Hosting Advice

[Adem]

Hi all.

I currently have a Hostgator Reseller account which costs around £30 a month... it was pretty cheap years ago but has risen over time with increases and as the pound has dropped.

Anyway...I've been downsizing and I no longer need a reseller account and have around 20 small websites of my own now, so I think they can happily go on the same shared hosting.

Do you have any recommendations of hosting? Should I switch to a UK host? If it goes down the less than £10 a month then great as every little helps.

Thanks in advance.

 

[AlistairM]

One I've used for ages is webhostinguk.com with no problems.

 

[DomainM]

I'd recommend Clook.net hosting. They've served me well for years.

 

[pberry4032]

Another vote for Clook

 

[mtalk]

Yes Webhosting UK is one good choice for fast and affordable web hosting in UK one more vote for them.

 

[dazc]

Just to give some balance.

I had a 'Cloud' VPS from Clook and it was very fragile, needed rebooting at least once a week. They also did a software upgrade that took my server down for 16 hours, they did compensate but it was only a percentage of the monthly fee which I took as a bit of insult, especially since they admitted they had screwed up.

With Krystal I have a cheap 10 site account and they have been the best budget host so far although they did get swamped with DDoS attacks some time ago. They did address this but as a consequence their firewall is very aggressive and they will not whitelist any IP's for you. You have an option of mod-security on or off, that's as far as it goes.

You don't get top notch or great service from any budget host btw; they don't have the margin and resources this would require. You get acceptable, poor, really poor and total s&&t. Krystal is acceptable.

 

[Adem]

Cheers for the advice everyone.

 

[Admin]

Yes Webhosting UK is one good choice for fast and affordable web hosting in UK one more vote for them.

I've issued you a warning for this self promotion / advertising without declaration

 

[timter51]

I recently moved a lot of sites to a new VPS at Smart Hosting (https://www.bestwebhosting.co.uk - personally think they could do with changing their spammy looking URL!) after a recommendation on here. I've been very impressed so far, great setup assistance, great performance so far, competitve prices.

 

[atlas]

Having used them for a few years now, I can happily recommend krystal.co.uk

Their top tier (ruby) cloud hosting suits your requirements of both spec and price:
https://krystal.co.uk/cloud-hosting#pricing-table

Their customer service has always been top notch, too.

Decided to try this out, and they require you to scan your passport and send it to them to set up an account - seems OTT for a less than 3 pound per month purchase. I don't recall any other hosting company requiring this.

 

[mdrussell]

Based on the fact I have an account with them and that I recommended them, I just contacted their support team about this query and they responded with:

"If we've asked a potential new customer to provide this information it'll be for order verification processes usually due to inconsistencies in the order, to verify that we are actually receiving a legitimate order from the person named on the order."

I mentioned that other hosting companies don't require this level of stringency. Their response:

"For the vast majority of orders we don't either - Obviously I can't discuss specifics of someone else's order but we'd typically ask for a copy of ID if for example we receive an order with UK-based address details supplied but the order and payment are made from abroad, essentially to verify that the customer's card isn't being used fraudulently"

In my opinion, this is a good thing. You may have other thoughts, though. I hope this helps.

Agreed. We the hosting companies pick up the cost of fraud. A little extra vigilance if some things don't match is a good thing.

 

[atlas]

Based on the fact I have an account with them and that I recommended them, I just contacted their support team about this query and they responded with:

"If we've asked a potential new customer to provide this information it'll be for order verification processes usually due to inconsistencies in the order, to verify that we are actually receiving a legitimate order from the person named on the order."

I mentioned that other hosting companies don't require this level of stringency. Their response:

"For the vast majority of orders we don't either - Obviously I can't discuss specifics of someone else's order but we'd typically ask for a copy of ID if for example we receive an order with UK-based address details supplied but the order and payment are made from abroad, essentially to verify that the customer's card isn't being used fraudulently"

In my opinion, this is a good thing. You may have other thoughts, though. I hope this helps.

Agreed. We the hosting companies pick up the cost of fraud. A little extra vigilance if some things don't match is a good thing.

Sure, I agree with all that, but there are much less intrusive ways of dealing with this - phone calls, verified by Visa, Mastercard Securecode, etc.

A passport is a pretty important document, and can be used for identity theft. One can't just send a scanned copy to a merchant every time one makes a 3 pound purchase online. The merchant would then have my name, address, telephone number, credit card details, and a copy of my passport, which is pretty much all you need to impersonate someone.

 

[ian]

Sure, I agree with all that, but there are much less intrusive ways of dealing with this - phone calls, verified by Visa, Mastercard Securecode, etc.

A passport is a pretty important document, and can be used for identity theft. One can't just send a scanned copy to a merchant every time one makes a 3 pound purchase online. The merchant would then have my name, address, telephone number, credit card details, and a copy of my passport, which is pretty much all you need to impersonate someone.

Agree with Andy, requesting a passport for hosting is too intrusive and would immediately put me off. Not because I have anything to hide, but because your passport is probably the most important document you own, and I'd also question whether these companies have the correct level of security in place to protect the transfer of this information, or the correct authority for those approving such information.

I take orders for expensive equipment, much more expensive than hosting, and there are plenty of ways of checking out a customer that isn't resorting to this method; in fact, I reckon if I asked for such information, they would immediately cancel questioning why. Fair enough no system will protect you entirely, but there is always risks in business.

 

[mdrussell]

I think most will take driving license / proof of address etc too

 

[ian]

I think most will take driving license / proof of address etc too

Driving license, see previous comment (still excessive)

 

[ian]

so, how do you - in your business - validate against potential fraudulent purchases, to prove the "customer" is who they say they are?

Based on credit/debit card payments, combination of CV2, Address, PC, 3D, electoral roll, telephone, common sense, association, web checks, IP etc. Plenty of these combine for Fraud Screening with the right systems. Better still, auth codes are a great way of confirming the person using the payment card has rights/access to it beyond holding a card in hand. After that, if something doesn't look right, don't accept. Asking for proof of ID be it Passport or Driving License, except in the duty of law is lunacy!

 

[ian]

Common sense? Otherwise known as assumption.
Many of the other options you provide (electoral, address, cv2, IP, web checks is all circumstancial and proves nothing regarding true ID).

Auth codes is better - but on a new customer signup/purchase, this doesn't help validate anything.

Just to note; I'm not arguing with you, I was just passing information forward, whilst also wondering how you go about screening your customers for fraud.

Well I suppose it comes down to what you are protecting against, fraudulent payments, or fraudulent use? In my situation, it is ensuring the payment is good, which is why those points I mentioned are valid. If hosting companies need to prove identity (why?) then that is different, but I certainly wouldn't be happy handing over such information, even with nothing to hide, I don't see there being a valid need.

 

[MrMason]

Hi all,

We just thought we'd reply to this thread to explain a little bit about where we are coming from in regards to the checks

This isn't requested for every hosting signup and it is actually pretty rare that we need to request additional ID information. However there are times when an order doesn't meet the minimum security level required to process the order automatically - these are the times in which the person ordering is then asked to contact us so we can request additional information.

In this case we requested simply proof of identification and this could either be a copy of the account holders drivers license or passport or proof of name / address, this is done purely to verify that the person actually placing the order and the (already verified) details of the cardholder paying for it are the same.

We appreciate that seemingly this might seem overkill for £3 a month hosting, however it's not related to cost but due to the nature of shared hosting. Once someone has access to the hosting they can then send mail at the rate of 500+ mails per hours per domain and upload content to the servers etc. If someone decides to then use the service for abusive purposes this could in turn affect all other users on the server - if for example the shared IP reputation becomes in anyway damaged all other users on that server could have mail sending issues.

One of the initial ways we prevent such abuse (other than with the server side technical implementations we have) is at sign up before access to the hosting is given - by checking each order that we receive and if it's deemed to need to be additionally reviewed, we will manually check the order and request extra information when needed. This is as I say rare and there is always an explanation available for the person ordering if they wish to know why their order didn't meet our minimum requirements.

I hope that helps explain a little about why this was requested and if the user Atlas would please like to get in touch with us again I'm sure we can help resolve this quickly for you.

Thanks,

Tom

 

[ian]

In this case we requested simply proof of identification and this could either be a copy of the account holders drivers license or passport or proof of name / address, this is done purely to verify that the person actually placing the order and the (already verified) details of the cardholder paying for it are the same.

We appreciate that seemingly this might seem overkill for £3 a month hosting, however it's not related to cost but due to the nature of shared hosting. Once someone has access to the hosting they can then send mail at the rate of 500+ mails per hours per domain and upload content to the servers etc. If someone decides to then use the service for abusive purposes this could in turn affect all other users on the server - if for example the shared IP reputation becomes in anyway damaged all other users on that server could have mail sending issues.

For me personally, it isn't so much that it seems overkill for £3 per month (because it is the knock-on affect as you've explained), but that "simply proof of identification" isn't that "simple" when you are asking a customer to hand over the most important piece of documentation they will have. I have no idea how you request this information (hope it isn't email), so can't comment on the data transfer process, but I personally wouldn't be comfortable handing over said documents.

 

[MrMason]

For me personally, it isn't so much that it seems overkill for £3 per month (because it is the knock-on affect as you've explained), but that "simply proof of identification" isn't that "simple" when you are asking a customer to hand over the most important piece of documentation they will have. I have no idea how you request this information (hope it isn't email), so can't comment on the data transfer process, but I personally wouldn't be comfortable handing over said documents.

That's fair enough, we understand that some people aren't willing to provide that information - and we will lose their custom.

We used to use the same logic as you with our new customers, but it simply wasn't good enough - we had fraud with users who we had spoken to on the phone and who provided all the information you've asked for. They then proceeded to impact our other customers and place our environment in danger.

Our primary concern is keeping our current customers safe - of course we don't want to be spending all this time and effort for something that costs £3/month - but we have a duty to the customers who have been with us for almost 15 years first.