Liquid Web

March 4, 2011

Liquid web is my new favorite web hosting company.

After using some of the big names in hosting including Verio and Dell, I feel I am pretty informed about what to expect from a hosting company. Moreover, after being hacked to the point of feeling violated and foolish I have come to respect the value of a support team that takes multi level security to heart.

To be fair none of my other hosting companies was responsible for my hacking issues. I would blame those on wordpress, joomula and Zen cart. On the other hand, perhaps the fact that you need to update these packages and follow the instructions to the letter to avoid issues. That said it would be cost prohibitive to rewrite these packages and perhaps in the short run even more insecure.

The bottom line is that without multiple levels of protection any software package is a target for hackers.

Proactive Support

Liquid web not only monitors the usual port 80 and other services but profiles CPU and memory usage. This was brought home to me when they sent me a message that my apache server was using more memory then it should be. The reason was that my site was a low bandwidth site and the server was spawning off too many children to service only a few web page requests.

How many hosting companies do you know that would send you a message like the one below?

<strong><em>Our Sonar Server Health monitoring alerted me to high load and/or memory use</em></strong>
<strong><em> on your server today. We were able to log in and prevent the server from</em></strong>
<strong><em> crashing and requiring a reboot. The following actions were taken to prevent</em></strong>
<strong><em> the crash:</em></strong>
<strong><em> </em></strong>
<strong><em> enabled apache's piped logging to address a memory leak issue as described</em></strong>
<strong><em> here: <a href="http://kb.liquidweb.com/how-and-why-enabling-apaches-piped-logging/" target="_blank">http://kb.liquidweb.com/how-and-why-enabling-apaches-piped-logging/</a></em></strong>

Bottom line we found a problem and fixed it without having to bother you. Now that is good business!

Responsive Customer support

I have found their support to be prompt and easily within their advertised response time of 30 minutes. I have had them reset my IP address when the firewall has automatically blocked me and had then install PHP packages with a minimum of fuss. I would have to say they are the most responsive in this regard.

I have asked their first line of support some tough questions about configuration and the like and can tell that they also have supervisors monitoring the communications because sometime they will enter the email stream to provide clarification on information I am requesting.

In addition, when they fix something they usually tell me what files they changed or what scripts they ran. This creates a smarter end users and empowers me to fix issues myself if need be.

Excellent Security (for the most part)

The good:

They have a very good security posture provided by mod_apache for the most part but also use a system configuration that is accredited for credit cards transactions. This provides a baseline for you to work with.

Here is an example of something I did not expect from them regards a scan of my current server modifications.

<strong><em>Note: If this is the first time you received this mail, it contains the history for the entire month so far.

 Below are the recently upload scripts that contain code to send email.  You may wish to inspect them to ensure they are not sending out SPAM.

</em></strong>In this case, the change was known but this would be an excellent tip  off if there were hacker activities that I did not know about.

The bad:

The only real issue I had with them are some strange default settings for the cpanel.

For my virtual private server anonymous ftp was turned on by default! Whoops I would not have expected that. For some reason the site name was blocked but the IP address was not (this is handled at the WMH panel level ). Which leads to a confusing sense of security that you actually turned it off in the cpanel.
That and the sometimes over aggressive SQL injection filtering are the only real annoyances. When editing this article the mod_apache filter broke my request because I had an entry like:

There are nice things to s elect f rom. (that took a bit of investigating)

Tags:

2 Responses to Liquid Web

  1. Benny Crampton on March 7, 2011 at 8:16 pm

    So glad that we’ve been able to help! As you already know, give us a call/LiveChat/email, and we’ll take care of it! 😀

  2. admin on March 8, 2011 at 3:06 pm

    Actually you folks told me how to fix it once I figured it out.
    I would expect anonymous ftp to be turned off by default for a credit card certified system however.
    You do have that feedback in your system already :)