WebHostingBuzz Blog Hosting, hosting, more hosting and a little of everything else

All posts in Web Hosting

Single reseller login manages all cPanel accounts

As I’ve said before, if you have more than a couple of domains reseller hosting is much better than standard shared hosting. Here’s another reason: you can reduce your logins.

The cPanel reseller password, the same one used to login to WHM, serves as a sort of master password. When logging in to any of your cPanel accounts you may gain access using the reseller password. This is a useful feature, as it saves you having to remember all the client account passwords.

If you have a VPS (Virtual Private Server) or dedicated server, you may also use the root password for the same purpose, though I prefer to use the reseller password and save use of root for when it’s truly needed.


How to create personal nameservers

Are you ready to create your own personal nameservers? I recently covered the benefits of personal nameservers and wrote that I wouldn’t want to manage my multiple domains, and those of my clients, without them. Today I’ll summarize what you need to do to create and use personal nameservers.

First, you must have a domain name registered to you (or at least under your control), on which to create personal nameservers. For example, if you have the domain name bigdog.com, you could create personal nameservers ns1.bigdog.com and ns2.bigdog.com.

You must have a hosting plan that includes the ability to use personal nameservers, such as a reseller or VPS plan. If you don’t currently have this, ask your host about upgrading. Your host will assign you two IP addresses for use as personal nameservers: typically one for ns1., and one for ns2.

Your host should also configure your control panel, such as cPanel, to automatically use the new personal nameserver as the nameservers for any new domains you add to your account. They may also be able to change your existing accounts to use the new nameservers, so it’s worth asking. If you don’t have many domains, it’s not hard to change them yourself. Don’t make this change until after the new nameservers are properly registered and active though.

Create personal nameservers

  1. Check the DNS Zone of your main domain (the one on which you will create personal nameservers) for existence of “A” records for the personal nameservers. This will be in the form of ns1 14400 IN A, where that IP address is the one assigned by the host for that nameserver. While this record is not absolutely necessary, it will reduce DNS errors and speed lookups. If on cPanel, you can view and edit those records using the WHM command Edit DNS Zone.
  2. At your domain registrar, register the nameservers. Most domain registrars have an on-line tool. (example from my registrar, eNom, is below).
  3. After allowing a few days for propagation, edit the DNS for your hosted domains to specify that they will use the personal nameservers. This should also include your main domain which is the parent of the personal nameservers. That’s right: a domain can use its own nameservers, so rabbit.com can use ns1. and ns2.rabbit.com for its DNS.
  4. Go to the domain registrar for each of the client domains to edit the nameserver list to specify the new personal nameservers. If someone else, such as a paying client, has control of the domain then ask that person to do this.

Registering personal nameservers at your domain registrar

As an example, here’s how to do it at eNom:

  1. Login to your account.
  2. Domains menu, Advanced Tools, click Register a Name Server.
  3. Enter “ns1.domain.com”, where “domain.com” is your domain name.
  4. Enter the IP address that your host assigned you for use as ns1.
  5. Click Submit.
  6. Repeat those steps to register ns2.
Registering personal nameservers at eNom

Registering personal nameservers at eNom

Note that eNom and many other registrars allow automated nameserver registration only onto .com, .net and .org domains. A different process may apply for other top-level domains.

Additional information
WebHostingBuzz has two relevant wiki entries:

When you resell hosting to paying clients, personal nameservers allow your domain setup to look more professional and complete. Even if you don’t resell, personal nameservers make it easier to manage and move multiple domains.


Personal nameservers streamline multiple domains

For those of you with your own domain names, a few questions:

  • Do you host multiple domain names?
  • Do you resell hosting to clients?
  • Have you ever moved to a new server or web host, and had to spend time at your domain registrar changing nameservers for every domain individually?

If you answered “yes” to any of those, then you should consider using personal nameservers.

As I stated in an earlier post, personal nameservers are one of the great advantages of a reseller, VPS or dedicated hosting plan over standard shared hosting. Instead of using nameservers provided by your host, with their name in the domain name, you create nameservers tied to your reseller domain or main domain. If your main reseller domain is “AcePro.com”, you may create ns1.AcePro.com and ns2.AcePro.com. You can configure all your “client” accounts to use ns1. and ns2.AcePro.com as their nameservers.

If you’ve ever had to move several domains to a new host or a new server with your existing host, you’ll know how much work it is. You must change the nameserver list for each domain individually at the domain registrar. It can be worse if you have paying hosting clients who maintain control over their own domain names. Before the move, you must inform your clients that you’re moving, asking them to change their nameservers (by editing the list at their domain registrars) by a certain date. Naturally some of them do not, so after the move you’re dealing with client complaints due to failing e-mail and site inaccessibility.

With personal nameservers, you need only register the new IP addresses for your personal nameservers, and all client domains will resolve to the new location automatically based on your nameservers. When I have moved servers (which I have done a few times) all I’ve had to do is to update my nameserver IPs for my reseller domain, the main domain that “contains” the personal nameservers, at my registrar. It takes less than a minute.

Personal nameservers, when enabled by your web host, are a way of exercising greater control over your domain names. The nameservers, which provide lookup services to direct Internet traffic to your domains, become part of one of your domains (usually your main domain). While they aren’t different servers, as you’ll still be using the physical nameservers provided by your host, they’ll now be identified with your domain name.

More importantly, personal nameservers mean that all your many domain names, and resold client domain names, will all be tied to your main domain. That eases management tasks.

In addition to the efficiency benefits, personal nameservers are a way to add more professionalism by further branding your on-line presence. This is feature that many hosting resellers like to use to disguise the fact that they are reselling. They like the nameservers to be part of their own domain. Many large companies also do this, both for the control and the branding. For example, a domain lookup on microsoft.com shows that it uses the following nameservers:

  • ns1.msft.net
  • ns2.msft.net
  • ns3.msft.net
  • ns4.msft.net
  • ns5.msft.net

As msft.net is registered to Microsoft, those are personal nameservers.

Nameservers may be spelled as “nameservers” or as “name servers”. Personal nameservers are often referred to as “private” nameservers, though I dislike that term since they are certainly not private. Nameservers are, by definition, accessible and queryable, so they are not private. A truly private nameserver would be of little use. I believe that “personal nameservers” is more descriptively accurate. The idea is that the nameservers are personalized to you.

An ideal term would be “branded” nameservers, but I’ve yet to see anyone call them that. Whatever you call them, I think they are a great aid to anyone managing many domain names. In an upcoming article I’ll explain how to create personal nameservers.


Content management systems attract hackers

Last year I wrote an article on the importance of keeping your scripts updated. I was reminded of that this week when a fellow WebHostingBuzz client and forum member had his site hacked.

The hackers attached the client’s site via a security hole in Mambo, a popular content management system. They managed to do some file replacements, and in fact opened up the site to further damage. When I visited the site, instead of the home page I saw a list of all site files as well as live delete and rename links. Anyone could have deleted or renamed large parts of the site.

Web scripts and applications are, by their nature, potential weak points. They process information and open routes to the web browsing public, as that is their purpose. With that comes the potential for undesirable access, possible unforeseen holes or flaws that could allow someone to modify or take control of the script or even your account.

It is your responsibility to keep your hosting account secure. You chose which scripts to install, so you must keep informed about required updates and patches. Your web host does not monitor every client to know what is being installed. You must educate yourself.

Know that by adding a package as comprehensive as a content management system, not only do you acquire tremendous functionality but also greater risk. If your site is small or uncomplicated, ask yourself if you really need a content management system. If you do, consider disabling functions that you don’t need, to reduce potential holes.

Stay informed, stay current and stay safe.


Sub-domains and redirects simplify web access

Sub-domains are useful. When you have your own domain name and a hosting account, you can create sub-domains.

Domain extensions such as .com and .ca are called top-level domains (TLDs). A second-level domain is a domain that is directly below a top-level domain, such as webhostingbuzz.com. That’s what we usually think of as a domain name which we can register. The next level down would be a third-level domain, also called a sub-domain, such as sales.domain.com or www.domain.com.. In fact, there can be multiple levels of sub-domain.

cPanel makes it easy to create sub-domains, as it’s done through a web-based interface and all the hard work is done automatically. By default, a cPanel sub-domain of dog.domain.com would have its URL resolve to domain.com/dog, but you can change that using a redirect. Combining a sub-domain with a redirect makes it possible to have short, elegant looking URLs that resolve to deeply nested paths.

For example, to more easily access each of the cPanel webmail clients via SSL, I made three sub-domains each redirected to an https URL:

  • horde.domain.com redirects to https://domain.com:2096/horde/
  • round.domain.com redirects to https://domain.com:2096/3rdparty/roundcube/
  • squirrel.domain.com redirects to https://domain.com:2096/3rdparty/squirrelmail/

To create a redirected sub-domain in cPanel:

  1. Click Subdomains.
  2. Click Create a Subdomain.
  3. Enter the desired sub-domain name.
  4. Click Create.
  5. When you see the message indicating that the sub-domain was created, click Go Back to return to the Subdomains screen.
  6. Under the Modify a Subdomain section, click Manage Redirection.
  7. Enter the path to which you want the sub-domain to resolve, and click Save.
  8. Enter the new sub-domain in your browser, e.g. .sub.domain.com, to see it work.

When working on early frameworks for a client web site, they might be accessed at a nested folder such as domain.com/clients/workshop/empire-surfboards/master.php. I create a sub-domain redirected to that URL. It’s far easier for me to remember empire.domain.com, and easier for my client.

When travelling, I often upload digital maps, itineraries and other useful documents to my web server. These serve as accessible backups for me, in case I lose the paper files I’m carrying, and family can also access these. Again, to simplify access I create a redirected sub-domain such as france.domain.com.

Once you realize how convenient redirected sub-domains can be, and how easy they are to create, I’m sure you’ll think of plenty of uses.


cPanel includes three webmail interfaces

Webmail is a useful tool, even if you rarely need it. Perhaps your regular e-mail method is to have your new mail downloaded into a mail client on your computer, such as Eudora, Windows Mail, or Apple Mail. When you’re away from your computer but want to check your mail or send a message, webmail is the answer.

Of course, webmail can serve as your primary mail tool. I used to have my mail downloaded into Microsoft Outlook running on my PC. Once I began travelling extensively, often without a laptop, it became more convenient to make webmail my primary method. No matter where in the world I am, I can connect to e-mail account on my web hosting server to see new mail, past mail, and all my contacts.

cPanel hosting provides three webmail interfaces:

  • Horde
  • SquirrelMail
  • RoundCube

To access any of these, point your web browser to domain.com/webmail/ (where “domain.com” is your cPanel domain). Login using your full e-mail address and password. You’ll then be presented with this menu screen:

Click to select the webmail application you want to use.

Many hosting clients are confused as to how these webmail applications work. Clients will post in a help forum about how some of their mail is “in Horde webmail” and they aren’t sure how to send it to RoundCube. Here’s the key point: these webmail applications are just interfaces. They do not store your mail. They are just different ways of viewing and using your mail account.

A cPanel mail account resides on the server, within a part of your web hosting account. Mail server software handles the receipt, storage and sending of mail messages. All that happens no matter what mail software you use.

When you use, for example, Horde to view your mail account, your mail remains in the same place. You can use Horde this morning, SquirrelMail this afternoon, and RoundCube tomorrow, still accessing the same mail account. In fact, it’s a good idea to do this, to decide which webmail interface you prefer.

Now, if your regular mail method is software running on your local PC or Mac, things work somewhat differently. You may have that software set to download new mail and then delete it from the mail server. If so, you’re likely using a mail protocol called POP (short for Post Office Protocol). This differs from IMAP, the protocol used by those webmail interfaces. In a future post I will explain the differences between POP and IMAP.

Check out cPanel’s webmail options. Whether for occasional use or as your default tool, you’ll find them useful.


Secure your web hosting account logins

If you’re a security conscious Internet user, I’m sure you look for an https connection and padlock icon when using your on-line banking or making purchases. What about your web hosting account?

Regular http traffic can be intercepted and read by nefarious characters. If, for example, your reseller account login were stolen, someone could create dozens of web sites and mail accounts to use for spamming, virus distribution and other unethical or illegal purposes.

Your web host should use https for secure login to your control panel. On all newer and most older servers, WebHostingBuzz forces https, so that even if the user enters the insecure http, the login will occur over https. This is a good security measure.

For cPanel hosting, https uses a different port than http. The regular logins for cPanel and WHM are:

  • cPanel:  http://domain.com:2082
  • WHM:  http://domain.com:2086

For https over SSL, they are usually:

  • secure cPanel:  https://domain.com:2083
  • secure WHM:  https://domain.com:2087

If you’re on cPanel hosting, try those secure login ports. Some clients, unaware that their hosts had SSL access available, found that those URLs worked to give them secure access.

If your host does not offer control panel access over SSL, ask them why not. They should be encouraged to offer secure access, as its in the interests both of them and their clients.

If you have a reseller account, you could create secure access for yourself. I did this at a previous host that lacked shared SSL. I installed my own self-signed SSL certificate to gain secure access to cPanel, WHM and my SquirrelMail installation.

Your web hosting account is an important asset. Take steps to protect it.


What is a LAMP server?

If you are using or shopping for a web host, you may have come across the term “LAMP server”. It’s not a type of hardware but, rather, a web server based on open source software. LAMP is an acronym formed from the first letter of each of the four major components:

  • Linux (operating system)
  • Apache (HTTP server)
  • MySQL (database software)
  • PHP (scripting language, sometimes replaced or supplemented by Python or Perl)

Linux is an operating system based on Unix, noted for security and stability.

Apache is the web server that receives incoming traffic, processes the requests, and serves up the required web pages. It’s the most popular type of web server.

MySQL is a multi-user database. It can be used to store data that are then served into dynamic web pages. Data could be a retailer’s products, a club’s member list, or your vinyl record collection to show off to site visitors.

PHP is a scripting language used to program web sites. One of its advantages is that its language can be read by humans relatively easily. This allows even novices to begin writing scripts for their web sites.

LAMP web servers are popular because they are stable, well understood, and the open source software can be modified and customized as needed. While the components were all designed separately, they create an effective a package. Here at WebHostingBuzz, LAMP servers are used as LAMP is bundled into the cPanel release.

LAMP servers’ popularity, coupled with the open source nature of the components, means that plenty of documentation and help are available. When you want to learn how to add a feature or program something for your site, just search the WWW as there are thousands of tutorial sites and forums on these components. I programmed a hierarchical navigation menu system for my site using information from tutorial and reference web sites, plus a little help from on-line contacts.

When you choose web hosting on a LAMP server, you’re joining a huge community. Explore each component and you’ll be amazed what you can do to trick out your web site.


Help support staff to help you

No matter what type of web hosting you use, at some point you will need to contact support staff. You may need assistance with a technical issue, you may need to know how to do something, or you may need to understand the source of connection problems. Some planning can help you get more out of your support contacts, and help them to assist you better.

First, be polite It shouldn’t be necessary to say that, but I see a lot of impolite and downright aggressive posts in help forums. Support staff did not deliberately target your server or account It’s almost certainly not their fault that you have issues. Treat them properly.

Learn the proper terminology. Often I see help requests, and I have absolutely no idea what the person is writing about. They are unable to accurately describe the issue or even what they’re seeing on screen, because they don’t know the terminology. If you’re asking for help with your web hosting account, you should know what FTP is, what your home directory contains,

If it’s an e-mail problem, do you access your mail via POP or IMAP, and with what software or web mail?

Did you change something just before the problem appeared? Clearly explain what you changed. If there’s an error message, quote it exactly. If the error message appears in the form of a web page, as many web server errors will, you can copy the message text and paste it into a text file. To show support staff exactly what you’re seeing, take a screen shot (a.k.a screen capture).

If you’re referring to a command that you tried then, as with error messages, quote it exactly. Document what steps you took that lead to the issue or error.

Be able to describe your Internet access setup. Is your computer behind a broadband modem alone, or do you use a router? Is it a separate router connected to the modem, or a single device that combines both modem and wireless router functions? If you don’t know, find out.

Are you running any firewall software on your personal computer? For example, Windows Firewall or ZoneAlarm? Have you recently added or updated this software?

Provide ping or traceroute results if asked. If you don’t know how to perform these simple connection tests, learn. Third-party web based tests are also useful, such as Alerta Spot Check and Down for everyone or just me?

Do you use any scripts on your web site, such as CGI or PHP? Did the issues occur right after adding or updating such a script? If the script is not supplied by the web host, explain what it is and where you got it. If you wrote it, explain the purpose and functions used.

There are other questions I could raise and tips I could provide, but I think you see my point. The more logical, clear and thorough you can be in explaining your issue to support staff, the more likely they’ll be able to guide you or their technical staff to a quick resolution. Plus, sometimes just by examining these points and researching the issue, you’ll find the solution yourself.


How to install a self-signed SSL certificate

Have you ever wanted the security of SSL (Secure Socket Layer) for your web site, but didn’t want the cost of a certificate? If you need only the security and not the stamp of approval from the big issuers, then you can create your own SSL certificate.

Communications over the internet are by default insecure. If e-mail or form inputs are intercepted, your information can be read. That’s why on-line shopping, bank and auction sites use SSL. An SSL connection encrypts the traffic, so even if intercepted it cannot be read. You can tell that you’re using a secured connection by the little padlock icon in your web browser.

Commercial SSL certificates are issued by a certificate authority such as GeoTrust and Verisign. The certificate authority provides third-party validation that the web site is who it says it is. Web browsers are designed to automatically accept certificates issued by the major certificate authorities.

Self-signed certificates are useful when you need the security of SSL encryption, but don’t need a recognizable authority name on the certificate. For an end user, the obvious difference between a certificate issued by a major certificate authority and a self-signed is that the self-signed certificate will generate a browser warning.

The web browser, upon encountering a self-signed SSL certificate, warns the user that it does not recogniae the certificate authority. While this would be unsuitable for on-line sales, it’s fine for many other types of access. As long as your users are aware that you’re using a self-signed SSL cert, it’s not a problem. The first time users connects and receive the warning, they can use browser commands to accept and install the certificate. Once a user installs your cert as a trusted cert, no warnings will appear on subsequent connections.

Note that the level of encryption, and therefore security, are the same with a self-signed cert as with one from a major certificate authority. On one of my web sites I run an installation of SquirrelMail and use a self-signed SSL certificate to provide secure login and use of that web mail application for my users.

Installing a self-signed SSL certificate on a cPanel server

To install on a cPanel server, you need a reseller or VPS hosting account. You’ll also need a dedicated IP address, to separate the site from others on the shared hosting server. Here at WebHostingBuzz, reseller accounts include dedicated IP address, and you may use one of those for your certificate.

Create a self-signed SSL certificate

  1. Login to WHM.
  2. Click “Generate a SSL Certificate & Signing Request”.
  3. Enter “Contact info” with a valid e-mail address.
  4. Enter or generate a password, making sure it is sufficiently long with a mixture of letters, numbers and symbols.
  5. Under “Host to make cert for”, enter the domain on which you want the SSL.
  6. Click “Create”.
  7. Copy the text displayed for the .key and .crt, and paste them into a text file on your computer. You may need that text in the next steps.

Install a self-signed SSL certificate

  1. In WHM, click “Install an SSL Certificate and Setup the Domain”.
  2. Enter the domain name, account user name, and IP address for the certificate in the Domain, User, and IP Address fields.
  3. Click “Fetch” to paste the .key and .crt files for the domain into the available display spaces, if they are currently on your server. (The first time I did this, clicking Fetch automatically pasted the required data into the fields. When I created later certs, the I had to manually paste in the information.)
  4. Don’t enter anything in CA bundle: there is no Certificate Authority because you are installing a self-signed cert.
  5. Click “Submit”, then wait for all processes to complete. WHM will display various lines of information and finally display “Finished Install Process.. “
  6. Point your web browser to https:// followed by the domain, to see your new SSL connection working.

If you don’t see the SSL commands in your WHM, it may be because you don’t have a dedicated IP on your account. Once you have a dedicated IP assigned to a domain, the SSL Certificate links/commands will appear in WHM.

Since I began using self-signed SSL certificates a few years ago, several free and public domain certificate authorities have appeared. They issue certificates similar to those from the large commercial certificate authorities. The drawback is that most of them are not yet automatically trusted by major web browsers, meaning that users would see the same warning as when using a self-signed certificate. If these free issuers eventually get approval from the major web browsers, they would be a good alternative.