Unbranded Reseller Web Hosting

Posted on November 22, 2007
Filed Under Reseller Web Hosting, Unbranded Web Hosting, Web Hosting | Leave a Comment

What is White Label?

First, perhaps we should ask ~ What does White Label mean?

White Label is a name that comes from the image of an unmarked white label being white label products are unmarked and unmarked and unbranded ready for the reseller to mark with their own labelling placed on a product that a purchaser or reseller can then mark with their own name and brand, imagine a white label stuck on a bottle with no markings or writing on it at all. So, white label products and services are those which are offered without any makers, providers or perhaps even product labeling. Such white label products and services are subsequently available for other persons or organisations to add their own labelling and own branding to. The Wiki article on the term ‘White Label’ goes further to record the history of the expression as having originated to the use of white labeled vinyl records by Disc Jockeys.

Examples of white labeling

Supermarkets offer a fantastic example of white label products. White Labeling has been a popular form of supply and marketing for many years now, with supermarkets being a prime example of its success. Popular producers and providers offer their products and services with no labeling or branding to supermarkets who slap on their own labels and branding on making the popular supermarket brands that we see so much of today. The white labeling concept is further enhanced by the complete omission of the original makers identification, you wont see exactly who provided or manufactured the original product, instead it is adorned with the supermarket’s own branding imagery, logos and text. In fact, finding out who is the original producer or manufacturer can be quite a task in itself and not something that most shoppers would even contemplate for more than a moment. There are of-course some fairly reasonable assumptions that can be made concerning the original producer given the similarity between popular branded products and the supermarkets’ own brands. However, there are specialist food producers who make specifically white label products for resell with own branding, professional white labelling outfits.

Also, in the supermarket environment, the own branded products tend to be of a lower cost although they hold no guarantee that they are of the same ingredient or content of branded products. Given that the major supermarkets have immense bargaining power due to the large volumes at which they can buy, together with the facilities of professional white label producers to not only make the product but to go some steps further in offering production and application of branding for the supermarket. So the supermarkets wont actually buy the product with no labelling or branding, but the supply contract would usually involve the product being supplied with the supermarkets’ own labels and branding, etc. This brings the supermarket to only having to bear an initial purchase cost and consequent distribution from one or more central storage depots to the supermarket branches. Low cost on infrastructure and subsequently very low overheads.

Why white label is good

From the suppliers’ point of view the good thing about white labeling is that the reseller can offer a wider range of products and services to their clients without the extended cost of infrastructure involved in creating or manufacturing and distributing those products and services (consider the own-brand products that you see as you enter your local supermarket chain – from Banking/Credit card services, Insurance to food products).  From the buyers’ point of view, they have a lower purchase cost to opt for or perhaps a product that integrates with their regular shopping routine and probably offers rewards for using or buying that own brand product.

It should never be overlooked that the supermarket giants having enjoyed such success with their own brand products in some cases may have taken the opportunity to maximise their profits further by investing in the infrastructure themselves to produce their own products. And this is the real success of white labelling – its a spring-board to really making your own, its a way of moving in that direction, taking the first step to becoming a producer yourself when your product becomes so popular with the purchaser and end users that you can use the accumulated profit to invest in being able to make your own and enjoy further growth in profits, and even to go further and produce product variants with that infrastructure.

White labeling has become such a successful venture for so many companies that the business of producing white label products and services is a highly lucrative venture in itself, so at many times those who ventured into buying white label products can easily come to produce white label products, moving from buyer to producer and supplier.

White Label Web Hosting

White Label Web Hosting follows this method and offers unbranded web hosting services and products to anyone who wants to start up and operate their own web hosting business whilst their customers will be unaware that the products and services are provided by another existing and established web hosting company.

White Label Reseller Web HostingA look at the infrastructure and components of providing web hosting to end users can give an idea on why using a white label reseller service is a good idea. For a start, you will need a dedicated computer to host web sites (a Web Server), that needs to be plugged into a suitable structure (a Data Center) which then plugs into the Internet to connect with the rest of the world (Network providers and Data Carriers), the web server needs to have suitable software installed (such as web server software – Apache, operating systems (such as CentOS, Red Hat, etc), firewall and security software and user interface software (such as cPanel). The costs grow and grow and run into thousands, so when you have an established web hosting provider with all this in place, you can over-ride the cost of this yourself by renting their services in an unbranded encapsulation which allows you to offer web hosting to end users with your own name and branding.

Is it really white label though?

There are many web hosting providers who offer reseller web hosting, but whois lookups, trace-routes (tracerts) and reverse DNS lookups, domains and nameservers can quickly reveal who the provider of the service is.

White label web hosting should go as far to the core as can be by returning information which does not reveal the real provider in the results of these lookups and searches. Lookups have to return something, but they do not have to return the identity or brand of the resellers’ provider, in fact at each point they should be able to return the branding or name of the reseller, or an anonymous brand, in order to offer a credible white label product. The best white label reseller web hosting should offer dedicated IP addresses with the facility to have the reseller’s own host name registered against those IPs (custom reverse DNS – rDNS), custom nameservers and the facility to add the resellers’ own logos and branding to end user software (such as the cPanel control panel). In addition an anonymous shared SSL service for control panel logins is also a prerequisite to good quality white label reseller hosting.

Those who do not offer good white label reseller web hosting in this manner leave the reseller open to the possibility that the client will reconsider who they should buy the service from ~ should they use a ‘middle man’?

With white label web hosting it is possible for anyone to run their own web hosting business, while they rent or buy the actual web server space and services from an established provider. They do not have to take on the huge investment in any of the components that make up a web hosting service such as web servers, network connections, data centre staff, server administrators, server support technicians and web server software and system licenses. The cost is therefore kept very low allowing the reseller to make substantial margins on the products they can then brand and sell as their own.

White Label Reseller Web Hosting

.

What are addon, sub and parked domains all about then?

Posted on November 12, 2007
Filed Under Domain Hosting, Domain Names | Leave a Comment

What is an Add On Domain?

Add On domains offer you the capability to have more than one web site on your hosting plan. You will of-course already have a main domain on your account (the one that you set up your hosting account with in the first place).

To have an add on domain, you will first want to register (or point an existing domain you have already registered to our servers) another domain name. Then you will need to use the Addon Domain feature in your web hosting control panel (under the Domains section in cPanel).

When you add an add on domain, your control panel asks you for a user name and password. It uses the username to create a directory within your public_html directory which will house all files relating to that domain. The password allows for independent ftp access to that domain’s directory and files.

Now this is the really good part … an add on domain has the benefit of its very own URL, i.e. http://www.addondomain.com. So, anyone wanting to visit addondomain.com will see that very domain name in the address bar of their browser, so its just like a separate web site. An add on domain uses the space and bandwidth available to your main domain.

In addition, an add on domain has its own CGI and FTP access, its own email accounts and web stats. You can also create sub domains for your addon domains (i.e. subdomain.addondomain.com)

However, each add on domain does not have its own control panel. You can access stats and add on domain configuration using your existing control panel for your main domain (stats access is available using the sub domain stats link in the Web/FTP Stats section of cPanel).

Each add on domain also counts as a sub domain (which brings us to the next question below), which means that each time you add an add on domain, you have one less sub domain available to you (if your host limits the amount of subdomains in your hosting account).

Also, you can add any of the available instant site scripts (such as those in Fantastico) into any of your addon domains.

What is a Sub Domain?

A sub domain, also known as a third level domain, utilises your existing main domain and does not have its own domain name. Creating a subdomain does add a sub directory within your public_html directory just as an add on domain, but it is accessed only using the main domain in the URL, i.e. subdomain.maindomain.com

This gives you the opportunity to create memorable and unique URLs for important sections within your web site. A fine example would be Yahoo who use sub domains like games.yahoo.com, mail.yahoo.com and news.yahoo.com

In addition, sub domains also have their own web stats, which is also accessible from the Sub Domains link in the Web/FTP Stats section of cPanel.

Also, you can add any of the available instant site scripts (such as those in Fantastico) into any of your sub domains.

What is a Parked Domain?

A parked domain involves the use of another domain name (you will need to register a domain or point an existing domain that you have already registered to our servers to have a parked domain).

A parked domain is one which simply points to an existing domain. So let’s say you have domain1.com which you want to park on your maindomain.com (your main domain in your web hosting account). You would simply use the Parked Domains feature in the Domains section in cPanel to add domain1.com as a parked domain.

Once added, anyone going to domain1.com with their browser will see your main domain’s web page in their browser but with either your parked domain or main domain’s URL in the address bar (depending on whether you redirect the parked domain or not).

PHP Nuke install error – folder already exists

Posted on November 11, 2007
Filed Under Fantastico, PHP Nuke Web Hosting | Leave a Comment

Many of us have found that when installing PHP Nuke, we get a message saying that it cannot be installed because certain files or folders already exist. This usually occurs when installing it into the web root folder (public_html).

If you’ve tried installing via fantastico, the files or folders which need to be deleted are not made very clear in the block of text explaining the problem.

This problem usually refers to the images folder and is simply cured by deleting that folder (normally in the public_html folder). Once deleted, the installation should go ahead, but pay close attention to what files the install process say need to be removed first.

Setting your default address in cPanel – why its better to use :fail: instead of :blackhole:

Posted on November 11, 2007
Filed Under Configuring Email in cPanel, cPanel Web Hosting, Exim mail server, Mail Server administration | Leave a Comment

What does using :fail: no such address here for default address do?

This setting bounces unrouted email back to the sending address without it being processed by our mail server. This is better than :blackhole: because using the blackhole setting causes the mail server to accept and process the email before sending it to null. Fail on the other hand causes the email to be rejected (bounced) before it is accepted by the mail server. This prevents abuse of resources. This is also useful for other mail servers because it lets them know (from the bounced email) that the emails being sent are to non-existent addresses and the mail server administrators can then more easily detect and prevent abuse of their own services by spammers.

Why bounce unrouted email? Why not just accept it?

Experience will show you over time that unrouted mail is the preferred method of spamming. And the same experience will show you that spam is sent in great numbers, absolutely millions of spam emails are sent around the Internet daily. Spammers also use software to automatically generate random email addresses to single domains in large numbers.

Accepting unrouted email is the friend of spammers since they don’t have to guess or know what email accounts you have set up, they can send spam to any address for your domain and it will be accepted and delivered to whatever address you set as the default address.

Rejecting unrouted email is the enemy of spammers since they can send spam to any address at your domain but it will not be accepted unless they match an email address that exists (i.e. one that you have created in your control panel).

What alternatives are there for dealing with unrouted email?

You can use Forwarders to handle mail sent to non-existent email addresses. For instance, if you wanted to accept mail for user @ yourdomain.com when you have not set up a mail account in that name, you can create a forwarder for that address to send the mail on to an address that does exist (and that does not have to be a mail address in your hosting account, it could be a mail address at your ISP for instance). This method maintains protection against unrouted spam email and still allows you to accept mail to certain addresses for which you do not want to create a separate account for.

A huge word of caution though, whatever address you set as the default address should really have a quota limit set as substantial amounts of spam can fill your quota. Filling your quota (where you have left the default address with an unlimited quota for instance) will stop your hosting from working because you … literally have no space left.

Mail server attack

Posted on November 11, 2007
Filed Under Exim mail server, Mail Server administration | Leave a Comment

Stopping an attack on Exim

Attacks on mail servers are pretty common and can lead to mail server outages and even entire server outages.

Common types of attack

There are two common forms of attack …

Dictionary attack

Email sent to non-existent addresses consisting of random strings of letters representing the usernames (such as dkfjg @ thedomain.com or abcdef @ thedomain.com). This is a very common form of spamming and often you can include email sent to random names generated by the spamming software employed to conduct such attacks.

To reduce the impact and deplete these attacks you must follow the methods detailed in Section 1 below.

Spoofing attack

This is where someone spoofs one of your client accounts’ email addresses and sends thousands of spam messages around the net, masses get rejected by recipient mail servers which employ good anti-spam solutions and the rejects get sent to the spoofed address (often a non-existent address, but sometimes an existing mail account).

To reduce the impact and deplete these attacks, you would have to at least set a low mail box quota (let’s say a max of 100mb) to prevent complete flooding. Then ensure that Exim is configured to reject any mail at SMTP time that is sent to a full mailbox, because this mail box is certain to completely fill with the high amount of bounces that this attack produces. If you have the benefit of cPanel and WHM then you can make this setting by entering the Exim Configuration Editor (Service Configuration > Exim Configuration Editor in the left hand pane of WHM) and check the box marked …

Reject email at SMTP time for users who have exceeded their quota rather than keeping it in the queue. This is probably a good idea, but it does mean people will lose mail so its not on by default.

Click the save button and Exim will be reconfigured and restarted for the change to take effect**. Now follow the instructions in Section 1 to handle the attack.

**The setting needed in Exim (if you don’t have the benefit of WHM’s Exim Configuration Editor) is as follows …

virtual_user_maildir_overquota:
driver = redirect
condition = "${perl{checkuserquota}{$domain}{$local_part}{$message_size}}"
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
domains = lsearch;/etc/userdomains
data = :fail:Mailbox quota exceeded
allow_fail

… which should be added at the beginning of the section called DIRECTORS CONFIGURATION.

The alternative is to delete the mail account until the rejects subside, so that such mail would be sent to the default/catchall address. You can then follow the instructions in Section 1 to handle the attack.

Section 1

If you’re undergoing a mail attack – the attacks that can be deterred by setting an appropriate catchall (default) address setting

In such circumstances where substantial amounts of email are targeting non-existent addresses it is obviously preferable to set the catchall (default) address to :fail: as this causes the MTA (mail transfer agent – usually Exim) to reject the email at SMTP time – this means that the mail server will refuse to accept and process the email. Many users set the catchall/default address to :blackhole: but the MTA will handle this by accepting the message and then deleting it and this uses resources to do so, whereas using :fail: will not use such resources. Other users set the default/catchall address to another email address, either in their account or a remote address but either also uses resources.

So, if you are under such an attack it is obviously preferable to change the default/catchall addresses very quickly to preserve resources and prevent your MTA from going down.

Check if any users are using anything other than :fail: for default/catchall address

To be sure that you need to make any changes its best to see if anyone is using anything other than the desired :fail: setting. You can find this out by running this command in SSH …

grep ‘*:’ /etc/valiases/* | egrep -v ‘:fail:’

… if you see no results then all accounts are using :fail: but otherwise you will see a list of all domains which use :blackhole: or have an address set for the default/catchall setting.

Backup all valiases files

You can change all settings to :fail: that do not have it already set, but maybe it would be a good idea to backup the valiases before doing so, so that you can return the settings when the attack subdues. So copy the entire valiases folder to a backup folder for later retrieval – to do this run these two commands in SSH …

mkdir /etc/valiasesbackup

… this creates the backup folder, and …

cp -p /etc/valiases/* /etc/valiasesbackup

… this copies all files in the valiases folder to the backup folder.
Change all default/catchall addresses from :blackhole: to :fail:

Then to change all default addresses to :fail: we’ll need to run two commands, one to change any :blackhole: settings and the other to change any default addresses that forward to another email address. First run this command in SSH …

replace ‘:blackhole:’ ‘:fail:’ — /etc/valiases/*

… this will change any :blackhole: setting to the desired :fail: setting.

Change all default/catchall addresses to :fail:

Then the second command …

sed -i ’s/^\*: [^ ]*$/*: :fail: ADDRESS DOES NOT EXIST/g’ /etc/valiases/*

… this will change any setting which sends the unrouted mail to another email address to the desired :fail: setting.

Now, running this command again should reveal no results because we have just changed all settings to :fail: …

grep ‘*:’ /etc/valiases/* | egrep -v ‘:fail:’

Restore valiases files

Once the attack is over, you can then copy the backed up valiases files to their usual place, run this command from SSH …

cp -p –reply=yes /etc/valiasesbackup/* /etc/valiases

… all done. And this should only take about a minute to complete, depending on your typing or copy and paste skills.

Warning: include() [function.include]: URL file-access is disabled in the server configuration

Posted on November 10, 2007
Filed Under PHP Hosting | Leave a Comment

If your PHP installation is secure and you try to include a file using an absolute path or a remote file then you will face this issue. For example …

<?
include ("http://www.somedomain.com/file.php");
?>

will result in you seeing this PHP error when viewing the page in your browser …

Warning: include() [function.include]: URL file-access is disabled in the server configuration in /home/user/public_html/page.php on line xx

Warning: include(http://www.somedomain.com/file.php) [function.include]: failed to open stream: no suitable wrapper could be found in /home/user/public_html/page.php on line xx

Warning: include() [function.include]: Failed opening 'http://www.somedomain.com/file.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/user/public_html/page.php on line xx
 
PHP 5 has the include function for remote files disabled by default and if your host is using another version of PHP and has secured the installation then you will also face this error.

The reasons for disabling PHP include for remote files is clear – to do so would leave your coding open to cross site scripting attacks (XSS attacks). This is the method by which someone of malintent would inject their own code into yours, such malicious code is usually crafted to conduct a DoS (Denial of Service) or DDoS (Distributed Denial of Service) attack both of which would cause server downtime. Other injections could include alternative page content, such as a ‘Hacked by some Hackers’ type of announcement across your web page(s).

So if you were planning on asking your host to allow this function for remote files, think again.

This error can easily be dealt with by using a better solution for including remote file contents in your coding. If you want to include a remote file then I would recommend that you use the file_get_contents() function instead. Use this function together with a variable and return the variable in your code …

<?
$a = file_get_contents("http://www.somedomain.com/file.php");
echo ($a);
?>

If you are trying to include a file that is already in your site then use a relative URL rather than an absolute one …

<?
include (file.php);
?>

Another alternative, and one that is perhaps easier to write in since it uses the require_once function which does not require the use of anything other than system variables, is the following:

<?
require_once($_SERVER['DOCUMENT_ROOT'].'file.php');
?>

Recently


Categories


Archives

website promotion