Monday, July 26th, 2010
We just had a small hosting accident yesterday.
One of our clients had his weblog cut off with the dreaded Bandwidth Limit Exceeded notice:
Bandwidth Limit Exceeded
The server is temporarily unable to service your request due to the site owner reaching his/her bandwidth limit. Please try again later.
Richard’s visitors had pumped 80 GB out already this month on his FreeTheAnimal weblog primal living weblog. Not bad for a single writer not in a formal network. Every month his traffic is growing. Congratulations Richard!
These 80 GB of bandwidth are the real thing, with just a few slightly overweight images, not a single big file accidentally uploaded.
Richard was surprised and upset to see his weblog cut off as were we. While most hosts cut clients off as a routine matter of business, we do not. We treat our clients as we would like to be treated ourselves.
Two of Foliovision’s core hosting policies are:
- never cut off a client’s site for bandwidth
- no bandwidth overages
Clearly this is a clear violation of our hosting and customer service commitment. We recently moved from the dreadful hSphere control panel to the comparative friendliness of cPanel. We knew how to fix this issue in hSphere but had missed adding it in our default cPanel server setup. Here's how you make cPanel behave much more courteously with your customers.
Start by turning off bandwidth cutoffs. It’s in WHM under Server Configuration, Tweak Settings:
whm tweak settings bandwidth limits
A very big page of options come up. Search for: “Disable Suspending accounts that exceed their bandwidth limit”:
disable suspending accounts bandwidth limit
While you are at it, you may as well hit up your users with email warnings at 80 and 90 and 95% bandwidth so they can ask for an upgrade or at least are ready for their upgrade when it comes. Unfortunately, these notifications only go to the client and not to you.
To go without bandwidth overage cutoff this, we need to know when clients are exceeding bandwidth so we can upgrade them. There doesn’t seem to be any simple notification system for admins. A workaround would be to create an account notification email for each client on your own hosting email account which is forwarded to them and then to you. Advantage is that you’d see what snarky emails your automated server software is sending out on your behalf to alienate clients. Still that’s lots of extra work when setting up an account and another moving part to break.
But there is a screen available in WHM: Account Information: View Bandwidth Usage.
It’s a lot of trouble to open up to WHM find that and click it. So I created direct browser bookmarks to our two cPanel servers which look like this:
http://91.162.85.74:2086/scripts/showbw
(change the numbers above for your own server’s WHM IP)
This gives you this very helpful chart to see who is in the yellow and red zone. I’ve already adjusted everyone’s plans to get them back into the white so sadly there’s no yellow or red on this chart.
disable suspending accounts bandwidth limit
If anyone knows how to get automated notices sent to server admin as well, please share the wealth.
By Alec
IT |
Wednesday, July 21st, 2010
New version of our plugin should cure the error message which was appearing on some hosts or sites with broken plugins:
"Toolbar set 'Foliovision' doesn’t exist"
We decided to not use that file anymore and moved all the configuration options for FCKEditor into inline JavaScript. That should fix the problem.
If you had this problem, download the latest version of our plugin (0.9.14) here. This new version fixes this problem and also some other bugs in file management.
We will be glad to hear any feedback on our Foliopress WYSIWYG plugin page.
By Martin
WordPress |
Thursday, July 15th, 2010
In new version (1.0.5), we fixed a bunch of bugs which came out when using Wordpress 3.0 some more.
We also added support for videos and splash images stored on HTTPS servers.
Summary:
- compatibility fixes for WP 3.0 and older plugin shortcodes
- compatibility fixes for IE 6
- HTTPS support
- plugin settings moved from file into Wordpress options table (this will provide easier updates and less configuration issues from now on)
Download the latest version of FV Wordpress Flowplayer plugin.
Older versions of the plugin can be found on the Wordpress plugin site.
By Zdenka
WordPress |
Friday, July 9th, 2010
The new release of FV Wordpress Flowplayer comes with lots of new features:
- Autoplay for single videos
- Show/hide the control bar
- Show/hide the full-screen button
- Uploads through WP Media Library
- Redirection option
We tested the plugin also under Wordpress 3.0, and all features were found compatible.
Download the latest version of FV Wordpress Flowplayer plugin.
Older versions of the plugin can be found on the Wordpress plugin site.
By Zdenka
WordPress |
Friday, July 9th, 2010
Foliopress WYSIWYG is our own Wordpress editor with SEO optimized image manager.
We released a new version (0.9.13) which will fix the annoying autosave glitch -
"The changes you made will be lost if you navigate away from this page."
This message was appearing even when there were no changes made to the post, since we added the autosave support in previous version.
Other fixes and features:
- Added language support
- Wordpress caption support (they will be put under the image into h5 tag)
- Image uploader permissions are now configurable
- Autosave glitch fixed
By Martin
WordPress |
Thursday, July 8th, 2010
You do want to be using SSL. Unencrypted connections are far too easily eavesdropped. On the other hand, it’s worth remembering that SSL only gets your login and email encrypted between your computer and your smtp server. Once your email hits the big pipes, it’s unencrypted again, vulnerable to whomever can get access to the transit points. A rogue operative in any ISP or fiber optic supplier could still siphon off huge amounts of data. Even if such a person existed, s/he would be unlikely to be able to regularly get all of your email though. However, random emails, especially if they traverse exotic territories with loose security could be grabbed.
Email is not private. Don’t forget that ever. Email is not private.
Thunderbird, Apple Mail, Outlook Express (and the hideous blue Windows Live Writer replacement) all offer SSL. But be sure not to check “Secure Authentication” if your particular host does not support it. Secure Authentication just has to do with security certificates and does not actually increase your security once you have an appropriately made self-signed certificate. Just be careful about authorising changes to your security certificate.
SSL IMAP will go across port 993. SSL POP will go across port 995. Checking your port assignment is one way to be sure your email connection is encrypted. SMTP SSL will work across port 25 (and probably some others, but I've tested port 25).
SSL will get you most of the way there to reasonable privacy.
While you are at it, make sure that when you access webmail (with cPanel at http://yourdomain.com/webmail, the connection forwards to an https address.
Don’t forget that when you are visiting other login protected websites, unless the connection is https, you are handing over your login and password to the owner of the hotspot (if he cares to log it or take it). If you plan to spend a lot of time on hotspots as a traveller, you need more than SSL email. You need a VPN. Don’t go cheap or unbranded on your VPN supplier (setting up your own VPN is a big enough hassle that most small businesses should be outsourcing their VPN connections), as that organisation will have steady access to all of your communication and can keep really detailed logs. Unlike a single rogue hotspot, you will be using the VPN consistently over time and with a the same login.
These steps should not be considered security overkill, but just the basics.
By Alec
IT |
Wednesday, July 7th, 2010
The most important thing which you must know before starting the move is whether the mail account to be moved is POP or IMAP.
If the account is POP, your task is fairly straightforward.
You want to make sure that you move any unread move (mail from between the time your client last collected email and the time of the move is picked up and put on the new mail server). The best way to do that is to log into the old mail server and the new mail server via IMAP simultaneously. You will see what has been read and what hasn't. Just move the unread messages.
If you move the read messages, when your client logs in again via POP, he or she will have to sort through a 1000 or even 3000 archived messages in the inbox. Not fun.
We recommend using Apple Mail as the IMAP client as it's very easy and quick to set up. Windows Live Mail hides the IMAP accounts and folders and is ugly as sin. Thunderbird is very fiddly and exposes too many options but could do in a pinch or if you don't have a Mac handy.
After the move, there may also be a small lag while your client is only seeing the old server for reasons of DNS cache and won't get his or her new mail. For that reason, it's better to shut down the old mail server immediately after transferring the mail so he/she can't be picking up mail from both places at once.
For that reason I recommend doing the move at night at 3 in the morning, as your client has probably turned off his or her computer so the DNS will be renewed in the morning. If not, you'll have to ask them to flush their DNS cache (it's easy enough via GUI without IPconfig: turn on and off networking in the network control panel in Windows, Macs will flush the DNS automatically by switching network configurations). In the case, that even that is too technical, a restart will do the trick.
For a truly seamless move, it's essential that your host is using a modern convention for the mail login and smtp. All of our good hosts are using mail.domainname.com for POP, IMAP and SMTP. You will probably also be so lucky. If that's not the case, then you definitely have to involve the client in the move so that they will have the new login information.
At Foliovision, we proceed on the principle that our clients don't want to know about the IT unless they absolutely have to. They have work to take care of. It's up to us to sweat the details. And when we say sweat, we mean it. Ideally, they'd never notice that anything ever was changed or went wrong.
In principle, after moving from one host to another you should change all your passwords (the old ones are compromised from the previous host). In practice, I recommend keeping the passwords the same initially so that all of a client's automated logins will keep working. One doesn't want to be troubleshooting passwords and account moves simultaneously. As long as the passwords are the same, the move should be seamless.
Of course in most cases your clients will have to authorise the new server for email. Most will do so as a matter of course. (Get asked enough about security, you stop caring.)
If your client is already using IMAP, your task becomes much more sophisticated. If he or she is just using the standard IMAP mailboxes (Junk, Sent, Trash), your life is pretty simple. In this case, you simply move the contents of each mailbox (including Inbox) to the new account. When your client logs in, the messages will match and he/she will carry on work as before.
If your client has a sophisticated server side nest of mailboxes, you have a lot more work in front of you. First you have to duplicate the mailbox structure by hand and then drag the contents of each mailboxes over by hand. Dragging and dropping whole mailboxes won't work (at least in Apple Mail), as they are made into subfolders of the inbox.
In that case, you can look at zipping up the maildir folders, moving them over and resetting permissions. That leaves you no guarantee that the accounts are working properly. So if it's not a high volume mail move, I recommend a move by hand to be sure everything is working properly before you leave the job.
Here's some gotchas to look out for with a mail moves. Basically, POP ignores IMAP's read and unread flags.
- For IMAP moves, careful not to touch unread mail on the server as the client may never see it (his/her email client will ignore read mail)
- when POP picks up mail, they are marked as read in IMAP (bad).
- if mail is marked as read in IMAP, it still gets downloaded via POP as unread (bad).
STEP BY STEP GUIDES
First check the mail server logs to see which clients log in via POP and which login via IMAP. It's all there in black and white with usernames. You need root access for this or submit a support ticket for shared hosting.
Here's the step by step guide for POP moves:
- set up new mail account on new server
- set up IMAP account for old account in Apple Mail
- set up IMAP account for new account in Apple Mail
- drag only the unread contents to the new account
- archive the old account for a few days (by disabling the mailbox: don't forget to delete all these accounts within a week for privacy reasons)
Here's the step by step guide for IMAP moves:
- set up new mail account on new server
- set up IMAP account for old account in Apple Mail
- set up IMAP account for new account in Apple Mail
- recreate the mailbox structure of the existing IMAP account
- drag all the contents to the new mailboxes one by one
- archive the old account for a few days (by disabling the mailbox: don't forget to delete all these accounts within a week for privacy reasons)
By Alec
IT |
