SitePoint Sponsor

User Tag List

Results 1 to 21 of 21
  1. #1
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)

    I'm NEW!!!! Give Me A Break! Hear My Voice!

    Hi,

    Being new or inexperienced with hosting can be really hard. It is especially true when seasoned hosting experts are answering or posing questions. As such, we would like those of you that are new to hosting or this forum to let us know anything that you would like to see, topics that you feel need to be covered or discussed, difficulties you may experience using this forum or any other specific hosting complaint or issue you face here.

    Post your suggestions, comments, etc. in this thread. Team Leaders, Advisors, and Mentors will be checking this daily and make sure we are thinking about any suggestions, questions or frustrations that our new-to-hosting members are experiencing.

    Warm regards,
    Steve
    Last edited by ServerStorm; Jan 22, 2013 at 15:41.
    ictus==""

  2. #2
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,149
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    I'll start

    I was out of the hosting business for for many years, and lately it seems to want to drag me back in... so I'd like to see advice on how to harden your servers and to make it so it can be discussed in various lengths, I'd like to look at software and hardware solutions both on Windows and Linux.

    I know that tools exist, but in many cases, when you search for specific tool sets you will occasionally find someone who used it well and correctly, and another who may have used it in an abusive manner (meaning, it got the job done but could have affected good users too). Its been way too long since I've had to focus on that side of networking (I've spent way more focus on hardening web applications at the programming level).

    Maybe we can even break these down further to make short more precise discussions:

    Sample of this broken down further:
    1. Linux
      1. iptables and tcpwrappers, what are they, how do you use them?
      2. skip ftp, use scp/ssh with public/private keys
      3. disable root? (this may be controversial)
      4. vpn
      5. SELinux, what is it and how can it help you?
      6. Password Management (force changing of passwords, restrict previous passwords, and lock accounts out after bad attempts)
      7. Discover listening network ports and plug them
      8. logging and auditing; how to monitor logs, rotate them, etc
    2. Windows (I'm not all that familiar with Windows, so hopefully others have ideas)
      1. Configuring a Security Policy
      2. Blocking Unnecessary Ports and Services
      3. Configuring the Firewall
      4. Auditing
      5. Password Management (force changing of passwords, restrict previous passwords, and lock accounts out after bad attempts)
      6. VPN

  3. #3
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by cpradio View Post
    I'll start

    I was out of the hosting business for for many years, and lately it seems to want to drag me back in... so I'd like to see advice on how to harden your servers and to make it so it can be discussed in various lengths, I'd like to look at software and hardware solutions both on Windows and Linux.

    I know that tools exist, but in many cases, when you search for specific tool sets you will occasionally find someone who used it well and correctly, and another who may have used it in an abusive manner (meaning, it got the job done but could have affected good users too). Its been way too long since I've had to focus on that side of networking (I've spent way more focus on hardening web applications at the programming level).

    Maybe we can even break these down further to make short more precise discussions:

    Sample of this broken down further:
    1. Linux
      1. iptables and tcpwrappers, what are they, how do you use them?
      2. skip ftp, use scp/ssh with public/private keys
      3. disable root? (this may be controversial)
      4. vpn
      5. SELinux, what is it and how can it help you?
      6. Password Management (force changing of passwords, restrict previous passwords, and lock accounts out after bad attempts)
      7. Discover listening network ports and plug them
      8. logging and auditing; how to monitor logs, rotate them, etc

    2. Windows (I'm not all that familiar with Windows, so hopefully others have ideas)
      1. Configuring a Security Policy
      2. Blocking Unnecessary Ports and Services
      3. Configuring the Firewall
      4. Auditing
      5. Password Management (force changing of passwords, restrict previous passwords, and lock accounts out after bad attempts)
      6. VPN
    Thanks for the great ideas. This will help us in our quest to develop great documentation to help our members.

    The Windows server products are currently quite good, and while Linux is still the most pervasive web server technology the Microsoft server market is growing, so us exploring Windows and Linux security, ports, firewall chaining, vpn, and the other technology/ processes you mention will help us.

    Regards,
    Steve
    ictus==""

  4. #4
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    @ralph.m ; has mentioned several times that conceptual gaps in documentation make it so much more difficult for new users of a technology or hosting best practises that we should aim here to build simpler, step by step, no-gloss-over documentation that can help new people to RegEx, GIT and Mod-Rewrite.

    What other things can we do to help inexperienced members grow?
    ictus==""

  5. #5
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,203
    Mentioned
    456 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by ServerStorm View Post
    @ralph.m ; has mentioned several times that conceptual gaps in documentation make it so much more difficult for new users of a technology or hosting best practises that we should aim here to build simpler, step by step, no-gloss-over documentation that can help new people to RegEx, GIT and Mod-Rewrite.
    Yes, that would be a great resource, and very powerful, too. But be warned, they are pretty hard to do. It's hard not to miss a step and lose the audience. I had to accept as a teacher that there are only so many gaps you can fill in. For example, we will have to assume that the audience speaks English. The important thing to do when starting out is to establish a very clear set of expectations of what the audience should already know, and state that clearly (and perhaps provide links to resources that would help prepare the audience for th topic). From that point, it's crucial to be vigilant and not jump important information that wasn't assumed at the beginning. It's quite tricky, and requires constant review and testing. Because we are online, we can't watch the audience faces and see them screw up when we've screwed up. (That's a big advantage of teaching face-to-face!)

  6. #6
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by ralph.m View Post
    Yes, that would be a great resource, and very powerful, too. But be warned, they are pretty hard to do. It's hard not to miss a step and lose the audience. I had to accept as a teacher that there are only so many gaps you can fill in. For example, we will have to assume that the audience speaks English. The important thing to do when starting out is to establish a very clear set of expectations of what the audience should already know, and state that clearly (and perhaps provide links to resources that would help prepare the audience for th topic). From that point, it's crucial to be vigilant and not jump important information that wasn't assumed at the beginning. It's quite tricky, and requires constant review and testing. Because we are online, we can't watch the audience faces and see them screw up when we've screwed up. (That's a big advantage of teaching face-to-face!)
    Wow! @ralph.m ; your suggestions drawn from your experience are invaluable! As we create this documentation we will employ your recommendations.

    Many Thanks,
    Steve
    ictus==""

  7. #7
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,203
    Mentioned
    456 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by ServerStorm View Post
    As we create this documentation we will employ your recommendations.
    If you need the content passed through the ultimate idiot test, just see if I can understand it.

  8. #8
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by ralph.m View Post
    If you need the content passed through the ultimate idiot test, just see if I can understand it.
    I would be happy to pass it through your BRIGHT not idiotic ​brain .

    No question or idea is this forum is considered stupid. Any unfriendly posts will be removed!

    Regards,
    Steve
    ictus==""

  9. #9
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,203
    Mentioned
    456 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by ServerStorm View Post
    No question or idea is this forum is considered stupid.
    I didn't say any idea or question was stupid, but that I was stupid.

    Anyhow, I think I do have a pretty good eye for where there are conceptual gaps in learning content, so I'm happy to help out. Of course, it's a truer test when you are trying to learn from that material at the same time.

    One key to teaching is repetition, as things often don't 'go in' the first time. I've been reading a JS book this week, and there are lots of concepts covered on each page. It would have been really helpful for the author to add little reminders with each example of what part of JS he is using, because one tends to forget. For example, he'll say something like "so I'll now use this code ..." and give an example, where it would have been helpful for him at least to say "so we'll now use an object literal (see p 120) to achieve this ..." That way, if you've forgotten some of the details about object literals, you can quickly go back and revise them, rather than search through the book trying to remember what kind of code that was.

  10. #10
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by ralph.m View Post
    I didn't say any idea or question was stupid, but that I was stupid.
    Yes I should have put that sentence in another post. This was not related to the first.

    Quote Originally Posted by ralph.m View Post
    Anyhow, I think I do have a pretty good eye for where there are conceptual gaps in learning content, so I'm happy to help out. Of course, it's a truer test when you are trying to learn from that material at the same time.
    This will be a great litmus test that we can run to flush-out gaps, so thanks.
    Quote Originally Posted by ralph.m View Post
    One key to teaching is repetition, as things often don't 'go in' the first time. I've been reading a JS book this week, and there are lots of concepts covered on each page. It would have been really helpful for the author to add little reminders with each example of what part of JS he is using, because one tends to forget. For example, he'll say something like "so I'll now use this code ..." and give an example, where it would have been helpful for him at least to say "so we'll now use an object literal (see p 120) to achieve this ..." That way, if you've forgotten some of the details about object literals, you can quickly go back and revise them, rather than search through the book trying to remember what kind of code that was.
    Yes I've never really seen this type of reinforcement but maybe in one technical book. This will be a good feature of our documentation.

    Thanks
    ictus==""

  11. #11
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,203
    Mentioned
    456 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by ServerStorm View Post
    Yes I've never really seen this type of reinforcement but maybe in one technical book.
    When teaching kids especially (say, something like fractions), you need to introduce the subject in small bits, building one concept on another, and giving lots of practice with each concept before moving on—always remembering, however, to revise the earlier concepts regularly. I'm actually tempted to write something for subjects like CSS and JS in this way, giving lots of practice exercises at each stage of learning to embed each concept before moving on—as I'm sure this kind of approach works just as well with adults. (It would certainly help me, anyhow!)

  12. #12
    #titanic {float:none} silver trophy
    molona's Avatar
    Join Date
    Feb 2005
    Location
    from Madrid to Heaven
    Posts
    8,240
    Mentioned
    239 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by ralph.m View Post
    When teaching kids especially (say, something like fractions), you need to introduce the subject in small bits, building one concept on another, and giving lots of practice with each concept before moving on—always remembering, however, to revise the earlier concepts regularly. I'm actually tempted to write something for subjects like CSS and JS in this way, giving lots of practice exercises at each stage of learning to embed each concept before moving on—as I'm sure this kind of approach works just as well with adults. (It would certainly help me, anyhow!)
    Off Topic:

    I think that's a great idea. Let me know if I can be of any help


    Going back to topic, I think that a good idea would be an updated list of the best web server software that you can install in Windows, Linux or Macitosh.

    I'm finding myself in a bit frustrated because when I changed my computer I didn't set up a proper testing environment and when I finally decided to do so, I thought that maybe there was something better than Apache for Windows in the market... I started to look up for information and I never thought that there was so many web server available. I gave up in the end because the list was too long and it was hard to know what was secure or wasn't and those who were popular (like nginex) didn't provide a zip or installer for Windows even if there was supposed to be a Windows version.

  13. #13
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by molona View Post
    Off Topic:

    I think that's a great idea. Let me know if I can be of any help


    Going back to topic, I think that a good idea would be an updated list of the best web server software that you can install in Windows, Linux or Macitosh.

    I'm finding myself in a bit frustrated because when I changed my computer I didn't set up a proper testing environment and when I finally decided to do so, I thought that maybe there was something better than Apache for Windows in the market... I started to look up for information and I never thought that there was so many web server available. I gave up in the end because the list was too long and it was hard to know what was secure or wasn't and those who were popular (like nginex) didn't provide a zip or installer for Windows even if there was supposed to be a Windows version.
    This is an interesting idea.

    We've had some discussion amongst the Hosting Advisors and Mentors and decided amongst ourselves that picking topics that do not get outdated quickly is a primary concern. What are your thoughts regarding this, as Web Servers are continuously evolving and emerging? Is this best served by threads that the hosting advisors prepare?
    Last edited by ServerStorm; Jan 23, 2013 at 15:36. Reason: bes to best fix
    ictus==""

  14. #14
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,203
    Mentioned
    456 Post(s)
    Tagged
    8 Thread(s)
    I like molona's idea. When I was looking for new hosting a year or so back, I was amazed (and a bit confused) to discover that there are all sorts of web servers out there beyond Apache and IIS. I had not heard of any of them around here. The hosts were really pushing hard to get me to try them, too, because they were meant to be SO much better. I can't even remember their names now, except for Zeus, but I chose Apache in the end, because that was all I knew to trust.

  15. #15
    #titanic {float:none} silver trophy
    molona's Avatar
    Join Date
    Feb 2005
    Location
    from Madrid to Heaven
    Posts
    8,240
    Mentioned
    239 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by ServerStorm View Post
    This is an interesting idea.

    We've had some discussion amongst the Hosting Advisors and Mentors and decided amongst ourselves that picking topics that do not get outdated quickly is a primary concern. What are your thoughts regarding this, as Web Servers are continuously evolving and emerging? Is this best served by threads that the hosting advisors prepare?
    Yes, I do realize that this is a topic that can get outdated easliy but this kind of information is something that probably forum members will expect and thank.

    Maybe there's a way that it will not give so much work but it would be a thread that would have to be updated in a yearly basis. Maybe there's a reputable magazine that do this kind of comparisions and we can link to their study (if it is online) or base the thread on that study?

    Or maybe there are some tests that can be done to know that the software is as secure as it can get? A thread like this may not get outdated that quickly.

    I'll think about it.

  16. #16
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,149
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by molona View Post
    Yes, I do realize that this is a topic that can get outdated easliy but this kind of information is something that probably forum members will expect and thank.

    Maybe there's a way that it will not give so much work but it would be a thread that would have to be updated in a yearly basis. Maybe there's a reputable magazine that do this kind of comparisions and we can link to their study (if it is online) or base the thread on that study?

    Or maybe there are some tests that can be done to know that the software is as secure as it can get? A thread like this may not get outdated that quickly.

    I'll think about it.
    What if we focused primarily with pros and cons of the web server itself (not compared to the others). Things like speed, security, ease of learning, stability, feature set. Sure it may change slightly over time, but the out-dated-"ness" will be fairly manageable.

    Writing installation guides on the other hand would be a secondary goal considering the process doesn't change frequently (or if we can find tools that make the job easy, we could always use Installation as a category with links pointing to those tools).

  17. #17
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by molona View Post
    Yes, I do realize that this is a topic that can get outdated easliy but this kind of information is something that probably forum members will expect and thank.
    Yes your are right about this, excellent point.
    Quote Originally Posted by molona View Post
    Maybe there's a way that it will not give so much work but it would be a thread that would have to be updated in a yearly basis. Maybe there's a reputable magazine that do this kind of comparisons and we can link to their study (if it is online) or base the thread on that study?
    If we look at it this way, we should not shy away from doing topics that will help the hosting forum because they may get outdated, we should worry more about having a reliable process to keep such documentation updated
    Quote Originally Posted by molona View Post
    Or maybe there are some tests that can be done to know that the software is as secure as it can get? A thread like this may not get outdated that quickly.I'll think about it.
    Yes security move very fast and it may be hard to keep up with this.
    Quote Originally Posted by cpradio View Post
    What if we focused primarily with pros and cons of the web server itself (not compared to the others). Things like speed, security, ease of learning, stability, feature set. Sure it may change slightly over time, but the out-dated-"ness" will be fairly manageable.
    Yes this is a better idea. It leaves it up to members to make comparisons that best fit their requirements and will provide criteria that allows better decision making.
    Quote Originally Posted by cpradio View Post
    Writing installation guides on the other hand would be a secondary goal considering the process doesn't change frequently (or if we can find tools that make the job easy, we could always use Installation as a category with links pointing to those tools).
    Yes this is excellent.Thanks @cpradio ; and @molona ; !
    ictus==""

  18. #18
    Community Advisor silver trophy

    Join Date
    Nov 2006
    Location
    UK
    Posts
    2,551
    Mentioned
    40 Post(s)
    Tagged
    1 Thread(s)
    One thing is certain: all web developers are going to deal with apache at some point. (though I guess there are some asp/.net devs that never see it).

  19. #19
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,633
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    I've successfully had a pretty good web career without doing much with apache. And now you can run nginx on *nix and never deal with it .

  20. #20
    SitePoint Member cameronm's Avatar
    Join Date
    Jan 2013
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think it might be helpful to use more images and screenshots especially for guides. I definitely understand that for a lot of topics, it isn't necessarily required. However, for some problems like server configuration settings and docs, more images might be beneficial. I am just getting started on these forums, and I love them so far, but more images could help with clarification for some technical/complex threads.

    -cam-

  21. #21
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,203
    Mentioned
    456 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by cameronm View Post
    I think it might be helpful to use more images and screenshots especially for guides.
    Yes, and perhaps videos, too. Some guides describe steps in words very accurately, even eruditely, but forget that a lot of it is meaningless to a user without an example.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •