I've seen too many "Hosting Companies" these days who do hosting improperly. Hopefully, this guide would help new legit companies make themselves better.
Before you post your hosting company on the forum, ensure you have the following:
1) A ToS, AUP, Privacy Policy etc.
2) A fully and properly configured WHMCS or BoxBilling Installation (BoxBilling is cheaper, but most companies use WHMCS).
3) Fully configured website with no spelling or grammar mistakes. It really should not matter if you use "that template". Make sure you change your website to a custom coded one as soon as possible, you will seem more professional and you will get more customers.
4) A WHMCS template that matches your website template.
5) An EIN, this number is what you use to pay taxes to the IRS.
6) An LLC or some type of company, most hosts prefer an LLC as it is fairly easy, and it ensures that someone will not be able to sue you for your money and personal property because your company shut down or lost service, but they are able to sue your company for company resources, ie. company-owned servers etc.
7) Someone who is 18+ , it does not matter if your 12, 11, 13 etc. but you should include someone who is over 18 in your company. These people can help you with legal issues.
8) AT LEAST $1500. Without this kind of money, it is basically guaranteed that your company will die down immediately within a few months. This money will be used toward purchasing servers, multicraft licenses etc.
9) Properly configured Multicraft, preferably with a custom-designed theme.
10) Some sort of good support. You should be able to respond to tickets within a few hours. Generally, customers prefer not to wait more than 6 hours. If you are not able to do this, hire a support rep.
11) Get Zopim or some sort of live chat to assist existing customers and new customers.
12) [Optional] A mobile smartphone with data, to quickly answer support requests and e-mail.
13) Funding account, PayPal and some sort of Debit Card that allows direct deposit. Maybe even a bank account.
14) Linux-based web hosting, I prefer to use CentOS, because of it's speed.
15) Company e-mail account, ie. [email protected], don't use [email protected] any gmail.com e-mail. An easy way to do this is to use Google Apps for business or configure your own SMTP server.
16) A nice logo, preferably custom designed. The image aspect should have something to do with your company. Far too many companies cut out the rackhost logo and put their name in place of it.
17) Use an SSL certificate, no one likes having their passwords compromised.
18) Make sure your information is secure, don't make your root passwords "Ilikepie". Use .htaccess to protect sensitive web directories.
19) Learn all the features of multicraft - customers won't like a host if they don't know how to fix an error.
20) DONT LIE! Don't be ashamed if your hosting is not so good. Don't make up specifications about your server - too many people say they have 64 GB of RAM on an E3.
21) Know the difference between Gb/s and GB/s, it's not the same! 8Gb/s = 1 GB/s. Minecraft uses around 20 Mb/s at max.
22) Don't oversell, everyone hates it when they don't receive the RAM they pay for.
23) Make sure you leave RAM available for your OS! I usually leave 2-3 GB of RAM available, you should leave at least 1!
24) Host your servers on a server - this may seem silly but I have seen too many hosts who host a server on their home desktops.
25) Be active for your company - a hosting company is not something you can create and let it run, there are questions that need to be answered and orders that need to be processed.
26) Use automated setup, Please don't have someone email you before their server is set up, no one likes to wait.
27) When making your main MCF topic, please don't lecture customers into thinking your the best host, ie. "These days, hosts are just our for greed, but not us! We offer you premium services at the lowest prices!" Blah... Blah... Blah... Blah... Get to the point already!
28) Be nice to your customers, no one will go with a host who rages every second.
29) Br patient with your customers, a friendly host will make your customers feel welcome, they may even refer their friends, who will refer theirs, etc...
30) There is no such thing as unlimited disk space - either make a disk quota or post a fair-use policy.
Tips:
-Don't expect customers right away, I waited around 2 months before customers started coming in.
-Post every now and then on MCF, no one likes hosts who copy/paste replies to every topic on the hosting requests section. Only post on topics where you feel your host will be good for the customer.
*Still thinking of things to add to the list, reply below if you have something.*
Tips:
-Be nice to your customers, no one will go with a host who rages.
-Post every now and then on MCF, no one likes hosts who copy/paste replies to every topic on the hosting requests section. Only post on topics where you feel your host will be good for the customer.
Entirely agreed.. I don't get it but they do exists even though you shouldn't fuels the fire of a customer. I like to add also be patient and understanding to your customers. I don't go with people who say "we already told you!" Well sorry but we can't remember every single thing all the stinking time.
Entirely agreed.. I don't get it but they do exists even though you shouldn't fuels the fire of a customer. I like to add also be patient and understanding to your customers. I don't go with people who say "we already told you!" Well sorry but we can't remember every single thing all the stinking time.
Awesome finally someone get my points. The customers basically run your business because we supply you with the money to do so. So bottom line is that we output the money to you so you can keep your business as long you keep your promises. Thanks for adding those valuable points however I talked to some providers that says their disk space is "unlimited" because they are able to add more drives as needed so what about that to make it more like "unlimited"?
Awesome finally someone get my points. The customers basically run your business because we supply you with the money to do so. So bottom line is that we output the money to you so you can keep your business as long you keep your promises. Thanks for adding those valuable points however I talked to some providers that says their disk space is "unlimited" because they are able to add more drives as needed so what about that to make it more like "unlimited"?
There is always a maximum amount of hard drives a server can hold - especially with SSD. Most servers can only hold 4-8 hard drives , if you even use RAID 1, supposing you have 120 GB SSD's in each slot, you will only get about 450 GB of storage. Upgrading existing drives would mean some downtime. Still, I don't think they make SSD drives over 512 GB. Anyways, No one will probably use that space, but they can't possibly have truly unlimited storage without spending a few hundred thousand dollars on special equipment.
Thanks for the explanation and yep that is less likely to be used up so that how they can say it unlimited, but like you said there never going to be truly unlimited disk space ever.
There is always a maximum amount of hard drives a server can hold - especially with SSD. Most servers can only hold 4-8 hard drives , if you even use RAID 1, supposing you have 120 GB SSD's in each slot, you will only get about 450 GB of storage. Upgrading existing drives would mean some downtime. Still, I don't think they make SSD drives over 512 GB. Anyways, No one will probably use that space, but they can't possibly have truly unlimited storage without spending a few hundred thousand dollars on special equipment.
Where have you been? Crucial makes 960GB SSDs and Samsung makes "True 1TB" SSDs. And they're actually quite cheap for what they are.
Intel also offers their 910-Series, as well as the S3700 Enterprise-class series, with 100-800GB sizes available.
I'm not an guy who loves SSD's. I've heard that Crucial SSD's are probably not the best and Samsung SSD's will probably be expensive. And since most hosts rent, they won't have access to those kinds of storage.
I'm not an guy who loves SSD's. I've heard that Crucial SSD's are probably not the best and Samsung SSD's will probably be expensive. And since most hosts rent, they won't have access to those kinds of storage.
The Samsung 840 EVO SSDs are cheaper than most other SSDs on the market today...
Rollback Post to RevisionRollBack
Head of Operations - HostVenom, LLC dba Ready2Frag
I've heard that Crucial SSD's are probably not the best and Samsung SSD's will probably be expensive.
Crucial SSDs are alright - still a ton better than HDDs. I've got one in my computer from about three years ago when 64 GB at $80 was a good deal. It's still chugging along great. Samsung's Pro series SSDs are, of course, more expensive, because they are the single fastest consumer drives out there (not including enterprise orient drives like those of Fusion.io, which are truly incredible). Samsung's Evo series is more of an average performance, but, as Wyatt just mentioned above me, very cheap compared to other drives.
And since most hosts rent, they won't have access to those kinds of storage.
Yes, they will. Welcome to 2014. Terabyte SSDs now routinely sell for under $500; cheap, high-density SSD storage is very much in sight and nearly within the grasp of your average host.
17) Use an SSL certificate, no one likes having their passwords compromised.
18) Make sure your information is secure, don't make your root passwords "Ilikepie". Use .htaccess to protect sensitive web directories.
17.) Just because you are using SSL it does not mean that you are suddenly more secure. Sure, the data is being transmitted in a secure fashion between your server and the client's machine. However, SSL will do nothing to protect the data once it is stored on the server. You should be using strong, randomly generated passwords that are long, and complex enough that modern cracking machines would be unable to brute-force it.
Passwords might as well be stored in plain text if you are going to use a weak hashing key, or a weak hashing method. MD5 is absolutely not secure for storing passwords. If it is a quick hashing algorithm, its just as quick to decrypt.
18.) I guess I covered this in 17. .htaccess might prevent access to a directory through a browser, but it isn't going to stop someone who is already in your server.
If you really want to go the extra mile, consider something like Duo Two-Factor Authentication for SSH. In fact, use two-factor wherever possible for that extra level of security. Take it to the actual two-factor level and have a physical device that is not your phone that generate the codes.
Most importantly, ensure all other possible associated accounts are secure and have unique passwords. It can be just as devastating if someone gains access to your email account and damages your domain reputation, your reputation, or your companies. Oh, and on this note, make sure you actually set up email stuff correctly. Make sure your sending IP isn't blacklisted, and use DKIM for authentication and to prevent spoofing.
If you really want to go the extra mile, consider something like Duo Two-Factor Authentication for SSH. In fact, use two-factor wherever possible for that extra level of security. Take it to the actual two-factor level and have a physical device that is not your phone that generate the codes.
I think what you're referring to is SSH keys, not two factor authentication (which would be like sending a text message to your phone or using an app to generate login codes; definitely a good idea anyway, for sites like PayPal, Dropbox, Google, and so on). SSH keys should be used. Period. I would never use password authentication on any server. They take all of one minute to install, then another minute to disable password authentication in sshd_config, and that's it.
Never, ever, use password authentication when key-based authentication is available. If you're doing credit card processing on-site, the PCI standard does not allow password-based system, such as FTP (SFTP being the alternative), to even be installed on the system.
Passwords might as well be stored in plain text if you are going to use a weak hashing key, or a weak hashing method. MD5 is absolutely not secure for storing passwords. If it is a quick hashing algorithm, its just as quick to decrypt.
Well, sometimes... WHMCS and Multicraft both use MD5-based hashing systems. It really comes down to how you're hashing them. Both systems use salted MD5 hashes, which are significantly harder to break. Though if you're building a new system you should probably use a better algorithm (PHP55 has a nice function, password_hash, which should be blowfish based) MD5 solutions aren't terrible - it just matters how they're implemented.
Never, ever, use password authentication when key-based authentication is available. If you're doing credit card processing on-site, the PCI standard does not allow password-based system, such as FTP (SFTP being the alternative), to even be installed on the system.
Excellent point. Even for non-PCI systems this is a good idea. Also disable the root account and non-key logins.
WHMCS and Multicraft both use MD5-based hashing systems. -snip-
Yes, sometimes there are not options. However, whenever possible make sure you are using the best methods you can. Push the developers to implement better systems, or, if possible, implement such systems yourself.
Ah, interesting. That's a neat tool, though I think it's a bit redundant with SSH keys, and could make it hard for multiple people accessing a system. So a rather narrow use case. Something to keep in mind though.
Well written guide for newly started hosting companies, great job. I will take a few of these notes you have written into consideration with my hosting company.
To everyone who is thinking of making a hosting company - stop and think, do you really want to waste all your time and money on this? There are too many new "companies" popping up each day.
To MCF staff, you should make posting in the other hosts section harder. Maybe add an application which checks if the host has a decent website and looks legit. There are really too many "hosts" spawning up these days.
This section is for anyone to post about their hosting company. Anyone is able to post here and because of this we cannot provide any verification that they are a legitimate business.
If you deal with a host in this section it is at your own risk, we do not provide any assurances that you will receive the service you pay for.
Use of that section is at your own risk, we most likely will never force applications because that just creates even more work on our part, and implies that we have vetted the host, which we haven't.
I've seen too many "Hosting Companies" these days who do hosting improperly. Hopefully, this guide would help new legit companies make themselves better.
Before you post your hosting company on the forum, ensure you have the following:
1) A ToS, AUP, Privacy Policy etc.
2) A fully and properly configured WHMCS or BoxBilling Installation (BoxBilling is cheaper, but most companies use WHMCS).
3) Fully configured website with no spelling or grammar mistakes. It really should not matter if you use "that template". Make sure you change your website to a custom coded one as soon as possible, you will seem more professional and you will get more customers.
4) A WHMCS template that matches your website template.
5) An EIN, this number is what you use to pay taxes to the IRS.
6) An LLC or some type of company, most hosts prefer an LLC as it is fairly easy, and it ensures that someone will not be able to sue you for your money and personal property because your company shut down or lost service, but they are able to sue your company for company resources, ie. company-owned servers etc.
7) Someone who is 18+ , it does not matter if your 12, 11, 13 etc. but you should include someone who is over 18 in your company. These people can help you with legal issues.
8) AT LEAST $1500. Without this kind of money, it is basically guaranteed that your company will die down immediately within a few months. This money will be used toward purchasing servers, multicraft licenses etc.
9) Properly configured Multicraft, preferably with a custom-designed theme.
10) Some sort of good support. You should be able to respond to tickets within a few hours. Generally, customers prefer not to wait more than 6 hours. If you are not able to do this, hire a support rep.
11) Get Zopim or some sort of live chat to assist existing customers and new customers.
12) [Optional] A mobile smartphone with data, to quickly answer support requests and e-mail.
13) Funding account, PayPal and some sort of Debit Card that allows direct deposit. Maybe even a bank account.
14) Linux-based web hosting, I prefer to use CentOS, because of it's speed.
15) Company e-mail account, ie. [email protected], don't use [email protected] any gmail.com e-mail. An easy way to do this is to use Google Apps for business or configure your own SMTP server.
16) A nice logo, preferably custom designed. The image aspect should have something to do with your company. Far too many companies cut out the rackhost logo and put their name in place of it.
17) Use an SSL certificate, no one likes having their passwords compromised.
18) Make sure your information is secure, don't make your root passwords "Ilikepie". Use .htaccess to protect sensitive web directories.
19) Learn all the features of multicraft - customers won't like a host if they don't know how to fix an error.
20) DONT LIE! Don't be ashamed if your hosting is not so good. Don't make up specifications about your server - too many people say they have 64 GB of RAM on an E3.
21) Know the difference between Gb/s and GB/s, it's not the same! 8Gb/s = 1 GB/s. Minecraft uses around 20 Mb/s at max.
22) Don't oversell, everyone hates it when they don't receive the RAM they pay for.
23) Make sure you leave RAM available for your OS! I usually leave 2-3 GB of RAM available, you should leave at least 1!
24) Host your servers on a server - this may seem silly but I have seen too many hosts who host a server on their home desktops.
25) Be active for your company - a hosting company is not something you can create and let it run, there are questions that need to be answered and orders that need to be processed.
26) Use automated setup, Please don't have someone email you before their server is set up, no one likes to wait.
27) When making your main MCF topic, please don't lecture customers into thinking your the best host, ie. "These days, hosts are just our for greed, but not us! We offer you premium services at the lowest prices!" Blah... Blah... Blah... Blah... Get to the point already!
28) Be nice to your customers, no one will go with a host who rages every second.
29) Br patient with your customers, a friendly host will make your customers feel welcome, they may even refer their friends, who will refer theirs, etc...
30) There is no such thing as unlimited disk space - either make a disk quota or post a fair-use policy.
Tips:
-Don't expect customers right away, I waited around 2 months before customers started coming in.
-Post every now and then on MCF, no one likes hosts who copy/paste replies to every topic on the hosting requests section. Only post on topics where you feel your host will be good for the customer.
*Still thinking of things to add to the list, reply below if you have something.*
Contact me at [email protected]
Entirely agreed.. I don't get it but they do exists even though you shouldn't fuels the fire of a customer. I like to add also be patient and understanding to your customers. I don't go with people who say "we already told you!" Well sorry but we can't remember every single thing all the stinking time.
I added that
Also added a few more steps
Contact me at [email protected]
Awesome finally someone get my points. The customers basically run your business because we supply you with the money to do so. So bottom line is that we output the money to you so you can keep your business as long you keep your promises. Thanks for adding those valuable points however I talked to some providers that says their disk space is "unlimited" because they are able to add more drives as needed so what about that to make it more like "unlimited"?
There is always a maximum amount of hard drives a server can hold - especially with SSD. Most servers can only hold 4-8 hard drives , if you even use RAID 1, supposing you have 120 GB SSD's in each slot, you will only get about 450 GB of storage. Upgrading existing drives would mean some downtime. Still, I don't think they make SSD drives over 512 GB. Anyways, No one will probably use that space, but they can't possibly have truly unlimited storage without spending a few hundred thousand dollars on special equipment.
Contact me at [email protected]
Where have you been? Crucial makes 960GB SSDs and Samsung makes "True 1TB" SSDs. And they're actually quite cheap for what they are.
Intel also offers their 910-Series, as well as the S3700 Enterprise-class series, with 100-800GB sizes available.
Contact me at [email protected]
The Samsung 840 EVO SSDs are cheaper than most other SSDs on the market today...
What... how do you... I don't even... I don't like modern technology either. To the stone age of tape drives and punchcards we go!
Crucial SSDs are alright - still a ton better than HDDs. I've got one in my computer from about three years ago when 64 GB at $80 was a good deal. It's still chugging along great. Samsung's Pro series SSDs are, of course, more expensive, because they are the single fastest consumer drives out there (not including enterprise orient drives like those of Fusion.io, which are truly incredible). Samsung's Evo series is more of an average performance, but, as Wyatt just mentioned above me, very cheap compared to other drives.
Yes, they will. Welcome to 2014. Terabyte SSDs now routinely sell for under $500; cheap, high-density SSD storage is very much in sight and nearly within the grasp of your average host.
17.) Just because you are using SSL it does not mean that you are suddenly more secure. Sure, the data is being transmitted in a secure fashion between your server and the client's machine. However, SSL will do nothing to protect the data once it is stored on the server. You should be using strong, randomly generated passwords that are long, and complex enough that modern cracking machines would be unable to brute-force it.
Passwords might as well be stored in plain text if you are going to use a weak hashing key, or a weak hashing method. MD5 is absolutely not secure for storing passwords. If it is a quick hashing algorithm, its just as quick to decrypt.
18.) I guess I covered this in 17. .htaccess might prevent access to a directory through a browser, but it isn't going to stop someone who is already in your server.
If you really want to go the extra mile, consider something like Duo Two-Factor Authentication for SSH. In fact, use two-factor wherever possible for that extra level of security. Take it to the actual two-factor level and have a physical device that is not your phone that generate the codes.
Most importantly, ensure all other possible associated accounts are secure and have unique passwords. It can be just as devastating if someone gains access to your email account and damages your domain reputation, your reputation, or your companies. Oh, and on this note, make sure you actually set up email stuff correctly. Make sure your sending IP isn't blacklisted, and use DKIM for authentication and to prevent spoofing.
I think what you're referring to is SSH keys, not two factor authentication (which would be like sending a text message to your phone or using an app to generate login codes; definitely a good idea anyway, for sites like PayPal, Dropbox, Google, and so on). SSH keys should be used. Period. I would never use password authentication on any server. They take all of one minute to install, then another minute to disable password authentication in sshd_config, and that's it.
Never, ever, use password authentication when key-based authentication is available. If you're doing credit card processing on-site, the PCI standard does not allow password-based system, such as FTP (SFTP being the alternative), to even be installed on the system.
Well, sometimes... WHMCS and Multicraft both use MD5-based hashing systems. It really comes down to how you're hashing them. Both systems use salted MD5 hashes, which are significantly harder to break. Though if you're building a new system you should probably use a better algorithm (PHP55 has a nice function, password_hash, which should be blowfish based) MD5 solutions aren't terrible - it just matters how they're implemented.
Nope, I meant SSH based Two-Factor auth. Check out https://www.duosecurity.com/unix
Excellent point. Even for non-PCI systems this is a good idea. Also disable the root account and non-key logins.
Yes, sometimes there are not options. However, whenever possible make sure you are using the best methods you can. Push the developers to implement better systems, or, if possible, implement such systems yourself.
Ah, interesting. That's a neat tool, though I think it's a bit redundant with SSH keys, and could make it hard for multiple people accessing a system. So a rather narrow use case. Something to keep in mind though.
Thanks!
Contact me at [email protected]
in my defense i say they should
(Few grammer mistakes read it over and you'll catch em)
#Quote me for a reply
What I said was that some hosts are saying they have 64 GB of RAM on an E3
Contact me at [email protected]
To MCF staff, you should make posting in the other hosts section harder. Maybe add an application which checks if the host has a decent website and looks legit. There are really too many "hosts" spawning up these days.
Contact me at [email protected]
— A note to users -- what are "other hosts"
Use of that section is at your own risk, we most likely will never force applications because that just creates even more work on our part, and implies that we have vetted the host, which we haven't.