Hehehe Happy Christmas and New Year

Happy Xmas and New Year Woot Woot! and well have a super time, with lots of yummy stuff and hugs hehehe

Cloudflare Review - Should You Use It?

Since i run lots of sites, things like performance, security, caching, stats are part of the daily routine of running them and of course of extreme importance, whats the point of having a kick ass site if its slow or insecure, so a couple of months ago i heard of cloudflare, basically its a proxy/caching system, but by using this caching system they provide caching for your dns, for site files, as well as intrusion detection, stats and a series of other niceties, this happens mostly because everytime anyone wants to visit a site that is using cloudflare it will pass through cloudflare servers before reaching the site.

At first it sounds like an awesome product, first of all the basic package is already extensive and free, but even the paid version seems to have even nicer features and at a very affordable price (it would be nicer if it was $5 each site, and not $20 the first and $5 the remaining), especially comparing to somewhat equivalent CDN and Security systems available online, also impressive is the control panel, very simple but with lots of features (comparing with something like google analytics, its way better at presenting a one page overview), so i decided to test cloudflare and see if it was a good fit for the S2R network.

The testing was done with 3 sites, that have different functions, frameworks, servers, performance and traffic, this way i could see how effective cloudflare is, i do this by doing a initial setup and testing and then having a couple of site monitoring services checking up on the site as well as me randomly visiting them and testing again.

Site 1 - The Simple Site

So the simple site was a domain hosted, blogspot powered site, basic template and its mostly a placeholder site while it isnt developed, so low traffic (about 30 uniques a day), low content, quick site.

Following cloudflare instructions and setup, change the dns and waited for it to change, it took about 5minutes for dns to refresh and the site showed first a nginx error (nginx is a webserver software), then after 5minutes a cloudflare logo saying that the cache was being made and after a total of about 15minutes the site was running on cloudflare, first of all this initial caching sucked, first errors, then cloudflare logos, the caching should be done in the background, start in offline mode and then turn itself on when it can cache so users should always see the site, although not too long, this was far from a transparent change, the site remained on cloudflare for around 3 weeks,

after about 2 weeks i got a site down warning, when i visited the site i got a topbar from cloudflare saying that the site was in offline mode (one of cloudflare features), after about 2 minutes of refreshing the site went back to normal, i dont think it was down at all, still what made me not so happy was putting cloudflare logo and links on that topbar.

Site 2 - The Heavy Duty but Simple Site

So the HDBSS is a domain hosted on a shared server that runs a simple image board software, it caches all the pages in html, so basically its html and pictures, still the site is popular and has higher traffic (about 3000 uniques a day), large but simple content, and because of all the images it is slower to load (altough we do use caching for a lot of things, but i turned them off during this trial).

Again the cloudflare setup, this time around i didnt see any cloudflare logos or problems and the site runned fine from what i could tell, however somethings didn't work, connecting to the backend (running php) was no problem, but the forms wouldnt work, my only doubt was that probably the captchas or ips were not matching (because of the proxy nature of cloudflare) and therefore the form wouldnt work, the strange thing is that other people could post, so on one part i was having some complains and could see that it wasnt working but posts still kept coming, i did try some workarounds like disabling the form captchas, disabling other settings, but that didnt work so the trial on site 2 was cut short to one day and a half, so after the dns change was complete, the site returned to normal, so the likely culprit was indeed cloudflare, so FAIL!

 Site 3 - The Complex Site

Well not that complex, but its a domain hosted on a server that runs 2 copies of wordpress (long story), its somewhat popular (about 1000 uniques a day), its a ecommerce site, with large dynamic content, in this case i left wordpress caching (w3 caching) and installed the wordpress plugin from cloudflare.

Setup run smooth, but this time around when dns kicked in i only saw the ngix error, i went to cloudflare help and there said it might be my firewall, so i checked, no, but i put the exceptions anyways and contacted the server host for them to check (later i received that they didnt blocked anything as well as my firewall and that the ips from cloudflare connected correctly), i waited for 30 minutes and then reverted the changes, so again a FAIL!

Humm this didnt went at all like i expected, i didn't do all of these at the same time, this was done randomly during about a 2 month period, so if there were problems on cloudflare side, then they were recurring, however there are 2 things that concern me regarding cloudflare,

First all the links and logos from them, anytime something is wrong they show their logo, i dont think that is userfriendly it should show the logo of the site in question or just a plain text warning from the site in question, showing cloudflare is confusing to any visitor, ohhh whats happening i thought i was going to vacationparadise.com, where is the site? what is this cloudflare??? is cloudflare there to catter to webmasters or to the general public? cause if i buy CDN from Akmai or Amazon they wont show their logo's in my site, now would they.

Second it seems too forceful, its make it or break it, if it runs at first it probably will run fine, if it doesn't, then it doesn't at all, also their system is purely proxying, so you have to install plugins to make it work fine and for example report links, its too easy to break your site, that risk just for some caching and some security is not a good tradeoff, better to optimize and use caching.

So my opinion of cloudflare is that its actually a pretty impressive product, especially their site, the features and customization even on a free product, but their caching seems limited, i didn't see any real performance boosts from my tests (even though their panel says its like twice as fast, real life tests from multiple sources didn't show me that, its more like a few ms and i think mostly cause i don't use gzip and cloudflare uses it) as well as all the links and logos to cloudflare are ridiculous in my view, from the offline mode and from the initial cache, and probably for the "question pages" as well, even tough i didn't get any, but i did have one my visitors complaint that the site was blocking him from visiting because he had javascript turned off (probably noscript or something), so that's a bit worrisome as well, i would say the service has good promise but for now it shouldn't be used by anyone that runs more than a hobbist site.

Update: I've done another updated review of cloudflare! check it out!

Why use a 3 Tier Backup System?

We all know backups are important, if shit can happen, shit will happen, they are important both online and offline, but if you are hosting a site or several sites, its important to have a backup strategy, that's why S2R created the 3 Tier Backup System (sounds way more exciting than what it is):

1) Hosting Provider Backup System
  • Choose a hosting provider that makes backups, having RAID and high availability and failover hardware, that's all cool for performance and redundancy, but backups should be expected and not on the same hardware as the server (offsite or high end backup software is a plus), having backups from your host eases most problems and makes most disasters easier to handle, as such this is the first backup tier.

2) Offsite Backup System
  • Have a cheap vps or backup account from another hosting provider (if he also provides backups that's a plus), then use your hosting panel or rsync or whatever backup system you prefer to use to make and transfer backups to this box, we normally choose a weekly schedule for this (running on weekends when traffic is low), there is no need for daily copies, cause the goal is to have a weekly clean backup, of course we store 3 backups, so 3 weekly backups are always available on the server, the idea is to use this encase your hosting provider goes bankrupt or closes your account for some reason (nowadays its more likely than you think), and you get cut off from your first tier backups, so therefore this is the second tier backups.

3) Local Backup System
  • This one is also easy to understand its a local backup of the accounts, in my case its to my custom made backup system (2TB mirrored to another 2TB, way more than enough for my sites and personal files + Mozy Backup of all of this), similar to RAID, this is done also weekly (could be done only monthly), this is done for the simple reason of peace of mind and safety, i never needed it, but there is no such thing as too many backups and having one locally guarantees that whatever happens to your sites they will always be able to comeback from any disaster, so this is the final third backup tier.
With a three tier backup system, it might look a little paranoid, and you might take some time and money to build it, but now that its done, its easy to add new sites and the peace of mind it gives is priceless, and now i can eat right in front of the computer hahahah ^_^

List of Fast Free DNS Servers

DNS (Domain Name System) Server is used to lookout domain names to ip address, it has more purposes, but for the most part thats their function, public DNS providers are free to use DNS servers that provide that function to anyone that needs it.

So since you are online the DNS service was probably provided by you ISP as part of their system to get you online, so why would you like to change your DNS provider from your ISP to a public one?

The main reasons, in degree of importance, in my view are:

1) Security, your ISP probably uses standard off-the-shelf dns software, also DNS althogh important is not a priority, security tend to suffer first, especially when new tricks and flaws are found, things like dns cache poisoning (injecting dns records that are not from a authorative dns server), also phishing or malware or other kinds of security risks can be averted by using a stronger more secure dns provider.
2) Performance, every single time you put a new domain name, that name has to be resolved on a dns server for the domain to show up, that means performance is essential, especially comparing to your ISP dns server that is extremely close to you.
3) Control and Customize, the ability to take control of your dns, of using it to make your browsing faster or check it domains are there, if you mistyped, if there is malware on the page you want to visit, or blocking kids from accessing certain kinds of sites.

So the list here follows a different pattern since im going to check the speed of it (from 3 different locations) as well as my personal preference depending on features and overall performance:

1) Google Public DNS (Like: Speed and Standards / Dislike: None)
2) OpenDNS (Like: Speed and Security / Dislike: DNS Hijacking)
5) Level 3 (Like: Speed and Standards / Dislike: None)
4) Comodo Secure DNS (Like: Security / Dislike: None)

1) the checks were made from California (USA), London (UK) and Faro (Portugal) using namebench http://code.google.com/p/namebench/.
2) i could have made a huge list, but i prefer to provide the cleanest most objective one, than a random copy paste list, so i removed lots of other good public dns providers, just cause at the time they were giving me errors and not performing normally, like scrubit dns, cisco or norton safe dns.
3) opendns would have won (just about the same performance as google public dns), but i personally prefer a dns that gives an error when it fails and doesn't hijack or disrupt sessions by pushing their search when a server is having a glitch or dns issues, but that's just me.

Pushing S2R Improvements

Ahhh nothing like autumn to get you inspired, well not really, muhahaha, still lots of new shinny things to come from the nice folk at S2R:

Expansion of the S2R Network, yep new sites, a bunch of them are coming, while most are well in Portuguese, and some are revamps (like panchira), there will be some niceties all round, both in new sites and oldies ^^

Much Improved Hosting, performance is always something we aim for, S2R's hosting is now spread through the world, well mostly around the US of A, in places like Los Angeles, Dallas, Orlando and Kansas City, but in the UK and Netherlands as well, so i hope most, if not all sites will have better performance, we will also be rolling out support for CDN, for extra performance.

On the home-front, some upgrades on some of the computers (so expect faster website building muhahaha), but mostly my custom multiple TB backup system, so all my sites will have 3 layers of backups, from my hosting provider, from an off-site backup and finally to my new backup system, AWESOMEEEE ^_^

Improvements on Kudasai

 Yep yep, kudasai had a major improvement, that's how i like to do it hehehe try stuff out and keep improving, partly because of some complaints, partly cause it had some not so user-friendly "features", so here are some of the improvements:
  • Stuff like using facebook connect or google's opensocial social widgets are all removed (and well both suck), i know it seemed like a good idea, but now i see it kinda sucks ^_^
  • Took off a lot of links and or changed to pictures, so its easier to navigate around the site
  • Bigger is better, so now the games take a way larger section of the screen, they are the reason you are in the site in the first place, who the hell wants to play in a tiny little window (my fault and one of the reasons i stopped using kudasai myself to play games), so now its nicer and more kawaii and no more flash distortions and cleaner gameplay, so now even if i put some ads they will be way under the games itself and wont interfere on your fun (yes there will always be a link to full-screen gameplay) heheh
  • Removed the huge amount icons of "click here to bookmark/post" on the header, to just post to twitter and facebook like, simpler and nicer, also in 2 years i had like 3 bookmarks from there, in only a couple of days after the tweaks i already have several twitter posts and facebook likes, so success ^^
  • Added a bunch of links to cool flash games/sites on the main page, with games like Auditorium, Infectonato 60sec, Wagakoto or Desktop TD (since some games shouldn't be hosted on kudasai, cause they have multiplayer or features connected to the site, or just look way cooler on their own site, but are still cool to play and nice for gamers to visit them too)
  • Improved performance and caching, not that the site will be way more quick, but if there is a surge of visits or lots of visitors coming often, they will see that a lot of the site with cache easier and will perform easier on repeated visits and flash loading ^^

Optimize your WHM Cpanel

This isn't gonna be a how-to increase the performance of whm/cpanel, there are loads of awesome tutorials online and i'll link so some of those in the bottom, this is just some of the tips I've learned over the years, that can and do, and make a difference on the performance of your vps / vds / dedicated box using WHM Cpanel.

1) Disable Unused Services
WHM is a complete package it takes care of the services, of making and managing the account and updating the server and itself, because of its versatility it has all these services and more that you would want from a hosting server, however all of these services are not required and some of them are serious performance hogs, so these are the ones you should check out and if you dont need, disable:

  • SpamAssassin Server (spamd) - If you dont need anti-spam, nowadays most e-mail software/webmail provide anti-spam protection, so no point running it on your server, unless mail security is essential, also if you need it, you need to configure it properly so at least its not such a big performance hit.
  • Clamav Antivirus - Same thing as SpamAssassin, but for Anti-virus, and well clamav just detects the really blatant virus, so trojans and mallware might get trhough anyways, so you can disable this one, but if you need it its the same thing as SpamAssassin, configure the hell out of it.
  • Cpanel Pro - Added features, but not really needed.
  • Statistics Software - Well with google analytics and other offsite statistics software, you can live with just one stats software and webalizer is probably the lightest, disable the rest.
  • Mailman - Just use a php or offsite maillists systems.
  • Webmail - Unless you are hosting, most people are using pop3/imap or just offsite mail, so choose the most basic like squiremail, disable the rest.
  • Entropy Chat - enable only if you need it.
  • Melange - enable only if you need it.

2) Tweaking Settings
  • Uncheck Conserve Memory at the expense of using more cpu/diskio (however if you need the added memory, check it, but you take a performance hit).
  • Choose the best version for you of Apache, Mysql, FTP, PHP (just choose the one that fits better to your uses), and then tweak it, make some online searchs on how to change the apache config's or php settings (most are available right through WHM).
  • Make sure the default catch-all mail address is set to FAIL, so that it uses as little CPU time/Disk Space as possible.

4) Upgrade / Update
This one is simple... not always having the latest and greatest is the best course of action, but there is a tendency for newer software to have better performance, less bugs and genereraly more secure, so when in doubt, always update, in this case, its setting up whm to update itself to the CURRENT or STABLE releases and make sure security packages are also on automatic, also from time to time running the easy apache, and the updates on the Software section (Server and System).

5) Keep an Eye on it and Adjust
Since every box is different (although im talking here about LAMP+WHM/CPanel), there are multiple variations of LAMP (using CentOS instead of Debian, or php4 instead of php5), also it depends on the sites/services you are doing with the box, if your sites are dynamic you kinda want to adjust php, if its a file server, you kinda can move to nginx (or another lightweight server, instead of apache), if you have a lot of Mysql work, its another thing, so not all rules or changes will work best, so keeping an eye on the performance of the box is important, not only if the CPU and RAM are good, but also how quick your pages load.

I know there are a lot of more tweaks you can make so check these articles for more in depth tweaking (or just make a search yourself), however just doing the ones i told should keep your box humming away pretty good ^_^

Check ...
Optimizing cPanel/WHM
Optimize High-Traffic Servers
Configuring and Optimizing MySQL For WHM Dedicated Server/VPS

Choosing the right Apache? Apache 2.0 vs Apache 2.2

Well i ordered a new box and found out that it was running Apache 2.0.63, a very stable version of Apache (still used by lots of webhosts), but since like a year ago, i've moved to the 2.2 branch, so to decide what was the best choice i decided to do some testing between both version to choose, humm performance wise?, and yes i know 2.2 is much better regarding speed, but performance is not just about speed, so i just installed one and then the other, did some tests and let it run for a full 24hours midweek (cause weekends the traffic drops a bit)

So what are the results, interestingly enough... im gonna make some charts ^_^

Average 24h CPU Load (Restricted to 1CPU)

Average 24h Memory (Restricted to a total of 1GB)

Average Requests of File Types

Ok charts are cute but were are the numbers? well there isnt a point or need really, since the site hosted (and test files) on the box are not a perfect benchmark of Apache's abilities, this should be considered above all a real world test, than a well measured test, but we can take a conclusion out of this, just looking at the charts, Apache 2.2 branch does seem to perform faster than the Apache 2.0 branch, although that performance increase is traded by a slightly higher cpu and memory consumption (about 0.3% memory increase and about a 6% CPU load increase ), hummm i can live with that,  2.2.15 WIN! hehehe, besides newer software has a tendency to bring better performance and security, and in the long run thats always smart thinking.

New Portuguese Search Engine

Yep, i had some requests and some tweaks to do, so i made a new site, its called PT1 or Portugal1, its based on google search with a portuguese free directory of the best portuguese sites we like (the search engine and all the added services are done, stuff like quick link search engines for firefox or search toolbar with some cool stuff ), the directory is still not live yet, also ill add more services later on, but for now it looks simple and cool and works like a charm ^_^

Moving to Asynchronous Tracking

So in this move to... well move faster hehehe, im pushing Google Analytics Asynchronous Tracking on all S2R sites that use Google Analytics (almost all, the ones that don't, they use Reinvigorate ^_^ ), although I've tested through this past week the speed changes between normal code and the asynchronous code, i can say i don't see much of a speed difference, that could be, because well, my sites already run fast, but anyways when you join all of those little tweaks that speed sites up, it makes a big difference, especially if you get bursts of traffic ^_^

New and Improved S2R

yep i made some improvements on S2R heheh, just making it nicer, still all of this "google now adding speed as another factor in ranking" is making everyone all nervous and getting CDN and doing all this changes, well i've always tried to make my sites, quick and easy, both in the webdesign/structure/hosting side of things, because i want my sites to be fast..., so... well im always trying to put one less picture in a site, or offload content or optimize code or have faster better hosting anyways, so i guess no change here ^_^'

Apthost Hosting Review

Well im doing reviews of host i've used, in this case it was Apthost Shared Hosting in mid 2009, sometimes when i finish a new site i decide to make a new account on a new host (cause they look good, or have a awesome promotion, and yes i know hosting promotions are more hype than substance, but you never know unless you try, thats why i continue to be a Dreamhost customer), so in this case i choose apthost, mostly because of their tag of being the best host for "FFmpeg".

So lets get into the review, the setup and payment was quick and easy as expected, my account was activated, and like normal quick upload and everything is looking good, i also requested a transfer of another one of my sites but that was a fail apparently apthost staff hasn't mastered transfer from cpanel to cpanel so i never did anyways, speed isnt awesome, but its all good, about a week later i noticed there were several error_log type files (some growing to multiple mb sizes) in a lot of the folders on the site, but the site seemed fine, when opening those, it was just standard log files with lots of weird errors (like page loads fine, but log reports errors from my ip anyways... weird), talked with support that dismissed it.

So like 3 weeks into it, the real problems started with multiple downtime's and overall pretty lousy performance (strange how this tends to happen to this kind of hosts, probably when they finish filling up the server to the brim...), since the site was new i decided to put a "maintenance page" while i try and workout the issues, so then it starts a week of trouble tickets with support and it kinda gets silly, most of the replies are "Your site is coming up fine.Please check it from your end." while the site is still down, also "It is being taken care of. I noticed that one of the techs did not show up, and left the monitoring of the server unattended, which caused to go into overload mode. It is coming back online in few minutes." or the "the account has been suspended for 30 minutes in our node due your account is responsible for overloading the server, which is impacting overall performance in the node.", so my site that wasnt even online is overloading the server... awesomeeee i kinda couldn't believe it, i know it was probably and automated system of some-kind and because the server was in the shitter that probably went to everyone on the server, still funny though

So after a week of practical downtime, they announce that they are moving me to a new server, ok... ohhh but there was a problem and the new server is built from backups that are from Friday and not Monday, what? well at this time since i was still on my 40th day (45 day money back guarantee) i asked for a refund and that was awarded after about a week,

So a recap of my review of Apthost:
  • They aren't a very good host overall, at least they don't seem to have their shit together
  • Support is not very supportive, there is a lot of one liner copy+paste replies from support
  • I also don't appreciate the 30min suspension for "overloading" (i would suspect a lot of people would hit that, in a more professional webhost they contact you ALWAYS before turning off your site)
  • Apparently their backup system sucks
  • They did follow trought with their moneyback guarantee
  • Setup was quick and easy

Our Very Awesome Web Directory

Ok, major improvement on or very own Web Directory, aka orgme.com, and we are actually thinking about making a portuguese version, ok maybe a bit different, and yes i know there are billions of web directories, but most are not nice at all (you have to pay or give reciprocal links or has misleading links or affiliate links or other nasty stuff), so we will try and make ours nice and helpful and clean and not weird or dodgy ^_^

Nee.Hostcult.com is Down

Yep sorry about that, so a couple of our sites are down for the moment >_<, the server is doing a FSCK as of now (probably due to a bad shutdown or some other glitch that didn't come up before), once the FSCK is finished, the server should be back up ^_^'

update: every site is back up ^_^ total downtime 1h15m, yeah FSCK takes loads of time...but better that, than a corrupted hard drive hehehe

Review of Virpus VPS Hosting

So this is my review of Virpus VPS Hosting, as a principle i only review hosting companies AFTER i've been with them, as well as i try and be to the point with my review and it shouldn't be taken as a literal performance of the hosting company as a whole, just of my particular experience.

I was with Virpus for 5 months, and i signed with their unmanaged Advance package (so a mid to high end hosting package) with Directadmin, since the initial payment it took around 9 days to setup my account but after a contact with support they did apologized, they said that they had a huge surge of new customers and were a bit late on the setup as well as i was discounted for those days, so thats cool.

After the initial setup there were a couple of things that weren't setup right, especially since there were extra notes fields when you first signed up to put that kind of added or just needed information for a correct setup, but those seemed to be ignored (not a huge deal, since a lot of vps companies do this, probably cause the people that make the setup don't do any tinkering), so a few back and forth with support and everything is on track.

So the hosting comes with Directadmin hosting control panel, well its kinda a subpar hosting panel, but at least it has a low overhead (doesn't consume a lot of resources), that and probably a new server (although with not so new hardware) meant performance wise, the vps was quick and the first site i transferred over was indeed almost 2 seconds faster than on the other vps it was on.

After about a month later i transferred another site over, still the performance of both sites was pretty good, this lasted for 2 and a half months, since then i started having some downtime, for some apparently unknown reasons, others were to DDOS or Server Problems, so i had about 5 fairly large periods of downtime in the first 4 months, however in the last month i started having daily mini periods of downtime, i know i know, it can be a problem on my vps, but the vps was stable and apache has like 20 days of uptime i was using barely half the resources on the vps as well as the downtime was at random times, but still the sites started to drop off the internet for 5 or 10 minutes at a time (i use 3 different site monitoring services), i contacted support and nothing but excuses but nothing is done, so i moved one of my sites back to another vps, but the downtime continued for 2 more weeks, then again i contacted support and i was said they were going to scale this to management, i waited one more week and since i wasnt contaced by support or management and the trouble ticket in question was closed, i moved the last site to another new vps.

So like i always do, i go and read the terms of service (to see their cancellation policy and if i had to pay anything extra, but no, i was within my time to cancel and not have to pay anything) and so i asked for a cancellation, after that i didn't heard anything from support, not a "we have canceled your account" or anything (if my e-mail account or virpus account was hacked it seems it would be quick and easy to burn my vps), but what comes next wasn't that nice, although my due date for payment was more than a week from that time, after i canceled they immediately tried to make a payment to my credit card, as well as tried several more times the following week (i was lucky that the reason i didnt wait 1 or 2 more months with virpus, to see if the service would get better, was that i had to renew my credit card and i didn't feel like adding my new one to virpus...), so to sum it up my review of virpus:

Good Points:
  • Pretty Cheap VPS Hosting
  • Good Enough Support for Technical Questions
  • Average Performance (was good at first but then it kinda when to normal+downtime)

Bad Points:
  • Cheap Hardware
  • Downtime (my threshold for downtime is about 2 per month, that is to be expected from upgrades to random problems, more than that, its totally unacceptable)
  • Bad Support Followup (they told me at least 3 times that they would check and get back to me, of course they never did)
  • Unethical Cancellation Procedure (tried to charge my credit card without reason after cancellation)
So i would say that i would recommend virpus to anyone that wanted a cheap vps for hosting anything that wasn't priority (hosting files, cache, image galleries, backups), it was quick and overall the downtime wasn't that bad (a month with about 20 downtime windows of about 5 to 15minutes each is bad for a active site, but not that terrible for file hosting or something like that, its still about 90% uptime), but i can't recommend them cause they did try and charge my credit card when they didn't have any reason to do it (for some companies you do have to pay something before you leave), so if you read this, there are way better and cheaper hosting companies on the web, so stay away from virpus.

Update: So a week as gone by and im still getting the "Invoice is Due" and that i should log in to my account and pay, nice ^_^ but since they closed my server and then closed my account, so even if i wanted to pay i was out, a little more of this and ill just consider it spam/phishing and start flagging them all as such.

How to Protect your Sites

Well one of my sites was taken down for a couple of hours after it was completely screwed from a hack (well from script kiddies, but still), that deleted admin accounts and posts and added re-directs and other nasty stuff, cleaning it up would mean several hours and some things might be completly lost forever anyways, so what to do? before this happened, during or after to fix it, so what do i do to keep my sites online and protected, ill separate these into 3 major points:

Preventive Protection (before any problem)
  • Always have the latest updates to your online software, yes i know sometimes it brings new bugs, but most of the times its better to take the time to find workarounds and still update to the latest than opening yourself to an attack;
  • Always have multiple backups, all my hosts have backups but i also make my own to other servers (weekly) as well as a to my own computers (montly),  this ensures that even if there is a catastrophical failure (your host dies on you or deletes your account) that you are still able to bounce back pretty quickly;
  • Make sure your hosting is separate from your domains, since keeping those 2 together means if you need to jump to another host that you will always have problems (also have always a backup host that you like, and trust to jump to quickly if need be);
  • Use popular software, yes it might be a bigger target for hacks and security issues, but the chance of having updates and fixes is also much larger;
  • Resilient Hosting, doesn't need to be cloud hosting or some strange arrangement, just needs to be from good hosting companies with good track records, they ensure that most hardware/server failures will never happen and if they did, that a fix would be done quickly and efficiently

Immediate Protection (when you first detect the problem)
  1. Put the site Offline, if you are on a apache server it normally means an update to the htaccess/htpasswd, you don't want your users getting affected by your compromised site;
  2. Check to see how was the site compromised, was it the server, a bad admin, software flaw, try and find how did this happen;
  3. After you find out the flaw, search and see if there is a fix to it (server/software update), banning an admin, whatever it is, cause after you fix it, you need to make sure it doesn't happen again.

Reactive Protection (how to fix the problem)
  • Best way is always, just delete the whole site and bring back the latest stable backup, sure you will lose some content or news but you have a guarantee that your site comes back crisp and clean, fixing it by hand means you can miss something and still keep your site compromised;
  • Make a test run and check if everything is alright, make sure to make the necessary adjustments before bringing the site back online;
  • Fix the security issue, if you found out what was the problem, go ahead and do the updates or workarounds, so this doesn't happen again;
  • Make a brand new backup immediately before bringing the site back on, this ensures that if the site is still vulnerable, that you can bring it back up quickly, without much loss.
So that's it, yes i know its basically using backups, and yes there are other ways, but this is the easiest more efficient way to protect your site from premature death ^_^

Why Does Google Buzz Suck?

Txaaa i normally dont use this blog for rants about products, heheh anyways, google just launched buzz, its a gmail addon for small talk and sharing of media with your friends, i just dont understand the point, gmail is awesome because it is simple and to the point, it makes manageing your e-mail a breeze, now we have chat and buzz and all kinds of random stuff in there.

We have flickr for photo sharing and photo communities and we have facebook for small talk and basic sharing, nowadays we have all this crossover sharing like posting on twitter also posts on facebook and gmail has chat and i see less and less value in it, why would i use buzz? it just adds more clutter to my e-mail its just a time waster, if you go photo sharing you will still want to post it on flicrk as well, if you go talk small or just random sharing you will still want to go to facebook or twitter, so whats the point?

Google should clean up their job with orkut or jaiku, or finally launch a quality skype/pidgin gtalk software that can connect to all the major IM networks as well as provide affordable voice services (connecting with google voice) and quit this idiotic social experiments, its like all the shit with google reader, its too much bloat, after a while it stops being a feed reader, one thing is adding value (gmail labs is a awesome idea), another is adding random stuff that has no obvious purpose and just duplicates functions other sites do better, kinda like google friend connect (com)

Timetables and Expectations

Hehehe, yeah i've been incredibly busy working on a lot of stuff outside of s2r (personal things, friends sites and was hired to do some other stuff), anyways most of it is done by now, so i'm moving back into s2r mode, still in these last couple of months i've merged and moved a lot of my websites around (so i was indeed also busy with s2r), basically i merged some of my shared hosting and one vps into just one "cloud storage" kind of vps, so performance should be way better all through the s2r network of sites (taking some more popular sites out of a vps or shared helps the other sites that remain), sooo what can everyone expect?

 Hummm well first i'm going to cleaned up a lot of code in a lot of sites, then re-start some of my stalled projects, then finish some sites that i've been working on... thats pretty much it, so expect panchira.org, hentaish.com, fiendish.org or vidcult.com to have their makeovers and some new stuff to pop up ^_^'

As a side note i've released my personal site Hugo Silva (my name...) hehehe, yeah bland, but its more to join my social profiles in one place and later on my cv, thats the whole point of it.