Adventures in Hosting

As with any shared resource, I'd say the old adage that applies most is "You are known by the company you keep". Monitor your host logs for not just incoming abuse, but outgoing attacks. If you see abuse from your network neighbors, report it to your ISP fast and if they are not quick to get it to stop, find a better hosting company.

To that end, I'm sorry to say that a2hosting has many entries in my firewall, along with other mid-tier companies like hostinger and leaseweb. Obviously I'd say to avoid the big cloud providers like Google, Microsoft, and Amazon even more; based on the abusive traffic that comes from them, it's hard to distinguish any of them from a criminal organization that uses "legit" customers as human shields.

Similarly, I'd say to avoid WordPress as much as possible. All of the web attacks I woke up to this morning were looking for WP vulnerabilities to exploit. My ass is pre-saved by not having gone that route.

In general, I'd say use your hosting if you're going to go to the bother. The Internet is about a lot more than generic kitchen-sink web sites (or their RESTful backend API used as part of a mobile app). Where's my Ars Usenet server!?!?

hinduclient said:

Which way did you go? I find many affordable developers have moved to WordPress for smaller retail sites.

Click to expand...

I've developed a lot of different web sites/services, so I don't really go any one way. It all comes down to what the site really needs, and I'm very happy any time I can drop down to Web 1.0 to get things done (using modern HTML 5 and CSS, of course). Some things really don't require more than static pages or the kinds of simple templating that tools like Jekyll provide. Basic (Fast)CGI is perfectly fine for any site that isn't high-volume; having a full stack with an app server is overkill unless you're genuinely experiencing slow response times at the server level. Same is true for the backend; not everything benefits from some ORM layer connecting to a DB.

The more complex web apps become, the larger their attack surface is. I don't introduce any moving pieces until I know they're needed. I'm guessing that makes me less "affordable" because I'm not just throwing together cookie-cutter sites, but I'd wager the TCO is lower when you're not externalizing costs.

Many years ago I managed a good amount of web hosting, but these days my opinion is attacks are too wide-spread and more sophisticated, with a large attack surface with a large user base. There are a lot of hosting providers that seem like they will manage hosting WP as a service for you these days, and do a better safer job, for a really reasonable price, it's been commoditized. I'd just sign up for those and charge your middle-man fee for taking care of all the details.

On the same note, I used to dump on WP pretty hard, 'code is poetry'.. lol whatever, but I have to admit, it really does get the job done for the majority of people.