Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


On Low-Cost Web Hosting/VPSes (in light of recent hacks)
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

On Low-Cost Web Hosting/VPSes (in light of recent hacks)

I've been thinking of writing a blog post on this topic for some time, and the recent SolusVM-related hacks pushed me to finally put my thoughts into words: On Low-Cost Web Hosting/VPSes.

In the article, I offer a few strategies for keeping your site up, and reasons why you should consider paying more for your hosting if your website is important to your business or generates revenue:

  1. You get what you pay for
  2. Always keep your own backups
  3. Don't host mission-critical sites and software on cheap hosts
  4. Don't rely on one server, or one hosting provider

It kills me every time I see someone write about their site being down and unrecoverable here and on other forums; follow these bits of advice, and you won't ever have to learn the hard lessons many have learned as a result of the recent hacks.

I thought I'd post this here because I love reading other people's thoughts on backups, redundancy, and cost-effective hosting in these forums, and wanted to offer some of my advice for people who haven't been 'fortunate' enough to have their own low end hosting providers let them down yet :)

Note: I'm not in any way disparaging @Nick_A, @CVPS_Chris, or any of the others involved with RamNode, ChicagoVPS, or another hosting provider that was a victim of a SolusVM-related hack—they have done great work (imo) keeping their customers up to date with their situations, and have done as much as (and more than!) would be expected in terms of getting servers back up and running as fast as they can.

Comments

  • Don't host mission-critical sites and software on cheap hosts

    Some of the most reliable hosts I've ever used have been cheap hosts.

    Some of the worst, most unreliable hosts I've ever used have been expensive, top of the line hosts.

    It all boils down to having a CYA (that's cover your ass) strategy - ie: don't keep all of your eggs in one basket.

    For the same price you're going to pay that "not cheap host" you can setup redundancy with many cheap hosts, and end up with better reliability because of it.

  • @MrObvious said:
    For the same price you're going to pay that "not cheap host" you can setup redundancy with many cheap hosts, and end up with better reliability because of it.

    Often true; but sometimes it can be much easier (and save time) for small problems or things where you just need a server admin to hit the server with a crowbar (metaphorically speaking) to be with a hosting company with 24x7 support (or at least some ticketing system) and more than 5-10 employees.

    If I can save an hour of my time in a year by paying an extra $2-4/month for this slightly higher level of support, then it's worth it to me :)

  • Hacks can happen to anyone whether high end or low end.The main thing is to keep backups always.Even linode was hacked ,hostgator's thousands of server rooted and many more such news you can find.

  • @ftpit said:
    Hacks can happen to anyone whether high end or low end.The main thing is to keep backups always.Even linode was hacked ,hostgator's thousands of server rooted and many more such news you can find.

    This is also very true; however, I've experienced many short-duration outages (mostly as the result of DoS attacks on the host my VPSes were on) on cheaper VPSes (5-30 minutes, usually) than I have on some of the bigger/more expensive hosts.

    I think part of this has to do with the fact that there are (a) fewer customers per server on (most) more expensive hosts (like Linode and Rackspace), and (b) less of the 'buy a cheap host and throw inflammatory/illegal/racy stuff until the server goes down' crowd that seems to frequent cheaper hosts.

    That is not to say that you should consider more expensive hosts as being automatically more secure, just because they might have more staff/money. Always keep redundancy/backup in mind, and don't trust anyone with your data except yourself.

  • rds100rds100 Member

    @geerlingguy that's probably because the usual shit magnets (i.e. kids with Minecraft servers and similar) usually don't use the expensive hosts.

    Thanked by 1doughmanes
  • jbilohjbiloh Administrator, Veteran

    @geerlingguy Well written. Thanks for sharing. Maybe one day you can write something for front page of LEB. :)

  • I think few low end providers give much more than what you have paid for.

  • MaouniqueMaounique Host Rep, Veteran
    1. You do not get what you pay for.
      Your experience may vary but i am hosting various things outside my home from 1998.
      I used at first whatever i could find adds for (i.e. big hosts). Then I joined WHT and things started to improve, after discovering LEB i never needed anything else.
    2. Always keep your own back-ups is valid with any host. Data loss occurs everywhere, even if you have a paid back-up add-on.
    3. Don't host mission critical stuff on any one host. Make a redundancy scheme of some sort. Once you do that, you would rather use 10 cheap hosts than 2 expensive ones (which are not much better, just have more advertising money and fat pipes so DDoS will not feel that bad).
    4. Very true.

    Bottom of line (TL;DR)
    Dont go for adds, go for reviews;
    Have redundancy;
    Keep back-ups (redundancy may not always save you from defacing, user error, etc if replication is fast).

    Thanked by 1Infinity
  • kids with Minecraft servers

    That description would also fit many Low End hosts (like ServerCrate).

    I've experienced many short-duration outages (mostly as the result of DoS attacks on the host my VPSes were on) on cheaper VPSes (5-30 minutes, usually) than I have on some of the bigger/more expensive hosts.

    There are several Low End hosts who use "DDoS Attack!" as a blanket excuse for any outage (mostly to cover up their own incompetence), but the primary reason DDoS attacks are more prevalent in the budget market is because, as rds100 said, the low prices attract "the usual shit magnets"

    Hacks can happen to anyone whether high end or low end.

    Hacks can happen to anyone but they are more likely to happen in the low end because there are a large number of hosts who have little technical knowledge and are basically clueless about server security and would be lost if they didn't have Solus to hold their hand and had to rely on the command line.

    Some of the most reliable hosts I've ever used have been cheap hosts.

    Prometeus is one example of a reliable cheap host, and there are many others. "You get what you pay for" is true some of the time but not all of the time. There are plenty of more expensive VPS providers (GoDaddy for instance) who provide shitty service and even shittier support and have frequent outages. The same thing holds for dedicated server providers: you don't always get what you pay for,

    Always keep your own backups
    Don't rely on one server, or one hosting provider

    yes and yes

    Thanked by 1doughmanes
  • @DomainBop said:
    There are plenty of more expensive VPS providers (GoDaddy for instance) who provide shitty service and even shittier support and have frequent outages.

    Oh gosh yes. I don't know how many times I've had to yank people's sites of GoDaddy and put them anywhere else. GoDaddy is, in my experience, not only the worst registrar, they have the worst hosting services and support out of pretty much any provider I've seen.

    I'm definitely not saying that more expensive hosts are necessarily better; but that cheaper hosts are almost always going to suffer from some problems like smaller support staff, more downtime (maybe just little bits here and there), and more DoS attacks. But yes, to all who point out that even big hosts have problems—that is definitely true. But not all big hosts spend all their money on marketing, either :)

  • natestammnatestamm Member
    edited June 2013

    I think systems administration is one of the most important aspects of any web IT. And in my experience I have not seen any one metric that can honestly predict how well it will be managed. I have had some of the best service in registration and even VPS administration detail from GoDaddy. Few years ago I had an issue with a simple $40 VPS and had a phone call in to their night support at 3am with no managed plan additions and was helped immediately with a technical issue that I had actually caused. They were actually a bunch of really cool guys, just web heads like myself up late waiting for any problems that came down the pipe. Not at all dissimilar from some here.




    I Also have had some of the best management and fastest response times from a VPS provider here on the LEN. This is why I value hearing about peoples experiences and weighing them on a more aggregate scale. With these details in mind a blog might be a great way to get opinions and experiences out into the public. Security is another factor. I think this network of providers is on the front lines keeping up with exploits and other issues. I have also never seen so many systems and networks affected by hacks provided that some thing is missed, or may be because a small team failed to catch an issue in their applications or update their back end systems.




    If you do go the blog route I would just try to make sure you don't bias yourself too much. Lots of people come to forums like this and related blogs after negative experiences. I did that myself with the LEN. But it also got me into a great community. I've also seen a lot of talk about backups here which I think is cool. I've got a very simple tutorial for backups coming probably tonight that I've been meaning to put up for a while.

  • 24khost24khost Member
    edited June 2013

    @geerlingguy said:
    I've been thinking of writing a blog post on this topic for some time, and the recent SolusVM-related hacks pushed me to finally put my thoughts into words: On Low-Cost Web Hosting/VPSes.

    In the article, I offer a few strategies for keeping your site up, and reasons why you should consider paying more for your hosting if your website is important to your business or generates revenue:

    1. You get what you pay for
    2. Always keep your own backups
    3. Don't host mission-critical sites and software on cheap hosts
    4. Don't rely on one server, or one hosting provider

    It kills me every time I see someone write about their site being down and unrecoverable here and on other forums; follow these bits of advice, and you won't ever have to learn the hard lessons many have learned as a result of the recent hacks.

    I thought I'd post this here because I love reading other people's thoughts on backups, redundancy, and cost-effective hosting in these forums, and wanted to offer some of my advice for people who haven't been 'fortunate' enough to have their own low end hosting providers let them down yet :)

    Note: I'm not in any way disparaging Nick_A, CVPS_Chris, or any of the others involved with RamNode, ChicagoVPS, or another hosting provider that was a victim of a SolusVM-related hack—they have done great work (imo) keeping their customers up to date with their situations, and have done as much as (and more than!) would be expected in terms of getting servers back up and running as fast as they can.

    Bought to blow your whole though up.

    Linode a "fairly large host" was hacked a few years ago, Customers credit card details, usernames and passwords were all out.

    Till recently you would get super old hardware when you ordered from Linode.

    Yet you could get hosting from any number of us here and have just as good if not better uptime and on newer, faster hardware.

    This article is flaw'd in viewing larger hosts as not having these issues.

    Another large host that had some issues was hostgator i.e.(whmcs debacle)

    Thanked by 1erhwegesrgsr
  • I'm not at all saying that LEB hosts are not worth using, or that 'larger' hosts (by the metric of more expensive/larger support staff) are automatically more reliable.

    The main point to my post was: don't expect a 5-10 person operation to have the ability to recover from a major catastrophe overnight (or sooner), and always be flexible—keep offsite backups, have your own disaster recovery plan (no matter how simple).

    I'm mostly speaking to the people I've seen on these forums, WHT, and elsewhere who are up in arms over RamNode and other inexpensive (but awesome, fwiw) hosts' inability to do fifty thousand tasks in ten minutes, while responding to all the negative comments on these forums. Understand that if you have a business-critical website or application running on any webhost—anywhere—it's your responsibility to make sure it's up :).

    Thanked by 1support123
  • @geerlingguy said:

    The main point to my post was: don't expect a 5-10 person operation to have the ability to recover from a major catastrophe overnight (or sooner), and always be flexible—keep offsite backups, have your own disaster recovery plan (no matter how simple).

    I'm mostly speaking to the people I've seen on these forums, WHT, and elsewhere who are up in arms over RamNode and other inexpensive (but awesome, fwiw) hosts' inability to do fifty thousand tasks in ten minutes, while responding to all the negative comments on these forums. Understand that if you have a business-critical website or application running on any webhost—anywhere—it's your responsibility to make sure it's up :).

    Agreed 1000000%

  • Dedicated hardware is so cheap, why do you still need hand holding with a VPS server?

    If you need a web interface, Proxmox.

  • asterisk14asterisk14 Member
    edited June 2013

    @geerlingguy said:
    The main point to my post was: don't expect a 5-10 person operation to have the ability to recover from a major catastrophe overnight (or sooner)

    I said exactly this a few days ago! One man shows are inherently more risky than the larger operations, and ones being run by under 16's are even more risky.

    That's why I said in a post that any provider providing services on here should write :-
    1) how many people / one man show?
    2) how old they are?
    3) are they a registered co?
    4) have they paid their taxes this year/last year?

    This would enable us (the customers) to make an informed choice. It is obviously in the providers interest not to release this information and many don't. Just check the LEB ads.

  • The main point to my post was: don't expect a 5-10 person operation to have the ability to recover from a major catastrophe overnight (or sooner), and always be flexible—keep offsite backups, have your own disaster recovery plan (no matter how simple).

    Actually I might disagree with that. Less hardware means it is easier to recover. A smaller host has less hardware. Look at how long it takes CVPS compared to lets say, Ramnode. The length of time to restore things is less due to having less servers.

    Thanked by 1natestamm
  • Often true; but sometimes it can be much easier (and save time) for small problems or things where you just need a server admin to hit the server with a crowbar (metaphorically speaking) to be with a hosting company with 24x7 support (or at least some ticketing system) and more than 5-10 employees.

    LEB provider will have 5 or less employees with the "owner, founder, CEO" or whatever crap self-gratifying title.

    If you have 10 employees, you should be able to handle 3, 8 hour shifts with 3 employees working the help desk. Maybe 2 as L1/helpdesk, 1 as a L2 and perhaps an on-call L3 when needed

    I know many qualified 3 - 5 employee teams. Employee size doesn't mean shit, same thing with an office. It all comes down to overhead and how much business you do.

  • MaouniqueMaounique Host Rep, Veteran

    @doughmanes said:
    It all comes down to overhead and how much business you do.

    It also comes down to quality of people.
    If all you have is a few 9 to 5 ppl watching the clock, the number is quite irrelevant.

    If you have 2 with a passion always on call, then that is much better already.

  • smansman Member
    edited June 2013

    Just back up everything. The more you back up the better. You can never have too many backups.

    Just because someone charges more for hosting doesn't mean they are better. You still have to do your due dillegence. Plenty of hosts using cheap or old infrastructure trying to charge premium prices and a lot of bargains out there on good newer infrastructure if you look hard enough.

  • @sman said:
    Just back up everything. The more you back up the better. You can never have too many backups.

    Quite true, and also making sure they're not in the same place :)

  • asterisk14asterisk14 Member
    edited July 2013

    I have trouble keeping track of my backups. I have 3 desktops and 3 laptops which doesn't help! Tried using dropbox for the important files, but that's a bit of a pain aswell as I don't want to install it on all my laptops/desktops etc....

  • I would prefer a team across the globe vs shift work. I often find those on shifts (and rotating shifts) to be less productive and usually don't stay in a job for long.

    Shifts don't quite work with our daily lives and can be a health concern.

  • smansman Member
    edited July 2013

    @asterisk14 said:
    I have trouble keeping track of my backups. I have 3 desktops and 3 laptops which doesn't help! Tried using dropbox for the important files, but that's a bit of a pain aswell as I don't want to install it on all my laptops/desktops etc....

    I rely on JungleDisk for all my off site backups. One desktop license and you can install it on as many windows computers as you want. Just make a separate storage container for each computer all on the same JungleDisk account.

    You should always have at least 2 backups. One offsite and one onsite.

Sign In or Register to comment.