Archive for the ‘Web Hosting’ Category

Joomla Days in the USA, UK and Australia and Rochen’s Las Vegas Party! Joomla hosting and security on the agenda.

Sunday, April 12th, 2009

Some members of the Rochen team have had the pleasure of attending and being the lead sponsor of three Joomla community driven events over the past few months. In addition to providing all of the joomla hosting services for the official Joomla websites, Rochen also sponsors many community organized events around the world called Joomla Days.

Sponsoring Joomla Days gives Rochen another way to help support the Joomla project and wider open source community as well as affording us a great networking opportunity to link up with both current and potential clients in the Joomla community. Meeting up in person adds an extra layer of value, although one that is hard to measure in pure dollar terms from a business prospective.

Brad Baker from Rochen’s team, who is also a member of the Joomla Core Team, attended Joomla Day Melbourne on February 7th and Martin Rouf and I attended both Joomla Day UK in Maidstone, Kent on March 13th and 14th as well as Joomla Day Las Vegas on April 4th. Rochen was the lead sponsor of all three events providing financial and logistical support to help keep the costs down for attendees.

Joomla Day Melbourne
Brad delivered a keynote presentation at the Melbourne Joomla Day on joomla security covering both the basics and more in depth steps you need to take to secure your Joomla site. It is worth pointing out that if you are hosting at Rochen then a lot of the security ground work is already done for you and you will not run into issues like file ownership or permissions problems here.

The organizers of Joomla Day Melbourne have not yet got the video of Brad’s presentation up, but you can watch his 2008 keynote here.

Brad Baker speaking at simliar Joomla Joomla event in Vancouver. Sorry, we had no pictures of Brad from Melbourne. If someone has one please send it over :-)

Brad Baker speaking at similar Joomla event in Vancouver. Sorry, we had no pictures of Brad from Melbourne. If someone has one please send it over.

Joomla Day UK ans Las Vegas
At the the Joomla Day in the UK I delivered a presentation to the whole group detailing the type of traffic Rochen handles for Joomla across the official sites (23 million page views for February 2009, in case you were wondering!) as well as some of the ‘cool’ things we are doing here at Rochen like our Rochen Vault Managed Backup system and our recent move into the green hosting arena. Both in the UK and Las Vegas Martin and I hosted a round table Q&A session on Joomla security answering people’s questions and addressing some of their concerns. Rochen even managed to pick up a few new hosting and reseller hosting clients from the sessions which was pretty neat.

Chris Adams speaking at Joomla Day UK in Maidstone, Kent. Nearly 200 people attended!

Chris Adams talking to group at Joomla Day Las Vegas.

Rochen’s Las Vegas Dinner and After-Party!
To coincide with Joomla Day Las Vegas Rochen also organized a dinner at Valentino’s Fine Dining and an after-party at Tao Beach nightclub for any of our customers who wanted to attend as a way to say thank you for their business and also to gain valuable face-to-face feedback. We like to organize these type of events at least once a year and have hosted our customers in London, UK; Vancouver, Canada and San Francisco, CA in previous years. In Las Vegas this year we had around 40 customers attend.

Rochen provided transportation to get our customers to dinner and the after party!

Rochen customers having dinner at Valentino's in the Venetian, Las Vegas.

Rochen customers having dinner in private dining room at Valentino's in the Venetian, Las Vegas.

Rochen hired a private outdoor cabanna at Tao Beach for the after-party.

Rochen hired a private outdoor cabana at Tao Beach for the after-party. We look after our clients!

Jamie Foxx stopped by Tao!

Future Events?
We don’t have anymore Joomla Days on the Rochen calendar right now but we will keep customers posted via our forums when that changes. There is a good chance Brad will be attending an event in Vietnam later in the year and there is talk of a Joomla related event in New Orleans in late October. Likewise, we will keep everyone posted of the next Rochen dinner and after-party. Although not Joomla related Martin and I will be at HostingCon in Washington DC this August and PubCon in Las Vegas this November.

Special Thanks
That just leaves me with a few people to thank. Andy Wallace did a tremendous job with organizing Joomla Day UK, as did Toni Marie Swats with the Las Vegas event and Matthias Raab in Melbourne. Rochen provides the support we can for Joomla Days but these three people put hundreds of hours of work in to actually make these events happen with no financial return for themselves. Kudos to them all.

I also want to thank Allen Gunn (aka “Gunner”) from Aspiration for facilitating the Las Vegas event. I have been to two events that Gunner has facilitated now, the first being Joomla Day Mountain View at the Googleplex (Google’s HQ) in May 2007 and this event in Las Vegas. Both these events are amongst best I have ever been at. If you are looking for a facilitator for an open source event then drop Aspiration an email.

I want to give a quick mention to Matt Olander from IX Systems, Ryan Ozimeck from PICnet and Aaron St.George from The Uptime Institute for helping keep things on track at the Joomla Day and at the Rochen dinner and after-party. Aaron was our designated transportation coordinator towards the end of the night! Finally, a big thank you to everyone at Joomla and Rochen’s customers for making the trip to these Joomla Days and the Rochen dinner, we appreciate it more than you know.

So until the next Joomla Day and Rochen party…

- Chris

P.S. A lot of people at the events asked about Rochen’s Joomla security check list. You can find it here: Joomla Security Check-List.

Chris Adams is the Founder and CEO of Rochen, a web hosting provider specializing in providing a performance tuned hosting platform for dynamic database driven scripts like Joomla! Rochen has hosted all of the official Joomla! websites since the project began in August 2005.

Posted in Green Web Hosting, Joomla, Web Hosting | 5 Comments »

Are backups important to you? Learn how Rochen can help you avoid the fate of companies like Journalspace.

Tuesday, February 17th, 2009

There has been a lot of discussion in the hosting community lately about backups and the protection of customer data. This follows a large budget host losing entire servers worth of customer data after a failure and the very public collapse of the popular blog hosting provider Journalspace. Neither of these hosts had a proper backup strategy in place.

Rochen originally launched our Rochen Vault enterprise managed backup platform in May 2007 and it is included as a free of charge service with all of our shared and reseller hosting plans. It can also be added to full managed servers as well for a small monthly fee.

One of the most popular pre-sales questions we receive is: “what is different about Rochen Vault to other backup solutions?”

I hope I can help fill you in on Rochen Vault and why we think it is such a revolutionary solution through this blog post. Firstly, I will start by running through a few of the other backup solutions that are on the market and commonly used by many hosts and then explain Rochen Vault.

File Backups to a Secondary Drive

Most web hosting providers use low-cost backup solutions where your data is simply backed up once daily to a secondary drive in each of their servers. This works by simply copying your account files from one location to another on the server often using a free tool such as rsync. While this is a good fall back solution it is not a good primary backup method for several reasons: -

a) your data is backed up to a drive in the same physical server so if the server is fried by a power surge, brownout or another catastrophic issue the chances are the backup hard disk is going to be destroyed along with the primary.

b) with a simple disk-to-disk file copy there are no integrity checks on the backups to ensure they are running properly and they are not corrupted.

c) in the vast majority of cases there will be less than a handful of diffrent points in time where your data can be restored from.

d) copying large amounts of files can take a lot of time and if you are hosted on an oversold server then it can raise the server loads for many hours slowing down your website and impacting performance while the backups run.

e) if the entire server needs to be restored in a disaster recovery scenario then the operating system (OS) first has to be re-installed, the control panel system has to be re-installed and then finally services like Apache and MySQL need to be re-configured. This all has to occur before a single file can be restored from backups.

Pros: Easy to implement, low cost solution

Cons: Low level of data protection, no integrity checks on backed up data, very few number of restore points, slow disaster recovery

Rochen Position: Here at Rochen we backup all of your data to a secondary drive in our servers once nightly. This is only used as a secondary backup system and a fall back to Rochen Vault though.

File Backups to a Remote Server

Some hosts are now taking the initiative of further protecting customer data by copying files with a tool like rsync to a remote server instead of to a secondary hard disk. While this is a good step to take, as it provides additional protection, it is still far from perfect. There are still no integrity checks on the data, very few points in time that you can restore to, slow restores in a disaster recovery situation and on oversold hosts it will still create load problems.

Remote backups also open another can of worms in that you are unlikely to be able to access the backup data on the remote server directly yourself so you will need to open a support ticket with the provider to restore for you. With some less than stellar hosts this is not as simple as it sounds. You could be waiting hours for what should be a simple file restore but is keeping your site offline until it is completed.

Pros: Easy to implement, provides additional protection over local disk-to-disk backups

Cons: No integrity checks on backed up data, very few number of restore points, slow disaster recovery restores, can often take a long time to get data restored

Rochen Position: Here at Rochen we push all of your data to an off-site remote location twice weekly. This along with local disk-to-disk backups is only used as a secondary backup system and a fall back to Rochen Vault though.

**RAID is great but it is NOT a backup solution!**

RAID is a great system as it mirrors your data over multiple hard disks but it is not a backup solution on its own. The reason RAID is not a backup solution is that it mirrors your data across all of the hard disks in the array in real-time. This means that if you mistakenly delete a file, your account is compromised resulting in files being wiped out or if simple data corruption occurs across the server then you are sods out of lock as the RAID system will replicate this to all drives in the array instantly with no way of recovering the previous state.

Don’t get me wrong. As I said above I think RAID is a fantastic and something all hosts should be running but it should not be mistaken for a backup solution. This is the mistake Journalspace made as they thought they had a solid backup strategy in place by running RAID and mirroring their hard disks but they ended up losing everything and their business has subsequently collapsed. Where RAID can help though is if a hard disk suffers a failure it can be swapped out with minimal to no downtime without any need to restore the server from backups. It is better to think of RAID as a redundancy system to improve site availability than as a backup platform.

Pros: Can improve site uptime in the event of a hard disk failure, can help improve disk throughput performance when running RAID10.

Cons: It is not backup solution, can be costly to implement if using RAID10 and/or Serial Attached SCSI (SAS) hard disks

Rochen Position: Here at Rochen we run between 4 – 6 Seagate Cheetah 15,000 RPM Serial Attached SCSI (SAS) hard disks in RAID10 to provide the highest level of reliability and performance possible in a shared and reseller hosting enviroument. Our RAID10 arrays are also all backed by hot-spare disks.

Rochen Vault

Rochen Vault works by taking a block level snapshot of the entire hosting server (including your files, MySQL databases and email) and storing it off-server on high performance Network Attached Storage (NAS) appliances. It runs at the kernel level and “images” each block on the hard disk to create a snapshot instead of backing up individual files. This provides the following benefits -

a) your account on the server is backed up multiple times per day instead of just once daily as with most traditional backup systems. This type of enterprise backup schedule is becoming more important for customers these days who may be hosting Joomla installs and running other dynamic scripts like WordPress or phpBB where MySQL and other data is changing more frequently than in the past with static HTML sites.

b) because Rochen Vault runs at the block level as a kernel module and not at the higher file system level it can take multiple backups per day without impacting system performance or adding drastically to the overall system load. While protecting customer data at Rochen is extremely important so is maintaining a fast and speedy hosting platform.

c) you can login to the Rochen Vault recovery site at anytime via: https://vault.rochen.com to restore data under your account yourself without even having to open a support ticket with Rochen.

d) unlike traditional backup solutions where only 1 – 3 different backups will be kept you have the ability with Rochen Vault to restore from dozens of recovery points over the past 30 days. You can restore individual files or an entire account. In fact you could even restore one file to a backup taken two weeks ago and another file to a backup taken 12 hours ago.

e) in the event that we need to restore an entire server in a disaster recovery situation we can do so rapidly without having to first re-install the operating system, control panel and reconfigure the services. We can kick off what is called a “bare metal restore” allowing us to re-image the entire server from a Rochen Vault snapshot.

f) all data Rochen Vault stores is not backed up on the local server but to dedicated high performance Network Attached Storage (NAS) appliances. We run a private network connecting all of our hosting servers to the Rochen Vault appliances and all backup data passed over the network is fully encrypted for good measure.

Here are some screen shots of the client side interface of Rochen Vault -

Rochen Vault runs directly through your web browser. Easily select from dozens of recovery points over the past 30 days.

Expand a recovery point and select to either restore an entire account or even individual files under an account.

Data restored from Rochen Vault to your account on the front-end web server is encrypted over our backend network.

The Rochen Vault interface is very easy to use and once your restore is complete you will be presented with helpful confirmation screen.

The interface is very easy to use and once your restore is complete you will be presented with helpful confirmation screen.

Brad Baker from our team recently demonstrated Rochen Vault at the Melbourne JoomlaDay and received some extremely positive feedback regarding the system.

We are continually looking to improve Rochen Vault and over the coming months we will be adding client-side restore support for MySQL databases as well as files. MySQL data is already all backed up but a ticket most be opened to have us restore databases right now.

Next time you need to restore some data give Rochen Vault a try as we think you will be pretty impressed. If you have already used Rochen Vault then leave a comment under this blog letting us know what you think.

Thanks for reading and until next time!

- Chris

Tags: Backup Joomla, Managed Backups, Rochen Vault, Secure Hosting
Posted in Hositng Backups, Reseller Web Hosting, Web Hosting | 6 Comments »

Rochen’s take on Green Hosting. Is it a scam? Does it really help the environment? Learn about our new “Green Initiatives”.

Thursday, November 27th, 2008

You may have noticed a lot of web hosting providers promoting so called “green hosting” recently. This is a trend which has taken off in the hosting world within the past year and in no small way. While pushing to be greener is certainly commendable virtually every hosting provider I have seen promoting such things either isn’t telling the whole truth or is flat out misleading the consumer. This does nothing but damage the reputation of the industry as a whole.

The Problem

So here’s an example for you. One of the largest budget hosting providers advertises: “all of our shared and reseller servers are now 130% wind powered”. This is complete nonsense. I know this for a fact as I have toured the data center in Dallas, Texas where they have their servers located as it is five minutes drive from the facility where Rochen have our own servers. Their data center has zero wind power. Not even a single server is powered by wind. This provider is not alone, there are countless others who claim to be powered by wind or solar when they are clearly not or claim to offset carbon emissions but provide no proof.

Rochen have been getting more and more potential customers asking about “green hosting” so we wanted to do what we could to address this concern but at the same time do it in an honest way that wasn’t misleading and would have real benefits for the environment as well as our business. We didn’t want to go the route the above provider and most others have which is just an outright scam. Besides, Rochen have a well enough educated client base that would see right through it anyway.

Rochen’s Honest Solution. Green Hosting Done Right.

I am pleased to say that we have taken many steps over the past couple of months, including offsetting our carbon emissions (and we have the certificate to back it up) and making other technological improvements. We announced these to existing customers at the start of November. These changes apply for all current customers as well as new customers. Our reseller web hosting customers can also take advantage of this new marketing tool.

You can read full details about the steps Rochen has taken here: http://www.rochenhost.com/about/green/

Don’t get me wrong, Rochen’s new “green hosting initiatives” are partly clever marketing (which I have nothing against) and it is an area that we still need to improve in over time. I do however strongly believe that the way we have gone about this will have real benefit for the environment while showing potential customers that we are not just out there jumping on the latest bandwagon and trying to scam them. One customer used a nice term saying that most “green hosts” are simply “green washing” and they were pleased to see Rochen was not. I couldn’t agree more.

I would encourage you to check out the above link to see what we have done and then let me know your thoughts by posting a comment to this blog. So here’s to planet Earth, doing what we can to help while keeping our marketing honest. Thanks for reading.

- Chris

Tags: Green Web Hosting
Posted in Green Web Hosting, Reseller Web Hosting, Web Hosting | 5 Comments »

Rochen, now proudly hosting JoomlaPack. Make migrating your site to Rochen even easier.

Wednesday, November 5th, 2008

Rochen is proud to announce our sponsorship of the JoomlaPack project. JoomlaPack is an invaluable tool for helping migrate your Joomla sites and we’re proud to be providing the joomla hosting for this great project. If you have ever tried it out before, I am sure you would agree that it is one of the most professional and polished tools available for Joomla. As well as that, it makes moving a Joomla website a breeze.

It is also an Editors Pick on the Joomla! Extensions Directory with many rave reviews.

So join us in welcoming the JoomlaPack team to Rochen. We look forward to working with them on into the future, and hope that their tool proves useful to many of our clients as well.

If you are not yet familiar with their free tool, be sure to head on over to their site and check it out.

About Joomlapack

JoomlaPack is an open-source backup component for the Joomla! CMS, quite a bit different than its competition. Its mission is simple: create a site backup that can be restored on any Joomla!-capable server. It creates a full backup of your site in a single ZIP archive. The archive contains all the files, a database snapshot and an installer derived from the standard Joomla! installer. The backup and restore process is AJAX powered to avoid server timeouts, even with huge sites. Alternatively, you can make a backup of only your database. If you want a reliable, easy to use, open source backup solution for your Joomla! site, try it out.

- Brad Baker

Brad Baker has been a member of the Rochen team since early 2003 and is a founding core-team member of the Joomla! Open Source Project. He also blogs here.

EDIT: Please note, JoomlaPack has changed their name to: AkeebaBackup and moved to a new site: www.akeebabackup.com Please update your links accordingly.

Tags: joomla site migration, moving your joomla site, sponsorship
Posted in Joomla, Web Hosting | 3 Comments »

Slow load times? Poor performance? The real word problems behind “overselling”. Don’t panic though, Rochen can help!

Tuesday, October 21st, 2008

If you have browsed around different hosting companies websites you are bound to have come across at least one that either offers unrealistic amounts of disk space storage or data transfer and then conceals what they really do offer through clever jargon in their legal agreements. Some providers have even gone as far as advertising “unlimited” disk space and “unlimited” bandwidth in an effort to pull in unsuspecting customers. In the industry we refer to this practice as overselling.

The keyword here though is advertising. That’s really all these oversold providers are doing. They are advertising (falsely in my opinion) something they can’t actually deliver. If a provider is advertising 750GB of disk space and 10,000GB of data transfer (or worse “unlimited”) for $8 per month, as an example, then something is not right. It is not possible for a provider to buy resources this cheaply and then once you factor in other outgoings like the servers themselves, support engineers and other costs of doing business it just doesn’t add up. Both disk space and bandwidth are a finite resource like anything else. Disk manufactures like Seagate and Maxtor have not designed hard disks with unlimited storage yet. Bandwidth providers such as InterNAP and Level 3 have not worked out a way to push unlimited data down their pipes yet.

False advertising is not the biggest issue here though. The biggest problem is that these practices impact your website load times and its overall performance. These providers are counting on the fact that the vast majority of users on a server will not consume the advertised amount of disk space or bandwidth and the few that do will be offset by the other paying customers. This is partly true but it does not stop very serious problems from occurring. By allowing a few customers to use these levels of disk space and bandwidth in a shared environment it can cause major stability problems for everyone else on the server. Their shared servers end up drastically overloaded which then hits your site load times. Worse still, they might just cut you off if you use too much yet you are still within their advertised limits.

There are two main reasons that many hosting providers manage to get away with these dubious practices -

Through no fault of their own the average consumer of web hosting services simply isn’t educated enough and when they see these falsely advertised plans they think “fantastic, that’s a great deal” and they go ahead and purchase. If I didn’t know any better then I would probably do the same thing. That’s one of the reasons for this blog post to hopefully try and spread the word. Education is king.
Due to the web hosting industry not only spanning across many states and territories but the entire globe there is little to no regulation on the way many providers advertise their service. There is no one to turn around and tell these providers what they are doing is unethical. Some of the providers doing this are well known brand names and huge multi-million dollar corporations.

Our aim at Rochen has always been to provide our customers with ample resources to run their website and provide seamless upgrade paths as they grow while not falsely advertising our service. Rochen not overselling is a huge benefit our customers have but it is also our heavy investments in infrastructure and systems like Rochen Vault that set us apart. Rochen’s commitment to proper, no nonsense, 24/7 support backed by certified engineers is another big selling point.

Speaking of Rochen Vault, I will try and blog in more detail about this another day, as it truly is a fantastic system that allows you to easily restore files or an entire account to points in time over the past 30 days. If you have had a problem with a script upgrade, mistakenly deleted a file etc. Within a matter of a few seconds you can have your site recovered and back online. Back to overselling and performance for now though.

We often get emails from users looking for Joomla hosting and web hosting services for other types of dynamic scripts (PHP / MySQL driven mainly) and they tell us that things are running slow with their current host. Nine times out of ten this is due to the fact they are hosting with one of these oversold providers and as soon as they move their website over to Rochen it is like it receives a new lease of life. All of our plans come with a full 15 day money back guarantee, so you can try this theory out for yourself completely risk free.

Rochen’s primary target market is those users looking for a truly performance driven hosting platform where their sites will load fast and they will not have many of the common hosting hassles they would with other providers. Whether it be a personal homepage, business site or providing reseller hosting for your own customers we likely have a solution for you. If you are not sure what you are looking for then drop us an email via sales@rochen.com and we will be happy to have a chat with you. If Rochen reverted to the ways of some of these providers then we would lose our core user base who demand performance at reasonable prices.

Before signing up with any provider examine their offering in great detail, see what added-value services they offer (e.g. Rochen Vault), see what their track record in the industry is like (Rochen has been around for over eight years) and see if they are misleading you with a hugely oversold offering. Also, try and calculate how much disk space and data transfer you actually require. This can often be tricky, but using Joomla as an example again, you can deploy a good sized Joomla site, store a good chunk of email and still have space left over out of 200MB disk space. In a lot of cases we see users vastly overestimating the amount of disk space they need to get started. Remember, as your site grows you can easily upgrade.

So join with me in saying yes to performance driven hosting and no to the misleading oversold plans. Thanks for reading and I hope you find this information useful.

- Chris

Tags: fast joomla web hosting, fast reseller web hosting, overselling, unlimited bandwidth, unlimited disk space
Posted in Joomla, Reseller Web Hosting, Web Hosting | 3 Comments »

My Favorite Cell Phone

Friday, October 17th, 2008

.. and guess what, it’s not an iPhone!

I recently switched to a Nokia E71 and have decided that this is the best phone I have used to date. I actually made a conscious decision and chose this phone after evaluating it and the iPhone. Probably one of my favorite features is the keypad, with a full, albeit small, qwerty keyboard. Also, running the Symbian Operating System, many 3rd party applications are available.

It will be interesting to see in a few years how the Google Android phone operating system stacks up, but for now, I’m sticking with this phone.

What difference does it make to you as a customer of Rochen?

Well, for one thing, I can be even more connected. I’m able to receive email the moment it arrives, continue to interact with our staff while out and about via our internal IM (instant messaging) network oh, and in emergencies it even accepts phone calls.

It has inbuilt GPS which I use in conjunction with Google Maps at times.

Did you know?

If any services fail on any of our servers our remote monitoring system sends all staff an SMS.
All our staff interact with our servers using a secure method. Sometimes this is via https other times using SSH keys.
All staff can access their email while away from their desk in case of emergencies or just to monitor the helpdesk.
It’s not uncommon on any given day for all our staff to have a few conversations together. So despite our geographical location, we’re working together as one team to support you.

I also carry with me an Asus Eee PC in case I need to handle anything more important that can’t be handled via my phone. It runs a Linux based operating system which is both familiar to me, but also efficient on a small machine like this. I have the small 7″ Eee PC.

Technology really has come a long way, and it enables us to continue to provide the high level of service our customers has all become accustomed to.

What kinds of technologies help you to be able to continue to support your own customers?

- Brad Baker

Brad Baker has been a member of the Rochen team since early 2003 and is a founding core-team member of the Joomla! Open Source Project. He also blogs here.

Tags: cell phone, nokia e71
Posted in Customer Support, Web Hosting | 1 Comment »

Spam, Spam, Spam: What can you do?

Sunday, October 5th, 2008

It’s a sad reality these days on the internet, but Spam is everywhere. For most people, it starts in your inbox and ends up a battle on your forums and comment systems on your websites.

We’re not immune from this at Rochen. We have also been trying and testing out various options for our own pre-sales forum. I think it is finally starting to help now though. However, let me try to explain a few things that may help you in your own fight against spam.

First, email. Many of our clients have good success using an email filtering system, such as the one Google offers. This system works by filtering and delivering the email to the normal location (your webserver) where you then access it as usual. Others have found using 3rd party email like Google Apps which allows you to have ‘gmail at your domain’, works for them. Lest I appear to be only plugging Google, there are other systems out there, but IMHO nothing quite as effective as Google’s spam filtering.

All our hosting accounts also come with free spam filtering by Spamassasin. This is yet another option in fighting spam in your Inbox. You have choices, find the one that suits you best, and I’m sure you will feel some satisfaction knowing you’ve helped to clean up your Inbox, and perhaps those of your fellow employees as well.

Second, website/comment spam. I think it goes without saying that *IF* you decide to utilize some kind of comment system on your website you NEED some bot/spam filtering. Some common 3rd party services I’ve used with good results are:

..there are others, but the bottom line is, you must consider things like this when implementing a website these days. On the Joomla! Community and Developer websites we make use of Akismet with excellent results. Manually filtering and approving comments on large sites like these is just not productive.

I have noticed there are many Extensions for Joomla! available to help in the website spam fight, be sure to check them out yourself the Joomla! Extensions site.

Isn’t it intersting how much resources are devoted to things that in the past were a non issue. A similar subject is antivirus, but seeing as I personally only use Mac/Linux that is less of a personal concern.

Well, I hope this information at least proves beneficial to someone. Until next time.

- Brad Baker

Brad Baker has been a member of the Rochen team since early 2003 and is a founding core-team member of the Joomla! Open Source Project. He also blogs here.

Posted in Web Hosting | 4 Comments »

Rochen continues to focus on support: New Customer Knowledge Base

Tuesday, September 23rd, 2008

In case you have not yet noticed, recently we upgraded the software that our customer helpdesk and portal (My Rochen) runs on. Apart from being far more efficient for staff (which translates to better/faster customer support) one of the features I am personally most excited about is the new internal Knowledge Base.

As a client you can see this new feature here. You will need to be logged into My Rochen to view this link though.

What does this mean for you as a customer?

Here at Rochen, we will continue to provide the same level of personal support via our helpdesk, however, now we have this new tool to help even further. At this time, the contents are somewhat limited, however, over time they will increase.

The system will automatically offer you articles to read from the knowledge base as you enter your ticket based on the contents of it. These articles will simply appear to the right of your screen so as not to impede or slow down your ticket submission, but if the answer to your question catches your eye then it could save having to even click submit!

We hope this continues to enable us to provide all our clients with what we believe is the best hosting support in the business!

- Brad

Brad Baker has been a member of the Rochen team since early 2003 and is a founding core-team member of the Joomla! Open Source Project. He also blogs here.

Tags: Rochen Customer Support
Posted in Web Hosting | No Comments »

Joomla! Security – Ever been hacked? Sorting fact from fiction. Useful security tips for Joomla! users.

Friday, September 19th, 2008

Firstly, welcome to the Rochen Blog and our inaugural post. I am not sure where this blog is going to take us or what topics we will cover, but pretty much everything is on the table. With this first blog I thought it would be a good idea to cover a topic on the minds of many people – Joomla! security.

I think it is fair to say that Joomla! has received a lot of unjustified and misinformed criticism from many in the web hosting community. In my opinion the main reason for this is that when a Joomla! powered website is hacked on a host’s server then the vast majority of providers automatically assume the problem lies with Joomla! itself (because that’s what the site is running) and immediately tag it as a script with a lot of security problems without any proper research. Some hosts have even gone as far as banning Joomla! from their servers.

From our own experiences here at Rochen we have found that the vast majority of security issues that come up with Joomla! sites are nothing to do with the core code released by Joomla! themselves but due to poorly coded, insecure or out of date third-party extensions that are installed under Joomla. Even if your Joomla install is kept fully updated but you have a single insecure extension installed then this will allow your entire site to be compromised. Vulnerable extensions are lethal to your site security.

As you might be aware Rochen know a thing or two about Joomla hosting. We host thousands of Joomla! powered websites but we also host all of the Joomla! official sites at www.joomla.org as well. We hosted the very first install of Joomla before any other provider. So I have put together a few recommendations based on things we have seen at Rochen that will hopefully help you keep your Joomla site more secure. Hosting with Rochen never hurts, but these tips are not specific to us.

1. Host your site on a server that runs PHP in CGI mode with su_php. This means that PHP runs under your own account user instead of the global Apache user and you don’t need to set insecure global permissions like CHMOD of 777. Not having PHP configured in this way opens you up to cross-account attacks from other users on the shared server since you will need to CHMOD to 777 any directories Joomla! need to be able to write to. It also makes installing and managing extensions a real nightmare for the webmaster. A shameless plug, but in case you were wondering, yes, Rochen meets this requirement and we also performance tune all of our PHP installs as well for good measure.

2. Providing you are hosted on a server that runs PHP as directed above then you should ensure all of your files are CHMOD to 644 and directories to 755. One exception is to ensure your Joomla configuration.php file is CHMOD to 640. You should never CHMOD any files or directories to 777, especially your configuration.php file.

3. The Joomla! FTP Layer was developed as a work around solution in case a user was hosting a site on a server that did not run PHP under the account user. It allows for extensions to be installed under Joomla without running into file ownership issues. Unfortunately, it also opens up a potential security hole since your FTP details are stored in plain text under a Joomla! configuration file. If you are hosting in a secured and tuned environment, like we have here at Rochen, then you don’t actually need the FTP layer to be enabled as extensions will install out of the box without any hassle and you can manage them without running into file ownership issues. You should disable the Joomla FTP Layer and ensure it has not stored your login details.

4. There was a security issue with Joomla reported around a month ago that allowed an attacker to reset the Joomla administrator password for a site. Although it is not a complete solution a really simple thing you can do to help protect yourself if an issue like this comes up again is to change your Joomla! administrator username. Change it from the default “admin” to something else like “chris.admin”. Make it that bit harder for an attacker to compromise your site.

5. Although it might be tempting to install every extension under the sun (there are a lot of wonderful ones out there and some not so great!) only install the ones you need. The more you install under Joomla! then the more likely your site is to be compromised. You should also ensure you remove any components (including the files themselves via FTP) for any extensions you are not using.

6. It might seem like an obvious one but ensure your web hosting provider is keeping up with their responsibilities. Ensure they are keeping PHP and other software on the server updated (nobody should be running PHP4 anymore as it is now “End of Life” and potentially open to security issues), ensure they are running their operations in a secure way (PHP in CGI mode with su_php as noted above) and ensure they are taking steps to help ward off attackers by running modules like mod_security under Apache and open_basedir under PHP. Having mod_security on your server can help to stop a lot of XSS attacks against your Joomla! install getting through, but it can’t stop them all so you still need to ensure you keep up with your Joomla! security updates.

7. Ensure you are setting secure passwords for both your Joomla! administrator user but also your web hosting account control panel and FTP logins. It would be a real shame to have spent lots of time securing your Joomla! install to then let an attacker in through a weak password. I recommend a password that is at least 8 characters in length and containers letters (both upper and lower case), numbers and at least one symbol. Also ensure your passwords do not contain dictionary words. Using a password generator is a good idea.

8. Another useful tip I can share with you is to password protect your Joomla! /administrator directory. You can do this under an Apache web server using a .htaccess file and if you are a Rochen customer this can be easily configured using the “Password Protection” option within your control panel. By password protecting the /administror directory you will have to enter a username and password prior to reaching the Joomla! administrator login page. It means that even if your Joomla! admin password is stolen then your site is still largely protected since the attacker will not be able to reach your administrator login page. Remember, it is important to use a diffrent password on the /administrator directory than you do for your Joomla! admin password or it defeats the purpose of doing this.

9. Last but not least, and probably most important, you need to ensure you keep your Joomla install itself fully updated with the latest security patches from Joomla. You also need to ensure you keep all of your extension installs updated too. Remember, even if your Joomla install is updated having even one insecure extension can allow your site to be compromised. You should subscribe to the Joomla Security Mailing List as well as the mailing lists maintained by the developers of third-party extensions you have installed. If you are using an extension from a developer that doesn’t maintain a security mailing list, then question them why. It is something all developers should be doing.

So, if you have read this far down the blog post, then you might be happy you did because I am pleased to provide you with a Rochen promotional code: joomlasecurity. Simply enter this during the Rochen ordering process and you will receive 15% off your first month’s hosting for any of our plans. This coupon is good through to the end of October 2008. We don’t issue many coupons, but when we do they will be in sneaky places like this. Who ever said reading blogs while you should be working wasted money?

One other thing worth mentioning. If your Joomla! site hosted at Rochen is hacked then you can easily roll your account back within a few minutes to points in time over the past 30 days using our Rochen Vault recovery system. Simply login, select the files you want to restore and boom – your site is rolled back to an unhacked state. You do of course then need to secure the site otherwise it will simply be hacked again, but if you follow what I have outlined in this post then your Joomla! powered sites being hacked should be a thing of the past.

If you have any comments, questions or better yet security tips of your own then please leave a comment under this blog. Thanks for reading and I hope you have found some of the tips useful.

- Chris

Tags: Joomla Hosting, Joomla Security, Secure Joomla Host
Posted in Joomla, Web Hosting | 13 Comments »

Rochen Host

Archive for the ‘Web Hosting’ Category

Joomla Days in the USA, UK and Australia and Rochen’s Las Vegas Party! Joomla hosting and security on the agenda.