Over the past fifteen plus years, I’ve the chance to read post after post, thread after thread, in a major web hosting discussion forum.

While it is extremely common to read threads titled, “How long have you been with your current provider?” with common answers of six months or less, it is just as common to read posts that would have most web hosting consumers, especially business owners, up in arms.

What are some of the dirty little secrets cheap hosting providers do not want you to know?

With the exception of the last section, Local Designers offering Web site hosting — which deals with a personal experience — the posts below are word for word quotes, sometimes from desperate hosting business owners showing a little about what goes in inside their business or what they are exposed to in their business.

My hosting website has been hacked

“Web hosting website has been hacked yesterday and the person who did it deleted all my websites and my clients websites as well.

I have lost 15 website that are mine.  47 websites for clients. Plus I kept getting emails from angry clients too.

The server is down…. my website is not working …. etc

Also, I have an ebay store with +800 lists and all my images for the listing were hosted in my account. Now everything is gone.

I have lost all my emails, hosting packages, and more.”

(Editorial note:  The overwhelming majority of cheap hosting providers DO NOT secure their servers.  Some of those who state they do, did so only one time — that’s not security, that’s being cheap!  Most cheap providers do not review their logs and security reports throughout the day — every day.  Most do not review security blogs daily, check for updates daily, etc.).

Ripped off and or lied to!!!

“Is there any true 24/7 tech support you can talk to these days? We tried 2 different out, and the support was either never available, available with someone who could do something very simple, and least but not least something usually got done, either a day or 2 weeks later. What the heck? We do a pretty good back ground check on a host before we check it. Make sure it is not a reseller or if it is a reseller, we try our best to find as much pro’s and no con’s. Every company starts some where and with more clients they expand and last long one hopes.

The worst part is that the one client we were dealing with shortly ago was a non-profit and helped lives.

To host owners out there that take advantage of false advertising, over charging, delaying / excuses, and so much more…Good luck. One day the government will catch up and probably audit as much as the u.s. as they can online. Any unpaid taxes or scams (false advertising to back up a case they may have) will arise. That’s just a fact on google.

Sorry guys. Had to let this out here. After 2 vps hosts in a row we are not happy campers.

Where is the best place to go and or can someone offer some Tylenol to a repeat of headaches we go through. This time it just happened 2 in a row so the frustration had to be left out.”

(Editorial note:  This is from a business that tried a number of VPS hosting providers who said they provide support, and where not there when needed).

Big Mistake – Underestimating my web hosting business

“Well, it looks like I made a mistake on the packages I set up with my web hosting service. I only had a total of 50gb I could resell. The packages I set up on my site for sale was an increment of

• 5000mb – package 1
• 10000mb – package 2
• 15000mb – package 3
• 20000mb – package 4

I already got one customer for package 4. Got 2 customers for package 1. Got one customer for package 3. Guess what that leaves me? With basically nothing, in the negatives. Now I have to recalculate and adjust my packages + pricing. Anyone have any advice on the best way of going about in this?”

(Editorial note:  the hosting provider did not measure twice to saw once, and basically set up four customers that now uses all of the space on the server.).

Making absolutely no profit. Might have to shut down.

“Well, I offer very cheap prices and shared hosting with unlimited disk/bandwidth…

I am getting no business.

I have Virtual Private Servers, Reseller Hosting, Shared Hosting, and SEO.

Any suggestions on how to get some customers? I might have to shut down my hosting business soon.”

(Editorial note:  When did you last see unlimited hard drives on sale?)

Making Profit From Web Hosting Business

“Friends, I am planning to start a web hosting business. Now i am studying many things related to this business. But i am confused, how hosting business make profit.”

(Editorial note:  Unfortunately, it is so easy to start a web hosting business, it can be done without any special skills, certification, experience, etc.)

Tips on improving my Web hosting business

“I started hosting exactly 8 months back…

I’m been very honest here!! I only managed to get 10 clients which is ridiculous…”

(Editorial note:  While not all cheap providers have a “get rich quick” mentality, a large number do not understand the time and money investment needed to do the job correctly.)

Local Designers offering Web site hosting

Last year when we went to have our Web site redesigned, we looked at a number of local design firms; one of whom uses the word, “axiom” in their company name.  It is interesting to note that one of the definitions of the word, axiom is “self-evident truth that requires no proof.”

When I saw this particular company offers web hosting, I was curious to see if they had their own data center, if they were a reseller, a reseller of a reseller and so on.  So I did less than five minutes of homework to find out they are using The Planet.  The Planet is a reputable data center provider.

When we met with the owners of this company, I put the “self-evident truth that requires no proof” to the test by asking them if they own their own data center.  They stated, “yes.”

When I asked them how can that be given they are using The Planet, they stated they own The Planet (the company and its data centers).

The questioning went on and on with various answers until finally they admitted the truth that they rent a server from The Planet; and staff at The Planet tries to help them when things go wrong.

Why they could not tell the truth when asked the first time, only they know… there’s nothing wrong with using a reputable data center provider like The Planet.

The sad parts is that the did a disservice to their company name  — “self-evident truth that requires no proof”, and they lost the sale because why should I or anyone else deal with a company that lies right to your face (we met the two owners in our office).  We would never recommend them to anyone.

If you think you are safe because you use a “brand name” cheap hosting provider, then think again.    When you are out to deliver cheap services (hosting is a service, not a boxed product), you have to cut corners in order to lower the price or keep the price point low.

That may mean outsourcing support to India and other countries where the work ethic may be extremely different.   That may mean using cheap equipment or trying to keep the same equipment longer than its shelf life.  The list goes on.

If your business matters to you, then please do your home work.  Ask very hard questions, and dig deeper than the surface when you receive answers.  It is your business, and you have the right to quality service.

Please contact us if you have any questions.

The client might be stating mySQL is down along with providing the error message and steps to recreate the problem.  You have all the information you need to trouble shoot.

Yet, on the server you run the commands to see the status of mySQL, and everything is showing up.

You know you have to be missing something because you and the client can walk through their site and see the site thinks mySQL is down.  Where is this elusive thing you are not seeing?

You start going through the client’s code, and as time goes by other clients are calling, emailing with pressure building from all sides.

You just want to scream!

Eventually, you check your network bindings to find out that one or more of the service and dedicated IP addresses are not showing as bound to the network card.

You found the elusive problem was somehow Parallels H-Sphere lost its network bindings; and so you run /hsphere/shared/scripts/setup-ips.pl to re-establish the network IP address bindings following by restarting mysql and other various key services.

While you breathe a sigh of relief, and update all of your clients… you might be thinking about how the problem could have been prevented… what if…

Parallels H-Sphere is fairly reliable; and the problem with losing one or more IP bindings is rare.  So rare that some providers never get hit with it; and those that do, typically once every year or so many years. 

The infrequency of the problem adds to the elusive hunt when it happens, but it is typically not the first thing on your mind to check.

Personally, I like to automate things to remove such burdens.

One of the first things that came to mind is R-fx Networks System Integrity Monitor or S.I.M. for short.  Ryan MacDonald.  S.I.M. was one of Ryan’s first (if not the first) projects in hosting automation, management, and security.

We’ve been using S.I.M. for years to monitor for internal outages of mysql, Apache, and more… why not for internal monitoring of missing IP addresses from the network card interfaces?

Ryan MacDonald provides a number of S.I.M. modules in /usr/local/sim/modules/init  — and most of these are very straight forward to read and understand (if you have a system administration or programming background).

Those in /usr/local/sim/modules/init typically deal with an individual service being down such as mySQL, sendmail, ssh, and the like. 

The issue with the elusive H-Sphere bug is that the network itself is up, and any directly bound IP addresses may also still be active and present.  So just looking at a port or necessarily even a URL check wasn’t going to guarantee S.I.M. or a person knows for sure about an internal IP address blackout.

So simple port checks or presence checks didn’t provide enough to solve the problem.

Well, how would we do it manually in the most concise manner possible?

At the time of this writing (and for a while now), we have mysql.dynamicnet.net at a unique IP address of 173.193.203.200.

This IP needs to be bound to the public network interface and active for mysql.dynamicnet.net to work.

This IP address is also in /hsphere/local/network/ips which is called by /hsphere/shared/scripts/setup-ips.pl

/hsphere/shared/scripts/setup-ips.pl is typically only run when the server boots.

 The following is a one line command that will show the IP address if the IP address is bound and active (the reason for using full paths is that S.I.M. is called from cron which typically passes no path in the environment; therefore never assume the system will know the location of any application or package):

(Editorial note:  Using the “-w” as part of the grep to avoid matching .22 against .226 and the like is thanks to Jeffery Kilonsky for reviewing the code).

/sbin/ifconfig | /bin/grep inet | /usr/bin/cut -d : -f 2 | /usr/bin/cut -d \  -f 1 | /bin/grep -w 173.193.203.200

Similarly, the following command will show the IP address if the IP address is a part of the /hsphere/local/network/ips file:

/bin/grep -w 173.193.203.200 /hsphere/local/network/ips | /usr/bin/cut -f 1

Ok, so we have two pieces to the puzzle.  /hsphere/local/network/ips has to contain the IP address if it becomes unbound; and /sbin/ifconfig can show bound IP’s.

Now what?

S.I.M. has two module areas — one in /usr/local/sim/modules/init and one in /usr/local/sim/modules

The former has the relatively easy (few lines of code, and more built in functions and checks) to setup and implement modules; and the latter has the sightly more complex, typically involving some real code to make it happen modules.

Ryan even has a network.mod which provided a framework for what a H-Sphere module to check the network might look like (at least in outline form).

Yet, for a while finding out how to put the pieces together was as elusive as the hunt for why a customer might see mysql down when I see it up.

Tonight the hunt is finished.  The S.I.M. add module developed (finally), and tested.

Since Ryan MacDonald is kind enough to share S.I.M. with the world, I thought it would be nice to share dni_network.mod with other H-Sphere providers as well as R-fx Network fans.

H-Sphere providers, you can test this yourself by putting in a dummy IP address for IP_CHECK that is not in /hsphere/local/network/ips (nothing will restart, you will just get the S.I.M. warning email); and for a full test have a valid IP from /hsphere/local/network/ips for an IP address you don’t have setup through /etc/sysconfig/network-scripts and from the server console run “service network restart” (which will restart network services, BUT not bind a single H-Sphere IP).  Please allow a few minutes for S.I.M. to kick in.

Please contact us if you have any questions.

One of the challenges we face day to day is maintaining a Biblical view of life.

In a daily perspective, one of the questions we ask ourselves is if we are just going through the motions or are we doing the best we can do, along with looking for areas of improvement.

We try to apply this on a service level not only when our customers call us on the telephone for help or put in support tickets, but in the actual services we provide as well.

Let’s take a deeper look at what this means to our customers and potential customers…

Managed Shared Hosting, Managed VPS Hosting, Managed Reseller Hosting

We’ve been in the managed hosting arena since 1996 (in business since 1995); and on a regular basis we review our network infrastructure, network services, etc. to see what type of add ons and upgrades we can provide to our managed hosting clients — often at zero charge or change of billing.

Since our new site has been live, such changes have been documented in our News section with the latest being an overall increase in bandwidth allocation for our Managed Shared Hosting customers, Managed VPS Hosting customers, and Managed Reseller Hosting customers.

Managed Server Administration, Managed Security, Managed Dedicated Servers (aka MSP customer)

Every MSP customer in good financial standing with us that either has a recurring / subscription-based service or has administration time on file with us receives one to two free hours of administration time in the months of November (for Thanksgiving) and December (for Christmas) as our way of saying thank you for their business.

Sometimes MSP customers have extensive questions which can take an hour or so to answer.  While we retain the right to bill for such time, the overwhelming majority of the time, we do it freely as way of saying to our customers “we appreciate your business,” with something to back it up.

Every time we log into a server for security patching, we do a mini security audit to check for root hacks as well as server-based active malware; security patching customers also receive our APF Global Trust Service free of charge.

Security Monitoring customers, in addition to getting our Global Security Service (GSS) included and our APF Global Trust Service included, we notify customers of trending attacks where they can then notify their customer(s) whose trend is in process to dig deeper.

Our GSS customers receive our APF Global Trust Service free of charge.  When we see a GSS agent disconnect, if it is due to a server outage, we alert the GSS customer to a down server event.

When we go through a server migration (which can involve multiple servers), we do our best to take a look at the entire picture from start to back.  Part of our multiple step process includes a draft migration to ensure our thought process is on key guaranteeing a better end result.

Our Managed Dedicated Server Customers often have a complete package of services from 24 hour care with a guaranteed response time to server administration to various security packages and more.  For our managed dedicated server customers, we do our best to be proactive as well as responsive. 

While we do believe there are a lot of good companies out there who provide similar services, from talking with our customers, we are held accountable and receive feedback that we are hitting the mark.

If you are not under our care, is your current provider just going through the motions for you?  Or are they giving it their all on a regular basis?  If the former, we would love to have you under our care.  It would be an honor for us to show you our appreciation for your business over time.

Please contact us if you have any questions.

We learned early on that security matters because if you are going to be hosting online banking, you need proper security in pace every single minute of the day.

Back then there was no question that hosting was a valued added service; hosting was not a commodity.

Over the years, as automation systems became more and more common, the number of hosting companies increased by the thousands.

According to Webhosting.info there are approximately 32,000 web hosting providers in the United States.

With that many web hosting providers, it can be easy to get into the mentality of well, a computer is a computer, and automation is automated… therefore hosting is a commodity… and therefore it all comes down to who has the best price for the amount of storage, traffic, and generic feature sets.

Yet, behind all of those web hosting provider businesses are stewards who set up and maintain the security (or do they?), who set up and maintain the infrastructure (or do they?), and so on.  

The solid providers will properly secure their servers, and keep them secure.  The solid providers will have a great infrastructure.  The solid providers will stand behind their services.

Yet, what I find more common than not as I read various web hosting forums to keep up with the industry is the number of hosting providers run by teenagers (are their contracts legally binding?), those looking to make a quick buck (whether they sell customers or the company for which they steward should they last long enough), and those that hear web hosting can be a good second income (their full time job is not being a steward of a hosting business).   

Unfortunately, out of the 32,000 hosting providers in the U.S., it is far more common to find the owners / management of the company fitting into those three categories — very young adults whose main issues are wisdom and the ability to legally stand behind their services; those wanting wall street type money; and, those whose customer come second after their main job.

I was reminded of that this past weekend when I was reading a forum thread titled, “Be aware, Security Metrics.”

Here are some snip its from the first post:

“Today a hosted client received allot of traffic. Someone scanning to the last file of this wordpress install. Guess what. The IP was from Security Metrics “204.238.82.20″

Even his logs shows it.

I would not wonder about it, since they seem to be a PCI certification service and they would probably just scan their website for security. This scan was not normal. It was like a small DOS attack. The load spiked and it scanned hundreds of urls on the same time for my hosted client.

What really wonders me is why the same IP is trying to hack the cPanel. Ok. Maybe its part of their certification not a problem. The problem starts when they do the same on the server hosted for out main website, which by the case is not the same as the client. Since when does a certification also scans the host website and the clients servers?

So this IP is attacking a clients website, and trying to hack several servers. Nice. I wonder what a real scam this company must be that someone can pay them to scan websites which dont belong to them.

The IPs are blocked and unless there is a real explanation for this, why they scanned the clients website and then tried to log into our own personal servers as well we are going to report this company. If someone hired them to hack the clients website, which I think is the case. They are really unprofessional as they should only allow to scan servers you own. Is clear that we suspect who it was, as the client already told us about this. They seem to have paid Securiy Metrics to find holes not only the clients website but on ours as well.

Be aware.”

Well aside from the provider not having a clue about PCI Compliance scanning and authorized vendors, several pages of posts followed by various other web hosting providers agreeing with him that blocking the IP address(es) of PCI compliance scanning companies is a good thing.

WOW!

What is the impact of their stewardship for their customers based on their actions of blocking valid PCI Compliance companies from scanning their servers?

1. Their clients cannot pass PCI compliance scans; their client banks will now charge them higher rates for credit card processing.
2. The owner / management team of the hosting providers who block valid PCI Compliance scanning vendors never learn of real security holes and threats to their servers; and therefore never take action to make their servers more secure.
3. As a result of #2, the number of hacked sites on their servers increase.
4. As a result of #3, since hacked sites often reach out to hack other servers, the threat becomes viral.
5. And to top it off, if a server cannot handle a scan from one authorized, valid, PCI Compliance scanning provider, can any of the customers on the server be assured that if their site ever takes off, it will go as far as it can without being shut down?

Dynamic Net uses and recommends SecurityMetrics; we allow all valid PCI Compliance scanning vendors appropriate access to our servers.  We have scans against our servers from several PCI Compliance scanning vendors on a very regular basis; all of those scans function without causing a single performance or stability issue on our servers.

Hosting only becomes a commodity if and when every single critical piece of the service and product are the same.  When you shop for groceries, you can expect to find uniformity in the various products on the shelf; it is easy to compare prices down to the unit to see the exact savings you will get should you buy 12 ounces or 16 ounces, this volume or that volume, the store brand or a brand name with a coupon.  Those are commodities.

In hosting, at least in 2012 as it has been for almost two decades the only standards of measurement are the human beings, the people, who stand behind their services and offerings.

What is their full time job?  How long has the company been in business?  How often has management / ownership of the company changed?  Is the company itself, PCI Compliant?  When was their last PCI Compliance scan run?  Did they pass it?  Are they willing to talk about their security policies, procedures, and practices?  And really get deep with you, the customer?

Please contact us for more information.  We care about our customers.  We care about the business we steward; it is our full time business, and we’ve been in business since June 1995 thanks to Jesus.

Then between Thanksgiving day and just the other day, I’m hearing about how NTT/Verio has thousands of accounts completely down for days with phones not being answered, back end status reports not being updated, etc. 

That brought back memories of other companies — in one way, shape, or form — stating they provide customer service or fanatical support or some other catchy “marketing” phrase.  Yet, they turn out to be like career politicians who say what they think voters want to hear.

The last time I checked there was approximately 30,000 hosting providers in the United States alone; a number of them stating they are “managed.”   I’m sure if you asked each one if they provide good customer service, they will answer yes.  But what does that mean?

What is “real customer service?”

We try to share with our daughter, whom we adopted as a young teenager, actions speak louder than words.  To share what we at Dynamic Net, Inc. believe are examples of real customer service in action, I would like to present three recent cases.

Fulfilling the silent request – there has to be a better way

Our Global Security Service has been in production for some time now.  This world wide security patrol is extremely accurate rarely having false positives.

Yet, false positives do occur; and we would have customers call us asking why such and such an IP address was blocked.  The more technical savvy of our customers would take it as far as saying they checked their firewall, and count see the IP being blocked, but could not determine why.  Or when told of how to know it is our global security service, since the steps for removal was manual, would run into trouble in that area.  So they would call us.

We would go in, and then spend time verifying the situation; and if a true false positive, remove the IP making for a happy customer.

Yet, real customer service is going the extra mile — going above and beyond the request — there has to be a better way.

Most of our customers use the Advanced Policy Firewall by R-fx Networks. 

Rather than using the firewall directly (the old — well current at the time — way), what if we used APF itself to add and delete entries?  That way APF would record the block in its log files (in addition to our own); and provide the customer with an easier way to identify a block.  If the block is a false positive, then they could use APF tools to remove it (if they don’t want to wait out the timer)… wouldn’t that be a better way?

Yes, going the extra mile with additional programming would make it easier for our customers as well as our own staff.

Programming complete, testing and quality assurance checked, and now our global security service customers using APF hopefully have their silent request — there has to be a better way — fulfilled.

Holiday season, slow site, their customers getting disconnects – identify the problem, solve it, but then what?

On Cyber Monday, we get a call from one of our managed VPS customers asking us what operating system updates did we perform on Black Friday.  They shared their site has been slower than normal, and some of their customers were getting disconnects.

Unknown to us at the time, the DoS vulnerability patch for BIND/DNS we applied the Monday before Thanksgiving deleted a critical network configuration file on one of our name servers. Something that didn’t raise its nasty head until this past Tuesday evening when we rebooted our servers for an operating system update.

Digging into the problem revealed nothing on the VPS or physical server itself was the source of the problem, but the reboot of one of the name servers with the missing configuration file meant one of our name servers was down.

(As an editorial aside, DNS — domain name services which is like the postal service of the Internet in so far as determining what specific address / destination is to be used based on what the Internet consumer / user is trying to accomplish — is round robin. 

DNS being round robin means that even though you might see words like primary, secondary, tertiary, those words do not hold their true definition.  Each name server listed with a domain name at the registrar gets used in turn (round robin) without any regard to the words, primary, secondary, tertiary. 

So if you have a down secondary or down tertiary even with the primary one up, there will be problems for any person / client / end user whose turn it is to use the one that is down).

While we had monitoring of the physical machines used for the name services, since we never had a case of a name server IP address being lost or missing, we didn’t have quality assurance checks in place.

While real customer service is not about excuses, it is about telling the truth, being real, identifying the problem, and fix it.  Shouldn’t real customer service try to prevent future problems if it could?

We restore the network configuration file, and fix the problem.  While we don’t have control over what a patch or update may or may not do, we did take control over being aware of the situation.

We added to our monitoring system checks for the name server IP addresses so we would be alerted, in real time, when a name server IP address was lost or missing.

We alert our customer with a full report of what happened, when we believe it happened, how we fixed the problem, and the steps we put into place for the future — handling the then what?

In return, we get a happy customer who states:

“We very much appreciate your prompt resolution of this issue and for putting the proper checks in place to assure that it won’t occur again.“

Avoiding telling customers “that’s the way it is”, rather dig in, provide meaningful details, and hold the customers hand through it

We’ve been using Parallels H-Sphere — a complete hosting automation system — since the year 2002 when it was owned by Positive Software founded by Igor Seletskiy (who is now the CEO of CloudLinux). 

A hosting automaton system with billing automation that doesn’t work gets noticed quickly; it would be like having a payroll service that could not calculate paychecks correctly.  H-Sphere has a relatively excellent track record for being accurate in its billing (I use the word, relative, because in the past nine years there has been two bugs that were fixed promptly related to billing).

So when a customer calls asking why their email bandwidth is now around 40 GB per month when it used to be 2.5 GB per month, it would be easy to say “that’s the way it is” or to otherwise put the burden on their shoulders (i.e. you prove it’s wrong).

Is that real customer service?

First off, while earning revenue fairly matters, money is never the end all (people matter more).  While we do have terms of service, acceptable use policies, and other legal words in place to allow us to bill for bandwidth overages, we do look at any question of overages on a case by case basis. 

Since the customer’s regular usage prior to November 2011 was 2.5 GB per month, clearly something is going on for the bandwidth now to be so high in comparison.  While the billing calculations might end up being correct, let’s put the customer’s best interest at heart and credit their account for what we believe might be the overall overage rounded up.

That way, the customer doesn’t have to worry about any financial issues while we hold their hand and walk with them through this event.

Next, we work with the customer to alleviate any fright over whether or not hacking is involved.   We determine the only IP addresses logging into email is that of the customer. 

In the process, we did find out the customer was using extremely weak passwords; and we alerted them to that along with offering to help change them (we did tell them what makes a password more secure — at least 12 wide, mixed case, alphanumeric, special characters when able with zero use of words or phrases).

From there we looked daily reports to identify the specific day of the week in November 2011 the bandwidth spiked up above normal day to day use.

Once we identified the start day, we were able to see from that day forward, while the bandwidth was much higher (i.e. 3 GB per day vs. approximately 500 MB per day), that from the day the issue started, bandwidth usage was consistent (not a spike or otherwise trending upward).

Checking logs we determined the bandwidth utilization was not from sending email.  Narrowing down the date the issue started, along with the issue now being email receipt, we looked into our DNI Mail Complete (an enterprise level anti-spam service) system logs.

What we found were a number of emails, all appearing to be from valid senders, who were sending emails that appeared to have large attachments (it needs to be noted we did not see or otherwise review the contents of the emails); and that was communicated with the customer along with the from and to email addresses involved.

For now it is in our customers hands, but through this experience we held our customers hands, showed by our actions its not all about the money, and gave them the details they need to make a decision of what to do next.

Real customer service needs to be patient, kind, gentle, and loving words that are put into positive actions for the best interest of the customer.

Please contact us for more information.

Parallels H-Sphere (sometimes referenced as HSphere) allows hosting providers to automate the infrastructure across multiple servers.   In someways H-Sphere is like WordPress multisite in that you have one H-Sphere installation managing multiple servers from a central location vs. other automation systems which require a complete install of their software on each server with each server managed separately.

While this article maybe helpful to those not using Parallels H-Sphere, it is intended for H-Sphere hosting providers to use for the benefit of their customers.

After you install WordPress (using the normal, single site installation), edit wp-config.php to add the following:

define(‘WP_ALLOW_MULTISITE’, true);

 

Note: Make sure it’s just before the line /* That’s all, stop editing! Happy blogging. */

Next go to your WordPress Dashboard and under the tools menu you’ll see a new option called network.

Click on this and you’ll come to the install page for MultiSite.

Enter your desired name for the network, and the email of the account you wish to be the site admin, the account which will have total control over the network. If you enter the email of your current account, that account will be used, otherwise a new account will be made.

Also, as part of the installation you will most likely have to make the blogs.dir directory chmod 777 if you are using mod_php rather than fastcgi.

You’ll be given a code to add to both wp-config.php and .htaccess, is will look something very similar to the code below. Use the code WordPress provides you.

wp-config.php

define( ‘MULTISITE’, true );
define( ‘SUBDOMAIN_INSTALL’, true);
$base = ‘/’;
define( ‘DOMAIN_CURRENT_SITE’, ‘www.sitename.com’ );
define( ‘PATH_CURRENT_SITE’, ‘/’ );
define( ‘SITE_ID_CURRENT_SITE’, 1 );
define( ‘BLOG_ID_CURRENT_SITE’, 1 );

 

.htaccess

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]

# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ – [L]
RewriteRule  ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
RewriteRule  ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L]
RewriteRule . index.php [L]

 

In terms of real life examples, I set up mmoblogging.com (shell site, no real blog / site here) to run factionalwarfare.info and evepiratelife.com blogs.  Here’s what the multisite portion of my wp-config.php looks like:

define( ‘MULTISITE’, true );
define( ‘SUBDOMAIN_INSTALL’, true );
$base = ‘/’;
define( ‘DOMAIN_CURRENT_SITE’, ‘mmoblogging.com’ );
define( ‘PATH_CURRENT_SITE’, ‘/’ );
define( ‘SITE_ID_CURRENT_SITE’, 1 );
define( ‘BLOG_ID_CURRENT_SITE’, 1 );

After the installation and initial setup of WordPress MultiSite, install the WordPress MU Domain Mapping plugin.

Part of the installation will be putting the following in your wp-config.php file after the last define line multisite:

/** http://ottopress.com/2010/wordpress-3-0-multisite-domain-mapping-tutorial/ */
define( ‘SUNRISE’, ‘on’ );

 

Now for H-Sphere providers, as well as those automation systems that use similar methodologies, for each new site after the main site (which in my case is a pure shell — at least for now), you add a new domain name that has web services turned off (it is up to you whether you want email services, but mainly you just need the DNS services).

You want to make sure all new domain names that will be mapped (included) in the WordPress MultiSite are set up to point to the same IP address of the main site.

Once you have WordPress MU Domain Mapping plugin installed, go to your WordPress dashboard, settings, domain mapping.  There put in the IP address of your main site (in my case, it is the IP address for mmoblogging.com).  For the check boxes, check the following:

• Permanent redirect (better for your blogger’s page rank)
• User domain mapping page
• Redirect administration pages to site’s original domain (remote login disabled if this redirect is disabled)

Then go to settings, domain, and add your sites.

You get the site id from sites, edit and look in the URL (web page address bar) to see the “id=” field and the site id is the number after the equal sign.

Do check primary for each site you add.

Now, for the manual part on the physical server running the H-Sphere logical service the main WordPress site is located.  SSH to that server, and become the root user (use sudo if you please). Then do the following:

cd /hsphere/local/config/httpd/sites
grep [main site domain name] *
vi [numeric id for domain].conf

Edit the ServerAlias line to include the following (all on the same line with host names separated by spaces):

        *.[main domain name] [site 1 domain name with www] [site 1 domain name] [site 2 domain name with www] [site 2 domain name]  (and so on)

Save the file, and restart the Apache web service.

Here’s what mine looks like:

ServerAlias *.mmoblogging.com www.evepiratelife.com evepiratelife.com www.factionalwarfare.info factionalwarfare.info

Once any DNS propagation is done, you should be able to visit the separate sites; and it should be transparent in that they are part of a WordPress multisite setup.

For administration, you log into the main site and where it states “Howdy, ___________” you left click and should be given the option to become the Network Admin.

Here you can install WordPress themes once for use with all of your sites.  Most, but not all, WordPress plugins are network aware, allowing you to install them once for access by all of your sites.

For the plugins that are not network aware, you can log into the individual site for installation.

Here are related sites I’ve found helping with setting up WordPress Multisite:

• The Ultimate WordPress Multi Site Network Management Guide
• WordPress Codex:  Create a Network
• WordPress Codex: Migrating Multiple Blogs into WordPress 3.0 Multisite

Dynamic Net offers fully managed hosting from shared to VPS to dedicated.  If you want us to setup WordPress Mulisite for you, please contact our support department.

Please contact us if you want more information on our services and products.

But when Murphy’s Law strikes, at least in the hosting world, you typically need accurate help as fast as possible.

The steps below will help you get the most accurate support and promptest support most of the time:

1. Ask the appropriate party for help — do not email sales or accounting when you should really be contacting the support / help desk department.
2. Provide a summary of the problem followed by any specific error messages along with the steps to replicate the problem.
3. Tell the appropriate party the best way to contact you in return; and be sure to include your time zone along with from and to times of your availability should you want them to call you on the telephone.

While all three steps matter, the second step is the most important one.

Here are some examples of bad ways followed by good ways:

BAD ways to ask for help expecting fast turn around:

• My email is down.
• I cannot connect to my site.
• My menus on my web site are not working.

GOOD ways to ask for help expecting fast turn around:

• My email is down.  I can connect to the Internet; and I’ve been able to browse various sites so I know my Internet is working.  I’m able to send, but not receive.  I’m using Microsoft Outlook 2003 on Windows 7.  Our domain name hosted with you is ______________.   My email address is __________ and I’m using __________________ as my email password.  My incoming mail server (name or IP) is ______________.   While my outgoing is working, it is also the same as my incoming mail server.  My public IP address from http://ipchicken.com/ is __________________.  This just started happening this past Friday around noon time.  Oh, the error message I get in Outlook when I try to receive email is ______________________.
• I cannot connect to my web site via FTP.  I’m not able to browse my web site either.  My domain name is _______________.   My public IP address from http://ipchicken.com/ is __________________.   I’m using FireFox 6.xx for my browser on Windows XP; and, FileZilla for my FTP application.  This problem just happened this morning when I tried to FTP to the site using the user id of __________________ and the password of _________________ with the FTP host name of ___________________.
• Last night I added about 20 menus via WordPress ________ (version) on my web site __________ hosted by your company.   I’m using Internet Explorer ____ (version) on Windows ______ (version).  This morning when I tried to add more menus, it will not work.  My WordPress admin area is located at _______________________________ (web page address).  My login id is _____________ and my password is _________________.  The menu name I’m working with is _______________.

The more specific details you can provide when you open up a trouble ticket to the write department / person, the less questions the technician will have to start working on the problem.  The sooner the technician can work on the problem, the sooner the problem gets resolved.

We at Dynamic Net, Inc. do our best to help you accurately and promptly no matter how you ask for help — via phone, help desk system, email, or FAX; the above whether used with our company or others is meant to ensure the help you receive is as accurate and prompt as possible.

Please contact us if you have any questions.

A hosting provider can have the most secure environment in the world, but if the customer uses weak passwords and out-dated applications, then that’s like waving a sign stating “thieves and vandals welcome.”

The easiest thing you can do as a customer to make your home safe, is to create strong passwords you change frequently (monthly to at least quarterly).

The key to password strength include length and complexity.  An ideal password is long and has letters, punctuation, symbols, and numbers. 

The password length should be twelve (12) or more characters containing numbers, uppercase letters, lowercase letters, and if permissible by the application accepting the password special symbols.  A password should not contain any words or phrases found in a dictionary.

You should use a unique password for each application. So if your web site has a control panel, the control panel would have its own password.  If you have FTP, then for each FTP password, it would be unique (completely different than the control panel password).  The same goes for email and database passwords.

There are different applications that can help you create secure passwords, and store them for you in a secure place.  One such application is SpashID, but there are many others.

The other part of keeping your home secure is making sure applications you’ve installed (whether yourself, your designers, or even your hosting provider) are kept up to date.

While some application updates are just new features you may not need, a lot of the time on the Internet, updates include security fixes necessary to help keep hackers out.

Your hosting provider technical support department should be able to get you to speed in both areas if you need help.

If your hosting provider is not responsive to your needs, contact us for more information about our managed hosting options.

If you have an online business, and want to increase sales, do you have a digital ID (SSL) set up so that the shopping cart area uses “https” ?

If the answer is no, why are you not using SSL?

Back in 1995, when Dynamic Net, Inc. was known as PMP Computer Solutions (PMPCS), my answer was due to costs.  I looked at the yearly cost of a digital ID as an expense, I just could not afford at the time.  Especially as a new start up business.  Every penny counted.

Yet, as we started offering more and more products and services online, people were not buying.  Carts were abandoned (that’s where a consumer adds items to the shopping cart, but never completes the transaction).  Why where they giving up?  Was the process too complex?

It turned out to be many, related, reasons:

• Concerns over identity theft since personal and credit card data was not being encrypted by a digital id.
• Concerns over credit card theft because the data was not being encrypted by a digital id.
• Concerns we were a fly by night company because we were being too cheap to purchase a digital id to protect ourselves, and our customers.

According to the Gartner survey in August 2006, approximately $913 million in 2006 e-commerce sales is lost because of security concerns among online shoppers. Another $1 billion is lost because of shoppers who refuse to shop online because of security concerns.

While that survey is now more than five years old, the foundation of it is still valid.

Consumers still want to know you care about their security as well as your own.  They want to be sure you are a solid company who, if you are going to accept their personal information and credit card, are going to do your best to protect that information.

Plus, if you want to be a PCI compliant merchant (which does often lower your cost to accept credit cards), you should have a digital id to help protect your site.

Does a digital id protect your entire site from hackers?

No.  A digital id only encrypts information between the consumer’s browser and your web server.  While that matters greatly in helping to protect consumer data being sent from their browser to your web server, it doesn’t stop hackers from getting into vulnerable applications or vulnerable servers.

Merchants who want to invest in a secure infrastructure will work with a managed hosting provider who will proactively take care of security for the server, and hold the merchants hand to help their individual ecommerce site be secure above and beyond PCI compliance.

A digital id will inspire more sales.  A managed hosting provider will help the merchant have more sales because they and their consumers will have a greater piece of mind about being more secure.

Contact us for more information.

I was recently working with a potential client on an H-sphere migration. It seemed like a good fit and as we progressed toward coming to terms on the deal, price invariably became an important part of the discussion.

The potential client already had one quote in hand and ours was, regrettably, higher. While I think we both believed there was a good potential match here, they opted to go with the lower quote and, really, I understood. I felt we were probably the best option for their needs, but I also understand that there’s a difficult decision to be made.

Within a few days, I followed up to see how things were going and, unfortunately, the answer was not that well. There were issues with the migration that included some extended down time and while migrations are always difficult, I was left with the impression it was probably preventable with proper preparation and planning.

Further, and this threw me for a loop, they told me the price ended up quadrupling from the initial quote…it was now twice the amount I originally gave them!

Perplexed, I asked what happened and it was an all-too-familiar story. The quote was really a “base quote”. It included the migration of data, but it didn’t include the pre-migration work, IP mapping, etc.

It didn’t include any time for clean-up, installation of the control panel on the target servers, or post-migration troubleshooting to iron out all the wrinkles. In essence, they were sold a car without an engine, transmission, or tires.

We’ve been in business for over 16 years and providing Linux server management for most of those years. While we don’t often get to see what we’re up against when quoting, we often hear about the aftermath of a project that either ended up costing a lot more than anticipated, took a lot longer than anticipated, or ended in disaster, whether it’s an H-Sphere cluster migration, a server hardening, or a simple update.

So, really, this was just another reminder to me that regardless of what service or product you’re looking for, it’s always important to consider the real cost of the solution, whether it’s add-ons, downtime, or lost business/reputation while sorting through the aftermath.

Migrations are always a particularly challenging project given the level of complexity and all the potential for downtime, but if you’re planning for this type of project – almost any project, really – it’s critical to know who you’re working with and what corners might be getting cut to get that more attractive, base price, quote.

Are they including all the preparation and quality assurance steps? Are they using well trained, in-house server admins? Will there be any language or communication gaps that can lead to down time? Is this project part of their core business or an ancillary service they offer for a few extra bucks?

Migration Service	Dynamic Net	Other company
Pre-planning (measure twice, saw once)		No
IP mapping plan		No
Complete documented migration plan		No
Custom operating system partitioning guidelines		No
Control panel installation on target servers		No
Data migration
Estimated post-migration cleanup & troubleshooting		No

Finding the right partner for a migration (or any server management need) at the right price is always a difficult decision for any business, but possibly the most important cost to consider is the cost of choosing the wrong one for the job.

Contact us for more information.