Best Cheap Web Hosting

Cybercriminals like to subvert legitimate online services like Google Docs and Dropbox to carry out their malicious activities. The free website hosting company Wix is the latest addition to the list of services they've abused.

Researchers from security company Cyren found that scammers were creating phishing sites designed to harvest Office 365 login credentials via Wix, which offers a simple click-and-drag editor for building web pages. As typically happens with free services, the criminals are taking advantage of these tools to carry out their operations.

The phishing site looks like a new browser window open to an Office 365 login page. In fact, it's a screenshot of an Office 365 login page with editable fields overlaid on the image. Users would think the site is legitimate and enter the login credentials, except the information is entered into the fields on the overlay and not the actual Office 365 page.

On the desktop, the overlay is fine, but the fact that fields are separate from the image is much more obvious on the mobile device, Cyren said.

The criminals are also thinking of ways to stay under Wix's radar. For example, there's no text on the page—it's all one image—and the password field is misspelled as "passvvord." The attackers may have made these decisions on the assumption that Wix has an automated scanning process that checks the site content to flag potentially bad sites.

The attackers may have designed the pages to make the user think something had opened a new browser window, said Cyren researcher Avi Turiel. It could also be a mark of laziness, with the attacker taking a screenshot of the original login page and not bothering to edit the image. "Maybe it's a trial to see if it works, so less effort was put into it," Turiel said.

Criminals like to host malware on cloud storage services or build their attack infrastructure with legitimate providers to bypass common security defenses. Users—even those who've been trained to scrutinize links for potential spam or phishing attacks—don't think twice about clicking on links to popular domains and services because they're conditioned to working with those tools. Organizations also can't block outright popular domains and service providers that are widely adopted. In some cases, web security products may not even scan the URLs because the products are considered trusted.

It also helps that these services are free. Attackers get the benefit of a valid domain without having to spend any money.

Cyren didn't know how the users are sent to the Wix pages. A browser redirect or a social engineering campaign could be navigating users to the site. The malicious pages have been reported to Wix, but administrators have to stop thinking of certain sites as trusted. Even the most benign site can be used maliciously.

Source: Phishing scammers exploit Wix web hosting

LOS ANGELES — A growing area of research points to the success of companies that have a long-term view, but in the web hosting industry, companies have typically been focused on what kind of products can make them money now, or in the next quarter. That view has come at a cost, as companies outside of the industry have taken aspects of hosting services, built a better product, and raised millions.

In a panel at HostingCon Global on Tuesday morning, Dave Koston, CTO of Help.com pointed to some of the companies that have raised capital on services that hosting providers have been offering for years (think email and communications). But these companies weren't founded by people in the hosting industry. Take Slack. Or Heroku. Or AppDynamics. SendGrid. Mailchimp. The list goes on and on.

Hosting providers have traditionally spent very little on research and development to create new product lines, instead investing most of their capital in things like hardware, Jordan Jacobs, VP of product at Chicago-based SingleHop said. "It's hard," he acknowledged, "and it takes a lot of risk."

But it's a risk that is paying off for SingleHop as it invests in acquisitions to gain new capabilities and has just finished off a fourth round of developer hires – and the product hasn't even launched yet.

Hosting companies need to start looking down the pipeline at solutions that may not even exist yet; "it's a transition we forced ourselves to make," Jacobs said. The company just launched managed AWS services, and is investing in artificial intelligence (AI).

See also: SingleHop Launches Managed AWS Services

"You don't have to deliver a crazy, out of the box solution," Koston said. To make things simpler on yourself, figure out what problems your customers are having and create something to help them solve them.

Having this discussion with customers is something that Jacobs has become very familiar with. He's talked to 80 different customers to understand their challenges in the process of developing its artificial intelligence solution.

These conversations have been critical at security services provider StackPath, too, according to Nick Nelson, chief strategy officer. He says StackPath CEO Lance Crosby is constantly talking to customers to find out how he can address their challenges, including what can be built onto existing products as well.

"If you can fix the customers problems, the money will follow," Nelson said.

See also: Security as a Service Startup StackPath Launches CDN Service

Simply asking a customer, "What's the worst part of your day, and how can we solve that problem?" can result in new ideas or innovations, Jacobs said.

Source: Hosting Providers Must Look to R&D for Growth, Experts Say

Email is one of the most powerful tools out there for promoting your business. There are numerous email marketing tools from which to choose, so you will want to spend some time comparing features and prices (and reading our reviews) before you commit. Luckily, some (such as Campaigner, which begins at $19.95 per month) offer free trials. You can sign up for 30 days at no cost, though you'll still need to enter a credit card, which is a bit annoying. GetResponse does not require a credit card. However, Campaigner's 30-day trial offers full access to its features for up to 1,000 contacts, so that's what was used to test the service for this review. Campaigner is PCMag's Editors' Choice for advanced email marketing services. If you have more basic needs, then check out MailChimp, our Editors' Choice for basic email marketing tools.

Editors' Note: J2 Global, the company that owns Campaigner, also owns Ziff Davis and PCMag.com.

I calculated how much it would cost a small business with 2,500 contacts in its marketing database to get started with Campaigner. The price tag would be $29.95 per month, which is a little higher than GetResponse's $25 per month offering. Like iContact, Campaigner lets you send an unlimited number of messages per month.

Campaigner also boasts a handful of cool features including customer relationship management (CRM) and Salesforce.com contact uploads, auto-responders, email workflows, 24/7 live chat with support, and reporting capabilities (which include which email platform your contacts are using). You can also create email auto-responders that will send emails to your contacts based on their behavior (such as clicking a link in a newsletter) or for special promotions and events.

Take that a step further with email workflows, which let you communicate with your subscribers based on specified triggers. These can include a form submission or profile change, or can be employed to target highly engaged customers, draw inactive users, or reach out to those who have recently made or are ready to make a purchase. Other features include the ability to embed real-time display ads in newsletters, target your subscribers based on their locality, or find out where your subscribers live based on geolocation.

Pricing and Features

Campaigner offers plans designed to appeal to subscriber bases of all sizes. As mentioned, the cheapest plan is $19.95 per month, and that lets you contact up to 1,000 subscribers. Campaigner's own marketing materials highlight the company's options you can cancel at any time; there are no discounted annual plans but you're also not locked into a contract, which is handy.

Registration is straightforward. Once you verify your email address, you set a password and then provide the usual personal information and a credit card number. You can also invite additional users to your account if multiple people will be creating campaigns. The dashboard is attractive with bright action buttons, and I found it more appealing and easier to use than GetResponse's user interface (UI).

Creating a Subscriber List

There are a few ways to add contacts to Campaigner. You can copy and paste information into the service's UI, upload a file (CSV, VCF, XLS, XLSX), or import Gmail or Yahoo contacts. After your contacts have been loaded into the system, you receive a message in your Campaigner inbox. Unlike GetResponse, Campaigner accepted all of my disposable Mailinator addresses, which was helpful for my test but not so great for subscribers who wouldn't email such addresses. I also imported some contacts from my Gmail account which, of course, required giving

Campaigner automatically creates user segments based on when they were added to your account or when their profile was last updated. You can create additional segments based on email actions, form submissions, and any custom fields you have created.

You can also create auto-responders, which lets you send emails based on similar events. There are templates available (including the "win-back" template) that are designed to draw in inactive contacts that haven't opened an email or clicked in a while—in order to win them back.

Setting Up a Campaign

You have two tools at your disposal when it comes time to create a Campaigner newsletter: Smart Email Builder, which offers lots of templates and layouts to get you started, and Full Email Editor, which accepts HTML code. I went with the

Newsletters default to showing your full contact information in the footer, but you can change that. You can also create auto-reply messages and conduct A/B tests, changing not just the design of the newsletter but also the From address and subject line.

Once you're satisfied with your newsletter, you can send it right away or schedule it for later. I tried the scheduling option and it worked just fine. You can also choose to send it on a recurring schedule: daily, weekly, monthly, or annually. Unfortunately, I couldn't find an option to send campaigns at a specific local time based on a recipient's location, like you can do with GetResponse.

Tracking Campaigns

Once you have sent a newsletter, you can track its success by using the Reports tab. For each campaign, you can see the open and click rate as well as the number of replies and unsubscribes. A pie chart shows the ratio of desktop users to mobile users. You can also integrate Campaigner with Google Analytics for enhanced tracking.

The report has a handy Refresh button so you can see real-time results. When I opened emails and clicked the links, they were registered in my Campaigner report almost immediately. You can also export these reports; once the export is complete, you can find the file in your message center.

Customer Support

Campaigner is very easy to use but, if you do need help, it's available in many forms. If you're working on a specific task and click the Help button, you're automatically directed to the relevant Help section. Campaigner also has a Status page that alerts you to outages and other issues. So, if you're ever having trouble sending a campaign, that's the place to go. Phone and email support are available 24/7, which is optimal.

In addition, Campaigner sends out emails when you sign up with links to webinars that help you get started. I even received a phone call offering help. Most questions you might have can be found in Campaigner's thorough documentation, which includes an in-depth overview of CAN-SPAM regulation.

A Fine Email Marketing Tool

Campaigner offers a lot of helpful features, and its UI makes it easy to access basic and advanced features. Phone support is available 24/7, unlike GetResponse, which only offers it from 9AM to 5PM on weekdays. The free trial includes a full range of features, but it requires a credit card to sign up; GetResponse does not require one for its trial.

However, I would absolutely recommend giving Campaigner as it will likely meet most people's needs. Campaigner's rich features help stands out in a crowded market, making it PCMag's Editors' Choice for advanced email marketing tools.

Source: Campaigner Web Hosting

Before you start looking for a web host for your business website, there are many factors to consider. So what do you need to know before you start looking for a host?

Here are a few of the most important considerations that you should keep in mind before you start your search.

How Much Uptime Do You Need?

One of the biggest concerns for your business will be ensuring that your website is online as much as possible. Ideally, you want the amount of uptime, which is the time your site is available online, to be as close to 100 percent as possible.

This is especially true if you have an e-commerce site. You want your customers to be able to buy your products 24/7, as if your website is down, this means you will lose business.

In this case, you might want to search for a web host that guarantees a very high amount of uptime. However, if you don't actually sell items from your business, a lower amount of uptime may not be a big problem. You may, therefore, want to search for a host that offers a cheaper price rather than a higher uptime.

Do You Want Excellent Customer Support?

You can do a lot of the jobs involved in managing your website on your own. If you have cPanel, which is the most popular control panel, you can often carry out tasks yourself.

However, problems will almost inevitably arise, and you will want your host to have good customer service so you can get problems resolved fast.

If you want the best customer service, you will want to choose a host that provides 24/7 telephone support. Email support is not as good because you might have to wait hours before getting a response. But with telephone support, you can get your problems resolved in the moment.

What Type of Hosting Is Right for Your Business?

You will also want to consider which type of web hosting is the best option for your business before you start your search for a suitable host. There are four main types of hosting that you might want to consider. These are shared hosting, dedicated hosting, cloud hosting, and VPS hosting.

The cheapest is usually shared hosting. This is where you share the server with other customers, and it is slower and less secure.

Dedicated hosting means you get your own server. This is more expensive but faster, more secure, and ideal for larger businesses.

Cloud hosting is where multiple servers are used, so if one server goes down, you will remain online.

VPS hosting is where customers share a server, but they are each allocated resources. It's affordable, scalable, and fast.

Do You Want Hosting as Part of Another Service?

You might want to arrange your web hosting as part of a larger suite of products rather than using a company that only offers hosting. For example, if you visit TierPoint.com/managed-services/ you will see that it offers various IT services for businesses including applications, email, security, and more.

How Much Can You Afford to Spend?

The price is often a big concern for businesses considering web hosting. It's good to have an idea of your budget, but it's also important to be realistic.

Don't start your search for a host by looking for the cheapest solution, and always look at what the hosting includes and whether it is suitable for your business first.

The cheapest host can cause more problems than it is worth for your business including a slow website, not enough uptime, bad support, etc. So, by all means, set a budget, but don't just look for the cheapest solution.

Find Some Trusted Reviews

Finally, before you start speaking to web hosts, you will want to carry out some research on them. Web hosts may make all kinds of claims on their websites, but it's always a good idea to find reviews written by customers who will provide more details about potential problems you can expect to encounter.

If a host has lots of great reviews, this is a good sign that you can trust them. So you might want to make them your first choice when you start contacting hosts.

Know What You Want from Your Host

There are lots of web hosts out there, but know what you are looking for before you start your search. These are a few of the most important factors to keep in mind, so consider all of these before you start your search.

Once you have a better idea of exactly what you want, this will make it easier to find a web host that will provide you with the high quality of service you expect and need for your business website.

Source: Web Hosting: Know What You Want to Find Your Best Small Business Solution

My consulting clients often ask whether it is worth porting their web application to Amazon Web Services. They are expecting better performance and reliability because AWS sounds more professional, but they've also heard stories of horrifying AWS bills, even though they're not sure why.

The short answer is that by architecting your web platform the right way, you will be able to first deploy on a cheaper hosting option, while ensuring a smooth migration to AWS down the road, zero refactoring guaranteed.

The long answer is the below, an extensive checklist that will guarantee your web platform to be portable, and making the most of AWS.

1. Configuration as environment variables

The first thing I would check in an audit is whether the app configuration is retrieved from the environment variables. The environment is wherever your app could be running. It could be your developers local machines, your testing servers, your staging servers or your production servers.

An application configuration is anything that might change between environments.

Resource handles to backing services (URIs to database, cache engine, search engine etc)

Any credentials to external services (passwords, SSH keys, SSL certificates)

Retrieve your configuration from predefined files…

… and the config files should be initialized from environment variables.

In PHP Laravel, this is achieved by creating files into the config folder, and initialising the config files with environment variables, using the helper env().

And initialise your config files from the environment

The environment-specific configuration should not be in the source code, but rather stored in the environment.On your test, staging and production servers, the environment is set by your deployment scripts.

On the developers local machines, and for the Laravel framework, it is stored as a .env file at the root of the project, that should never be committed to the source code repository (add it to your .gitignore file).

Configuration for your test pipelines can be stored in the .env.testing file.

Smell test

Any code that tests the environment is a red flag (ifs production then … / if staging then). When local and production and staging are using different drivers (for example dev machines are storing files locally, whereas production server use a file storage service), then an abstraction layer should be used, but it should not be mixed in the code with your application business logic.Laravel offers services facades for Storage, Cache, Queue, etc ; their role is to make abstraction of how file storage, cache, background jobs queuing, etc are achieved so the logic is independent to the environment, and so your code should be.

Doing so, the same code will use a local Redis server to store the web sessions, and a managed service ElastiCache on AWS.There will be no last minute switch when deploying your code to production, and no last minute mistake.

2. Stateless code

A stateless app is an application program that does not record data generated in one session — such as information about user settings and events that occurred — for use in the next session with that user.

Of course your application won't be stateless! If you build a web platform, you will usually want your users to generate as much data as possible on your service.But its processes should be stateless, in the sense that redeploying or crashing or load balancing a user to different servers should not affect the userThis is achieved by centralising storage only in backend services, not on the application servers. By storing your sessions in a managed Redis service (like AWS ElastiCache), your user files on a file storage service (like AWS S3) and running your database on a managed AWS RDS instance, you ensure that redeploying on one application server will not interrupt your users sessions.

It also means that you can load balance your traffic on multiple application servers, and your users will always find their files. They will find them even after a deployment failed and loosing a server.

Smell-test: code using local files, local memory

A PHP application storing files on the local server it's running on is another red flag. If you were to loose that server on the next redeployment, you'd loose user data. Such an application will not be ready for scaling and will need refactoring too.

JWT

For user sessions and API OAuth tokens, you could even handle user session data without a centralised key-value store or using the database. By using Json Web Tokens instead of random OAuth tokens, an application would rely on the client (browser) to store and send back across all this information. The data is encrypted server-side to avoid tampering, and could be stored in a cookie. In that case, the servers are storing nothing (or just the black-list for revocation), and the application processes do not have to share anything or call a backend service.

3. Allow concurrency

Now that your app is stateless, an immediate benefit is that you could run multiple versions of it, on different servers. This is known as horizontal scaling, as opposite to vertical scaling which would mean keeping running your application on one single server, and to upgrade it to a more powerful one when needed.

Not all software can be horizontally scaled (for example it is a complex problem for databases or search engines), but PHP apps can be immediately horizontally scaled just by following the 6 points in this guide.

Once your application is stateless, the next step is to separate the front-end code to the background tasks. On the first hand, web processes are processes responding immediately to your users' browsers requests.

You might also have background jobs (like sending reports, generating invoices, crunching data, send email/push notifications). They should be executed outside of your web processes, even if they are written in PHP as well.

These jobs are to be executed by worker processes, so to not block web requests.

In the Laravel framework, use the Queue facade and a message queue server like Redis, to dispatch these blocking tasks to a separate pool of servers. When you migrate to AWS, you can use the managed message queue service SQS.

Warning: if you're using AWS SQS to schedule critical tasks, you need to be aware of the duplicate message edge case as described by Buffer.com in this post.

4. Logs as streams, not files

Just like user generated files should not be stored locally on your app server, logs should not be stored locally either. They should be centralised as well, and streamed to a backend service, where you'll find all logs from all your application servers in one place (even from the servers you lost or took down).

Laravel's Log facade only stores logs in files by default, so you would need a custom configuration to stream them to PHP's standard error output instead. If you're running your PHP application inside Docker, you can then make use of the AWS CloudWatch driver and stream your logs to one centralised place.

Smell test

Any log written into a local file on a production server.

5. Horizontal scaling, without refactoring

If you've followed the above points, congratulations! Your web application is ready for scaling, no refactoring required.

By separating the configuration from the code, the application becomes portable from a cheaper hosting provider to AWS.Dispatching the blocking tasks to background workers processes allows us to offload the front-end and scale it independently to the workers processes.By running our application as stateless processes, we can load-balance our users traffic to different servers, and store the data in backend-services.

These are the pre-requisites to horizontal scaling. It is already cost-efficient since you can scale with smaller less expensive servers.

The next step is to host your backend services in a cost-efficient way too.

6. Leverage AWS Managed Services

We've been only talking about the application servers (where your HTTP servers respond to web requests by executing your PHP code) so far, so what about the backend services, the database, the search engine and so on?

That's where you can make the most of AWS. All these backend services exist as managed services on AWS, ie a pay-as-you-go billing and no server for you to maintain.You want to use these services as much as possible, for the database (AWS RDS, DocumentDB), file storage (S3), session storage (ElastiCache), logs aggregation (CloudWatch), cache engine, search engine (AWS Managed ElasticSearch) and load-balancing.

Conclusion

So what's with the cost-efficiency?Managed services cost much less in practice than running your own servers. There are more secure and scale in a few clicks. Storing your user files on AWS S3 costs about $0.02 per GB per month after 15GB transfer per month, and is free before that.Hosting your search engine on AWS ElasticSearch managed service is free for the smaller instance.And so on and so forth.

More importantly they will take much less time to setup, virtually zero time for maintenance and get you to sleep better at night.

Source: 6 must-do before hosting your Laravel web platform on AWS