Why is Shared Hosting Like Taking the Bus on the Information Superhighway?

Public transportation allows people who can’t afford cars to get where they need to be, and it means you can sit down and read rather than having to focus on the road. In other words, it’s cheap and easy. Those are positive aspects of a vehicle that is structured to fit many people. However, that doesn’t mean it’s a wise idea to put your business website on the bus.

 

What’s the “bus ride” for web hosting? The similarly cheap and easy solution is shared hosting. While shared hosting is the most affordable and accessible type of hosting, it suffers in the same way a trip on public transportation can: security and speed. Let’s look at those two issues in detail.

 

Sharing a Ride Makes You Vulnerable

 

Security is kind of a boring topic to many people, so it’s critical to know why this issue generally deserves greater attention. Even back in 2013, the National Cyber Security Alliance found that:

 

  • – 20% of small businesses get hacked or digitally assaulted every year; and
  • – Of firms that do get targeted, 3 in 5 are bankrupt half a year later.

 

Those statistics are disturbing certainly, but how relevant are they to your situation? Some small businesses are more likely to be attacked than others. Bear this in mind, though: attackers will sometimes go after certain industries, but the key factor in why companies get hacked is not related to industry or value; rather, it’s simply the presence of vulnerability.

 

“Most small business owners still don’t get security, don’t think it’s an issue, and are pretty defenseless,” explained Think Security First consultant Neal O’Farrell. Owners and managers of SMBs often think that a hacker would have to select their company out of tens of millions of others, he said, “not realizing that the attacks are automated and focused on discovering vulnerabilities.”

 

What are the biggest security concerns related to taking the “information superhighway bus” that is shared hosting? As the numerous visitors and internal users of sites share the resources of one server, it makes sense that would be an environment in which there would be greater security risks, both from outside the server and within it.  Think about it this way: the server itself is under greater threat based on the number of sites running on it.

 

“No matter how you try to institute security measures with a shared hosting environment,” noted Web Hosting Provider List, “the fact is that, it is plainly not possible to ensure a 100 percent airtight protection.”

 

The sites on a shared server are positioned on different domains and obviously have disparate login credentials, but they are using the same operating system as other users and typically even share an IP address. Sharing resources cuts the costs of these hosting plans, so they look attractive to startups, nonprofits, and others on shoestring budgets. However, the sharing of resources in this manner means a greater likelihood that your data or services will be compromised.  Major security issues with shared hosting include:

 

  • – An attacker can use reverse IP lookup to get a list of all the sites on a shared hosting server. This method is fast and simple, actually: you can find the information through free services (example tool), the Dig command on Linux (Dig –x <ip address> +short), a search engine (Search Query: ip: <IP Address>), or using a script to automate it.
  • – The behavior of other users that share your IP will impact your online reputation and the continuing strength of your domain. If another site sharing the IP gets blacklisted for spam, your site will get blocked as well.
  • – A hacker can enumerate the CMS installations on the shared server. This tactic is often used because CMS software like WordPress includes the name and version information in the HTML. A vulnerability scanner such as WPScan can be used to gather data on the site, including a list of its plugins, themes, TimThumbs, and usernames. “An example attack would be to bruteforce the admin account of WordPress using a list of commonly used passwords,” explained a report by c0d3inj3cT for the InfoSec Institute. If you don’t have a captcha set up on your admin login page, it could actually be compromised by WPScan using brute force.
  • – Using a shared server puts you at greater risk of malware attacks. Malicious script can be uploaded to other sites, which in turn means that your site can be quickly compromised. The malware may occur because one of the other sites is vulnerable. It provides a channel through which the intruder can steal data.
  • – Customers may have PHP, Perl or shell accounts that make it possible to hit the other sites on the server with a distributed denial of service (DDoS) attack.
  • – Distributed denial of service (DDoS) attacks may target another site that shares your IP address. In this case, you are hit with a DDoS attack essentially as collateral damage of an effort to hit someone else.
  • -DDoS malware could be loaded onto the server, which could put the hacker in control of the entire server for launching attacks.

 

You Can’t Step on the Gas

 

Taking the bus of shared hosting isn’t just a security concern. It can also significantly slow down your site and dampen the growth of your business. When other riders on the bus have needs, the driver meets them. Just consider the stop-request cord: in this manner, every rider on the bus has a democratic ability to grind it to a halt. You see the same ability of individuals to slow down the ride on shared hosting – with resources handed out “first come, first serve” to all sites, which can lead to slow loading on your site when another site peaks.

 

Security is an issue on shared servers because, basically, there are too many accounts without enough isolated designation of resources; and the same is true of the slow speed that can occur in these environments.

 

Speed is one of the primary arguments many experts mention when they advocate for VPS over shared hosting. Speed and other benefits of the virtual private server are all related in some way to the isolation and pre-allocation of resources that VPS plans allow – versus the “first come, first serve” nature of shared hosting.

 

On a VPS, it doesn’t matter what another customer might be doing on the server; your speed is guaranteed. If you have two CPUs dedicated for your use, then those CPUs will always be there for you to use. The allotment of RAM for which you pay within a VPS are always set aside for you, no matter what other tasks might be running on the physical hardware.

 

Ajeet Khurana of The Balance noted that on shared hosting plans, the performance of a website will fluctuate throughout the day based on how much activity is shared by all the businesses using it. “This never happens on VPS services,” he said. “Your resources are dedicated to your… website.”

 

Getting into the Fast Lane with Managed VPS

 

Do you want to improve the security and speed of your website without having to worry about managing the server yourself? At KnownHost, we offer ultra-high VPS performance with unparalleled support by professionals. See our fully managed VPS plans.

Read More

4 Reasons Why Shared Hosting is Like Fast Food

Everyone wants a great deal. Getting as low a price as possible, within reason, is essential to power your business with a shoestring budget. It’s easy to have a feeling with a business that the cheap solution is necessarily the best – you’re treating the challenge pragmatically, with as little investment as possible. Plus, the most affordable option is often the most widely available, since everyone wants to control their costs.

 

When we need hosting, as with any other business service, we want to quickly get the plan without any hassle. In wanting to check “get hosting” off our list and keep moving forward, it’s easy to set aside the health of our site. It’s a similar challenge to driving along and needing a bite to eat. The highly processed choices of fast food chains are available immediately, right on the side of the road. We can get a meal quickly, and we know it won’t cost us much. However, we know the health benefits can be devastating.

 

Steve Woody of Online Mastery suggests that shared hosting is digital junk food for your online presence. He says he feels that many people are not being cautious when it comes to the infrastructure they use to back their sites. Understandably, people who used shared hosting for their businesses are “[t]rying to increase the bottom-line and reduce cash-flow,” he says, adding that “[i]t’s easy to play naive and deal with the consequences later.”

 

Here are four reasons why it’s a good idea to go another route than shared hosting:

 

Reason #1 – You are expendable.

 

Want to be treated like a king? Unfortunately, you won’t get VIP treatment as a fast food or shared hosting customer. Shared hosting companies make money off their volume of customers – so they could really care less about whether one account stays or goes.

 

With a shared account, “there is only so far a host will ‘bend over backwards’ for you,” explains Jonathan Bailey of Bloggingpro. “If you want a host that is willing to do more for you and work with you more, you need to consider spending more money.”

 

Reason #2 – The information is misleading.

 

Shared hosting may be sold as if it is designed for smart and healthy business growth. However, like fast food, the hosting companies that focus on shared hosting are simply trying to cut costs and sell as many of plans as they can. Does the burger you eat ever look like the one in the picture? Similarly, your shared plan might not live up to the way it’s sold. One example of unreasonable shared hosting expectations is the notion of unlimited resources, which is protected with “fair use” clauses in fine print.

 

Reason #3 – Performance.

 

A shared server cuts costs for all businesses by allowing numerous people to share the same resources. It would probably annoy you to be reliant on the same cellular data plan that is being used by all the other people on your block, but that is essentially the idea with shared hosting.

 

What if you suddenly need a huge amount of resources? Think about that issue of scalability. “If one website is taking up too many resources these servers have a failsafe and the website gets shut down to prevent others from being affected,” says Woody.

 

How is this like fast food? Well, fast food is intended, like other food, to provide you with energy. However, it may be likelier that a low-nutrition meal filled with additives will leave you with symptoms of anxiety and chronic fatigue syndrome. Don’t feed your site so many French fries and chalupas that it can’t get up off the couch.

 

Reason #4 – Security.

 

Security should really be viewed as a necessary priority in an era of increased hacking and open sourcing of DDoS botnet code. You may think you don’t need to worry about hacking until you grow more. However, it’s important to know how vulnerable a site of a small business is if it does get compromised: 3 in 5 small businesses are bankrupt six months following a hack.

 

A shared server does not have the kind of distinction, separation of data, that any business should really want. It’s not a particularly careful way to host sites. What if a malicious threat such as E. coli comes along and wants to enjoy your site? Don’t let your site get food poisoning from shared hosting.

 

Why Shared Hosting is Dangerous – Exploration of Attack Steps

 

My point in this article is of course not simply to draw this parallel with fast food. It’s to suggest that shared hosting is not the right choice just because it’s simple. Like the perils of eating the wrong types of food are best explained by looking at specific issues, as explored in Fast Food Nation or Super Size Me, it helps to look in a granular way at shared exploits to understand why these servers present a weak front.

 

The InfoSec Institute looks at the shared server from the perspective of the process through which someone might compromise a site. Here are the basic stages through which a hacker might go after your site:

 

Reverse IP lookup

 

Before a hacker actually goes after your site, they will perform what’s called reconnaissance. In this manner, you can see what domains are on the shared server.

To see all the sites that are running on your server, you can use various methods, including search engines, the Linux dig command, or a free service such as YouGetSignal.

 

Server CMS enumeration

 

The next step for an attacker is often to find sites with certain types of content management system (CMS), such as WordPress. A CMS is a standard point of entry for cybercrime.

 

To understand the typical path of an attack, you want a list of the sites that are using a certain CMS. You can get a list very easily – the platforms place their name and version information in the source code.

 

You (or a hacker) can actually just build the IP and CMS lookup into a script if you want.

 

Waging a CMS attack

 

Once you have a list of sites running a CMS, you can divide it up into ones that are running WordPress, Joomla, Drupal, etc.

 

You can use a vulnerability scanner to check for weakness on any CMS installation. Another place to get information is exploits that are on file at services such as Exploit Database.

 

The vulnerability scanner will quickly give you basic details that would be helpful in attacking the site. For instance, let’s look at the use of one for WordPress, WPScan. WPScan brings up the following information:

 

  • Active plugins
  • Active themes
  • Any detected TimThumbs (a known security issue)
  • List of usernames.

 

Note that one key way an admin panel is beaten is through brute force, leveraging the fact that many websites don’t use complex passwords. This method could use a list of the most popular passwords. You can even brute-force using WPScan if the login page doesn’t have a captcha in place.

 

“Based on the strength of your wordlist there is a high probability that the passwords of wordpress admin accounts will be cracked successfully,” notes the InfoSec Institute report.

 

*****

 

The above issues with shared hosting are disconcerting – especially since it’s clear that the security protection is insufficient for businesses. Luckily a shared server is not the only option on the market.

 

Do you want to drive by the fast food options and get hosting that will instead improve the strength and vitality of your business? At KnownHost, our high-quality managed VPS hosting plans offer fast servers and a 99.9% uptime guarantee at great prices. Compare plans.

Read More

Why Using an Independent Hosting Company Beats Out Free Publishing Services

It’s no secret that those “have a website instantly” services sound attractive. It seems like a great deal, right? Little to no coding experience necessary, a low monthly fee for everything (the site, domain, ecome-commercetall, etc.), and some kind of content management system you don’t need to install yourself. What’s not to love?

 

And then there are those free publishing content platforms that many professionals use to share their thoughts. You’re probably familiar with many of them: Medium, LinkedIn, Tumblr, and other blogging platforms. What all of these services have in common is they promise a web presence that 1. costs nothing or close to it and 2. allows you to have your content out there on the internet with little to no technical knowledge.

 

For some people, this setup is just fine. Someone with a personal blog that just wants to share their thoughts doesn’t need too complicated of a web presence. But if you’re a professional, especially a creative or someone involved in ecommerce, these free publishing platforms may not be the best solution for you.

 

If your web presence is your primary source of income, then building a website and hosting it on a managed VPS with an independent hosting company is the way to go. Does it require a little bit more work and (sometimes) cost a bit more? It can. But the benefits of “owning” your site far outweigh the cons. Let’s take a look at why free publishing platforms may not be all that they’re cracked up to be for professionals who make their money from their web business.

 

Who is Actually the Audience?

 

Let’s take a look at the more blogging based platforms (Medium, etc.) that act as content delivery services. You provide the content, Medium provides the platform and eats the costs. You pay nothing to get your voice heard. On the surface, this sounds like a great deal, but hold on. Now, to be fair, there’s nothing wrong with occasionally posting something on Medium or the like if you’re looking for specific kinds of social engagement. After all, social media is a big revenue builder. Social platforms like Tumblr and Medium have built in audiences that you may benefit from on occasion. But to go all in on them? Not so fast.

 

You’re technically working for the company you post for. That means it’s not your audience, specifically, but rather the platform’s audience. They reap all the benefits of those views which forces you to try and make the extra step of conversion through some other method. That also means you can’t make alterations to the site to better optimize it. You can’t do anything, really, outside of their terms and conditions. If your content is the source of your income, this will quickly lead to a dead end. Unless there are benefits to giving things away for free on these platforms within a larger plan, you want to stick to maintaining your own self-hosted site.

 

Data Collection and Analytics

 

This is a subset of the issues one faces in relation to audience and control when using a free site builder/host or publisher. We’ve already touched on the concept of your audience actually belonging to your platform and not to you. To take this idea further, consider how valuable insight into your audience is for your business.

 

When you’re using a site builder or content platform, you’re basically put into a dark room with a flashlight. You can see some things, but very little. It’s not very practical. You may get basic analytics (if any), but they won’t tell you much beyond how many people clicked on your post. If you’re looking to actually run a business, this is nowhere near enough information to act upon.

 

It’s no secret that having access to all the data you would want and acting on those analytics is essential to a successful web-based business. With a site you built yourself and on an independent host, you can install any kind of analytics software you want. When you have complete independence from your publishing platform, you’ll have access to actionable information like knowing where the majority of your traffic comes from, what social networks they use, the kind of content they read, and how long they’re spending on certain points of the site. From here, you can drill down and see what the conversion path looks like and its success rate.

 

You’ll also have more opportunity for audience engagement. Manage whatever comment or feedback system you would like. Install contact forms via plugin (if you’re using WordPress) or code them in. The ability to customize a site you host yourself gives you many more options. Throw in the capabilities of a VPS and you’ll see that speed and performance won’t be things your visitors complain about. Which brings us to the next point.

 

Performance

 

The performance of a site is a big deal when it comes to conversions. We’re not just talking the importance of fast load times, either. Granted, the big players don’t often go offline. But, in the event that Squarespace of WordPress.com suffers some sort of error or attack, you are powerless. There’s a customer service number, sure, but in an operation that large, there needs to be a global fix. Who knows how long it would take for your content to come back online. These big service providers also make attractive targets for things like DDOS attacks, which will make your site an indirect target.

 

These platforms can also go out of business. Medium recently cut a third of its workforce. What happens if they go out of business? What happens to all of your content? Suddenly, everything you contributed to a platform doesn’t have any value. If it lived on your own site with a hosting company you know isn’t going anywhere, you could be rest assured your content would be safe.

 

Monetization

 

If you sell products directly, it’s clear what your income source is. But maybe your revenue stream isn’t so obvious. Maybe you don’t actually sell physical products and instead rely on ad revenue or affiliate links. This is where the specific platform you use can hurt your bottom line. Some platforms don’t allow you to place ads at all, so that revenue stream goes away completely. Others allow some advertising, like Google AdSense, but limit you via their terms and conditions. There is also no guarantee the ads will display properly depending on how the platform codes its templates.

 

There is also the good chance that, eventually, the platform you publish on will want to monetize for themselves. If your visitors are suddenly blocked by paywalls, advertising that benefits the publisher (but not you), or subscriptions that lower the visitor count, this is a bad deal for you. If you are looking to monetize your site, your only real viable option is one where you control where it’s hosted.

 

Conclusion

 

By now the benefits of hosting your own site on a managed VPS are pretty clear. Why sacrifice profits and independence for a little bit more convenience? If you’ve been running your business from a variety of free publishing platforms or shared hosting services, it’s time to stop letting someone else profit from your work. Contact the team at KnownHost today and we’ll help you come up with the hosting solution that will give you back control over your web presence.

Read More

What is CentOS, and Why Should You Care?

  • Being Linus Torvalds
  • The story of Linux
  • Things you wanted to know about CentOS but were afraid to ask

CentOS is a particular distribution (aka distro) of the Linux operating system. Let’s look at Linux first to get a sense of that general technology and community, then take a direct look at this particular variation of the open source operating system.

Being Linus Torvalds

Like many major moments in computing or any field, when Linux was introduced, it didn’t seem like that big a deal until years later. On August 25, 1991, Linus Torvalds wrote a simple post in the Usenet newsgroup comp.os.minix. “I’m doing a (free) operating system (just a hobby, won’t be big and professional like gnu) for 386(486) AT clones,” he wrote in part. “This has been brewing since april, and is starting to get ready.” [sic]

The free OS that Linus was casually announcing would end up becoming a major piece of computing networks worldwide. Suffice it to say that today, Linux is not just a single developer’s hobby.

As the operating system began to take the world by storm, Glyn Moody of Ars Technica became interested in the steps that preceded its initial release. He flew to Helsinski, Finland, in December 1996 to speak with Torvalds at his home, resulting in the story detailed below.

The story of Linux

Linus started attending Helsinki University in 1988, where he was working on a degree in computer science. In 1990, he became familiar with the Unix operating system in one of his classes. The course he took had a cap of 16 students because that was the capacity of the school’s license. Torvalds was immediately drawn to the operating system, feeling that its coding interface was surprisingly user-friendly.

One of the textbooks for the class was Operating Systems: Design and Implementation. The book included source code for the OS Minix, which had become available on the Intel 80386 processor. Linus was very interested in chips and thought the 80386 was the best he had seen from the company.

It sparked a technological leap, in part because he had money from student loans and Christmas. “That’s when I actually broke down,” Torvalds told Moody. “I remember the first non-holiday day of the New Year I went to buy a PC.”

Linus bought his PC in January 1991. However, he couldn’t work with Unix because he didn’t yet have the Minix floppy disks. While he waited, he played Prince of Persia and started running tests on the 80386 chip.

He wanted to know how effectively the computer chip could switch from one process to another. He would run two tasks, with a timer set to alternate between them. One task simply wrote the letter A, while the other wrote the letter B. He was not programming very much at that point because he was getting to know the parameters of the Intel CPU.

As bizarre as it may sound, the bare-bones task-alternating project eventually morphed into the Linux kernel. Torvalds realized that he could change the A and B tasks to emulate a terminal. He had one task that was moving information from a keyboard to a modem, while another one brought data from the modem to the monitor.

“I had keyboard drivers because I obviously needed some way to communicate with this thing I was writing,” Linus explained, “and I had driver for text mode VGA and I wrote a driver for the serial line so that I could phone up the University and read news.” In other words, he was simply gathering information from newsgroups via the modem.

An advantage of drawing from the newsgroups was that the comments therein helped the young programmer to revise and strengthen the developing OS throughout the summer of 1991. Linus also realized he wanted to be able to download, so he programmed a disk driver. He additionally had to create a file system that could draw from the Minix file system for writing and reading during upload and download. Unix is essentially composed of these basic components, Torvalds noted: alternating between processes, drivers for your devices, and the file system.

Linux received its name by accident, really. Linus needed to know the POSIX standards that made systems similar to Unix compatible with one another. These specifications were a bit expensive, according to a professor at the university, Ari Lemmke. However, Lemmke said he was actually focused on operating systems and kernels himself.

“He had this small area on [the FTP server] ftp.funet.fi, and he said: ‘[H]ey, I’m putting a directory aside for you,” said Torvalds. “So he created the /pub/os/linux directory.”

Linux was the name Linus had given the project while it was in initial development, but he never intended for that to be the name of the OS when it was released publicly. He feared people would think he was arrogant. He wanted to instead called it Freax for Free Unix. Lemmke saved it instead under the work-in-progress name Linux, and it simply moved forward under that heading.

The first version of the OS was released via email to some contacts from the newsgroups. Torvalds rushed that version to get something up on the FTP site to which he had access. The next version, which he announced via the Minix newsgroups, represented a vast improvement.

Still, the original base of users was miniscule. “I don’t know how many people got [this first public version in comp.os.minix],” Linus commented. “[P]robably 10, 20, this kind of size.”

Things you wanted to know about CentOS but were afraid to ask

Now let’s look down the line at CentOS, one of the most prominent offspring of Linux.

Known for its stability, consistency, easy-to-use administration, and straightforward replication, this flavor of the open source OS was created as a spinoff of Red Hat Enterprise Linux (RHEL).

Beyond the OS itself, the CentOS Project – the entity that manages development of the platform – serves an organizational role by providing resources so that other groups can more easily develop tools based on the CentOS system.

CentOS, which was first announced in March 2004, is community-developed, based on source code released at no cost by Red Hat. Part of its grounding is that it should maintain compatibility with RHEL. The OS is free to download, use, and make available to others.

The community consists of a core development team and users ranging from casual Linux fans to corporate system administrators.

The basic idea behind the CentOS Project is to give people a strong system for open source groups to use and extend. The framework can be utilized by hosting companies and for processing of scientific data, for instance. Organizations are able to place their programs on a reliable platform.

The CentOS Governing Board consists of original project members and Red Hat personnel, all of whom help with development of the ecosystem.

The Project was designed in a similar manner to the esteemed Apache Foundation. “A governing board… oversees various semi-autonomous Special Interest Groups or SIGs,” notes the CentOS site. “These groups are focused on providing various enhancements, addons, or replacements for core CentOS Linux functionality.”

*****

Want to see CentOS in action? At KnownHost, our managed VPS hosting packages, based on CentOS Linux, give you the flexibility and power of a dedicated server without the high price tag. Learn more.

Read More