Introducing mod_fads

Apr 10, 2013 by

In the free hosting industry, people typically host based on one of these plans:

  • Freemium – basic plans are free, better plans cost money
  • Post to Host – users have to participate in forums to earn free hosting
  • Forced Ads – hosting is free, but the provider’s ads are inserted into web pages

For the forced-ads model, there are no good tools available at present.  mod_layout was commonly used, but it’s years out of date and may not even support Apache 2.  iAds was a popular product but only supports Apache 1.3.  There is also cPanel Forced Ads, but it’s a paid add-on and closed-source.

Hence my motivation to write mod_fads, a free GPL’d forced-ad module for Apache 2.

I released the first public version today.  You can read all about it at modfads.org.

startup_data_mf

read more

Related Posts

Tags

Share This

Free Web Hosting

Mar 25, 2013 by

I’ve been working furiously on my web hosting company – truly I have.  I think when I finally unveil it, people will understand why it took so long.  Sure, it’s cPanel shared and people can knock those out in an afternoon with ThemeForest but I did a custom web design, plus some other features I’m rolling in at the start.

But I’m also working on a somewhat different project.  Following a thread on LET, I decided to give a free web hosting company a shot.

This will be a much faster implementation.  I’m not going to custom-skin cPanel, setup tutorials, setup WHMCS, etc.  But there are a couple ideas I’ve had to make it a little different and I hope better than the usual free web hosting.

KuJoe of Server Dragon (who has excellent VPSes, I might add – happy to give a free testimonial here and at VPSadvice.com) wrote a great book on how to run a free web hosting company.  I’ve designed mine to be super lean and mean – trying to keep monthly costs as absolutely low as possible.

I’m not going to force ads, though that’s a popular strategy.  The reason is less about wanting to give customers a perfect experience and more about not ruining my Adsense account when some joker puts him something that violates Adsense TOS…and there are actually a surprising number of things that violate Adsense TOS.

No, I’m going to use Adsense on the forums, parked pages, error pages, etc. to start.  Then over time hopefully I’ll discover other monetization strategies.  I don’t need much per month to break even.

 

read more

Related Posts

Tags

Share This

NodePing Review

Mar 15, 2013 by

One of the key responsibilities in running a web host (or really, systems administration in general) is knowing when something goes wrong.  You want to find out before customers do.  As a customer, I’d much rather have a problem, check the status page, and find someone is working on it than be the first to open a ticket.

Two kinds of monitoring are needed:

  1. Internal – is MySQL up?  Are we running low on disk space?  Is some process chewing up all CPU?  Etc.
  2. External – is the server up?  You won’t get an alert from your internal monitor if the server is down.  Also, some services are better monitored from the outside, like HTTP.  If apache is up but I’ve borked the firewall rules, then what really matters is that visitors can’t see web pages.

For internal monitoring, I’m using Zabbix.  There are certainly others – Nagios is famous.  Munin, Cacti, Observium are more network/device reporting but can be made to report as well.

For external monitoring, I’ve been testing NodePing.  They have all the features that the “big guys” (like Pingdom) have, but at a much lower cost.  The interface is easy to use and alerts are easy to setup.  I think you could get external monitoring setup in about 15 minutes using their service, and that includes the time to register.

You could roll your own monitoring but having professionals do it is a nice backstop.  Also, NodePing is a third party, so while your monitoring system could be down, you have the additional protection of “another set of eyes”.  ”Yeah, but I have two Nagios monitoring boxes”.  What if someone messes up the config and you don’t notice?

I think third party external monitoring is really critical, so then it’s just a choice of different providers.  From what I’ve experienced so far, NodePing does a great job at a good price.

 

read more

Related Posts

Tags

Share This

Blocking WHMCS licensedebug

Mar 10, 2013 by

So I was recently reminded that if you call any WHMCS .php with this added:

?licensedebug&forceremote

you get back some info that frankly I’m not wild about giving out. For example:

Performing Remote Check: Array ( [licensekey] => MYLICENSEKEY [domain] => MYDOMAIN [ip] 
=> MYIP [dir] => /home/SOMEUSER/public_html ) 
Raw Remote Response: Active MY_WHMCS_RESELLER 2 Monthly Lease DATE_LEASED Monthly 
MYDOMAIN MY_IP /home/SOMEUSER/public_html SOME_HASH MY_WHCMS_VERSION
Remote Check Completed

Some of that is obvious public – domain name, IP address. I don’t think WHMCS version is, and why give it out? Also, the absolute path on the server (/home/SOMEUSER) is needlessly exposed, as is the name of the company I leased WHMCS through, etc.

Nothing really OMG but when in doubt, why needlessly expose?

I looked and apparently the licensedebug is in ioncube’d code:

# grep -R licensedebug *
#

So you can’t modify the php directly…which means an alternative is to create a mod_security rule that blocks that. In this case, here is what I put in:

# don't allow people to see whmcs sensitive configs
SecRule ARGS_GET_NAMES licensedebug phase:2,block,id:102

This results in

Not Acceptable
An appropriate representation of the requested resource /index.php could not be found on 
this server.

Update:

I’ve learned of a more elegant solution. Edit configuration.php and add this:

if(isset($_GET['licensedebug']))
 {
 unset($_GET['licensedebug']);
 exit('Contact support if you need to see this information');
 }
 if(isset($_GET['forceremote']))
 {
 unset($_GET['forceremote']);
 exit('Contact support if you need to see this information');
 }
 if(isset($_GET['revokelocal']))
 {
 unset($_GET['revokelocal']);
 exit('Contact support if you need to see this information');
 }
 ?>

Source: LowEndTalk

 

read more

Related Posts

Tags

Share This

What’s Needed?

Mar 6, 2013 by

I saw a thread on a forum in which someone asked “what’s necessary for a great hosting company”?

After some reflection my answer, or at least part of it, is: humility.

I’ve noticed that summer hosts (hosts that are started the beginning of summer break and vanish in months) and bad hosts invariably have braggard owners who barge into forum threads, swinging their egos, promising domination.  On the other hand, I can think of three or four really good hosts that are owned by guys who are pretty humble.  Not meek but they don’t boast or insult competition.  They just quietly keep serving traffic.

Hosting ultimately is a people business.  People businesses require some degree of humility to succeed.

 

read more

Related Posts

Tags

Share This