HostEntrepreneur

On this installment of “Step 1a – Write a Business Plan”, we’re going to look at what a Business Plan is exactly… I’m sure everyone has heard of one, but how many of us have written one before. I’m sure there’s a few of us, but I bet the vast majority of people looking to get into webhosting for the first time are starting it as a side business. They have probably never written one before, and many probably have never seen one either.

So here’s an overview of the parts of a Business Plan.

• Executive Summary -  THE most important part of the plan. Who you are, what you do, and where you are and where you are going at a high level overview written in everyday terms.
• Market Analysis - A description of the industry including size and target market, growth rates, etc.
• Company Description -Another high level description but in more detail than the executive summary, this time specifically about your business and what needs you’re going to meet, and who the target is for those needs.
• Organization & Management – Profiles of the key players in your organization and the roles they will be taking on. Also should detail the overall structure and how those players fit together.
• Marketing & Sales Management – Descriptions of sales force, management, and how they will go about getting business.
• Service or Product Line -What you will be selling and how you will distinguish yourself product/service-wise.
• Funding -  Regardless of if you are requesting funding, this is where you will say how much you need and/or have, and for what it will be used for…
• Financials – Historical and Prospective financial data. One of the later sections to complete.
• Appendix – All the extra stuff that will be needed based on what you’re going to do with the plan. For example, if you are requesting money from a bank, etc., they will want credit information and resume’s on key management.

Today’s was only an overview of what each section encompasses. Begin to read over them and start thinking about each section, and start making notes or outlines for each section.  Next week, we’ll start going into each section one by one and get down and dirty with it.

Last Week: http://hostentrepreneur.com/2009/08/13/step-1a-write-a-business-plan-part-1/
Next Week:  Coming soon…

Ok for the past couple of days, we’ve been trying to help harden your server a little bit to prevent break ins… But if there is one, you want to know as quickly as possible! So setup your login to email you whenever you login. But, you say, wouldn’t they just disable that when they login? They could if they think to… but that first email should have already gone out. And by all means PLEASE make sure it goes to an off server email address. And you do use different passwords for each account right?? I thought so.

Login to your server. You should be in your home directory, if not go there with ‘cd ~’
vi (or pico, vim, etc.) .bash_profile

At the end add this:

# User specific environment and startup programs

# Email admin when user logs in as root
rootalert() {
  echo ‘ALERT – Root Shell Login’
  echo
  echo ‘Server: ‘`hostname`
  echo ‘Time: ‘`date`
  echo ‘User: ‘`who | awk ‘{ print $1 }’`
  echo ‘TTY: ‘`who | awk ‘{ print $2 }’`
  echo ‘Source: ‘`who | awk ‘{ print $5 }’`
  echo
  echo
  echo ‘This email is an alert automatically created by your server telling you that someone, even if it is you, logged into SSH as the root user.  If you or someone you know and trust logged in as root, disregard this email.  If you or someone you know and trust did not login to the server as root, then you may have a hack attempt in progress on your server.’
}
rootalert | mail -s “Alert: `who | awk ‘{ print $1 }’` Login [`hostname`]” (your OFFSITE email address)

By the way those wierd looking single quotes are the one on the key to the left of the 1 key on the top row of the keyboard. They tell the shell to execute the command between taking their output for the line it’s on. In this case, printing out pieces of login information. So go ahead and save and close the file.  Before logging out  type ‘sh .bash_profile’   and check that it execute cleanly, and emails you like it should.

So now if someone logs into your account, you will get an email. If it happens when you weren’t expecting it (as when you didn’t login yourself), you will know about it… Plus you’ll have the ip address they were on when they did… well, you’ll have the ip address of the last machine before they reached you as they will often go from one machine to the next. But it’s more than you had. And if you didn’t know, who knows how long they could hide out there and what damage they could cause.

WebHostBootCamp is coming back… The Winter 2009 virtual conference is set for December 7 through 9th.  The premier session this past June was a great success. Even seasoned hosters like myself with more than 10 years of experience, learned many new things.  We’re looking forward to the Winter conference…  WHBC has annouced that there will be 18+ breakout sessions, 3 keynotes, and networking events as well.  Learn more at http://webhostbootcampvirtual.com/

Just got this in an email from Microsoft…  Learning is good. Enjoy!  This isn’t your typical internet ebook… It’s 452 pages. It’s a ebook version of a real MS press title.

Learn how to plan, implement, and manage virtual infrastructure solutions with Understanding Microsoft Virtualization Solutions, by Mitch Tulloch with the Microsoft Virtualization Teams. The technologies covered include Windows Server 2008 Hyper-V, System Center Virtual Machine Manager 2009, Microsoft Application Virtualization 4.5, Microsoft Enterprise Desktop Virtualization, and Microsoft Virtual Desktop Infrastructure. Register and download the e-book today at http://csna01.libredigital.com/?urmvs17u33

If you didn’t read yesterday’s post on changing SSHD’s port number, I suggest you start there and then come back to this. Here’s the link: http://hostentrepreneur.com/2009/08/18/changing-your-ssh-port/

I find this provides dual benefits… One, passwords are too easy to crack sometimes (or too easy to forget if you actually are one who makes them difficult to crack). And two, it actually makes ssh’ing into the server easier. What we’re going to do is generate key pairs for the server and your client, and then use that to authenticate to the server.

1. First get a SSH session going. And like yesterday, don’t close it until I tell you.
2. Generate the user’s keypair on the server with “keygen -t rsa”.  This will go into .ssh directory off the user’s home directory – you’ll need these to ssh to other boxes and it creates the .ssh directory for you.
3. cd ~/.ssh
4. Next create a keypair on the client. For putty this is done with PuTTYgen. If you use something else you’ll need to lookup how for that client.  This will create a couple of files for you… id_rsa.pub is the public key file and id_rsa.ppk is the private key.
5. Transfer the public key to the server in user’s home/.ssh directory with a NEW NAME. Don’t overwrite anything!
6. If a authorized_keys2 already exists you will need to cat the file onto the end with ‘cat (filename) >> authorized_keys2′   NOTE the double greater than. That means append it to the end.  If you mess this up other keys will be lost.
7. I also recommend that if you are going to have multiple keys for the user, you edit the comment at the end of the line you just added to authorized_keys2. The comment is the portion at the end after the second space. The line’s format is (ke type)(space)(key)(space)(comment) So you’ll see something like “ssh-rsa (lots of letters and numbers) rsa-key-YYYYMMDD  where YYYYMMDD is the year month and day you made the key. It’s that last bit (and only that last bit) you can safely change.
8. Make sure the authorized_keys2 file is readable only by you (chmod 600 or 700).
9. If this is going to be for the root user do steps 9 -
10. cd /etc/ssh
11. cp sshd_config sshd_config.save
12. vi (or vim, pico,etc) sshd_config
13. find the PermitRootLogin  line and change it to read ‘PermitRootLogin without-password’
14. Save/close  the file
15. Restart sshd with ‘service sshd restart’ or ‘/etc/init.d/sshd restart’  — Remember don’t close your session until we know everything works correctly!!
16. Start another PuTTY, and load (not start) the session
17. On the left-hand side, select the Data Category under Connection
18. Specify the user’s name in the Auto-login username field
19. Again under Connection, expand out the SSH branch and select Auth
20. Click the browse button for the Private key for authentication field and find and select the id_rsa.ppk file you created in step 4.
21. This one has caught me a couple of times… Go back up to the Sessions branch all the way at the top left side, and click Save for the session on the right. Otherwise, you’re going to do the PuTTY side config again.
22. Test the passwordless login… Be absolutely sure it works, before dropping that first session. If it doesn’t you NEED to restore the sshd_config.save file back to sshd_config AND restart SSHD again, undo the PuTTY changes and test that you have put it back to where you can get in again BEFORE you drop that connection.

Provided everything worked, you now have an automated login that’s using a nice long keypair and not some little password… and provided you did yesterday’s changing of SSHD port numbers, you’ve probably locked out 99+% of anyone’s chance of getting into you machine through brute force methods, so take a break and enjoy the enhanced security (well until you learn about all the other methods of getting into the machine anyway…) Seriously though, most hack attempts prey on the people that don’t take the precautions, so you’ve just dropped your chances quite a bit just through these 2 little procedures.  You’re not safe and secure, but you are a lot better off than you were 2 days ago.

http://www.whatsmydns.net is a cool little website that let’s you check dns across more than a dozen dns servers all over… many are in the US, but the UK and Australia are also in there. This is a great tool that lets you check if your dns changes have propagated yet.

2For Tuesday ( a bonus post )

I’m sure you’ve all seen them. They’re all over the web, twitter, and every other imaginable outlet they can get into…  “10 Best Webhosts”. Every one I have looked at shows pretty much the same hosts over and over, or at least several of the same. But if you go do your research at an indepenent site, such as http://www.WebHostingTalk.com/, then you will find that several of these “best hosts” have absolutely horrendous reputations and wouldn’t be touched with a 10 foot pole by most people “in the know”.

So how did they get on a “10 Best” list? Simple, they paid for it. Not directly usually… No they offer affiliate programs where affiliate sites get paid to either send traffic their way, or if the traffic produces a sale.  Not very honest is it?  Oh don’t get me wrong… There’s nothing wrong with running an affiliate program. My problem is with the “10 Best” sites. What they’re doing is simply recommending hosts based on how much they are getting paid to say that they’re “best”. To me that equates to nothing but lying, plain and simple. By creating this “10 Best” site you are implying that you tested them, and that there’s some methodology to coming up with what is “best”… but the only methodology involved is how much money the affiliate program is putting into your pocket. To me you are nothing but bottom feeding scum… IF you are going to do one of these lists, at least be honest about it. Call it the “10 best paying webhosts”.

If you have a dedicated server or VPS, you can (AND SHOULD) change the port that SSH listens to… Taking this step alone will drastically cut down the number or attempted break ins on your server. And the best part… it’s really easy to do. 

1. Login into your server via ssh — don’t close this session until I tell you to!!
2. cd /etc/ssh
3. cp sshd_config sshd_config.orig
4. vi (or vim, pico, etc. – whatever editor you prefer)  sshd_config
5. find the line that says Port 22
6. Remove the # at the begining of the line if there is one.
7. Change the 22 to some other number – do NOT use anything less than 1024
8. Save & Close the file
9. Restart sshd – usually with “service sshd restart”  or “/etc/init.d/sshd restart”
10. Start ANOTHER session this time connecting to the new port – if prompted to accept the key, do so.
11. Provided you get logged in, you’re ok to drop the first connection. If not you need to restore the sshd_config.orig back to sshd_config and restart the ssh server again (step 9).
12. Save your new port settings in your client.

One note … if you ssh, scp or rsync from another machine you will need to slightly modify the command lines for the new port.
ssh -p #### … (rest of command) …
scp -P ####  … (rest of command) …
rsync -e ‘ssh -p ####’ … (rest of command) …

Stay tuned … tomorrow we’re going to enhance ssh security a little more…

Included in the new list of the 500 fastest growing private companies are many technology and internet business. But we wanted to point out that at # 239 is HostGator.com with 896.4% increase! Hostgator is not new to the list either… This just goes to show that it is possible to build the webhosting business by defining your services well, and taking care of your customers. Congratulations to HostGator – Keep up the good work!

Binary Canary’s, http://www.binarycanary.com, slogan in “We alert you first”. For the past several months we’ve been trying them out, and honestly… they DO! We run redundant Nagios systems – one in each datacenter monitoring pretty much everything. But often Binary Canary will be the first to let us know if something happens.

The service has been excellent. We had tried out Just Uptime, and had an account with Hyperspin for a long time. Just Uptime’s service had false positive as well as negatives, and had several outages that we never heard a word about except through hosting forums. Hyperspin performance is excellent but comes at a price. Service wise, Hyperspin and Binary Canary seemed about equal. There are differences in reports, but as far as notification goes both seem to be of very high reliability.

So it comes down to price… Hyperspin for 10 monitors at 1 minute intervals is $120 per month ($86 and change if you’re a reseller). Binary Canary on the other hand is $5! No I didn’t leave off a zero. It’s $5 for 10 1 minute monitors! And if you upgrade to the Power Plan you get for 30 monitors, letting you  monitor the same 10 sites from EACH of their 3 facilities (Seattle, DC and London) for $10 a month. That’s a bargain! … Now if they’d make it where I could get multiple uptime badges on a single page for a server status page (something happens with the javascript I think where it shows the same badge repeatedly – but didn’t really dig to see what’s happening), that would be icing on the cake.

Disclosure: We have NOT been compensated by binarycanary.com in any way for this review, nor do we expect to be. We have found a service we feel to be reliable while providing quite a bit of value at an extremely reasonable price, and we thought we’d share that with you. (We’re like that.)

Quick Update: Binary Canary’s developer did some work yesterday, and now in FireFox the uptime badges work like you would expect. IE 7 and 8 have issues (but then when don’t they???)  You have to give them credit… within hours of hearing about my wanting multiple badges on a single page they started addressing the issue.  I suspect they’ll get the IE goofyness ironed out too. If you want to see multiple badges on a page you can go to our server status page at http://www.LagniappeInternet.com/servers.php