How many downloads at same time?

[Arpeggio]

I'd like to know how many people could download from my site at the same time? I am currently on the basic shared plan, the monthy bandwidth looks fine for the foreseeable future I can upgrade if need be but I don't know anything about the thread title, is that called "traffic"? The 2 files are about 92 and 100 meg, only one is needed for each person unless they choose more or have bought 2 books. Websites are a bit new to me I understand about one tenth of what the thread titles here actally mean but it's going OK so far.

 

http://www.intuition-music.co.uk/

 

If you decide to listen (the TOS is just standard but they are free); "E major Blues" tracks 1 and 2 on the Bass book are a couple of my favourite, the guitar book "The Bikers entered the room" (or "Rock riff 2" (same thing) for the Bass), or Calm beach. Some still need a bit of work.

[kuemerle5]

Short answer is: as many as possible. For all intents and purposes, there is no limit to the number of people that can download files from your site. Now, if you get thousands of people at the same time downloading those 90 and 100 MB files, that's going to be a problem as it might cut into resources that are shared on the server. (CPU, RAM, etc.). That being said, if you don't expect more than 85 downloads per day (assuming the 90 and 100 mb albums are equally likely to be downloaded), you should be good. If you reach that point though, I would suggest either upgrading your plan at MDD or start using Amazon Simple Storage Service (Amazon S3) to distribute those files. What's cool about S3 is that you can upload whatever files you want for about 14 cents per gigabyte and then whenever people download those files, Amazon will charge about 15 cents per gigabyte transferred (when people download your files). Should you choose to use S3, or you're still just kinda confused, feel free to post a reply! Hope this helped and best of luck!

 

Oh, almost forgot; here's the link to S3: http://aws.amazon.com/s3/

[Arpeggio]

Thanks for the advice. It should be OK then, 85 a day sounds good but hypothetically speaking what about at the same time? Otherwise if only half those where people who had bought a book I'd be happy, while if it got busy enough I could always upgrade and keep an eye on the stats. I feel a bit funny about it because unlike many sites which I suppose exchange a digital product at a similar time of the financial transaction, mine offers a neccessary part of the product after the product is bought so if something went wrong after someone had already paid I wouldn't feel good about that.

 

Originally I was considering a FileHost which I would hotlink through the presentational site but MDD's bandwidth at similar price is bigger than most FileHosts I came across at the time. Is Amazon S3 basically a Filehost? It's data transfer looks pretty big, if I used that I'd hotlink it to my site if possible.

 

Something I'm concerned about is if someone decided to download loads of times through proxy computers or something in order to overload, I was wondering if that was a possiblity and if there's a way of avoiding it? I wonder if Amazon S3 is secure from that on a public domain basis? 150TB data transfer at $0.08 is $12,000 (if I got that right).

[kuemerle5]

Take this with a grain of salt as I am not involved with operations at MDD, but I would think even 85 people downloading the file at the same time should be fine. It's just when you get hundreds or thousands of people downloading the files that it becomes a problem. As far as getting overloaded because of too many connections, as in an attack on your website , MDD has very advanced systems to detect that kind of activity (as I hear it) and mitigate damages. Realistically, it is very unlikely that your website will become a victim of such an attack just because you are a small website and there would be no benefit from attacking it.

 

To answer you questions about Amazon S3: S3 is known as a content delivery network (CDN). Big websites (Microsoft, Yahoo, and even YouTube) use CDNs to distribute large files without putting a heavy load on their main web servers. Yes, you can hotlink to files on S3; that's it's main purpose. In terms of what Amazon offers for protections against those kinds of attacks, I'm not sure. Maybe you have the option of limiting transfer, but you would have to check up on that.

[Michael D.]

Each server has a 1,000 megabit link to the internet so theoretically you should be fine with 85 users downloading simultaneously. The thing you need to keep in mind is that you're going to chew through bandwidth VERY quickly if 85 simultaneous downloads is "the norm".

[Arpeggio]

Sounds like it would cope with anything I could expect, although really I don't know what to expect so better to over estimate my rough guess to be on the safe side. 85 at any one time sounds good, I doubt that would be all the time unless people are buying loads of my books which will hopefully be available in US, Europe and Australia through Lightning Source but will have zero advertising / promotion other than its own merit / word of mouth so pretty clueless what will happen until it's out there. At least I know there are options like S3 or upgrading.

[Michael D.]

Yeah, you're always welcome to use something like a CDN or cloud storage if you needed in the back end. It may be more complicated to set up but ultimately it's not a bad idea but I don't think I'd bother doing that right off the bat unless you knew you were going to sell a lot

[Arpeggio]

Hi, back again thanks for the advice so far so good. The ISBN is sorted out and the first book should be one the market by late August (and hopefully sell). I just wanted to ask if anyone had any tips on website security, like basic do's and dont's I might have missed? to avoid being hacked or overloaded or something? It is backed up on my own external HD's. The "Hosting Security and Technology" on WebHostingTalk seems to be mostly about Hosting.

 

If anyone's interested the site has been updated and some of the tracks edited, "31. Heavy D (Demo)" and "12. Over the Hills and Far Away (Demo)" are a couple of my favourites (can be found on "Click here if you prefer to download the tracks individually" for the Learn to Play Guitar book). Pretty pleased with it, they where all recorded and made on my home PC with about £300 worth of equipment / software.

[fshagan]

WebHostingTalk is mostly host-focused. And a lot of conflicting information there, to be sure.

 

One thing to do is make sure you have a strong password for your account, both cPanel and SFTP (which is more secure than FTP). Those of us with a VPS or dedicated server get the "blocked IP" reports for brute force attempts to try and break into the accounts on our servers. I have to say it shocked me at first, with several every day.

 

These are usually brute force attempts that use the domain name as the user name (or a common name such as "webmaster", "root", etc.) And the passwords are often the same as the username, or a variation of the domain name. I have my firewall set so that they get only a few chances to get it right. And once I moved SSH off of the default port, I get far fewer of these. I'm sure the hackers are hammering away at port 22, but the server will never answer.

 

I have 25 character passwords that are mixed case with numbers included. They aren't common words. How do I remember them? They are a combination of "leet speak" ... I always replace certain letters with a specific number ... and part numbers from past employers. I can't remember my birthday half the time, but part numbers stay with me for some reason. The chance of someone figuring out that I took a pump impeller's part number, converted the "C" to a "3" and the dashes to a "d", and put it together with a LNBA part number from another employer is going to be very, very slim.

 

The other common exploit are trojans on your computer that either read the password file for your FTP program, or log your keystrokes as you enter the password. Since the trojans do both, complex schemes of never storing passwords doesn't seem worthwhile to me; when you type the password in, the trojan steals it by logging your keystrokes. The answer here is to make sure you regularly scan your computer and keep it virus and trojan free. And keep backups of your site locally.

[Arpeggio]

Thanks fshagan, really appreciate your advice. I have a firewall on my PC is that the same kind you are referring to? I have good anti-virus, same one for some years now and it hasn't failed. I don't know what SSH or port 22 are. With keyloggers I take it you mean that if your passwords are automatically stored they can't be read by a keylogger as you type.

[fshagan]

Thanks fshagan, really appreciate your advice. I have a firewall on my PC is that the same kind you are referring to? I have good anti-virus, same one for some years now and it hasn't failed. I don't know what SSH or port 22 are. With keyloggers I take it you mean that if your passwords are automatically stored they can't be read by a keylogger as you type.

 

Most servers have a software firewall that locks out an IP address if someone tries to enter a wrong password too many times.

 

A keylogger trojan records every keystroke you make, and then sends those keystrokes to some hacker somewhere. It doesn't matter if you are on a secure connection, or if your passwords are encrypted, etc., as the trojan is on your computer and records each keystroke. They are usually easy for anti-virus programs to detect, so as long as you're up to date and scan regularly it isn't a huge issue.

[Arpeggio]

I see, my antivirus is good so that shouldn't be a problem then. My Passwords are of many characters and mixed case now. I am getting my domain with a different registrar as per do's and dont's on WHT forum and am thinking of hosting my other less critical website (local business) with a different host so that if something goes wrong with the more globally exposed / critical one I can just put it on there and re-direct DNS without going through setting up another account (providing it's possible to host 2 websites through the same account). Just as insurance going into the unknown as somewhat a newb, "Force Majuere" or whatever, I know that and Denver is geographically safe and that MDD is a decent host.

[fshagan]

I see, my antivirus is good so that shouldn't be a problem then. My Passwords are of many characters and mixed case now. I am getting my domain with a different registrar as per do's and dont's on WHT forum and am thinking of hosting my other less critical website (local business) with a different host so that if something goes wrong with the more globally exposed / critical one I can just put it on there and re-direct DNS without going through setting up another account (providing it's possible to host 2 websites through the same account). Just as insurance going into the unknown as somewhat a newb, "Force Majuere" or whatever, I know that and Denver is geographically safe and that MDD is a decent host.

 

Not a bad plan. You do have to have a backup copy, which is a good idea anyway. Getting web space is the fastest part of the process, so even if your other account doesn't allow multiple domains you can quickly get another account with them. Uploading the site, changing the DNS and having it resolve will usually take longer than any normal outage a host like MDD would have. But if a natural disaster strikes and takes out Denver you won't have to scramble.

[Adam]

I just wanted to ask if anyone had any tips on website security, like basic do's and dont's I might have missed? to avoid being hacked or overloaded or something?

 

You should look at CloudFlare. They offer a great, free service that will add an extra level of security. It could also boost your site speed and cut down on bandwidth/server resources, which is a plus.

 

A question for Mike: Do you see any difference in server load because of people using CloudFlare on your servers?

[Michael D.]

A question for Mike: Do you see any difference in server load because of people using CloudFlare on your servers?

Not a noticeable level, but we have had issues where CloudFlare was having an issue and caused a site to be offline when our server was online (i.e. the opposite of what CloudFlare is supposed to do). We actually had an instance of this today.

[Arpeggio]

I heard of CloadFlare, saw a thread about it on WHT forum. I always thought DDos attacks (as far as I know that means mutliple log ons from proxy computers to overload the site?) would be difficult to deal with seeing as the hacker isn't actaully violating anything, but instead emulating a worse case scenario of something that is permitted.

 

If that ever happened to my site I wonder if it could be solved by making access to the site only possible with one of those scribbly codes you have to type in to prove you are human? it could be just two numbers with 99 posibilities. A hacker would have to be motivated, very bored or mad to do that by hand more than 85 times to overload my site, and if their mum is calling them to tea or whatever they might get distracted before they get to 85. I would'nt think a scribbly code with a box to type it so you can enter would detract from my site that much as its not marketing and generally people will go on there once directed from within a product they have already bought.