Can someone gives me few lists of php shared server web hosting sites in terms of
1: Security
2: Reliability
3: Tested and Trusted
Thank You
Printable View
Can someone gives me few lists of php shared server web hosting sites in terms of
1: Security
2: Reliability
3: Tested and Trusted
Thank You
I don't know how you will get a fair, broad comparison here. The best advice I have for you is to search for information on the topic-- if you don't find broad comparisons, then you can certainly find reviews for specific hosts.
I've used a few hosts and never had major problems in those areas. Reliability is usually 95%+ uptime, for most hosts 99%. Security concerns are usually minimal, although there are some inherent flaws in shared hosting so use a dedicated server if that is crucial for you.
The only problem I've had is inconsistent, slow or inexperienced tech support. But still, it usually works out. You can find reviews that discuss that aspect, I'm sure.
[Note: I'm assuming you're talking about paid hosting. Free accounts are much more likely to be problematic, not that all are bad.]
As one example, I use GoDaddy and I'm happy with it. I have had some problems with their tech support though. (One time when upgrading they lost all of my files and it took over a week for someone to go in the back room and get them off of their backup drives and reset everything. Nothing was lost permanently.) I don't get the impression that tech support other places is all that much better always, though.
In the end, it basically comes down to price. Find a price you're happy with and then check some reviews.
what about hostgator and bluehost, is there shared host secured. i googled that most of their linux shared server kernel has global HOMEDIR/public_html privileges that allows other users residents on your server to acess someone php files. Can it be true
thanks
That is in general a problem for shared hosting. I don't know exactly what precautions those hosts have in place, but that's the main issue. On the other hand, the other user must have an account anyway, so it's not like anyone in the world can access your files (unless they hack into someone else's account). If you need complete security, get a private server, but that will be more expensive.
1: I think if the server runs mod_security, mode_evasive and suphp, files permissions settings to 644 or 600,this issues of users on shared server accessing other users files will be resolved.
2: I also think that shared host will be extremely secured on the server side if one can disable some of linux executing commands using php.ini as follows
disable_functions=Is,cd,pwd,cat,cut,find,grep,locate,tail,ln,whereis,which,env,export,help,Ls,man,whatis,useradd,usermod,userdel,groupadd,groupmod,groupdel,gpas swd,newgrp,su,passwd,chmod,umask,chown,chgrp,cp,diff,file,mkdir,info,whoami,sudo,mv,rm,rmdir,touch,du,df,telnet
Is the above the right way to disable those linux functions so that users will be crippled when they try to hact you using the above command. I am concern about executing this functions by users resident in my servers to access my php codes.
I also have 200+ php functions to be disabled like exec, readfile,wgets,init_set, shell_exec and many more.
1. Buy hosting in your own country / province / state.
This then gives you as a consumer access to Consumer Rights like trading standards. If I bought hosting from a US provider and something happened, they didn't resolve the matter, I have no legal recourse because trading standard in the UK does not have any powers in the US and likewise the alternative. So buying in your own country is of some importance from a legal stand point.
2. Shared hosting is dependent on your provider, a centralized service is more prone to operational issues as opposed to a distributed service.
For example, the web host I use may have an office in London but the server farm is less than half a click from my front door and they have access to placing the server in a farm where ever I move to.
3. Tried and trusted, you need to do your home work because you will meet people who have used services for years without a problem and people who have tried a service and would advise against it. I tried three web hosts and settled on the third and have been with them nearly 10 years, the first two were (and I don't mind posting here because they are renowned for slack and sloppy service) streamline.net, fasthosts.net both of these companies are more interested in your money than service, fasthosts bought streamline a few years ago but both companies were fogue back then before their paths crossed.
Basically the rule of thumb is this, don't believe the advertising promises or even more importantly the testimonials which are often fabricated in any case, its an old marketing trick that companies would have you believe that they offer the best. Companies blow their own trumpets that "We are best" so don't believe that either. A company that doesn't need to advertise, offer testimonials or make a song and dance about how good they are would be one to put on a short list.
One that you missed off as well....
4. Windows Vs Linux -- this really is simple, Linux, not only is it cheaper but you get the bells and shistles that you will need, it is far more secure than a Windows set up that you often have to pay extra for the things you need like chronjobs, shell scripts and SQL databases, etc.
To give you a bench mark...
My web host company uses decentralized services that are distributed up and down the UK, the servers are Linux (could have windows if I wanted) I have as many email addresses as I want, as many SQL databases as I want, as much bandwidth as I need, as much traffic as I need, as much web server space as I want... domain name included and for £30 a year which is about $50 ~ish a year, if your host you are looking at is after a monthly recurring fee, then chances are you are going to be paying lots more than £30 a year for all you need.
Whilst the host I use is shared server space, you do not notice anything different.
Thank you on this as i have decided to go by hostgator.com. any issues with them.
Again i need clarification on this below
1: I think if the server runs mod_security, mode_evasive and suphp, files permissions settings to 644 or 600,this issues of users on shared server accessing other users files will be resolved.
2: I also think that shared host will be extremely secured on the server side if one can disable some of linux executing commands using php.ini as follows
disable_functions=Is,cd,pwd,cat,cut,find,grep,locate,tail,ln,whereis,which,env,export,help,Ls,man,whatis,useradd,usermod,userdel,groupadd,groupmod,groupdel,gpas swd,newgrp,su,passwd,chmod,umask,chown,chgrp,cp,diff,file,mkdir,info,whoami,sudo,mv,rm,rmdir,touch,du,df,telnet
Is the above the right way to disable those linux functions so that users will be crippled when they try to hact you using the above command. I am concern about executing this functions by users resident in my servers to access my php codes.
I also have 200+ php functions to be disabled like exec, readfile,wgets,init_set, shell_exec and many more.
Thank You
They'll be fine, as long as you don't need to rely too heavily on tech support. If you can find your way around a webserver, and don't care too much which programs/versions are installed, you'll be fine.Quote:
Originally Posted by mutago
Nope. The problem with shared servers stems from the fact that everyone runs under the same user (i.e., "apache" or "www-data" or whatever). Running every site under a unique linux user would solve a lot of security problems, but this would impact how many accounts a webhost could stuff into each machine (there are often a thousand or more per physical box). I don't know of any host that does this (they'll skip straight from shared hosting to VPS instead).Quote:
Originally Posted by mutago
You are unlikely to find a shared host that will disable specific commands for you, simply because it would affect all the other users on the server as well. You can do it yourself, of course (from php.ini), but it's just a matter of deleting that file and they're all enabled again. (Also, note that some of those commands are likely to be disabled already, but not others.)Quote:
Originally Posted by mutago
Further, while php is often a "way in" for malicious users (because it is so prevalent, and has many users at a beginner-to-intermediate skill level, and has a huge amount of old/outdated/plain ol' bad programs in wide use), there are plenty of other ways to actually do stuff once you're "in." If you're using another language, it doesn't matter which php functions are disabled.
In short, no, a shared server will never be "secured."
Spend the money for a [virtual] private server. Make sure you know how to secure it. It's the only solution.Quote:
Originally Posted by mutago
Someone mentioned about seeing other users scripts, if you can then ditch them because you have no security and leaving you to secure something that should be secured is just cheap and sloppy service.
I had this issue with streamline.net, my htdocs folder was deleted, something that I couldn't do and it took nearly 3 months for them to decide that I had deleted the folder that I had no permissions to delete.
Having looked at hostgator, its one of those who has a recurring monthly fee... blowing their own trumpet and all that... you may well have just gone and signed up with godaddy or one of the other so called majors.
good luck.
Thank you so much.
1: You see my problem is the storage space. assuming someone wants to build a site like facebook or twitter for social gathering where files,images,videos will be uploaded, you can see that it will require larger or unlimited space since all those files will be stored in a folder.
2: Is it ok to save the images,files and videos to database, won't it cause recovery headache
3: Is there anyway to be able to delete files that is older lets say 3odays from the folder or directory automatically
4: considering the site to be built, what are suggestions.
thank you
Websites such as these all run on Dedicated Servers (normally Cloud Based systems) where there is no software defined storage limit. The only limit they have is how much their hardware can physically store (including backups, etc.)Quote:
1: You see my problem is the storage space. assuming someone wants to build a site like facebook or twitter for social gathering where files,images,videos will be uploaded, you can see that it will require larger or unlimited space since all those files will be stored in a folder.
Generally yes it is ok, as long as you keep everything well maintained with backups, etc.Quote:
2: Is it ok to save the images,files and videos to database, won't it cause recovery headache
All large companies store this data in some form of database system (I believe at least). However to answer your question you could run a cron job to loop thorugh the folder and check the file's last edit date (e.g. in PHP there's a function called filemtime())Quote:
3: Is there anyway to be able to delete files that is older lets say 3odays from the folder or directory automatically
If you want a fast multi-server system to store images, etc. look into Cassandra and things like that. Here's a stack question that talks about this a bit. But be realistic, it just isn't possible for 99.9% percent of the programming population out there to build a complex website such as facebook or google on their own.Quote:
4: considering the site to be built, what are suggestions.
thank you
actually, it can make recovery easier, because all your data is in the same place and is easier to backup (or, in cases where the DB is on a different server than your scripts, then it doesn't need to recovered at all).Quote:
Originally Posted by mutago
The "trick" is to not have to query the DB every time you want to, e.g., serve a video. I haven't got this "down" yet, but the general idea is like so:
1. "THE content" is what's in the DB.
2. Set up a folder on your website to "cache" copies of the content in a place that is accessible to the web.
3. Your webpages ask for the content from your "cache" folder.
a. if a copy of the content is in the cache folder, just use it; don't bother the DB.
b. if the content isn't there, ask the DB for a copy (e.g., by using mod_rewrite to call a script).
... The script gets the content from the DB, and also creates a copy in the cache folder so it'll be there next time.
As @keyboard pointed out, it's a very big task. You have a big learning experience in front of you—which is cool, but if you just "need it done," you might need to look for an alternate solution (find similar, existing software; or hire someone).Quote:
Originally Posted by mutago
final questions:
1: If i upload a file size of 60mb to database and tries to recover it, I think the recovered files will be/occupied 60mb space of the HDD as well.(space issue)
2: From Ur expertise, you suggested that storing and retrieving images from database is a good option without crahing mysql server right.
3: I googled and discovered that dream host offers unlmited space and bandwidth on VPS. Is Dreamhost VPS servers secured just like venerable Godday VPS which offers a limited space
4: What the reasons for preferring VPS to shared web host based on security concept and server management
Forgive me for asking too much, Am just paranoid
Thank You
Shared hosting is very limited in what it provides you. You only have access to the programs installed by your host. A VPS gives you superuser access to the operating system (e.g. you have full access to the server to install whatever you want).Quote:
4: What the reasons for preferring VPS to shared web host based on security concept and server management
Also, shared accounts are run off the same server as many others shared accounts, meaning you have to share system resources. With a VPS you still have this problem, but to less extent as you have more resources dedicated to your installation.
There is a massive downside to a VPS though: you have to know how to use the server's operating system. With shared hosting you just have to upload files and do some basic admin stuff; with a VPS you have to run everything (security, server software) (unless you get a managed package which some companies do provide)
Yes, you will use the space in the DB as well as whereever you "cache" the file. If you're limited on space, it might be better to not store them in the DB. You might also consider using a secondary DB for media.Quote:
Originally Posted by mutago
For shared hosting, however, none of it is really an option anyway. Most (all that I know of) hosts don't allow you to do resource-intensive operations on the database, which I'm sure would include storing lots of media.
MySQL can handle it fine, yes. The only issue is if you have the space. It would work out better if your DB was hosted locally, as well.Quote:
Originally Posted by mutago
"Unlimited" does not mean "unlimited." It means "we're not advertising a specific limit." There will always be limits, and you'll always be throttled or told to upgrade plans if you exceed them. Most hosts stopped advertising their limits because they just cause worry, even though 9 out of 10 customers would never get near hitting them anyway.Quote:
Originally Posted by mutago
This will hold true for a VPS.
(As an aside, GoDaddy is not a "venerable" web host. They're a horrible company. They are apparently under new management and have been trying to improve their image in the developer community, but I'll believe it when I see it.)
Security, and the convenience of managing your own machine. As @keyboard said, you'll have to be comfortable handling that.Quote:
Originally Posted by mutago
Thank you all, am still on research and i will get back soon to tender my findings on the development
Why reinvent the wheel, even if its not exactly well rounded, maybe a bit lumpy in parts...Quote:
Originally Posted by mutago
Why reinvent the image hosting service wheel...Quote:
Originally Posted by mutago
is it 3 days or 30 days? And why would you want to be deleting files older than x days if you are building a social site? The general idea of those sites is to keep media, sorry, content because they can earn a living off itQuote:
Originally Posted by mutago
Look at what is already available and ask yourself a question, what will you be bringing that will be any different, unique to what is already present and will all your hard work be in vein trying to chase that elusive dollar... Don't believe the Facebook story, Zuccerberg had help with capital and he like Edison didn't build a thing, Facebook was an idea like Microsoft was based on Steve Jobs Apple software, all the biggies in history have plagiarized or stole others work or ideas. Facebook is nothing more than a web forum software that has been modded to hell and back.Quote:
Originally Posted by mutago