Yeah.. am planning to start selling shell accounts co-locating it locally in Malaysia, since there's quite a demand for it here...

Mainly the kids here use it for IRC eggdrop bots and BNCs... was wondering if anyone here into this business too...

Nothing much, just needed some contacts for some advices and all... anyone?

Originally posted by auyongtc
Nothing much, just needed some contacts for some advices and all... anyone?

Make sure you're ready for lots of DoS attacks.

It's not an easy business.

yep
I know all about shell providers. Planet Z is right, you need to be heavily prepared for dos attacks, because i can almost guarantee it will happen to you. Gotta be careful what those "kids" do on that box
I think it'll be a big hassle.

However there is a big demand though. Once you start making more money you might want to get more servers.

Some advices:

Do not put any critical stuff on the same server.
In fact, I'd only place IRC shell accounts on the server, and I would clearly state that you aren't responsible for any downtimes, lost of files, and you simply make no warranty about the service you offer. Also, plan some overhead monitoring what your users are doing on the box. Get a very stable os (freebsd).

Make sure your provider allows IRC (a lot don't).


Just my 2 cents..

We stopped offering IRCD / Shell accounts for that very reason. Two DDoS attacks were enough for us.

Regards,

auyongtc,

Most collocation/dedicated server companies will kick you off their network once they receive a DOS attack, which brings downtime to their network.

Make sure that the ISP you are dealing has a LOT of bandwidth and that they are willing to packet filter with access-list controls on *their* routers. I emphasize their routers because an access-list on your routers would do little in the face of a heavy bandwidth attack.

Also be prepared for a LOT of credit card charge backs and a lot of people trying to hack box. Someone with a shell account on a system has a whole lot more access than the average web surfer. I would require a photocopy of a valid form of identification and a signed copy of their credit card.

Matt
--------
From someone who has tried it before and knows it isn't worth the trouble :)

Yeah I know all those all along... basically, I'm not planning to accept credit card for the time being, since I'm targeting mainly local clients, I'm more comfortable accepting bank transfers/checks/cash from my clients for shell services.

I'm just gonna have a dedicated box just for shell services, my hosting server will still be based in the US mainly because of CPanel (can't wait for NOCsoft :D).

Hmmm... using FreeBSD sounds rather feasable... anyone here with the experience on setting up FreeBSD for shell services?

As for my provider, definitely will talk it out with them and see whether they can accomodate me. I know them pretty well, my previous job, the company was co-locating with them some cache servers... terrific support and uptime ;)

Hi,

Just wondering, who are them?



Thank you,

Cedric

It's just a good co-lo provider in Malaysia... nothing compared to the US ones ;)

It's Reach Internet Services (formerly known as Cable & Wireless in Malaysia)... yeah the company that bought by PCCW...

One thing nice about their datacenter... they're located in KLCC Petronas Twin Tower 2 (currently the tallest building in the world!) :D

Best Internet Communications (now part of Verio) which was for a long time the premier shell hosting provider used FreeBSD.

From a security stand point FreeBSD is easier to secure. FreeBSD developers have the ability to hide their source code which makes them slightly less vulnerable to people hacking their code.

There is always going to be that one hacker that is smarter than your top security guy. Just have to hope and prey he wouldn't delete all your customers files.

Oh ... backups are a must.

Matt

Creative Internet Techiques has co-location for high risk servers, which includes firewalling for protection against DDoS attacks.

http://www.httpd.net/colo_highrisk.htm

If it was me, I would only allow certain "pre-approved" bot / bounces, as several "IRC clans" have hacked up their shell software to do a lot more than just IRC bot.

Run 'top' often and make sure that nobody is using excessive resources either. ;)