vps header 1200x200

5.2 How to Choose a Secure Canadian VPS Host

As I have explained previously, it is not wise to host your website or Virtual Private Server with a US based hosting company. The reason for this is that the US has a draconian law called the Patriot Act – which allows US federal agencies to take down your website or VPS without notice and without a court hearing. The only way to have a truly secure website or VPS is to use a web host and domain registrar that is not located in the US. I recently had to seek out a new Canadian web host. After months of evaluating more than 100 Canadian web hosts, I eventually chose a VPS host called CanHost.ca. In this article, I will explain why I chose CanHost not only for my VPS but also as a host to recommend to my students and business friends.

01

#1 CanHost is actually owned by Canadians and has actual servers that are actually located in Canada

During my research on Canadian VPS hosts, I found that many hosting companies which claimed to be owned by Canadians were in fact incorporated in the US and had their headquarters in the US – making them and their customers (aka your business website) subject to the draconian US Patriot Act. In fact, there has been a very sad trend in recent years of major US corporations buying Canadian web hosting companies. This trend has gotten so bad that only a few Canadian VPS hosts are actually owned by Canadians and located in Canada. Even among VPS hosting companies still owned by Canadians, many of them no longer use actual servers that are actually located in Canada. It has become very common for VPS hosting companies to out source their servers to major US corporations like Amazon Web Services (AWS Cloud) and/or the Microsoft (Azure Cloud).

This hidden change of ownership also makes your business website subject to the draconian US Patriot Act. By contrast, CanHost has actual servers (not just cloud servers) and is located in Kelowna, British Columbia. You can schedule a visit to see their servers. Thus, you will know where your business VPS is actually located. And, if any government agency wants to take down your VPS, they will have to explain why to an actual judge – giving you a chance to explain to the judge why your VPS should not be taken down.

02

How to determine if your VPS web host DNS Name Servers are actually located in Canada

Go to the following link and enter the full name of the name server:

https://whois.domaintools.com/

For example, the primary name server for Canhost.ca is

NS1.MANAGEDNS.CA

Here is a screen shot of the search result:

02a

The CanHost IP address, 66.209.177.17, is also listed as being located in Canada.

Does it really matter where your website domain names are hosted?

Here is an article posted on April 28, 2021 where the domain registrar Tucows, was served with a US court order to hand over some domain names. Tucow automatically compiled because they get such court orders all the time and they always comply. It turned out that this court order was a FAKE court order created by hackers. The hackers then took over the domain names, changed the location of the domain names to a different server, then changed the content and started hacking the visitors of the domain names! https://cybershafarat.com/2021/04/28/tucows-domains-court-order/

Here is a quote from the article:

“Tucows handed domain names over to hackers pretending to have a court order… the domains were transferred internally at Tucows to their compliance department and then handed over to the attacker, who then immediately transferred these domains to other registrars.”

Even worse, a lot of the so-called Canadian web hosts were actually using Amazon cloud servers. In 2018, the world’s largest Domain Registrar, GoDaddy moved their 17 million customers to the Amazon cloud. https://onlinedomain.com/2018/03/28/domain-name-news/godaddy-will-be-migrating-to-amazon-web-services-aws/

Here is a quote from a comment at the bottom of this article:

“Any organization that entrusts their In house data to any public cloud platform endangers their end Users to Breach. The Digital pipeline is full of Hackers that are salivating at companies entrusting their valuable data to any Public Cloud platform.”

In January, 2021, the Social Platform Parler.com found out how dangerous it was to use Amazon to host their website. Amazon took them down without notice in less than 24 hours!

In May 2021, a group of US doctors critical of the new GMO shots were also taken down by Amazon. They were using an expensive Content Management System called Webflow which uses AWS for hosting. AWS demanded that Webflow take down the website and Webflow complied – despite the fact that every article published by Americas Frontline doctors was backed up by scientific studies. Here is a screen show of the email they got from Amazon:

02b

Here are a couple of additional examples of how dangerous it is to use the Amazon Mega Cloud: Former employees have claimed that while they worked at Amazon, they had complete access to all customer email addresses, passwords and credit cards.

Do a search on “Amazon IP Fishing” and you can read this article:https://labs.bishopfox.com/tech-blog/2015/10/fishing-the-aws-ip-pool-for-dangling-domains

The article, posted in October 2015, is called “Dangerous Ips Amazon Recycling IP addresses and providing hackers with access to other users” The article explains how hackers can gain easy access to corporations that use Amazon Web Services because Amazon recycles IP addresses – meaning that IP addresses previously controlled by a corporation can be taken over by hackers.

The only way to avoid the US Hacker Heaven is to use a VPS host that is actually located in Canada.

#2 CanHost offers REAL Virtual Private Servers and not merely Cloud Servers

One clue that a VPS host has out sourced their servers to a US mega corporation is that they offer “Cloud VPS” hosting rather than “VPS” hosting. The term “Cloud VPS” means that your VPS is not located on one particular server. Instead, it means that your cloud-based VPS might be located on just about any server in the world. Amazon Web Services and Microsoft both have more than one thousand servers. However, this concentration of power and centralization of computer networks can be a major point of failure. If hackers can bring down the AWS cloud, they can bring down every one using the AWS cloud. One of the most important principles of VPS security is decentralization. You are therefore better off on a local but well protected and updated server than you are on a mega cloud. This is why I do not recommend cloud servers and instead only recommend REAL servers.

03

#3 CanHost offers a simple DNS Manager with a Graphical User Interface
Because we will be using the Hestia Control Panel, we will be setting up our own websites, our own databases and our own custom mailing systems. These are all relatively easy tasks that most online business owners can learn to manage on their own. But setting up a DNS Manager can be a much more complex undertaking. I therefore wanted a VPS hosting company that could host all of my domain names and also have a DNS Manager which will allow me to easily route my domain names. This may seem surprising – but most VPS hosts do not have a DNS Manager!

04

#4 CanHost has hundreds of helpful Tutorials
Many VPS providers do not offer any instruction as to how to use their VPS. But CanHost has more than 200 tutorials which you can see at the following link: https://www.canhost.ca/hosting/index.php?rp=/knowledgebase/tag/VPS

Here is a tutorial explaining how to use the CanHost DNS Manager: https://www.canhost.ca/hosting/index.php?rp=/knowledgebase/275/How-Do-I-Manage-my-DNS.html

Their tutorials include lots of helpful images. Here is the beginning of their DNS Manager tutorial: To update your DNS records, first navigate to your Client Area by logging in to canhost.ca. Navigate to the 'Shortcuts' list on the left, and select the list item called 'My DNS'.

05

This will open up your DNS manager, which displays all of your active DNS zones and their corresponding domain names. To edit a specific zone, click on the Edit Zone button on the right hand side. This will allow you to edit the individual DNS records for this domain.

06

Here is what their DNS Manager table looks like:

07

 #5 CanHost DNS Manager can create CAA Records
CAA (Certificate Authority Authorization) records have become increasingly important to protect websites from hacker attacks. Web security relies on Secure Socket Layer (SSL) certificates. SSL certificates, in turn, rely on Public Keys. Unfortunately, in recent years, hackers have found a way around the Public Keys by pretending to be an SSL certificate authority (CA). The best and easiest way to stop this type of hacker attack is for website owners to add Certificate Authority Authorization (CAA) DNS records. CAA DNS records specify the Certificate Authorities (CA), who can issue a specific domain name certificates for their website. When a CAA record is not found, a malicious hacker can generate a Certificate Signing Request (CSR) for your domain and have the certificate signed by any domain. This is a security threat that we should not allow to happen. In addition, CAA records make it much easier to add a free Lets Encrypt SSL certificate to your website. Despite the importance of CAA records, many web hosts and VPS hosts do not provide a way to add CAA records to your website. Thankfully, the CanHost DNS Manager
offers a very easy way to add CAA records to your website in a matter of seconds.

#6 CanHost has Flexible VPS Packages
If you go to their VPS page, it looks like CanHost only offers three options.

08

This would be a problem because many small businesses, with only a couple of websites, might get by on 20 GB of disc space. But they may need more than 2 GB of RAM. Thankfully, when you click on the VPS Express 1 Buy Now button, you will see a couple of options. First, in the lower left corner, you can change the currency from Canadian dollars to US dollars. This brings the price of VPS 1 down to $12.38 per month.

In addition, you can change the RAM from 2 GB to 4 GB for an added $6.19 per month. This brings the total VPS monthly cost to $18.57.

The SSD disc space can be increased from 20 GB to 40 GB for $6.19 per month. But what if you only need 30 GB? Again, no problem. Click the Disc Space drop down arrow and you can select 30 GB for $3.50 = 2.89 us and 35 gb 4.25 CAN = 3.51 USD. So you get 4 GB of RAM and 30 GB of disc space for $21.45 USD per month or 4 GB RAM and 35 GB for $22.08 USD per month or 4 GB of RAM and 40 GB for $24.72 USD per month.

Given that the average Joomla website starts out at less than 100 MB and rarely reaches beyond 500 MB – even with hundreds of images – and thus even with a one or two local backups does not need more than 1 GB of disc space, it is reasonable to estimate that one can have as many as 30 websites on a 35 GB VPS.

Here is a table to help you calculate the amount of disc space you need:

CanHost VPS

RAM/SSD Disc Space

Minus Debian 10

Hestia & Free Space*

Space Left for Websites

Total Websites with backups

@ 1 GB each

Monthly Cost

USD

4/20 GB

- 10 GB

10 GB

10

$19

4/25 GB

- 10 GB

15 GB

15

$20

4/30 GB

- 10 GB

20 GB

20

$21

4/35 GB

- 10 GB

25 GB

25

$22

4/40 GB

- 10 GB

30 GB

30**

$25

* You never want to run the risk of using up all of your disc space.

** If you have more than 30 websites, it would be better for logistical and security reasons to add a second VPS.

#7 CanHost offers Debian 10 VPS servers

Sadly, many VPS hosts only offer Ubuntu or CentOS operating systems. CanHost offers Debian 10 which is the operating system I recommend and the operating system most recommended by the leaders of Hestia.

#8 Stability and Security

We want a web host that is big enough so that they will not go out of business tomorrow and so that they have a staff who can keep the programs on the server up to date. But we do not want the web host to be so big that they are indifferent to the needs of a small business owner. This is another reason I do not recommend any of the major cloud web hosts.

#9 Hard Drive Space
Assuming you are using the Joomla Content Management System for a secure foundation and Phoca Cart for a flexible online store, and several other tools to perform various business functions, a small online store should not require more than 1 GB of hard drive space. However, if you have a lot of products and/or a lot of customers, you will need more space to store this data. You will also need backups of your system and each backup will double the amount of space needed. This can expand the space needed to 10 GB or more. Many businesses require several websites. For example, I have different websites for each of my courses and books. In addition, the Debian Server itself along with its hundreds of programs can take 5 GB or more. Therefore, it may be useful to seek a VPS with 30 GB or more of hard drive space.

#10 RAM
A Linux VPS does not require as much RAM as a Windows computer. But to run an online business with an online store, you need at least 2 GB of RAM and 4 GB is better. Virtual servers come with their own dedicated RAM. With more RAM available, you can run an efficient website loaded with more content. Note that if you have only 2 GB of RAM, you should do a special installation of Hestia that EXCLUDES ClamAV. This is because ClamAV (which is not really needed) will use 1 GB of RAM all by itself. Even if you have 4 GB of RAM, I recommend excluding ClamAV from your Hestia installation as their other better ways to protect your VPS.

Summary: CanHost is by far the best option of you are looking for a REAL Canadian VPS server with a DNS Manager.

Managed versus Unmanaged Servers???
There is a debate as to whether most business owners can even manage their own VPS. Many VPS providers recommend a Managed VPS. CanHost offers dedicated managed servers for $130 per month. Historically, it was so difficult to set up and run your own server that getting a Managed server was the only practical option for many online business owners. However, the Hestia Control Panel is changing that.

09

While the leaders of Hestia rightly warn that Hestia is not for beginners, it is much easy to set up and run a VPS with Hestia than it has been in the past. The only thing that has been missing has been a Hestia User Manual manual with lots of images and clear step by step instructions.

10

Hopefully, this guide will fill that need – allowing more online business owners to set up their own VPS – saving your business not only thousands of dollars per year – but also giving you complete control over the future of your online business.

What’s Next?

In the next article, we will review how to move an existing website from shared hosting and Cpanel to a VPS with the Hestia Control Panel.