest that shared hosting is not the right choice just because it’s simple. Like the perils of eating the wrong types of food are best explained by looking at specific issues, as explored in Fast Food Nation or Super Size Me, it helps to look in a granular way at shared exploits to understand why these servers present a weak front.

 

The InfoSec Institute looks at the shared server from the perspective of the process through which someone might compromise a site. Here are the basic stages through which a hacker might go after your site:

 

Reverse IP lookup

 

Before a hacker actually goes after your site, they will perform what’s called reconnaissance. In this manner, you can see what domains are on the shared server.

To see all the sites that are running on your server, you can use various methods, including search engines, the Linux dig command, or a free service such as YouGetSignal.

 

Server CMS enumeration

 

The next step for an attacker is often to find sites with certain types of content management system (CMS), such as WordPress. A CMS is a standard point of entry for cybercrime.

 

To understand the typical path of an attack, you want a list of the sites that are using a certain CMS. You can get a list very easily – the platforms place their name and version information in the source code.

 

You (or a hacker) can actually just build the IP and CMS lookup into a script if you want.

 

Waging a CMS attack

 

Once you have a list of sites running a CMS, you can divide it up into ones that are running WordPress, Joomla, Drupal, etc.

 

You can use a vulnerability scanner to check for weakness on any CMS installation. Another place to get information is exploits that are on file at services such as Exploit Database.

 

The vulnerability scanner will quickly give you basic details that would be helpful in attacking the site. For instance, let’s look at the use of one for WordPress, WPScan. WPScan brings up the following information:

 

  • Active plugins
  • Active themes
  • Any detected TimThumbs (a known security issue)
  • List of usernames.

 

Note that one key way an admin panel is beaten is through brute force, leveraging the fact that many websites don’t use complex passwords. This method could use a list of the most popular passwords. You can even brute-force using WPScan if the login page doesn’t have a captcha in place.

 

“Based on the strength of your wordlist there is a high probability that the passwords of wordpress admin accounts will be cracked successfully,” notes the InfoSec Institute report.

 

*****

 

The above issues with shared hosting are disconcerting – especially since it’s clear that the security protection is insufficient for businesses. Luckily a shared server is not the only option on the market.

 

Do you want to drive by the fast food options and get hosting that will instead improve the strength and vitality of your business? At KnownHost, our high-quality managed VPS hosting plans offer fast servers and a 99.9% uptime guarantee at great prices. Compare plans.

Read More

What Do You Need to Know About Lost Money from Poor Hosting?

  • Connection between hosting and performance
  • How quickly do people leave a slow site?
  • How valuable is an online customer?
  • What’s the cost of a minute of downtime?
  • How long does it take to resolve the average site disruption?
  • How do performance leaders generally outpace their competition?
  • What benefits arise from a greater focus on performance?
  • Better hosting for the benefits of strong performance

 

Connection between hosting and performance

 

Everyone knows that certain types of technology are stronger than others. It would make sense that there are stronger hosting technologies that a company can choose to improve their speed, deliver better user experience, and differentiate themselves from competitors. However, it is understandable that many people’s eyes glaze over when the topic of web hosting or infrastructure are mentioned. There is a lot of subterfuge and selling of products that are ultimately poorly secured and end up costing businesses money because of a general misunderstanding that “hosting is hosting.”

 

That said, how can we understand or define poor hosting? Well, certainly one of its attributes is that is has lackluster performance. If you have low-quality hosting, it would be assumed that you won’t be able to reliably deliver content and other services at a fast pace to your audience.

 

Do you think performance doesn’t matter, or that it’s something that you can ignore – that will “take care of itself”? Take a look at these statistics from an August 2016 report by the Aberdeen Group (with more coverage on each of them below):

 

  • * More than one out of every three people, whether on mobile or desktop, will leave a website if it takes longer than 3 seconds to load.
  • * Information collected by websites that have prioritized strong performance is four times likelier to utilize real-user data.
  • * Companies that speed up their websites are 90% likelier to see an increase in traffic than those that do not.
  • * If an organization improves the performance of its site, it thereby makes itself four times likelier to increase its e-commerce revenue.

 

How quickly do people leave a slow site?

 

These numbers are measurements of the number of users who leave a site within just 1, 2, or seconds – according to data collected from 103 different websites for the same Aberdeen report:

  • * At 1 second – 6% of companies say that desktop visitors have left, while 5% of them say that mobile visitors have left.
  • * At 2 seconds – 7% of businesses say that desktop visitors have left, while 14% of them say mobile visitors have departed.
  • * At 3 seconds – 21% of firms say that desktop visitors have left, while 20% of them say mobile visitors have left.

 

Note that at three seconds, more than one in three companies say people leave – 39% say it’s true of mobile users, while 34% say it’s true of desktop users.

 

How valuable is an online customer?

 

Respondents (managers of websites) polled by Aberdeen also provided information on how they value the average customer. Out of those organizations surveyed, here is how much companies said the average user was worth to them:

 

  • * More than $100 – 1
  • * $91 to 100 – 0
  • * $81 to 90 – 0
  • * $71 to 80 – 3
  • * $61 to 70 – 17
  • * $51 to 60 – 18
  • * $21 to 50 – 24
  • * $11 to 20 – 16
  • * $1 to $10 – 11
  • * $0 – 5.

 

What’s the cost of a minute of downtime?

 

Let’s look at this from a different angle: rather than thinking in terms of the value of an individual customer, think about how much it is worth to have your site up and running. How much does it cost the average company if their website goes down?

 

Here is data from a June 2016 survey by Aberdeen Group. This is how websites valued a minute of downtime, in terms of its cost to their business:

 

  • * Don’t know – 5%
  • * $40,000 or more per minute – 0%
  • * $20,000 to $39,999 – 1%
  • * $10,000 to $19,999 – 13%
  • * $5000 to $9999 – 15%
  • * $1000 to $4999 – 31%
  • * $500 to $999 – 21%
  • * $100 to $499 – 7%
  • * Less than $100 – 7%.

 

In the context of poor hosting, you are much likelier to experience downtime. You can draw a direct line from downtime to a negative financial impact on your business.

 

How much time do you need to resolve a typical site disruption?

 

Businesses that were surveyed for the above numbers on per-minute cost of downtime (in June 2016) were also asked their average resolution time for the average disruption of services. Here were the percentage of them that estimated typical resolutions of various lengths:

 

  • * 9 hours or more – 0%
  • * 5 to 8 hours – 9%
  • * 3 to 4 hours – 20%
  • * 1 to 2 hours – 36%
  • * 30 to 59 minutes – 19%
  • * 1 to 29 minutes – 11%
  • * 0 minutes – 5%.

 

How do performance leaders perform differently?

 

One way to understand website performance is to look at what the performance leaders are doing. These “leaders” are organizations that were determined by Aberdeen to have consistently high performance, very little downtime, and good user ratings. These models of great performance are significantly likelier to use a broader array of tools to improve their speed and otherwise literally outperform their rivals. Compare the portions of leaders and followers who adopted these mechanisms:

 

Category of tools“Leader” adoption rate“Follower” adoption rate
from CDN provider49%26%
from DNS provider49%35%
network performance management49%35%
from hosting provider34%17%
application performance management40%38%

 

How do performance leaders generally outpace their competition?

 

Leaders in web performance aren’t just learning and integrating more best practices to speed up their sites. They tend to be more cutting-edge in their relationships with users:

  • * 5 times likelier to figure out the actual source of performance challenges;
  • * 3 times likelier to conduct real-user monitoring;
  • * 3 times likelier to gauge the performance it delivers to web and mobile worldwide;
  • * 65% likelier to look at mobile and web speeds from the user’s point-of-view;
  • * 45% likelier to test with actual day-to-day site traffic.

 

What benefits arise from a greater focus on performance?

 

Especially since it is so difficult to get people to your site in the first place, you want to make sure that they stay; in other words, you want strong user retention. However, as indicated in the above statistics, businesses report that people start noticeably leaving their site behind after delays of just 2 or 3 seconds. To keep from losing customers because of performance issues such as slow loading and disruptions in service, the models of high performance in industry (the “leaders”) are investing time into studying and leveraging performance optimization strategies and tools.

 

By using tools that focus on management and oversight of performance, the performance bellwethers integrate that type of data into business decisions. By incorporating various strategies and diversifying their defenses in that manner, leaders “are able to take an end-to-end approach that makes it possible to find all potential issues, fix them before they impact users, and prevent similar issues from ever coming up,” explained Aberdeen’s IT senior research analyst Jim Rapoza, author of both reports cited here.

 

When businesses focus on performance, they become likelier to experience a number of key benefits, as indicated by the disparity between leaders and followers on these metrics:

 

BenefitAmong leadersAmong followers
Improved understanding of performance challenges89%62%
Less downtime63%28%
More visitors58%31%
More revenue42%10%

 

Better hosting for the benefits of strong performance

 

Two or three seconds may not seem like long, but it is long enough for many users to flee your site. By using best-in-class tools such as real-user monitoring and deep analytics, companies are able to improve performance and, in turn, achieve much better revenue.

 

One key way to turn your business in the direction of best-in-class performance tools in by reviewing the backend of your site: your hosting. At KnownHost, our SSD VPS packages have all the advantages of VPS hosting packages with the additional performance of solid state drives. Compare plans.

Read More

Basic Security Features of Your New Site You Need to Know

Security on the web has been a huge topic of conversation for the past several months, if not years, though our last election cycle has seemed to really spotlight it for the general population. More people than ever have been exposed to a conversation that business owners and IT professionals have been engaged in for years which is trying to find the best ways to protect sensitive data from malicious attackers. The security of your customers and visitors is also of the highest importance. So, what do you need to know to get your new site up to speed as far as standard security protocols?

 

There are a few settings and features to be aware of as you explore the backend environment of your new VPS in an effort to bolster your security. This is a good point to throw in some caveats when we talk about the security of any website. There are no guarantees. Hacking attempts continually get more sophisticated and things can happen despite one’s due diligence. What the following is meant to do is to inform you of some best practices that will help keep your site more secure, but is it in no way a definitive guarantee that nothing will happen to your site if you do “X” things. Taking preventative steps is better than taking no action, of course, so use this information to your advantage.

 

Once you’ve logged into the hosting environment of your VPS, here are some things to keep an eye out for.

 

CSF/LFD

 

The good news about a lot of the terms and acronyms that are going to be coming your way is that they refer to things that are (or should be) already installed on your server. If they’re not, you can contact customer service to get it remedied. So, you won’t have to worry too much about making sure all of these things are in place yourself. Let’s start with CSF and LFD.

 

ConfigServer Security & Firewall (CSF) with Login Failure Daemon (LFD) is a security application that can be accessed through cPanel, which will already be established for you when you log in. CSF/LFD does a few things. It is a Stateful Packet Inspection (SFI) firewall and login and intrusion detector. CSF/LFD sends notifications in the event that something with some importance is potentially happening. That’s to say, getting an alert doesn’t mean you’re in the midst of an attack. But, something worth your attention is occurring.

 

LFD has a variety of useful features built into it that we’ll touch on briefly here. You can read more about these features and examples of the kinds of notifications you’ll receive at our wiki.

 

LFD will automatically perform IP blocks based on reasons that can be configured by the user. By default, you receive notifications each time an IP is blocked. Whether or not you want to disable this is up to you. Depending on your traffic and your filters, you might be getting alerted to things constantly, which would be a distraction. Make sure you’re confident in your configurations before doing this.

 

LFD “keeps an eye out” for things like too many failed login attempts within a short period of time, too many connection attempts being made from a single IP address, certain email issues as they pertain to volume, and successful login attempts through a variety of methods including cPanel or SSH.

 

SSL

 

Secure Sockets Layer (SSL) is maybe a bit more familiar to people because of its general acceptance as a must have for many sites, especially e-commerce sites where you’re handling sensitive customer information.

 

To explain the technology in brief, having an SSL certificate is important because it signifies you’ve put certain protections in place to ensure the safety of your customers’ information. SSL encrypts the path between the server and the client. When customers type in their credit card information to make a purchase on your site, for example, that information is transmitted securely thanks to encryption instead of the plain text it is transmitted as without SSL. Because one method of stealing information is intercepting it as it is transmitted, SSL is more or less a must have these days.

 

You’ll have to install your SSL through cPanel. To do this, you’ll need to generate a Certificate Signing Request (CSR) in cPanel which you can do by following our guide. The signing authority you purchase your SSL from will need that CSR to complete your certificate. You can then install the signed SSL certificate through cPanel. You can typically tell if a site has an SSL right from the address bar in your browser. There may be a lock next to the URL to indicate security, or you can look for https:// to precede the site’s address. The key detail there is the S as the unsecured http:// delineates no SSL. If you’re unsure that your SSL has been installed, there are sites online where you can type in your domain name and it’ll tell you.

 

User Decisions

 

Moving along from server issues to issues that are more user based, it’s important to be smart with your content management system (if you’re using one) as well. Popular CMSes like WordPress often find themselves targets of malicious actors because of how widely used they are. It’s important to do your due diligence and ensure that you are regularly updating your CMS’ core software as updates are released. The nature of open source software is such that updates come out frequently because the user base is always inspecting the code. Vulnerabilities can also come from that same public knowledge of the code. It’s important to be on top of those updates because they almost always include security and bug fixes. This need for vigilant updates also applies to plugins, extensions, and whatever other additional modules that your CMS allows you to install to expand functionality.

 

Additionally, if you have multiple users with access to your site, be sure to restrict access to the bare minimum so that they can perform their job. The fewer people that have full administrator access, the better. Passwords should also be complex, a random assortment of characters greater than ten, and not a duplicate of any other password you use for any other service. Password breaches are still one of the most common methods of unauthorized entry to a site. Most of the time it’s because the user was either phished or the password was something relatively easy to guess.

 

Finally, backups are critical. Your host may perform backups for you, but you should still manually save things yourself on a local drive whenever possible just to be doubly sure you always have your information in the event of something going wrong. As a best practice, one backup of something is never enough.

 

Conclusion

 

At KnownHost, we value customer satisfaction. That’s why we want to set you up for success. Whether it’s needing faster hosting solutions than you’re already using, you have questions about security, or you’re looking to establish a web hosting reseller business, we’re available to help. Contact our team today and we’ll get you setup with the hosting that you need.

Read More

Why Does Genuine SSD VPS Conquer the Blog World?

  • 5 Benefits of VPS for Bloggers
  • 8 Reasons SSD is Better for Blogging
  • Why is Speed Central to Your Blog’s Success?
  • Support for Your Speed

 

If you’re a blogger, you probably don’t want to have to think too much about hosting. However, it’s an easy way to create differentiation. If your blog has better technical performance, there will be less pressure on your content to drive traffic on its own.

 

Upgrading from low-end shared hosting to the more advanced technologies of virtual private server (VPS) and solid state drive (SSD) can be powerful. Plus, the cost is more manageable than using a dedicated server.

 

5 benefits of VPS for bloggers

 

Now, to be clear, in VPS or virtual private server environments, you are still dividing up machines – but delineation is much stricter with virtualization software, to the extent that you have your own, independent operating system.

 

“These servers… are strictly defined and managed by the virtualization software,” explained Ajeet Khurana. “Based on the hardware setup you purchase, the virtual computer will be allocated with the specified number of CPU’s, RAM, disk space and bandwidth.”

 

Why do bloggers choose VPS? Here are Khurana’s basic arguments:

 

  • Isolating yourself – The choices of other users on the infrastructure (including your physical machine) will not affect your performance. If another user crashes their server, yours won’t go down with it.
  • You’re steady – Your website service will be reliable and stable. Although the full physical machine is not dedicated to you, the resources within your VPS are dedicated solely to you.
  • You really get space – Shared hosts will sometimes offer guarantees of unlimited resources, but there is a catch. To make this claim, shared providers “shield themselves in some kind of ‘fair use’ clause,” noted Khurana, which makes the guarantee useless. To avoid these limitations, you can get a legitimate space guarantee with VPS.
  • Full root access – It is good to know that your VPS-hosted site has root access as needed for certain installations. Shared hosting never gives you that degree of control.
  • You can fly – When you’re on shared hosting, your speed will typically fluctuate based on peak times for other users. With a VPS, you get consistent performance. If you have a CPU designated for your use, that is your CPU. The RAM amount that’s stated in your VPS package is always available to you.

Khurana is a strong advocate of VPS over shared hosting. “[B]udget for a VPS plan,” he advised. “It is much cheaper than dedicated hosting, while being much more robust than shared hosting.”

 

8 Reasons SSD is Better for Blogging

 

You can see that a virtual private server is a strong choice, but how is SSD VPS (one using solid state drives) preferable? For general advice on how the SSD is preferable to an HDD (hard disk drive), let’s look at points made by Kenneth Hess in ServerWatch (with updated data as available).

 

Hess’s well-executed report, based on an industry-wide overview, lists these benefits of solid state over the mechanical HDD variety:

 

  • Durability – Hess noted that movement is problematic for HDDs, particularly when writing is occurring. In contrast, “SSDs… aren’t affected by mobility and are well-suited to such physical abuse,” he said. “SSDs can withstand up to 1,500 g during operation or 25 times that of a standard drive.” (2011 figures)
  • Backup for power loss – There is a backup protection that is built into a typical enterprise-grade SSD: it checks changes in voltage, via power failure circuits, and puts a backup voltage holdup circuit into play if the voltage goes under its pre-established limit. That means that there is enough power available to save writes to the infrastructure that haven’t yet completed.
  • Energy efficiency / sustainability – A solid state drive does not use a lot of energy. The 2011 figures for Watts used by an SSD and HDD show the wide gulf between them. “SSDs sip from 0.05 Watts to 1.3 Watts,” said Hess, “while their gluttonous counterparts gobble at a rate of 4 Watts or more.” Keep in mind that claims along these lines vary wildly; however, even those who question efficiency claims admit that energy used for a fixed amount of work will be lower with an SSD. In other words, there seems to be consensus that SSDs will help lower your power needs. (Plus, see the next point.)
  • Not getting hot – Heat hurts the performance of electronics. That’s why datacenters are so cool. The heat dissipation will be much lower with an SSD than with a mechanical disk. That means you don’t have to blast the AC quite as much. Furthermore, your fan size can be smaller. To look at the other side, incredibly, Hess said that HDDs create 70 percent of a system’s heat.
  • Longer life – Hess noted that HDDs tend to last 3-5 years but can die at any point. That is true actually. A study of 25,000 drives conducted in 2013 found that “only” 26% of HDDs die within 4 years. In contrast, Hess noted that he thinks the claims of SSD manufacturers of millions of hours should be seen as marketing hype, but that you can reasonably “[e]xpect your SSDs to last two to three times longer than mechanical drives.”
  • Hot plug/unplug – You don’t have to “spin up” an SSD. You have their capacity right away, with no delay whatsoever. The only thing you need to wait for is the operating system to acknowledge that the drive is there. The wait is shorter, and there’s no reboot.
  • Less noise pollution – Stress increases with noise pollution. Datacenters with mechanical drives are incredibly noisy. SSDs are quiescent drives. In a 100% SSD datacenter, all you would hear is central AC, cabinet fans, and system fans. Plus, as indicated above, your fans would likely be smaller, resulting in even lower noise.
  • Speed – Last but not least, these drives offer better performance. Hess mentioned that there are some independent studies that have been conducted suggesting that SSDs are 2-3 times faster than mechanical disks (although some research suggests the performance difference isn’t that extreme).

 

Why is Speed Central to Your Blog’s Success?

 

In an informative article on site speed and its importance, Blog Tyrant founder Ramsay Taplin noted that 2 in 5 users leave a site if the load time is over 3 seconds. He suggested 4 straightforward ways in which your site is influenced by hosting speed:

 

  1. You get more email signups.
  2. You get better search engine prominence (i.e., server speed improvement is now a general SEO tactic).
  3. You garner more conversions and sales.
  4. You score better engagement, stronger readership, and improved trust.

 

To accelerate a site, one of the top specific strategies recommended by Taplin is switching from shared hosting to a VPS.

Support for Your Speed

 

Ramsay, founder of Blog Tyrant, is actually a client of ours. When we asked him for his thoughts on our hosting service, support is the first thing he mentioned.

 

“I can honestly say that [KnownHost’s] support is the best I have ever encountered,” he said. “If you’re looking to expand to a VPS and are a bit nervous about the process, I highly recommend KnownHost as the staff and culture at this company is really hard to beat.”

 

Get your own Fully Managed SSD VPS.

Read More