Being new or inexperienced with hosting can be really hard. It is especially true when seasoned hosting experts are answering or posing questions. As such, we would like those of you that are new to hosting or this forum to let us know anything that you would like to see, topics that you feel need to be covered or discussed, difficulties you may experience using this forum or any other specific hosting complaint or issue you face here.
Post your suggestions, comments, etc. in this thread. Team Leaders, Advisors, and Mentors will be checking this daily and make sure we are thinking about any suggestions, questions or frustrations that our new-to-hosting members are experiencing.
I was out of the hosting business for for many years, and lately it seems to want to drag me back in… so I’d like to see advice on how to harden your servers and to make it so it can be discussed in various lengths, I’d like to look at software and hardware solutions both on Windows and Linux.
I know that tools exist, but in many cases, when you search for specific tool sets you will occasionally find someone who used it well and correctly, and another who may have used it in an abusive manner (meaning, it got the job done but could have affected good users too). Its been way too long since I’ve had to focus on that side of networking (I’ve spent way more focus on hardening web applications at the programming level).
Maybe we can even break these down further to make short more precise discussions:
Sample of this broken down further:
Linux
[list=1]
iptables and tcpwrappers, what are they, how do you use them?
skip ftp, use scp/ssh with public/private keys
disable root? (this may be controversial)
vpn
SELinux, what is it and how can it help you?
Password Management (force changing of passwords, restrict previous passwords, and lock accounts out after bad attempts)
Discover listening network ports and plug them
logging and auditing; how to monitor logs, rotate them, etc
[/list]
Windows (I’m not all that familiar with Windows, so hopefully others have ideas)
[list=1]
Configuring a Security Policy
Blocking Unnecessary Ports and Services
Configuring the Firewall
Auditing
Password Management (force changing of passwords, restrict previous passwords, and lock accounts out after bad attempts)
Thanks for the great ideas. This will help us in our quest to develop great documentation to help our members.
The Windows server products are currently quite good, and while Linux is still the most pervasive web server technology the Microsoft server market is growing, so us exploring Windows and Linux security, ports, firewall chaining, vpn, and the other technology/ processes you mention will help us.
@ralph_m ; has mentioned several times that conceptual gaps in documentation make it so much more difficult for new users of a technology or hosting best practises that we should aim here to build simpler, step by step, no-gloss-over documentation that can help new people to RegEx, GIT and Mod-Rewrite.
What other things can we do to help inexperienced members grow?
Yes, that would be a great resource, and very powerful, too. But be warned, they are pretty hard to do. It’s hard not to miss a step and lose the audience. I had to accept as a teacher that there are only so many gaps you can fill in. For example, we will have to assume that the audience speaks English. The important thing to do when starting out is to establish a very clear set of expectations of what the audience should already know, and state that clearly (and perhaps provide links to resources that would help prepare the audience for th topic). From that point, it’s crucial to be vigilant and not jump important information that wasn’t assumed at the beginning. It’s quite tricky, and requires constant review and testing. Because we are online, we can’t watch the audience faces and see them screw up when we’ve screwed up. (That’s a big advantage of teaching face-to-face!)
I didn’t say any idea or question was stupid, but that I was stupid.
Anyhow, I think I do have a pretty good eye for where there are conceptual gaps in learning content, so I’m happy to help out. Of course, it’s a truer test when you are trying to learn from that material at the same time.
One key to teaching is repetition, as things often don’t ‘go in’ the first time. I’ve been reading a JS book this week, and there are lots of concepts covered on each page. It would have been really helpful for the author to add little reminders with each example of what part of JS he is using, because one tends to forget. For example, he’ll say something like “so I’ll now use this code …” and give an example, where it would have been helpful for him at least to say “so we’ll now use an object literal (see p 120) to achieve this …” That way, if you’ve forgotten some of the details about object literals, you can quickly go back and revise them, rather than search through the book trying to remember what kind of code that was.
When teaching kids especially (say, something like fractions), you need to introduce the subject in small bits, building one concept on another, and giving lots of practice with each concept before moving on—always remembering, however, to revise the earlier concepts regularly. I’m actually tempted to write something for subjects like CSS and JS in this way, giving lots of practice exercises at each stage of learning to embed each concept before moving on—as I’m sure this kind of approach works just as well with adults. (It would certainly help me, anyhow!)
I think that’s a great idea. Let me know if I can be of any help
Going back to topic, I think that a good idea would be an updated list of the best web server software that you can install in Windows, Linux or Macitosh.
I’m finding myself in a bit frustrated because when I changed my computer I didn’t set up a proper testing environment and when I finally decided to do so, I thought that maybe there was something better than Apache for Windows in the market… I started to look up for information and I never thought that there was so many web server available. I gave up in the end because the list was too long and it was hard to know what was secure or wasn’t and those who were popular (like nginex) didn’t provide a zip or installer for Windows even if there was supposed to be a Windows version.
We’ve had some discussion amongst the Hosting Advisors and Mentors and decided amongst ourselves that picking topics that do not get outdated quickly is a primary concern. What are your thoughts regarding this, as Web Servers are continuously evolving and emerging? Is this best served by threads that the hosting advisors prepare?
I like molona’s idea. When I was looking for new hosting a year or so back, I was amazed (and a bit confused) to discover that there are all sorts of web servers out there beyond Apache and IIS. I had not heard of any of them around here. The hosts were really pushing hard to get me to try them, too, because they were meant to be SO much better. I can’t even remember their names now, except for Zeus, but I chose Apache in the end, because that was all I knew to trust.
Yes, I do realize that this is a topic that can get outdated easliy but this kind of information is something that probably forum members will expect and thank.
Maybe there’s a way that it will not give so much work but it would be a thread that would have to be updated in a yearly basis. Maybe there’s a reputable magazine that do this kind of comparisions and we can link to their study (if it is online) or base the thread on that study?
Or maybe there are some tests that can be done to know that the software is as secure as it can get? A thread like this may not get outdated that quickly.
What if we focused primarily with pros and cons of the web server itself (not compared to the others). Things like speed, security, ease of learning, stability, feature set. Sure it may change slightly over time, but the out-dated-“ness” will be fairly manageable.
Writing installation guides on the other hand would be a secondary goal considering the process doesn’t change frequently (or if we can find tools that make the job easy, we could always use Installation as a category with links pointing to those tools).
If we look at it this way, we should not shy away from doing topics that will help the hosting forum because they may get outdated, we should worry more about having a reliable process to keep such documentation updated
Yes security move very fast and it may be hard to keep up with this.
Yes this is a better idea. It leaves it up to members to make comparisons that best fit their requirements and will provide criteria that allows better decision making.
I think it might be helpful to use more images and screenshots especially for guides. I definitely understand that for a lot of topics, it isn’t necessarily required. However, for some problems like server configuration settings and docs, more images might be beneficial. I am just getting started on these forums, and I love them so far, but more images could help with clarification for some technical/complex threads.
