End of SSL 3.0 as POODLE attacks.

SSL version 3.0 is no longer secure. Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible, in order to avoid compromising users’ private information

Back at the end of September, a team at Google discovered a serious vulnerability in SSL 3.0 that can be exploited to steal certain confidential information, such as cookies. This vulnerability, known as “POODLE”, is similar to the BEAST attack. By exploiting this vulnerability, an attacker can gain access to things like passwords and cookies, enabling him to access a user’s private account data on a website.

Any website that supports SSLv3 is vulnerable to POODLE, even if it also supports more recent versions of TLS. In particular, these servers are subject to a downgrade attack, in which the attacker tricks the browser into connecting with SSLv3. This relies on a behavior of browsers called insecure fallback, where browsers attempt to negotiate lower versions of TLS or SSL when connections fail.

POODLE affects SSLv3 or version 3 of the Secure Sockets Layer protocol, which is used to encrypt traffic between a browser and a web site or between a user’s email client and mail server. It’s not as serious as the recent Heartbleed and Shellshock vulnerabilities, but POODLE could allow an attacker to hijack and decrypt the session cookie that identifies you to a service like Twitter or Google, and then take over your accounts without needing your password.

Google’s security team has recommended that systems administrators simply turn off support for SSLv3 to avoid the problem. But this will mean that some users trying to connect securely to a web server using SSLv3 will have trouble connecting if they’re using a client that only supports this protocol.



IMPORTANT NOTICE: There is no patch or update available to fix it in windows and Linux, but it is possible to disable SSLv3 on both the VM platforms by modifying registry in windows and config file in Linux.



ColdFusion security hotfixes for version 9-11

Adobe released security hotfixes today classified as “important” to address a XSS, CSRF, and authentication issue in CF administrator: http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html

This update also includes updated web server connectors for both IIS and Apache on ColdFusion 10. ColdFusion 11 connectors do not appear to be updated since ColdFusion 11 update 1 (last month).

We will be updating our WebsitePanel shared hosting servers and any customers with fully managed servers.

Un-managed customers or those with only Basic management will need install the update themselves.

Legacy HELM systems will NOT be updated.


End Of Life Notice for ColdFusion 9

Hello lovely customers


We have some news for those of you who use ColdFusion 9.

ColdFusion 9 is coming to end of it’s life, and will stop being supported by Adobe on the 31st December 2014. In practice this means Adobe will no longer care for this software at all, it’s security vulnerabilities will never be fixed, ever, and websites running it will be left vulnerable.

Websites running on ColdFusion 9 (or indeed any version below 9 which is also no longer supported) will become easy bait for hackers who may be able to leverage any unplugged vulnerability to get into the website, plant whatever code they fancy into it, and generally do whatever other nasty things they want to do with your website. I’m sure you can appreciate this isn’t ideal.


The good news – we can offer you cost effective migration to a FREE alternative


There may however be good news for some, as we can migrate your website to an open source, more secure, and FREE alternative CFML engine called Railo.

Depending on the complexity and installation of your website, the migration fee could be as little as your monthly ColdFusion subscription. Also, as Railo is free, you would no longer be tied into any contract  or have to worry about upgrade costs (whoop whoop).

Give us a call for a free consultation with our experts, so we can work out whether your site will work on Railo, and give you a quote for the migration.

For those of you who are dedicated to Adobe and have dedicated hosting, you can upgrade your ColdFusion to 10 or 11, but bear in mind these will reach EOL and lose their Adobe lovin’ in 2017 and 2019 respectively.  You can upgrade to the latest version through Adobe, or give us a call and we can sort it out for you.


A bit more about Railo


Just like ColdFusion, Railo is a CFML engine that runs webpages written in the CFML language.

Railo is simply the open source solution whereas ColdFusion is the commercial solution.

Railo is perfectly capable of running the vast majority of ColdFusion sites with little or no changes. We have even found that in most cases, sites migrated from ColdFusion to Railo actually run better, requiring less fixes and sometimes none at all. Railo also has far fewer security issues and bugs than ColdFusion.

Because Railo is FREE, we can keep all our servers up to date with the latest version, making them more secure and giving you all the latest features and functionality at no extra cost.

Railo also has the added advantage of giving every single website its own web admin (equivalent to the ColdFusion admin), allowing customers to manage all their own settings such as mappings, data sources and smtp servers without having to contact us. For more information on Railo please visit www.getrailo.org.  

If you are interested in switching your site to Railo, or even PHP such as WordPress, then we are ready and waiting to help you do so please Contact us through our website, or by phone: 0845 468 2369

Introducing Host Partners


A lot has happened over the last few years with BlueThunder and the time has come, or is in fact a touch overdue, for us to implement some important branding changes.

As you may know it has been just over a year since we were acquired by Host Partners Ltd along with Loud n Clear and Loudex.net. The acquisition is not a cause for concern, we are still the same people and we are not having a new start or beginning, we are simply completing our integration into the parent company at the end of a 12 month journey.

Because we are now part of a bigger branding picture, you will notice the Host Partners branding appearing more often on any communications from us as we shift everything over to a unified system.

The first thing you will notice is the name on your bank and/or credit card statement changing from BlueThunder to Host Partners. You will also notice the graphics and design of your background systems changing from Blue Thunder to Host Partners. You will see this name appear on our outgoing emails, support helpdesk (MyHostSupport.com), your invoices from the billing system (WHMCS), and the new website control panel (Websitepanel), but not on HELM as this is being retired at the end of the year as per previous announcement. If you missed the HELM  announcement then please check the previous posts.

These charges will be taking place over the next 14 days and i’m told by the techies that it will not involve any downtime to systems, just don’t be surprised when it looks a little different all the tools and all the functions will remain the same.

There is nothing you need to do or any changes you need to make at your end, this message is merely to keep you updated as to what is going on… FYI


About HostPartners
Host Partners is a unique ownership structure of global hosting services provided at a local level. Our purpose is to create happy customers, workers and suppliers through delivery of a worthwhile, sustainable alternative to the conventional hosting giants.

Introducing Claudia, our new Head of Communications


I’d like to introduce myself, i’m Claudia and I am taking the reins as head of communications at Blue Thunder. My background is quite comprehensive having worked in online marketing, marketing and PR, social media and mobile app startups. 

My mission here is to help you understand the things you need to know in relation to Blue Thunder and the services we provide for you. I will be telling you about new services, changes to existing services, any promotions we think you would like, and generally keeping you in the loop.

I’m not overly techie so will be trying to translate the more technical aspects into language that is understandable for the average administrator, manager or lay person (like me!) 

I believe that for me to communicate all the great things we have going on here, I need to hear from customers direct. So, to aid this, I will be calling a selection of you over the coming months to hear about what you think we do well, what we do badly, and how we can improve your day.

Looking forward to working with you


Blue Thunder 



HELM reaches EOL and will stop working after 31st December 2014

IMPORTANT: Please make sure the person responsible for your hosting and website reads this announcement.

HELM has been a great control panel and has served us and many other hosts well for the last 12 years, but it has now officially been announced by Parallels as end of life (EOL)  on 31st December 2014.

Although technically HELM has not been supported or received any updates  for many years now, but from this date Parallels have confirmed to us that they will be taking the HELM licensing servers offline, which means all HELM systems used by all hosting providers will no longer be able to validate its license and will stop working.  
When this happens neither us nor customers will be able to login to helm to manage their hosting, and we will thus be unable to provide any further support for customers still using HELM beyond this date.

Some History

Helm was originally created in 2002 by WebHostAutomation, who were then acquired in 2007 by Parallels, who are best known for their Plesk control panel.
This acquisition was pretty much the end for HELM as Parallels acquired  all competing control panels and all development stopped, there have been no updates or new releases since and support from Parallels was pretty much non existent.

Like many we held on to HELM for a few more years hoping for Parallels to deliver promised updates or  a migration tool to one of their other panels, but sadly nothing of any significance appeared. So In 2010 we started the switch to WebsitePanel as our new hosting control panel and WHMCS as our new billing system, and setup new Windows 2008 servers to replace the old legacy HELM systems. We prepared a manual migration plan for websites as well as our own in-house tool to migrate customers data to the new billing system, and in 2012 we made an official announcement to customers  titled “Upcoming changes to our hosting services” which explained about the retirement of HELM and the legacy systems it runs on, asking customers to prepare for migration to the new systems, explaining the changes that would be required.

Due to the age of these  old HELM systems, they had  started to suffer hardware failures, so in order to keep these systems online we have been virtualising these old systems where possible and converting them into virtual machines on our private cloud infrastructure. This has been possible due to our acquisition of our former infrastructure provider “Loud n Clear Ltd” back in 2013, who originally maintained all these old systems.

While this solved  the problem with the aging hardware, there was  unfortunately no solution to all the legacy software involved, which cannot be upgraded to anything newer due to the fact that HELM cannot support anything newer,  including the Windows 2003 server operating system, which also reaches end of life in 2015. As we mentioned in our announcement back in 2012, this presents numerous security concerns as well, as there are no patches or updates available for any of this legacy software, meaning they remain vulnerable to all any any known security holes, hacks or malware.

Since 2012 we have already stopped using and supporting HELM ourselves, and all new customer signups have been on our WebsitePanel platform 

While we have tried over the last 2 years to get customers migrated, this unfortunately has not been possible due to the fact that the majority customers have not made any preparation for migration. This meant that we could not perform the migration of many websites without something breaking as none of the required changes had been made as per our previous announcement. This meant that every migration either took weeks or months to complete or clients have simply been unwilling  to make those changes or do the migration.  Unfortunately we simply do not have the resources available to do all the required coding changes on behalf of all customers for free as part of the migration as in most cases it requires the involvement of a developer.

We have therefore opted not to enforce the migration, but to leave the choice in the hands of the customer, but please be aware that if you do choose to remain on the legacy HELM servers, then it will be “At your own risk” and as advised you will lose all access to your account on or after the 31st December.

We aim to keep the HELM servers  online as long as possible, but please be aware that they are no longer  officially supported and we will no longer be providing  any SLA or guarantees for these servers.  

We have provided instructions on how to migrate (see below) and will provide support and assistance via our ticketing system to help you with the migration if you choose to do so. 

We can  also offer to do the migration for you, including providing you with a developer to help fix any issues with your site, but this will be a chargeable service. Please contact us if you require a quote.

We should also like to remind customers that ANY host still running legacy HELM systems will be in the same situation. The difference is that we have made our customers aware of these issues and have provided a migration plan, whereas other hosts have left their customers in the dark and either have no plans to migrate or have simply migrated customers without warning, leaving them with broken websites.

Thanks for listening…

Migration Options

You may migrate your hosting  to our new platform by following this migration guide.

If you are unable to perform the migration yourself, you may contact us for a quote for perform the migration for you.

You should  also read our previous announcement from 2012 “Upcoming changes to our hosting services” which explains the various changes which may be required to your website and the differences and advantages of the new platform.

To summarize the primary changes we have identified are:-

  • Microsoft Access databases no longer supported. You will need to convert to MSSQL or MySQL
  • Legacy ColdFusion versions no longer supported. If you are running on ColdFusion 5/6/7/8 then you will need to make sure your site runs on ColdFusion 9 or preferably Railo (see below).
  • Outgoing mail must be sent through one of your own email accounts or an alternative SMTP server.
    It will no longer be possible to send unlimited emails or to send email anonymously using localhost or the  default SMTP server settings. standard outgoing mail quotas and limits will apply (see here).
  • PHP 5.2 is no longer supported, we only support PHP 5.3 onwards.
  • ASP.net 1.1 is no longer supported, we only support ASP.net 2.0 onwards.
  • HELM secured folders cannot be migrated. you will need to setup any secured folders using the WebsitePanel equivalent.
  • ColdFusion verity collections are no longer supported since CF 9.0.2, verity was replaced with SOLR.

ColdFusion FAQ

The majority of our ColdFusion customers are still using legacy versions of ColdFusion, which are no longer supported by Adobe and also contain several security vulnerabilities as a result which will never be fixed, and  nor will any future vulnerabilities. Due to lack of interest  we have never had cause to upgrade to any version newer than CF9, so this is currently the newest version we support on our new platform, which is still supported by Adobe. However Adobe only support 2 versions below the current version (11), which means even CF 9 is nearly EOL.
In addition these older versions of ColdFusion were written back in the days of Windows 2000/2003 and so do not support the current  server operating systems (windows 2008/2012), and so cannot be installed on our new platform.

Our recommendation is therefore for customers to seriously consider  switching  their ColdFusion sites to Railo, which is a FREE and open source alternative to ColdFusion which we have been using and supporting for several years now.

Railo is a CFML engine just like ColdFusion, they both do the same thing and run webpages written in the CFML language, Railo is simply the open source solution whereas ColdFusion is the commercial solution.
Railo will run the majority of ColdFusion sites with little or no changes, and we have found in most cases that when moving a site from a legacy version of ColdFusion it actually runs better on Railo than on a newer version of ColdFusion and requires less fixes, sometimes none at all.

Because Railo is FREE, this also allows us to keep all our servers up to date with the latest version, making them more secure and giving you all the latest features and functionality at no extra cost.  Railo also has far less bugs and security issues compared to ColdFusion.

Railo also has the added advantage of giving every single website its own web admin (equivalent to the ColdFusion admin), allowing customers to manage all their own settings such as mappings, data sources and smtp servers without having to contact us.
For more information on Railo please visit www.getrailo.org.

If you are interested in switching your site to Railo, or even PHP (e.g. WordPress), then we can help with this also, so please contact us.


Emergency Work (12/08/14 13:00 GMT): Emergency ‘Service at Risk’ Work on Vorlon-H8

Title: Service at Risk Maintenance for Vorlon H8 Server

Event: A new maintenance window has been scheduled for 12/08/14 13:00 GMT

There are lots of sites are running on Vorlon-H8, but only few are live and rest are either migrated to WSP or somewhere else. This is another legacy server which is lbeing replaced but cannot be virtualised first to extract the data. Please check that you have no sites running and migrate any data you wish to keep off the server ASAP. One of the issues this server is having is not being able to resolve domain lookups, which may be due to impending NIC failure on the physical machine. Currently Vorlon-H8 cannot connect to Vindrizi-H4 server on SQL port and so many sites are either not working or flapping.

We will be migrating the website as well as ColdFusion DSN from Vorlon-H8 server to Vorlon-H9 server. It will automatically update the FTP and website A record to points to Vorlon-H9 server. But it takes 4-8 hours to update the DNS over the globe. The maintenance is expected to cause some disruption whilst the files are being moved, however during the windows of procedure, servers and services will be running only may become unavailable if the server times out.

This maintenance window will be done immediately to minimise further disruption to client services.

We apologise for any inconvenience caused, but we appreciate our customers understand essential maintenance is required to delivered the best quality of service.

BTI staff will monitor the sites we know are live and test them as working when they have been moved. 


Thank you,
BTI Status

If you wish to unsubscribe from BTI Status notifications, you can do so here: http://www.bluethunder.uk/unsubscribe

We have changed to BlueThunder.uk

What is .uk?

The new .uk domain is a shorter and sharper and puts the emphasis firmly on your website name – exactly where it should be. It is the newest product in the UK Domain Family and is at the forefront of the online revolution, offering an exciting new territory for online pioneers to make their own.

With the recent launch of the new .uk  TLD, we decided to change our primary domain to BlueThunder.uk.

We have spent several years running from bluethunder.co but have found that many folks have still not heard of the .co TLD, and often think it is a typo and  instead go to .com, which unfortunately we do not own.

We hope that using .uk will avoid this issue and thus result in less confusion.

For any customers also wishing to obtain the .uk version of their domain, you may do so by one of the following methods.

  • by logging into your account at www.bluethunder.uk/whmcs
  • or via www.loudex.net if you do not have an account on the above system

Please note that nominet rules dictate that the owner of the .co.uk or .org.uk (in that order) gets first rights on a .uk domain. So if you already own these domains or they are currently un-registered then you can register the .uk (you just use the exact same registrant details)

If someone else owns the .co.uk or .org.uk version of the domain, then you will not be able to register the .uk. If you feel you are entitled to register the .uk domain then you may optionally open a dispute with nominet.

for more information please go to www.dotuklaunch.uk


Why is ColdFusion not suitable for shared Hosting

This is a topic we have to  deal with and attempt to explain quite often, and after some 12+ years supporting ColdFusion, and dealing with hundreds of developers on all levels, ranging from beginners to gurus, one thing we have come to learn quite well is that most developers do not really understand how things work on the server side.  

They know how to write code and upload it to the server, but most things beyond this tend to be somewhat of a “black box”,  and specifically the majority of CF developers also do not understand how ColdFusion really works and how/why it works differently from other scripting languages like PHP or Python or ASP.net.

Unfortunately this lack of knowledge  often results in the wrong type of hosting being used which can be very detrimental to a clients website performance and security, especially in a shared hosting environment and unfortunately tends to also result in “the finger of blame” being pointed at the hosting provider whenever there are problems, which often results in the pointless moving of sites between one host and another, which does nothing to address the inherent issues.  So hopefully this article will help to enlighten and inform as well as alleviate some of the misconceptions about ColdFusion hosting.

To put it simply, ColdFusion is a Java application, it runs on Java Servlet Engine (such as Tomcat) and this is where the problem lies, with Java rather than ColdFusion.

It is IMPORTANT to understand that Java (and thus ColdFusion)   is intended as an enterprise solution and as such is intended to run on dedicated hosting solutions and was  never built for, or suited to, shared hosting, due to the way it works, so when it is used in a shared hosting environment it tends to have performance issues and also has some security issues as well.

How ColdFusion processes web page requests

When we look at other common languages such as PHP, Perl, asp.net etc, these run as an NSAPI/ISAPI or CGI process, so, every website on the server spawns its own process to handle the requests. So, if there are say 20 PHP sites then there are 20 x PHP processes running (think of this like 20 separate instances of ColdFusion). 
So if site1 crashes php or ASP, it will generally have no effect on any other site because they are running php/ASP in a separate process. Of course there are occasions where these  processes can end up killing the web server as whole, but this is far less common and happens very infrequently.

ColdFusion on the other hand does not run this way.  

ColdFusion instead runs as a service (like your anti virus software for example).

This is the equivalent of a single process in the CGI/ISAPI world.  This means that essentially, every single web page on every single website on the server is going through the same process, and the end result of this is that any single website can cause problems for all the others.
Just as when your anti-virus software runs, it can slow your computer down and make it unusable for you because it consumes all your system resources.

Here is a diagram to illustrate.

 cf server diagram

Imagine the following (very common) scenario.

Lets say abc.com makes a cfhttp request to an external web service at xyz.com  to get syndicated content for its pages.
The web service at xyz.com goes down, which means all the pages on abc.com are now, potentially, going to have timeouts waiting for a response.  On a shared server this can very quickly result in all the ColdFusion maximum number of simultaneous requests to be consumed, and subsequent requests will then become queued behind them.  The result of this is that every other Coldfusion site on the server now becomes slow as well, as all their page requests have become queued behind the problematic site(s), and are now likely to also timeout as a result if they sit in the queue for too long.

An even worse scenario is where native java requests are concerned, such as database queries as these cannot be killed automatically, not even with FusionReactor, so will never timeout.  If a web page hangs in the middle of a database query because it is waiting for a response back from the database server, then this request will not ever timeout and will hang indefinitely, thus 1 cf thread is now permanently used up and no longer available. If this happens 10 times, now 10 cf threads are gone and no longer available to anyone else.  If the “maximum number of simultaneous requests” on the cf server is set to 10, then you now have 10 requests hung and 0 requests left and so the server will no longer be able to serve up any more ColdFusion pages and subsequently all websites on the server will now hang/timeout until the service is restarted.

If the original problem still exists then restarting the CF server will also not help, as the issue will simply return and continue until all the requests are again used up and all sites start to hang.  The only solution at this point is to find the site causing the problem and turn it off.


But my code has proper error trapping and caching and stuff, so this doesn’t affect me, right ?

Wrong,  I’m afraid.  On a shared server it doesn’t matter how brilliant your code is, or how well you have performance tested it, or how much error trapping you have.  This does not stop the other sites on the server from causing you problems or you causing them problems.

You could be lucky on a shared host for months, or even years, if you are on a server that doesn’t have many websites, or simple sites that are not problematic (at the moment), but it only takes one poorly written app to bring CF to its knees.

It is also important to realize that (in our experience), almost nobody using shared hosting has ever done any kind of load testing or performance testing on their website and, in most cases, do not even know what this means or how to do it, the result of this is that web site owners have no idea how their site will perform under load.  This results in another very common scenario which usually begins with a statement like, “Nothing has changed on my site and it has been running fine for years, so it must be your server”.
Again this is totally irrelevant in most cases, sure your site (or any other site on the server) may well have been running fine for years with 20-50  visitors per day, but what happens when it suddenly gets 1000 visitors per day as a result of some marketing or media attention?  Or if it starts getting hit by search engine bots? (which is very common) Suddenly this once stable site falls over horribly, due to poorly written or legacy code which simply cannot cope under load, as it was never load tested.

Let me give you an analogy.

You have a reliable little moped, you have been driving it around town for years with no problems at all and it has served you well, but it has never gone above 40 MPH. One day you need to take it on the motorway for the first time ever, so this would be the first time your reliable little moped has ever gone above 40 mph, but unfortunately it seems it was never built for this, and once you hit 70 mph the engine  overheats and the bike stops working. You are stuck right in the middle of the motorway, and are now causing a tailback as cars start to queue up behind you. The only way to resolve this problem, is for someone to remove you and your moped out of the way so that traffic can start flowing again.

When your engine cools down, you can probably get going again, but once you get up to 70MPH, the same problem with occur.

Security Issues.  

Everyone by now is aware of the prolific CFIDE hack which affected many CF servers around the world, and which we blogged about HERE.  This was only possible because CF runs as a service, and because that service runs under the SYSTEM account by default, which has full file system access, which allowed the uploaded hack to access every part of the server.  If CF worked like a CGI/ISAPI application (as it did in the days prior to CF6 before  it became a Java application), the effect of this hack would have been very limited, as on a properly configured server, the hack would not have been able to read/write files outside of the web root.

While there are ways to lock down ColdFusion (and yes we do this), this is more to protect the server and does little to protect  websites from one another, again due to the fact that ColdFusion is JAVA and runs as a service, so on a shared server there is simply no way to fully 100% secure your site  from being accessed  by the code in other sites what are written in CFML or any other Java application, not even when using security sandboxes, as any competent developer can easily circumvent these sandboxes, obviously we are not going to document how though.

So to put it bluntly,  if you are running an eCommerce site and storing customer details and/or card details, or any other kind of private or personal data, then you are putting this data at risk on any shared server, period. If that server runs any kind of  Java application server which runs as a service (such as ColdFusion), then the risk is greater.

Other common causes of performance issues

There are quite a few other common issues that occur on shared hosting which can cause problems for everyone.

  • Client variables
    A lot of developers will enable client variables in their code even though they do not use them, and worse will set them to use the registry or a database by default.
    When using the registry, this fills up the servers memory, and can cause it to crash.
    When using a database, this can affect performance considerably and make the site slow. A database bottleneck can also affect other sites on the server.
  • Database bottlenecks
    Badly written database queries, lack of caching or poorly designed databases will result in performance bottlenecks, which will get worse as a site gets more traffic.
    These performance bottlenecks will result in pages taking too long to execute, which results in timeouts, which results in queued requests. The end result as above is that all other sites end up going slow.
  • Caching
    When content and data is cached, this means the application does not have to go and get it each time for each page, which improves performance.
    Lack of caching can cause performance issues, especially with databases when grabbing large chunks of data, or when connecting to external feeds or web services for data.
    again this results in timeouts.
  • Too many requests
    On a shared server, remember that you are sharing everything with hundreds of other customers websites. This can easily overwhelm ColdFusion due to the way it works as the maximum number of requests can easily be exceeded when things get busy. If another eCommerce website on the server is having a major sale and has increased their traffic 10 fold, this will have an impact on everyone else.

But Railo is better right ?

When talking about the issues above, ultimately, No, I’m afraid, as Railo is also a Java application and so works the same way as CF, so the primary issues mentioned above, apply to Railo as well.

Railo is however an improvement over ColdFusion in many other ways.
Such as in that the security sandboxing, which  is automatically applied at website context root level (if you set this in your Railo server admin) and just works, and does not require admins to setup sandboxes for each site as with ColdFusion which is a sandboxing nightmare, which makes Railo better for shared hosting.  However, the sandboxes, like ColdFusion’s, only sandbox CFML and do not secure Java code.

Railo also has a per site web admin, allowing all customers to admin their own site, which is again a big improvement over ColdFusion, which has a single Admin which must be administered by the host, and customers cannot have access to this.  There is also no CFIDE folder, which has been the cause of many problems with ColdFusion.

So by using Railo you don’t have to rely on your host, you can pretty much do everything yourself, which is a big plus. So overall, Railo is a better solution in a shared hosting environment.

So what’s the solution?

The only solution is to do some research, educate yourself and use a bit of common sense, and consider, how important is your website to your business ?

As I mentioned, ColdFusion is, and always was, intended to be an enterprise solution, and as thus, run on dedicated hosting solutions.  It was never intended to be used for shared hosting and is not built to do this.  Don’t forget that ColdFusion as an enterprise solution also has a hefty price tag (£6,800 for the enterprise version), so ColdFusion hosting is always going to be more expensive too.

So the simple answer is, use the right tool for the job. CFML is a great language and ColdFusion/Railo are great tools, when used correctly, you wouldn’t use a chisel to hammer a nail right ?

If you just want to run a blog, personal website, or a simple brochure ware website and up-time/performance is not important to you, then you are a candidate for shared hosting, and these these types of sites are best served by somehting like WordPress for example, or other free open source site in a box/CMS type systems. For this type of site ColdFusion really is overkill.

If you run an eCommerce site or any kind of application which is mission critical, is your primary source of income, and needs to be secure, then you are a candidate for dedicated hosting.

If you love CFML and want to use it for everything you do, or have a custom built application, then you should consider the implications, and get yourself a VPS running Railo (or ColdFusion if you can afford it).  You then have full control over the security and performance, and also have the option to use multiple CF instances, so each of your sites run on a dedicated instance of Tomcat (or your preferred java servlet container), so you can still run multiple sites but avoid the shared hosting scenario and also lock down the security.


If you have any questions or need some advice or consultancy on this topic, please feel free to give us a call.

system Failure 28/06/2014: Vorlon-H4

We have had a system failure of one of the legacy HELM systems called VORLON-H4 (semi dedicated system).
Due to the age of the system it has been un-recoverable, and we are currently in the process of replacing it with a virtual machine and restoring data from backups.

We are working diligently to get everything back online ASAP.

Please check back here for updates.

update 13:24
new virtual machine has been built and required software is being installed.
Due to the fact that all the software is also legacy, this has proved a bit of an issue also to find appropriate installers.

 update 16:40
We have managed to restore all customer data from backups, and have PHP, ASP and HTML sites working.
We are still working on ColdFusion.  The old server was running ColdFusion7 (which  is no longer supported or downloadable ) and we were unable to get ColdFusion 7 working with current version of Windows 2003 SP2, so to expedite getting the system online ASAP we have had to use  ColdFusion 9 instead.

If any customers are using ODBC DSN’s, these have not been restored. But you can easily do so by logging into HELM and selecting the ODBC and clicking save, and it will be re-created.

update 20:26
further to last update we discovered that there we no active CF sites on the server, so we have not restored any of the ColdFusion settings and will be disabling Coldfusion on this server as part of its retirement. We have emailed  customers for confirmation, but anyone using this server for CF will be migrated to a newer server.