What is HIPAA compliant hosting?

jpotter

HIPAA is serious business. Nobody wants their private medical information to fall into the hands of strangers. If you work with servers in the medical field, having a good understanding of the HIPAA and HITECH laws are a must. Check out this piece that Liquid Web asked me to write regarding this very topic.

What is HIPAA Compliant Hosting? – Liquid Web
What is a HIPAA server and when do you need one? Learn how Liquid Web’s HIPAA compliant hosting can protect your health information.
www.liquidweb.com

How to Configure Apache 2 to Control Browser Caching

jpotter

If you want to get the most out of your server, one of the best tactics is to use modern browser cache controlling. The fewer elements a user has to download repeated can take considerably strain off of the server. Check out this piece I did for the folks at Liquid Web that can help you configure this technique on your own.

Configure Apache 2 to Control Browser Caching – Liquid Web
Learn about Configure Apache 2 to Control Browser Caching today with Liquid Web.
www.liquidweb.com

How to Use Disk Quotas in Dedicated Linux Servers for cPanel Servers

jpotter

Part two of my full original article on handling disk quotas on various server types. Quotas are a critical component of shared webhosting and understanding how to utilize them is paramount to anyone administrating web servers.

Use Disk Quotas in Dedicated Linux Servers With cPanel | Liquid Web
Disk space management in dedicated Linux servers with cPanel is often underestimated. Learn to manage disk space in your cPanel server.
www.liquidweb.com

The nightmare that is wp-cron.php

jpotter

The nightmare that is wp-cron.php

One major gripe I have with WordPress is the default wp-cron.php implementation. If you are familiar with how WordPress uses wp-cron.php by default, you may want to skip ahead to the next section of this article.

What is wp-cron.php & How does it work?

The file wp-cron.php is the portion of WordPress that handles scheduled events within a WordPress site. Anything that has to do with scheduling posts or publications and really anything date/time oriented is governed by the wp-cron.php file.

In order for wp-cron.php to work properly, it needs to be executed frequently, but no more than once per minute. However, the default behavior does not require you to set up a real system level cron job on your server. Instead, it uses a piggyback method on every incoming request. When a request comes into the site, WordPress will generate an additional request from itself to the wp-cron.php file over HTTP(S). That sounds pretty innocuous, right?

Why is the default wp-cron.php behavior a nightmare?

The default method works perfectly fine on a small site with very few visitors per hour. However, when implemented on a medium or larger site or even a site that is being scanned by bots (which is very common these days), this means you get twice fold whatever traffic you are currently handling. It becomes a rudimentary DDoS attack against yourself. This is because the cron is being executed multiple times a minute using an HTTP request. The HTTP request generates additional overhead by having to generate, negotiate and establish the connection over a network socket. It even impacts the effective capacity of your underlying web server. This solution does not fare well in most situations, and honestly, it should be removed as the default behavior due to its propensity to be abused or turned into an attack vector on a server just from regular traffic.

Well, what are the alternatives?

The only real alternative and the much better solution is to configure a regular system cronjob that executes the wp-cron.php script directly through PHP every minute. This ensures that any scheduled tasks are indeed executed at their scheduled time. It also should not be done via an HTTP request but a direct execution of PHP to avoid hindering the web server’s capacity or generating additional memory overhead on the network layer.

How do I disable the default wp-cron.php behavior?

This is pretty universal and simple to do. You need to update your wp-cronfig.php file to include the following setting:

define('DISABLE_WP_CRON', true);
  • You can typically find your wp-config.php file in your site’s public_html directory.
  • This new setting should be put in the file just after the DB_COLLATE database line which looks like the following
define('DB_COLLATE', '');

How do I set up a system cron job?

This is simple in cPanel, assuming your hosting provider has enabled the cron job feature on your account. The cPanel Cron Jobs Documentation goes into greater details but essentially you do:

  1. Login to cPanel for your domain: yourdomain.tld/cpanel
  2. Input “cron” in the quick search box near the top of the page.
  3. Click “Cron Jobs” icon that appears.
  • If it does not appear, your account does not have the Cron Jobs feature enabled and you will need to talk to your hosting provider for help setting up the cron or switching to a package that includes the Cron Jobs feature.
  1. Pay attention to the Cron Jobs page, it will provide you the exact location of your PHP binary. You will need to copy that path into the command box at the bottom of the page and alter the file being executed by PHP to be your /home/username/public_html/wp-cron.php file instead. Using the full path.
  2. Select the first entry (“*”) for each parameter. This will execute the wp-cron.php file every minute.
  3. Click that add cron button and you’re done.

Why are you so harsh on this practice, it seems reasonable and easy to fix?

I believe it is up to the software engineers that develop our digital world to impress upon themselves a sense of responsibility for their products. WordPress is ubiquitous these days and with auto installer software, like Softaculous, WordPress gets installed on a very large majority of sites. They are installed with the default behavior enabled, which is essentially an attack vector on any server. Now with the hosting industry being so prevalent in our lives, many people have WordPress sites and do not know about this issue until it cripples their site. The default integration is sorely inadequate and should be removed. Today on one server alone, I found over 500 different installs of WordPress and watched as a bot hit each site on the server. Every one of those sites suddenly became a liability for the server’s stability.

I realize that this problem is handled on a case by case basis. However, with so many installs around the world, it would be better addressed by WordPress rather than every single hosting provider who has to set up special conditions on their server to protect against the hole this software generates. The cost of removing this behavior and forcing site owners to generate a system cron should be baseline and a notice placed within the WordPress admin interface that scheduled tasks will not be executed until a system cron job is created properly. This is within my programming skills, so I know it’s well within theirs.

WordPress aims for ease of use, so their target consumers are those that typically know little about hosting caveats. I believe the responsibility here lies entirely with WordPress to fix and they have taken the stance against it. In the meantime, the System Admins in the hosting industry have to suffer through this terrible “feature” when examining servers that have fallen out of control due to a bot running over a default WordPress install.

Visualize The Insanity

Each visitor in the default wp-cron.php setup spawns a secondary connection originating from the server over a network socket to wp-cron.php. Ergo each visitor in this setup reduces the overall available network sockets by half and increases the load contribution of a single visitor to double that of a single visit. The solution is running wp-cron.php through PHP via a regularly scheduled system cronjob. This eliminates the problem entirely and, in my opinion, should be the default implementation to prevent abuse of derelict default WordPress installations.

How to Use Disk Quotas in Dedicated Linux Servers

jpotter

This piece is taken from a broader article I wrote discussing quota usage and some of the unsung dangers that can occur when disk space runs low. The original covers both Linux Plesk and cPanel servers, those particular parts of the original source will be published as their own articles.  As always, you can find all my currently published articles with other parties on the External Publications page here on cpguy.com.

Use Disk Quotas in Dedicated Linux Servers – Liquid Web
Disk Space Management is an often underestimated necessity of a systems administrators job duties. When managing disk space it is important to track and maintain adequate free space.
www.liquidweb.com

Understanding Liquid Web’s High Availability cPanel/KVM Servers

jpotter

Why didn’t the HA-cPanel/KVM kick-in when Apache was down for 20 minutes?

Apache operates on the service level of the HA-cPanel/KVM infrastructure. Service levels issues are not monitored. This is because they are contained within the virtual machine running on within the virtualization layer. Quite simply, the underlaying parent servers have no idea what is running on the guest VM they are protecting. Consider the following simplified chart of a typical HA-cPanel/KVM setup:

As we can see the LAMP Stack where Apache resided is further up past the Fail-safe level. There guest server runs in its own virtual environment. It’s not even aware that it is a guest in the environment and behaves like a standard Virtual Machine.

The HA-cPanel/KVM hardware layer protection is constantly at work. Each parent is perpetually talking to each other over a dedicated cross-over cable using a heartbeat daemon.  The moment the PRIMARY server fails to identify itself to the SECONDARY server, the SECONDARY server springs to life, promoting itself to PRIMARY and spinning up the virtualization platform to launch the guest-vm.

Fail-over is not completely seamless in this configuration. The guest-vm must be booted up on the new PRIMARY parent. However, due to the constant synchronization of data using DRDB  there should be minimal lost data.

Why not monitor the service level?

That’s a tricky questions. Fail-over in this system is designed to protect against imminent hardware failure and not a system built to maintain service uptime. Service level issues are generally resolved without needing to reboot a server. Since fail-over is effectively an abrupt power off of the guest-vm, it’s not a clean shutdown and there is always a minimal risk of some data loss or corruption.

There are better suited configuration for handling service level downtime. A highly trafficked site can take advantage of Load Balancing techniques to ensure responsive and stable uptime of their Apache LAMP stack. HA-cPanel/KVM can also work as a single node in an LB setup offering both the service level stability of a Load Balancer as well as the hardware level protection of HA-cPanel/KVM. You can have the best of both worlds.

If you are looking for a reliable system that protects against hardware level damage, give the folks at Liquid Web a few moments of your time to consider a solution like this for your valued data. I promise they won’t bit and the support is truly heroic.

Enterprise Hosting – Liquid Web
Liquid Web’s enterprise hosting solutions are here to help, no matter how complex your hosted infrastructure may be. Select the plan that fits you today!
www.liquidweb.com

Managed Private Cloud or Cloud VPS Hosting?

jpotter

I wrote this piece on Cloud Hosting technologies and how they can be leveraged by some example business model concepts.  Cloud Hosting solutions are the norm in the hosting field and will continue to be the unseen future.

Private VPS Parent vs VPS Hosting [Overview & Use Cases] | Liquid Web
Find out the difference in technology and use cases between the Private VPS Parent vs VPS Hosting for your growing web development or reseller business.
www.liquidweb.com

What is a LAMP Stack?

jpotter

My very first published article and it’s a good one. An outline of what makes up a typical LAMP stack and how knowing each layer applies to site owners and developers. Understanding the LAMP stack is critical for optimization. We all want our sites to perform there very best, but there is no one-size-fits-all solution when it comes down to server performance. A basic understanding of these software layers allows you to properly configure each directive to best perform for your unique site, user base, traffic and hardware configuration.

What is a LAMP stack? – Liquid Web
Learn about What is a LAMP stack? today with Liquid Web.
www.liquidweb.com

Introduction :: Getting Up & Running

jpotter

Hello and welcome to my tech blog. This has been something I’ve wanted to do for a long time but time has never really been on my side for it. I guess I can start with an introduction. My name is Jason and I’ve been working in the IT Support field for more than a dozen years at this point. Allot of that time has been working with cPanel hosting servers. I’ve had my share of rag tag situations when things got hairy and I was able to persevere. This experience has been quite valuable in my current support roles. I’ve decided to switch my focus from hands-on support to technical writing as I believe I have lots to share to help those with less encompassing spheres of knowledge. I know, I will need to get this grammar thing under control and learn how to introduce more brevity into my rants. I would love to do this full time but for now, It is merely a side project, so content maybe short coming for a while.

I have a programmers mind and I am a avid shell scripting fan using Bash and Gawk to their fullest potentials. I will be including publication of the software scripts that I’ve put together over the years as time permits. I had my taste at this technical writing thing a few weeks ago when the company I am employed with offered me a writing assignment. I really enjoyed cutting my teeth on that topic. What is a LAMP Stack? I learned a lot just from that one article and I am hungry about creating more. I will be referencing my publications on other platforms as referral links so you can see them in their glory. So far as of this post, it’s a handful of publication. However, with some grit and time, I expect that number to keep rising.

Thanks for taking the time to read my little candid introduction here.