Show HN: OneSite – Free, unlimited web hosting with cPanel and support. Yep
onesite.coOne major issue I see with free: there's no implicit contract and thus no expectation of long service life. Which is a real biggie when it comes to hosting.
Even paying a nominal fee for hosting (see https://www.nearlyfreespeech.net) is better than paying nothing. Because the exchange of money creates the expectation of services rendered.
The issue is security. Not in a technical, hardened web-server sense. But in the legal sense. A shared web host has root access to your databases. It has access to your API keys. It controls what files are served for your domain name. Paying for a service creates a business relationship, and at least the expectation of liability should a web host act maliciously.
Hello, We've developed a sustainable business model. Without the free hosting, OneSite wouldn't make sense. Our main objective is becoming a high quality cheap web hosting. To do this, instead of spending a lot of money on advertising, we are providing free hosting, to reach the same point, at a lower cost. Free hosting is what will make OneSite make sense. We will make a profit with AdSense in our website and with paid upgrades. But we do not plan to discountinue free hosting, and I even believe it would be illegal to do so.
What's the catch?
Their parent companies website is just as vague - https://every.international/. They were just founded on the 6th of September and the website purchased just about a month before that.
Seconded.
Hello, What we want to prove is that in this industry, paid customer acquisition costs are so high, that it's better to save these by increasing your server costs. We offer free web hosting, which essentially gets promoted alone. We have higher server costs, true, but it's still worth it. We earn money through Google AdSense on our site and through paid upgrades we'll soon be offering.
If it's "unlimited everything for free", then what sort of things could be upgradable with a fee?
We could very well provide VPSes, cloud services, domains and/or SSD web hosting where you could also host unlimited domains (now you can host one domain per account)
You have no idea, don't you ? :)
Well, I've been in the management of the biggest free web hosting provider for quite some years already. I do know what I am doing
If you did know that you would give us an answer with some more content.
True
I just registered, authenticated my email, logged in, and now I can't do anything.
My Services -> Place a new order
Could not load any product groups.
Open Ticket
No support departments found. Please try again later.
Wonder what gives.
Do you offer any email redirection/forwarding?
Yep, we do. You can set it up through cPanel :)
The cPanel login should be HTTPS.
Hello, At OneSite, we use strict security measures to ensure that your information is always safe, and of course, we will never sell your information to third parties. Our servers are secure and the information you provide us through the whole https://onesite.co/ (including cPanel) is encrypted.
Our cPanel uses self-signed certificates. Self-signed certificates work exactly like a certificate purchased through an SSL Certificate Authority, except that they are NOT signed by a Certificate Authority. Instead they are signed by your server; hence the term “self-signed”.
At OneSite, your data is always safe
Self-signed certificates are not secure as they are vulnerable to man-in-the-middle attacks.
https://security.stackexchange.com/questions/8110/what-are-t...
With free/cheap certificates widely available through e.g. Let's Encrypt and AWS Certificate Manager, there's absolutely no reason to use self-signed certificates.
The cPanel login page linked to in the footer isn't using any HTTPS, self-signed or otherwise. This means that anyone controlling the network can inject javascript to steal your users' passwords.
Do you guys have a bug bounty?
No, but this has been the most helpful comment so far! Do you think we should implement it?
Definitely.
Do you have any examples so that we can base it on these?
GitHub - https://bounty.github.com/
Google - https://www.google.com/about/appsecurity/reward-program/
Facebook - https://www.facebook.com/whitehat
you found a big with their site already? lol