You didn’t really think we were going to tell you that, did you?
Actually, some of you likely will have clicked on this thinking that’s exactly what we were going to do.
Security is one of the most challenging aspects of running a shared hosting company. After all, the existence of hosting that’s “shared” seemed like it shouldn’t exist at all - most networks are closed to everyone and open only to those that need them. By definition, a shared hosting network and server has to be open to everybody that’s needs access no matter where in the world they are, but closed to everyone that would harm the network no matter where in the world they are.
Because of the inherent oxymoron-ness of shared hosting, security on the servers is quite extensive and has to be fine-tuned nearly every day. We employ mod-security, a software firewall, blacklisting services, scanners, and a host of other things to catch problems as they come up. Despite our choice to not automate any set ups are installs, our security is automated and will kick in immediately when there are certain defined problems.
We get at least 2-5 people firewalling themselves per day. In response to being told they firewalled themselves, we get these frequent responses back.
Can you whitelist my IP?
Can you explain exactly what I did so I won’t do it again?
I don’t know what a port scan is so I could not have done it.
But I was using the right login!
None of these are the correct responses, and they won’t get you anywhere. Here’s why.
Can you whitelist my IP?
OK, so, a firewall is designed to spot things that people do against the servers. The means people outside our network, and believe it or not, those who we gave access to that maybe we shouldn’t have. What you are asking us to do is to tell our servers to ignore anything that you do wrong so that if you do something wrong, your access won’t be blocked and you can keep doing the wrong thing until you get it right (or so you can keep banging on the server until you email support).
When you see it explained like that, can you understand why, maybe, that’s not a good idea?
The firewall is there to protect the server as a whole, and you are not the only client on it. In addition, many clients that we have are not savvy enough to recognize when their computer has been unwittingly drafted into being a member of a botnet. Even if you are sure you didn’t do that portscan yourself, it doesn’t mean that your computer or another computer on your network didn’t.
Can you explain exactly what I did so I won’t do it again?
We can, in general, tell you how to do it right - what we can’t do is explain step by step what you did wrong. This is especially true for orders that are flagged and refused for install - and in that case, we won’t even take the time to explain to you fully how to do it right as we feel the order form is fairly self-explanatory.
While the slice of the server you have is “yours”, the machine is our responsibility to secure. One of the ways we do that is making sure that exactly what we do for security remains a tightly held secret.
We’ll tell you that we use mod-security, but you won’t get a copy of our rules. We’ll let you know the server firewalled you for performing a certain action too many times, but we won’t tell you exactly how many times it was that set it off. We’ll tell you that you were temporarily firewalled but we won’t tell you how long the ban will last before it expires. All that information can be used to piece together a picture of our practices that no one should have a picture of but us.
I don’t know what a port scan is so I could not have done it.
See the response to whitelisting - many clients that we have are not savvy enough to recognize when their computer has been unwittingly drafted into being a member of a botnet. Even if you are sure you didn’t do that portscan yourself, it doesn’t mean that your computer or another computer on your network didn’t.
If we are picking up scans that you know you didn’t or couldn’t have physically done, you need to look to other explanations. It could be as simple as your computer being infected, it could be as complex as your wife suspects you are talking to a mistress through email and is trying to hack into your mail account to get evidence. There are a lot of explanations for firewalling from the simple (I forgot my password and refuse to email support so I’ll just hack away until I get it) to the complex (someone wants to hack your account and they live under your roof).
But I was using the right login!
This one’s just thrown in here because we are like the omnipotent and unknowable deity within the metal confines of these boxes. We know what you typed in. We probably even know what you did last summer since we likely have it archived somewhere.
If we tell you we see that you typed in “groggy” to log in and your login is really “eueytgdfy”, just believe us. It saves time.
Due to a recent issue with sending mail, we wanted to expand a little more than we do in the FAQ on the complexities of sending mail. It’s one of those things that seem like it should “just work”, and yet in practicality that’s not really the case.
Years ago, port 25 was the port in which you connect with your email client and send mail on. Actually, port 25 is still the default SMTP port, but for many of you coming in from some of the largest ISP’s both in the country and (to us) internationally, the only port 25 you can get to is the one that your ISP provides you. Some major ISPs known to do this are:
AT&T, MindSpring, BellSouth, MSN, CableOne, NetZero, Charter, People PC, Comcast ATTBI, Sprynet, Cox, Southwestern Bell, Sympatico.ca, EarthLink, Verio, Flashnet, Verizon, MediaOne, Optus, Frontiernet… and yes, there are more.
So, first, what is “Port 25 Blocking”? In a nutshell, it means that your ISP has instituted a block that prevents its users from sending outgoing mail via any third party mail-hosting services. Your domain hosted here is a third party mail-hosting services and so understanding that, depending on your choice of ISP, you may be prevented from using that aspect of your domain service by your Internet Service Provider.
Before the chest thumping consternation begins, the fact is that the reason they do this is pretty sound. Disallowing connections to any other smtp port means that they have much less spam coming out of their network and if someone does try to spam from their network, it goes through mail systems that they have control over. They can institute software traps to catch spammers before they get out, as well as lock down infected computers on their network that have, usually unbeknowst to the user, become part of a botnet due to a virus infection. This block became much more prevelant after the MyDoom virus of 2004, which slammed mailservers the world over and those ISP’s that had been dragging their feet found themselves implementing it in the MyDoom aftermath.
They are trying to do the right thing - it is unfortunate, though, that in order to keep their network (and all networks) safer it limits what you as a legitimate user can do.
So, how do you know if your ISP does this? Well, you can simply google your ISP name and Port 25 Block and you will likely find someone, somewhere that wrote about it. You can check the Terms of Service and it will likely state it somewhere in their policies. You can also simply call support and ask them - this isn’t a secret, and they’ll be happy to tell you.
There are some alternatives you can try - you can switch to port 26 instead of port 25 and see if you can get to SMTP on our servers that way. You can also try port 587. As time goes on, these alternatives are less and less likely to work, and your best bet is to use your ISP’s SMTP server - it won’t affect the “from:” email address display to whoever you are sending to, and your ISP’s ability to authenticate you is fairly simple, as you are a computer on their Network who has already authenticated. It should also be noted that by using these “workarounds”, you’re essentially violating the terms of what your ISP wants you to do and these aren’t guaranteed to work forever.
Ok, so what happened last week?
Well, DrakNet uses the SpamHaus blacklists to block mail at “Exim’s Level”. What that means is instead of accepting all the mail that’s delivered, then running it through many levels of processing, we refuse IP addresses that are in the Spamhaus blocklists. This greatly, greatly reduces the load on the server as the processing for the mail that we accept is actually the single highest resource usage hog on every server we have. Nothing that we do, or you do, is more resource intensive other than backups, and those only happen once a week. Mailscanner runs continuously.
Previous to last week, only XBL and SBL (proven spammers and proven hijacked computers) were set as default blacklists in Exim. cPanel switched to Zen, which also included the PBL list, and once that was added, some of you had problems.
The Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer’s use. What this means is that if you have been “getting around” your ISP’s rules by using port 26 or 587, the use of the PBL list will stop you from connecting to our server because by your Network’s rules, you’re not allowed to be doing what you are doing. You can find out if this affects you by
If it is on the PBL List, you can request it’s removal and the criteria are a bit lower than the other lists (XBL and SBL) due to the fact that it is an advisory list and not a known problem list. If you are on the XBL or SBL list, you have a bigger problem than we can go into here.
Other alternatives are to simply use your ISP’s SMTP server - which is what they want you to do, and what you really should be doing to comply with their rules. You can also switch to using GMail, which we described how to set up in an earlier article. If you need an invite, let us know.
So, ten years ago when we opened this place, we actually had it in our terms of service that if you didn’t know what shell access is, we didn’t want to host you. Needless to say, times have changes. We’ve mellowed in our old age, and FTP is not actually a prerequisite for having a web site anymore, much to our utter shock.
You should have seen my face the first time a professional web designer asked me what FTP was. Luckily, it doesn’t happen all that often because if it did, I’d have gone through an awful lot of keyboards.
Despite the fact that you really can run our hosting completely and totally through your browser, sometimes that’s not really practical, and sometimes you need to do things the old fashioned way. If you hardly ever do things the old fashioned way, though, usually you don’t want to pay for the clients and programs that let you do it the old fashioned way - so we wanted to let you in on a few free programs that let you do some nifty things that you may need occasionally.
Core FTP LE is a free Windows software that that features SFTP (SSH), SSL, TLS, IDN, browser integration, site to site transfers, FTP transfer resume, drag and drop support, file viewing & editing, firewall support, custom commands, FTP URL parsing, command line transfers, filters, and more.
You may have need of an FTP client if you need to get files up to your site that are too large to be uploaded through your PHP program or cPanel’s File Manager.
PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. It is written and maintained primarily by Simon Tatham.
If you need to get to a command line, you really need an ssh client. Command lines are indispensable for troubleshooting php programs, checking on the server, changing permissions, and so on.
Want to see how your site looks in some obscure browsers? Hope on over to Browser Shots. If you have some patience, eventually you’ll get screen shots of your site in a variety of browsers and if you’re trying for cross-compatibility on CSS, you’ll have a half an hour to pad the wall directly in front of you before what IE does to your site design becomes clear and you begin banging your head against it.
PLiska Image Resizer is a handy little tool for merchants that take lots of photos but may not have the graphic skills (or the patience) to edit those photos, rel estate agents that process photos of houses for both print and web, or anyone with a Photo Gallery that has no idea how to resize the images that they take down from enormous size. In mere seconds, you can resize numerous photos into a web ready size, saving your bandwidth, your space, and our server processing if you were planning on letting our server do it for you (which is so not recommended).
HTML Kit is a full-featured free editor for HTML, XHTML, XML, CSS, JavaScript, PHP and other text files. Over 400 plugins are available for it, including HTML Tidy for creating standards-compliant web pages. This is an advanced HTML editor and not for the faint of heart - but if you want to learn HTML, this would be the start of the curve.
Favicon from Pics creates still and animated favicon.ico’s for your site from images, so you don’t need to have vastly superior elves used to working with miniscule pixelation do it for you. Simply upload a picture, and get back a favicon.
So, once you decide you want to do this - getting a reseller account (or server), starting a business, getting a merchant bank account, yadda yadda - then you have to decide how you’re going to do it. So, what does that mean?
Well, there’s the way most people do it - purchasing a web hosting billing/support software package and automating as much as you possibly can. These days, it’s actually possible to accept an order, open a billing account, install it on the server, provision it, bill it, charge it, and send a thank you note at 2am in the morning so that you wake up and notice you have a new hosting client while you were sleeping.
Then there’s the way we do it, which (we’re told) is quaintly old fashioned, and that’s by hand (once you are installed and set up, things are automated, but not until we decide so). At DrakNet, we see every order that applies to be on our servers, a real human looks at it, investigates it, provisions the account, opens the billing, charges it, etc. We admit to you openly that most people of our size and with the frequency of the orders that we get do not and would not choose to do it this way. It’s a lot of work.
So what are the benefits and drawbacks to each system?
Well, obviously, the benefits to the automated system are that clients applying with you get instantaneous set up, and you won’t have to do much of anything for them. In fact, if you do it this way and they have no issues, you could have a client that you never have any direct contact with at all. You cut your staff costs down (or your own work), you are able to offer instant set ups since everything is automated. All you may have to do is collect money, and watch that you don’t overload your account.
So, why do we do it the way we do it?
The benefits of eyeballing every order is that a human being sees it, as opposed to an algorithm that may or may not be any good - spammers and black hat hackers regularly sign up with hosting companies so that they have an untraceable platform to do whatever nefarious things they are planning. Our firewall regularly (read: daily) firewalls IPs of other hosting companies servers as they attempt to attack ours through port scans, mod-security breaches, and the like. Just during the overnight we firewalled at least one shared hosting server from every large shared hosting competitor in the “top ten” due to attempted security breaches.
If you are indiscriminate about who you sign up regardless of how ridiculous their order form looks, you’ll have these problems sooner or later. That’s not even considering the chargebacks that you can face from stolen credit cards being used to sign up.
We personally prefer to do far more work on the front end (and to turn down any orders that seem slightly hokey) than to clean up on the backend after we’ve installed someone we shouldn’t have. They’re both work - it’s just a matter of which work you want to do.
It’s also going to depend on your market - are you going after a market where instant sign ups are absolutely imperative for growth? If you’re going after a market that wants it “now now now” and lack the patience to wait for an install, you may have no choice but to go with a system that provides instant sign ups.
Making these decisions before you look at your billing software is important because each set of software has its features and drawbacks, and each set may have a ceiling as far as expandability. Before you plunk down the cash that may have a hefty price tag, consider how you’re going to run your operation - because if you choose billing software before you do, that and software how it operates will likely decide many things for you.
Ok, so you’ve decided you actually want to start your own mini-web hosting company within ours. So, what’s it gonna cost?
Getting Their Money
You don’t have to have a business bank account if you don’t make a whole lot of money to start out - but it helps.
First, it keeps your personal finances and your business finances separate, which makes life much easier at tax time. Secondly, it might not cost you all that much because a lot of banks are offering free business checking and if you don’t have a lot of activity, you’ll probably qualify for one of the free bank accounts.
You’ll also need a merchant account and gateway - many of them come bundled. We personally sell, and use, e-onlinedata. e-onlinedata will get you the merchant account and id, and will settle the money into your bank account. As you can imagine, there are lots of fees involves with being a business that takes credit cards:
DBA - at the very least, you’ll need to register your business as a DBA in your area so you can get a bank account with a business name instead of “Tom Jones”, or whatever your name is. (Business types are beyond the scope of this article). There are usually small fees associated with this.
Bank Account - hopefully, you’ll get a free business checking account.
The set up fee for your gateway/merchant account - through us, it’s $79.00
Recurring fees that you’re going to pay are:
Us, for your reseller’s account.
$10 monthly service fee for your merchant processing (if you go through us)
$.30 per transaction for each charge or credit or hold you perform.
$25 or 2.29% (qualified transactions) of your charges for the month, whichever is greater
Now, obviously, since this is our web site we want you to use our stuff and those are the fees that we used. If you don’t want to use what we offer, a simple Google search will bring you to a plethora of other options, but we can gather from the above that for processing transactions and setting yourself up as professionally as possible, it’ll cost you roughly $100 to get started, and it will cost you roughly $50 a month (more if you are successful) as far as an investment before we add any software or additional services into the mix.
The alternative, of course, is PayPal. PayPal doesn’t require a set up fee, DBA, business bank account, or any of those types of things, and it is less expensive when you have a lesser volume. The drawback to using PayPal exclusively for payments is that as a merchant, you have both less control and less rights, as they are not a bank. There have been stories of PayPal freezing money in people’s PayPal accounts due to a dispute or yanking accounts altogether - and should that happen, your business is dead in the water. (There’s more than one reason that we choose to use our PayPal payments for do-gooding besides the fact that we like being do-gooders).
There is also the fact that a “business” that doesn’t take the time to set up the ability to directly accept credit cards does look less professional - web hosting is not really an industry like auctions, for example, where that is the norm.
Whether you can “get away with it” is going to entirely depend upon the market that you are targeting and whether they will see PayPal only as an acceptable limitation, and whether you find the lack of control over those payments and a third parties’ ability to come in and take it from you at any without at any time an acceptable risk to your business. Personally, we see PayPal as a fine alternative option adjunctive to traditional merchant card acceptance, but not ok for a sole option - but that’s just us.
OK, so now we have the ability to take money from clients - always a good thing if you’re trying to make a go of a business. How to keep track of who you’re charging what? In our next section, we’ll go over your billing options and integration with your gateway, what the start up costs are for that, and what software we recommend to get you started.
So what should you think about when becoming a reseller? While we hope the blog is of general help to people wherever they host, for expediency we’re just going to focus on our reseller program the way it’s set up and what we feel you should think about when you’re thinking about becoming one of our resellers though much of this will be applicable to general decisions to become anyone’s reseller as our policies and practices are not all that different from most hosting companies.
Right now, they’re our problem. Become a reseller, and they’re all yours.
Once you take on an account as a reseller, that account ceases to be (or initially is not) our account. Your client is not our client, your client is your client, and they will come to you for any and all support that they need for domains that you install or gather up under your umbrella. If they email support for help, we will direct them to you. We have no contract with them and, in fact, our contract with you spells out that we will interfere or interface with your clients only in the event of your total abandonment of your reseller account. We will not deal with them directly for any other reason.
Do you have the time to answer those tickets within an amount of time that your clients will be satisfied with? Do you have the expertise to answer most of them and only come to us for minimal support for things that you cannot fix? If you don’t, are your clients the type of clients that will be patient after the submit a ticket to you, you pick it up and then submit the request to us, and then we pick it up and respond? You’ve added lag time to those responses if you are going to depend on us more and not less.
Are you ready to have your tickets answered with directives on how you should fix something rather than having us fix it for you? As a reseller, you’re getting a fairly steep discount, and a lot of tools - if you have the ability to do something, we will not be doing those things for you anymore. You’re expected, in exchange for that discount, to take the initiative and manage many of your issues yourself for you, and your clients. The only password reset you would ever email us for is your own - your clients forget their password? You need to reset it. Your clients need an upgrade? You need to do it. Anything you need fixed that you don’t have access to, we will do - anything you have access to, or can get access to, is considered your responsibility to fix. If you email us and say you don’t know how, we’ll tell you how - but we won’t do it for you.
We bill you, and you bill your clients - we don’t really care what you charge them, or if you charge them. But if you decide to actually charge them, you’ll need to invest in billing software, which can run $25 a month for a lease on up to $300 at one time, and more. Do you have the money and the time to set up a billing system for your clients? (We will go over some billing choices later on in the series). Will you be able to afford the set up fees for a merchant account? Do you have a business bank account? Will you just go through PayPal (which, frankly, isn’t the most professional sole choice you could make.) Are you ready to sit down and make all these decisions before you open up and take a single client?
Are you comfortable combining all your clients into one account from a security standpoint? What we mean by that is when you take orders, do you feel comfortable installing them and potentially having to deal with a spammer, or a client that breaks our TOS and potentially threatens your reseller account? Have you come up with a TOS for your clients that incorporates our rules (which applies to everyone, including your clients)?
You can open up a reseller account and fly by the seat of your pants - many do. If you are going to have clients, though, you really need to approach this like any other business start up. If you’re a web designer, you need to decide whether you are prepared to offer the same type of service they could get from the hosting company directly and, if that answer is no, whether the service you feel you could provide will be acceptable to the type of clients that you have and that you market to. Sometimes that answer is yes, and sometimes that answer is no. It really depends on your target market.
Next time, we’ll go into some of the start up costs for things like billing software, ssl certs, merchant accounts, and so on.
So, you’re a designer or a developer, and you keep sending clients to us because you’re not sure what’s involved in reselling and the concept freaks you out a little bit. These posts will be a series introducing you to reselling, and let you know some of the choices and pitfalls that lay in wait for you.
First, what’s a reseller?
That’s a pretty tough question to answer, especially in this industry. In its simplest definition, a reseller is anyone who sells someone else’s services. In the hosting industry, though, the term “reseller” is not so simple because hosting is so intertwined between different companies and services coming together that it can be confusing for the uninitiated.
Let’s first go through the various ways a web host can “be” a web host. These are listed from highest investment/cost/size to lowest.
You can own your own Data Center. This covers hosting companies like The Planet, Liquid Web, CI Host, and Rackspace - though there are more than just those. What that means is you own (or lease) the building, and everything in it belongs to the company. The benefits of this is that the company controls every aspect of the infrastructure. The drawback is when things are going wrong, there’s no one else to blame so you better have a darn good staff to run it, and it ain’t cheap.
You can own your own equipment and co-locate it in a data center. One of the largest shared hosting companies chose this method - Dreamhost is actually located in Media Temple’s data center (though I believe they co-locate in more than one place). The benefit of this is that you get to take advantage of an already in-place infrastructure and you own the hardware, which brings monthly costs down. The drawback is that you are in charge of any hardware failure and a tech will usually need to take a drive to the data center to address any issues. It should be noted this choice, as well as the ones following, are better for the environment than starting your own data center (even though all of us sometimes wish we had our own).
You can lease your boxes from an established dedicated server data center (which is where we fall). The benefits are that there are techs onsite that are responsible for any hardware issues in addition to the connectivity benefits you would get the same as colocating. The drawbacks are that everything other than the data on the server is not yours, and you can only create hardware configurations that your hosting company has the ability to offer and chooses to offer, and its more expensive than colocation (though there are less upfront costs). The vast majority of smaller hosting companies (and some larger ones) fall into this category, and please note that just because you lease a server does not mean you are with a NOC - you may be leasing a server from someone that leased a server from someone that leased a server from a NOC.
I know, mind-boggling, ain’t it?
Then there’s a Reseller account with any of the above hosts. These come in two flavors - one allows you to set up a mini-hosting company so that you can provision accounts with packages you choose, have your own DNS servers, and in general create your own brand identity within your host’s system (which is where our reseller accounts fall), and those that simply allow the reselling of their own defined packages at a discount. The first option involves more work than the latter, and the last option usually little more effort than cashing a check.
Now, you can be a combination of the above - for example, we have dedicated boxes at Liquid Web. Now, are we a reseller? For the boxes that we host you on, and our shared services, no - Liquid Web has absolutely nothing to do with your accounts or services and, in fact, we offer many things that they do not. They manage the boxes for us, but not our accounts. So in this case, we are not a reseller.
Previously, though, we have leased a box from them and sold it to someone else for a small profit. Since we are selling the dedicated server to someone else, and the service that Liquid Web was giving us was the box itself and all the management and that is the product we sold, in that instance we were a reseller.
The line is at management - you graduate into a non-reseller once someone stops helping you manage your hosting accounts and the responsibility is all on you to deal with them. Once you’re managing your own accounts and no one else is there to help you run it, you’ve graduated into a full fledged web hosting company, even if it’s just one box.
Next post in the series, we’ll go over what you should think about when you are considering becoming a reseller.
DrakNet’s site is worth an estimated $36,636 - and that’s, like, not even counting you all and how much we could get for you if we decided to sell you (don’t worry, we’re not). How do we know? Well, we looked it up on DNSScoop, and we’re sure they wouldn’t lie to us.
Ok, they probably would.
But it’s still really, really fun to dig into the plethora of information available on the net. It’s almost like those goofy blog quizzes, only for your web site.
DNSScoop is just one of many, many, many services on the web that can give you information about not just your web site, but any web site. Sometimes the information is really accurate, and sometimes it should be taken with a grain of salt and for entertainment purposes only. We’re going to introduce you some of the ones we use, and tell you a little bit about them - both the sheer fun, and the useful.
Whois lookups are great to get the basic information about a domain - sometimes it will have the owner’s information including address, phone number, and email address. Years ago, before people knew what they were doing on the Internet, the Drak staff would look up celebrity domain names owned by the celebrities and see how many naive enough to public their information on their registration because they didn’t know anyone could look it up. Guess what? There were a lot.
Nowadays, people are more aware of how their information is published, and so you won’t find a whole lot of that anymore - what you will find is their DNS servers and those will usually tell you where they host. Some folks pay for privacy features from their registrar and mask everything, though they can’t easily mask where they are.
Domain Tools has some pretty neat little spying tricks, too - Name Server Spy will tell you how many domain names are hosted on a DNS server. Pulling up ns.drak.net today as we’re writing shows “This server has 1,831 domains on it.” - which is just about right (remember, this includes parked domains and add ons). You can get the number for free - if you want to spy on our ups and downs and monitor us, it’ll cost you.
Sometimes the results can be patently amusing bordering on the absurd when you look at a host’s claims on their site and what you find when you peek under the hood of the bluff and bluster and brags - but maybe that’s just if you’re in this industry and are easily amused by that sort of thing.
Some of the other neat stuff here is domain hosting history (trace where a site has hosted and how many times it’s moved to different hosts and what hosts), and a domain typo generator if you want to make sure you register common typos of your domain name.
IntoDNS checks the health and configuration of DNS servers and mail servers and the nice part about it is that it’s free. If you have problems with your domain name resolving, want to check where it is resolving, or just see if your zone file’s correct and our DNS is set up right, you can check it out here.
Who’s your IP neighbor? Who do we host? How many people are on your server? Well, you actually can find out using publicly available information. Despite some folks treating it like a secret, it’s actually not a secret at all and you can find out exactly who shares your server with you and peruse some of the folks that call your IP neighborhood home.
My IP Neighbors allows you to put in your IP address and see who’s sharing your IP with you. You can peruse all the sites that resolve to your server (well, most of them, unless they have a dedicated IP) and click around to see how diverse one server can actually be. It’s kind of like a huge melting pot of ideals and businesses and is pretty neat, if we do say so ourselves.
Just remember - on a server as in real life, sometimes, you don’t want to know who your neighbors are.
Want to sit around for a few hours and check out almost everyone we host? Just use the server names instead of your domain name and you’ll get almost 90% of them.
When you sign up or install an account, we issue you a cPanel login - this login is essentially the “root” of your account with full administrative powers to do very nearly anything that it gosh darn well pleases, and since it has shell access to the server, it’s a pretty powerful little login. It’s one of the reasons that we force you to login to the servers using SSL, and we’re so adamant about keeping your site from obvious risks we also firewall your ability to get into cPanel from any other way other than in an encrypted manner.
Much to our chagrin, it can also work for FTP or logging into mail - and though you can use it that way, you shouldn’t, because those logins are not encrypted and you are sending a plain text password through the internet and through multiple networks in such a way that anyone can pluck it out of the air. This is extremely unsafe, and we highly recommend that you not do it at all.
All cPanel email accounts should be created in your cPanel - sending those passwords through the air in plain text isn’t really any better, either, but at least you are limiting the access that they can get to that email account only. (We will have an article regarding encrypting your logins, but that’s beyond the overview scope of this article).
All FTP accounts should be created in your cPanel - sending those passwords through the air in plain text isn’t really any better, either, but at least you are limiting the access that they can get to that FTP account only. The only exception to this would be if you use SFTP, which is actually run over shell and not over “FTP” - in that case, you are required to use your cPanel login as that login is the only true Unix login and hence the only way that you can have SFTP access.
You cannot simply login to SFTP on port 22, either - we hide all shell ports and we do not publish those ports anywhere. You’ll need to email the support department and request the port for your server as they are all different. This allows us to know exactly who has shell access, and to monitor its security with a little extra glance every now and then.
We do recommend SFTP for everyone on a Junior account or above (as Intros don’t have shell). It is a more secure way to get files back and forth between the server, and if you are on an ISP that throttles FTP upload speeds you can sometimes dramatically speed up your FTP sessions when uploading to your site by using SFTP as it’s not a (currently) commonly throttled port when ISPs are throttling ports common to file sharing to limit their end users ability to share files.
It addition, by creating your FTP and Email accounts yourself, you put the ability to reset passwords when you forget in your own hands, and you don’t have to wait for support to do it for you, which is a handy little thing to be able to do.
Our offering of Soholaunch Pro was very much an accident - one day, it showed up in Fantastico. We had assumed that all software in Fantastico would be open source (and free to use), and it was not actually open source or free to use if you wanted to make the most of it so upon install, our clients were a little confused. It was relatively inexpensive at the time, and after a client asked about it, we licensed it for the servers.
Over the last few years, we’ve gone from just having it as a side offering to one of our featured offerings, and it went from a really tiny part of our business to the content management system of 7% of all sites hosted at DrakNet. (Currently, the number stands at 131 sites and is steadily rising.) In addition to bringing in new clients, we have converted a number of our current clients over to the system.
If you want to know what it does, we have a plethora of information available on the site for you to peruse. If you want to know why people are using it, you can visit the Soholaunch forums and find some very passionate people about the software (including yours truly, who is an opinionated volunteer moderator). If you want to know what the sales and marketing information doesn’t tell you, read on…
Soholaunch Pro is used to run your entire site, and essentially takes it over. If you have a current site and think you might want to switch, it will take some planning on your part and our part to do it - we recommend downloading your current site, installing Soholaunch Pro, and then re-uploading your old site over the Soholaunch installation as long as they are straight HTML pages, as this will allow both to exist simultaneously OR installing another full account to built it on and then switching the site over. All activity to manage your site for the most part is done through your browser, and its compatible with the most popular ones on Windows, Macs, and Linux Desktops (though I am not sure the Linux Desktop support is official - we have been able to manage the site on a Mint install).
So, why choose it? Well, for one, its commercial software - as much as we support open source software, the fact is the “newbies” just entering into the market may not have time for the “do it yourself” approach to web site technology and support, and we simply don’t have the time (or the inclination) to become familiar with every single open source solution out there and since we can’t, the help that we can give you is limited. Having a company actually stand behind the software is beneficial for those that want a quicker response than some open source CMS’s are capable of, and Soholaunch has it. Since we have a guaranteed direct line of support to the company with our license, we support the software and it is, in fact, the only CMS that we do directly support fully.
Two, it really is a two-sided machine. One of the most brilliant aspects of the Soholaunch product is that it is expandable and customizable if you are a programmer, and if you’re not, it’s expandable and customizable (though you may pay a small fee for that by way of a plugin). It is rapidly improved on both by the company itself, and the developers that favor it in the form of plugins.
The drawback, of course, is that its $149 for a license and that license is assigned to one domain name. The plus of hosting here is that we pay that licensing fee for you - there are an awful lot of hosting companies that claim they offer Soholaunch, but they simply have the free trial in Fantastico that everybody, their dog, and their Aunt Sally gets. Not for nothing, but any schmuck with Fantastico can offer that - here at DrakNet, Soholaunch, Inc. yanks a few thousand dollars out of our bank account a year so that no one here pays for the software as long as they’re here. Period. Ever. The end.
As a bonus, you get some Viastep templates because we snagged ‘em way back when, before server licensing templates became prohibitively expensive.
You really can get up and running in an hour, and if you use one of the templates names above, you can get a pretty slick looking site in that time - and that’s really the draw. Up, fast, configurable, and slick looking without having to go through the twists and turns of learning how to do all this “design stuff”.
Our offering of 
