Tag: siteground.com

December 2020 work summary

On: By: Mark

My books aren’t quite closed yet on 2020, but 2020 was at least a good year for me and this business. I am unlikely to see a repeat next year.

Much of the new income was from one commercial client and the work there is slowing down. So I expect less revenue in 2021. But what a nice year it was! I nearly doubled my income from 2019. Normally I’d have spent a good portion of it, but with the pandemic there was no place to spend it. It normally goes toward fancy vacations (like a trip to Ecuador and the Galapagos in 2019), but this year except for a short cruise right before the pandemic hit in earnest, we had no choice but to vacation at home. My phpBB consulting is ideal work during a pandemic, as it is all done from home safely over the Internet. So thank you to all who trusted me with your forums in 2020 and kept me very much in the black.

Otherwise, my work in December was kind of slow because there wasn’t much to bill the one commercial client although curiously they did give me a $250 bonus! I enjoyed the downtime, but I also gave back to the community. Both my digests and filter by country extensions had new releases in December. More importantly I continue to work on a Spamremover extension, which finds spam using the Akismet web service. I had nothing to release yet, but I am getting close to a release.

Other work in December:

  • Worked with a client using my digests extension on Siteground hosting. Subscribers stopped getting digests. I helped the client set the email settings properly to match Siteground’s SMTP server but afterward there were still issues. It turned out that digests weren’t going out because no cron job was set up. It may have disappeared when Siteground moved him to a new server and they didn’t replicate his digests cron job. After finally getting into Siteground with the client’s help, I was able to set up a new phpBB cron which seems to work.
  • Upgraded a board from phpBB 3.3.1 to 3.3.2. Also added markup to display a favicon.
  • Upgraded a major client’s board from phpBB 3.2.2 to 3.3.2. There are many customizations to phpBB 3.2.2 that had to be carried over in phpBB 3.3.2. I first did an upgrade to the test environment to work out any kinks, then a month or so later did a production upgrade to the board. All appears to be okay. I had to change the owner of the /cache/production folder to get rid of a HTTP 500 error. Later, I chased lots of styling issues, mainly on the view topic page and related to mobile display.
  • Issue with too many login attempts during admin login. I reset the number of password attempts using SQL and provided him with the SQL I used. But it didn’t work. I tried to delete the cache manually using FTP but didn’t have permissions in the twig folder. Also, CAPTCHA would not come up even though a message said to solve the CAPTCHA. Had to give my account (and his too) founder permissions. Later I realized there was a simpler solution: use phpBB’s lost password feature. The CAPTCHA issue I figured out was likely a bug in phpBB, so I submitted a problem report. It turns out that if a CAPTCHA is used, allow_url_fopen is false and the CAPTCHA is validated with a post request, the error will occur. A HTTP GET request though won’t have an issue. This is a bug in phpBB that needs fixing.
  • A phpBB 3.2 board that can’t be upgraded had emailing issues. Test emails went out okay. Could not get SMTP to work for sending email. I suggested talking with the client’s web host to see if they are blocking “spammy” looking outgoing emails. Later, I added ACP Add User extension, which apparently was what he really needed.
  • Updated a board from phpBB from 3.3.0 to 3.3.2, and my digests extension from 3.3.1 to 3.3.3. No surprises, just slow FTP and I couldn’t find cPanel credentials that worked. Later, I updated Cleantalk to version 5.7.3.
  • Upgraded forum from phpBB 3.0.x to 3.3.2. No issues during upgrade. Most of the work was trying to replicate the styling to give a similar look. It’s quite close. Created a custom style that inherits from the Elegance SoftBlue style. Copied over two templates. Installed reCaptcha V3 but registrations aren’t allowed. I disabled the contact form. I changed PHP to version 7.4 and set allow_url_fopen to true. Later, I added an extension to add next and previous post buttons inside a topic. I also moved the post edit controls from top right corner to bottom right of the post. I expanded width of content window from what it was before (980px) to the default 1152px.
  • Troubleshooting. Too many SQL connections error. I gave advice on the general issue and what causes it, and suggested Cleantalk’s spam firewall service if the issue is due to malicious robots (to keep spammers off the site), but first to look at traffic for the main domain and see if general increased usage was the cause. As requested, I repaired and optimized all database tables for the board. Last I heard the too many SQL connections problem was still an issue. The client’s hosting is Bluehost. I’ve seen this before on Bluehost. In my opinion, their shared servers do not allow enough resources for reasonable shared usage. I’d avoid hosting with Bluehost if you have a choice.
  • Upgraded a board from version 3.2.2 to 3.3.2. Updated the stop forum spam extension to version 1.3.10 and NavBar search extension to version 3.2.4. I created a custom style “custom” and put style changes there and made it the default. I changed PHP from version 5.6 to 7.4. No issues during upgrade.
  • Troubleshooting. Investigating why images and phpBB Gallery extension was taking up so much space. Primary issue was that the old gallery was copies from a /gallery_old folder. Suggested changing Gallery JPEG compression to 85% to match phpBB’s attachment settings.

Siteground hosting sale September 2 – 8

On: By: Mark

If you are looking to rehost your site, you might want to take advantage of a Siteground web hosting shared server sale coming up. The event begins September 2, 2019 and lasts through September 8, 2019. I use Siteground’s shared hosting to host this site.

While I like Siteground, it doesn’t make sense for everyone. In particular, before you move to Siteground’s shared hosting make sure that your databases are not too big. There are limits from 400MB to 1GB on the size of your databases, depending on the plan you choose. More details are on my rehosting page.

Also, in fairness I should note that Siteground recently raised their prices. Their GoGeek plan, their most feature-laden shared hosting plan, used to be about $20/month regular price and is now $34.95/month. However, they are a quality shared host, which is a rarity in their business. To maintain their completely solid state infrastructure means they need more revenue that hosts that still use slower disk drives.

New customers get a first year discount anyhow of $3.95/month, $5.95/month or $11.95 depending on whether you choose the StartUp, GrowBig or GoGeek plan. This represents a first year discount of between 66% and 70%.

During the sale, the GoGeek plan is discounted to $7.95/month for the first year, a savings of 77%.

Siteground will rehost you for free if you choose the GrowBig or GoGeek plan.

If you decide to sign up during the sales period, please be kind and use my affiliate link. You won’t pay anything extra and I will earn a commission.

You can see more details on their shared hosting plans and limitations here.

Your web host may be virtual

On: By: Mark

Introduction

I recently wrote a post about putting phpBB in the Google Cloud. I learned that it’s not too hard to do if you have decent technical skills or even if they are more modest. There could be some serious upsides to putting your forum in a cloud like Google’s, Amazon Web Services (AWS) or Microsoft Azure. (There are other cloud vendors out there.) These could include lower costs, higher uptime, and scalability if you forum gets suddenly popular.

Most of us though contract with web hosts. For example, I use Siteground. Web hosts have server rooms somewhere where they keep all the equipment they need to host your forum plus lots of other websites. Most web hosts have multiple server rooms in various countries. The closer these are to their customers and their site viewers, the better. For example, Siteground has server farms in Chicago, London, Amsterdam and Singapore. They have incentive to organize their data centers to be fast and reliable because they control them. Siteground does this not only with four server farms, but by having an end-to-end solid state infrastructure. They figured out that although solid state drives (SSDs) were more expensive, they were heaps more reliable and faster than filling their server rooms with mechanical disk drives. It’s been key to their success as a company.

Virtual hosting

These days though some web hosts are figuring out they don’t need to bother with the actual hosting anymore. There are two ways they do this. One is old, the other is new.

The first way is to be a reseller. For example, ABC Hosting may actually rent servers in (hypothetically speaking) a Rackspace server room. Becoming a reseller is not hard. Siteground will let you be a reseller. Resellers are often people like me who have multiple clients and as a convenience to their customers also provide hosting. I don’t want to bother setting up a server farm, particularly if I can lease one. If I did, I would probably choose to become a Siteground reseller, since Siteground’s spiffy servers sold me on being their client. Siteground would provide a front end console for me to use, and consoles that my customers would use too to which I would apply my own logo and some custom pages. From the customer’s perspective, it looks like I have my own server room. The downside is that I would become responsible for any hosting issues. I would essentially be the support department, and I’m not available 24/7. I don’t want to get involved in the minutia of my client’s hosting, so I don’t expect to ever become a reseller, even though it would generate a good deal of passive income for my business.

The second way is that some web hosts are becoming virtual by using cloud providers. Who’s the number one host on the web? You probably don’t have to think too much: GoDaddy. You may be surprised to learn that in 2018, GoDaddy decided to move much of its hosting inside AWS. You can read why here. Basically, GoDaddy realized that AWS built a much better infrastructure. They can resell Amazon’s cloud services under their own label for less than they can maintain their own hosting centers. AWS has a sophisticated set of services and they have the fast connection and high reliability thing all figured out. This is not good news for GoDaddy’s hosting staff. Presumably most of them will be laid off at some point.

All this suggests that web hosting will be undergoing a fundamental transformation as hosts ditch their own hosting centers to find better reselling deals in the cloud. In short, your web host may become a virtual web host. If you host on GoDaddy, there’s a good chance it’s already virtual hosted on AWS.

Should you host in the cloud?

This does raise the question: why not just buy your hosting from a cloud vendor like AWS and skip a middle man? If you read my posts on cloud hosting, you’ll realize the main issue is that cloud hosting tends to be complicated to set up, maintain and troubleshoot, at least from the perspective of someone trying to get some web space without a lot of technical skills. Virtual web hosts like GoDaddy essentially become front ends for optimizing the hosting experience for people likely a lot like you who want the process to be simpler. So they offer 24/7 support, domain management and basic customer handholding while putting up a virtual front end that suggests they are doing all this themselves when in fact the technical infrastructure is outsourced to a major cloud vendor.

My bet is that at some point Siteground will do the same, in which case I will have less reason to use them. If I know a suite of virtual web hosts are all using AWS, for example, I can get choosier and choose a virtual host based on their support and the ease by which I can do things via their control panels. I can assume the reliability and speed will all be excellent since they are hosted in a professionally managed commercial cloud. Since I do have the technical skills to put my sites in a cloud like AWS, at some point I will probably just do that. I pay a premium primarily to call someone on the phone to resolve some technical issues. Right now the $20/month I pay for Siteground hosting for my domains is reasonable, even though I am guessing I could pay $10/month or less putting my sites in the cloud. I’d just have to fix any technical problems myself, and right now the cost difference doesn’t make it worth my time.

For most of you, this is probably true too. Price is certainly important when you decide who to host with, but ready support, easy interfaces to managing your sites and fast page load speeds probably matter more. At some point you either won’t know or won’t care if your web sites are actually in a major cloud vendor’s facilities somewhere. Virtual web hosts aren’t probably going to advertise this either.

If interested in Siteground hosting, use my affiliate link

If you are intrigued about my discussion of Siteground for web hosting, learn more on my rehosting page. If you decide to host with Siteground, please use my affiliate link. You won’t pay anything extra and I will earn a small commission.

MediaTemple grid service no longer recommended

On: By: Mark

It’s sad for me to say this, but I can no longer recommend MediaTemple’s Grid service as a hosting option. For the last 18 months or so I’ve been using this service and have gotten increasing dissatisfied and exasperated by it. Today I started the process of moving my domains off of it to Siteground.com even though I have four and a half months left on that hosting contract. This domain should now be coming to you from siteground.com servers and hopefully in a reliable and maybe spiffy fashion.

MediaTemple.net was known as one of the premier providers of business-class hosting. It was acquired by GoDaddy with the promise that it would be separately managed. It appears from my experience with their Grid service that they broke that promise with their customers. Sometimes I have to wait a minute or more to retrieve pages from my own site. It sure looks like they are overloading their servers and/or managing them very badly.

I used UpTime Robot to test whether my domains are up. Pretty much every day I will get one or more emails telling me it is inaccessible. So it was likely costing me money, motivating me to move to Siteground.com instead.

I do have clients using MediaTemple’s virtual servers and they have no complaints about that service so far. Definitely avoid their Grid service now and if you have an option you might choose some other host for your virtual or private server needs. I don’t have experience with Siteground’s, but it’s likely fine. A company like Rackspace.com is likely doing it right.

Another annoyance was revealed simply in moving my site. An old phpBB forum I have with about 50,000 posts could not be downloaded. I had to break it down into multiple downloads, including the posts table into two separate downloads. The Grid service simply cut me off when I hit some sort of resource limitation. The whole database is only 80MB or so. Shame!

Moving your bulletin board to https

On: By: Mark

Updated October 13, 2019 to add that cookie settings should be made secure and to use 443 for the server port.

Should your bulletin board transmit and receive data securely? Most boards don’t contain sensitive information, so you would think the answer would normally be “no”. A secure board encrypts all communications between server and client. This would be done by changing the URL of your board to use https (Secure HTTP) instead of http (insecure).

Once considered a nice-to-have feature, technology companies are nudging us content providers to use https. Google is primarily responsible for upping the ante. Back in 2014, Google announced that sites that send data securely would be ranked higher than those that did not, all things being equal. This is a pretty good incentive for site owners to respond, particularly if you are concerned about your site ranking. However, in 2014 moving to https was still a pain so lots of site owners decided to dodge the issue.

As with most things, going to https can be complicated and potentially expensive and/or time consuming. Fortunately, it’s less complicated than it was, and can even be free.

SSL vs. TLS encryption

To make https work, a digital certificate must be installed on your web server. Keys in the certificate are used to encrypt communications, by the server with a private key which is decrypted by the receiver with a public key provided when the connection is established. SSL (secure socket layer) or TLS (transport layer security) protocols are used to facilitate secure communications over HTTP. TLS is the newer technology and SSL is now seen less frequently because it is easier to hack. Whether using SSL or TLS though, it’s behind the scenes stuff. The user just sees https in the URL and assumes data going to and from your board will be transmitted securely.

Shared certificates

Hosts often provide a shared certificate you can use. As the name implies, the certificate is shared with others, generally all domains on the same server as the one that you are on. While this works, it is ugly. First, hosts will issue “self signed” certificates. Browsers will not trust self signed certificates and will ask users if they want to trust the certificate. You generally pick an “advanced” link in the browser and give your browser permission to trust the certificate. This obviously will not inspire confidence in users coming to your site. New users may simply opt out of coming to your board altogether, feeling it is untrustworthy.

Paid certificates

Web hosts will usually offer to sell you a certificate, generally for around $75/year. This is a convenient way to go if cost is not a concern. Some hosts will handle the logistics of integrating the certificate for you. Also, these certificates will be trusted by the browser, as they will come from a certificate authority the browser will recognize as trusted.

As you might expect there are various levels of certificates based on the level of trust you are willing to pay for. Higher class certificates require site owners to submit credentials to prove they own their domains and they are who they say they are. This is especially important in electronic commerce. Hence Amazon’s certificates will cost a lot more than any certificate you are likely to get. If you are doing electronic commerce on your site you might want to pay for a higher level certificate, which will require you providing credentials to the certificate authority. In most cases though boards simply need a low class certificate, enough so that the certificate is trusted by the browser by default.

Let’s Encrypt certificates

The hassle and cost of securing web traffic has become recognized as a general issue, leading to a project to make trusted certificates available for free. The Let’s Encrypt site will issue certificates for free that are recognized by all the major browsers. However, the certificates are only good for three months. Moreover, depending on your host, installing and renewing certificates can be a considerable hassle. For example, I use MediaTemple‘s Grid Service to host this site. It supports Let’s Encrypt, but it’s quite a pain to install and renew certificates. Other sites, like SiteGround, make it automatic. All things being equal, you might prefer a host that makes installing and renewing Let’s Encrypt certificates easy, especially if this is important to your site.

Configuring phpBB to use HTTPS

By default, phpBB assumes you will be using HTTP, not HTTPS. Once your certificate is installed and tested, it’s easy to change phpBB in the Administration Control Panel: ACP > General > Server configuration > Server settings. Then change server protocol from http:// to https:// and the server port from 80 to 443. What this does is change the links across the site.

Also, change your cookie settings to use a secure cookie: ACP  > General > Server configuration > Cookie settings.

Do you have a httpsdocs or ssl folder? You may want to move your web content into it.

It you normally place your web content into a httpdocs folder, check to see if there is also a httpsdocs folder. This is commonly set up for you if you use Plesk as a web host control panel. Content in the httpsdocs folder is served securely.

In some configurations, there is a public_html folder for web content and also a ssl folder for secure content. In this case you could move the content of the public_html folder into the ssl folder.

This is a one-time action. If you have lots of files, it may take a while to move all the content. If you have a file manager, this makes it easier, but be careful to get the paths just right! You might want to backup your site before attempting this.

Redirecting HTTP traffic to HTTPS

Even with a certificate installed it’s possible that you will get requests for board traffic using HTTP. You may want to make all HTTP traffic use HTTPS traffic instead. You can see what type of web server you are using the Administration Control Panel: ACP > General > Quick access > PHP Information. Scan for “Server API”.

These instructions will work if your web server is Apache. Edit your .htaccess file in your board (or to make it across the whole site, edit or create a .htaccess file in your web root) as follows. Place this code at or near the top of the file, changing mysite.com to your domain name:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.mysite.com/$1 [R,L]

If you use nginx, use these instructions. If you use Microsoft’s IIS, use these.