Plesk to cPanel, and Fully-Managed VPS to a Less-Managed One
In another thread, I wrote about how I came to switch from AtomicVPS's fully-managed VPS to a less managed one.
Partly because of some of the questions folks asked, I'm going to write a few more comments on the switch.
There were actually three big moves here.
I moved from one company to another. Reason: Looking for better support.
I moved from one hosting panel to another: Reason: I had come to hate Plesk, and had the idea that WHM/ cPanel would be better.
I moved from a fully managed VPS to a much less managed one. Reason: Well, I don't think I was really even thinking about this at the time. But the real reason, in the end, was budget.
It's just cheaper if you're willing to handle stuff yourself.
Does it make economic sense? I don't know. Maybe not. But there's another reason to have a less managed VPS. When your VPS is less managed, and you've set up things like server security yourself, you start to understand a good bit more of what's going on. And you feel more in control.
Plesk to cPanel
I used Plesk as my main control panel for about 10 years.
The first time I ran into cPanel, it was because I was helping a customer who had web hosting with someone else. LiquidWeb. And the hosting was based on cPanel, so when I needed to make some changes to their email, I logged into their cPanel to do it.
cPanel, of course, was different from what I was used to, and for that reason I wasn't very keen on it at first.
Some time went by, and I used the basic cPanel interface a few more times to get to their email.
And then Plesk came out with a new version not so long ago, based on "subscriptions."
Now their new panel never made a damn bit of sense to me. It was strange, confusing, and I just flat didn't like it.
You'd look where you thought something should be, and it was some place else. And the "subscriptions" thing never made sense to me, either. It seemed to me that they'd taken a fairly straightforward control panel, had their brother-in-law monkey around with the design, and made it more complicated than it needed to be.
So in spite of the fact that I'd used Plesk for 10 years, I was ripe for a change.
And little bits I read about WHM/ cPanel suggested to me that it was better than Plesk. So when I decided to switch hosting companies, I decided to switch to WHM/ cPanel as well.
It wasn't a cheap decision. Am I still glad I made it? Yes. But it was costly, for a couple of reasons.
First, there was the learning curve. Second, I ended up transferring over all web sites manually. I'm not sure whether I would have had to do that if I'd gone Plesk-to-Plesk. I know that if I'd been on cPanel already, there's supposedly an easy way to transfer from one hosting / VPS provider to another. I think that only involves a few clicks. Supposedly, at least. In any event, the hosting company I was moving too would've handled the transfer for me.
As it was, it took me about a month to get my sites transferred over. Probably about 3 weeks of that was manually transferring sites one by one, checking whether they were working on the new hosting, and fixing any issues that cropped up.
It's hard to say, exactly. In the process, I had about a dozen domains I was theoretically hosting, but I'd never built sites for them. They were domains I'd bought hoping to resell. I'd wanted to put up nice, appropriate, 1-page "this domain is for sale" sites, but I'd never gotten around to it.
So while I was transferring my hosting, I also built a dozen 1-page web sites. I think the transfer of existing sites probably took about 3 weeks, and building my new little sites probably took about a week.
Another thing that took time was exploring WHM, understanding what was there, and learning how to use it. I found that I had much more control than I'd had before. Maybe Plesk let me do all this stuff, but if it did, it didn't make it obvious. Neither did my previous setup, since the guys on the other end were managing most of it for me.
I also began to understand there was more I needed to know and do -- like beef up the server security.
Fully Managed VPS to a Less-Managed One
Support was good at the new company. Fast, friendly, and effective. But not only could I do more stuff, I began to realize they were expecting me to do more stuff. Well, that was really fine by me. I don't mind understanding what's going on and being in control of it.
As mentioned in the other thread, I still opened 14 support tickets within the first month or so. A lot of these had to do with getting their help in setting things up, asking questions about what their service involved (e.g., how did their backups work?), and (on occasion) fixing a thing or two that I broke.
Like that time... heh heh... that I locked myself out of SSH, by changing the SSH port without first opening the new port in the firewall.
There were a few issues I confronted along the way.
1. Do I need to get some other company to back up my VPS for me? So far, I haven't taken that step. I still may. The backup system of the company I'm with seems extremely reliable, and the odds of ever needing a third-party backup seem small. Still, it's a consideration.
2. Monitoring use of server resources. I have things configured so that I get daily emails now.
An email alerts me instantly if anyone logs in to SSH, or into WHM using root. It's probably unnecessary, as I'm using a very strong password for WHM, and SSL logins only; and SSH has requires a private key plus a strong password on an obscure port. But it's nice to get those emails.
Throughout the day, I get emails telling me who's been blocked for attempts to brute-force their way in, or port scanning, or similar attempts that set off mod security.
I get a daily logwatch email as well, that tells me what's been going on on the server.
I've learned to check how much free memory and disk space I have.
Recently, I've installed Munin, so I can use that to monitor the server as well.
And I have a third-party service monitoring one of my main domains for uptime.
Almost all of this, except for the last thing, is new. I'm getting to the point where it takes less of my time to glance at things. The port scanners and hackers are handled automatically.
3. Beefing up server security and reliability.
I hadn't been on the new hosting long before spammers installed malware on a customer computer, stole his email passwords, and used his accounts to send out tens of thousands of spam emails.
After this, I installed and configured ConfigServer Firewall & LFD. Since most of the attacks were coming from computers overseas (there's a botnet or something that's been launching global hacking attacks) I blocked most of the countries of the world from even accessing the email ports. This risked using up too much of my server resources, but I gave it a shot and haven't run into any real problems.
I upped the requirements for password complexity, and made sure all my customers have strong passwords.
I set things so that any IP that tries to hack into my server, email or otherwise, isn't just blocked for 15 minutes. It's blocked for 3 or 4 months.
So take that, jerks. (ConfigServer complained that I might have gone overboard on that one, offering me a "Sanity Check." But I calculated the odds of any legitimate user being blocked from any legitimate access , and while theoretically possible, those odds seem vanishingly small.)
I deleted unnecessary backups to free up server space, and have kept an eye on both disk space and memory, maintaining a healthy margin in both.
The one user whose accounts were compromised, I set a smaller limit on how many emails he can send in an hour, in case anyone did get his passwords again. Even with the smaller limit, he'll probably never send that many emails in an hour. If he does, I can adjust the limit. I may move it back up later anyway.
I worked with him to get his computer clean of malware, and tried to set things up so that if there's a problem, I'll probably learn about it sooner next time.
I've worked with some of my customers on spam filtering, to help reduce the number of infecting things they get in their email.
I did some basic things with mod security. I went through the security recommendations in WHM, and went through the long list of recommendations generated by ConfigServer, and implemented almost all of them.
I set up a reasonable and healthy amount of swap space.
In the end, I spent probably a month of every-spare-minute kind of work, and another couple of weeks tweaking stuff on a daily basis.
It's been a couple of weeks now since I opened my last support ticket. There was an error with Apache that was making all my sites show up 404 Maybe I did something that caused it. Or maybe it just got a bit corrupted, for unknown reasons. In any event, I didn't know what to do. But it only took rebuilding httpd.conf and restarting Apache. And because I have fast support when I need it, the fix took less than 20 minutes!
All of the changes were a lot of work, but so far, they seem to be working well. I'm at the point where I can't think of anything else I ought to do. Except just keep an eye on things.