Server Hardware Tips

Much of the discussion about web hosting and servers centers around operating systems, software, and web applications. But one should not overlook hardware, which can make or break website performance. Here are a few hardware tips to make sure you get the most for your money.

1. When possible, opt for the quality, server-grade CPUs (i.e. 64-bit Intel Xeon dual or quad core)

2. The more RAM you have, the better. You can never go wrong by adding memory to your system.

3. Get large, fast hard drives, especially if you plan to run virtual private servers (VPS).

4. For large-scale sites, server redundancy is a good thing, if you can afford it.

5. Multi-core processors improve performance, but correlate the amount of processing power you get with your actual needs. In other words, there is no point in having a 64-core processor for a couple of blogs.

6. Find ways to save power, especially if you have to pay for it. Green servers will save you money and save the environment.

7. Remember that technology is constantly evolving. Plan on needing to upgrade in the future.

Photo Source: Flickr

Reconsider your hosting needs and save money

Do you really need 500 GB of space and a terabyte of bandwidth? What about that quad-core server you’ve been renting for the last twelve months? While web hosting needs often increase over time, they can decrease as well, often without you realizing it.

If you have a high-end web hosting plan or a large server, it might be worthwhile to double check and see if you are really using what you’re paying for. You might discover that while you needed a dual-core server a few months ago due to a high traffic event, things are back to normal and single core machine will suffice. Or maybe you overestimated your needs when you bought that $29.99 web hosting plan.

Either way, it’s a smart idea to double-check your hosting usage. You could save hundreds of dollars.

How to Change Your FTP Port

The default port for most FTP servers is 21, and that is how most system administrators will leave it. The majority of FTP clients are configured to use it, and some will not even ask you to change it unless you dig through the configuration. There are, however, a few situations where you might want to change the FTP port for your dedicated server or VPS.

If you do not have other users accessing your server and want to add a little security by making your FTP port something no one would guess, you can easily change the port in ProFTPD or Vsftpd.

To change the port in ProFTPD, edit the configuration file, /etc/proftpd.conf and change the following line:

Port 21

Replace “21″ with whatever port number you want.

To change the port in Vsftpd, edit /etc/vsftpd/vsftpd.conf and change the line:

listen_port=21

When you are finished, you should restart your FTP server to force the changes to take effect.

There are a few issues you should note. Before changing the port, make sure the port you want to use is available and not used by another service. Also, after you free up port 21, you should close it in your firewall settings and open whatever port you have opened to replace it.

How to Sync Two Websites on the Same Server

Question: I have two separate websites that I want to have identical data on each site. How can I do this?

Answer: First of all, to sync files on two separate sites on the same server, you will need to have a user that has write permissions on both sites. If you are using a shared hosting account, and both sites are under your account, you probably already have this. For a VPS that has a unique user for each site, you will need to use the root user.

Next, you need to know the full path to the directories for both sites. For example, site one may be /home/user/www/html/siteone.com/html and site two may be /home/user/www/html/sitetwo.com/html. To sync both directories and keep them synced even when data changes, the best choice is rsync. Although rsync is normally used for remote syncing, it also works for local directories.

To sync the two directories, you would use this command:

rsync -avc /home/user/www/html/siteone.com/html/ /home/user/www/html/sitetwo.com/html/

If you want the sync to be performed periodically and automatically, you can create a script and then drop it into one of the cron directories, such as cron.daily. You can also setup a manual cron job in /etc/crontab. From now on, both sites will show identical information.

What is PHP Safe Mode?

A “safe mode” in general is a term used to refer to software that has all but the most critical components disabled in order to increase stability. Often times when there is a stability or security issue, running in safe mode will allow the user to still access the system and fix any problems.

In PHP, safe mode is primarily a security option that prevents would-be attackers from using PHP scripts to execute operating system commands. Theoretically safe mode is supposed to be a method for increased web application security. It is intended to be run in shared hosting environments and is not needed on a VPS or dedicated server. In PHP 6, safe mode will be removed.

The downside of PHP Safe Mode is that certain scripts and web applications do not function properly with it enabled. Server administrators can disable it and take other security measures to harden their Web applications, and individual users can also work around it, although they should check with their web host first to make sure they do not compromise security.

Most web developers and website owners dislike safe mode because of the limitations it places on scripts. If you feel strongly about it, you should find out if a web host uses it before subscribing to their service.

Photo Source: Flickr

How to change the Postfix port number

By default, Postfix, Sendmail, and other SMTP mail servers rely on port 25 to send email. Normally, this is fine and works for most situations. Some Internet Service Providers, however, disagree. They see port 25 as a prime port for spammer exploitation, and many have started to block it.

If this is the case for you and you have root access on your VPS or dedicated server, you might consider changing your SMTP port to something you know you will be able to access. To change the port in Postfix, edit your /etc/postfix/master.cf file as root, commenting out the following line:

smtp innet n - n - - smtpd

Then, add the this line:

2900 inet n - n - - smtpd

Replace “2900″ with whatever port you prefer for your mail server. Next, restart Postfix:

service postfix restart

Finally, assuming you have a firewall installed, which any security-minded server administrator should, you will need to tell it to allow traffic through the new mail server port.

What is burstable RAM?

Burstable RAM is a term used in the VPS industry to describe extra RAM set aside for high-traffic needs. Providers will often advertise a given amount of RAM on a VPS (256 MB, for example), but say it is burstable up to 384 MB. This means you will always have 256 MB of RAM, but may be able to use a much as 384 MB.

The amount of burstable memory that can be used depends on the loads of the other VPS units sharing your parent server. If the other clients are using all available resources, little burstable RAM will be available. On the other hand, you may find you can use all or most of it if the other units are running far below capacity.

How to rename multiple files in Linux

The ability clusters of files is a handy skill to have when running a dedicated server or VPS, and in some cases, it is absolutely necessary. For example, if you ever need to migrate from one server to another or from one software/application system to another, you might need to change bulk amounts of files for the sake of compatibility.

Renaming one file is easy with the “mv” command:

mv filename newfilename

To rename multiple files, you need the “rename” command. Before the rename command, Unix system administrators had to rely on complex scripting to perform batch renames. Now, if you want to change all your .html files to .htm files, for example, it is as simple as a one line command string:

rename .htm .html *.htm

This will find all files that end in .htm (*.htm) and replace the .htm with .html. This works well for simple renaming schemes. For more complicated ones, you still need some scripting expertise.

Can a VPS hacker bring down an entire server?

Question: Can a VPS hacker bring down an entire server?

Answer: A virtual private server (VPS) works by sectioning off a full server or node (in the case of hardware virtualization) from the larger server or cluster. As such, the VPS functions like a fully independent server even though it is actually using the operating system of the larger entity. Therefore, the short answer is: no.

Even if a user or hacker manages to gain root access on a VPS, if it is configured correctly, that is as far as he can get. To him the fact that he is on a VPS will not even be technically apparent. There will be no way for him to even see the larger server or other virtual servers on the system. Therefore it is technically impossible for one VPS to affect the entire server or other virtual servers.

This reality makes VPS systems much more secure than traditional virtual hosting, where all users operating within the same server environment and operating system. Nevertheless, while the smaller entity cannot affect the larger one, the opposite can occur. If something is wrong with the main server, every VPS running on it will be affected. This is the downside to virtualization in general, but most would argue that the benefits still outweigh the risks.

Photo Source: Flickr

5 Security tips for virtual private servers

There are many security factors you should consider when deploying Linux-based virtual private servers (VPS) on systems such as OpenVZ. Some protect your users and some protect your server as a whole. Here are five steps you can take to make sure your server is secure:

1. Disable the root password on the real server. Users may decide to use root passwords on their VPS systems, but do not make it easy for attackers to get past them to the real system.

2. Create a user designed just for admin tasks and give it “sudo” rights.

3. Create an ssh user to handle any remote logins and an sftp user for uploads to the real server. Disable remote access for all other users.

4. Run OpenSSH on a port other than the default 22. You can use 2222 or something else.

5. Rely on SSH keys for the two secure users and disable clear password authentication.

Photo Source: Flickr