Rochen Perfomance Hosting

Rochen is proud to announce our sponsorship of the JoomlaPack project. JoomlaPack is an invaluable tool for helping migrate your Joomla sites and we’re proud to be providing the joomla hosting for this great project. If you have ever tried it out before, I am sure you would agree that it is one of the most professional and polished tools available for Joomla. As well as that, it makes moving a Joomla website a breeze.

It is also an Editors Pick on the Joomla! Extensions Directory with many rave reviews.

So join us in welcoming the JoomlaPack team to Rochen. We look forward to working with them on into the future, and hope that their tool proves useful to many of our clients as well.

If you are not yet familiar with their free tool, be sure to head on over to their site and check it out.

About Joomlapack

JoomlaPack is an open-source backup component for the Joomla! CMS, quite a bit different than its competition. Its mission is simple: create a site backup that can be restored on any Joomla!-capable server. It creates a full backup of your site in a single ZIP archive. The archive contains all the files, a database snapshot and an installer derived from the standard Joomla! installer. The backup and restore process is AJAX powered to avoid server timeouts, even with huge sites. Alternatively, you can make a backup of only your database. If you want a reliable, easy to use, open source backup solution for your Joomla! site, try it out.

- Brad Baker

Brad Baker has been a member of the Rochen team since early 2003 and is a founding core-team member of the Joomla! Open Source Project. He also blogs here.

If you have browsed around different hosting companies websites you are bound to have come across at least one that either offers unrealistic amounts of disk space storage or data transfer and then conceals what they really do offer through clever jargon in their legal agreements. Some providers have even gone as far as advertising “unlimited” disk space and “unlimited” bandwidth in an effort to pull in unsuspecting customers. In the industry we refer to this practice as overselling.

The keyword here though is advertising. That’s really all these oversold providers are doing. They are advertising (falsely in my opinion) something they can’t actually deliver. If a provider is advertising 750GB of disk space and 10,000GB of data transfer (or worse “unlimited”) for $8 per month, as an example, then something is not right. It is not possible for a provider to buy resources this cheaply and then once you factor in other outgoings like the servers themselves, support engineers and other costs of doing business it just doesn’t add up. Both disk space and bandwidth are a finite resource like anything else. Disk manufactures like Seagate and Maxtor have not designed hard disks with unlimited storage yet. Bandwidth providers such as InterNAP and Level 3 have not worked out a way to push unlimited data down their pipes yet.

False advertising is not the biggest issue here though. The biggest problem is that these practices impact your website load times and its overall performance. These providers are counting on the fact that the vast majority of users on a server will not consume the advertised amount of disk space or bandwidth and the few that do will be offset by the other paying customers. This is partly true but it does not stop very serious problems from occurring. By allowing a few customers to use these levels of disk space and bandwidth in a shared environment it can cause major stability problems for everyone else on the server. Their shared servers end up drastically overloaded which then hits your site load times. Worse still, they might just cut you off if you use too much yet you are still within their advertised limits.

There are two main reasons that many hosting providers manage to get away with these dubious practices -

• Through no fault of their own the average consumer of web hosting services simply isn’t educated enough and when they see these falsely advertised plans they think “fantastic, that’s a great deal” and they go ahead and purchase. If I didn’t know any better then I would probably do the same thing. That’s one of the reasons for this blog post to hopefully try and spread the word. Education is king.
• Due to the web hosting industry not only spanning across many states and territories but the entire globe there is little to no regulation on the way many providers advertise their service. There is no one to turn around and tell these providers what they are doing is unethical. Some of the providers doing this are well known brand names and huge multi-million dollar corporations.

Our aim at Rochen has always been to provide our customers with ample resources to run their website and provide seamless upgrade paths as they grow while not falsely advertising our service. Rochen not overselling is a huge benefit our customers have but it is also our heavy investments in infrastructure and systems like Rochen Vault that set us apart. Rochen’s commitment to proper, no nonsense, 24/7 support backed by certified engineers is another big selling point.

Speaking of Rochen Vault, I will try and blog in more detail about this another day, as it truly is a fantastic system that allows you to easily restore files or an entire account to points in time over the past 30 days. If you have had a problem with a script upgrade, mistakenly deleted a file etc. Within a matter of a few seconds you can have your site recovered and back online. Back to overselling and performance for now though.

We often get emails from users looking for Joomla hosting and web hosting services for other types of dynamic scripts (PHP / MySQL driven mainly) and they tell us that things are running slow with their current host. Nine times out of ten this is due to the fact they are hosting with one of these oversold providers and as soon as they move their website over to Rochen it is like it receives a new lease of life. All of our plans come with a full 15 day money back guarantee, so you can try this theory out for yourself completely risk free.

Rochen’s primary target market is those users looking for a truly performance driven hosting platform where their sites will load fast and they will not have many of the common hosting hassles they would with other providers. Whether it be a personal homepage, business site or providing reseller hosting for your own customers we likely have a solution for you. If you are not sure what you are looking for then drop us an email via sales@rochen.com and we will be happy to have a chat with you. If Rochen reverted to the ways of some of these providers then we would lose our core user base who demand performance at reasonable prices.

Before signing up with any provider examine their offering in great detail, see what added-value services they offer (e.g. Rochen Vault), see what their track record in the industry is like (Rochen has been around for over eight years) and see if they are misleading you with a hugely oversold offering. Also, try and calculate how much disk space and data transfer you actually require. This can often be tricky, but using Joomla as an example again, you can deploy a good sized Joomla site, store a good chunk of email and still have space left over out of 200MB disk space. In a lot of cases we see users vastly overestimating the amount of disk space they need to get started. Remember, as your site grows you can easily upgrade.

So join with me in saying yes to performance driven hosting and no to the misleading oversold plans. Thanks for reading and I hope you find this information useful.

- Chris

Chris Adams is the Founder and CEO of Rochen, a web hosting provider specializing in providing a performance tuned hosting platform for dynamic database driven scripts like Joomla! Rochen has hosted all of the official Joomla! websites since the project began in August 2005.

.. and guess what, it’s not an iPhone!

I recently switched to a Nokia E71 and have decided that this is the best phone I have used to date. I actually made a conscious decision and chose this phone after evaluating it and the iPhone. Probably one of my favorite features is the keypad, with a full, albeit small, qwerty keyboard. Also, running the Symbian Operating System, many 3rd party applications are available.

It will be interesting to see in a few years how the Google Android phone operating system stacks up, but for now, I’m sticking with this phone.

What difference does it make to you as a customer of Rochen?

Well, for one thing, I can be even more connected. I’m able to receive email the moment it arrives, continue to interact with our staff while out and about via our internal IM (instant messaging) network oh, and in emergencies it even accepts phone calls.

It has inbuilt GPS which I use in conjunction with Google Maps at times.

Did you know?

• If any services fail on any of our servers our remote monitoring system sends all staff an SMS.
• All our staff interact with our servers using a secure method. Sometimes this is via https other times using SSH keys.
• All staff can access their email while away from their desk in case of emergencies or just to monitor the helpdesk.
• It’s not uncommon on any given day for all our staff to have a few conversations together. So despite our geographical location, we’re working together as one team to support you.

I also carry with me an Asus Eee PC in case I need to handle anything more important that can’t be handled via my phone. It runs a Linux based operating system which is both familiar to me, but also efficient on a small machine like this. I have the small 7″ Eee PC.

Technology really has come a long way, and it enables us to continue to provide the high level of service our customers has all become accustomed to.

What kinds of technologies help you to be able to continue to support your own customers?

- Brad Baker

Brad Baker has been a member of the Rochen team since early 2003 and is a founding core-team member of the Joomla! Open Source Project. He also blogs here.

It’s a sad reality these days on the internet, but Spam is everywhere. For most people, it starts in your inbox and ends up a battle on your forums and comment systems on your websites.

We’re not immune from this at Rochen. We have also been trying and testing out various options for our own pre-sales forum. I think it is finally starting to help now though. However, let me try to explain a few things that may help you in your own fight against spam.

First, email. Many of our clients have good success using an email filtering system, such as the one Google offers. This system works by filtering and delivering the email to the normal location (your webserver) where you then access it as usual. Others have found using 3rd party email like Google Apps which allows you to have ‘gmail at your domain’, works for them. Lest I appear to be only plugging Google, there are other systems out there, but IMHO nothing quite as effective as Google’s spam filtering.

All our hosting accounts also come with free spam filtering by Spamassasin. This is yet another option in fighting spam in your Inbox. You have choices, find the one that suits you best, and I’m sure you will feel some satisfaction knowing you’ve helped to clean up your Inbox, and perhaps those of your fellow employees as well.

Second, website/comment spam. I think it goes without saying that *IF* you decide to utilize some kind of comment system on your website you NEED some bot/spam filtering. Some common 3rd party services I’ve used with good results are:

• reCAPTCHA
• Akismet

..there are others, but the bottom line is, you must consider things like this when implementing a website these days. On the Joomla! Community and Developer websites we make use of Akismet with excellent results. Manually filtering and approving comments on large sites like these is just not productive.

I have noticed there are many Extensions for Joomla! available to help in the website spam fight, be sure to check them out yourself the Joomla! Extensions site.

Isn’t it intersting how much resources are devoted to things that in the past were a non issue. A similar subject is antivirus, but seeing as I personally only use Mac/Linux that is less of a personal concern.

Well, I hope this information at least proves beneficial to someone. Until next time.

- Brad Baker

Brad Baker has been a member of the Rochen team since early 2003 and is a founding core-team member of the Joomla! Open Source Project. He also blogs here.

In case you have not yet noticed, recently we upgraded the software that our customer helpdesk and portal (My Rochen) runs on. Apart from being far more efficient for staff (which translates to better/faster customer support) one of the features I am personally most excited about is the new internal Knowledge Base.

As a client you can see this new feature here. You will need to be logged into My Rochen to view this link though.

What does this mean for you as a customer?

Here at Rochen, we will continue to provide the same level of personal support via our helpdesk, however, now we have this new tool to help even further. At this time, the contents are somewhat limited, however, over time they will increase.

The system will automatically offer you articles to read from the knowledge base as you enter your ticket based on the contents of it. These articles will simply appear to the right of your screen so as not to impede or slow down your ticket submission, but if the answer to your question catches your eye then it could save having to even click submit!

We hope this continues to enable us to provide all our clients with what we believe is the best hosting support in the business!

- Brad

Brad Baker has been a member of the Rochen team since early 2003 and is a founding core-team member of the Joomla! Open Source Project. He also blogs here.

Firstly, welcome to the Rochen Blog and our inaugural post. I am not sure where this blog is going to take us or what topics we will cover, but pretty much everything is on the table. With this first blog I thought it would be a good idea to cover a topic on the minds of many people – Joomla! security.

I think it is fair to say that Joomla! has received a lot of unjustified and misinformed criticism from many in the web hosting community. In my opinion the main reason for this is that when a Joomla! powered website is hacked on a host’s server then the vast majority of providers automatically assume the problem lies with Joomla! itself (because that’s what the site is running) and immediately tag it as a script with a lot of security problems without any proper research. Some hosts have even gone as far as banning Joomla! from their servers.

From our own experiences here at Rochen we have found that the vast majority of security issues that come up with Joomla! sites are nothing to do with the core code released by Joomla! themselves but due to poorly coded, insecure or out of date third-party extensions that are installed under Joomla. Even if your Joomla install is kept fully updated but you have a single insecure extension installed then this will allow your entire site to be compromised. Vulnerable extensions are lethal to your site security.

As you might be aware Rochen know a thing or two about Joomla hosting. We host thousands of Joomla! powered websites but we also host all of the Joomla! official sites at www.joomla.org as well. We hosted the very first install of Joomla before any other provider. So I have put together a few recommendations based on things we have seen at Rochen that will hopefully help you keep your Joomla site more secure. Hosting with Rochen never hurts, but these tips are not specific to us.

1. Host your site on a server that runs PHP in CGI mode with su_php. This means that PHP runs under your own account user instead of the global Apache user and you don’t need to set insecure global permissions like CHMOD of 777. Not having PHP configured in this way opens you up to cross-account attacks from other users on the shared server since you will need to CHMOD to 777 any directories Joomla! need to be able to write to. It also makes installing and managing extensions a real nightmare for the webmaster. A shameless plug, but in case you were wondering, yes, Rochen meets this requirement and we also performance tune all of our PHP installs as well for good measure.

2. Providing you are hosted on a server that runs PHP as directed above then you should ensure all of your files are CHMOD to 644 and directories to 755. You should never CHMOD any files or directories to 777, especially your configuration.php file.

3. The Joomla! FTP Layer was developed as a work around solution in case a user was hosting a site on a server that did not run PHP under the account user. It allows for extensions to be installed under Joomla without running into file ownership issues. Unfortunately, it also opens up a potential security hole since your FTP details are stored in plain text under a Joomla! configuration file. If you are hosting in a secured and tuned environment, like we have here at Rochen, then you don’t actually need the FTP layer to be enabled as extensions will install out of the box without any hassle and you can manage them without running into file ownership issues. You should disable the Joomla FTP Layer and ensure it has not stored your login details.

4. There was a security issue with Joomla reported around a month ago that allowed an attacker to reset the Joomla administrator password for a site. Although it is not a complete solution a really simple thing you can do to help protect yourself if an issue like this comes up again is to change your Joomla! administrator username. Change it from the default “admin” to something else like “chris.admin”. Make it that bit harder for an attacker to compromise your site.

5. Although it might be tempting to install every extension under the sun (there are a lot of wonderful ones out there and some not so great!) only install the ones you need. The more you install under Joomla! then the more likely your site is to be compromised. You should also ensure you remove any components (including the files themselves via FTP) for any extensions you are not using.

6. It might seem like an obvious one but ensure your web hosting provider is keeping up with their responsibilities. Ensure they are keeping PHP and other software on the server updated (nobody should be running PHP4 anymore as it is now “End of Life” and potentially open to security issues), ensure they are running their operations in a secure way (PHP in CGI mode with su_php as noted above) and ensure they are taking steps to help ward off attackers by running modules like mod_security under Apache and open_basedir under PHP. Having mod_security on your server can help to stop a lot of XSS attacks against your Joomla! install getting through, but it can’t stop them all so you still need to ensure you keep up with your Joomla! security updates.

7. Ensure you are setting secure passwords for both your Joomla! administrator user but also your web hosting account control panel and FTP logins. It would be a real shame to have spent lots of time securing your Joomla! install to then let an attacker in through a weak password. I recommend a password that is at least 8 characters in length and containers letters (both upper and lower case), numbers and at least one symbol. Also ensure your passwords do not contain dictionary words. Using a password generator is a good idea.

8. Another useful tip I can share with you is to password protect your Joomla! /administrator directory. You can do this under an Apache web server using a .htaccess file and if you are a Rochen customer this can be easily configured using the “Password Protection” option within your control panel. By password protecting the /administror directory you will have to enter a username and password prior to reaching the Joomla! administrator login page. It means that even if your Joomla! admin password is stolen then your site is still largely protected since the attacker will not be able to reach your administrator login page. Remember, it is important to use a diffrent password on the /administrator directory than you do for your Joomla! admin password or it defeats the purpose of doing this.

9. Last but not least, and probably most important, you need to ensure you keep your Joomla install itself fully updated with the latest security patches from Joomla. You also need to ensure you keep all of your extension installs updated too. Remember, even if your Joomla install is updated having even one insecure extension can allow your site to be compromised. You should subscribe to the Joomla Security Mailing List as well as the mailing lists maintained by the developers of third-party extensions you have installed. If you are using an extension from a developer that doesn’t maintain a security mailing list, then question them why. It is something all developers should be doing.

So, if you have read this far down the blog post, then you might be happy you did becuase I am pleased to provide you with a Rochen promotional code: joomlasecurity. Simply enter this during the Rochen ordering process and you will receive 15% off your first month’s hosting for any of our plans. This coupon is good through to the end of October 2008. We don’t issue many coupons, but when we do they will be in sneaky places like this. Who ever said reading blogs while you should be working wasted money?

One other thing worth mentioning. If your Joomla! site hosted at Rochen is hacked then you can easily roll your account back within a few minutes to points in time over the past 30 days using our Rochen Vault recovery system. Simply login, select the files you want to restore and boom – your site is rolled back to an unhacked state. You do of course then need to secure the site otherwise it will simply be hacked again, but if you follow what I have outlined in this post then your Joomla! powered sites being hacked should be a thing of the past.

If you have any comments, questions or better yet security tips of your own then please leave a comment under this blog. Thanks for reading and I hope you have found some of the tips useful.

- Chris

Chris Adams is the Founder and CEO of Rochen, a web hosting provider specializing in providing a performance tuned hosting platform for dynamic database driven scripts like Joomla! Rochen has hosted all of the official Joomla! websites since the project began in August 2005.