
Show HN: OneSite – Free, unlimited web hosting with cPanel and support. Yep - MatoBo
https://onesite.co?source=HackerNews
======
leepowers
One major issue I see with free: there's no implicit contract and thus no
expectation of long service life. Which is a real biggie when it comes to
hosting.

Even paying a nominal fee for hosting (see
[https://www.nearlyfreespeech.net](https://www.nearlyfreespeech.net)) is
better than paying nothing. Because the exchange of money creates the
expectation of services rendered.

The issue is security. Not in a technical, hardened web-server sense. But in
the legal sense. A shared web host has root access to your databases. It has
access to your API keys. It controls what files are served for your domain
name. Paying for a service creates a business relationship, and at least the
expectation of liability should a web host act maliciously.

~~~
MatoBo
Hello, We've developed a sustainable business model. Without the free hosting,
OneSite wouldn't make sense. Our main objective is becoming a high quality
cheap web hosting. To do this, instead of spending a lot of money on
advertising, we are providing free hosting, to reach the same point, at a
lower cost. Free hosting is what will make OneSite make sense. We will make a
profit with AdSense in our website and with paid upgrades. But we do not plan
to discountinue free hosting, and I even believe it would be illegal to do so.

------
zerognowl
What's the catch?

~~~
brianjking
Seconded.

~~~
MatoBo
Hello, What we want to prove is that in this industry, paid customer
acquisition costs are so high, that it's better to save these by increasing
your server costs. We offer free web hosting, which essentially gets promoted
alone. We have higher server costs, true, but it's still worth it. We earn
money through Google AdSense on our site and through paid upgrades we'll soon
be offering.

~~~
SparkyMcUnicorn
If it's "unlimited everything for free", then what sort of things could be
upgradable with a fee?

~~~
MatoBo
We could very well provide VPSes, cloud services, domains and/or SSD web
hosting where you could also host unlimited domains (now you can host one
domain per account)

------
webtechgal
I just registered, authenticated my email, logged in, and now I can't do
anything.

My Services -> Place a new order

Could not load any product groups.

Open Ticket

No support departments found. Please try again later.

Wonder what gives.

------
evolve2k
Do you offer any email redirection/forwarding?

~~~
MatoBo
Yep, we do. You can set it up through cPanel :)

------
nsgi
The cPanel login should be HTTPS.

~~~
MatoBo
Hello, At OneSite, we use strict security measures to ensure that your
information is always safe, and of course, we will never sell your information
to third parties. Our servers are secure and the information you provide us
through the whole [https://onesite.co/](https://onesite.co/) (including
cPanel) is encrypted.

Our cPanel uses self-signed certificates. Self-signed certificates work
exactly like a certificate purchased through an SSL Certificate Authority,
except that they are NOT signed by a Certificate Authority. Instead they are
signed by your server; hence the term “self-signed”.

At OneSite, your data is always safe

~~~
nsgi
Self-signed certificates are not secure as they are vulnerable to man-in-the-
middle attacks.

[https://security.stackexchange.com/questions/8110/what-
are-t...](https://security.stackexchange.com/questions/8110/what-are-the-
risks-of-self-signing-a-certificate-for-ssl)

With free/cheap certificates widely available through e.g. Let's Encrypt and
AWS Certificate Manager, there's absolutely no reason to use self-signed
certificates.

The cPanel login page linked to in the footer isn't using any HTTPS, self-
signed or otherwise. This means that anyone controlling the network can inject
javascript to steal your users' passwords.

------
dustyfresh
Do you guys have a bug bounty?

~~~
MatoBo
No, but this has been the most helpful comment so far! Do you think we should
implement it?

~~~
nsgi
Definitely.

~~~
MatoBo
Do you have any examples so that we can base it on these?

~~~
nsgi
GitHub - [https://bounty.github.com/](https://bounty.github.com/)

Google - [https://www.google.com/about/appsecurity/reward-
program/](https://www.google.com/about/appsecurity/reward-program/)

Facebook -
[https://www.facebook.com/whitehat](https://www.facebook.com/whitehat)

