For all of you webhosts out there:

How do you automate the sign up process? If I use WHM and CPanel can users signup and automatically have their account created? If not how could I set it up this way?

And how do you get the billing tied it? Do you just create your own signup form with everything you need on it and then manually do it? Is their a way to automatically tie it in to ubersmith?

Thanks,
Brian

Hey Brain,

Automation would be such a great feature... That is, if it was reliable, and secure... (not saying it isnt)... But if you are using WHM/CPANEL... and writing your own script..

There is a script from nixt.org which people register with, and all you do is go in, and click CREATE and it makes it based on the user input... Again its not instant, but i guess it can help.... There is the feature in WHM (signup.cgi) but who knows what happened with that... and if you are using 3rd party billing its kind of difficult.

H-Sphere (control panel) allows you to do it if you use one of the preset billing services, (authorize.net) or something.......... then its instant itself:)

Other than that, not sure.... I would like to learn about ubersmith as well...

sean

Thanks for the info!

Any idea where I can find some more information about H-Sphere?

Brian

Never mind, http://www.psoft.net/ :-)

Thanks

no prob..

the only company i know of who offers h-sphere plans so far is WizardsHosting...

http://www.wizardshosting.com

Be careful with automation. You should always have a real person look at incoming orders, before they are setup. I can look at an order and tell if it there is something suspicious about it...even if my merchant account/bank says it's valid. Automation tools can't do that.


--Tina

Thats actually the advice I've been getting from some people.

Right now what I think I'd have to do is the following:

-Setup the account in ModernBill (the software I'd use)
-Setup the account in WHM

Brian

Originally posted by Sean
no prob..

the only company i know of who offers h-sphere plans so far is WizardsHosting...

http://www.wizardshosting.com

Neureal too.. at http://neureal.com/

Originally posted by AffordableHost
Be careful with automation. You should always have a real person look at incoming orders, before they are setup. I can look at an order and tell if it there is something suspicious about it...even if my merchant account/bank says it's valid. Automation tools can't do that.


--Tina

I agree wholeheartedly. Having a real person "monitoring" things is good for everyone....host AND customers! An ideal might be to have the setup automated to the extent that things are "processed" mostly, BUT that you as a host have the ability to change ANY information and also must click "ok" or something to finalize things. That way, you have an over-ride ability, and can also clean up any errors, etc that might occur in form filling. So, yes, Tina has a VERY good point there!

As for H-sphere, RotoHost ( www.rotohost.com ) is setting it up and will be switching from Cpanel to H-sphere anyday now. So, another one to consider if you're looking to learn more about it!

Take care..
Michael
Eskie Pages

what is modernbill?

Originally posted by crystal
what is modernbill?

http://www.modernbill.com

A client accounting / billing system.

You can now automate with phpManager I believe. It works with cpanel/whm..

http://phpmanager.taysoft.com/

Ensim is also very good. http://www.ensim.com

However, we wrote our own software; it can manage an entire server farm with just a few clicks. Since we use it, we have had more people to work on technical and commercial jobs. Also, our techs can do a lot of operations using just SMS messages from their mobile phones, when they're away. We are thinking about selling this software in the future.

I agree with AffordableHost and UnkleMunky completely. I am against using automated signups that instantly create accounts. Instead its best to have the accounts in a queue so a person can verify and sort out the bogus orders. We still receive bogus orders but they dont have any access to our servers before we catch them, who knows how many root kits would be attempted if it weren't for that. For some reason the majority of fraudulent orders coem from Malaysia.... whatever thats all about.

Originally posted by Jag
who knows how many root kits would be attempted if it weren't for that.

If your server is properly secured, who cares how many root kits are *attempted*?

I care, new kits are created all the time and its impossible to prevent every possible exploit that will ever exist with all the software you have to run for decent web hosting business. One more blocked attempt helps me sleep better.

Originally posted by Jag
I care, new kits are created all the time

I assume you mean "new security holes are discovered all the time"; in which case I'd have to point out that the time from discovery of a security hole to the public distribution of an exploit is rarely less than a few weeks, and I can't think of any recent cases where exploits have been published earlier than 24 hours after the release of patches.

Surely it isn't too much to ask that security patches be applied within 24 hours?

cperciva,
Speaking from experience Ive seen rooted servers from exploits that had not been announced yet...they have to start somewhere right? Im not bashing you but I dont really care to debate root kits and exploits, just stating that I would rather deny a fraudulent order shell, ftp, and control panel access since its not a valid account. If you don't mind users testing root kits on your servers, more power to you. I however don't let allow that type of activity on our servers. Its bedtime for me now, but I'll check back later. Cheers

Originally posted by Jag
Speaking from experience Ive seen rooted servers from exploits that had not been announced yet...they have to start somewhere right?

Exploits which haven't been announced yet, or security holes which haven't been announced yet? There was a security hole found in an earlier openssh back in early 2001, but exploits only surfaced six months later. (At which point the freebsd-security mailing list let out a collective giggle and went back to discussing more recent issues.)

Im not bashing you but I dont really care to debate root kits and exploits, just stating that I would rather deny a fraudulent order shell, ftp, and control panel access since its not a valid account. If you don't mind users testing root kits on your servers, more power to you. I however don't let allow that type of activity on our servers. Its bedtime for me now, but I'll check back later. Cheers

I agree entirely with wishing to block fraudulent orders -- I just dispute the assertion that it has anything to do with security. It's like trying to catch terrorists by checking for people who buy one-way plane tickets... if someone wants to blow up a plane now they'll just buy a round trip ticket.

Blocking fraudulent orders will not stop someone who wants to crack your server. Disallowing shell access will not stop someone who wants to crack your server. Keeping your server up to date with security patches will stop someone who wants to crack your server.

Sign-up system is our own in house based on ASP (access) and integrated with World Pay it is practically automated up to the point of an approving click from a human within the admin area. This is not necesarily just for security but you have the opportunity to spot problems in the persons sign-up details (there are only so many things a validation script can check for). Such as 123456789 for the telephone number!

I would always rather have someone look at each order. Those damn SPAMMERS!