Interested in Deca Core Dedicated Servers? View our inventory.
What is a deca core dedicated server?
Deca Core Dedicated Servers are servers that have a processor with ten cores. By having multiple cores the deca core server can handle ten different processes simultaneously. Deca core processors are typically used in HPC (high-performance computing) where the workloads can take advantage of multiple cores.
In a server deployment, deca core dedicated servers can greatly help with high trafficked websites, database processing, as well as workloads that use a lot of parallel processing like machine learning and AI.
How do deca core dedicated servers work?
Deca-core processors generally have greater performance than less cored systems because they can simple process more instructions in parallel. With the the ten cores running on the same chip, they to share the same data path and memory to the motherboard. This increases efficiency and reduces redundancy.
Many of the deca core processors are well-threaded. which allows server to benefit from an increased number of cores, higher memory capacity, and a larger cache.
It should be noted that old legacy applications and programs may not see a performance hike. Applications and programs written before multi-core servers were not programmed to utilize the parallel instruction efficiencies of the system. Yet another reason for companies who still used legacy programs to invest on upgrading internal systems. The change in speed alone often justifies the development costs.
Another note is based on performance. Though a deca core has ten times the cores of a single core processor, it does not necessarily have ten times the processing speed.
What are the advantages of a deca core server processor?
- Improved performance
- Reduced latency
- Lessens heat generation
- Maximizes bandwidth and main memory
- Better suited to modern system architecture
- Helps decreases power consumption
Due to their nature, deca core systems are extremely important in high-performance private cloud and cluster arrangements. Their ability to process instructions in parallel make them the perfect foundation for creating virtual machines.
GigeNET uses the Intel Xeon E5-2630 v4 processor, which is a dual deca (two 10 core processors on one board) core processor system. These servers were built for enhanced virtualization and cloud deployments, while supporting more traditional applications. Learn more about them here.
Selection of your organization’s hosting environment will define the foundation of your businesses’ online presence; as such, determining your online needs should be an informed and measured approach. There are two online hosting options: dedicated and shared. [This article] will explain the benefits and features of dedicated hosting.
There will be cases where shared hosting may be more advantageous than dedicated servers; you will find information about shared hosting [here], or click to speak with a dedicated representative.
What is Dedicated Hosting?
A dedicated server allows for secure and exclusive access to hardware and connectivity, and ensures your machinery is not accessed by any other user or organization. A useful parallel would be to consider the transportation sector – private and public sector vehicles – where private vehicles represent dedicated servers – vehicles solely for the user – and where public transportation represents shared access to physical resources. With private transportation, the vehicle is for the user, exclusively, and the specification of the vehicle is for the user to define.
Generally and technically, dedicated servers provide for greater degrees of security and customization. Additionally, 3rd party or proprietary software services are often prohibited from running in shared environments.
All hosting solutions that are not dedicated are environments of shared services, including virtual private servers (VPS) and shared Webhosting.
An Introduction to Dedicated Server Hosting
A Dedicated server, as mentioned, provides a user with private access to a dedicated physical machine. The server, network, and the data contained therein are not accessible to any other user, except with authorization.
Below are the primary benefits of deploying a dedicated server:
- Enhanced Security
- Control and customization
- Speed and performance
When You Should Consider Dedicated Hosting
The configuration, size, and demand of your sites’ services are all influencing factors to consider when thinking about the choice between dedicated services and shared hosting services. Speed, security, availability, managed updates, and performance are requirements for many online businesses, and a dedicated server can be configured to meet those needs with precision.
For businesses offering digital store fronts or login facilities, additional layers of security and monitoring services can be deployed in a dedicated environment that may not be available in a shared hosting environment. These are premium features associated with [GigeNET] dedicated services and a reason for the price differential between shared and dedicated hosting.
GigeNET offer flexibility in choice of hardware and software and includes 24/7 managed contracts as a complimentary service. GigeNET managed services offer the benefit of proactive monitoring, management, and maintenance of private networks, and ensures that your services run optimally and maintain consistent availability. Managed services are especially useful for businesses that do not employ technical administrators as staff members.
Managed Server Benefits:
- Business continuity – back-up and restore
- Software Service Updates
- Proactive Security Monitoring
Most dedicated servers are managed services, as this allows for business executives to focus resources on their core business activities with confidence and assurance that their online presence remains robust, available, and reliable. GigeNET remains an industry leader and a pioneer of server management and security maintenance services, including the initial development of DDoS mitigation.
We’re here to help design a dedicated solution that’s right for your business. We’ve been in this business for decades, starting at the onset of the online era, and consistently deliver services proudly hosted by high-profile clients, agencies, online businesses, and hosting resellers.
You’ll also have unlimited bandwidth and databases to play around with. This is in addition to full Shell Access (SSH) and support for PHP, Perl, Python, and Ruby.
Our dedicated hosting is the most powerful and comprehensive option we offer, with plans starting at $149 per month.
Easy setup and Quick Deployment
GigeNET dedicated hosting plans are the ideal solution for high-traffic sites that require speed and consistent uptime.
How to Configure a Dedicated Server in a few easy steps
We’ll walk you through how it works step by step, using our own hosting service as an example.
Start the Configuration Process
Existing XYZ customers can start the configuration process by logging in and accessing the. Link for dedicated server. Quotations.
If you are a new user, you can sign up for an account here. Please, feel free to contact us to discuss your requirements. We’ve made the setup and quotation simple and quick, and once generated, we can follow up with a call to ensure that all your business needs are being addressed.
We will now review the steps to configure and customize a Qdedicated server and within a few minutes you’ll have a proposal and package that’s ready to go.
Step 1: Select Your Processor
The Central Processing Unit is the primary component to consider when building a server. A CPU carries out tasks and commands; as multi-tasking provides for more work to be done, additional cores provide the capacity to process additional concurrent tasks.
Step 2: Select Your Memory
Memory – RAM (Random Access Memory) requirements are based on multiple factors including OS requirements, applications requirements, and site traffic. You can choose from 64GB – 512GB of RAM for your machines based on the combination of the above factors.
Step 3: Select Your Storage – Drive 1 and 2
Aliquam a arcu pulvinar, accumsan nibh a, convallis nulla. Ut dictum neque ut dictum consequat. Sed pulvinar dui quis gravida aliquam. Nulla ut feugiat justo, ut vehicula arcu. Praesent feugiat tellus diam, eu egestas sem dignissim et.
Step 4: Select Your RAID Level
Aliquam a arcu pulvinar, accumsan nibh a, convallis nulla. Ut dictum neque ut dictum consequat. Sed pulvinar dui quis gravida aliquam. Nulla ut feugiat justo, ut vehicula arcu. Praesent feugiat tellus diam, eu egestas sem dignissim et.
Step 5: Select Your IP Addresses
Aliquam a arcu pulvinar, accumsan nibh a, convallis nulla. Ut dictum neque ut dictum consequat. Sed pulvinar dui quis gravida aliquam. Nulla ut feugiat justo, ut vehicula arcu. Praesent feugiat tellus diam, eu egestas sem dignissim et.
Step 6: Select Your Operating System
Step 7: cPanel License
Step 8: CloudLinux
Step 9: Select Your Bandwidth
Step 10: Select Private Network
Step 11: Select Management Plan
Step 12: Select Server Security
Step 13: Select Monitoring
Step 14: Select DDoS Protection
Step 15: Select Backup
Step 16: Select Web Server Software
Step 17: Select Database Software
Step 18: Select Contract Length
Step 19: Select Billing Period.
Step20: Select a Payment Plan
If you choose a yearly payment plan, you’ll pay more upfront but will save money in the long term. Choose the option you prefer and then click on Add Server to complete your purchase.
Setting up a Dedicated Server
GigeNET dedicated hosting plans are the ideal solution for high-traffic sites that require fast speeds and consistent uptime.
Which Email Protocol do I choose? IMAP or POP3?
Email is, by far, the most common means of online communication these days. Believe it or not, email dates back nearly 50 years and has seen little change in that time. An email sent in the early 1970s would look much as it would today. The key to email’s success is that it is based on a series of well-defined standards with a decentralized design that will likely help email remain in wide-spread use for a very long time.
Email operates using a classic client-server model. A client is a program that end-users (you) interact with. Common email clients are Outlook, Thunderbird, various email clients built into operating systems (like Microsoft Mail and Apple Mail), and web-based email clients (Hotmail, Gmail, to name a couple). This is where incoming messages are read and outgoing messages are composed.
The server is another program that makes the whole system work behind the scenes (at least from the end-user point of view). Email clients connect to the server regularly to check for new messages and to dispatch outgoing emails. Each email server connects to the global network of email servers in order to route mail all over the world, making sure each message is delivered to the correct server, and eventually to the recipient when their client connects to their own server.
Configuring Your Email Client
Inbound and outbound email messages are handled by different protocols, and often – especially with larger email systems – by separate servers. Configuration of the client requires you to know the hostname and port used for both inbound (new mail) and outbound (sent) messages. This information is often found on the mail server’s interface, if you are managing your own email server. Otherwise, it can be requested from the server’s administrator.
Outbound (sent) messages are handled almost universally by SMTP, so we’ll address that first.
SMTP (Simple Mail Transport Protocol)
Outgoing email configuration is usually as simple as specifying the SMTP server, network port, and supplying credentials for authentication. The SMTP server is the device your email client connects to in order to relay messages sent by you to the email server corresponding to the recipient’s email account. It is typically something like smtp.domain.com or mail.domain.com.
A network port is a thread of a network connection. If you transmit data on port xyz, it will come out port xyz on the other end. SMTP historically uses port 25, but modern systems tend towards port 587 these days. Occasionally you will see 465 (deprecated), 2525 (non-standard), or less commonly a unique port number.
Finally, you will need to authenticate with your SMTP server to prove that you are authorized to send email through this email relay server. This will be the same username and password you use to log into your email account.
Configuring a client for incoming email is a bit more complex because there are two commonly-used methods to choose between. Some email servers may only support one method, so your decision has already been made for you.
POP3 (Post Office Protocol)
POP3 is a protocol that mail clients use to download email messages from an email server and store them on the local machine. This is the original protocol that is used to fetch email from a mail server and the most widely available. When using POP3 your mail client will contact the mail server to check for new messages. If any are found, they are downloaded to the email client and deleted from the server (there is often a setting to delay this deletion).
POP3 was at its prime during the age of dial-up and transmits a minimal amount of data between client and server. It also keeps the space used by your email account low since messages are only stored on the server until they are downloaded by the client. While these were both big selling points when dial-up was the norm, they are pretty much inconsequential now unless you are dealing with a poor or spotty internet connection.
POP3 can be problematic when using multiple clients to access the same email account. Since messages are deleted after delivery, by default, they only appear on the client that downloaded them. This can lead to some messages on your phone client, and others on your desktop client, though this can be mitigated somewhat by delaying the deletion on the server. Additionally, POP3 clients lose all messages if the data on your client device is lost or destroyed with no way to recover them if you don’t have a backup.
Configure POP3 on your client by entering the server name, network port, and authentication. POP3 typically uses port 110 for unencrypted connections, and port 995 when encryption is used.
IMAP (Internet Message Access Protocol)
IMAP differs from POP3 in that it leaves email on the server. When a client connects to check for new mail, the latest messages are synchronized with the server, downloading copies of new messages. IMAP clients often cache a number of messages on the client for off-line access, but local storage use is minimal. This fits well with the always-online reality of today, and doesn’t bog down mobile devices with large email archives, where storage can be at a premium. You can access your mail from any number of IMAP clients and see the same messages, and losing a device or upgrading to a new one doesn’t cost you your email history.
In most ways, IMAP is superior to POP3, but it may suffer when your internet connection is spotty or you want to have access to your entire email account off-line.
Configuration of a client for IMAP uses the typical server name, network port, and authentication we’ve seen before. In this case, the standard ports are 143 for a standard connection, and 993 for an encrypted one.
Which do I choose? IMAP or POP3?
POP3 is an old protocol and it has had its time and place. As a result, IMAP was designed to address the shortcomings of POP3 and keep up with how email is used in this modern day and age. Given a choice, go with IMAP. There are a few situations where POP3 may be prefered, and in some cases is the only option available. Should you find yourself having to use POP3, do yourself a favor and set it to put off email deletion on the server for as long as possible (indefinitely, if you can).
Hopefully, this guide has helped you better understand how email works – which is a good thing, because it will likely be around for a long time. I find it interesting to see how the protocols that facilitate client-server communication have evolved to keep up with the times, yet the appearance of an email message has remained essentially unchanged.
A few key practices that can secure your server
The advent of the Internet Age has had a profound effect on how business is conducted. Maintaining an online presence is no longer optional for most companies if they want to stay relevant and competitive. Existing and potential customers use the Internet to make purchases, manage their accounts, research products, and much more. The benefits of this are immeasurable, but it doesn’t come without a dark side — hackers. With so much riding on your website and online reputation, it is absolutely vital to keep your servers secure.
Security professionals devote their entire careers to keeping up with the ever-evolving nature of online threats and global corporations have whole teams with substantial resources dedicated to keeping their online properties secure. Taking on the chore of securing your server may seem like a daunting task, but we’re here to help! We have identified a few key practices that can secure your server enough to defend against the vast majority of attacks and dissuade all but the most elite hackers. It doesn’t take a large amount of system administration ability to secure your server using these methods, but look into our management plans and SecureServer+ services if you’d rather leave it in our capable hands.
Get Behind a Firewall
The first line of defense for any secure environment is a firewall. There are several firewalls to choose from, but they all typically have the same basic features. A firewall is either an application or a physical device that resides between the internet and any network-facing services on a server. It acts as a gatekeeper for network traffic, using a set of rules to filter both inbound and outbound connections. However, a firewall is only as good as the rules it is given to work with. A well-configured firewall can filter out the vast majority of malicious connections, while a poorly-configured one will be far less effective.
The first decision is hardware or software. Most modern operating systems come with a built-in software firewall application, which is usually sufficient. A dedicated appliance, also known as a hardware firewall, is often used in front of multi-server environments to provide a single point for firewall administration.
No matter what type of firewall you end up using, your next step is defining a good set of rules. Rule number 1 when configuring a firewall, especially remotely, is to be very careful to not lock yourself out by blocking the connection you are using to access the firewall. It is always good practice to have a fallback access method to change firewall rules should you accidentally block your own connection – typically a physical console or an out-of-band console solution like IPMI, ILO, or DRAC.
Start by considering what services your server provides. Network services utilize specific ports to help differentiate between types of connections. Think of them as lanes on a VERY wide highway with dividers to prevent one from changing lanes. A webserver, for example, will typically use port 80 for standard connections and port 443 for connections secured using an SSL certificate. These services can be configured to use non-standard ports so be sure to verify which ports your services are using.
Next, determine how you will remotely administer your server. On Windows, this is typically done via RDP (Remote Desktop Protocol) and on Linux, you will likely be using SSH (Secure Shell). Ideally, you will want to block access to the ports used for administration to all but a handful of IPs or to a small subnet in order to limit the access to these protocols from anyone not within your organization. For example, if you are the sole administrator of a Linux server, open the SSH port (typically 22) to connections from only your computer’s static IP address. If you don’t have a static IP address, you can often determine a subnet from which you will be assigned an IP. While whitelisting a range of IPs isn’t ideal, it’s far better than opening up that port to the whole Internet.
To generate a solid set of rules, block all ports from all IPs then create specific rules to open those ports needed for your services and administration – remembering not to lock yourself out. The ports opened for your services should generally be open from all IPs, but limit administration ports as discussed above.
While a firewall shouldn’t be your only line of defense, creating a reasonable set of firewall rules is a great starting point for enhancing your server’s security. In truth, no server should be without at least a basic firewall configuration.
Authentication & Passwords
One of the simplest ways to enhance your server’s security is simply by enforcing a strong authentication policy. Your server is only as secure as the account with the weakest password. Follow good password guidelines for any password used on a server, such as making sure that your password is of adequate length, not a dictionary word, and not used on other services that could themselves become compromised and leak your password. While you can limit remote access to your server via a good firewall configuration, there are still exploits that can be used to send commands to a system through compromised or unpatched services running on open network ports.
In many cases, it’s possible (and more convenient) to go passwordless altogether! If your main method for accessing a server is via SSH, you can disable password authentication in your server’s SSH config file and instead use a pair of public and private keys to authorize your connection.
Keep in mind that this method may not be as convenient if you need to be able to login to your server from anywhere at a moment’s notice, since you will need to add your private key to any new system you are connecting from. Also, while this approach makes remote connections an order of magnitude more secure, don’t neglect to never-the-less set a strong password on your account. Hackers are sometimes able to access a system in other ways, and you wouldn’t want to have an account with elevated access secured by a password like, “1234.”
These days, two-factor authentication (2FA) is becoming very popular. When using 2FA, not only does a user need to authenticate with their password, they also need to provide a one-time-use code sent to a previously registered email address or mobile device to further verify their identity. Implementing something like this on your server could be done through a third party service, or by using a 2FA-enabled account (like Google or Microsoft). cPanel\WHM now supports two-factor authentication, so this may be an option for you if you use this control panel as your main means of server administration.
Brute Force Protection
A common attack vector on servers is a brute force attack. These are remote login attempts using guessed usernames and passwords, repeated over and over, as fast as the servers and network will allow. Unprotected, this can be several hundred thousand attempts per day — enough to crack any 8-character password in a month. For this reason, it is prudent to install some form of brute force protection on your server.
Most approaches to brute force protection take one of two forms. The first method introduces a timeout between login attempts. Even if this timeout is as short as a single second, this can cause an attack to take many times longer to crack the password. You’d likely want a longer timeout to provide better security, while not overly-interfering with legitimate login attempts by users making typos. Some systems take a clever approach to this method by increasing the timeout with every failed attempt, often exponentially. Fail once, wait 1 second. Fail again, wait 5 seconds. Fail a third time, wait 30 seconds… By the fourth attempt, you’re going to be very careful entering your password.
Alternatively, a variation of this method puts a hard cap on the number of attempts allowed within a set period of time. Failing to login too many times will get the account locked out – either temporarily, or in more extreme cases, until unlocked by a server administrator. This method effectively puts a stop to any brute force attacks, but it can be more annoying for valid users who aren’t very careful about entering their passwords.
The second method is to introduce a Captcha to the login request. This forces the user to perform a feat that is trivial for a human, but difficult for a computer. Often, this involves some sort of image recognition, such as identifying all the pictures in a grid that contain a street light, or deciphering some text written in a blurry font. While computers are usually able to solve these requests eventually, it takes them much longer than a typical human and greatly slows down the attack. Captchas are also often used to protect public comment sections from spam posts and sign-up forms from fake account creation.
Brute force protection can be found in many firewalls, or in the operating systems themselves — but don’t forget about other accounts, such as WordPress, cPanel/WHM, etc. Make sure any exposed login has some form of brute force protection enabled.
Software Updates & Security Patches
Software and operating system updates and security patches are also important to maintaining a secure server. All of your other efforts can mean nothing and go entirely to waste if you are running an outdated version of an operating system vulnerable to known exploits.
Most software and operating system vendors dedicate significant resources into keeping their products patched against the most recently discovered exploits, so much so that many minor releases contain more security fixes than feature updates. Maintaining this level of vigilance on older versions of their products can be costly, so software and operating systems are frequently classified as End of Life (EOL) after a number of years. Among other things, this means that the product will no longer receive updates for exploits that may be discovered after EOL has been reached.
A commonly seen case of this type relates to PHP, a scripting language commonly used on the web. At the time of this posting, all PHP versions older than 7.2 are EOL. Despite this, PHP versions as old as 5.3 are still common out in the wild. There are significant differences between 7.2 and 5.3, making upgrading to a supported version impossible without significant reworking of the code.
Fortunately, with this specific example of PHP versions, CloudLinux has you covered on a cPanel server. CloudLinux offers hardened versions of old PHP versions, as well as security updates, well past the EOL date. However this issue could happen with any software, and most don’t have a solution as simple as CloudLinux.
It is not good practice to run outdated operating systems either. For example, CentOS 5 has been EOL for some time, yet it is not a terribly rare sight. If you happen to be running something like this, you should be planning your upgrade path as soon as possible. When the operating system you are running on goes EOL, it’s common that even supported software on your server will also stop receiving updates, since vendors won’t qualify new versions on EOL OS versions. This can have a cascading negative effect on the security of your server.
Code & Custom Applications
Unfortunately, even the most hardened server can still be vulnerable to attacks through insecure code or applications running on a website.
If you are running a customizable web application, such as WordPress, Joomla, or Magento, it is critically important for you to keep not just the core application up to date, but any plugins or themes as well. This also applies to the code of the project themselves – if you suspect that your theme or plugin is “dead” and no longer being updated, it is prudent to look for alternatives. New exploits are constantly being discovered, and an application or plugin is only as secure as it’s last update.
When dealing with custom code created for you by a developer, it is wise to maintain a continued relationship with your developer so that you can continue to receive updates. Otherwise, you may end up in a situation as described above, where you find that you can no longer update your PHP or other important software because the website is not compatible with the new version.
This attack vector can be the hardest to defend against, because your datacenter or hosting provider generally can not support the custom software and code that is running on your server. Unless you are running entirely off-the-shelf software, make sure you have a plan to keep your code updated and patched.
As you can see, securing a server goes far beyond the initial setup. While this is important, equally vital is keeping it up-to-date in order to combat the ever growing list of known hacks and exploits. The damage caused by a compromised system, both financially and to your reputation, can be massive. As the old adage goes, an ounce of prevention is worth a pound of cure.
Due to the nature of shared hosting, DNS services are typically managed by the hosting provider. However, when upgrading to a dedicated server or to a cloud server, that responsibility will typically fall on you. Hopefully, we can help shed some light on DNS to improve your understanding of this important component of your environment. Continue reading…
With over 4,000 products on their eCommerce website, it’s crucial that Royal has a dedicated hosting company that can keep their website running smoothly and efficiently. With a dedicated server from GigeNET, Royal’s website is hosted on a server that is entirely dedicated to their business on the fastest-route optimized network.
To avoid downtime and lost revenue, Royal has chosen remote backups from GigeNET as a means of providing data security and to help maintain stable operations. With thousands of products and customers, having a strong backup strategy in place is paramount to ensure data retention and restoration.
Royal has also secured the connection between their website and its visitors by encrypting the traffic with an SSL (Secure Socket Layer) certificate. They value their customer’s personal information and wanted to do everything they can to ensure that it remains private. Adding an SSL certificate to your website like Royal has, will give your customers peace of mind that they’re visiting a safe and secure website run by a brand they can trust.
Although Royal Wholesale the most technologically advanced wholesale distributor in the confectionery industry, they need to focus on running their business, not their dedicated servers. For this reason, Royal chose to take advantage of GigeNET’s fully managed dedicated server hosting. With this level of hosting, Royal receives IT infrastructure support from GigeNET’s engineering team, world-class data centers, an industry-leading network, hardware, infrastructure, and support Service Level Agreements. If you’re interested in learning more about how GigeNET’s products and services can help your business like we’ve helped Royal Wholesale, contact us today.
Typically, managing servers and websites require a fair bit of knowledge, plus a good familiarity with the command line. For some, this can be a bit daunting – and that’s where control panels come in. A control panel collects most of the functions and tools needed to manage a server in one interface and presents it in a way that doesn’t require one to be especially technically adept. Once installed, most server functions can be handled in this one GUI, with no knowledge of the command line needed. A good control panel makes managing a server accessible to anyone.
If you already use a control panel, chances are it is cPanel, one of the most widely-used web hosting panels, especially in the US market. With recent changes to cPanel’s pricing structure that have sent prices for some of their users through the roof, you may be searching for alternatives. The good news is, there are plenty and most of them are free and open source. In this post, I’ll be doing an overview of some of the best free cPanel alternatives I’ve come across.
This first one is my personal favorite due to its extensive OS support and rich feature list. Virtualmin runs on almost any Linux or BSD based operating system with wide support for CentOS, Debian, and Ubuntu. By building upon Webmin, a solid control panel in its own right, Virtualmin boasts a wealth of features and makes it easy to host your websites, email and DNS. While Webmin is more about overall server management, such as editing configurations for your database server, web server, and mail server, Virtualmin adds features enabling it to directly manage your sites and databases. You can create new virtual hosts, manage databases, add or edit hosting packages, manage email accounts, view website statistics, install scripts and much more. Virtualmin is by far the most comprehensive free control panel that I’ve come across. Virtualmin also provides a professional version of their panel that includes support. Otherwise, they maintain active community forums where users help each other with support issues.
VestaCP is another free and open-source control panel that I’m a fan of. Like Virtualmin, VestaCP is fully supported and runs on CentOS, Debian, and Ubuntu, but it is much easier to set up and manage. VestaCP handles all the basics with ease, allowing you to create virtual hosts for your sites, email accounts, and manage DNS – just as you would with most other control panels. It’s also much more pleasant to look at with its clean interface and much less clutter than Virtualmin’s GUI. While VestaCP is great due to its ease of use and clean aesthetic, it doesn’t give you the wide range of functionality that Virtualmin provides. I believe VestaCP is best for new users, especially those that want something simple and easy to use. Unfortunately, VestaCP has been plagued with a number of critical vulnerabilities that have been trivial to exploit. VestaCP offers support but it’s quite expensive in relation to the sparse feature set.
HestiaCP is a newer control panel that’s a fork of VestaCP code. Like VestaCP, it is free and open-source, although HestiaCP now maintains their own code and no longer merges code directly from VestaCP. It’s completely independent and more actively developed than VestaCP, which has lead to it gaining popularity among previous VestaCP users. While a lot of the code is identical to VestaCP, I believe they’ve made significant improvements to the UI. VestaCP is quite bland and lacking in detail, whereas HestiaCP looks polished and professional while adding the detail missing from its predecessor. The downside of using HestiaCP is that it has a significantly smaller community behind it, although it seems the developers are very helpful and responsive. I couldn’t find out if HestiaCP offers paid support, which would be a nice option to have, especially if you’re looking to run this in an enterprise environment.
CentOS Web Panel
CentOS Web Panel is a fully-fledged control panel with many great features. As the name suggests, it’s CentOS based which is a favorite OS among people looking for stability and long-term support. CentOS Web Panel provides the same fine granular control over your server as Virtualmin while touting some additional interesting features. The AutoFixer feature, for example, is designed to detect and fix configuration issues with your server. On the down-side, the web interface for CentOS Web Panel, unfortunately, doesn’t look as nice as the others reviewed here and it isn’t as popular as Virtualmin or VestaCP. This leads to a smaller community, though it does provide support as a service. It also looks like CentOS Web Panel hasn’t released an update since 2018, which suggests that the project is no longer actively being developed you may want to proceed with caution.
As you can see, there are a number of alternative control panels out there, freely available for use. While most of them are not as comprehensive as cPanel, they are never-the-less quite decent and robust enough to be deemed production-ready by many. Hopefully, this brief overview will help navigate some of the better open-source alternatives to cPanel.
What is a blacklist?
At a fundamental level, a blacklist is just a list of IP addresses that have been flagged for engaging in some type of undesired activity. This undesired activity can include email spam, botnet attacks, and several other types of malicious activity.
There are numerous blacklists that are compiled and maintained by a number of organizations throughout the internet. Some are for the exclusive use of a corporation, for example, Microsoft utilizes their own private blacklist in order to reduce spam going to their email clients. Others make the contents of their lists available to subscribers for a fee, while the rest offer up their lists to the public at no cost.
The most common types of blacklists we encounter are designed to reduce spam. These blacklists are generally created with the goal of providing a server administrator the means to curb the flow of email spam on their network by tracking IP addresses used by known spammers. Any attempt to deliver email to a mail server by a blacklisted IP is rejected outright, preventing the server from having to deal with the message at all. It is assumed that all email from a blacklisted IP is spam so no resources are spent trying to determine whether or not each individual message is valid, or not.
I’ve been blacklisted?! How did this happen?
Usually, when we are contacted by our end users about email delivery problems, they will discover the existence of blacklists. Generally, the way someone discovers they have been blacklisted is because emails that they’ve sent from their server will start bouncing back to them as rejected. This is a good indication that their server’s IP address has found its way onto a blacklist used by the receiving mail server to filter out potential spam.
Blacklist entries can occur for several different reasons, and these will vary depending upon the blacklist operator and how they manage their lists.
- Your IP address may have been logged by a “honeypot” – meaning that your server sent an email to a monitored email address that is not expecting emails but is set up to monitor inbound emails. These are a form of spam traps, as any email sent to these addresses are assumed to be unsolicited.
- An Internet user may have received an email from your server’s IP and clicked the “Report Spam” button. Some popular webmail services may report to one or more RBL (Real-time BlackList) services about these incidents.
- An Internet user may have reported an email from your server’s IP to a spam reporting body, such as SpamCop.
- A misconfiguration related to your server’s IP address may have been detected by the blacklist service. For example, some blacklists will list IP addresses that do not have a Reverse DNS PTR record configured that matches the SMTP server’s HELO banner – or for other reasons like this.
But, I don’t send spam, how was I reported to a blacklist?
There are a number of possible reasons why you may have been listed, but before reaching this conclusion, it is a good idea to review your mail server’s logs and make sure that you really are not sending spam from your server. In many cases, a website, a mail server, or an account on your server may have been compromised and conscripted into relaying spam email through your server without your knowledge.
If this is the case, it’s generally pretty obvious as there is usually a backlog of email in the queue. Inspection of the message headers will quickly indicate whether the messages appear legitimate or not.
If you are using cPanel and you prefer not to look through log files, you can use cPanel’s Mail Queue Manager to assess the situation.
If your server is truly clean and not sending out spam emails, the most likely reasons for getting blacklisted would include:
- If you recently obtained the blacklisted IP address, it may have been blacklisted due to a previous owner’s activities. If this is the case, usually blacklists are cooperative and will delist it if asked.
- If you’ve been recently blacklisted but can’t find a reason why, it may simply be a false positive. If the blacklist service provides samples of the reported spam this provides a good opportunity to review the email that caused the blacklisting and decide how to proceed from there.
Where do I go from here?
Once you have done your due diligence by making sure that your server is secure and not sending spam, or if you did discover a source of spam and have shut it down, you can move forward by requesting a delisting from the blacklists that have flagged your IP address.
It’s very important that due diligence is done first, as blacklists will often penalize repeat delisting requests. The reason is obvious — if it is easy for professional spammers to repeatedly get themselves delisted, this defeats the purpose of the blacklist. So, in order to ensure positive relations between you and the blacklist in the future, should you find yourself in the position of needing their help with another listing, it is good practice to make sure that every delist request submitted is completely valid and you are not at risk of being immediately re-listed for continuing offenses.
Delisting procedures vary from service to service, but they are typically automated, requiring you to fill out a simple web form providing the server IP, the reason for requesting delisting, and perhaps a verification code. However, some are not quite as easy, and others lack a process to request a delisting. In the latter case, these blacklists typically list IPs on a temporary basis, and after a set amount of time has passed without further incident, your IP is automatically removed. There is no way to speed up the process in this case.
Once your delist request has been submitted, depending on the blacklist service, it may be applied automatically or it may require human review. A good guideline is to expect resolution within 24-48 hours.
While it may seem that getting listed on a blacklist is a terrible thing, these lists do exist for a reason, and your email accounts would likely be flooded with massive amounts of email without them — it is estimated that well over half of all email messages are unsolicited. Blacklists filter out the majority of them before they even hit your mailbox. Also, finding yourself on a blacklist may be the first indication that your server has been compromised, a discovery that might take significantly longer otherwise. Finding yourself on the wrong end of a blacklist can be an annoyance, but their benefit far outweighs their burden.
What is SSL, anyway?
The primary function of SSL (Secure Socket Layer) is to secure the connection between your website and its visitors by encrypting the traffic while it’s in transit over the Internet. This provides numerous benefits, including combating man-in-the-middle attacks. The idea behind encryption is even if someone along the way can view the data while it’s in transit, they need the encryption keys to decipher it into something readable.
In addition, an SSL certificate serves to validate the identity of a website. For example, if you go to your bank’s website you want to know that the website is indeed operated by your bank, and not by an imposter. This helps to protect against phishing attempts and other fraudulent behavior that can damage your brand, or worse.
Type of SSL Certificates – and what’s the difference?
There are several common types of SSL certificates which you’ll see when you’re shopping around.
The key difference between the SSL certificates is how they are verified, and how much of a vetting process is involved in checking the identity of the applicant. This is done by the issuer of the SSL certificate, known as the certificate authority. Often, the quality of a certificate is tied directly to the reputation of the issuing certificate authority.
Paid SSL certificates typically also come with an insurance policy, providing financial compensation if there is a breach in which the certificate authority could be found at fault. This is vital protection for a website operator who is handling monetary transactions, such as an eCommerce site. Usually, this insurance coverage will increase with a more expensive SSL certificate offering. You would want to check with your SSL vendor if this is important to you.
Domain Validated (DV) SSL
A domain validated SSL certificate is usually the cheapest and most common type of paid SSL certificate. While you do usually place company information into the certificate request, none of this is actually vetted when applying for the certificate.
The only thing checked is that you control ownership of the domain name covered by the SSL certificate. Usually, this is checked by one of a handful of common methods, such as creating a DNS TXT record, receiving a validation email on an administrative contact email address for the domain, or placing a validation code into the website’s code.
A DV SSL certificate from a common certificate authority will be accepted by any major web browser and will show a standard https:// link, sometimes with a green text or a padlock icon to indicate that the site is secure. It is the most common type of certificate and is an everyday sight while browsing the web.
Organization Validated (OV) SSL
An OV SSL certificate is similar to a DV SSL certificate, but additional details of the company registering the certificate will be vetted by the certificate authority. In addition to everything a DV SSL provides, the certificate authority will generally provide a secure site seal, which is an image which can be embedded within the website which visitors can click to get more information about the website owner.
An OV SSL certificate otherwise will appear the same in a visitor’s web browser. The additional vetting is simply an option to provide added credibility to the visitor that the website is being operated by a legitimate business.
Extended Validation (EV) SSL
An EV SSL certificate is the most expensive type of SSL certificate and brings with it the most thorough vetting process. Before issuing an EV SSL certificate, the certificate authority will verify that the applicant company is an existing legal operating entity with a physical place of business, verify applicant details against official records, and independently verify that the applicant company has authorized the issuing of a certificate. Generally, this validation process is the slowest, as it often requires a verification letter to be sent through the mail.
The significant benefit of an EV SSL certificate is that it displays differently in the visitor’s web browser. In addition to displaying as a valid SSL-secured connection, in most web browsers an EV SSL will also display the name of the company in green text just before the URL in the address bar. This increases a visitor’s confidence in the legitimacy of the business operating the website.
What about the free SSL certificate options?
With the push to put SSL on every website, these days there are some certificate authorities offering free SSL certificate options. Some popular options include Let’s Encrypt and cPanel’s AutoSSL. With these options in play, is there a reason to pay for an SSL certificate anymore?
Many website owners can now benefit from the free SSL certificates that are available from such providers. Generally speaking, these SSL certificates are comparable to the lowest end paid certificates, Domain Validated (DV) SSL certificates.
From a security standpoint, generally, there isn’t a downside to using the free SSL certificates from these vendors. They provide comparable levels of encryption and show as valid and secure in any major web browser. One potential downside is that they may require more expertise to set up, though cPanel’s AutoSSL makes the setup pretty straightforward.
Keep in mind, if the insurance provided with paid SSL certificates is important to you, this is generally absent from the free SSL certificates. This reduces the accountability of the certificate authority and therefore may make these a poor fit for websites handling financial transactions or busy eCommerce sites.
Which SSL certificate is right for me?
As always, you should do all the necessary research to make sure all of your bases are covered, but a good rule of thumb might be:
- For a small, personal website, not handling financial transactions (such as an online resume or personal blog) a free SSL certificate or a DV SSL is usually sufficient.
- For a larger site, eCommerce, or any site handling financial transactions a paid DV SSL certificate would be the minimum. If you are concerned about appearing as a legitimate business or insuring your business in the event of a breach, you may want to consider the more expensive certificates such as OV or EV SSL due to the increased insurance coverage and the trust conveyed to visitors by these certificates.
Whichever option you choose, any level of SSL protection is better than none. GigeNET can help you find the right certificate for your business and navigate the process alongside you, from start to finish.