Lifetime hosting with Dragify / Ahead Hosting: a lifelong nightmare!

In October 2017 Greedeals.com published a deal from a company called Dragify: they offered lifetime web hosting for up to 4 websites at $39.99.
It looked like a good deal, so I signed up to test the service for a few days.

After I signed up I discovered that Dragify would no provide this service directly. The webhosting they were selling would actually be provided by another company called Ahead Hosting, apparently from Spain.

Well, who cares? What's important is that it works... So I tested the service for a few days (not enough, I would discover lately) and it looked okay, so before the special offer ended, I signed up for a second account, this time paying for the "triple up" addon, which allowed up to 12 websites to be hosted on that account for $39.99 (as before) + $39.99 (for the "triple up" addon).

Since this is important, let's call them ACCOUNT A (4 websites) and ACCOUNT B (12 websites)

I then proceeded to move all my websites from my old hosting provider to these two new accounts... and that's when the nightmare started.
Downtime is the major issue here: the websites would be unreachable or show "Error 502 Bad Gateway" for long periods of time. I would write to Ahead Hosting's customer service but my emails would mostly go unanswered. On a few rare occasions I have received a reply to my emails, and they all consisted mainly on monosillables.

On December 20, while checking stats on my ACCOUNT B's cPanel, I discovered that some unknown third-party was sending spam using the SMTP of one of my domains hosted on this account. I immediately sent an email to the customer service to warn them that the server was misconfigured, since it allowed third parties to send spam, even though everything was set to avoid this. Of course, I have never received any reply.

In early January 2018, everything came crushing down: all the websites were unreachable, the cpanel would not allow me to login to any of my accounts ("user does not exist"). Of course, I immediately contacted the customer service and guess what? I have never received any reply.
Almost three full days later, the websites were up again and the cpanel would allow me to login again. Have I ever receive an explanation for this incident? Of course not.

Then, a few days later, without any forewarning nor any communications, my ACCOUNT A got suspended. The websites would show "This account has been suspended" and the cPanel would not allow me to login saying "this account has been suspended".
Of course I immediately contacted the customer service again, and this time (a few hours later) I received a reply that simply said that the account had been "suspended for spam".
Remember the problem with the SMTP server I tried warning them about? Well, it looks like they didn't give a damn about my warning, but they used it weeks later to suspend my ACCOUNT A, without any logical reason, considering that the domain which was used to send spam was hosted on ACCOUNT B!
In fact, my ACCOUNT B was still up and running and spammers were still using it to send spam!!

And it does not end here: while suspending my ACCOUNT A, they also decided to suspend my "triple up" plugin on ACCOUNT B. Why??? There was no logical reason at all, just utter incompetence! If the account causing problems was ACCOUNT B, why did they suspend ACCOUNT A? And then why did they suspend the "triple up" plugin on ACCOUNT B? Again, pure and simple incompetence.
At least, after contacting Dragify about this, they have canceled the suspension on the tripling up, and I have got my webspace and bandwidth allowance for 12 websites back.

Not that I intend to use this "lifetime" nightmare anymore. Immediately after the suspension I started moving all my websites to a different hosting provider, which hopefully will prove more professional than Ahead Hosting.

By the way, it looks like behind this so-called company Ahead Hosting lies a single person, who owns (or rents?) a single server: when my websites were down/unreachable, the "company's" website would be down/unreachable too. How professional is that?

In conclusion: as the old saying goes, you get what you pay for. If you want reliable hosting, stay away from these "lifetime" offers.
And most of all, stay away from Ahead Hosting.

Easily create a VPN Gateway with a Raspberry Pi (or similar board)

I don't have an OpenVPN-capable router, but I needed to create an always-on openvpn CLIENT that would connect to my VPN service, so that it could be used as a gateway for other devices in my LAN. Using this gateway to access the internet, the internet traffic of those devices would be protected by the secure VPN connection.

I've looked around and I have found a great tutorial to achieve this: it was written by Superjamie for the Raspberry Pi and you can find it here.

Unfortunately I didn't have a Raspberry Pi available at the time, so I thought it would be interesting to do the same for what board I had available, which was an Orange Pi Zero.

I used DietPi as the base operating system for this project, and tried following Superjamie's tutorial, but since it didn't work on my Orange Pi / DietPi combo, I made a few adjustments, which I share with you here.
All credits for this still go to Superjamie, because that's where all the huge work comes from.

Please follow Superjamie's tutorial (again, you can find it here) with the following exceptions:

1. Install DietPi instead of Raspbian Jessie
2. Since DietPi's user already has root capabilities, you should write any commands from Superjamie's tutorial without typing the 'sudo' at the beginning of the command.
3. I've found out that the section of the tutorial called "Enable VPN at boot" was useless and harmful, as it would prevent OpenVPN to be launched correctly, therefore it must be skipped.
4. The VPN Kill Switch section of the tutorial didn't work for me. I have found out that it had to be modified a little bit to make it work, so I'm re-writing it below, in a version that makes it work:

VPN KILL SWITCH 

This will block outbound traffic from the Pi so that only the VPN and related services are allowed.
Once this is done, the only way the Pi can get to the internet is over the VPN.
This means if the VPN goes down, your traffic will just stop working, rather than end up routing over your regular internet connection where it could become visible.

[Note by Tech Delirium: please adjust IP addresses by using the correct ones for your network and the port numbers by checking the ports used by your VPN service]

iptables -A OUTPUT -o tun0 -m comment --comment "vpn" -j ACCEPT
iptables -A OUTPUT -o eth0 -p icmp -m comment --comment "icmp" -j ACCEPT
iptables -A OUTPUT -d 192.168.1.0/24 -o eth0 -m comment --comment "lan" -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp -m udp --dport 1198 -m comment --comment "openvpn" -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m tcp --sport 22 -m comment --comment "ssh" -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp -m udp --dport 123 -m comment --comment "ntp" -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp -m udp --dport 53 -m comment --comment "dns" -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m tcp --dport 53 -m comment --comment "dns" -j ACCEPT
iptables -A OUTPUT -o eth0 -j DROP
iptables -I FORWARD -i eth0 ! -o tun0 -j DROP

[Note by Tech Delirium: Superjamie's tutorial didn't work for me, but adding the last line above does the trick and makes the kill-switch work]

And save so they apply at reboot:

sudo netfilter-persistent save

If you find traffic on your other systems stops, then look on the Pi to see if the VPN is up or not.

You can check the status and logs of the VPN client with:

sudo systemctl status openvpn@Japan
sudo journalctl -u openvpn@Japan

That's it! Now the board will connect to your VPN service at startup and if you set up you devices to use the Pi's as their gateway, that device's internet traffic will be tunneled via the VPN and will be protected. If the connection to the VPN service goes down, NO TRAFFIC will be allowed through, so you will have no leaks.