The ToolWiz Blog Welcome Guest | Login or Register

Hello
I’ve really enjoyed reading the comments I’ve gotten back
from the last newsletter. Everybody said they like my
“style”; they appreciate the fact that I don’t bombard them
with all the latest launches; and most asked for more useful
info and tools.

I’d like to thank everybody who replied, and welcome any
further comments about what you think of these newsletters
and what you’d like to see.

Here’s an interesting story that happened to me last week.

I bought a short report that talked about how to set up and
flip web sites quickly for a nice profit. Some of the ideas
seemed better than others to me, and I decided to try a
couple.

One was fairly simple: get a dedicated host (computer) and
install a program called …. well, I’ll skip that for now,
for reasons that will become obvious shortly. It’s a
“free hosting site” server that lets you give away free
web site hosting accounts.

The idea is to get people to set up these free sites, then
induce them to “upgrade” to a “real” account with a hosting
outfit. In particular, one of these outfits was reported
to be paying $120 per referral for 20 or more referrals each
month. Sounds easy, right?

Well, I got the server and the software set up, then joined
the hosting outfit’s affiliate program. Reading through
their Terms of Service, I noticed that they had a little
clause in there that says something like this:

* Contact us first for a commission schedule if you are
doing any of the following:

1) sending us referrals from any kind of “free hosting site”

2) if you’re using any kind of “incentive” to get people
to join our service.

Hmmmm….

I contacted them as instructed and was told that referrals
from free hosting sites will be paid $20/referral for the
first 90 days to evaluate the quality of the leads being
sent. After 90 days, they’ll review your account to see
if you “qualify” for their “regular” compensation.

Well, forget that! There are lots of other hosting firms
out there that will pay nice referral fees!

Meanwhile, I wasn’t exactly having a fun time with that
free hosting server. I kept installing little scripts to
see if they’d run, and nothing I tried would work. I’d
install the exact same scripts on another “regular” host
and they’d run just fine.

I contacted their support guys, and discovered one thing
that I’ve concluded is VERY IMPORTANT if you’re looking
for software to use as a support desk:

* you want a support desk that lets your users view ALL of
their support tickets.

I’d submit a ticket to these guys and wouldn’t hear back.
Then I’d submit another ticket. Their handful of support
guys seemed to interleave responses to my requests, and
I’d get replies to newer tickets before older ones. So I’d
submit a new ticket for the older topic that wasn’t
addressed. Why? Because I had no way of finding my
PREVIOUS tickets to update them!

This went on for several weeks. After a while, they started
replying to my REALLY OLD tickets, some of which had already
been resolved and closed. It was getting really annoying to
deal with.

One of the issues here was that I couldn’t find where this
software was maintaining its web logs. They weren’t in the
expected locations or file names. Language barriers made
this doubly difficult.

But my main concern was that because I couldn’t find the
logs, I had no way of seeing what kind of traffic I was
getting. I also had no way to figure out why the scripts
I tried to run weren’t working.

The traffic was significant because I was getting people
setting up hosting accounts from literally all over the
world, with ZERO EXPOSURE! Normally, this would be thought
to be a Good Thing. But these sites were not very welcome.
Worse, I had no clue how the were finding my server.

I went so far as to remove all of the registration links
from the front page. Yet they STILL continued to show up!
This was getting unnerving. Why doesn’t this happen to
my sales pages or blogs??? (One of the major limitations
of this software, in my mind, was that there was simply
NO WAY to STOP people from setting up free hosting accounts.
They need something like “moderation” for blog comments.)

Coincidentally, everything all came to a head two weeks ago.

Two months rent on the server were almost up and my bill for
the 3rd month was due on the 29th. I didn’t want to renew
it if I couldn’t get this stuff resolved. I’d spent nearly
$1000, dozens of hours of time and had not earned a penny
yet.

On the 26th, the developer of the free hosting software
finally started responding to my pleas to get some help.
He explained, FINALLY, where the log files were located.

I also complained to him about their help desk software and
suggested he get something else because all of the duplicate
tickets were not only frustrating me, but causing his
support team to get really confused (for the reasons
mentioned above.)

And I again requested he implement some way to require
people to be approved before they can host a site.

After briefly skimming the logs, I made a note on my
task list for the next day to look them over in detail and
start digging into why the scripts weren’t working and see
where my traffic was coming from.

The next day, I started getting these curious warnings
from a program called Nagios that were telling me the
server was off-line. Hmmmmmm…. There wasn’t really
anything of value running there YET, but it was a concern.
(Nagios is a server monitoring program. If you’ve got a
dedicated server, it’s a good sign if the hosting facility
has Nagios or something similar running.)

I got online and tried to email the support desk where
the server is being hosted. The email wouldn’t go through.

Double HMMMmmmm…..

Then I tried calling them. After bouncing around in their
phone mail tree, I got this announcement:

“We’re sorry but the voice mail queue for this number is
full. Please try back later. You will now be disconnected.”

YIKES! This is NOT a Good Sign!

It was about 11AM.

Around 4PM I finally was able to send an email to them
and quickly got a reply asking me to call. Well, that’s
a Good Sign. So I called.

I got hold of the guy there and asked if they’d been hit
with an earthquake or something. He said, “Not quite.
We were hit with a Denial Of Service attack.” OUCH!

Shortly after 10AM their hosting facility started getting
pounded by unknown numbers of systems all trying to access
one particular computer, at the rate of 90+Mbps. The net
effect of this is that it took out their entire facility
for 45 minutes until they found the server being hammered
and unplugged it.

The really BAD news was … it turned out to be MY server!

AAARRRRGGGGggggg!!!!

Someone probably hacked into the free hosting server running
on my box and took over the entire server. (See why I
didn’t want to mention them earlier!) They started running
portscans on every computer they could find (a typical
thing that crackers do) and got into a machine somewhere
that was rigged to “explode” if hacked. That “explosion”
took the form of it activating hundreds of “bots” scattered
all over the world and directing them to “attack” the IP of
the machine where the intruder originated. Thus led to the
implosion of the entire data center!

(A steady 90+Mbps stream of data hammering one IP/server
can take out a data center because all of the routers and
gateways get swamped servicing traffic for that one
machine. The equipment is simply not designed to handle
that kind of traffic flow.)

They unplugged my box, rebooted their routers, and slowly
the rest of the servers there came back online.

I’m sharing this story for a couple of reasons. One is that
no matter how hard you try to protect your server, it’s
always possible for some cracker to find a teeny weeny crack
somewhere. That’s all it takes for them to get in and
take over your box.

My server had a totally minimal core set of services loaded
on it. The main stuff was the free hosting server, which
was also heavily locked down. The hosting facility refused
to put it back online, for which I don’t blame them. But,
that prevented me or anybody from analyzing the logs on the
box to find out how this breech happened.

The other reason I mention it is that I feel really bad for
the hosting facility. They’re really a TOP-NOTCH FACILITY
and they bend over backwards to help their customers. I was
VERY HAPPY with the services they provided, and in fact
I’d like to recommend that if you’re looking for any kind
of DEDICATED HOSTING SERVICES, please include them in your
search. Here’s their contact info:

M5 Hosting — http://www.m5hosting.com/

Give Mike a call and ask about their offerings. Be sure
to mention that you heard about them from me, David
Schwartz. (They don’t have any referral links.)

A couple of things I like about them:

* They’ll load up *ANY* Linux distro you want.
* There’s NO SETUP FEE.

Their prices aren’t bargain-basement, but fair. And their
hardware is solid.

———————————-

COOL TOOL ALERT!

Ok, now here’s one I just came across. I don’t know if
they’re planning any kind of a big launch or not, but for
now it’s just a little jewel hidden in the sand.

http://www.thetoolwiz.com/HotPicks/PeelAwayAds

They’re probably in pre-launch as they seem to be trolling
for testimonials. I have not tried it, but it looks very
cool. The price is currently quite reasonable, so check
it out. If you get it, let me know how it works for you.

TOOL SEARCH

Does anybody know of a Flash-based applet that simulates
an opt-in subscription form? Just a little 2″ x 2″ form
where you enter your name and email addy, and click the
button. It would need some way to submit the data to YOUR
autoresponder.

————————————–

That’s it for now. I’m going to be off-line from Sunday
night for about a week, until I get settled in Kansas
City. Please feel free to send me your comments about
this newsletter, but realize that I probably wont’ be able
to reply to most of them.

Enjoy!
-David “The Tool Wiz” Schwartz

Trackback this Post | Feed on comments to this Post