Category Archives:
Tutorial & Guides

Forum sites are popularly deployed by various webmasters. It's great website solution for both internal and public discussion. Especially when you're running a live support or shopping cart service, forum is good place to connect all your clients. However, what kind of web hosting plan is best for forum site? Is shared hosting good enough to support a forum application? This article provides in depth review and guidance of hosting your forum under shared server.

If we search forum hosting suggestion on google or webmater community sites, VPS and up server plans are mostly recommended because high server resource consumption is always mentioned by professionals. However, they're definitely focus on those high traffic forum but not smalll to medium size websites. Actually, shared hosting is perfect choice as long as we host in the right way. Here're few tips to host forum site on shared server properly.

Evaluate your forum usage

The most important thing before you build the site. Unlike any other website script, forum site is mainly about frequent interaction among users. Thus it's very important to know about your forum purpose. For example, if your forum is protected and only restricted for internal users, mostly you don't have to worry about any problem because you will know how much will be used exactly. But if your site is open to everyone with frequent updates, you might test it first and learn from your competitors' site directly and check how they're doing. There're lots of popular tools to evaluate website performance and overall traffic like pingdom, alexa etc. Compare with multiple services then you can get a rough idea how much server resource you will need.

Select the right forum software

Choosing the right forum script means half success. Different forum scripts work the best under different server environment. Depends your requirements of the site, most of the time commercial products are much better than free ones. For example the vBulletin solution is recognized the best php forum script but you have to pay for it. On the other side, the vbulletin clone script phpbb is not acceptable for business solutions. Although it's designed for the same layouts/functions as vbulletin, there're lots of well known problems such as spam attack, sql injection etc.

Based lots of editorial experience and user feedbacks, SMF(simple machines forum) is the best open sourced forum script. No matter if you need to create a forum site for internal company staff or public communication, it's recognized safe and efficient. The most important point is this software is well supported by a large community which is very similar to commercial script.

If you're looking for some reputable forum solutions, you can check out this forum hosting list for some leading choice and select the right one based your needs.

Use the right hosting provider

The right hosting provider means fully compatible with different forum scripts and come with professional support. It provides high performance hosting servers and lots of resources to support your forum side by side. Based all forum requirements, we don't recommend those super cheap budget hosting plans that's only suitable for small personal website purpose. Instead, a decent forum hosting plan is not so cheap and provided on business level. On this point, we can filter a lot of hosting providers and only those business level shared hosting plan left.

For safe and high performance forum site web hosting, we highly recommend to check out Arvixe, InMotionHosting and WebhostingHub. Their hosting plans are not the cheapest but definitely not expensive comparing to VPS server. Why they're right choice for forum scripts? Simple because they can provde more server resources comparing to most hosting providers. No matter for server configuration and network setup, they're absolutely leading from the industry. Just few bucks per month we can get vps level support.

Monitor website performance regularly

There're lots of uncertain factors about forum, because you might get burst growth in short periods or you might attract lots of attacks. It's quite essential to monitor the forum performance and do traffic analyzing regularly. In this way we will understand how things going so as to apply needful changes. There're several tools we can make use of like google webmaster tools, AWstats and hosting control panel error log reports. Properly using these tools will help us operate a healthy site.

As we see, we don't have to use a VPS server if we know our needs and operate the forum site properly. A decent shared hosting plan is good enough for most forum, we just need to use it in right way.

Blog is the most popular website type on internet. Almost every web developer or enterprise operates one or more blogs for company events update or personal experience sharing purpose. Because of its simple structure and easy setup, most people start their first website via blog system. Till present, over half websites are buit on blog platforms and lots of people live by blogging. Blog sites are powering a huge business today so it's crucial to apply proper security rules to it. Here're few tips and suggestions our readers can follow to secure their blog sites.

Choose the right blog platform

Choosing the right platform is half success of your blog site. There're too many options to work with thus we can easily run into bad choice. A good blog software should be simple and user friendly with good support. We highly suggest wordpress which is used by most blog professionals. The wordpress core platform is very small and easy to work with and users can fully customize it by themes/plugins with actual needs. No matter if you're web developer or novice, wordpress won't disappoint you for great and successful blog creation.

At the meanwhile, it doesn't mean you have to choose by yourself. It completely depends your needs in order to choose the perfect platform. For example if you just want to write blog posts and communicate with other bloggers, there're lots of free and great platforms to register like blogspot.com and wordpress.com etc.. You don't have to maintain the site by yourself and everything is pre-configured to use. So it's crucial to evaluate your requirements.

Configure proper user rights

Many blog sites are managed by multiple users especially for those article submission sites. It may involve administrator, moderator, writers and more roles. You should pay attention to user rights carefully and make sure they got proper permissions to complete their tasks but do not make dangerous changes to the site.

Keep updated with software vendor

Software vendors always provides various updates and fixes from official announcement. It's highly recommended to sign up their newsletter and get latest update. We can also get involved to their community forums and discuss our concerns/problems. In this way, we can always keep our blog system via newest updates and security tactics from professional suggestions.

Backup important data

Most blog system data is stored in database. No matter if we operate a small or big blog site, we should set up a backup cron on server so we can always retrieve data in case something goes wrong. Especially when we host with a less support server service, professional user end management is pretty important to ensure everything is under control.

Use the right blog hosting service

Using right web hosting service is always the most important part when we plan to promote a successful blog site. A decent blog hosting deeply optimized their servers to work with the script and provides 24*7 live support to meet our urgent contact needs. Either from server setup and network layouts, they have fully optimized on each side to deal with all kinds of website service. For support, they have a good team of professionals in various scripts. Based their resourceful manpower and ideas, they provide helpful FAQ & tutorials in using/securing our sites in multiple methods.

For fast and secure blog hosting service, we highly recommend arvixe and webhostinghub who can provide affordable and powerful hosting plans. Especially for arvixe hosting, they have both linux and windows server plans to choose with great server features.

Secure your blog site should be simple if you go in right way. We highly suggest follow above tips with needful configuration on your blog.

DNN is the most powerful asp.net CMS software that's loved by millions of users and communities. The DNN local communities exist in most countries with different languages support. There're many people living by dnn development on modules and skins. It's also very good learning platform for .net programmers. Because of it's leadership in asp.net, it's crucial to understand some security tactics in using this software. We have been worked with DNN since 3.2 and supported lots of dnn clients on live hosting service. Following DNN security tips are generated from our daily experience and professional suggestions in DNN community.

Secure installation

Security is started before your initial dnn installation. As suggested by this article, DNN keeps user password via encrypted format and we can improve it using hash. But we must edit configuration file before installation. Also, unless you have a blade fast hosting server, we highly suggest install locally first then move to hosting space. From our experience, dnn installation wizard can fail easily. In case you get unsuccessful installation, the wizard can be restarted when people browse to your domain.

Admin/Host credentials

By default, DNN provides two user accounts admin/host. Actually we can change the two user id to anything else and apply enhanced password policies. DNN can be auto installed by various installers nowadays but we highly recommend to install manually so you can understand the entire process and secure the installation as much as possible.

Use Captcha

Captcha is great feature to reduce spam registration and submission on your DNN site. Captcha is a built in feature and it can be enabled via admin user login. In case you run into problems to enable this feature, this article should help fix it. There're also multiple official articles on how to customize the captcha image, just make a bit research and you'll be surprised how fantastic it is.

Set proper file permission

DNN is programmed on asp.net platform that highly rely on "networkservice" this user account to work with. We must grant "RWXD" permissions to this user to ensure everything can work fine. However, we should restrict other user accounts permission correctly or else it will bring big security issue. We highly recommend to follow this official tutorial to configure the right file permissions.

Do not use sql express

SQL express is the free edition of sql server service. We don't recommend use it for your live website. Not just for performance but also refers to daily maintenance. Since both website files and database are located on the same server, any misconfiguration might bring big security issues. For enterprise website purpose, full version sql server is a must because it's configured on dedicated sql server environment. As we know, the less service on server, the more secure it is.

Use reliable module/skin resource

Because lots of developers live by module/skin development, there're many dnn resources we can get. However, we must find a reliable provider because each developer has different programming skills. The script design decides its overall secure level directly so we must pay good attention to it. DNN now provides official store for commercial skins/modules. All of their products are verified by DNN official team for guaranteed performance and security. If you need commercial solutions, their official store should be primary consideration.

Check DNN Logs

You don't have to login hosting server for website logs. DNN has built in log system to record all server end and onsite activities. You can view how your website be accessed and which user logged in at what time. Check those logs often and find if there's anything inormal so you can apply necessary changes in time.

Use a reliable DNN hosting

Probably the most important part. Hosting server is the destination of all your datas so it's quite important to get a right provider in the beginning. No matter how much time it may take, we don't need to quarrel with customer support at a bad hosting service. The best dnn hosting service must be setup on latest windows server system and up to date hardware production. Network must be safe and clean with good protection over common attacks.

If you have extremely high requirements to performance and security, powerdnn might be the right place because their team members are actually dnn developers and work for DNN official! if you need budget choice, you might check out winhost who's dedicated in windows hosting service.

Drupal is recognized one of the most scalable and secure web development platform. There're milliions of global users and developers rely on it for various website purpose. The drupal core is already a well developped and safe system. Security issues are mainly from user end during operation process. Based user experience and professional suggestions, we carry out the following 6 tips in securing a drupal website.

Keep updated and backup regularly

The simple but crucial requirement. The drupal project is pretty active and provides frequent updates. Just follow this official guidance to update your drupal core to latest release. Since all drupal site date is stored in mysql database, so pay extreme attention to it.

Backup is also a MUST. As drupal official suggested, we should generate a backup before any update/upgrade in case anything goes wrong. Especially when you operate a business site that includes a lot of sensitive data, you should back up more frequently, probably schedule a daily solution.

Use a safe theme

Drupal is safe, but not all drupal themes are! There're tons of official and non-official drupal themes for different website requirements. We must use a trustable theme resource. A high quality drupal theme is not just able to beautify the website layouts but also come with professional and safe code design. Everything is tested and optimized before final release to make sure end users can use it safely. Those cracked or less trustable themes should be avoided for any reason.

Proper file permission

This refers to hosting account configuration in control panel. Make sure to set the correct file permission by following this official guidance. You can also configure to following recommended settings directly

/default on 755
/default/files including all subfolders and files on 755
/default/themes including all subfolders and files on 755
/default/modules including all subfolders and files on 755
/default/settings.php and /default/default.settings.php on 644

Incorrect permission settings will bring bit potential issues because hackers are very diligent in finding our website bugs.

Strong password

Strong password is always suggested for all drupal sites. Not just for website password but for its backend mysql database and ftp password too. We should also pay attention to different website user accounts and make sure they get correct rights.

Sign up a protection service

Regulary scanning of our drupal sites can greatly reduce hacking opportunites. A trustable third party service can simplify the process by automatic schedules. From lots of drupal professionals experience, mollom is highly suggested by them. Especially for drupal sites that come with frequent interaction between the readers and authors, the mollom solution provides side by side protection such as the following

• Blocks spammy comments on any node, articles, pages, forum topics etc.
• Blocks contact form Spam.
• Protects the original user registration/subscription from fake user accounts.
• Protects user’s password request form

Use a reputable drupal hosting

A safe and drupal compatible hosting service is a must to power a successful site. Unlike many other open source cms softwares, drupal works a little different and requires extra server support to get everything working properly. Leading drupal hosting plans always provide newest server and customer support. They have great FAQ and video tutorials in using the software professionally

Cloud server hosting provides the best scalability and availability comparing to any existing solution. However, security is always the biggest concern and there's no guaranteed and high efficient security rules from the industry. Thus it's always a hot topic for cloud security. We have collected following 6 tips that're mentioned and highly recommended by most professionals. Action now and secure your cloud server.

Use a reputable service provider

The most important point which you should pay most attention to. A quality service provider can save our half efforts in securing the cloud environment. A reputable cloud hosting provider is always the leader of this technology and actually has contribute a lot to the industry development. Such companies like rackspace is actually define the service standards that're followed by many other providers. Because of their leadership, they can apply necessary changes at the earliest time.

Use reliable server system

We must install a reliable server system to ensure its performance and security. Those outdated server OS should be avoided by everyone. Because of the fast tech development, we have a variety of OS choice. But we definitely need the best one for production server purpose. Some OS is only best for personal computer but not for server system. If we would like to receive the best server configuration, we might need commercial products like cloudlinux or redhat etc. Because we receive dedicated support and guidance in using the service.

Install only must required softwares

In cloud envrionment, everything can be provided with our real needs and many services are provided as SaaS so we can use directly. But we must understand the less service we add to server, the less volunability we receive. We can not treat it like our personal computer which doesn't have to be 24/7 online. We only need to configure the needed service and keep the system as clean as possible.

Based all the configured services, we should close all unnecessary server ports to reduce potential risks. Many attacks are started by scanning server ports so it's crucial to close unused ports.

Keep firewall open and up to date

Configure a reliable firewall service and ensure it's always on and up to date. No matter how we have optimized the server, an effective firewall service is a must as frontline safe guard. Many attack and unauthorized access can be blocked directly via proper firewall configuration.

Log everything and check regularly

Log should always be saved. All software service and system logs should be saved in safe place. Because we can never tell what might go wrong, log analysis will tell us directly in case problem occurs. Especially when there's security issues, we have to check logs and find the weakness quickly. Please remember to view those logs every few periods no matter if there's any issue or not. It's just good habit to follow our plans strictly.

Use private cloud instead public

Cloud hosting provides both choice – Public cloud and private cloud. Public cloud is the same logic of shared server where everything is stored on the same drive. Private cloud is separated from the environment like vps server but definitely more powerful than it. Via private cloud environment you can setup your own LAN and firewall just like a small data center where you have full control for everything. For those who run a group business with high security requirements, private cloud is top recommended.

Cloud server security is always on the way. Besides all above 6 tactics, you should always keep an eye of the industry and make necessary improvements accordingly.

This shopping cart protection guidance focus on the most important points in securing a cart website. Some tips are actually remindings for our regular operation that we may easily ignore. All below guidance/tips are generated through our several years experience in supporting various store websites. The sole purpose is to help construct a secure cart site so you can trust in long term. If you're running or plan to open a shopping cart, it's highly suggested follow these tips.

Use right cart software

Software platform decides the overall store security directly. Different cart softwares provides different support level and support resources. We must choose the right one based our cart site requirements. If we don't program the shopping cart scripts by our own, following should be considered in selecting available solutions

• Customer experience. See how existing users say about the software so you can get brief understanding of the software performance.
• Ease of use. This will simplify the process in using and securing your store site.
• Update frequency. The more frequent updates the more we should consider because it implies the official team is very active on the software project so better security/performance is expected.
• Support resources. If there's no much support people or online resources about the software, we should avoid. Because if there's any problem in using the script we have no fix by ourselves.

Also, please pay attention to the software features. Some scripts are perfect for big site but not suitable for small cart. We must determine the proper one based real needs.

Use right payment gateway

The same rules in selecting cart software. Since payment gateway is core function on ecommerce website, a reliable and secure service should be considered for all sites. Basically, those crappy solutions should be avoided no matter how good it says. Instead, those leading service providers should be used such as 2checkout, authorizenet etc. If you don't have busy online transaction, paypal is also good choice for it's simplity.

SSL is a MUST

No matter what kind of product/service you sell on website, SSL is a must. No matter if you purchase your own certificate or use your hosting server shared service, you must configure it or else everything on your website is in plain text and hackers can easily get your store privacy.

Also please pay attention to SSL secure level, 128 bit products are approved insecure from industry announcement. For business store sites, we need to install at least 256 bit certificate for guaranteed protection. Because all kinds of ssl services are still provided on the market, we must pay attention to this.

Protect admin area

Store admin area should be protected by all tactics you can think of because it's direct access to all your website properties. Technically, following tactics are highly suggested.

• Set strong user/password. The first place we should look at, we should replace the default user "admin" to others and configure complex password for it.
• Password protect. Admin area can be password protected easily via hosting control panel. It simply adds another secure layer to the store.
• IP restriction. You can configure IP whitelist/blacklist to access the admin side. Many softwares have this function built in.

Use right hosting service

The right shopping cart hosting is the best security guard of your store site. Hosting security refers to both server and network configuration. A secure hosting server must be setup by up to date hardware and softwares and fully optimized for business requirement. Anti virus and ddos equipments must be setup on both hardware/software level. The most important is the network and IP blocks must be spam free. It's essential point because we can avoid lots of potential security risks.

Besides all above, the hosting service must be easy to use. We don't have to research a lot for the service itself. If our softwares are php mysql programmed, a standard cpanel hosting service is suggested. If it's sql server technologies, websitepanel and plesk are good solutions.