Benefits of a Virtual Private Server (VPS)

As we have mentioned in previous posts, a virtual private server (VPS) is an isolated instance of a larger operating system running in an enclosed environment. In Linux it is normally in a chrooted environment, where the root directory / is not available to the server user, but that user has its own virtual root directory. In essences it looks and feels to the end user like he has his own dedicated server.

There are several benefits to this setup,namely:

1. On the server side, it is a benefit to the web host because the user does not have true access to the server’s most critical files.
2. The host can support multiple VPS instances on a single machine, saving hardware costs
3. For both the user and web host it adds a higher level of security.
4. The user is provided with a managed server (even if the VPS itself is unmanaged) and does not have to worry about larger security concerns.
5. The cost is usually lower for the user since the host can offer dedicated server functionality while only giving the user the amount of space, CPU power, and RAM that she actually needs.

Photo: Flickr

Is a VPS the way to go for a $200 budget?

A web hosting forum user asks this question:

I’m looking for changing to a new Linux VPS Hosting company. My website is running oscommerce shopping cart now is like 3.5G with Mysql and I get 4000 visits per day. What i concern the most is their service then goes to the performance. I need my web up all the time even it is down. The hosting needs to repair the problem in fast reaction and really look into what cause the problem.

My budget is $200 per month, I know for that price I can get a dedicated server but my problem is I don’t know about tuning the Linux plus I have experience using the dedicated server that if the hardware goes wrong and I will need to spend lot of time to find out what is the problem….

Do you think using VPS is right way for me to go?

This person is in a unique situation because he is out of the budget range where most people would consider a VPS, but at the lower end of the dedicated server market. Here’s my take on what he should do.
Read More >>

Virtuozzo VPS

You may be aware that a VPS is simply a virtual dedicated server with a set amount of RAM and CPU power allocated to it, but how exactly is a VPS “built” ?

As the name implies, virtual private servers don’t exist in physical form. You can’t go to a hardware vendor and buy a VPS. But what you can do is use virtualization software like the popular Virtuozzo to split a dedicated server into smaller pieces.

A provider might, for example, have a server with 4 GB of RAM and a 2 GHz CPU. The owner could rent it as-is, or use Virtuozzo to split it up into any number of configurations. The resources could be evenly allocated between two users or sixteen. Either way, Virtuozzo will segment the server into different parts and each will operate as if it were its own dedicated server, complete with the ability to install and OS and reboot without disrupting the other virtual servers.

Photo | Flickr

SSH security tips part 3: Root logins and empty passwords

Only one user should have the root password to a server, but since virtual private servers (VPS) can exist within a server, those users also have root passwords. Generally speaking, it is a bad practice to login to the server directly as root (administrator). Although SSH connections are encrypted, it is still a dangerous practice from a security perspective. Even administrative users should have lesser accounts that do not have superuser permissions.

To disable root login, edit your sshd_config file and add the following line (if it is not already present):

PermitRootLogin no

If you or another user with root access needs to become root, they can rely on “su” or “sudo” once they have logged in as a regular user with basic permissions.

The next important thing to secure is passwords, and a big no-no is using an empty password. In some circumstances, you cannot control what passwords (or lack thereof) other users choose, but with SSH, you can prevent users from choosing blank passwords. Enter the following line in sshd_config:

PermitEmptyPasswords no

Photo: Flickr

Managed VPS

Virtual private servers (VPS) can be either managed or unmanaged. The former variety includes assistance running the server, while the latter expects the customer to be experienced in server administration.

Managed VPS units are by the far the most popular. Although they tend to be around 20% more expensive then their unmanaged counterparts, most customers do not know enough about computers to maintain an unmanaged server.

Typically, services included with a managed VPS are software installation and configuration, set-up, and help creating DNS servers. Nearly all VPS hosts expect you to know how to install any necessary scripts or CMS’s, however.

If your site is becoming too big for a shared host but isn’t quite ready for a dedicated server, a managed VPS is a good way to go. Prices vary from provider to provider, but one can be had for as little as £25 per month.

Photo | Flickr

How to defend a virtual private server from hackers

Email forms are a common way for hackers to send spam. If you use email forms such as Matt’s script (often known as FormMail) or other similar mail scripts, your server could be vulnerable to attacks. If you have clients or simply other users creating sites on your server, you might not even know if you have these scripts. To find out, you can run this simple command:

find / -name “[Ff]orm[mM]ai*”

To check for CGIemail scripts, try this command:

find / -name “[Cc]giemai*”

Finally, to disable the sending of emails from the forms, enter:

chmod a-rwx /path/to/filename

This last command will completely lock user permissions to the script, so if you have a customer or user of a VPS who utilizes one of these form scripts, be sure to contact them and give them ample warning before proceeding. You should offer them a safe and secure alternative, leaving your customers happy and your server secure.

Photo: Flickr

Does my server need a high-speed hard drive?

Dedicated servers generally come standard with a 7200 RPM hard drive, but many providers offer faster 10,000 RPM or even 15,000 RPM hard disks for an additional fee. Are these high-speed drives worth the money?

In most cases, no. While faster hard drives do translate to faster read and write times, they will not result in drastically faster performance. This is because the server’s Internet connection acts as a bottleneck.

It’s great if a server can access a file in a few milliseconds, but if it takes 5 seconds to send it across the web, the end user won’t notice the difference. In order to see benefits from a high-speed drive, a very fast uplink connection is needed. A 7200 RPM is fine for most applications.

Time for a VPS?

A web hosting forum user asked the following question today:

At the moment I have a reseller account and I am looking to upgrade my hosting to a VPS server. I assume this is my next step

The reason for the upgrade is that I have a permission based email script that is getting a low delivery rate.What do you think my next step shoul [sic] be and who do you recommend I go with? I am budgeting for $50 or less per month.

This is a classic example of someone who has outgrown shared hosting, but can’t justify the expense of a fully-fledged dedicated server. The individual in question is right-on in guessing that he needs a VPS.
Read More >>

What is a fair setup fee?

Many hosts, especially VPS and dedicated server providers, charge new customers a setup fee. The charge is often waived for users who prepay for several months of service, but for those who don’t wish to go this route, what is a fair setup fee?

For a shared web host, I would say no more than £10. It takes very little effort for this type of host to activate an account. On the other hand, VPS’s and dedicated servers often take a good deal of work to set up and customize for a server, so setup fees as high as £100 aren’t uncommon.

It is becoming less and less common for setup fees to be charged, however. Competition between hosts is ever-increasing, and a hefty activation fee is a huge turn-away for customers. Try to find a host that doesn’t push this sort of charge on their users.

Lesson learned: pay your host on time

Paying for any service in a timely manner is always a good idea, but as a VPS user on a web hosting forum discovered, not paying your host could mean losing your data.

In this particular case, the individual was 40 days late on his VPS payment. The host terminated the account, but the person had not been making backups and lost all of his site data. The provider was willing to reactivate the account and restore the files, but only if the customer signed up again at a price $30/month higher than before.

It is never a good idea to pay your hosting fee late, and an even worse idea to trust your host to make backups for you.