SitePoint Sponsor

User Tag List

Results 1 to 21 of 21

Hybrid View

  1. #1
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)

    I'm NEW!!!! Give Me A Break! Hear My Voice!

    Hi,

    Being new or inexperienced with hosting can be really hard. It is especially true when seasoned hosting experts are answering or posing questions. As such, we would like those of you that are new to hosting or this forum to let us know anything that you would like to see, topics that you feel need to be covered or discussed, difficulties you may experience using this forum or any other specific hosting complaint or issue you face here.

    Post your suggestions, comments, etc. in this thread. Team Leaders, Advisors, and Mentors will be checking this daily and make sure we are thinking about any suggestions, questions or frustrations that our new-to-hosting members are experiencing.

    Warm regards,
    Steve
    Last edited by ServerStorm; Jan 22, 2013 at 15:41.
    ictus==""

  2. #2
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,223
    Mentioned
    153 Post(s)
    Tagged
    0 Thread(s)
    I'll start

    I was out of the hosting business for for many years, and lately it seems to want to drag me back in... so I'd like to see advice on how to harden your servers and to make it so it can be discussed in various lengths, I'd like to look at software and hardware solutions both on Windows and Linux.

    I know that tools exist, but in many cases, when you search for specific tool sets you will occasionally find someone who used it well and correctly, and another who may have used it in an abusive manner (meaning, it got the job done but could have affected good users too). Its been way too long since I've had to focus on that side of networking (I've spent way more focus on hardening web applications at the programming level).

    Maybe we can even break these down further to make short more precise discussions:

    Sample of this broken down further:
    1. Linux
      1. iptables and tcpwrappers, what are they, how do you use them?
      2. skip ftp, use scp/ssh with public/private keys
      3. disable root? (this may be controversial)
      4. vpn
      5. SELinux, what is it and how can it help you?
      6. Password Management (force changing of passwords, restrict previous passwords, and lock accounts out after bad attempts)
      7. Discover listening network ports and plug them
      8. logging and auditing; how to monitor logs, rotate them, etc
    2. Windows (I'm not all that familiar with Windows, so hopefully others have ideas)
      1. Configuring a Security Policy
      2. Blocking Unnecessary Ports and Services
      3. Configuring the Firewall
      4. Auditing
      5. Password Management (force changing of passwords, restrict previous passwords, and lock accounts out after bad attempts)
      6. VPN

  3. #3
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by cpradio View Post
    I'll start

    I was out of the hosting business for for many years, and lately it seems to want to drag me back in... so I'd like to see advice on how to harden your servers and to make it so it can be discussed in various lengths, I'd like to look at software and hardware solutions both on Windows and Linux.

    I know that tools exist, but in many cases, when you search for specific tool sets you will occasionally find someone who used it well and correctly, and another who may have used it in an abusive manner (meaning, it got the job done but could have affected good users too). Its been way too long since I've had to focus on that side of networking (I've spent way more focus on hardening web applications at the programming level).

    Maybe we can even break these down further to make short more precise discussions:

    Sample of this broken down further:
    1. Linux
      1. iptables and tcpwrappers, what are they, how do you use them?
      2. skip ftp, use scp/ssh with public/private keys
      3. disable root? (this may be controversial)
      4. vpn
      5. SELinux, what is it and how can it help you?
      6. Password Management (force changing of passwords, restrict previous passwords, and lock accounts out after bad attempts)
      7. Discover listening network ports and plug them
      8. logging and auditing; how to monitor logs, rotate them, etc

    2. Windows (I'm not all that familiar with Windows, so hopefully others have ideas)
      1. Configuring a Security Policy
      2. Blocking Unnecessary Ports and Services
      3. Configuring the Firewall
      4. Auditing
      5. Password Management (force changing of passwords, restrict previous passwords, and lock accounts out after bad attempts)
      6. VPN
    Thanks for the great ideas. This will help us in our quest to develop great documentation to help our members.

    The Windows server products are currently quite good, and while Linux is still the most pervasive web server technology the Microsoft server market is growing, so us exploring Windows and Linux security, ports, firewall chaining, vpn, and the other technology/ processes you mention will help us.

    Regards,
    Steve
    ictus==""

  4. #4
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    @ralph.m ; has mentioned several times that conceptual gaps in documentation make it so much more difficult for new users of a technology or hosting best practises that we should aim here to build simpler, step by step, no-gloss-over documentation that can help new people to RegEx, GIT and Mod-Rewrite.

    What other things can we do to help inexperienced members grow?
    ictus==""

  5. #5
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,301
    Mentioned
    460 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by ServerStorm View Post
    @ralph.m ; has mentioned several times that conceptual gaps in documentation make it so much more difficult for new users of a technology or hosting best practises that we should aim here to build simpler, step by step, no-gloss-over documentation that can help new people to RegEx, GIT and Mod-Rewrite.
    Yes, that would be a great resource, and very powerful, too. But be warned, they are pretty hard to do. It's hard not to miss a step and lose the audience. I had to accept as a teacher that there are only so many gaps you can fill in. For example, we will have to assume that the audience speaks English. The important thing to do when starting out is to establish a very clear set of expectations of what the audience should already know, and state that clearly (and perhaps provide links to resources that would help prepare the audience for th topic). From that point, it's crucial to be vigilant and not jump important information that wasn't assumed at the beginning. It's quite tricky, and requires constant review and testing. Because we are online, we can't watch the audience faces and see them screw up when we've screwed up. (That's a big advantage of teaching face-to-face!)

  6. #6
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by ralph.m View Post
    Yes, that would be a great resource, and very powerful, too. But be warned, they are pretty hard to do. It's hard not to miss a step and lose the audience. I had to accept as a teacher that there are only so many gaps you can fill in. For example, we will have to assume that the audience speaks English. The important thing to do when starting out is to establish a very clear set of expectations of what the audience should already know, and state that clearly (and perhaps provide links to resources that would help prepare the audience for th topic). From that point, it's crucial to be vigilant and not jump important information that wasn't assumed at the beginning. It's quite tricky, and requires constant review and testing. Because we are online, we can't watch the audience faces and see them screw up when we've screwed up. (That's a big advantage of teaching face-to-face!)
    Wow! @ralph.m ; your suggestions drawn from your experience are invaluable! As we create this documentation we will employ your recommendations.

    Many Thanks,
    Steve
    ictus==""

  7. #7
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,301
    Mentioned
    460 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by ServerStorm View Post
    As we create this documentation we will employ your recommendations.
    If you need the content passed through the ultimate idiot test, just see if I can understand it.

  8. #8
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,301
    Mentioned
    460 Post(s)
    Tagged
    8 Thread(s)
    I like molona's idea. When I was looking for new hosting a year or so back, I was amazed (and a bit confused) to discover that there are all sorts of web servers out there beyond Apache and IIS. I had not heard of any of them around here. The hosts were really pushing hard to get me to try them, too, because they were meant to be SO much better. I can't even remember their names now, except for Zeus, but I chose Apache in the end, because that was all I knew to trust.

  9. #9
    Community Advisor silver trophy

    Join Date
    Nov 2006
    Location
    UK
    Posts
    2,554
    Mentioned
    40 Post(s)
    Tagged
    1 Thread(s)
    One thing is certain: all web developers are going to deal with apache at some point. (though I guess there are some asp/.net devs that never see it).

  10. #10
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,651
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    I've successfully had a pretty good web career without doing much with apache. And now you can run nginx on *nix and never deal with it .

  11. #11
    SitePoint Member cameronm's Avatar
    Join Date
    Jan 2013
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think it might be helpful to use more images and screenshots especially for guides. I definitely understand that for a lot of topics, it isn't necessarily required. However, for some problems like server configuration settings and docs, more images might be beneficial. I am just getting started on these forums, and I love them so far, but more images could help with clarification for some technical/complex threads.

    -cam-

  12. #12
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,301
    Mentioned
    460 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by cameronm View Post
    I think it might be helpful to use more images and screenshots especially for guides.
    Yes, and perhaps videos, too. Some guides describe steps in words very accurately, even eruditely, but forget that a lot of it is meaningless to a user without an example.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •