[BlueOnyx:00197] Re: Third party software: Joomla

Wed Jan 14 11:13:14 -05 2009

Stephanie Sullivan wrote:
>>> people. I run several secure applications based on the Joomla! CMS
>>> and have never been hacked. I also understand server security and
>>> how to program.
> 
> This is the concern with 3rd party packages in general. It's difficult to
> police and keep up-to-date. If it were not a major competitive feature I
> doubt I'd be interested in hosting third party script installations. I have
> lost a number of potential hosting clients who were stuck on "fantastico" -
> why can you support fantastico??? Well, fantastico is a cpanel only app, and
> we don't run cpanel... you get the idea. Argh.

Precisely.  The apps allow us to be competitive without resorting to 
cPanel.  (I won't get started on that pig.  That's a whole different rant).

Honestly, we were strongly considering migrating all of our customers to 
Plesk, since we have also been using Plesk for several years.  We have 
application installers available to the customers with that package. 
There were 2 major factors that pulled us down off that fence and back 
into BlueQuartz.  One of them was the ability to have customers install 
applications.  They like self-service (or the idea of it).

> The other dark side of virtually all auto-installed scripts is you can
> update the scripts to be installed, but what about the ones already
> installed? Oops! This makes a bit of a mess when a vulnerability is
> announced with a fix for a popular app and lots of installed scripts NEED to
> be upgraded. How does one convince a client that got a free script to pay
> for upgrading? It's a customer relationship nightmare.

This is actually an area where we've been very fortunate.  I have a 
superwoman working here as an Account Exec.  She has a fantastic way of 
knowing each customer by name and knowing a bit of their background. 
She can call a customer and give a quick rundown of the situation, then 
let them know if they'd like to do the upgrade for themselves, it's 
completely free and instructions are generally available from the 
package provider.  If the customer would prefer, we can roll it in with 
other sites that we're doing at the same time, and we can charge them a 
small fee so they don't have to be bothered by it.

This gets a little OT from the mechanics of webhosting on BlueOnyx and 
more towards the customer service, so I'll nip it in the bud here.

 From an operations standpoint, we have seen our share of WordPress or 
Joomla or you name it get compromised.  But I'm no more going to ban 
those than I would place a ban on form-to-mail scripts.  It's a cost of 
doing business.  We at least take enough precaution so that when that 
does happen (and it will) it doesn't wipe out an entire box.

> But again - it's a competitive necessity to offer some kind of
> auto-scripting option.

Without it, you're almost asking a customer to go elsewhere.  Every 
large provider offers it in some form, and usually for a ridiculously 
low price.  If your company is like ours, you're not competing on the 
low-price/high-volume model.  So you have to prove your value.

-- 
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ