Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Webhosting Provider Threatening Me To Upgrade To Higher Package On A New Site With Zero Traffic - Page 3
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Webhosting Provider Threatening Me To Upgrade To Higher Package On A New Site With Zero Traffic

13»

Comments

  • BoogeymanBoogeyman Member

    @MisterChew said: I have no issues with paying more if I am actually getting decent traffic and/or that my site is poorly optimized, but it is not.

    @MisterChew said: Does anyone have any recommendations for a reliable and dependable web host for around $10/year in NA?
    As much as I would like to use a VPS, I don't want to bother managing it. Managed VPS is out of my budget.

    @MisterChew said: I am NOT a web developer. Thanks for your contribution. Good to know that my site isn't static. I learn something new every day.

    The end is nigh.

    Thanked by 3poisson bulbasaur AlwaysSkint
  • BoogeymanBoogeyman Member
    edited November 2021

    @jar said:

    Add this in your reply to make it more spicy.
    https://redis.io/topics/acl

  • jmgcaguiclajmgcaguicla Member
    edited November 2021

    @Boogeyman said:
    Add this in your reply to make it more spicy.
    https://redis.io/topics/acl

    ACLs cant be used to restrict access to the databases on a per-user basis, just spin up a new instance for every tenant.

  • BoogeymanBoogeyman Member
    edited November 2021

    @jmgcaguicla said: ACLs cant be used to restrict access to the databases on a per-user basis

    Lately I don't understand any sarcasm. Is this one? But if not that depends on what database you are using. Most modern database today have ACLs to restrict what a user can do or can not. But to be on safe side I would surely spin up new instance for anything critical. Software updates can go wrong and vulnerabilities may say hello my old friend.

  • jmgcaguiclajmgcaguicla Member

    @Boogeyman said:
    Lately I don't understand any sarcasm. Is this one?

    Being dumb = sarcasm image

  • BoogeymanBoogeyman Member
    edited November 2021

    @jmgcaguicla said:

    @Boogeyman said:
    Lately I don't understand any sarcasm. Is this one?

    Being dumb = sarcasm image

    I can't get better than this. I am not Mister Deank. I am a shame for the Nigh Sect. ( ͡° ͜ʖ ͡°)

  • jmgcaguiclajmgcaguicla Member

    @Boogeyman said:
    I can't get better than this. I am not Mister Deank. I am a shame for the Nigh Sect. ( ͡° ͜ʖ ͡°)

    Nigh license revoked

  • kkrajkkkrajk Member

    @MisterChew said: Is there a wp plugin that I can install to detect that stuff?

    The root of your troubles.

    In wp-config add
    define('WP_MEMORY_LIMIT', '756M');
    define( 'WP_MAX_MEMORY_LIMIT', '756M' );
    define( 'DISABLE_WP_CRON', true );
    define( 'WP_CRON_LOCK_TIMEOUT', 60 );

    Thanked by 1MisterChew
  • vyas11vyas11 Member

    @kkrajk said:

    @MisterChew said: Is there a wp plugin that I can install to detect that stuff?

    The root of your troubles.

    In wp-config add
    define('WP_MEMORY_LIMIT', '756M');
    define( 'WP_MAX_MEMORY_LIMIT', '756M' );
    define( 'DISABLE_WP_CRON', true );
    define( 'WP_CRON_LOCK_TIMEOUT', 60 );

    Negative.

    In wp world,
    Plugins rule and override all settings :-) OP also asked for a plugin

    Thanked by 1kkrajk
  • jarjar Patron Provider, Top Host, Veteran
    edited November 2021

    @bikegremlin said:

    @jar said:

    @bikegremlin said:

    @jar said:

    @MisterChew said: REDIS and MEMCACHED are disabled for shared hosting

    Unless users get their own dedicated instances, this is a good thing for security. Shared caching written and altered by users without separation of ownership is a recipe for a good old fashioned attack by polluting cache.

    Make everyone's site into pornhub with this one neat trick...

    I would argue: not necessarily if the server runs on CloudLinux.
    Hoping providers will correct me if I'm wrong.

    The defining feature of Cloud Linux is to limit users, not to optimize them. So a poorly optimized website would run worse, if all else was equal and the CL install was used in it's intended way.

    Not arguing, but asking for clarification. I'm a bit confused.

    To this:
    "REDIS and MEMCACHED are disabled for shared hosting."

    You replied this:

    "Unless users get their own dedicated instances, this is a good thing for security. Shared caching written and altered by users without separation of ownership is a recipe for a good old fashioned attack by polluting cache.
    Make everyone's site into pornhub with this one neat trick..."

    Does CloudLinux not isolate user accounts and prevent such problems?

    Also, with all that in mind, I'm not following this last reply you made.
    LiteSpeed is for caching & optimization. And it works better when Redis is enabled.

    Does it have some problems with Redis on a CloudLinux server?

    Additional info:
    I've seen some highly reputable (and expensive) shared/reseller hosting providers allow Redis on their servers. Of course, it's not impossible that they are still clueless (though I don't think that's very probable), or that they are giving in to customers requests, even if it is a security risk (a bit less improbable, and definitely not impossible IMO).

    EDIT:
    I just saw your last reply, will look into it, so this reply may not be relevant. :)

    I said it's not secure unless you have dedicated instances. If CL provides that then cool. But no, nothing about how CL isolates users would inherently make a shared redis instance secure. It would be impossible to do that without rewriting redis and the software that uses it, which at that point would be developing a new application on both ends, so you might as well give it a new name.

    Thanked by 1bikegremlin
  • bikegremlinbikegremlin Member

    @jar said:

    @bikegremlin said:

    @jar said:

    @bikegremlin said:

    @jar said:

    @MisterChew said: REDIS and MEMCACHED are disabled for shared hosting

    Unless users get their own dedicated instances, this is a good thing for security. Shared caching written and altered by users without separation of ownership is a recipe for a good old fashioned attack by polluting cache.

    Make everyone's site into pornhub with this one neat trick...

    I would argue: not necessarily if the server runs on CloudLinux.
    Hoping providers will correct me if I'm wrong.

    The defining feature of Cloud Linux is to limit users, not to optimize them. So a poorly optimized website would run worse, if all else was equal and the CL install was used in it's intended way.

    Not arguing, but asking for clarification. I'm a bit confused.

    To this:
    "REDIS and MEMCACHED are disabled for shared hosting."

    You replied this:

    "Unless users get their own dedicated instances, this is a good thing for security. Shared caching written and altered by users without separation of ownership is a recipe for a good old fashioned attack by polluting cache.
    Make everyone's site into pornhub with this one neat trick..."

    Does CloudLinux not isolate user accounts and prevent such problems?

    Also, with all that in mind, I'm not following this last reply you made.
    LiteSpeed is for caching & optimization. And it works better when Redis is enabled.

    Does it have some problems with Redis on a CloudLinux server?

    Additional info:
    I've seen some highly reputable (and expensive) shared/reseller hosting providers allow Redis on their servers. Of course, it's not impossible that they are still clueless (though I don't think that's very probable), or that they are giving in to customers requests, even if it is a security risk (a bit less improbable, and definitely not impossible IMO).

    EDIT:
    I just saw your last reply, will look into it, so this reply may not be relevant. :)

    I said it's not secure unless you have dedicated instances. If CL provides that then cool. But no, nothing about how CL isolates users would inherently make a shared redis instance secure. It would be impossible to do that without rewriting redis and the software that uses is, which at that point would be developing a new application on both ends, so you might as well give it a new name.

    Here's some info on that:

    Marketing talk:
    https://www.cloudlinux.com/getting-started-with-cloudlinux-os/41-security-features/934-cagefs-tenant-isolation/

    User questions - seems it's not perfectly safe:
    https://cloudlinux.zendesk.com/hc/en-us/community/posts/360010668479-Redis-on-shared-cPanel-server-running-CL

    Practical example of a provider's policy, disabling Redis for security reasons:
    https://www.proisp.eu/faq/support-redis/

    Thanked by 1jar
  • jarjar Patron Provider, Top Host, Veteran

    @bikegremlin said: https://cloudlinux.zendesk.com/hc/en-us/community/posts/360010668479-Redis-on-shared-cPanel-server-running-CL

    I loved this line:

    It will be safe like MySQL (other local user will still be able to reach the other local users DB).

    So like not safe, and not like MySQL at all lol

    Thanked by 2bikegremlin Maounique
  • BoogeymanBoogeyman Member

    CL probably uses chroot and cgroups for isolation. And this is their library for kernelcare.

    https://github.com/cloudlinux/libcare

  • AndrewSSDAndrewSSD Member, Host Rep
    edited November 2021

    It's simple just move your website to another web hosting , Also you can ask your web hosting to give you a graph of your usage.

  • drunkendogdrunkendog Member

    @poisson said:
    My view regarding OP is that he obviously has little clue about managing his own server, so he should just go somewhere else. Perhaps other providers have a higher tolerance or limits for resource overuse, but because computing resources are always finite, there may be a good chance that others on the same node will fuck up the same way OP did and then affect OP's server, which is something that Nexus Bytes keeps to a minimum with his strict resource overuse policy.

    At the end of the day, no provider can please each and every customer. For those of us who are competent enough to manage our own servers to keep it within limits, we are happy to be with Nexus Bytes because he is really strict with incompetent folks like OP and would rather not take their money. OP can just raise a refund request with Nexus Bytes and I am very sure he will give you back your money in full because your pennies are not worth potentially losing all his other customers.

    I recognize that OP will not be happy with my response, but I am just calling a spade a spade. OP can either spend time learning how to manage his server properly or move somewhere else. As someone else said earlier, OP's time is precious, but so is the provider's. If you are not happy with the provider, seek a refund, move somewhere else, and save both your time and the provider's time. If OP demonstrated clear technical competency, I would side him but obviously he is clueless so it is far better that he not waste his time, the provider's time, and LET folks' time (although many LET folks do have a lot of time to spare).

    I don't know why you're insulting OP so much. Looking at the resource use graphs he posted, we can see that there's nothing that would even remotely approach fair use limits.

    will fuck up the same way OP did and then affect OP's server

    ???. I'm really not sure where you saw that — the graphs I saw show very ordinary usage that definitely doesn't justify this sentence.

    Thanked by 1MisterChew
  • team_traitorteam_traitor Member

    @MisterChew said:
    About 44 BF attacks on Nov 2nd. 296 on Nov 1. 410 on Oct 31st.

    that is not normal. It seems like they are using a script to try their way in slowly to avoid detection. If you are not a target you should be getting a zero on failed logins.

    there are a lots of script kiddies today..

  • defaultdefault Veteran

  • nathassanathassa Member
    edited November 2021

    Zero visitor doesnt mean zero activity in your hosting account if you have cronjob or script running in your hosting it will counting in your resources.
    i see it was shared environments and i see you have heavy plugin like Elementor Pro, Ithemes and WPRocket sometimes it will eat your cpu & memory higher. you can disable them [except elementor] or you can upgrade your packages or maybe you can "migrate" to another provider who allow higher cpu usage.

  • jetchiragjetchirag Member

    @jar said:

    @MisterChew said: REDIS and MEMCACHED are disabled for shared hosting

    Unless users get their own dedicated instances, this is a good thing for security. Shared caching written and altered by users without separation of ownership is a recipe for a good old fashioned attack by polluting cache.

    Make everyone's site into pornhub with this one neat trick...

    Cloudlinux might be releasing user seperated redis instances soon: https://blog.cloudlinux.com/wp-optimization-suite-a-new-powerful-feature-for-websites-performance

    Thanked by 3Maounique bikegremlin jar
  • MaouniqueMaounique Host Rep, Veteran
    edited November 2021

    @jetchirag said: Cloudlinux might be releasing user seperated redis instances soon

    They should just release a bare metal hosting OS. I think we are not far from that.
    Chose at install apache/litespeed, PHP type, versioning, db type or make it user selectable, things like those, in an interface like a unified cPanel/WHM. 2 types of interface, one with defaults for a few scenarios (free/balanced/performance) for newbies and one advanced with all controls.
    All-in-one-wonder-pro.
    I think it is possible and not so difficult to maintain by a serious company. The price will be like cPanel plus extras of whatever paid products you include.

Sign In or Register to comment.