• Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net
managed wordpress hosting

Bye-Bye to Free Hosting

H

HostCliff

New Member
HostCliff has given up on free hosting due to the excessive amounts of abuse and stress it has given me. I mean, yeah, a free host will eventually get DDoS and abuse but not this much.

HostCliff users will be transferred to our premium server, hostwire.me.

Sayonara guys.

I guess I still have alot to learn in server security.
 
Did you just begin services this last month? Whois on domain shows June 8th? That didn't take long. Free hosting can be a -----.
 
umm domains keep changing and really quick. He gave me bad rep for asking about it the last time. But this seems kind of odd.
 
JJW said:
umm domains keep changing and really quick. He gave me bad rep for asking about it the last time. But this seems kind of odd.
Click to expand...

I never gave anyone a bad rep as far as I can remember.

@Matt, we were previously planet-free.info

I'd actually refer my clients to SeraphimLabs, since I see that the owner is very kind and is active on these forums, and kudos to Seraphim for that. However my clients really prefer cPanel so I decided to put them on our premium server hosted by hostwire.me.
 
Last edited:
Instead of stopping your free hosting why not improve on your security. I find no mater if a client has free or paid hosting there will always be a security risk.
 
@HostCliff,
learn from mistakes, and try ur best to maintain it.
from failure, you can actually learn a lot.
so i think you should try ur best to practice with the current issues u have now.
it is quite a good testbed for ur knowledge anyway...
 
Sorry, you arent going to get any sympathy here.

What did you expect was going to happen when you offer 5-17 GB space and god knows how much transfer? Create plans that will be suitable for 99% of real websites out there instead of inviting people to host warez and porn regardless of if you state in your TOS. 250-500mb space and 5-10GB transfer is more then enough for personal websites and most clan sites.

Even less can be given on startup (100mb space and 3gb transfer), with additions to the account as needed.

Now I dont claim to know anything on security of hosting, but as suggested beef what you have. Honestly I have only read that your host was attacked recently (maybe mzwaf or whatever his name was), so I am sure if you ask what steps to take someone can help you.

Thats my 2 cents.
 
Thanks for everyone's feedback. One more reason I am stopping my services is that I have no more time to manage and yeah, the plans were somewhat high. I want a time off from hosting for awhile, and before I open, I'll make sure I tested and secured everything first.
 
I have decided to resume p2h services, but on lower packages this time. I realized the domain will not be used and its registered for one year, so its a waste of money not being used. I'll also try to recover from a bad reputation..

Thanks for your tips everyone, and I understand if my previous members do not want to re-register
 
The Personal VPS I have has space for like 500 users, I could make a free host but I have been there done that and cant be assed with the abuse of it again.

Yes, its a real pain to be a free host and you end up getting noting in return except hosting a heap of ppl that don't even respect you, so I host a few people, who I pick randomly out of the applications that I get in PM.

Have not found one abuser yet :D - This way I give to deserving people and ignore the abusers...
 
lorrainebiggs said:
Hmm free web hosting is really not relaible at all now i feel
Click to expand...

Depends on what you are looking for. If you are like the majority of people that have personal site, like a fansite of a video game, you do not need the enormous offers that some hosts put out. What free website for personal use will need 150GB space and a TB of transfer? None, unless you are planning on hosting warez or porn movies which are both against 99% of hosts TOS.

I was like that when I first looked for hosting. I thought that the 50GB/unlimited transfer was for me. Well when I bounced from host to host and saw I only needed like 200 MB space and a few GB transfer I adjusted my search accordingly. I have been hosted by Namepad for about 2 or so years and have not had a problem with their service at all.

In conclusion, find a host that suits your actual needs and not one that advertises ridiculous amounts of space and transfer, especially when they just started up and have no clue on the aspects of webhosting.

I will await the - rep, though you know deep down what I say is true :p
 
You should have put apache on a timer to restart to flush anything out in the event of an attack.Or use a second robust server to handle DDOS attacks.(Fliters)
 
lorrainebiggs said:
Hmm free web hosting is really not relaible at all now i feel
Click to expand...

Not all, I know a few free hosts that have been going for over 8 years.

HostCliff said:
I have decided to resume p2h services, but on lower packages this time. I realized the domain will not be used and its registered for one year, so its a waste of money not being used. I'll also try to recover from a bad reputation..

Thanks for your tips everyone, and I understand if my previous members do not want to re-register
Click to expand...

Glad to see your not giving up. Good luck and all the best. :classic2:
 
Abuse is a real problem lately. It's to the extent that I have actually disabled all forms of PHP mail and php socket capabilities on my new accounts so that if any abuse does get past my screening process the worst they can do is waste their quota of bandwidth or hog the CPU- which would be quickly noticed. So far it has been effective, the only issue I've had since then was someone's account got suspended for illegal software and I was very promptly DDoS'd for a few minutes over it.

Though the way I do things is when I see that a new account has gotten valid content loaded and shows no signs of abuse, I will then restore their account's PHP.ini to the master copy that has all features available.

Doing it that way kills the automated spam outright, while legitimate users will usually send a support ticket asking about the disabled features if I don't notice right away that they've got a site set up that needs it.

I have noticed though that a lot of hosts that were previously big on free hosting are dropping their free plans entirely. Is it really that hard to break even with it?

And thanks for the referrals if any do come over. As much as people are afraid of Virtualmin because it's different from cpanel, it is still a very powerful system capable of a lot of features that other panels don't have. Plus I've been writing custom features for mine to add back what is missing relative to other panels.
 
Last edited:
Seraphim said:
Abuse is a real problem lately. It's to the extent that I have actually disabled all forms of PHP mail and php socket capabilities on my new accounts
Click to expand...

No need to totally disable PHP mail, just restrict it - it's very affective. Also, use mod_security with a strong rule set - it will block *most* nasty scripts before they can even do anything.

As to PHP mail, I limit the sending of non SMTP mail in the following ways. Mail must be from domains that are actually on the server. Mail is rate limited to 5 per minute (anything over that get's frozen in the queue for an hour giving it time to be manually reviewed when the warning goes out due to the rapid growth of the queue. And mail is limited to 10 batch recipients.

Of course all of that requires custom ACL's, but worth the time if you're in free hosting.
 
jphilipson said:
No need to totally disable PHP mail, just restrict it - it's very affective. Also, use mod_security with a strong rule set - it will block *most* nasty scripts before they can even do anything.

As to PHP mail, I limit the sending of non SMTP mail in the following ways. Mail must be from domains that are actually on the server. Mail is rate limited to 5 per minute (anything over that get's frozen in the queue for an hour giving it time to be manually reviewed when the warning goes out due to the rapid growth of the queue. And mail is limited to 10 batch recipients.

Of course all of that requires custom ACL's, but worth the time if you're in free hosting.
Click to expand...

Worth looking into as it would help harden things up further. I have considered a configuration that will deny mail from any domain not currently hosted, but the problem with this is forum scripts typically use the administrator's email as their from address, and more often than not the account used for that is a free email like a gmail or hotmail instead of one using their own name. Custom ACLs could be configured once in the account templates and then automated fairly easily with the panel I am using.

Though so far switching the PHP.ini like that is completely effective at stopping the most common abuse- spam mail. It simply will not allow any functions that could be used to generate spam or bypass the restrictions to be used until I switch the template's restricted PHP.ini with the all-enabled master php.ini that my own site uses.

The reason being is legitimate users will send a support ticket when they notice the restricted features affecting their site, to which I will explain the reason why that happened, inspect their site, and apply the corrected file if it checks out. Abusive users will quietly attempt to send spam but have it completely denied, which results in an account that appears to be fully inactive and is eventually disabled if they do not respond to messages of any kind asking if they require setup assistance.

I have tried rate limiting my mail server before, but find that it hinders legitimate use and even a conservative limit in the presence of an active spammer is still ineffective at keeping downstream servers from refusing mail from mine. I depend on my mail server as it is crucial to my billing and support systems, so it's better to keep it as clean as possible by not letting spam enter in the first place where it can be prevented.
 
Last edited:
Seraphim said:
but the problem with this is forum scripts typically use the administrator's email as their from address, and more often than not the account used for that is a free email like a gmail or hotmail instead of one using their own name.
Click to expand...

Yeap, run into that problem a lot - but good users will read the documentation, spammers just give up and move on. The way I have it setup is the rules only affect non-smtp methods. So if you switch your forum to SMTP instead of PHP mail for example, then there is no problem.

What SMTP server does your setup use anyway?
 
Last edited:
Thanks everyone.

@Seraphim, yeah, most users don't like the idea of Virtualmin cause they don't know it that much. Before I did a survey if I can switch my cPanel users (shared) to VirtualMin, they liked the idea but they didn't like the interface cause its too confusing...

@everyone else, I just finished updating everything, main site is hosted on a separate server, and hosted sites on another one. Also, all my packages now start from 500MB Space and Bandwidth, my users could just send me a PM to request to increase their quota as needed.

Thanks everyone.
 
You must log in or register to reply here.
Back
Top