|
nescience posted:Any recommendations on a place to get cheap SSL certificates? Ones that won't make browsers go all apeshit saying it's not a valid certificate? (hence why I'm not using self-generated certs) SSL2Buy were reselling AlphaSSL wildcard certs for ~$50/yr with a 30% discount code. It's nice being able to use the same cert for home router & VPS.
|
# ? May 10, 2013 06:50 |
|
|
# ? May 31, 2024 20:05 |
|
Cloud66 has a big hack/leak and is hosed right now: https://twitter.com/cloud66 quote:Today we had a major service incident on our site. As a result of this incident some of our customers lost their virtual servers.
|
# ? May 10, 2013 13:31 |
|
CloudFlare are going to roll out free SSL this summer (source) I'm slightly unsure how they are going to do this but it's very interesting
|
# ? May 10, 2013 19:35 |
|
Anyone have any experience with Digital Ocean? The prices seem too good without some huge catch.
|
# ? May 10, 2013 21:58 |
|
They had a $20 credit some while back that I jumped on. Price is reasonable and the setup is pretty simple. I like it though I've shut my VPS down. Going with a super cheap throw away VPS until I want something more serious.
|
# ? May 10, 2013 23:14 |
|
Jerry SanDisky posted:Anyone have any experience with Digital Ocean? The prices seem too good without some huge catch. I use it for screen/irssi (basically an IRC shell) and the connection is pretty stable, goes a couple weeks without disconnecting. I've had it for 4-5 months.
|
# ? May 10, 2013 23:25 |
|
Jerry SanDisky posted:Anyone have any experience with Digital Ocean? The prices seem too good without some huge catch. Reviews seem mixed, they have a lot of venture capital backing and you should be able to get some free credit to try it out, also you may have to contact support to get virtio enabled, for some reason
|
# ? May 10, 2013 23:41 |
|
Looks like the LiteSpeed web server now has an open-source version called OpenLiteSpeed, if anyone is interested.
|
# ? May 10, 2013 23:46 |
|
So... trying to expand my horizons, and I'm playing around on a WinServer/IIS . Anyone have a clue on how to import a SSL certificate? I installed my cert through the wizard, and added it to my Personal store, but I don't see it when I try to add it to a HTTPS binding. I'm using Windows Server 2012 w/ IIS 8
|
# ? May 11, 2013 06:37 |
|
Jerry SanDisky posted:Anyone have any experience with Digital Ocean? The prices seem too good without some huge catch. The prices seems about normal, I've been seeing better deals for lower prices than DigitalOcean on LEB(granted the quality might not be the best), maybe all of this is due to AWS dropping their prices?
|
# ? May 11, 2013 06:41 |
|
text editor posted:Looks like the LiteSpeed web server now has an open-source version called OpenLiteSpeed, if anyone is interested. Interested until I read ".htaccess file compatibility, and page caching will remain commercial-only." It's such a chore to google the nginx equivalents of rewrite rules; probably my only complaint about nginx.
|
# ? May 11, 2013 08:03 |
|
Nevermind I'm figuring out a different way to do this.
Shadowstar fucked around with this message at 15:22 on May 11, 2013 |
# ? May 11, 2013 14:52 |
|
nescience posted:So... trying to expand my horizons, and I'm playing around on a WinServer/IIS . Anyone have a clue on how to import a SSL certificate? I installed my cert through the wizard, and added it to my Personal store, but I don't see it when I try to add it to a HTTPS binding. When you say you installed it through the wizard, are you talking about "Complete Certificate Request" in IIS Manager -> Server Certificates? (Or "Import...." if you're trying to import a pre-existing cert instead of a new one from a request created by that IIS install). If so, that always worked in previous versions, but I haven't played with IIS8 much.
|
# ? May 11, 2013 17:51 |
|
rawrr posted:Interested until I read ".htaccess file compatibility, and page caching will remain commercial-only." It's such a chore to google the nginx equivalents of rewrite rules; probably my only complaint about nginx. This means .htaccess file compatibility. As in, .htaccess files in folders in filesystem. You can still paste the contents of .htaccess into Litespeed's panel and it will parse the apache version just fine.
|
# ? May 11, 2013 22:13 |
|
rawrr posted:Interested until I read ".htaccess file compatibility, and page caching will remain commercial-only." It's such a chore to google the nginx equivalents of rewrite rules; probably my only complaint about nginx. Theres a couple places that help with converting to nginx format: http://www.anilcetin.com/ http://winginx.com/htaccess Those can sometimes generate inefficient results, though they work.
|
# ? May 12, 2013 20:31 |
|
Just saw this while browsing Google's Developer Blog and thought it sounded interesting: Speed up your sites with PageSpeed for Nginx Jeff Kaufman, Software Engineer posted:When we released mod_pagespeed in 2010, we gave webmasters a way to speed up their sites without needing to become web performance optimization experts. As an Apache module, however, it was unavailable to sites running Nginx, the popular high performing open source web server that powers many large web sites. Today that changes: we're releasing PageSpeed Beta for Nginx, aka ngx_pagespeed. http://googledevelopers.blogspot.com/2013/04/speed-up-your-sites-with-pagespeed-for.html https://developers.google.com/speed/pagespeed/ngx
|
# ? May 13, 2013 02:18 |
|
I assume having an SSL certificate is pretty important for my VPS. I have resold some hosting from it to my friends and they have asked why they were getting a browser message about my site not having a proper SSL certificate. If I was actually selling webhosting for real, it would be a big deal not having an actual certificate, right? edit: by SSL cert, i was thinking of doing the $1.99 positiveSSL cert here http://www.namecheap.com/ssl-certificates/exclusive-positive-ssl-offer.aspx
|
# ? May 13, 2013 18:26 |
|
Stealthgerbil posted:I assume having an SSL certificate is pretty important for my VPS. I have resold some hosting from it to my friends and they have asked why they were getting a browser message about my site not having a proper SSL certificate. If I was actually selling webhosting for real, it would be a big deal not having an actual certificate, right? Are they entering any secure data into your non protected site? You shouldn't need a real cert if they're redirected to your merchant's cart which has real ssl to take their info securely. Considering how certs are cheap, if you have the dedicated ip to spare, won't hurt in getting one.
|
# ? May 13, 2013 18:28 |
|
Stealthgerbil posted:I assume having an SSL certificate is pretty important for my VPS. I have resold some hosting from it to my friends and they have asked why they were getting a browser message about my site not having a proper SSL certificate. If I was actually selling webhosting for real, it would be a big deal not having an actual certificate, right? How are you reselling your hosting to you friends? If you're doing stuff like stealthgerbil.com/friend1, you can get a basic cert If you have friend1.stealthgerbil.com would require a wildcard cert (which can be expensive) Or if they're pointing friend1.com to some virtual host setup on your VPS, they can buy a certificate their drat selves and just upload it to your server. But like 3spades says, do they need one? Are they running shopping carts or something that actually requires a secure connection?
|
# ? May 13, 2013 18:37 |
|
Well technically I run whcms to handle the billing and website creation but I don't have it actually do any billing or credit card stuff because it is for friends and plus gently caress dealing with credit cards or personal information. I told my friends or anyone signing up to use fake info if they are worried about it getting leaked even though I hash everything. If they were to do hosting through me they get their own subdomain. However no one should be running any storefronts or anything of that nature.
|
# ? May 13, 2013 19:21 |
|
if they need ssl they can buy their own damned hosting imo waste of your time and theirs
|
# ? May 13, 2013 19:28 |
|
Yea fair enough. Really if they need ultra secure top of the line business class hosting they are better off getting real hosting from a company that would provide support and do stuff instead of piggybacking on my VPS. I may just get a cheap SSL cert for my own site just so I won't get warnings though.
|
# ? May 13, 2013 19:40 |
|
Those of you who run or work for a host, what do you do in this situation: Customer's hosting gets suspended for non-payment. A little while down the road they come to you wanting a backup of their site so they can switch hosts. Do you give them the backup free? Charge them for it? Make them pay for a months worth of hosting and then give it to them? Or do you just tell them to get lost? I've got a particular client that I'm almost positive will be asking for a backup of their site, but it's been suspended for nonpayment, and I wanted to be prepared and have a better idea what the industry standard was for it.
|
# ? May 16, 2013 14:36 |
|
I'd ask for them to pay themselves current to the time you suspended their account and then provide the backup. Otherwise they can piss off, in my opinion.
|
# ? May 16, 2013 14:49 |
|
Maniaman posted:Those of you who run or work for a host, what do you do in this situation: You should not give it free, if they stopped paying you and the account was terminated due to non payment, you owe them nothing. Either charge them a recovery fee for the backup or make them pay their account current and restore the backup giving them the ability to generate or download a backup of their account. If it's cpanel, they can then have their new host do an account transfer.
|
# ? May 16, 2013 15:00 |
|
I'm not sure if this is the thread to ask this, but here is the situation: I've been put in charge of a project at my office to relocate our intranet. Currently it's housed at our office, and all the staff use a shared network drive. Nothing too complicated, and our CMS is hosted offsite, but as we are trying to go completely paperless, more and more sensitive data is being stored on our local server. The problem is that there are now security and insurance/liability issues that have come up, and we need to have our data located somewhere offsite. Since I am "the guy who can get viruses off the computer box machine", apparently I'm some kind of IT wizard and know exactly what to do. So, what I'm looking to do is to move all this offsite, and in the process, re-boot our entire IT structure (which means having any kind of documentation at all...) and also figure out our intranet security scheme. The main things I am looking for are a simple UI for accessing files -- preferably something akin to just using Windows Explorer with a mapped network drive that we can access -- plus VPN capabilities for people working from home or otherwise offsite. The most important thing, though, is that we must have PCI compliance, since we deal with credit cards as well. None of the info is public facing. Is this the place to ask about this? Or is this more about webhosting and such?
|
# ? May 19, 2013 21:31 |
|
plaguedoctor posted:
Run away. No really, don't touch this a 50 foot barge pole. What's the need for it to be offsite? When you say offsite do you mean your own servers stored in a secure DC or were you planning to use some 'cloud' service. If you store any credit card information in this system, putting it into a third party service particularly an internet connected one is incredibly unlikely to pass PCI compliance unless it is designed from the ground up for storing financial info.
|
# ? May 20, 2013 15:32 |
|
jre posted:Run away. No really, don't touch this a 50 foot barge pole. Any system that stores credit card information is not supposed to be internet facing. It's always best to never store credit card information, use a 3rd party credit card processor that provides a token based payment system like CDG Commerce's Quantum Vault, I believe SagePay has one as well as Paypal Pro reference payments.
|
# ? May 20, 2013 15:38 |
|
jre posted:Run away. No really, don't touch this a 50 foot barge pole. Yeah, I think some kind of cloud service was what I was told to look for. We need it to be offsite because our actual building is not physically secure. And it's easier for us to just have some other agent take care of all these issues rather than have any dedicated IT person. We are a small office full of not-too-bright folks... And we are not looking to be internet connected, but rather connectable via VPN, since we all share documents. I figure some sort of wiki-style multiple user editable content manager would be ideal, BUT, as I stated, a lot of my coworkers aren't too bright, and I find myself reminding them *every* day to save their edits because the rest of us have to work with that info. And no, I don't know why there is CC info stored on this server. The financial info I and my team deal with is stored on a secure server somewhere else, so I'm not sure why there is any financial info on this server. It's probably the owner's info, since they seem to have more money than sense. DarkLotus posted:Any system that stores credit card information is not supposed to be internet facing. It's always best to never store credit card information, use a 3rd party credit card processor that provides a token based payment system like CDG Commerce's Quantum Vault, I believe SagePay has one as well as Paypal Pro reference payments. Huh... I'll look into that.
|
# ? May 20, 2013 16:38 |
|
plaguedoctor posted:Since I am "the guy who can get viruses off the computer box machine", apparently I'm some kind of IT wizard and know exactly what to do. Based on the two sentences above; please hire someone to do this.
|
# ? May 20, 2013 21:39 |
|
Bohemian Cowabunga posted:Based on the two sentences above; please hire someone to do this. Ha! That's what I'm looking to do, so I guess I'm just asking for recommendations, or at least a point in the right direction.
|
# ? May 21, 2013 03:14 |
|
plaguedoctor posted:Ha! That's what I'm looking to do, so I guess I'm just asking for recommendations, or at least a point in the right direction. If you have cPanel, I believe you can get a McAfee's PCI scan (every 3 months) for free. Couple that with the self assessment questionnaire and you're right to go. As for when the scan finds vulnerabilities, you'll need to fix them of course. This is where you need a system admin, if you can't do it yourself. A few names come to mind such as Rack911, AdminGeekz or rackAID. It will set you back though. If you don't have cPanel, PCI scanning will be costly. I think Trustwave was the cheapest when I was looking, it comes with an SSL as well. Apart from that, there's web hosts which combine all of the above for an additional fee with their hosting services. But as above, a merchant service can store the card info for you. Nothing is infallible.
|
# ? May 21, 2013 03:48 |
|
LordMaxxie posted:If you have cPanel, I believe you can get a McAfee's PCI scan (every 3 months) for free. Couple that with the self assessment questionnaire and you're right to go. I'd caution against Trustwave, having been on the administrative end of their scanning. Most PCI scanners load up Nessus or another variant with minimal intelligent rulesets to factor in backports from Redhat Enterprise Linux/CentOS. Trustwave, for example, will scan the major/minor of OpenSSH and exclude patch levels that are backported from RHEL to amend a CVE. I've had clients escalate verified CVE patches from Redhat to Trustwave without success. Additionally, I've used SecurityMetrics for PCI scanning that was bundled with FirstData at the time. Very similar results with whitelisting CVEs that could not be physically exploited with the given environment, but based upon the pattern match, was deemed "vulnerable". FirstData cannibalized that partnership and setup Rapid Comply. Six month and 2 scans in, so far so good. There hasn't been any false positives. Unless you know your environment inside-out and have strict policies in place to safeguard credit card data, use a third-party to handle credit cards. FirstData provides recurring billing through their system, and they've been fantastic since placing them in a bidding war with Elavon for merchant accounts a couple years back.
|
# ? May 21, 2013 04:19 |
|
LordMaxxie posted:If you have cPanel, I believe you can get a McAfee's PCI scan (every 3 months) for free. Couple that with the self assessment questionnaire and you're right to go. Sorry this is wrong. There are different PCI requirements depending on whether you have a business that processes cards through a secure third party like sagepay or if you intend to store them like in plague doctors example. The advice on storing card numbers is don't. If you do store them you can't legally store the cv2 number and they have to be encrypted. If you need to store them to do repeat payments you should be using tokinisation like dark lotus said. Shared hosting is specifically precluded in the PCI DSS guidelines so Cpanel is out. The best thing to do is separate out the need for online document storage and storing card details.
|
# ? May 21, 2013 09:46 |
|
jre posted:The best thing to do is separate out the need for online document storage and storing card details. Yeah, that's pretty much what I'm looking to do. We need the online doc storage, and all the cc info we use is processed through a third party, so I'm not sure why we need PCI compliance. I think we have a bunch of old Quickbooks archives stored on there, which is where the whole issue comes from. Why they are storing that locally is anybody's guess. So it sounds like it's just best to sign up for the Quickbooks online service, then just find a cloud storage service for our non sensitive files. Thanks!
|
# ? May 21, 2013 19:49 |
|
Is there some permission option that I'm supposed to set when I'm hosting files in HTTPS? I'm running Apache with ssl, and I have a net2ftp installation hosted in a directory (domain.tld/net2ftp/). When I access it via http, everything works fine, however, when I access with https, I can only log in, but none of the buttons or links work. I have plenty of other scripts that works just fine (roundcube, drupal, sqlbuddy, etc), it only happens to this particular application.
|
# ? May 23, 2013 15:59 |
|
Why do colocation providers make it so damned difficult to actually do business with them? So far I've only found two that actually bothered publishing pricing. Invariably, the rest are just brochure sites that eventually lead you to a generic catch all "contact us" form. It's freaking infuriating and I wish I didn't have to do business with any of them.
|
# ? May 23, 2013 19:21 |
|
Does anyone know of a web app similar to flickr that I can host on my own?
|
# ? May 23, 2013 19:41 |
|
Is there a way to setup forwarding only email addresses that doesn't require setting up a full MTA?
|
# ? May 23, 2013 19:48 |
|
|
# ? May 31, 2024 20:05 |
|
McGlockenshire posted:Why do colocation providers make it so damned difficult to actually do business with them? Anyone who doesn't publish prices needs to hear your individual situation and needs. So they can charge you the maximum amount possible.
|
# ? May 23, 2013 19:50 |