Welcome to Vastspace, provides Reliable Web Hosting since 2014

Welcome to Vastspace

Archive

Do you need a web control panel?

RELAXDo you need a web control panel?

This question is more for the VPS and the dedicated server users. A web control panel is likely an option when you order one of these web hostings.

The popular control panels are Plesk Onyx and cPanel with WHM. cPanel can hosts unlimited domains while Plesk Onyx comes in 3 variants support up to 10, 30 and unlimited domains. And if you are a reseller or managing a lot of users for a different domain, you should order Web Pro edition and above.

This has happened to be an option when you are ordering a VPS or dedicated server. You might be saving up to $20 every month if you are not installing a licensed control panel. There are free one but they have limited functions.

In my opinion, you can do most things without a control panel. But how soon? How fast? Who is or are using? Alright, we need to find out who are the users. If your users are business users and you are reselling, you need a control panel. If you are the administrator, you can do without in these conditions;

  • Do you have the knowledge to do it? Like to create a website, mailbox or an SSL certificate.
  • Do you have the resources? Like installing a mail server or an FTP server.
  • Do you have the time? If you need to repeatedly do the same task frequently,

 

To save the money without a control panel might require you t spend more time managing websites. Unless you are confident to do it quickly and the steps are correct, otherwise a control panel makes your life easier and you can get things done quickly.

Send a good email

Today, let’s us learn on how to send a good email. Hold on, not writing a good email but sending. Sounded simple? Yes, everyone knows how to send an email by clicking the send button. But do you know a good email can be ended into your recipient’s junk box, or even bounced? Now, it gets interesting isn’t? Writing a good email is not enough. Your recipient’s email servers have more anti-spam policies. Even you are writing good emails because of those reasons, your emails can go to junk.

With these rules, you can minimize the risk of your important emails ended in the junk box.

a. Always send an email via your or permitted email servers. Some have more than 1 email account and they have belonged to different email servers. If you are sending from an email server that is not permitted, as your IT people might set up something known as SPF in the DNS zone records. You are impersonating unknowingly. This type of failed SPF email might be rejected eventually. SPF is used to control email spamming especially those emails are impersonating your organization sending unauthorized emails to people.

b. Your subject is sensitive – avoid using words like message failed for delivery, spam, and offensive words. These words can easily be classified as junk email.

c. If you are sending an email with an attachment. Do not send doc xlxs or pptx etc. It is a good habit to zip them and scan them with your latest updated anti-virus if you have received such emails.

d. Look for a typo in the recipient’s email address especially they are already stored. A displayed name does not indicate your email address is correct. If you have received bounce email notification like invalid recipients or similar, you might have the incorrect email address.

e.Do not send an email with a big file. I do not recommend an email with attachments larger than 2Mb. Such large emails take a very long time to download, it might crash your recipient email application timed-out connection between the computer and the server.

f. Signed DKIM on all outgoing emails. Ask your IT team or hosting provider to implement DKIM on your domain main server. This can greatly enhance your email delivery if you are using the correct email server.

g. Last but not least, It might be beyond your ability. However, I need to mention as this is extremely important. your email server IP address must not be blacklisted if you are, the emails you sent are likely returned or bounced. Here’s the free tool https://mxtoolbox.com/blacklists.aspx to check your email server IP address is blacklisted.

File or block-level backup?

Most will recommend a block-level backup. Theoretically, bl0ck-level backup is utilising less bandwidth and storage. Block-backup can only backup block that part of the file is modified, thus it is using less space. If you are using block-level backup and VSS is enabled to backup a Microsoft Windows Server, you can backup an open file. The file-level backup will fail in this situation. If you have a lot of small files, file-level will take a very long time to backup them. Block-level is especially suitable for this type of situation.

However, file-level is not useless. Actually, the backup allows you doing both. The file-level backup is flexible. You can choose the files and folders to backup. Especially, those don’t need to backup frequently, this can be a faster restoration option.

Either a block or file-level backup, backup is a must in case you need to roll back or restore.

Dedicated Server? The common mistakes

If you put a website on a dedicated server, mainly there are 2 reasons. Either the website has a lot of users or visitors that you require resources or physical security is your concern. But there are many dedicated servers out there. How do you choose a server for your website? Price? Specification? or Brand?

Today, we gonna share the common mistakes we have seen to help you to make a better choice.

  • We have seen servers used less than 10% resources in our datacentre. Always do homework, if a server is required? There are alternative like VPS, VM, EC2 computing etc. They perform like a server with less expensive are they suffice for your need? Yes, if they are. They can be a much cheaper option.
  • 2. The more the merrier? The bigger is better?  Actually, this might not be the case. You are paying for more or bigger resources, however, your application might not utilize them optimally.  Example, if you are given 32Gb of RAM, 10 users will consume about 14Gb. In other words, you need 16Gb the most but you are paying 32Gb. Unless the price difference is small, otherwise it might be a good idea to stick to 16GB, Another example, you are given a 4Tb storage. Compare to 10 years ago, 4Tb is huge. What does 4Tb mean to you? More storage? or more websites? More storage means you need more storage to backup. As far as I’m aware, most hosting companies charge the storage space used. Using more storage on a server, you might be paying on a higher backup storage bills. I can add more websites. Yes, you can. Provided your CPU and RAM can cope with. Simple mathematics, let say the same CPU can host 20 websites. For 20 websites you are using 32GB of RAM and 2Tb of storage. Now, with 4Tb I get more spaces to host 40 websites haha I can make more money. Eventually, you will get more complaints and all the websites are affected, and they are slower than before. It is good to have more spaces. The additional storage space gives you an allowance. You can either allocate more spaces to a website or use it for backup to roll back. The less important task can be useful sometimes.
  • Prepare to pay more. When you own a dedicated server. Most things are physical. Example, firewall, backup, RAM etc. These items cost more usually. Basically, this can be your hidden costs and not likely there is a cheaper option.
  • Load balancing & High availability – They are more complicated and expensive to implement. Like I have mentioned, they are physical appliances, you need physical works unlike the virtual machine takes maybe only a couple of days and the costs are significantly lower.

Is SPF important?

SPF is a DNS record to tell other email servers that emails from the designated email servers are permitted. If emails are not originated from the mentioned email servers in the SPF, they are likely impersonated, not genuine or spam emails. At the end of the SPF statement, you will see these syntaxes – ~ ?, the common one is ~ follows by a like this ~a meaning ‘softfail’ marked the email and higher spam score if the email has violated SPF preset in the sender DNS record.

SPF is used to fight spam emails if the emails were sent from an unauthorized mail server with a probably compromised email account. It is easy to explain or interpret to a technical person. However, it is not the case for a non-tech person. For the last 20 years, I have seen many have sent emails using other email servers. These senders have more than 1 email account set in their email client application. Unknowingly, these senders sent out emails using another email server which is not authorized and eventually, the email is marked as spam or bounced.

SPF is effective to fight spam emails. But on other hands, an email can be marked as spam email mistakenly. I have mixed feeling on this. SPF set by the email server admin is used to fight spam emails, however, it can be a double-edged sword in this case. So, it is unsafe to use ‘-a’ but ‘~a’ softfail at least the email will not return in the event if the sender has used the wrong email server to send his or hers’ emails.

 

Do you need a Dedicated server?

This is a very common question, your customer will ask if they need a dedicated server. As a web hosting provider, I will choose to stay neutral. But when do I need a dedicated server?

A dedicated server has more hidden cost compares to a VPS. What are the hidden costs/? A dedicated server price tag has not included the followings; Backup, the larger the storage, get more expensive. More expensive Windows server license if you have more core CPU on a server. More expensive control panel license on a dedicated server. Traffic charges may or may not depends on the service provider.

But you have no choice if you need a dedicated server. The above will give you an idea the cost is not only on the server. When do you need a dedicated server? These are my thoughts and told to my customers.

  • Do you need more IP addresses? Most web hosting provider can offer more IP addresses for the dedicated server.
  • Do you expect a lot of traffic? If you have a busy network. A dedicated network port works better.
  • A lot of processes and high CPU utilization.
  • Want secure and privacy. VM is still not 100% secure-proof.
  • Need big storage. Per gigabyte storage is cheaper.
  • Got the budget.
  • Possible to plug in an external device. Example Portable USB Hard Drive.

 

Why buy a VPS?

There are a few reasons why you should buy a VPS but not a shared Web Hosting.

  • if you want a full root shell access.
  • update a kernel fixes at your own timing (only possible with Kernel independent VPS like KVM)
  • hosts a few websites and full control with better management.
  • install the components or applications.
  • allocate unused resources.
  • restart services at your own preferences.
  • with a better budget.
  • better isolation.
  • dedicated IP address, it is optional in Shared Hosting.

 

Add permitted IP access

 

To avoid attacker to bypass your website firewall from Sucuri. You need to make sure the virtual host ( the protected domain name) accessed by the permitted server IP addresses.
To do this, you restrict the access of this protected domain. Today, we will give examples on the common web servers and web hosting control panel.
For Apache server has 2 versions;
 
Apache 2.4 Server
 
<FilesMatch “.*”>
Require ip 192.88.134.0/23
Require ip 185.93.228.0/22
Require ip 2a02:fe80::/29
Require ip 66.248.200.0/22
</FilesMatch>
 
Apache 2.2 Server
 
<FilesMatch “.*”>
Order deny,allow
Deny from all
Allow from 192.88.134.0/23
Allow from 185.93.228.0/22
Allow from 2a02:fe80::/29
Allow from 66.248.200.0/22
</FilesMatch>
 
Nginx Server
 
location / {
allow 192.88.134.0/23;
allow 185.93.228.0/22;
allow 2a02:fe80::/29;
allow 66.248.200.0/22;
deny all;
# Existing NGINX rules
}
It is easy with Plesk, just insert the apache code as shown.
This is for cPanel
 For IIs web server, you need to add IP and Domain restriction in Roles and features. After which you add the permitted IP addresses to the protected domain. As such, attackers cannot bypass your website firewall.

Squid Proxy with multiple outgoing IP

1. SSH to your Linux Cloud Server or SSD Cloud Server

yum -y install squid
chkconfig squid on

2. mv /etc/squid/squid.conf /etc/squid/squid.conf.original

3. vi /etc/squid/squid.conf

4. add this into the configuration file

http_port 3128

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_access  # change to lib64 for 64bit Centos
auth_param basic childred 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl ncsaauth proxy_auth REQUIRED
http_access allow ncsaauth
forwarded_for off
acl ip1 myip 192.168.0.1
tcp_outgoing_address 192.168.0.1 ip1
acl ip2 myip 192.168.0.2
tcp_outgoing_address 192.168.0.2 ip2
acl ip3 myip 192.168.0.3
tcp_outgoing_address 192.168.0.3 ip3
acl ip4 myip 192.168.0.4
tcp_outgoing_address 192.168.0.4 ip4
acl ip5 myip 192.168.0.5
tcp_outgoing_address 192.168.0.5 ip5
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

5. Save squid.conf

6. chkconfig squid on

7. Restart Squid with “service squid restart”