Why You Should Avoid Low End VPS Providers

You may have come across sites such as LowEndBox and its counterpart forum, LowEndTalk. These sites promote VPS providers with a max price limit of $7 per month, hence why they’ve coined the term, “low end.” In the past when VPS prices were at least 3 times that amount, the only way to achieve a $7 per month limit was to provide VPSes that were 64-128MB in size. However in today’s downward spiral of hardware prices, you can find upwards of 2GB or more in size for just $7 per month. Sounds like a great deal right? Why avoid these providers? Well, the reasons are many.

1. One Man Shows

The barrier to entry to become a VPS provider is quite low these days. You can rent a dedicated server to virtualize for $100 per month, buy and install SolusVM to manage your virtual servers for $10 per node, and buy and install WHMCS which is a popular billing software for the hosting industry for $14 per month. Not sure what the latest prices are but they’re within the above ballpark. As you can see, anyone and their grandmother could start a “VPS hosting business” with very little investment upfront. What ends up happening is that you end up with hosts that are run by only one person, with maybe give or take a few outsourced employees to provide support.

What’s wrong with one man shows? Well, what happens when that individual decides to pack up and leave the industry, which happens a lot actually? You either get an email saying service will be cut off on a certain date, that the company is sold to another, or your service is suddenly cut off without any notification. Sucks right? Well, that’s why you get relying on a single individual. It’s unstable, finicky, and not something you should do if you care about your website and your data.

2. The Low End Attitude

Most of these low end providers have this attitude like you owe them something by signing up for their services. It’s actually a very common psychological reaction when you sell anything for less than what you feel it’s worth. These low end providers have to abide by the $7 per month rule and in turn, have to compete on features and/or price. It’s a cutthroat business, no doubt, but what happens when you complain on a public forum about your issues? You get providers responding with comments like, what else are you expecting for $7 per month. Providers, listen up. If you feel you’re severely undervaluing your services, then by all means, raise your damn prices and drop this attitude like we owe you something. Even the best providers you find in the low end market will have owners that behave this way.

These individual owners are┬áprobably not the best in PR and maintaining a professional and courteous public image. They often lash out against negative comments on forums. Large companies have a team of support and PR professionals to maintain their professional image. One man hosts? Forget about it. How can you trust your data to someone who gets angry and shows you anger? I certainly wouldn’t trust my data with someone like that, fearing retaliation against me if I even voice any discontent. What’s worse is that these individual owners are still probably oblivious and living in their la-la land, thinking they’re providing great service and support. In any business, you can’t take things personally. It’s a business.

3. A Templated Approach to Hosting

To add on what I’ve said about about how simple it is to start a VPS business, you end up with VPS providers that simply fail to stand out from the crowd. Every provider you see will have some servers in ColoCrossing (as they’re the cheapest), SolusVM to manage your VMs, and WHMCS to handle billing. They come up with boring names to try to entice you and make you believe they’re special, when they’re simply not. When you compare world-class providers like Linode, Digital Ocean, Rackspace, and even AWS, you see why these low end hosts fail.

I’ve seen threads started on LowEndTalk trying to hype up a new service s/he is starting and ultimately admitted that it’s just another KVM VPS provider running SolusVM. *Yawn* What else is new? If you seek true innovation and features that improves your hosting experience, run far away from low end providers. Linode and Rackspace have node balancers. Which low end provider has that? AWS has a boatload of other services to accompany their EC2 platform such as integrated CDNs. Low end providers? Zilch. They’ll continue to think their stock SolusVM approach is awesome. A dream far far away from reality.

Taobao Selling Trick Makes Its Way To eBay

Going to do something a little different. I’m going to share a little known tactic used by Taobao sellers to gain sales. If you’ve never heard of Taobao, you should as Alibaba, their parent company just recently went public. Taobao is the eBay equivalent in China. Having used it a couple of times when I stayed in China, it’s pretty much the same deal. If you’re a seller starting out on Taobao, there are two things you could do. These are just tactics I’ve heard from fellow Taobao store owners and there could be more.

1. Sell your goods at a severe discount, like 80% off, practically giving it away, in order to generate buzz and sales and ultimately, reviews. Most Taobao sellers do this as they take a loss initially to build their store and ratings. This is the legit way to go about it. What’s the other way you ask?

2. Gather a bunch of people to “buy” your stuff, but send them empty boxes so the purchase and shipment is registered with Taobao. For their efforts, you return their money + a reward, like 10 RMB or something. This way you don’t actually need to store inventory nor take a loss in order to generate buzz and ratings. I know a Taobao seller doing this with great success. Of course, this is not exactly legit and downright deceitful.

Now, today I was looking on eBay for yoyos as my kid decided he wanted one for Christmas. I’m actually a yoyo fan myself and have quite a bit of knowledge so what I found on a particular listing shocked me. Here’s the screenshot of the item:

crazy dollar tree yoyo selling for over $100

Now, to give a bit of background on yoyos, there are the cheap kind made of plastic from companies like Duncan and Yomega. These are the brands you see at your local toy store. They go for around $10 to $20. They also make some metal yoyos ranging $30 to $50. Going a step higher, you get your performance level yoyos from companies like One Drop, CLYW, and YoyoFactory. These companies produce yoyos mainly for the professional level players who enter competitions, with prices upwards of $150 is not unheard of.

About a year ago, there was this popular yoyo among the yoyo community when someone discovered a $1 yoyo at Dollar Tree. Yoyo enthusiasts went out and bought them in bulk, looking to give away, mod, and just have fun with them. I know because I bought several myself. These are yoyos made of rolled tin metal, very cheap stuff, with plastic response, but they did have a metal bearing, which was surprising. Here’s what it looks like:

dollar tree yoyo

Anyways, back to this eBay listing. The yoyo featured in this listing is almost an exact duplicate of that $1 yoyo, same rolled tin metal, same printing on the side, same plastic starburst response, but yet they’re selling it for $105! Insane right?! What’s even more shocking is the listing says 109 of these yoyos have been sold. Checking the seller’s rating, he sets them all as private. I wonder why. This seller is using the same tactic #2 I’ve mentioned above. Even if most of those 109 sold are fake, there could be one or a few who aren’t and guess what, they just made over 100x return on each sale. This is just plain wrong, to deceive folks like this, generating fake sales so it looks like it’s a good deal. Anyways, here’s another shot of the item. It looks like it originated from China.

crap dollar yoyo sold at $105

It’s such a shame for people to resort to this. But really, it’s the way of life for┬áChina. Having lived in China for a while, you kind of just get used to stuff like this. Anyways, this post has turned into more of a rant, but I hope you enjoyed it.

How To Stop WordPress Brute Force Attack on xmlrpc.php

Yesterday one of my sites running WordPress got attacked. I only found out because my VPS provider restarted my server as my server load was climbing over 2.0 throughout the course of 2 hours. Upon investigating, I didn’t see any brute force attacked on the WordPress login page, as expected. Instead, I examined the access log to discover POST requests to a file named xmlrpc.php. This file is used for pingbacks and remote posting and even JetPack uses it. Because it allows remote posting, it serves as a method of authenticating username/password instead of the traditional wp-login page. This was what they were trying to brute force, causing ram to spike to over 2GB and server load to spike past 2.0. How can you prevent this attack? The most effective way for me is to put this in your .htaccess file:

RewriteRule ^xmlrpc\.php$ “http\:\/\/0\.0\.0\.0\/” [R=301,L]

That’s it. It simply redirects requests for this xmlrpc file to a non-existant address: