Slashdot Mirror
Things To Look For In a Web Hosting Company?
v1x writes "I have had an account with my current web hosting company for a few years, with 3 domains being hosted there (using Linux/PHP/MySQL). Recently, all three of these websites stopped functioning, and upon checking the site, all my directory structures were intact, whereas all of the files were gone. Upon contacting their technical support, I was given the run-around, and later informed by one of their administrators that none of the files could be restored. Needless to say that I am looking for a different web hosting company at this point, but I would like to make a more informed choice than I did with the current company. I have read a similar Slashdot article (from 2005) on the topic, but the questions posed there were slightly different."
Reader mrstrano has a similar question: "I am developing a web application and, after registering the domain, I am now looking for a suitable web hosting provider.
It should be cheap enough so I can start small, but should allow me to scale up if the web site is successful (as I hope).
The idea is simple enough so I do not need other investors to implement it. This also means that I don't have a lot of money to put on it
at the moment.
Users of the website will post their pictures (no, it's not going to be a porn website), so scalability might be an issue even with a moderately high
number of users.
I would like to find a good web hosting provider from day one, so I don't have to go through the pain of a data migration.
Which web host would you choose?"
I've had great luck with http://nearlyfreespeech.net/ - they're security-conscious, anti-spam, pay-only-for-what-you-use, and I like their political pro-privacy and pro-free speech stance. I have a feeling most of the people here at Slashdot would be very comfortable with them. They run FBSD, not Linux, but it's really not that huge a difference for web development.
Make sure you read the caveats about what will and won't work with their service. Things like Django and RoR won't really work because of the need for a persistent process, and they don't yet have support for cron jobs (but they're working on it - it's difficult because of the way they're set up). OTOH, MVC frameworks for PHP like CodeIgniter will work just fine, and they've got Catalyst installed for Perl coders. They do make it very clear about what they do and don't support, though.
I claim first use of "Error No. 0B" - or "No. 0B error." It'll be the new ID 10T!
Effectively unlimited domains, bandwidth, storage and MySql databases
Be somewhat realistic. Not even Google provides unlimited storage space for their services. You get what you pay for.
Second the linode recommendation. The staff are responsive and even proactive if there is a potential issue with their servers, and the management system is simple without being restrictive. We recently started using our own kernel, because you can.
They score highly in performance benchmarks as well, which I can verify from over a year of managing 6 linodes, they're really fast.
http://journal.uggedal.com/vps-performance-comparison
I have had a good experience with DreamHost. Their support is snappy and helpful, and the people who work there seem generally kind. They have a fine set of dreamhost-specific howtos maintained on their wiki, and a powerful but easy to use panel for administration.
They run linux boxes with the full complement of command line tools (with compilers and everything!), and the only restriction is no persistent processes. If you want to do that, you can buy their pricier private server option which gives you your own private server instance.
They have some great terms of use (as far as storage and bandwidth are concerned), and their prices are reasonable. I got a great deal a while back on two years of hosting, and now I'm hooked on the service.
Hoo boy, the stories I could tell. Actually, I can't, because the hosting provider threatened to sue us if we named them publicly.
OK, first, if there's more than a couple of servers involved, and your business depends on it, use two or more different providers. If you only have one provider, it puts them in a position to screw you. When we terminated our relationship with our provider, they held our data hostage until we paid them an additional $15,000 to put our servers on line again long enough for us to copy our data.
Which brings us to: DO YOUR OWN BACKUPS. Service providers either don't do them, or they don't do them right. The world is full of horror stories of customers paying the data center extra for backups, and then finding the backups were never actually done. And even if they do do backups, they maintain control of them, which puts them in a good position to extort you.
Remember, the practice of holding your data hostage goes back a long way. Happened to my father's company back in the 70's mainframe days. It still happens.
Most important of all: have a professional go over your data center contract with a fine-tooth comb. The default contract they'll give you (or at least the one they gave us) is highly abusive.
For instance: if you don't explicitly terminate a contract at the end of its period, it's automatically renewed for another 18 months. You need to give 2 months notice before the end of the term before canceling. There is no early termination. If you so much as upgrade a single disk drive, the contract is automatically renewed for another 18 months.
Here's a doozy: our contract specified that if a server went down, they would either fix or replace it within two hours of determining the problem. The catch: they merely have to say that they haven't determined the problem yet, and then they don't have to replace anything. Our main server was kept off-line for a month this way.
No matter which provider you choose, never depend on them for backups. Keep your originals locally and copy them to the webserver. Rsync is a great, effortless tool for this kind of synchronization. If you're maintaining SQL databases on the webserver, back them up at least daily with cron and download the backups. A few simple scripts will work wonders for your protection and your sanity.
1) Failures will happen. Design for them. Have at least two hosts, in significantly different physical locations. If a host gets hacked, if their backups were silently failing, if they go out of business without warning like RedONE did, if they get hit by natural disaster, et cetera; there just isn't anything you can do to isolate from that. Redundancy is key.
2) Ask hosts about their backup policy and strategy, as well as their redundant disk setup, before you get started. It's not a perfect answer, but it gives you a decent sense of how on the ball they are - if they're spending for the extra disk space, then they're probably not cheaping out other places either.
3) A week or two in, request a backup restore. You don't have to make up a failure or anything; just say you've had problems with hosts lying about backups in the past, and you want to make sure you're on good ground. Make some changes to your setup beforehand every 10 minutes on a cron, so you know how old the backup is when it's restored.
4) Ask about gotcha policies like how they handle over-bandwidth (free day, shutoff, charge per unit, etc) and so forth. That'll give you a sense of how they'll behave if/when problems happen.
5) Expect problems to happen. The engineering overhead of replication isn't that big these days, and the cost of not having it is immense. Furthermore, in addition to replication, which secures against failure, also have backup, which secures against attack. Backup can be by FTP to one of those cheapo shared hosts that don't care about disk space, but it needs to be at a distinct third location.
Basically, don't try to find a host that won't have problems. You'll find Santa Claus sooner. Parts fail, people make errors, people do shady things, attacks are made, natural disasters and backhoes happen, et cetera.
Just have a contingency plan in place. If you can handle a failure, it's no longer a critical problem. It's usually cheaper to have three normal hosts than one super duper bullet proof host. Leverage economy. The internet is designed for handling the failure of cheap parts through massive redundancy.
Leverage that. It's the smartest thing in network history.
StoneCypher is Full of BS
Nearlyfreespeech is not for everybody. I used to recommend them, but not anymore.
Here are the advantages:
* low cost, especially for tiny sites
* SSH included, no bullshit regarding that
Disadvantages:
* php and mysql performance is very slow. the servers are overloaded
* ssh is very slow. there is lag between every command. This is especially noticeable when using sshfs
* sometimes there is lag for simple page loads
* no cron, no https, several little things you may have come to expect from a host are not provided by NFSN
* reliability: a couple of times a year, NFSN will make some arbitrary change that may cause your sites to go down. The first time, the permissions on all of my files changed in such a way that the web server could not access them, and I had to manually change them back. The last time, symlinks stopped working, and I had to find every one, delete it, and recreate it.
* reliability: I don't think NFSN even has 2 9's. (ie less than 99% uptime). When NFSN is down, they still charge you for storage, but not bandwidth. This is fine for them, but might not be for you.
* NFSN is a one-man LLC, named Jeffrey Wheelhouse. If you ever need to deal with support, you will notice that this guy is a self-righteous asshole. Just look at the forums, and his responses. I wouldn't usually consider this a problem, but because NFSN is so buggy, you will have to deal with this man eventually.
Shared hosting is like like living in a small house with fifty strangers. All of you have a job that requires you to go in and out all the time. And there is only one door.
Go for a cheap dedicated and unmanaged server and carefully manage your own backups. Watch out for 95% billing if you have any real traffic needs. Look for reviews in forums like webhostingtalk, not review sites. As recommended by an earlier commenter, look at the nameservers and make sure you are buying from the actual provider and not a reseller. Look at the upstream providers of your selected server provider, tier-1 ISPs are good, as well as lots of bandwidth between your chosen ISP and the internet, and a good SLA. Avoid "shared 100mbps". Look for extra costs you may have to pay before actually making a contract - For example, many providers will charge ridiculous amounts of money for extra IP addresses or extra domains in some stupid exclusive control panel (*cough*Plesk*cough*). A good domain name registrar is name.com. A bad domain name registrar is godaddy. Buying your domain name from your server host is unthinkably stupid.