FTP vs SSH/SFTP - an issue or not?
Submitted by barrrt on Fri, 11/17/2006 - 21:24.
I am getting ready to publish my first affiliate site and I have been looking for a reputable web host. I’ve been using futurequest for a number of years for my personal web sites, but their transfer limit at a given price level is very small comparing to other hosts. On the flip side they do allow a lot of flexibility – mod_rewrite, cron, workaround for php safe_mode, and most importantly SSH and SFTP. And it is that last item that I cannot find at any of the hosts I have heard good things about (including Hostgator and Yahoo, which Jeremy mentions in the book).
So my question is this - does everyone just use plain old ftp to transfer files and manage their web sites? Considering that the passwords are sent in plain text, does anyone worry the transmission can be intercepted and web site taken over? Since web sites are affiliate’s livelihood, shouldn’t one treat connecting to them in the same manner as connecting to a bank or a broker’s web site?
Or am I just being too paranoid?
Bart
:-)
Hi Bart,
I have Hostgator and I have been hacked before. I do use FTP, but I'm not sure how the idiot got into my sites. I think he found a security hole in some PHP tracking software I was using.
Anyway, all I had to do was get HostGator to reset the password for me and I uploaded my sites from my local hard drive and I was done. It was inconvenient, but it didn't hurt me that bad.
It also pays to have a site monitoring service that checks to see if your site is up. I use a free one called siteuptime.com. It alerted me to the hacker problem.
As for finding the hostgator website it should be hostgator.com. You can always sign up as a hostgator affiliate at CJ and make a test purchase. :D
Jason
I don't think this is a major issue since it is not that easy to set up packet sniffers etc, and the chance that someone will get your FTP password that way is quite low (never seen it myself). As Jason said, there is IMO a much higher chance of someone using an existing exploit for some server-side software (I have seen that happen a number of times). Although I use ssh and scp for my dedicated server which has the content sites, I have also used a bunch of other webhosts which just have plain FTP. Never had any problems.
Thanks for your comments. I won't worry about it much, but will monitor my sites nevertheless.
Jason, is it really OK to purchase hosting through own affiliate link? Especially since the commission might be more than (or close to, depending on plan) the cost of the package for one year? Wow! :-)
Bart
I use ServePath.com. I pay $200/month for a dedicated server and the biggest benefit is they have very good bandwidth speeds. If you plan on running multiple sites, definately go dedicated.
Hi Bart,
This subject can really ignite some anger from affiliates that try to promote to other affiliates. Some think you should never buy from yourself, but you have to think of how you learned about the product in question.
I would say that if you find out about a product by an affiliate that has an affiliate link available, I would say the ethical thing to do would be to get it through him. Especially if you would have never found out about it any other way.
Otherwise, I see no problem in making test purchases. I consider anything with an affiliate program fair game for building a review site after making a test purchase. I shop at CJ all the time. I figure if I need something so does someone else and if I make a test purchase and like it, then others will too.
If you read about Hostgator in Jeremy's book go back and find the link in the book and hold your cursor over the link. That will tell you if it is an affiliate link. You will be able to recognize the affiliate url. If you see one click on it and buy it there. If it is a regular url or no url at all then go to CJ and make that test purchase and make a review site. There is big money in hosting, but it's an extremely tough market. Even if you just use SEO and only get a few clicks you still stand a chance of someone stumbling across your site and signing up. And with unlimited url's...
Jason
www.1and1.com ?
i don't use it but read from several review this webhost is good.
My server is at 1&1, it's been almost a year now. It's a LAMP rootserver running Plesk and various CMS. In general I can't complain since it's just 69€/mo for unlimited bandwidth and good stats. However I am not entirely happy with their (German) customer support. The people are not very knowledgeable, and I have repeatedly had the impression that they try to get rid of you instead of solving your problem. One customer support guy was even outright rude, stating stuff along the lines of "perhaps you don't understand what you are doing" etc..while in reality it was him who didn't understand it - until he went to ask a colleague..