Isnt shared hosting dead already? In hosting conferences and forums this is a question we’ve heard all too often. But despite all the dire predictions in the past one decade, shared hosting is still alive and flourishing.

 
Every web host on earth has a shared hosting plan, and all website owners starts hosting with a shared space. It is a market that just cannot be ignored, and it is still the most competitive market.

 
What does it take to succeed in this market? There are companies which keep growing year after year, and there are companies which stop growing after they get about 10 servers. Here is a quick overview on what the winners do right, and thus ensure their brand keeps attracting new customers.

Read the rest of this entry »

A log file can grow without bounds if it is not managed well. Larger log files are relatively harder to manipulate and also increase in the size of log file can result in file systems to run out of space. Opening, closing and manipulating data for very large file size consumes system resources and will therefore slow down the server.

An efficient solution to this problem is log rotation. It allows automatic rotation, compression, removal and mailing of log files. Log files can be rotated daily, weekly, monthly or when it grows too large. Read the rest of this entry »

When the decision’s been made to adopt a hosting solution, as so many leading organizations are doing in today’s competitive business environment, choosing a Control Panel that suits your requirements is a sensible move.

WHM/cPanel and Plesk are both feature rich control panels with similar functionalities. They are, however, organized completely differently.

Quick Overview..

cPanel/WHM

cPanel is one of the most popular and widely-used control panels. It’s quite complete and allows a business to manage and maintain nearly all aspects of server operation. The basics, such as email and file hosting, are handled with ease. Web statistics are part of the package. “Site builder” feature, which helps to automate the building of a website and populating it with content, is among the most powerful available. The “Fantastico” package allows one-click installation of popular software packages, such as blogs, forums, and merchandise catalogs. Going a little deeper, domain name server (DNS) management is also available.

Read the rest of this entry »

POP and IMAP are two protocols that mail programs use to access mail stored on remote computers. The first thing you have to do is to understand what is POP and IMAP and also the difference between the two. These protocols are supported by most existing mail servers.

POP ( Post Office Protocol )

POP downloads all your emails from the mail server in a one-time pop. Once you have checked your messages via POP, those messages no longer live on the server. There are chances for messages in the server get deleted after it is downloaded from the server. Since POP3 creates local copies of emails and deletes the originals from the server, the emails are tied to that specific machine, and cannot be accessed via any webmail or any separate client on other computers. We can say that POP uses a one way ticketing system.

Read the rest of this entry »

I have come across several domain migration issues in Web hosting industry. The common issues are the high down time of around 12 - 48 hours experienced while domain transfer and also the data lost during the migration process. In this article I am focusing on how to achieve domain migration with zero down time and also to avoid the data loss. The article is valid for domains hosted under cPanel Linux servers.

Following are the pre-migration checks that are to be performed:

# Connectivity of both the servers
Make sure that both the servers can be connected via SSH, also public keys of the servers are added each other.

#Compatibility of application’s version and modules installed
All the applications and modules installed in the destination server should be compatible with the source server.

#Reseller account and addon domain
Check whether the domain chosen for migration is an addon domain or a reseller account.

#Dedicated IP
Make sure that the dedicated IP is available in the destination server.

#SSL certificate
Copy the SSL certificate, if it is being used by the site.

Steps for domain migration:

1. Reduce the TTL value

The major problem that you might face in domain migration is the DNS caching problem. When a remote DNS resolver will make a query to one authoritative DNS server and if the query is successful it will cache that response for a predefined time. This time is so called TTL value. This means that for that amount of time the particular server will use its cached information and no longer query the authoritative server for any additional requests.

In order to avoid this problem, bring down the TTL value to 150 seconds and reload rndc, 24 hours prior to migration. This can be done by changing the TTL value in the zone file of the domain. If the domain has addon domains, make sure that the TTL values in their zone files are also brought down. Thus zero down time can be achieved instead of a high value of 24 - 48 hours.

2. Migrate the domain to the new server

Migrate the domain using the option “copy multiple accounts/packages from another server” in WHM. Use express transfer option which automatically changes the nameservers and IP address to the new server, so that, even if the query goes to the old server, it will be redirected to the new server.

3. Re-sync the databases, mails and contents of the website

To make sure that zero data loss is achieved in data transfer, re-sync the databases and mails. If the website is dynamic, open tables will be present, so there are chances for the data to get corrupted. In order to avoid this situation, contents of the site and databases are synced.

4. Make sure that the website is loading well

Make sure that the website is loading well and the mails are received correctly.

5. Remove the redirection links in the .htaccess file

Remember to remove the redirection links in the .htaccess file of the new server, that is used to redirect to the new server from the old server.

6.After migration, change the IP address for the nameservers

After domain migration, change the nameservers for the domain to that of the new server once the domain starts digging from the new server. Otherwise the domain will depend on two servers for serving. You can again increase the TTL value of the site to the original value after everything is propogating from the new IP.

The above is a very rough outline on domain migration with zero down time and zero data loss . If you have any questions, we would be happy to talk to you!

About the Author :

Greeshma S Giri works as a Jr.Software Engineer in Bobcares. She joined Bobcares in May 2012. She loves reading books and listening to music in her free time.

I have been dealing with quite a large number of clients, their queries and feedbacks for the past few months. The common thing that I noticed with all is the hurry to fix the issue concerned about the downtime for their business. We all undoubtedly hope for a tension free life, and why should a troublesome and complicated mail issue in your hosting drive you nuts???????

It is in this sense that the option Exim + cPanel becomes relevant. In most of the Exim issues that I handle, what I see in the end is loads of thanks replies admiring the advanced and unique features of Exim. I hope that I will be able to explain quite a few of the reasons for those happy endings!!!!!

Exim + cPanel provides you a tension free mail management. By choosing Exim you are configuring a reliable mail service to meet the specific needs of your site. Exim is a highly customizable mail server that is inbuilt with cPanel. One of the admirable custom feature of Exim is built-in filter processing, well here is an example of how a built in filter works.

Eg: Suppose you want to send mail to a mail address bob@bobcares.example.com and at the same time you want to save the mail to a folder “archive”. You can use the filter functionality here.

For example, for an Exim filter, the output
Deliver message to : bob@bobcares.example.com

Save message to : /home/bob/mail/archive

It means that one copy of the message would be sent to bob@bobcares.example.com, and another copy would be added to the file /home/bob/mail/archive.

Exim mail server along with the cPanel provides efficient Mail management. The various features integrated with the cPanel includes:-

1. Option to limit incoming mails to the server by limiting particular users or domains, thus minimizing unwanted bandwidth usage (Particular when bandwidth usage is not set to infinite).

2. Option to prevent users from receiving spam mail and potentially dangerous attachments.

3. Filter messages save messages to files or divert them to other addresses, or check them for spam or viruses and delete them if they do.

4. Option RBL , using this option you can configure your mail server to check incoming mail against the available RBLs ie. Real-time block list and blocks the incoming messages if the IP or hostname matches an entry. Thereby minimizing the threat of Spam in the server.

5. Integrated availability of SpamAssassin, which is an efficient Spam filtering utility.

6. Advanced Editor configuration where the functionality of the Exim can be further customized accordingly.

7. Supports SSL/TLS: It supports sending over SSL/TLS encrypted connections, which can be important if you’re using a wireless laptop and don’t want anyone sniffing out your mail login and password.

8. Secure your email system to prevent unauthorized use and maintain the confidentiality of messages.

9. Tune your server to give optimal performance in your environment.

10. Another feature that upholds the package is the unmatched debugging ease. Coming back to the daily issues (I have to add that much of the issues are simple and it just occurs due to some minor mistakes from customers end) whenever I notice that the mail server is Exim millions of bulbs starts blinking around, it is simply that easy to debug and fix. It also means that it saves your precious time in business turning those millions bulbs to million dollars in your business.

I hope that the above could help you to meet the features of the cPanel Exim package. In practical scenario the services offered by Exim is much more amazing.

Any questions?????????

We will be happy to hear from you..

About the Author :

Taniya Vincent works as a Software Engineer in Bobcares. She joined Bobcares in April 2012. She loves reading books and designing jewellery in her free time.

In the world of eCommerce, security is paramount. Fear of fraud continues to keep millions of consumers from shopping online. SSL Certificates give you an easy, cost-effective way to protect your visitors and earn their trust.

To enable SSL on a website, you will need to get SSL Certificate that identifies you and install it on the server. SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details.

What are the types of SSL Certificates?

An SSL Certificate is necessary to protect websites and enable them for data security. However, there are different types of SSL Certificates and the website owners often are unsure of the type of certificate they need for their online security needs.

Dedicated SSL Certificates

Dedicated SSL Certificates are those being purchased directly from Certificate Authorities to be used solely by the owner for his domain. This is perfect for those who are confident in making their businesses go big time, quickly. It also cannot be used with other domains or even on the same location’s subdomain due to its focused security functionality, which can be very costly.

Shared SSL Certificates

From the very sense of the word, Shared SSL certificates are those security tools that you can share to other people. It would be either that you might share your certificate with others, or you share SSL certificates that are owned by companies or businesses. You may have it free or at a lesser price, but you will not have ownership with it as the name appears belong to a different person. A shared SSL certificate is used by multiple sites on the same IP address so that each site doesn’t have to get their own certificate.

Free SSL Certificates

Free SSL certificates are being offered by some companies and businesses for the benefit of customers. But there are chances that these certificates, being free of charge, may not offer the kind of protection that paid certificates have. Be sure to check if the company where the SSL tool coming from is reputable and credible.

Extended Validation (EV) SSL Certificates

Extended Validation SSL Certificates are the first SSL Certificates to adhere to industry-wide certification guidelines established by leading Web browser vendors and Certificate Authorities, including Network Solutions. An EV SSL Certificate is more than just a transaction protector. Apart from creating secure transactions, it also reassures visitors about the business a site conducts. Among the new features of EV SSL Certificates is the color-coding of the Web browser’s address bar to signal secure connections.

Organization Validation (OV) SSL Certificates

This assures the validity of a Web site by verifying that the applicant is a legitimate business. Before issuing the SSL certificate, the CA performs a rigorous validation procedure, including checking the applicant’s business credentials (such as the Articles of Incorporation) and verifying the accuracy of its physical and Web addresses. An Organizationally Validated SSL Certificate is an excellent website security option for any business conducting online transactions and accepting sensitive data, such as credit-card numbers, from customers.

Domain Validation (DV) SSL Certificates

Domain SSL Certificates are fully supported and share the same browser recognition with OrganizationSSL, but come with the advantage of being issued almost immediately and without the need to submit company paperwork. This makes DomainSSL ideal for businesses needing a low cost SSL quickly and without the effort of submitting company documents.

Wildcard SSL Certificate

A Wildcard SSL Certificate can help you if you want to secure your multiple sub-domains over multiple servers all by one single certificate. It saves you time and money over buying and managing of individual certificates for every sub-domain.

Instant SSL Certificate

An Instant SSL Certificate is one of the most cost-effective fast-installed SSL Certificate to secure a webserver. Customers could be assured about a complete security of the transaction data till it reaches the intended webserver. All Instant SSL orders include a dynamic TrustLogo site seal which allows visitor to verify your business credentials in real-time - leading to increased visitor conversion rate, lower Web site abandonment and an increase in average purchase price.

Essential SSL Certificate

An Essential SSL Certificate is highly trusted in the industry as a quick, reliable solution for web security. It can be of significant value to you if you are an e-merchant as it secures E-commerce sites in no time.

Code Signing Certificate

A Code Signing Certificate facilitates the protection of software code and content for the software publishers and the users downloading it. It typically allows the software developers to include their digital signatures and information with the software.

Depending on the type of SSL Certificate applied for, the organization will need to go through differing levels of vetting. Once you have done the SSL install, it activates the https protocol (over port 443) and you can access a site securely by changing the URL from http:// to https://. When an SSL certificate is installed on a website, you can be sure that the information you enter (contact or credit card information), is secured and only seen by the organization that owns the website.

The above is a very rough outline on SSL certificates , if you have any questions, we would be happy to talk to you!

About the Author :

Nimi K M works as a Software Engineer in Bobcares. She joined Bobcares in April 2012. She loves reading books and listening to music in his free time.

Blog edited by :

Appu Joseph Xavier works as a Software Engineer in Bobcares. He joined Bobcares in April 2012. He loves to watch movies in his free time.

While considering the cPanel options to make a server secure, we can check the below options available with the cPanel. You will be able to manage each and every options below from the WHM interface. By a proper configuration of their values, we can make a server secure enough.

Security settings

SSH configurations

Brute force Protection

Password strength configuration

Open base_dir in PHP

Apache mod user

SSH keys

Compiler access

Shell Fork Bomb Protection

Anonymous FTP

Exim configurations

Firewall configurations

Analyzing the settings

Scanning the system

Chkservd

Updating the settings

System updates

SSH configurations

SSH configuration will allow/deny root level access to the hosts to the server. Adding the services that should be allowed for the IP’s is also enabled in WHM. You will be able to add the allow hosts and deny hosts with the services in the host access control interface. A proper configuration of this will help in making the server isolated from hackers. Normally, for shared servers, it is recommended to given shell access to administrator user only.

Wheel/sudo user management will also come under this. We can restrict the commands for the users in sudoers file. By allowing only limited commands to groups and managing those groups will also help to increase security level of the server. For cPanel, the wheel users can be managed from the WHM interface.

Reference : http://docs.cpanel.net/view/WHMDocs/DenyAccess

Brute force Protection

Enabling brute force protection will help in brutes attempts to hack a system. In cPanel, we can set the limit of attempts from the WHM interface. If the failed logins for more than that limit is exceeded, then the IP will be logged in the database and will block the access to the system then. The particular IP will be able to check it again after a predefined time. This is a very sensitive protection layer available in the cPanel.

Reference : http://docs.cpanel.net/twiki/bin/view/WHMDocs/CPHulk

Password strength configuration

Password strength configuration for the all the passwords that can be used in cPanel can be set by the administrator user from the WHM interface. For every passwords, we can set this value. Also, a common value can be set to all. If this is enabled and a good strength configuration is enabled, the users will not be able to use weak passwords and thus we can avoid account level hackings. Using weak passwords is one of the main security threat when a server is considered.

Reference : http://docs.cpanel.net/twiki/WHMDocs/PwordStrength

Open base_dir in PHP

PHP open base dir protection prevents the users to open files outside their home directory. If this is not allowed, the fopen() can be used by the users to open files which are not owned by them. This can also be attained by the disabled functions option in the PHP configurations. Disabling the function allow_url_fopen will prevent the remote file injection/access in the server using PHP scripts. This can be done in the global PHP configuration file.

Reference : http://docs.cpanel.net/twiki/WHMDocs/TweakPhp

Apache mod_user

Apache mod_user dir protection is another option which is not directly dealing with the server security but can affect the accounts. Apache’s mod_userdir allows users to view their sites by entering a tilde(~) and their username as the url on a specific host. For example “http://test.cpanel.net/~fred/” will bring up the user fred’s domain. The disadvantage of this feature is that any bandwidth usage used by this site will be put on the domain it is accessed under (in this case test.cpanel.net). mod_userdir protection prevents this from happening.

Reference : http://docs.cpanel.net/twiki/bin/WHMDocs/TweakModuserdir

Compiler access

Compiler access should be disabled for unprivileged users. In default, this will be disabled for all the users. Enabling this option to a user will allow the usage of working C compilers in the system. This will allow users to compile the scripts. Normally, this should be enabled only for root user.

Reference : http://docs.cpanel.net/twiki/bin/view/DisableCompilers

Shell Fork Bomb Protection

If this is disabled for the users having shell access, they will be able to utilise the resources of the system without any limit. So, enabling this option will prevent this from happening. Normally, this will be disabled in the server for all the users. Also, it is not recommended to allow the shell access for the cPanel users in shared servers.

Reference : http://docs.cpanel.net/twiki/bin/view/WHMDocs/ShellFork

Anonymous FTP

Anonymous FTP will enable the users or visitors to use anonymous ftp logins to upload contents. With this, the users will be able to gain access to the account. So, it is recommended to disable this option from the WHM. For all the cases, authorized access is recommended. Also, secured access to the server services will encrypt the connection to the server (SSL to be installed for the server and the services).

Reference : http://docs.cpanel.net/twiki/bin/CpanelDocs/AnonymousFTP

Exim configurations

Enabling sender verification will check for the validity of the sender. The mail will be delivered only if the sender is valid. Other wise the mail will be rejected. This will be a good option which will help in rejecting spam mails. There are further more options in the Exim configuration editor that can help in better working of the mail server.

Reference : http://docs.cpanel.net/twiki/bin/WHMDocs/EximConfig

Firewall configurations

CSF and LFD

For cPanel, CSF and LFD can contribute much in security. The mostly used firewall with the cPanel is CSF. By configuring the CSF properly, we can avoid trespassing to the servers. LFD is the other option available with the csf. LFD has a lot of options that can be enabled to detect the actions on the server. If this is enabled, it will mail all the alerts to the specified mail address with the details. By checking and fixing all those alerts on the server is highly recommended.

For monitoring these services, the cPanel have the option Chkservd in the service manager. From this interface, you can enable the checking and monitoring of almost all the services running in the cPanel. Also, you will be able to add custom service to chkservd. The main advantage of this service is that, it will automatically restart the added service if this is found to be stopped by any cause. Also, if the monitoring for the service is enabled, it will mail the details to the contact email regarding the status of the service and the restart attempts made. These alerts will let you know which all services were down/up. If a service is found to be down, it will alert you and you can start investigating on the root cause using the time stamp of the mail.

Reference : http://docs.cpanel.net/twiki/view/ApiDocs/ApiChkservd

Scanning the system

Security scan feature in cPanel will let you know the current status of the server configuration including the firewall settings in the server. It will also let you know a detailed report of each and every configurations. By analyzing this, we can tweak the configuration and can make it better. Configuring the settings according to this report for cPanel servers is highly recommended.

Reference : http://docs.cpanel.net/twiki/view/SecurityandVirusScanning

System updates

Enabling this feature on the WHM will update all the software automatically and thus patch the vulnerabilities. This will be done automatically and thus we can ensure that the system is up to date always. Also, enabling Linux environment security in the cPanel will help in adding attributes to system files and thus can avoid modification of files. This option will give attributes to the sensitive files. Any update that includes system file modification will be allowed only after disabling LES. So, this seems to be an important option that should be enabled on the server.

Reference :http://docs.cpanel.net/AllDocumentation/UpdateServerSoftware

The above is a very rough outline of cPanel security configuration, if you have any questions, we would be happy to talk to you!

About the Author :

Sambhu PS works as a Software Engineer in Bobcares. He joined Bobcares back in February 2011. He loves reading technical blogs, plays violin plays, table tennis and listens to music in his free time.

Blog edited by :

Nimi K M works as a Junior Software Engineer in Bobcares. She joined Bobcares in April 2012. She loves reading books and listening music in her free time.

Customer satisfaction is our major goal which ultimately leads to business growth. For attaining this, the major facts to emphasis upon are server security, minimum downtime, maximum utilization of the available resources, bring down operational cost etc.

With regards to server security, CageFS which works with cloud linux is an option.

What is CageFS?

CageFS is a virtual file system that encapsulates each shared hosting customer in his/her own private virtual space. It contains a set of tools which contain the users in it own resource limits or a ‘cage’. Each customer will have its own fully functional CageFS, with all the system files, tools, etc.

Advantages of CageFS:

Handling Hackers
CageFS prevents hackers from scanning the server for vulnerable files, and escalating privileges to gain root access.

Virtual Private Area
CageFS ensures that users cannot see any other user and will have no way to detect the presence of other users in the server.

Free Software
CageFS becomes part of CloudLinux OS and there is no additional charge for it.

Isolation from Server Configuration files
CageFS also prevents users from viewing the server configuration files, such as Apache config files.

Compatibility with cPanel
CageFS comes with plugin for WHM that allows us to manage & update CageFS. We can view as well as change the default behavior of the users using the frontend panel itself. Plesk, DirectAdmin, InterWorx and ISP Manager are also fully supported and can be integrated with CageFS.

Ease of Installation and Configuration
CageFS has the advantage that it can automatically detect cPanel, Plesk, DirectAdmin, ISP Manager and InterWorx configuration from the server. This leads to less time needed to install the software and configure it.

Ease of Managing Users
CageFS can be operated in two modes and toggling of users between modes is possible from the frontend. The two supported modes are as follows.
1. Enabled for all, except those that are disabled.
2. Disabled for all, except those that are enabled.

Mode #1 is convenient for production operation, where we can add all new users automatically to CageFS.
Mode #2 is convenient while you test CageFS, as it allows you to enable it one by one for your customers.

In a shared hosting environment, CPU and IO usage are the most critical bottlenecks. When a user installs a CPU hungry plugin/software in his account, then other users hosted in the server are deprived of the resources. With CageFS this circumstance can be completely neglected, resulting in higher server stability and security. This ultimately results in less support calls and hence happier customers. This will initiate a chain of events ultimately resulting in business expansion and more profit.

Implementation of CageFS:

cPanel/WHM
CageFS installation is simple and can be done by yum install. CageFS comes with the plugin for WHM/cPanel.

Plesk Panel
CageFS also contains the plugin for Plesk panel. There are user interfaces for managing the users and CageFs from the front end.

The above is a very rough outline of CageFs , if you have any questions, we would be happy to talk to you!

About the Author :

Balaji P Pai works as a Junior Software Engineer in Bobcares. He joined Bobcares in January 2012. He loves playing football and watching TV during his free time.

Blog edited by :

Arundhati Rath works as a Software Engineer in Bobcares. She joined Bobcares in June 2011. She loves listening to music in her free time.

The beta of IO Limits for CloudLinux 6.x has been released. I/O limits provides the ability to limit read and write operations on a per-customer basis. This feature allows to setup IO throughput for clients as measured in KB/sec. The limit is for both reads & writes, combined, and we set it as a single number for simplicity.

The long-desired feature was years in development and is finally ready. In addition, physical memory limits and limits for the number of processes will be shown. This completes the CloudLinux LVE offering that already features CPU, virtual memory, and concurrent connections limits.

The issues related to I/O are one of the chief contributors to shared hosting downtime. I/O limits should help customers better manage resource usage and improve overall stability of their service in shared hosting environment.

You can set new IO limits either by using LVE Manager (cPanel only), or from command line. After installing iolimits, make sure that you update lve-utils, lve-stats and lvemanager packages as well. And reboot the server to load new kernel with IO module.

IO limits helps each customer to customize his account. Thus we can see how IO limits will be an advantage to shared hosting servers in the future.

The above is a very rough outline of the shared hosting service we provide, and if you have any questions, we would be happy to talk to you!

Blog written and edited by :

Kumar K works as a Junior Software Engineer in Bobcares. He joined Bobcares back in February 2012. He loves reading books, watching movies and listening to music in his free time.