Windows Web Hosting, Web Technologies, etc
Windows Webhosting
There’s a new database option available for PHP, It’s called SQL2005
Oct 10th
Ever since Bill Staples first blogged about the collaborative work Microsoft was doing with Zend to improve PHP stability and performance on IIS, I’ve been giddy as a school girl. Having run a core component of the AppliedI.net infrastructure that makes use of PHP and MySQL on IIS7 and making use of FastCGI and the new Windows CGI friendly DLLs/builds it’s made me even more giddy, PHP simply zips along these days on our windows servers and I can’t wait to move my blog to a box running FastCGI. This week at ZendCon Bill announced some more good news: SQL Server 2005 Driver for PHP.
From the Microsoft Data Blog:
The PHP Driver will deliver an API designed-to-enable reliable, scalable integration with SQL Server for PHP applications deployed on the Windows platform. Zend and Microsoft are working together with the PHP Community to ensure that the SQL Server 2005 Driver for PHP is a great offering for PHP developers and part of Zend’s core PHP offering.
So that’s the good news, the bad news is we have to wait one more day, because the download won’t be available until October 11th at: http://www.microsoft.com/sql/technologies/php/default.mspx
Interviewed on HostSearch.com
Oct 4th
I’d be remiss if I didn’t point out here that I was recently interviewed by HostSearch.com. HostSearch is an online hosting magazine that covers just about everything hosting related. You can see the Interview here.
Are You Getting ViewState Errors like: "The viewstate is invalid for this page and might be corrupted."
Aug 14th
If you’re seeing viewstate errors like “The viewstate is invalid for this page and might be corrupted” here’s the dealio. For security ASP.NET encrypts the viewstate using an Autogenerated Key that is generated when your application pool (or worker process) is started. At AppliedI.net (and many hosts today) each website is placed in a unique application pool so your site is isolated from the other sites on the server. If your application pool recycles for whatever reason, the viewstate key will change and when you go to post back to your application is may fail with the gloriously informative error of:
“The viewstate is invalid for this page and might be corrupted”.
What’s causing the application pool to do this?
Your application pool is recycling due most likely to a couple things:
- you edited your web.config and that caused the change (not likely)
- IIS was reset on the server and that caused the change (less likely)
- Your application errored out causing the application pool to recycle (possible)
- Your application pool reached a memory limit and was forced to recycle (I put my money on the #4 horse to win! this is probably it)
All hosts today that use dedicated application pools, isolated application pools or “website sandboxing” whatever they may called also set a memory limit on the application pool in shared hosting, some set it more aggressively than others. The advanced web applications of today are using more and more resources as they are more and more complex, it’s not uncommon to find a web application using anywhere from 150-350MB of memory today, although the average is still just in the range of 80-120MB.
The good news is you have options on how to get around this.
- You can upgrade your shared hosting account to an account that has a higher memory limit. At appliedi.net we offer 4 different shared hosting accounts each with separate memory limits.
- You can upgrade to a VPS hosting account or dedicated hosting account and set an even higher memory limit.
- You can completely disable the viewstatemac by adding “enableViewStateMac=”false” in your web.config. This would be a bad thing though and you can google viewstate injection for why this is bad.
- You can generate a predefined key and stop using the default autogenerated key method.
#4 is probably the route you’ll want to go. My recommendation is to go with #1 first and not just because I work for a hosting company and want to see you spend more money per month. I recommend you upgrade your hosting account to an account that has a reasonable memory limit for your application because every time that application pool recycles your site is going to be slow as it recompiles and initializes the application. You also just lost your session state information so if you’re an ecommerce site and your client was in the middle of a checkout, they probably just lost their cart contents and have to start over.
Creating a predefined viewstatemac key
The guys over at www.aspnetresources.com have a keycreator tool that makes generating your own predefined viewstatemac key effortless. To do this you’d do the following
- visit: http://www.aspnetresources.com/tools/keycreator.aspx and use it to build a key
- Copy this key into your applications web.config file between <system.web> and </system.web>
- Save your web.config file and test your application to make sure it still works. If for some reason it doesn’t work, you can delete the changes and revert back.
Where to learn more
There’s always google. But Microsoft has a pretty extensive article in their KB at: http://support.microsoft.com/default.aspx?scid=kb;EN-US;829743 that will also help. If this sounds like something that’s happening to you at AppliedI.net on your ASP.NET hosting account please contact our support team and they’ll be happy to help you troubleshoot the issue.
How Microsoft UK got hacked and how you can learn from their mistakes
Aug 1st
I subscribe to windowsecurity.com‘s newsletter which is actually a pretty good read. Today’s newsletter has an article about the Microsoft UK Events Website getting defaced and goes into great detail to show just how the site was compromised.
In a nutshell, they used SQL Injection and the fact that the web.config was configured to display errors instead of displaying a custom error page.
I highly recommend any developer or website owner to review the article at:
http://www.windowsecurity.com/articles/Microsoft-UK-Events-Website-Hacked.html
so that they can avoid falling prey to these same tactics.
As a host, I can firmly say the #1 issue we see today with sites getting defaced is a weak password (using password, your username, your simple passwords simply aren’t secure) and the #2 issue is SQL Injection. Not many website owners (and unfortunately web developers) are familiar with SQL Injection and assume that their web app is inherently safe, this is a classic ASS-U-ME assumption. WindowsSecurity.com recommends that you use a commercial product from Acunetix to scan the security of your site. But other resources are:
- ScanAlert’s (or any other reputable scanning company’s) PCI compliance scanning service: http://www.appliedi.net/scanalert-pcicompliance/ which is offered free for the first year for AppliedI.net hosted websites.
- Nessus is a freely available scanning solution you can use as well (and the same tool many commercial security scanning providers use)
- xfocus.org also has a scanning tool called x-scan that I like to use as well. It uses nessus rules but is created by a Chinese company so there’s not really any documentation on it.
This is by no means the end all article on web site security but if you read the windowsecurity.com article I think you’ll be more aware of the techniques being used by hackers today and if you sign up for one of the commercial services and also experiment with a few of the free tools available today you’ll be a little more aware of just what’s out there.
Oh and one word of advice on using security scanners, most hosts today employ IPS (intrusion protection servers) or some other network security devices so don’t be surprised if you attempt to scan your live website it becomes unavailable. That could mean one of two things happened, one you crashed your website and have a serious issue or two, the host’s IPS or other network security saw your scans as an attack and has disabled your access to their network. It’s a good idea to scan your application locally of course and should you need to do a remote scan let your host know before hand.
HostingCon 2007 and AppliedI.net
Jul 30th
Last week myself and Carlos attended HostingCon 2007. This was my second HostingCon and Carlos’s third. HostingCon is the premiere annual webhosting event where hosting providers worldwide gather to discuss the industry, technology and general hosting business matters. One of the greatest things about hostingcon is that you get to network with your peers (competing hosting providers), vendors and industry experts and share information. I love to talk hosting and it goes without surprise that many of the other hosts do as well. So for me, HostingCon was 3 days full of talking shop!
We gained alot of really good information from HostingCon and over the coming months we’ll be announcing a lot of new partnerships as a result of some of the meetings we had during HostingCon. With that said, let’s check out the pictures.
Let’s meet the competition.
A big part of hostingcon is meeting the guys you talk to from time to time on the various hosting boards or guys you compete with on a regular basis. It’s hard to call them competition. Although we all compete in the same market we’re not all competitors. I think Takeshi from DASP summed it up best when I asked him who does he see as his competitors. Takeshi’s response was “Well, it depends on how you define the universe” and he’s right. In VPS hosting we have one competitor, in shared hosting another, in managed dedicated hosting, yet another. So there’s not really one competitor. It’s kind of like BBQ sauce. My sauce is going to taste best to some, to other’s it’s going to be someone else’s sauce. We all mix our sauce a little differently.
Anyway, Here’s some of the guys we ran into during hostingcon and spent a good deal of time talking with:
That’s William from ActiveHost.com, Carlos, Alex from ActiveHost.com and Myself. ActiveHost has been a company we’ve maintained friendly competition for many years and it was a pleasure meeting with them at hostingcon this year.
I know what you’re thinking, is that Russell Crow? Sorry, it’s actually Joe from ViuxHosting.com. Not pictured is his partner J.T.
These guys are really nice guys and we had some great conversations about Virtuozzo.
I don’t have pictures of some of the other guys but would be remiss if I didn’t mention them. There was Takeshi from DiscountASP.NET (We talked about the whole Google PPC thing and had a lot of great laughs over it), Sharon from EmpireHosting.com, Ben and Alex from HostNine.com, Eric from ServerIntellect.com to name a few.
It’s amazing to see how much everyone shares in the same headaches and how eager everyone is to help one another out. Kudos to HostingCon for bringing the hosting community together for 3 years straight.
Let’s Meet The Hosting Vendors.
HostingCon’s crown jewel is their Vendor Expo, nearly 100 vendors that service the hosting industry were on site and exhibiting their services and software.
The guys from SWsoft.com
That’s Mike Riolo, Director of Hosting Sales for SWsoft posing in front of a Virtuozzo Sign. We use Virtuozzo to power our Windows 2003 VPS Hosting Solution.
That’s Marco from SWsoft. Marco works in the Hosting Sales side of SWsoft and talks Hosting 24/7.
The SmarterGuys from SmarterTools
That’s Carlos, Tim Uzzanti from Smartertools (Formerly of CrystalTech), myself and Jeff Hardy also from Smartertools. Smartertools was on site discussing their newest products and upcoming software updates. We’re very excited about the new versions of SmarterMail, SmarterStats and SmarterTicket due to come out from SmarterTools and will be releasing more information on these products when we can.
The Guys taking PHP based E-commerce to the next Level
Meet the guys from CRE Loaded E-commerce. They were on site promoting their application to hosts. We’ll be working with these guys to provide a Windows Hosting solution for CRE Loaded and look forward to working on that.
The ScanAlert Security Guys.
That’s Michael Ayers from ScanAlert / HackerSafe. I’ve met Michael a few times now and have had some great conversations with them regarding website security. The ScanAlert guys are definitely on top of their PCI compliance testing and are the recommended vendor of choice for PCI scanning.
WebHostAutomation & HELM4
That’s Chris Danks, Sales Representative manning the HELM4 booth at HostingCon. Adam and Mark were also there from HELM and we had a few conversations about the next generation of HELM and what new features to look forward to.
Let’s Meet the Experts
These are the guys (and gal) that know the Hosting Industry and follow it pretty closely. Microsoft is one of the companies that had a large presence at hostingcon and were in fact on of the primary vendors/supporters. With Microsoft announcing their new commitment to Software + Service (SaaS), it’s no wonder Microsoft is making such a major presence in the hosting space. In fact, I’m told Microsoft Hosting is starting to take share from Apache and it’s anticipated before long that it will surpass it.
The Go-To Guy At Microsoft Hosting
That’s Tito Leverette. Tito is a Hosting Evangelist for Microsoft and formerly an engineer for Interland. We’ve been working with Tito for several years now and find his insight and experience invaluable. I think we talked to about 12 different people from Microsoft during the event about everything from IIS and SQL to SharePoint and Exchange. I believe by the end of the event everyone there knew us by first name.
The Guy that wrote the book on IIS7 (well is writing)
That’s Microsoft’s, Brett Hill in the middle. Brett is writing ‘the book on IIS7′ and has been instrumental in our launching of IIS7 hosting. You always think you know a program better than anyone else out there and then a guy like Brett comes along and reminds you just how much more you need to learn. Brett’s truly the expert on IIS7 and you can often find him posting over at www.iis.net.
The People Behind The WHIR
That’s Candace and Liam from the Web Host Industry Review or theWHIR. The WHIR is one of best resources on the hosting industry. The WHIR always provides the latest information in a professional and non-biased manner. The WHIR offers a daily news feed updating you on all the latest happenings in the hosting industry and also details the latest technologies and advancements in the hosting industry. If it’s related to the hosting, the whir is writing about it.
Isabel Wang, Hosting Veteran
That’s Isabel Wang from www.isabelwang.com. Isabel is a noted Hosting Industry Expert and often called upon to discuss the latest happenings in the hosting industry. I’ve had the opportunity to have a handful of conversations with Isabel this year and find myself walking away each time going “WOW! I never really thought of that”. Isabel has been involved the hosting industry longer than me it seems. She used to run ispcheck and we actually bought ads from them back in 1999. After that she went to work for EV1 and today she consults for several hosting companies and vendors looking to enter the hosting market.
Conclusion
The event was fantastic. Last year the event was held at the Mirage in Las Vegas and I love the Mirage. But it just wasn’t very good for networking. This year there were fewer people in attendance than last year but the quality of conversations and openness to networking were fantastic. Interspire.com coordinated the event (for the third time) and did an excellent job hosting it in Chicago this year. We met so many people at this event this year that it was really a success, some of the people not mentioned or pictured are VMWare, PinnacleCart, SEDO, CPanel and dotnetpanel to name a few. In addition to the great networking there were also several very good sessions, panels and keynotes on things from Software as a Service to Social networking to the place next generation hosting technologies have in today’s hosting environment. Needless to say, I have enough blog information for the next several months.
PS: I’m sorry if some of the pictures are fuzzy. The problem is the Sony DSC-T1 I was using. It’s my backup digital camera and has a pretty slow shutter on it.
