If I were to use this software (www.solutionscripts.com) to give away free hosting, and I allow PHP/mySQL, what security risks are there, if any?

Dont allow php/mysql, A it will take up resources, B it is insecure. Im thinking of the php mainly. The safe mode protects users as I remember, homefree dosent have offical users, yet one user, with a bunch of fake ones. People have asked about cgi and all that great stuff with HF, and the answer always is dont do it. Mysql, assuming people use it, will just take to much resources. Also are you sure you wanna get iunto the free hosting game. You will deal with daily abuse, warez, spam(not generated from you but from someone pointing to their site on your server, and you will get blamed for it). Also you have credit card fraud to deal with. Also, dont plan on making money off advertising.

Originally posted by davidb
Dont allow php/mysql, A it will take up resources, B it is insecure. Im thinking of the php mainly. The safe mode protects users as I remember, homefree dosent have offical users, yet one user, with a bunch of fake ones. People have asked about cgi and all that great stuff with HF, and the answer always is dont do it. Mysql, assuming people use it, will just take to much resources. Also are you sure you wanna get iunto the free hosting game. You will deal with daily abuse, warez, spam(not generated from you but from someone pointing to their site on your server, and you will get blamed for it). Also you have credit card fraud to deal with. Also, dont plan on making money off advertising.

i'm not even in the planning stages yet, just in the researching stages...

but if all goes well you'll see UH offering something for free by the end of the year :D

You will not make $ by giving away free hosting.....all you'll get are massive headaches.

Originally posted by successful
You will not make $ by giving away free hosting.....all you'll get are massive headaches.

and you just assume im in it to make tons of $$$:rolleyes:

read my signature....

Free hosting is a tough game. I know, because I'm in it. I opened the doors of 250Free on January 1st, 2002. Initially things were very slow. But now, sign-ups are picking up considerably as we continually improve our reputation. The abusers hate us and the honest page-building folks are very happy. My advice, if you do get into free hosting, is to lay a clear set of rules, make sure every member who signs up sees them, and enforce them vigorously. I don't mess around. If someone is breaking my rules, they are out the door. This policy has all but eliminated abusers from even coming near my service. Like I said, they hate us. :)

OTOH, treat every one of those you do host as king. If you're smart, you'll have an upgrade path to premium services. It's the only way to make it in free hosting at the moment. If you treat every one of your customers as if they were your best, they will remember, and they will tell their friends. :)

Also, be prepared for the silliest of questions. You'd be surprised how many emails I get in the vein of "Where's my URL?". If you have a short fuse, free hosting isn't your game.

Remember that you are hosting people's websites. These are people's homes on the Internet. Don't take that responsibility lightly. Don't get into free-hosting "just to see what happens". And formulate an exit strategy BEFORE you ever begin. If you go out of business, you need a place for them to continue hosting.

To many unethical people get into free-hosting to try to make a quick buck. Some do, some don't. But it's sad for the poor guy who loses his home on the web because the host "doesn't want to do it anymore". Don't be one of those guys. :)

Good Luck,

Brian

Originally posted by Brian S
Free hosting is a tough game. I know, because I'm in it. I opened the doors of 250Free on January 1st, 2002. Initially things were very slow. But now, sign-ups are picking up considerably as we continually improve our reputation. The abusers hate us and the honest page-building folks are very happy. My advice, if you do get into free hosting, is to lay a clear set of rules, make sure every member who signs up sees them, and enforce them vigorously. I don't mess around. If someone is breaking my rules, they are out the door. This policy has all but eliminated abusers from even coming near my service. Like I said, they hate us. :)

OTOH, treat every one of those you do host as king. If you're smart, you'll have an upgrade path to premium services. It's the only way to make it in free hosting at the moment. If you treat every one of your customers as if they were your best, they will remember, and they will tell their friends. :)

Also, be prepared for the silliest of questions. You'd be surprised how many emails I get in the vein of "Where's my URL?". If you have a short fuse, free hosting isn't your game.

Remember that you are hosting people's websites. These are people's homes on the Internet. Don't take that responsibility lightly. Don't get into free-hosting "just to see what happens". And formulate an exit strategy BEFORE you ever begin. If you go out of business, you need a place for them to continue hosting.

To many unethical people get into free-hosting to try to make a quick buck. Some do, some don't. But it's sad for the poor guy who loses his home on the web because the host "doesn't want to do it anymore". Don't be one of those guys. :)

Good Luck,

Brian

Brian, are you offering free hosting because you're a nice guy - or are you hoping that your free clients will eventually upgrade ?

Also, what software are you using for your free hosting site ?

To many unethical people get into free-hosting to try to make a quick buck. Some do, some don't. But it's sad for the poor guy who loses his home on the web because the host "doesn't want to do it anymore". Don't be one of those guys

the same can be said for paid hosting. Everyday i see offers in many forums, some offering 10-20GB a month for $75-100 a year...three months later they are overwhelmed and shut down operations. Now i'm not saying that overselling is wrong (that is a totally different thread/topic) but you shouldn't do it in an effort to make more money...

I want to offer free hosting not to make money, in fact I expect to draw a big loss the first few months. I'm looking to offer free hosting to those you truly need it to get started on the web, or for the many not-for-profit organizations that can't pay for hosting. At the same time, I need to find a solution to keep it safe for everyone, including myself.

HomeFree looks good, but then I can't offer php or mySQL. Easthosts (cyberscripts.net?) has the same problem. I'm considering getting a VPS and using WHM and Cpanel, but is there a way to automatically insert code into *.*htm* files or *.php* files?? ie, i want to be able to automatically insert my ad code into the bottom of my users pages

I would not go with solution scripts. Their support is next to nothing.

Originally posted by successful
Brian, are you offering free hosting because you're a nice guy - or are you hoping that your free clients will eventually upgrade ?

I'm in the business to make a living. It's a numbers game. You use the adverts to cover the free guys, and you make the money from the loyal members. But being a "nice guy" is also part of the package. I am, so it comes easily for me. ;)

There are many ways into the hosting business, and this is the one I chose. You do what you know, and this is what I had the most experience with when I got out of my other work. I'm not a great marketer. So I took my strength of great customer service and fair value and applied it to this new business.


Also, what software are you using for your free hosting site ? [/B]
Ah, the venerable HomeFree 3.xx of course! ClusterMania's right in that their support is spotty these days. But if you're going to manage a free hosting business, you probably ought to have the knowledge to get a simple script up and running. My HomeFree is pretty hacked. I had some pretty specific things I wanted it to do and I didn't want it to look like every other HomeFree out there.

Brian

HomeFree is a superjoke. Unless you know how to hack it like crazy, it's worthless. Warez will close you down in a heartbeat because there are no methods for detecting them. They ignore policies.

We have several methods for killing off warez. One is that we hacked up mod_throttle and created some cripts for it.....and then wallah! Individual reporting for free clients who are all under the same vhost, ip, and owner.

http://worldzone.net/members/check.cgi (art - webbied is my test account, so you can check that)
Plus that limits their bandwidth on a timed schedule. If the text goes from green, to orange, to red...the site is temporarily disabled till the next time period. Then on top of that, we dont offer php or cgi. Free hosting is for beginners, so they dont need that stuff and you are more secure without it. Then we have WarezHunter http://warezchasers.com which scans the drives, accurately identifies and removes warez. I have it set to work on a time schedule because we have our modified mod_throttle in action that prevents warez from getting in and using a few gigs between scans.

Then we have a few other ways for fighting warez as well. Let me give you some advice as to why you should not allow cgi and php. Under scripts like homefree, you clients are under the same user and their directories and files are owned by that user, generally user 'nobody'. That means your members scripts will operate as that user. This means they can hack the accounts of your other users with a simple cgi or php script. Worse yet, they can setup their own accounts on your server that will never show up in Homefree. Then upload a better panel of their own....and bypass any limits homefree may otherwise offer. Warez like to do that. By the time you catch one warez and shut them down, they already have a hundred more accounts setup on you that mirror the one you just removed. So even though you are right behind them (by watching logs) they have already used several gigs of bw per account. Pretty soon, you cant afford it and you have to close down.

I have been free hosting for about 5 years now. I know all their tricks, even know some they havent thought of....and I already have counters against them when they do figure them out. You can go to freewebspace.net and count from the beginning the thousands of freehosts that have opened and closed. 99% of them close their doors within the first few months, sometime less. It's not a business you want to get into nowadays. Most ad networks wont accept you. The ones that do are paying by clicks, not cpm. We have our own ad network along with paid hosting and a few other businesses. So we manage to do quite well. But try to start out nowdays with only free hosting, and you'll never make it. Trust me enough to not put yourself in that kind of pain.. The minimum you should start out with is both free and paid.....even then, keep an extremely close eye on the system for warez.

Originally posted by Webdude
HomeFree is a superjoke. Unless you know how to hack it like crazy, it's worthless. Warez will close you down in a heartbeat because there are no methods for detecting them. They ignore policies.
HomeFree does what it was built to do, and does it very well. That is, create directories, accounts, and give people a basic interface to manage thier account. It was never meant to be a "push this button to eliminate warez punks" solution. That's your and my job to figure that out. The bottom line is that enables one to get into free hosting easily.

I would certainly look into a fully custom system when the time comes. But if ain't broke, don't fix it.

But try to start out nowdays with only free hosting, and you'll never make it. Trust me enough to not put yourself in that kind of pain..
I agree. You wouldn't get anywhere hosting just free customers. But if you offer an incentive to move up to something paid, they will come.

Brian