Avoid “Hotlink Protection” feature in cPanel 11.25, 11.26

In cPanel 11.25 and 11.26 (not tested earlier versions) when you add “Hotlink Protection” in cPanel it will add the appropriate mod_rewrite code to all domains, subdomains, add-on domains. It looks similar to this:

Code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://test-cpanel.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://test-cpanel.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.test-cpanel.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.test-cpanel.com$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]

It actually checks for the line “RewriteEngine on” and does not add it a second time into the .htaccess which is smart… The problem comes when you remove hotlink protection.

cPanel goes through all domains, subdomains, add-on domains once again this time and removes the code but it removes all instances of “RewriteEngine On” in every .htaccess. The problem that comes with this is that if you’re running something such as WordPress, vBulletin, IPB, or any other script that uses mod_rewrite, as most do, suddenly all of your rewrite rules no longer work. Continue reading

Share

Sales Ticket with an [Interesting Character]

At MDDHosting today we received an order which our sales department reviewed and determined was likely fraud and marked the order as such.  We shortly there after received an email from the individual who will hence forth be known as “Interesting Character” to protect their identity.  While they may not actually be a fraudster – their order details and actions all indicated that they most likely were.

The individual signed up using a first name and last initial only, their mailing address was a mail forwarding address, and many other red flags were sent up when this individual attempted to order services.

Here is a complete view of the email conversation with all personally identifying information redacted and by all means read it over and let me know what you think in the comments.

Interesting Character
Potential Client
03/31/2010 20:39
hello,
it seems like there is an issue with my order. can you please review it and approve it?
thank you
[Interesting Character]

Continue reading

Share

Starting and Running a Web Hosting Business – Part One

SLDALThere are many qualities that are required in an individual for them to start and grow their own successful web hosting company on their own from the start.  Many people see web hosting as something that is simple to provide and requires little to no work which couldn’t be further from the truth.  There are many aspects of web hosting that the average first-time web host will not plan for or even think about such as their web site which can be simple but is very important if you are to function as an online business.  Other aspects of running a web hosting business range from obtaining the correct licensing as required by local laws to having a basic understanding of business management and accounting.  While most are not a jack of all trades, they can often get by based upon what they know and have people they can ask for help if they need it.

The most important quality required in a person starting their own web hosting provider is resourcefulness – when you are new to hosting there are certainly going to be roadblocks that you come across and questions that you do not know the answers to.  Being resourceful means that even if you don’t know the answer immediately you know where to look to find the answer.  The vast majority of support issues that clients raise could be answered simply by visiting Google.com and typing in the question or a description of the issue.  Unless you are an expert on everything (keep dreaming) then you either need to be resourceful or you will very quickly find yourself being asked questions you cannot answer which leads to very unhappy customers and bad reviews. Continue reading

Share

Another Day, Another DoS

Disruption of Service (Graph)

Let’s face it – the world tends to be a very hostile environment and the internet is not much different.  From viruses and trojans to distruption of service attacks – it happens all day every day and it is only a matter of time before it affects you.  I have personally dealt with two DoS attacks in the last two weeks and both for very different reasons although the end result is about the same.

Last week the DDoS, or distributed disruption of service, attack was motivated entirely by financial gain for the attacker.  The attacker had previously attacked another hosting company called A Small Orange and had attempted to extort $7,000 from the company to stop the attack.  ASO did not bow to the demands of the attacker and simply worked to filter out the attack and return service to their customers.  While some of ASO’s customers were not satisfied, many times when a provider is put in this situation there is not much that can be done.

The attacker moved on from ASO to my company and sent a message to our sales department informing us that we were next.  The attack began about an hour later and peaked at about 4.5GBPS which is enough to  bring down most small data centers in their entirety however our data center SoftLayer Dallas was able to filter out the attack within 10 minutes to restore full service.  The attacker subsequently moved on to their next target which was VectorLevel who was hosted with Colo4Dallas at the time.  The attack at VectorLevel brought Colo4Dallas to it’s knees until the attack was null-routed at C4D’s upstream provider.  At the time of this writing Colo4Dallas’ web site was unreachable and as such I am not directly linking to it. Continue reading

Share

LiteSpeed4.0 vs Apache2.2 In My Eyes

LSvsAPI will start this post by saying that I have used Apache for more than 2 years in production environments and I am quite experienced at optimizing Apache to accomplish the goal at hand should it be handling thousands of connections simultaneously to serving dynamic web sites quickly and efficiently while minimizing the memory footprint.

I have in the past fought tooth-and-nail for Apache’s ability to match LiteSpeed Web Server’s speed when serving web sites.  Apache can be configured to be nearly as fast if not just as fast as LiteSpeed but the problem is that Apache requires in my own personal testing nearly two times as much memory and FastCGI to come close to LiteSpeed comes out of the box.  LiteSpeed claims to serve static content up to 9 times faster than Apache and PHP up to 50% faster.  While I won’t go into depth as to which one can do what faster, I will go into why I chose to move my company from Apache to LiteSpeed and what benefits we have seen.  If you want to see benchmarks that compare LiteSpeed and Apache I recommend you search Google. Continue reading

Share