Penny Auction Security Checklist

Running a penny auction requires a serious effort and an investment.  Below is a set of tips collected to ensure a stable performance of the website, when it is running Microbid Software’s penny auction script

Penny Auction System Administration

It’s recommended that professional Linux administrator would  monitor the website and provide his analysis on the load of the server, give recommendations and solve system bottlenecks and assist in a case of emergency. While Microbid Software is responsible for the penny auction software, there are many functions that are out of the software control but are still crucial to the well-being of your penny auction website: such questions include, for example, mail delivery, server response time, server internal management, disk space, memory consumption etc.

Securing The Server for Penny Auction Website

Managed Hosting

It’s more secure to run a website on a dedicated server, supported by a company providing managed hosting versus regular hosting contract. If your hosting provider doesn’t provide a managed  hosting, you should seriously consider hiring a system administrator to help you with system administration and monitoring.

Firewall.
Once your server is set up and running please be sure that it has a Firewall installed and routine checks are performed. If you have managed hosting it often includes a firewall  – please ask your hosting provider to be sure.

DDOS Defense
Penny Auction website should be protected against DDOS attack. Ask your hosting provider which measures they have against it and whether they have an automatic defense.

Other Applications
It’s recommended that you do not run any other applications, websites or services on the same computer that runs the penny auction website. Penny Auction software, while being robust and scalable,  is specifically sensitive to the server load and database load imposed by other applications.  Other applications running on the website  can lead to timer delays, inability to accept bids or security vulnerabilities due to exploits or nature of their work. Do not install blogs, affiliate software, e-commerce packages or anything esle on the same server.

Mail Delivery Issues for Penny Auction Website

SPF Records
Often the emails sent by the website go to SPAM folder. In order to prevent it, you need to setup SPF records on your domain, that would connect between the domain name and the sending server.

Please contact your domain registrar to setup SPF records.
Normally it is  something like:

"v=spf1 a:host.domain.com mx ip4:1.2.3.4 ~all"

Where host.domain.com is the hostname of the server mail will be coming from and 1.2.3.4 is the valid sending IP.

Sending newsletters
When you are sending a newsletter, be sure to send it through external SMTP, not associated with the website or through 3^rd party service, such as BenchMark Email

Do not ever send a mass mail from the same server that your auction is running on, as it will lead to the server being blocked as a SPAM-sender, even if all the recipients approved their participation.

Sending SPAM
Sending SPAM, being illegal in many countries, can easily lead to SPAM filters “to remember” the name of the site and key phrases of the newsletter

Different ISP check
It’s necessary to check whether emails are delivered to different ISP/Mail Services in your country. Open several email accounts with different mail service providers (yoursite@gmail.com ,  yoursite@yahoo, etc) and make sure that emails (for example, registration email) are delivered to these accounts

Monitoring Tools

Monitoring tools should be set up on the server so the site owner could track such important parameters as CPU usage, database usage, network cards, memory usage, processes etc.
You should employ your hosting company or a system administrator to install for you such packages as cacti.net that would provide to you the required information. Basically it’s almost impossible to analyze the system failure without proper monitoring tools

Penny Auction Backup

While it’s very important to have a backup of your website, check with your hosting company when and if  it is performed.  Please note that it’s advised to run backup at the time when auctions are not active, as usually running a backup creates very high load on the database, that can disturb regular activity

Remove Statistical Packages

It’s usual for hosting companies to install free statistical packages, such as WebAlyzer, AWStats, etc. These packages are performing intensive calculations using Apache raw log files and running these packages can be very problematic with large amounts of data penny auction website usually accumulates. Please ask your hosting company to turn them off.

Run Penny Auction Software Only

Try to avoid installation of other software on the same server that  your penny auction software is running on. Do not install SMTP servers, CRM software, livechat or blog software on the same server. Y