Web Hosting Blog By Leading Edge Hosting

Hackers scanning IP ranges

Well, I have to say, this is quite a clever way of looking for potential targets!

We have a Chinese hacker (the IP is Chinese) who is apparantly checking all the IP addresses in our new block for vulnerabilities.

This is more impressive than the usual brute-force attacks we say day to day; I can’t believe how many times you’ll see in a logfile someone attempting to ftp using ‘administrator’ or ‘root’ as the username… I guess these low-tech hacking attempts must work occasionally though, otherwise there would be no point.

Posted in Security, Server administration | No Comments »

Billing Systems

We’ve recently started to test WHMCS as a potential replacement for modernbill and I have to say, I’m quite impressed!

WHMCS comes with an import script to transfer everything over from modernbill, and with only minimal configuration I have it running side-by-side with modernbill! All the automated functionality works like a dream, and it’s sending out nice PDF invoices, rather than standard email ones.

We’re waiting to see what happens to modernbill now that Parallels have bought it and integrated it with the Plesk web hosting software, but I am 90% certain at this stage that we’ll move over to WHMCS…

Does anyone know of any other decent web hosting billing systems?

Posted in Server administration, billing | No Comments »

We have our own IP range

Wow, check us out! We’re proper pros now, we’ve even bought IP addresses of our very own from RIPE. We’ll shortly be calling them home, and we’ll be moving all our lovely customers to our new IP addresses in the next few months too.

We’ll be sending out email notifications before anything happens, so don’t worry, but how cool are we?

Posted in Uncategorized | No Comments »

The low hanging fruit of PHP

Well, I’m very suprised, I would have expected to have been asked about this at least at some point over the last 4 years. We do not enable the PEAR library by default for any of our web hosting customers.

Suprised? Don’t be, with major security flaws like this one is it surprising? Many of the base PEAR files are installed as root by default, so with a flaw like the one above, it’s not something we want anyone to have access too.

However, we’re currently evaluating all the various scripting languages we support, ensuring that they are all working properly and things, and so we found ourselves spending quite a bit of time at the http://pear.php.net/ website. It seems it’s quite a straightforward job to install PEAR on a shared server so if any of our customers would like to start using the PEAR packages we recommend trying the method described at the bottom of this page.

In the mean time we’re going to evaluate installing and setting up PEAR in this way, so if you want to save yourself the time of testing it, we’ll be doing it for you. I’ll post back here once we’ve completed the testing.

UPDATE: Finally got round to testing this, and yes, it does work, you can install PEAR using this method.

Posted in Programming Languages, Security, Server administration | No Comments »

Windows Dedicated Servers Now Available

After successfully implementing our first Windows dedicated server, we’re ready to launch these as a product.

It took time, effort and lots of hard work, but actually, for the first time ever, credit to Microsoft for a Windows operating system, Windows Server 2008 is pretty damn good. Much better than Vista in my opinion.

Anyway, if you’d like to enquire about one of our Windows dedicated servers, please do get in touch, speaking from experience now our Windows servers are incredibly fast!

And you’ll get access to our lovely new backup system

Posted in Uncategorized | No Comments »

Turning Websites Off???

Can I just say, what an awful practice this is, yes some web hosts actually do enforce bandwidth restrictions with military precision.

At Leading Edge Hosting, we make a policy of not switching customers websites off the minute they exceed their bandwidth allowance, we’d much rather just say look, you’ve gone over your limits, you need to upgrade.

I just don’t understand these hosts that take customers websites down so quickly, it’s hardly “helping your customer to succeed” now is it.

Anyway, rant over, thanks for listening.

Posted in Uncategorized | No Comments »

We Have a New Backup Architecture!

Wow, after around 6 months of work we have finally implemented a nice shiny new backup architecture for pretty much every server we’re running! And we’re rather pleased with it.

I don’t want to go into too much detail, but we bought a pretty decent dell server with RAID purely for storing backups. After a huge amount of (very much appreciated) hard work from our server administrator James, we’ve now got all our servers automatically backing up onto this new dedicated backup server.

Not only that, but our dedicated servers are having a months worth of complete disk images stored (in addition to the standard web files etc), meaning we can restore entire servers in the blink of an eye! God forbid we ever have to though!!

points to us, just for being good at what we do.

Posted in Uncategorized | 1 Comment »

PHP6 and magic quotes

A little advanced warning here, PHP 6 is in development and the developers of PHP have decided to remove magic_quotes().

For those of you who don’t speak fluent PHP, magic_quotes() is a feature built into PHP, designed primarily to protect websites from SQL injection techniques. Unfortunately, lots of developers have used the magic_quotes functionality as their main protection mechanism for their code. This is highly discouraged by the developers of PHP

At this stage, web companies / developers should (must) re-visit any legacy code running on their websites to add additional protection prior to upgrading their servers to PHP6.

We will also be notifying our customers of this important information via email.

Posted in Security | No Comments »

Anti-spam

Several of our customers have been in touch over the past few months wondering why they can’t send email through our systems.

In literally 95% of these cases, it’s because they have somehow been allocated an IP address that is tagged as belonging to a spammer.

Leading Edge Hosting use what’s called a DNSBL, which is a blocklist (blacklist) of IP addresses, shared over the Internet. Their are several blocklists, maintained by different companies, but we use the blocklist provided by www.spamhaus.org

If you find that you cannot send email through our servers, it’s worth checking that your IP address has not been blacklisted. To do this, first find your IP address then visit this link and type in your IP address. If your IP address is listed you are probably being blocked by our server.

If you need to absolutely confirm that our servers are blocking your IP address, an alternative method is to open a Windows command prompt, type: telnet and press enter. The command prompt should change, now open a telnet connection to our servers from your PC by typing: o 123.123.123.123 25

But replace 123.123.123.123 with your IP address (find it using the link above). If the server reports a message that mentions Spamhaus, consider yourself blocked.

So what should you do if you are blocked? Well, spamhaus.org provide facilities to request a de-listing of your IP address, so follow their on-screen instructions, but be careful. Most of the time, when an IP address is blocked, it is because it has been detected sending spam emails. 9 times out of 10 I would imagine that this is because your PC(s) have been, or are, infected with a trojan or virus that is sending spam on your behalf.

We highly recommend using the FREE online virus scanner provided by ActiveScan: http://www.pandasecurity.com/homeusers/solutions/activescan/

Posted in Security | 1 Comment »

Choosing the right web host

Ok, so I know there are loads of posts out there about this kind of thing, but I still wanted to add my 2 cents.

So we’re a web host, and yes we know, there is loads, loads, of competition out there, but to be honest, we don’t really consider most of the smaller web hosts a threat to our business at this stage; our service is good and we believe in it. We also read so many horror stories about startup web hosts who don’t know the first thing about server administration, and who get hacked… quickly!

Which leads me nicely into this post; what should you look for when selecting a web hosting partner?

Well, lets start with the obvious things:

1. You need a web host who performs regular security updates to their servers (Windows or Linux), don’t be afraid to ask about their security policy. Don’t expect exact details about what they do, but do expect them to be able to give you an idea of how they manage security. For example, do they regularly update their servers, are they running a firewall, do they have intrusion detection, do they have rootkit detection software. Those are all questions you should expect to have yes answers to, but don’t expect anyone to tell you what software their using.

2. Are the servers physically located in your country? It’s reasonably common knowledge that Google ranks websites more highly if the server they are on is physically based in the same country as the searcher. So if you’re based in the UK and you’re targetting UK customers, ideally your server ought to be located in the UK too. Perhaps more importantly, the nearer your server is to you and your target audience, the faster it ought to respond.

3. Do they have server monitoring software? A good host should, and they should be able to tell you what their uptime record is.

4. Are they a re-seller? I guess some people might not be overly honest about this, but in my opinion you don’t really want to choose a re-seller. Why? because they rarely have any control over their servers. For example one of our contacts is a reseller for one of the big UK web hosts, if they have a problem with a server, they literally have to get on the phone and wait for their web host to sort things out. This is a poor service compared to a web host who can take the call, get onto the server immediately and sort things out.

5. Do they allow CRON jobs / Scheduled tasks?  If your website needs any processes to run automatically you need this facility. Many of the bigger web hosts don’t allow you to use CRON jobs, I have no idea why! The only thing I can think of is that they’re worried the server could be overloaded with badly run scripts. But, we’re able to prevent out of control scripts wrecking havoc, so why can’t they?

6. Do they allow you to use server directives in an .htaccess file? Vital for search engine optimisation! You need to be able to set up things like 301 redirects, otherwise when you change domains, how will Google know?

7. Are they able to tell you what hardware they’re using? We can, why can’t they? (FYI we’ve just bought lovely Quad Core Intel Xeon Server for our shared hosting platform, nice :-))

8. Do they offer backups? Do they have RAID? If they don’t have either, what are they going to do when their hard drive fails? If it dies, all your data dies with it.

I guess that’ll do for now, I’m sure I’ve got many more things to add to this list, but I hope someone finds it useful.

Posted in Uncategorized | 2 Comments »