11 Nov 2019

Breach at Web.com: Why you might care and not even know it.

yellow warning tape that reads "crime scene do not cross"Just under two weeks ago, the folks at Web.com group announced they had an incident and that their systems had been compromised.  Reading through their release, they make the following assertions:

  • No credit card data was compromised as a result of this incident.
  • Contact details such as “name, address, phone numbers, email addresses and information about the services offered to a given account holder”

Now, while it appears they believe that customer passwords were not disclosed, they are having everyone reset their passwords as a precaution, just in case.

We’ve had a few clients reach out asking about this breach in particular, as they’ve received an email but are confused as they don’t remember having done business with ‘web.com’ in the past.

Web.com also owns the following other companies you may have had a relationship with in the past:

  • Register.com
  • Network Solutions

So, given the popularity of Network Solutions and Register.com as domain registration providers in the past, odds are you’ve received the email regarding an account under one of those two names instead of ‘web.com’.   Unfortunately, in a couple of conversations, we’ve discovered clients who had an old, no longer maintained email address connected to a domain registration with Network Solutions, and so they never received an email regarding the situation at all.

Our suggestion is that if you have an account with any Web.com group entity, including Network Solutions and Register.com, and have not already done so, to change any passwords you have there at once. 

And if you are still practicing poor password hygiene by using the same password for multiple services/accounts, we’d recommend changing your password at any site that used the same one as well.  If the actor who snagged the data from web.com does manage to decode passwords, someone will certainly begin trying to utilize those email/password combinations at other popular sites.

17 Aug 2019

More details on the cPanel price increase

So, the great cPanel Price Increase of 2019people counting coins on a table is scheduled to go into effect in just over two weeks, and, not so shockingly, details are still a bit slow in coming.  Officially the word we’ve seen from our license distributor is “The pricing you saw previously is valid, that’s what we’ll be charging as of September 1.  As for any sort of volume discount or any details beyond what was in the original announcement, we’re still waiting for that information ourselves.

Short version for us is, that as of right now, cPanel licensing goes from approximately 6% of our cost per server, to about 18% of each server.   This does not include CloudLinux, Fantastico, or any other software we license for our server fleet, just cPanel itself.   cPanel by itself will, after September 1, cost us more per server each month by itself than what we pay for all the software we license for a given server today.

The good news for our clients is, we’ll be absorbing that cost directly.  We have no web hosting plan pricing changes scheduled or planned as a result of the cPanel cost increase.

Long term, we’re honestly still a bit worried about what this pricing model change is going to mean for cPanel in relation to the industry as a whole.  cPanel has long maintained a market dominate position simply by virtue of being the “best of the cost effective control panels”…  Starting September 1, they’re kind of moving themselves out of the “cost effective” category for a number of business models, and based on the rumblings we’re hearing inside the industry, we suspect you may see a spike in popularity and/or new Control Panel options entering the market.

For our part, we’re going to keep an eye on the situation as it evolves and see how it all shakes out.  But in the meantime we’re maintaining course for our clients.

29 Jun 2019

cPanel Increases Pricing, Potential Chaos Ensues

Yesterday the folks @ cPanel lobbed something of a grenade into the middle of the web hosting industry with a blog post entitled Announcing Account Based Pricing.

Long story short, they are increasing the cost of cPanel for pretty much every situation under the sun effective September 1st. The old pricing model was a flat monthly fee per licensed hosting server, while the new pricing is directly tied to the number of web hosting accounts on the server.

Now, this announcement has sparked a number of reactions, including anger, confusion, and fear from around our industry. We’ve seen reports of providers who believe they will see massive increases in their cPanel costs going forward, with some expressing concern of just how they are going to make the numbers work. These conversations have lead to discussions of providers moving to other platforms, cutting ancillary features out of their offerings to lower costs, or simply closing up shop as they will no longer be able to financially stay above water given the new pricing model.

Some of those reactions and discussions have filtered out from the industry watering holes and into the webmaster forums and chat rooms, to the point we have had more than a couple clients reach out in the last 24 hours asking for information on the topic from our perspective.

With that in mind, even though we don’t yet have 100% of the picture (the pricing being bandied around so far is ‘retail’, we’re not yet sure exactly where our final pricing will land), I wanted to take a moment to discuss both the big picture, as well as what it means for us here at Pure Energy.

In the big picture, things could get dicey for some of the lower cost hosting providers over the next couple months. The lower end market is run on razor thin margins, and, well, I’ll be blunt, it’s hard to stay afloat selling $5/year hosting if your control panel alone is costing you $4/year per account.

For our own environment and business model, we’ll see around a 3x increase in our monthly cPanel license costs, at the retail pricing we’ve seen so far. While not ideal for us, especially coming so closely on the heels of the cost increase we absorbed just a few months ago with the addition of CloudLinux to our servers, at this time I believe we can make the numbers work for our existing Shared Linux Web Hosting plans without a price increase, and without any other substantial changes to our service, plans, or features.

We won’t have 100% of the picture until we get firm pricing from our provider, but to be honest, the bigger concern for us is the uncertainty this injects into the idea of cPanel as a stable platform for our future:

  • Our biggest, as of yet unannounced, project for 2019 was a ‘scratch our own itch’ service that we were hoping to integrate into cPanel pretty tightly and offer to our users as a value added feature of hosting with us, as well as to market the service to other hosting providers as a way to scratch their itch as well. This is on hold (the integration, not the service!) while we see how the cPanel landscape shakes out.
  • A smaller project we had been looking at involved clients who find themselves needing much larger resource allocations than any of our current plans offer. The idea here was larger servers, larger plans, fewer clients per server. We have to re-run the numbers there to see if cPanel still makes sense once we have the finalized pricing.
  • cPanel’s immense popularity has long made it the de-facto ‘go to’ for any provider/service/platform that had a product of interest to the hosting industry. The fallout from this price increase, if it serves to fracture the landscape of providers, could very well jeopardize the dominance that cPanel currently enjoys in the market. If that happens, what happens to the 3rd party interest/support for cPanel?

Some of these are obviously questions that wont be answered for some time, for right now however, things, for us, are status quo. We’ll keep doing the best we can for our clients, keep our eyes on the industry landscape, and keep moving forward.

26 Jan 2019

IPv6: Ready, but not yet Prime-Time

IPv6 is one of those weird tech initiatives, in that it’s something everyone seems to agree needs to happen, but actually getting there is just taking way longer than everyone seemed to think it would. We’ve been running IPv6 on many of our own platforms and services for a while now, but coverage has not been 100%, nor had we fully deployed it to customer hosting servers and websites, until now.  Today we’re happy to announce that all customer sites and services are now fully available via IPv6.  Now,  odds are, either you’re reading this and going “Nice”, or you’re going “What the heck is IPv6?”, so lets take a quick moment to cover some likely questions you may have…

What is IPv6 and why do we need it?

Every device that’s directly connected to the Internet needs a unique address that identifies that specific machine.  The internet as we’ve had it all these years runs on a protocol called IP, more specifically, IPv4.  IPv4 gives us unique 32bit addresses that look like this:   139.197.254.128.   Then we use DNS to tell the world “www.purenrg.com = 139.197.254.128”, when you enter or click on our website URL, your computer looks up the DNS name, and gets back that unique address, and that’s how it knows where to connect to pull up our site.

IPv4 addresses can range from “0.0.0.0” to “255.255.255.255”, giving a little under 4.3 billion possible unique addresses ( I hear the deep tech folks groaning already, but bear with me).. due to the way IP address are carved up into into subnets, and the way a number of ranges were reserved for other uses way back in the early days of the Internet, we don’t actually have that many to go around.   Over half a billion where marked ‘reserved’ right off the bat for things like “inside” network space, multicast, etc, so the true number of usable IPv4 addresses is quite a bit smaller than 4.3 billion.

Now, keep in mind, while the Internet as we now enjoy it didn’t exist quite yet, IPv4 was designed in the early 1980s, so at that time, I’m sure the idea of “more than 4 billion devices all sharing the same global network” seemed like “Yeah, that’s not going to be a problem, ever!”   But of course, over the years, we’ve, well, we’ve used them up.  It’s been an ongoing issue for quite some time, but there have been workarounds that have kept things going without major issue:

  • NAT/Proxies/Firewalls.   Odds are you probably have more than one internet connected device in your house.  PCs, laptops, tablets, gaming systems, cameras, etc.  They all have an IP address, but likely not a “public” IP address.  It’s fairly common practice for your ISP to provide some sort of gateway/router device that actually obtains one public IP address, and then handles NAT for all of the devices inside your home.
  • Some of the previously “reserved” space has been “unreserved” and allocated out to the regional registries.
  • Some larger companies that hard large swaths of IP space allocated to them have returned some, or in other cases no longer function as entities and returned huge swaths to be redistributed.  (HP, or companies they merged with/acquired over the years at one point had 64 million IPs that they turned back to the registries)

I don’t want to veer too far into the discussion of IPv4 Exhaustion, but the wiki page linked there gives a great overview of how we got here.  But the basic gist is, while IPv4 got us to where we are today, something different is going to have to take over at some point.

Where did this whole IPv6 thing come from?

Thankfully, in the early 1990s (even then, the Internet was still not “the thing” it is today), someone had the foresight to think that 4.3billion might one day not be enough addresses, so a bunch of folks got together and started brainstorming.   While early versions of IPv6 support made it into things like the Linux kernel in mid 90s, we actually didn’t have a “Draft Standard” for IPv6 until late in 1998, and it didn’t become a true “Internet Standard” until July 2017.  These things, clearly, take time.

So what does IPv6 bring us?  Well, an IPv6 address looks like this:

2604:a880:0:1010:0:0:76:7001   (Again, our main website)

It’s a mouth-full, no doubt, and it’s going to make all of us even more dependent on DNS than we are today.  But, it’s a 128bit address.  That means instead of the 4.3billion possibilities, we now have…  well, billions and billions of possible addresses.  (340 billion billion billion billion addresses, give or take).  So yeah, it should solve our IP address shortage.

Why is it taking so long?

It’s taken quite a while just to get the standard nailed down.  And it’s taken even longer to figure out exactly how to implement it in every scenario.  Then you have the classic adoption problem, nobody wants to be the first ISP to offer “IPv6 only” access, if there’s shortage of content available on IPv6, so ISPs continue to scrounge around and find more IPv4 addresses they can utilize, and (as far as I’m aware), nobody has (yet) been forced into “IPv6 Only” land.

And until there are customers on the IPv6 network, there’s no push on the content providers into offering content on IPv6….  Chicken, meet egg.

Dual Stack implementations solve for this, in that with a Dual Stack configuration, you give your machine both an IPv4, and an IPv6 address, and you can be connected to and connect to others via either one.

So for instance, all of our servers now have an address in both IPv4 and IPv6.  We tell things like our web server to listen on both, and now we’re accessible on both addresses.  Then we publish both via DNS (While IPv4 addresses are stored in ‘A’ records, DNS has a separate ‘AAAA’ record for IPv6 addresses.)

So now, the content is there, even if the visitors are not, just yet, there in large numbers.

So what does IPv6 mean for me?

All the “under the hood” work to make this work for your sites hosted with us is already done.  All of our servers now run in Dual Stack mode, and we’ve ensured web, mail, and other services on every box are listening on both the IPv4 and IPv6 addresses.

So in general, not a whole lot really changes for you just yet, but it’s something you’ll want to be aware of, especially if you write your own code for your website.  You’re going to start seeing those “new, longer addresses” show up in things like your website logs, and at first, it’s going to be a bit confusing and unsettling. 😉

Here’s the part that will blow your mind (it blew mine), there’s a chance, however small, that you may be using IPv6 to read this right now and not even know it.  Many of the ISPs that have started implementing IPv6 are doing so with Dual Stack implementations, quietly, in the background.  A couple days after implementing IPv6 on our own website, we noticed the IPv6 addresses appearing in our client portal logs.  Clients were connecting to the site via IPv6, and they probably didn’t even know it.  That’s, quite honestly,  rather astonishing for something as fundamental to the Internet as IP, that the entire thing can be shifted around under the hood, and a visitor doesn’t even need to notice it.

While most ISPs are being fairly quiet about their embrace of IPv6, there are some larger, established ISPs starting to really make inroads with IPv6, and the number of folks who have IPv6 available to them continues to climb.  It’s not ready to take over the world yet, obviously.  Or own internal observations from our servers show about 3-5% of our traffic comes in over IPv6, and I believe that number is slightly skewed higher by our own servers preferring to talk with one another on IPv6.

But the data consumers are starting to arrive via IPv6, and now with this rollout, we’re ready for them.

If you are interested in finding out the state of your own internet connection, and if it is IPv6 enabled, feel free to visit the IPv6 Test website.

08 Apr 2018

Changing our Domain Registration Partner

Many moons ago (circa 2000), when we first started offering web hosting services to friends and family, some of those friends and family inquired “Can I get a domain from you as well?“, and we were ashamed to have to say, “No, you can’t, sorry.

There were a number of reasons for it at the time.   The financial implications of becoming a fully ICANN accredited domain registrar were problematic for our size and our goals at the time.  The pricing margins on domains being what they were at the time, we estimated we’d need to sell roughly 10,000 domains a year at the going rate just to make it a viable proposition.  That would be a dream for another day.

So our friends and family, we would point towards one of the big domain registration providers, and that was that.

But when discussions about offering our shared linux webhosting platform with the world at large started, the question came up again.  Was there some way we could offer domain registrations to our clients in a way that was cost effective for both client and ourselves?

We needed something that was easy to implement, decently priced, and wouldn’t require a huge capital outlay up-front from us, just to be prudent in case this whole thing didn’t work out.

Enter Dotster, and their “Instant Reseller” program.   It was really more of a souped-up affiliate program.   We would place their links on our site, and refer clients there.  The links in turn would serve up Pure Energy branded websites where clients could register any type of domain Dotster offered, at a price slightly below regular Dotster pricing.   Dotster would handle the registration, the backend, and any billing and associated fees.  We would be the front line of support inquiries, have the ability to “see and adjust” domains our clients had registered, and we would accept a small token of a referral fee from each registration from Dotster.

It worked pretty well for a while.  The financial impact for us never amounted to much in the larger scheme of things (again, thin margins on domains), but some clients liked having one point of contact for both their hosting and their domains, so we just considered the whole offering to be for our clients sake, not profit.

But over the years we started to run into issues…  I don’t want to get into all the various issues from over the 12 years, but it mainly boils down to this, over the years, the ability of what we could do for clients without having to involve Dotster support dwindled more and more.  On top of that, the Instant Reseller plan would frequently be broken during some backend change on their end, and, well, to be honest, the impression from the outside looking in is that they really just didn’t want to be bothered with the program any more.

In fact, looking now, I can’t find any tell or mention of the Dotster Instant Reseller program on their site at all.  I assume at some point they just discontinued it entirely, or maybe just just stopped promoting it entirely.  I don’t recall ever seeing even an email letting us know, but hey, what can you do?

Well, it turns out that over the last 12 years, the domain industry has opened up a bit, there’s numerous registrars who are happy to partner up with a hosting firm to provide for their domain registration needs.  So we’re moving on.

If you are reading this, then our new website has launched, and with it, our new Domain Registration platform as well.  Our new domain offering will feature a number of benefits over the old platform:

  • Better integration with our (new) client portal.  You’ll be able to manage both your hosting and your domains from one centralized portal.
  • Wider range of Domain TLDs.   Of course we’ll have the standard .com/.net/.org available at launch, but in addition to those, our new registration partner has over 250 TLDs we can offer.   Some of them are a little.. niche. (Anyone up for <yoursite>.fishing?) but over time we intend to offer up as many of them as possible for registration.
  • Better pricing.   The business dynamics of our relationship are little different this time around, and our costs are more dynamic (per TLD), but our initial analysis shows that we should be able to offer all but one TLD at a price lower than we could offer before.  At this time it appears that .net will stay $14.95/year however.

 

So anyway, I guess the point of the story is this, going forward our domain registration service is going to be a little more full featured, a little better priced, and hopefully, much easier for us to support our clients with.

Now, if you are an existing client who already has a domain that you registered with us via the Dotster program (pre-2018), you can still reach out to us with questions, and we’ll do our best to help, but there’s not very much we can do from our side these days.  We can’t even access an updated list of folks who registered domains with Dotster through us on their portal any longer. :/   The good news is that your domain username/password will allow you to log in directly at Dotster’s own website at-least, so you can make changes to the domain there directly.

One thing we hope to work out very shortly, is offering a discount code for existing “via Dotster” folks, to give them a great deal on transferring their existing domain off Dotster and into our new platform.  Obviously you can always stick with Dotster, or transfer your domain anywhere else for that matter, but for those clients who wish to transfer from Dotster to the new platform, we want to do something a little special to say both Thanks (for continuing to trust us with your business) and We’re Sorry (for the past issues), even if that means we take a loss on the transfers themselves.

 

26 Jun 2009

Hosting Affiliate Program goes Live

Today I'm happy to unveil our new Affiliate Program, an easy way for clients and webmasters to earn commissions by referring others to our service. Word of mouth has always been a crucial method of marketing for us, and this finally sets up a framework for us to begin rewarding those folks who've been so crucial to helping spread the word. 🙂

Full details and the signup form can be found on our Web Hosting Affiliate Program page.

I also wanted to take a moment and thank the handful of people who've been helping us test this over the last couple months while it's been in development, there were the occasional glitch they helped us iron out, but most importantly, the feedback we received from our testers regarding the tracking and reporting system were incredibly valuable.

(c) 2019 Pure Energy Systems LLC - All rights reserved.

back to top