ewiget
Admin
Admin
| Posts: 171 |  |
Karma: 2
|
10 common mistakes customers can make - 2007/12/30 10:22
We want to give you the best web hosting experience. This is a list of common mistakes that customers can make. Following each common mistake, we have given suggestions on what to do instead.
10. Go with the cheapest hosting provider you can find, preferably a shared server that hosts hundreds of other sites, some of which are high-traffic porn sites.
We only host a select few web sites and know every one of our customers by name. We build relationships with our customers! We do not host any porn or illegal sites. By law, pornography is illegal in our jurisdiction and we don't tolerate anyone hosting anything illegal either!
9. Don't waste time with regular backups. Maybe the hosting provider will help you.
The types of backups we make will likely not be of any help to you in the event you delete the only copy of a file you have. We encourage our customers to make regular backups, depending on how often your content changes...this can be daily, weekly, monthly, or quarterly.
8. Don't waste time adjusting web site code or settings for increased security. Worry about those details only if there's a problem.
Most of our customers create and manage their own web sites. We can't review and control the code placed in every web page. It is up to the customer to make sure their code is not full of security holes. If you are not sure about this, we can assist you or even offer managed hosting accounts where we will design and manage the content for you.
7. Use the same username and password for your on-line bank account, cpanel administrator account, Amazon account, Yahoo account, etc. Hey, who has time to keep track of so many passwords? And anyway, since you don't change passwords, it's easier to just use the same one all the time, everywhere.
This is just asking for trouble and possibly even identity theft somewhere down the line. Create separate usernames and passwords for each and every online account you have. There are many password managers that are free that are able to help with this if you have a lot to remember. Don't keep them in a plain text file on your computer but encrypt them in some way if they must be on the computer.
6. Install your brand new beautiful web site, celebrate a job well done, and don't worry about it again. After all, if you don't make any changes, what can go wrong? (Hint: A lot)
It is up to you to maintain your web site, create backups, and do normal maintenance and housecleaning.
5. Do all upgrades on the live web site. Who needs a development and testing server anyway? If an upgrade fails, you'll just remove it again. That will hopefully also undo any damage the upgrade caused.
This is really aimed at those who are using dynamic database driven web sites or content management systems. All development of these types of web sites should be done on a separate development server, even if it is your own desktop computer. If you don't have a computer to use as a development server, we can set up a separate development account for you for a small additional fee.
4. Trust all third-party code, and install all the cool-looking stuff you can find. Anyone smart enough to write code will provide perfect code that blocks every known exploit attempt, now and forever. After all, almost all this stuff is provided for free by well-meaning, good-hearted people who know what they are doing.
We have seen clients use a 10 year old email based contact form, full of security holes, and then complain when their web site gets hacked or defaced. If you didn't write the code, don't trust it! If you don't know how to write the code to do what you need it to do, hire someone who does. We can provide assistance in most coding needs and we have over 50 years combined experience in developing web sites using html, css, xhtml, php, asp, javascript, etc.
3. Don't worry about updating to the latest version of xxxxxxxxx, where xxxxxxxx is some software you are using on your web site. Hey, nothing's gone wrong so far, and if it ain't broke don't fix it! Same plan for the third-party code. Too much work anyway.
Again, this falls back on the old code from #4 above. New bugs and exploits related to web pages and web page technology are found on a regular basis, almost daily. You need to be prepared to keep your code for your web site up to date and patches applied, especially if you are using a content management system or third party code.
2. When your site gets defaced, panic your way on over to our forums or help desk and start a new post with a very familiar title: "Help! My Site's Been Hacked!" Be sure not to leave relevant information, such as which obsolete versions of third party code are installed.
As we are finishing up 2007 and starting in 2008, we have noticed a trend the last few years.....practically every single support request is due to 3rd party code. In 10 years of web hosting, we have only had web sites defaced once...and that was due to obsolete code. We spend more time helping customers fix obsolete code than anything else.
1. Once your site's been defaced, you fix the defaced file and then assume all is well. Don't check raw logs, change your passwords, remove the entire directory and rebuild from clean backups, or take any other overly paranoid-seeming actions. When the attackers return the next day, scream loudly that you've been "hacked again," and it's all our fault. Ignore the fact that removing a defaced file is not even step one in the difficult process of fully recovering a defaced site. And to top it all off, on shared hosting servers, other customers can be affected by obsolete code or your web site defacement.
We know if this ever happens to you, that you will be too embarrassed to let us know that it happened. But, we need to know ASAP so we can quickly determine if there are any additional problems with the server.
We have a pretty good track record for security, but it helps a lot when you can do the things on your end that needs to be done. The primary thing is to not create a web site and forget about it. It needs regular maintenance just like a car. If you perform the regular maintenance, your web site will last a long, long time and be trouble free. When you don't do the maintenance, your web site is going to fail....when is just a matter of time.
On a broadband internet connection, most customers should be able to create and download a full backup of their web sites in less than 1 hour. You don't even have to baby sit the download, just start it and let it run while you do other things. Start a backup every night before you go to bed or every morning before you go to work. Make it routine!
Ed Wiget
Technical Support
http://www.xtremewebhosts.com |
