Crawlers eating your bandwidth?

robots-txt-blogThe Internet is a active landscape with something going on all the time. Often times you hope the visitors are those seeking what your site offers, but sometimes it’s the search engine ‘bots’ crawling your site.  These bots can and do consume quite a bit of your website hosting bandwidth and CPU power resources.

Bot’s without some rules will  hammer your site mercilessly in an attempt to fully index it. Controlling them and limiting their ability to hammer away at your site is handled through a special file that resides in the root of your website called Robots.txt.

In this blog post, Rochen support technician Andrew Brown discusses how to setup Robots.txt to limit the impact these powerful software bots can have on your site.

‘Bots’ should only use their power for Right and Good – Right??

Bot’s are advantageous (operating under the assumption that you want people to see your website) to index your pages for SEO purposes. Having all them show up at once, or to request indexing information every five seconds can be detrimental to your site

While there’s nothing official stating that it must be done in under five seconds, if multiple crawlers index your site at once, it can cause very serious resource problems for your server, depending on the content being indexed.

Limiting Bot Behavior with Robots.txt

First, we will need to create a file called “robots.txt” (without quotes) inside our document root.

For example, the document root for the primary domain of your cPanel account will be /home/YouUsernameHere/public_html .

We need to create the following file if it doesn’t exist:

/home/YourUsernameHere/public_html/robots.txt

You can create this file through your cPanel File Manager, SSH or even via FTP. It is also worth noting that this file can be created locally (like in a Notepad document, for example) and then uploaded to the document root (/home/UserName/public_html) of your website.

After the robots.txt file has been created in the document root of the site, we will need to add the following content to it:

#ROBOTS START
User-agent: *
Disallow:
Crawl-delay: 30
#ROBOTS END

The above entry will make it so that all bots that honor the directives found inside robots.txt files will only fetch a page once every 30 seconds, as opposed to as quickly as the bot possibly can. The directive also does not block any content from the bots. If you want to block content from being indexed by bots in addition to limiting crawl speed, you would need to simply add the disallow statements as needed. An example of this:

#ROBOTS START
User-agent: *
Disallow: /cgi-bin/
Disallow: /admin/
Crawl-delay: 30
#ROBOTS END

It does not matter which order you put the Crawl-delay or disallow statements in.

In conclusion, it is a good idea to limit crawlers, especially as your site expands. If you’re using a development language such as PHP, it becomes very important, as each page fetch could potentially cause the PHP engine to exhaust all its resources.

###

Andrew Brown is a support technician with  Rochen’s ‘24/7′ Support Team  focused on providing technical support to Rochen’s Hosting Customers. 

 

728x90_gif

Security Statement on OpenSSL “Heartbleed Bug”

heartbleedEarlier this week a vulnerability with the OpenSSL cryptographic software library was publicly disclosed. This vulnerability is officially being referred to as “CVE-2014-0160” and being widely referred to in the media as the “Heartbleed Bug”.

OpenSSL is very widely installed including on many servers here at Rochen. An article in The New York Times estimates that OpenSSL is in use by over two-thirds of websites including by many popular sites such as Facebook and Google.

Rochen’s Systems Engineering Group first became aware of the “Heartbleed Bug” early on Tuesday, April 8th and immediately began patching any vulnerable OpenSSL installs. Many customers contacted our support team to find their systems had already been proactively patched.

Here at Rochen we take security extremely seriously. Patching of Rochen’s hosting infrastructure to protect against the “Heartbleed Bug” was completed as of April 8, 2014. This includes Shared Hosting servers, Managed Virtual Servers (MVS), Managed Dedicated Servers (MDS) and Managed Cloud Servers (MCS) in both our US and UK facilities.

Rochen recommends our customers follow good security practices including using strong passwords and changing them regularly.

If there is anything further we can assist with our support team is available 24/7 and can be contacted by opening a ticket through the My Rochen customer portal.

Thank you for your continued business.

Chris Adams
Founder & CEO

Ben Johnson RHCSA, RHCE
CTO

Rochen Customer Spotlight – PICnet

Tom Canavan

Rochen.com has the very good fortune of being the host to many amazing companies who provide all types of services and products to their customers.  In today’s blog post, we highlight one such company whose focus is solely in a unique space, that being supporting non-profit organizations.

If you’ve ever been involved in a volunteer group or a non-profit activity, you know there are typically few full or part-time paid employees. As you can imagine, people who are passionate about a cause will want to do all they can to support it. Once there, they themselves often wear many hats.

The growth of today’s non-profit, like a traditional for profit company, will have an IT back-end of some sort to track and grow membership, raise needed funds, schedule events, Twitter, Facebook or other social media communications tools.

“IT” is needed to support these valuable tools but oftentimes is cobbled together with various tools and services and then handed to an accidental techie. This person, who may or may not have the background to manage complex IT systems and solutions, is a necessary driver to the success of the non-profit.

Non-profits today must make a wise choice in their technology, and choosing wrong can cost the organization both time and money.

What’s a non-profit to do?

One of Rochen’s clients, PICnet, solves this problem through their SaaS (software as a service) offering combining a mix of real world experience, open source tools such as Joomla!® and integration with the Salesforce.com constituent relationship management (CRM) platform. The solution provides the non-profit client a turnkey solution for web-enabled technology needs.

We recently had an opportunity to speak with Tim Forbes,VP of Products and Marketing for PICnet and learned quite a bit about how they deliver their services to non-profits.

ESG:  Tim, what does PICnet do?

TF: Our mission is to make non-profits more efficient and effective through technology.

We do that by developing websites that support our clients’ missions and provide them the tools they need to fund their work.

These websites are created on our Soapbox platform, which is built on the Joomla!® content management system and offered through a SaaS model. Through this model, we can create highly customized websites for our clients efficiently and cost-effectively.

ESG: That’s great, I can see that’s a huge burden lifted off of a small organization simply through offering a SaaS model. Traditionally a web administrator would have a nearly full time job maintaining just a website these days.  Let me ask you, what sets PICnet apart from your competition?

TF:  Focus. We focus almost entirely on the non-profit space. We want to help our clients make a positive impact and rock the world for social good.

Most of our staff comes from a non-profit background, enabling us to understand the real-world problems our clients face.

Our Soapbox platform also targets the needs of non-profits through the applications we offer, providing organizations the tools they need to engage with their donors and supporters to process online donations, manage events, engage in e-commerce, and much more.

Soapbox also has extensive integration with Salesforce.com. Salesforce.com is the world’s leading CRM tool and offers up to 10 licenses for free to non-profits through the Salesforce.com Foundation. The Soapbox integration provides a powerful, flexible, and mobile-friendly means of pushing data to and from their Salesforce instance without the burden of supporting and administering custom code.

And Soapbox works seamlessly alongside an organization’s existing website, if they wish to keep their current site but wish to use our online engagement tools to integrate with Salesforce.com.

With the range of services in Soapbox, we are one of the few who offer our clients a complete and comprehensive solution for integrating their website with Salesforce.

ESG: How is that accomplished exactly, the comprehensive solution?

TF: There are various point solutions in the marketplace meeting very specific online needs for organizations. Soapbox offers a wider array of solutions in one platform. So, organizations may start with a single donation page that integrates with Salesforce but can easily expand to offer event management, ecommerce order forms, forms submitting to Salesforce, searchable directories pulling data from Salesforce, robust online application tools, and self-service member management.

Our aim is to make sure your online engagement tools are polished, professional, and powerful enough to grow with your organization over time – all while being simple enough for a non-profit accidental techie to manage.

ESG: What is PICnet’s plan for supporting mobile?

TF: We take a responsive design approach. It is a great method for keeping things simple for our organizations to manage while making sure their sites look great across any device. We want folks standing in line at the grocery store to be able to easily make a donation from their smartphone.

ESG: What does the future hold for your products and services?

TF: A big focus in the coming year is online advocacy. We just released a new app on Soapbox for online petitions that integrates with Salesforce. This is a great way for organizations to rally support around an issue and build their mailing list.

We will be continuing this focus into 2014 with a new Write Your Representative app that will allow for online letter writing campaigns that is integrated with Salesforce.

ESG: How has Rochen.com enabled PICnet in delivering on their goals?

TF:  We see Rochen.com not just as a service provider but as a true partner, invested in PICnet’s success and the success of our clients.

It’s hard to imagine PICnet being able to scale without Rochen. Rochen provides invaluable expertise in managing our server architecture, addresses urgent situations when they arise, works with us when unforeseen needs and opportunities come up, and assists in planning for future growth.

With Rochen’s expertise and responsiveness, we’re able to focus on our strength:  providing powerful online engagement tools to the non-profit community so they can further their missions.

ESG: Thank you for you time today, Tim. If you are a non-profit and are struggling with technology or are ready to move to the next level, then we recommend you contact PICnet and get started with them today.

###

Tom Canavan is a member of Rochen’s ‘Enterprise Solutions Group’ focused on creating customized and complex hosting solutions.

Did you know that Rochen is now offering a Managed Cloud Solution? Learn more.

Hack Prevention is better than Hack Clean up

Tom Canavan

Web Security is not one time event. It’s not even an “extension” or “plugin” installed on your site. Security is an ongoing practice, one that requires your active attention. Preventing a site from being hacked is, not easy, but cleaning up a hacked site is harder.

Clearly the path of least resistance is prevention and not the cure.

How big of a problem is hacking really?

Here’s a fun fact, according to a recent statistic published in Forbes magazine, over 30,000 websites are hacked every day.  That’s a lot of hacked websites. And often a hack is preventable, by proper patching, strong passwords and using proper security techniques. The vulnerability of a website should not be measured as a “IS vulnerable” or “IS NOT vulnerable”, rather it should be by how much and when.

A good saying, I learned from a BIOS engineer (Thanks Jason K!) once was that ‘Software ROTS’. In other words it doesn’t age gracefully, and is replaced; it rots away. In the world of websites, that ‘rot’ is accelerated and can have a much greater exposure than just a single BIOS in a single machine.

Administrators who maintain a sense of security situational awareness through, simple things like patching or updating can make the difference between getting hacked or staying safe.

Common reasons for attack

Often times when a site is hacked, the scripts, such as the CMS (Joomla®, WordPress®, Drupal, Magento, etc.) have not been properly maintained. This single failure, accounts for a significant portion of attacks.

Naturally, the goal of gaining access to a site is to place a backdoor or other malicious code on the site.

The code that is placed on servers is often used for a variety of purposes such as:

  • Spam Bots – Turning your server into a mail-slave churning out millions of emails
  • Attack Zombie – perhaps they wish to use your servers resources to attack another
  • Backdoor – one of the more infamous backdoors (also known as SHELLZ) is the C99 script. A powerful utility designed to control your server resources and files without your knowledge.
  • Trojan Horse – designed to attack visitors
  • Keyloggers and much more

The goal of maintaining a healthy site is no different than locking up your house or your valuables. The idea is to prevent a miscreant from attacking your site.

You can remain vigilant against this threat by establishing a good security process and following it.

Weak Passwords

Another common reason for sites that are successfully attacked is  weak passwords. Weak Passwords are passwords that are easy to guess, or are found in a dictionary of passwords. Since many CMS’s do not provide a protection against too many failed attempts on a user ID in a specific period of time, this is a perfect opportunity for a hacker to use a method known as brute force. Such an attack was launched, quite successfully, against thousands of WordPress® and Joomla!®sites in 2013 – allowing them to be compromised.

This technique involves the repeated method of attempting to login using a ‘dictionary’ of passwords. Or in other words, easily guessed passwords.

Is your password weak?  Read More..

Having a strong password is a good deterrent against attacks. Having a policy of frequent changing of strong passwords, say every 30 days, is a better defense. By doing frequent password updates, you’re less likely to be a victim of this type of an attack. It is a good idea to cycle ALL your passwords, not just the admin password. This includes MySQL, e-mail, cPanel/WHM and of course your FTP servers.

In regards to a STRONG password, it typically is one that is difficult to guess, does not appear in a dictionary and is not the name of your favorite pet. It should contain a mix of upper and lower case characters and if you’re up for it non-alphabetic symbols such as [ #%*@+-()^& ]. This helps reduce the brute force aspects.

Bolt the door

Another best practice is to add a level of security to you administrative folders of your CMS. For Joomla! this would be the /administrator directory. Another example would be the /wp-admin folder. Using a simple .htaccess password method, and a unique (meaning different than your others) password will greatly reduce the chances of your administrator folder being compromised.  Take a few minutes to search for .htaccess directory protection and you’ll find a wealth o resources to assist you.

All quiet on the Western Front

One of the most popular methods of attacking your site is through your desktop or notebook computers. Often desktops are left unpatched against many attacks such as Cross-Site Scripting attacks or other means.

Not maintaining your desktop allows the OS or applications to be hacked or other means such as weak passwords, insufficient firewall protection and more. In the case of a compromised PC joining a zombie army, it’s now part of a global cabal of bad-guys, using the hapless computer to launch assaults.

Further once compromised an attacker may install  a ‘keylogger’ to monitor your site’s password. They can obtain your site credentials from this method and simply log on to your site to perform the attack.

The best practice here is to patch and run a reputable, commercial  virus scanner on your desktops and set them to scan automatically at least weekly. And yes for you Mac fans’ you need a virus scanner as well!

Permissions 

Another type of vulnerability often seen in compromised sites is permissions are set wrong for a variety of reasons.  Quite simply, the permissions of the files and folders are a basic and powerful guard against attacks. Permissions have 3 parts. The Group, User and World permissions, and if a site has a file or folder (or multiple files and folders) set for 777, this means, read, write and execute permissions for everyone who can access your website.

Fortunately at Rochen.com we have added a layer of security to our servers that detects permissions that are set incorrectly and we stop access public access to them. One tip – if you run a CMS such as Joomla! or WordPress, set your permissions on the folder that contains the password to 640 – this is another added layer of protection against attacks.

Keeping safe

The best idea for assurance of the safety of your site is deterrence. That is preventing the bad guys from getting in, in the first place. Take some time to go review your site and make sure your CMS is up-to-date in the latest in its family. Consult your CMS Project Website for specifics. Take a few minutes to ensure your extensions are all up-to-date and if not – update them.

Here’s one source for keeping up with exploits that you may wish to bookmark:

http://www.joomlaexploit.com

http://www.wordpressexploit.com

http://www.drupalexploit.com

There are other references in the footer of that site to other projects. If you find you have an extension, module, plugin or other script that is found on these lists, be sure and update them.

Disaster Recovery

If you have been through a hack clean up, then you already realize the cost in time and money as well as the potential customer impact or loss it has. Establishing a Disaster Recovery plan is easy and quick. I’ll cover this in a future article in more detail. However for now, be sure you have a known-clean copy of your database and your files OFF of your server. Rochen offers a terrific product to help you with that, Rochen Vault, which is economical and easy to use. Deploying Rochen Vault can mean the difference between not having a clean backup and a quick and easy recovery.  Learn more about Rochen Vault – by stopping by our website , chat with us or drop us a note at sales@rochen.com to get started.

In closing, the very old adage, of an ounce of prevention is worth a pound of cure, holds true here. After you read this, please take some time and review your sites. You’ll likely be surprised that you have vulnerabilities and catching them before the damage is done is paramount.

###

Tom Canavan is a member of Rochen’s ‘Enterprise Solutions Group’ focused on creating customized and complex hosting solutions and Managed Cloud Server Solutions.

Rochen at the Joomla! World Conference

Wendy Robinson

Last weekend five Rochen colleagues from around North America, including our CEO Chris Adams, CTO Ben Johnson, our Enterprise Solutions Group Leader Tom Canavan, Support Staff member Mike Hamanaka, and myself, had the pleasure of attending the Joomla! World Conference  in Boston.

What is Joomla! World Conference? JWC is a gathering together of like minded Joomla! folks for three days of fun, camaraderie, and much valuable education and sharing through various sessions led by experts in the Joomla world. If you’re in to Joomla, and haven’t been to one of the previous two events, I highly recommend going to the next one. (I hear it’s going to be somewhere nice and warm)

We had a great time all three days of the conference, meeting up with friends old and new from the Joomla! Community. As the official host of joomla.org, Rochen and Joomla have gone hand in hand since 2005. Looking back over the years it’s amazing to reflect on how the community and project have grown. It’s not surprising though given the consistent dedication and quality of volunteer efforts put forth by so many. That’s always evident in the online Joomla world but, when you get to witness Joomla folks together in one place at one time, it’s palpable. Thank you Joomla Community, most especially to the organizers of the JWC, for making the event happen. We can’t wait to do it again next time!

Another benefit to attending events like this, is the unique opportunity for us to meet valued Rochen customers face to face. Some whom we’ve met many times in the past, and some who we’ve been waiting many years to meet. Since the majority of our interaction is online, it always feels good to get to know customers in person, share a few beers and laughs, and talk to you about your experiences with Rochen and how we can continue to assist you with your hosting needs. If I recall correctly, a new phrase was even coined: “We’ve ticketed together.”

Oh, and our Rochen penguins had fun too! As a Gold (and beer) sponsor of the event, Rochen was able to include a fun contest in the JWC attendee bags. Two iPad Airs were awarded by us to two lucky folks, for creative pictures taken around the event with our Penguin friends. We’re still having fun looking at all the entries, and now seeing our new friends posting pictures of the little guys in their own homes too. Thanks to everyone who participated!

Here are a few snapshots taken by Mike Hamanaka, of his experiences at the event.

Thanks everyone for the great memories. Until next time!

-Wendy

Wendy Robinson joined the Rochen team in June 2010 as a sales support staff member, where she still handles inquiries while also looking after Rochen’s billing and new accounts. Wendy volunteered for the Joomla! project from 2006 to 2012 in various roles including as a member of the Open Source Matters board and the Community Leadership Team.

Rochen answers the challenge of true cloud hosting

Tom Canavan

Cloud Computing Hosting and Servers are gaining traction with small and medium business at a breakneck pace.
Every day, we are sold on the idea of lower cost, better up-time, ease of implementation and more.

However, most people are unaware what a true cloud really is and consequently they may end up choosing a
CINO hosting provider or in other words a Cloud In Name Only provider.

Cloud – the big picture view

The essential way to think of a cloud is a like a ‘utility’ such as water, electric, telephone, natural gas, and so on. As with any service, you use what you need and pay accordingly.

For instance our ‘need’ (resource consumption) for water goes up greatly in the summer for trees and lawns and to stay cool. Our expectation is that we turn on the tap and consume the amount of water we deem fit. When done, we turn it off. Our water company will read the ‘meter’ and bill us for the water consumed. Water companies don’t have a practice of saying you must buy thousands of more gallons of water than you’ll need. They simply ensure the infrastructure is working and able to bring the water to the tap, and that it’s safe for human consumption (secure) and available 24x7x365 (high availability).

Cloud hosting works in much the same way. Your website or application will consume a certain amount of resources such memory, disk storage, CPU or network. You would be billed according to the amount of resource consumed.

Features of a Cloud Server

The national institute of standards (NIST) has defined what makes up a cloud-computing platform.  While the actual method of implementation is left up to the vendor, a true cloud server implementation will offer the following features.

On-Demand Self Service

Cloud computing by its nature is natively self-serve, allowing the consumer to provision their own needs, such as the amount of CPU, RAM, and network storage (SAN or NAS), as needed without requiring human intervention from the host. As an example  a ‘cloud’ that requires migration of your data to a new machine to upgrade is not on-demand.

Broad Network Access

This is the idea of ubiquitous connectivity to most any device type (desktop, phones, tablets, mobile computing, etc.) and typically will be more applicable to a Software-As-A-Service (SaaS) Services delivery Model. This feature specifically is related to such things as hosted online learning education Software   or other software and applications, where your ‘application’ resides in the cloud.

Resource pooling

One of the most attractive features of the cloud hosting model is resource pooling.  Pooling is designed to work by taking multiple servers (including their sub-components such as memory, cpu, bandwidth, network storage) and  pooling  them into a common set of resources. Resource pooling allows for multi-tenant’ model that allows access to different physical and virtual resources as required by the consumer need.

Rapid elasticity

Cloud hosting infrastructures are elastic. They can have resources added or removed very rapidly depending on the demand (load on the website or application). This gives the consumer websites for instance, a “view” of nearly unlimited resources.

Measuring service

Cloud hosting gives has the native ability to provide detailed resource measurement. This is accomplished through the measurement at various points in the infrastructure for usage of such as memory used, disk storage consumed, bandwidth usage and so on. This gives the consumer a transparent billing model to the consumer.

Service Models

Cloud hosting services are delivered vis-à-vis a utility model being offered in three different variations.

Software as a Service (SaaS)

SaaS offers the consumer access to ‘applications’ running on a cloud infrastructure. The consumer can access it through various devices, and typically buys on a subscription basis. The consumer has no control over the cloud infrastructure.

Platform as a Service (PaaS)

In this service model the consumer can deploy their own apps or websites, such as those built on a content management framework (Joomla!®, WordPress®, Drupal, Magento, etc).  Billing is typically pay-per-use or charge per use basis – such as consumption of service (remember clouds are a UTILITY model).

The cloud itself consists of hardware and software that conforms to the essential characteristics of cloud computing. Keeping with the spirit of cloud computing, the consumer does not manage the cloud, the network services, operating systems and so forth.

Infrastructure as a Service (IaaS)

In the final model, the consumer has a greater amount of control, such as the selection of the operating system and applications. Yet again they do not manage the cloud itself. In this model the consumer has, [provider dependent], limited ability to handle some network components such as firewalls

How Rochen does it

With Rochen Managed Cloud Servers (MCS) you are in control of scaling of your resources such as the memory, CPU and enterprise grade SAN.  Additionally with our Cisco network infrastructure, you can rest assured that the power and bandwidth you need is there.

Scaling

With Rochen’s MCS you have three methods of increasing your resources, all in a powerful, self serve manner:

Resource Scaling
Figure 1 : Resource Scaling

Using ‘Real-time Manual Scaling’  your cloud server instance can be increased on demand. Automatic scaling gives you the comfort that your site won’t run out of resources. This feature increases resources as they are requested. The last method is Scheduled Scaling. This would be used in the case of an upcoming season such as the Christmas shopping season, or a promotion you might be running.  All of these handle the billing automatically for you – no waiting on someone to provision.

 immediate scaling
 
Figure 2: IMMEDIATE scaling in Rochen MCS

Highly Available

MCS is built upon the leader in virtualization technology,  VMWare®, ensuring you that in the event of a failure of a hypervisor another is already there taking up its load. Our redundant Cisco Network infrastructure offers redundant router cores to protect your connection to the Internet. In fact in the Managed Cloud Server service, there is NO single point of failure giving you redundancy and security.

no_single_point_of_failure
 
Figure 3 – Managed Cloud Server’s – no single point of failure

Monitoring

In addition to Rochen’s 24x7x365 Global support engineers monitoring efforts, MCS gives you an added layer of assurance, in our ‘single-pane-of glass’ dashboard. This gives you a single place to view your scaling needs, monitor resources, and see open tickets requiring your attention, billing information, technical knowledge resources and more.

current server stat

Figure 4 Current Services status

 

CPU Resource Usage

Figure 5 CPU Usage for an example MCS instance

In the previous figure you see the three areas of resources you can monitor, CPU, RAM and disk. This gives you the knowledge you need to make a determination if you need more or less resource. This real time analytic  is important for reviewing amount of resources in use. If you see you’re peaking – you can add more manually or via Auto Scaling.

Auto Scaling

auto scaling
 
Figure 6  – auto scale settings

In this image, the scaling up for your storage, RAM or CPU is easily  done independently of each other. The ability to set them by increments is built right in as shown. You can specify which of these you would like to increment up and by how much. In the event of a particular event coming up  such as a promotion, holiday sales or other traffic generating activities, save yourself the hassle of downtime or slow servers and schedule ahead.

Calendar Based Scaling

calendar scaling
 Figure 7 – Calendar based scaling

Since this is written in mid November, it makes me think that Christmas time is right around the corner. With the expected increase in site traffic, you might expect, with calendar scaling you can be ready. Simply set the date and time you want to scale, the resources you want to scale and click save. Rochen Managed Cloud Servers are Very ‘fire and forget’ in its design.

Rochen Managed Cloud Servers offer you a ‘true cloud’ hosting experience. With no single points of failure, Manage Cloud Servers are the GO-TO choice for highly available, highly scalable cloud servers.

Interested in getting started? Contact us today at sales@rochen.com or visit http://www.rochen.com/cloud

###

Tom Canavan is a member of Rochen’s ‘Enterprise Solutions Group’ focused on creating customized and complex hosting solutions.

Are You a Rochen Affiliate Yet?

Wendy Robinson
Rochen has been in business for over a decade and over the years we’ve built a solid foundation and customer base that can be attributed to our lightning fast hosting infrastructure, our exclusive features such as Rochen Vault and Joomla! Utilities, our 24/7 customer technical support and also our contributions to the open source world, most notably Joomla!

While we’re proud of what we’ve accomplished and the services that we’re able to offer, we can also boast that we have the BEST customers!

As I monitor the Rochen sales desk (sales@rochen.com), I hear from a lot of folks who are writing us with their inquiries because a friend or colleague has recommended us to them and many of our new sign ups indicate that they were referred by a current customer. We can’t thank those folks enough, as truly those referrals and word-of-mouth recommendations have helped to make Rochen what it is today.

I do find myself wondering though, how many of those people who refer our services are possibly missing out on an opportunity? Do they know they could be making affiliate earnings every time they refer someone?

A few years ago we introduced our Affiliate Program. The aim of the program at its launch was to build a unique network for people to refer their customers, colleagues, and friends to us in confidence that they’d receive the most reliable performance hosting service. In return, Rochen would offer industry-leading commission payouts and encourage folks to promote the brand in an open, honest, and ethical way.

We set our sights high to be able to maintain the above mission, and it’s worked well for everyone involved! Today we have nearly 400 partners in our affiliate network and it’s growing by the day.

With our Affiliate program you have complete freedom to promote your affiliate link in whichever way fits best into your business model, providing of course that the promotion is done in an ethical and lawful way (no SPAM, or other harmful activities). We don’t pressure you to use certain banners (though we do provide a few if you’d like to use them) or marketing tools, or hammer you with constant email reminders and notifications. The program is simply sign up and start promoting, or even just keep the link handy for those common requests for advice that you get from friends and family.

Some of the great features of our Affiliate Program are as follows:

  • Industry leading commission range of $35 – $300 per referral. Absolute minimum pay-out of $35 with the ability to earn a massive $300 commission from a single referral even if it’s the only one you send us.
  • Affiliate pay-outs between 200 – 350% of monthly sale amount.
  • Our average affiliate pay-out is $80 per referral.
  • Even if your referral contacts Rochen’s sales team for assistance or posts at our Customer Forums prior to signup you will still be fully credited for the sale. We work to close the sale for you. Likewise, if your referral uses a promotional code  during signup we will still credit you for the full sale.
  • You can refer to Rochen in confidence that you are associating yourself with one of the longest standing and most reputable web hosting providers anywhere. Rochen only provide the very best performance hosting solutions and we will look after every customer you refer to us. You are marketing a premium quality service.
  • Tier bonus of 5% when balance is over $500 at the time of pay-out and 10% when balance is over $1000 at the time of pay-out. E.g. Have a pay-out balance of $505 and receive $530.25.
  • Tracking cookies are valid for a leading 90 days after your referral hits the Rochen website. For example, the user can return to the Rochen site 3 months after you first referred them and you will still be credited for the sale.
  • We will credit your affiliate account with an opening balance of $20 before you even get started.
  • You can partner with Rochen in trust that we will credit you for every referral you send.
  • Rochen maintains globally diverse data centers in the US and UK opening a larger market for you to target.
  • Payments are made to you promptly and easily through PayPal between the 15th - 25th of each month.
  • Affiliate team available to address any of your questions during normal business hours via: affiliates@rochen.com.
  • Refer business associates even if you don’t have your website established yet. Simply provide them with your unique Rochen referral URL via email, slide presentation, newsletter or other means.
  • For larger affiliates we can arrange cross promotion services such as customized landing pages on the Rochen website, special coupons and promotional codes for your customers to utilize at Rochen etc. Contact us via: affiliates@rochen.com to discuss any potential opportunities.
  • Although we certainly encourage it you do not need to be an existing Rochen customer to join our affiliate program

You can read more about our Affiliate program, including the full list of payout amounts here.

So, if you’re one of those folks who are already referring people to our services (we know you’re out there!), let us show our appreciation by helping you in return with quality commission payouts. Sign up here anytime to get started!

An interview with Rochen’s Chief Developer

Tom Canavan

In today’s Joomlasphere you have a wealth of options, that includes many fine extensions and services companies that can help build out your Joomla!® website.

One challenge for administrators of ANY software in use is the natural upkeep required. Sometimes upkeep takes the form of simple maintenance, other times that upkeep involves a great deal of urgency due to security reasons.

When we talk ‘security’ in the Joomla!®  space, we often think of patching or removal of malware placed by hackers.

However, that is only one part of ‘security’.  As an example, in the enterprise business space, security indeed is focused heavily on preventing hacking, as an element of security. But there are many elements beyond removal of hacks or patching when we identify what we mean by ‘security’.

The idea of ‘uptime’ and ‘availability’ as in being available for use are also part of a good ‘security’ plan.

In the enterprise space we would refer to the acronym of ‘CIA‘ to describe a better security model. The acronym is described as follows:

Confidentiality this refers to the principle of access controls, ensuring those who should have access to resources has such access. And those who should not are restricted.  For example making sure that authorized users are the only one’s who can access the administrative portion of your websites would be an example of ‘confidentiality’.

Integrity provides the knowledge that if information (data) has been modified then the administrator will know.  For instance a corrupted database, would be an example of lack of integrity, and in a Joomla!® site we would know immediately.

Availability Ensures that we can access systems and resources when needed.  For example, a server powering off would affect “availability”

Take the real world scenario of adding or updating your website’s extension or core files. Let’s say for example, that you download the latest and greatest, extension. While it’s likely to have been thoroughly tested, it was not tested in YOUR environment.  Problems could happen and should be addressed. Furthering our example, let’s say that new extension, updated on your site, suddenly brings your site down – the affect is no different than if you were hacked. The AVAILABILITY of your site is affected.

Rochen offers Joomla!® powered website administrator’s a powerful, and free, management toolset known as Joomla!® Utilities. This multi-featured tool suite is integrated directly into the cPanel® for your web hosting account.

Rochen’s ‘Enterprise Solutions Group’ sat down recently, with Chief Developer, Thomas Whitecotton to gain insight into Joomla!® Utilities.

Interview with Thomas Whitecotton, Chief Developer At Rochen:

ESG: Thomas, thank you for taking time away from Rochen Product Development to speak with our clients through this blog post.  One of the utilities here at Rochen that came out of your group is Joomla! ®  Utilities.  What is it specifically?

TW: Joomla!® Utilities is an exclusive tool set available to Rochen customers. It offers a variety of features to our hosting clients to save time and energy by making managing your Joomla!® Installations easier.

Administrators have 1-click installations of Joomla®, 1-click upgrades to the latest versions and can migrate their Joomla!® Websites from another hosting provider to Rochen very easily.

Usually a migration is tedious and time consuming, but is simple and fast with Joomla!® Utilities.

The toolset gives you the ability to apply security tweaks, fix incorrect file and directory permissions that tend to show up from poor administrative or development practices as well.

ESG: Let’s drill down a bit on the feature set. It includes, as I understand it 10 key attributes:

  1. Migration to Rochen from any other host
  2. Allows you to do a full fresh installation
  3. Hosting Reseller accounts have a Global, single pane of glass view of ALL Joomla!® installations’ in their reseller account
  4. One click update of Joomla!® Core Files.
  5. Quickly clear out the TMP directory for space recovery
  6. Set File and Directory permissions site wide
  7. Applies Security tweaks for MAXIMUM protection
  8. Ability to reset a lost admin password
  9. Ability to CLONE site – merge changes back to production
  10. Delete any installation and immediately remove all files

Those are some much needed and handy features. Focusing in on just a few, tell our readers about the “Ability to CLONE a site..”

TW:  With the CLONING feature, our hosting clients have the ability to establish a mirror version of their site to do testing and development. It’s possible that if changes applied in production could harm the site with no easy way to roll back the changes.

While setting up a duplicate test site with just traditional Joomla!® is simple, the challenge is how to you merge changes back to production

Let me discuss how we solved that using the following operational scenarios to merge “back” or move into production, all the changes.

  • Sections with basic options, which let you choose what portions of the site, such as Templates, User Data, and Posts & Content, will be retained from Live or Staging (cloned) Site.
  • Sections with extra options, which let’s you specify if Live or Staging has the most up to date data for each section, whether you want to keep new data in live and keep new data in staging.
  • Tables with basic options are more granular and work at the database level, offering a la cart selection of tables individually to use from Live or Staging.
  • DB Tables with extra options, which let you, specify if the Live or Staging database has the most up-to-date data for each table, whether you want to keep new data in live and keep new data in staging.

This puts the full control back into the web developer’s hands.  Even if a mistake is made, it’s quickly and easily rolled back.

ESG: Can you give us a couple of scenarios where the CLONE tool would be put to work?

TW:  In the first scenario, or option 1, let’s say for example you have 150 registered users in your site; the administrator CLONES the site to do some work, update, testing or some other task involving change.

You add a “test-user” into the CLONE for the duration of the update/test. Or perhaps remove all of the users you brought over and only use the test-user.

When it comes time to merge the changes back [to production], you choose which database set to keep in production. You use either the data from – Staging or from live.

Comparing that with Option 2, you can choose Live [production], but also opt to keep the “test-users” from the cloned site and migrate them to the production Site.

There is a lot of power and complexity going on behind the scenes to make this simple and easy to use.

ESG: There are a few security options built into the tool set.  Sometime back Joomla!® (similar to the how WordPress has done for years), changed the database prefix  to in effect obfuscate, or hide, the database information from the world. Traditionally the default prefix was ‘ JOS_’ unless a change to it was made.

How does the tool handle this say during installs and migrations?

TW: Changing the prefix, is one of those important security measures that is often missed…  With our utilities the database prefix can be changed at the time of install. As a matter of fact, the installer recommends that the prefix be changed specifically for security purposes, while Joomla!® does make this change in current versions, this has been available from our Joomla!® Tool set since the very early revisions.

ESG: Sounds like terrific tool for Rochen hosting clients.  Where can they learn more?

TW: That’s available on our website at : http://rochenhost.com/cms-utilities/joomla-utilities

ESG: What else is on the horizon?

TW: Well we have several new things in development that will be a huge advance for our hosting clients, you’ll just have to check back with us as we get closer.

ESG:  Well I’m sure our readers will be excited to hear about more about it.. Thomas, it’s been a pleasure thank you for taking your time out of product development to speak with us.

TW:  Thank you , it’s been good sharing about our work.

 ###

Tom Canavan is a member of Rochen’s ‘Enterprise Solutions Group’ focused on creating customized and complex hosting solutions.

Creating a Joomla! staging site

Wendy RobinsonIf you’re a Rochen customer or regular reader of this blog, then you’re well aware of the exclusive to Rochen cPanel plugin, Joomla Utilities,  which makes installing and managing Joomla an absolute breeze.  In the last 12 months we’ve brought you features such as one-click installations, security tweaks, file and directory permission fixes, super administrator password resets and even mass management of multiple installations for Rochen resellers.  The features work for all Joomla 1.5, 1.7, and future releases. We work continually on these features to make Joomla management through your Joomla hosting as easy as possible for you.

Creating your staging site with our new Clone tool

Our newest addition to the Rochen-exclusive tools set is the ability to create your own Joomla staging site within a separate directory or subdomain of your hosting account. This feature is possible with our brand new Joomla Utilities Clone tool.

Designers and developers of Joomla websites know that sometimes it’s necessary to be able to test out a new extension or template, or do some custom development and/or trouble shooting, without causing interruption or possible error to a live installation. It can be tedious to copy a site over to new directory manually, as you have to edit your configuration files all over again, import a copy of your database, and possibly adjust various links on your staging site.

With the clone tool you no longer have to worry about using your valuable time to do all of that. We’ve created this new feature so that all you need to do is go in to your Joomla Utilities option in cPanel’s CMS Utilities and just select the installation that you wish to clone, and then enter the directory or sub domain where you want to clone it to. It takes your entire installation including all data, extensions and template files, as well as the database, and duplicates it all in to your chosen directory, leaving your live site untouched and open for business. So easy!

From there, you can begin working on your staging site. Add any new extensions or templates you’ve been wanting to try, fix up any old or nagging issues in the code, and run as many tests as you need to. All without interrupting your live Joomla website in any way!

For a preview, we’ve prepared one of our quick demo videos below:

In other Joomla Utilities news, you’ll now notice that the handy cPanel plugin has a new look!

Our own in-house developer, Thomas, has taken some of the excess information and layout out and trimmed the Joomla Utilities interface to blend it in better with the standard cPanel look and feel.  As well, he has created a more efficient user experience as you can now quickly select your desired function from a list, as well as hide the instructional information if you don’t need to read it every time.  Check out the new look below:

A New Look For Joomla Utilities

A New Look For Joomla Utilities

Thanks for your time! To learn about the other Joomla Utilities features and watch more demo videos, head over to our Joomla Utilities page.

-Wendy

Wendy Robinson joined the Rochen team in June 2010 as a sales support staff member. She is also currently involved with the Joomla! project as a member of the Community Leadership Team.

Introducing Joomla Utilities WHM Tool for Resellers

Wendy Robinson

If you’re a regular reader of this blog then by now you’ve heard about our Joomla Utilities cPanel tool for easy upgrading, security fixes, permissions fixes and site migration among other features available for our Joomla Hosting customers.

Recently we’ve taken all of the great cPanel plugin features and integrated them into WHM (Web Host Manager) as an extra convenience for our Rochen Reseller Hosting customers.

Joomla Utilities for WHM

Joomla Utilties for WHM is in the plugin section of the left side menu

The WHM plugin will allow you to easily upgrade all core files for Joomla 1.5 or 1.6 installations that are hosted on your Reseller account right from WHM instead of having to do all manually from their individual cPanel accounts.   You can upgrade the installations individually or you can also choose to update them all at once!

In addition to the upgrading feature we’ve also added the ability to fix file permissions and apply security tweaks, again directly from WHM to your Joomla 1.5 and 1.6 installations and just like when upgrading, you can choose to apply the changes to individual installations or all at once.

You can find the WHM Joomla Utilities tool in the Plugins section at the bottom of the left side menu in your WHM account.

Joomla Utilities Installation List

Displays a list of all Joomla 1.5 and 1.6 Installations within your Reseller account

-Wendy

Wendy Robinson joined the Rochen team in June 2010 as a sales support staff member. She is also currently involved with the Joomla! project as a member of the Community Leadership Team.