In recent months some of our servers have been suffering short outages related to mini-DDOS (“denial of service”) attempts. While it’s not clear whether these are aimed at specific sites or just generic random fallout, some servers have experienced short (10 min) outages at the rate of 1-2 per week. We have some software that catches and recovers from these, but as the nature of the attacks have changed our own tools have become slower at catching and correcting the problem. The outages are generally only 5 or 10 minutes, at most, but are obviously still annoying.
Accordingly, we’re installing the Cloudlinux security and reliabilty module on the servers that don’t already have it over this weekend and you may notice some downtime after hours as a result. As part of this, we do backups before we upgrade and this may require some server downtime. We’re installing the upgrade late at night (10pm on) so we fully expect that you’ll be soundly asleep and won’t even notice, but in case you do, we want you to know what’s happening!
Cloudlinux does a number of useful things better than we’re currently doing:
- it extends resource limitations, slowing down badly written sites that previously could potentially affect the server for others;
- it increases account isolation from each other on shared servers – previously our isolation was good, but this makes it excellent and faster;
- it stops one site dominating the server and slowing it down when that site is under heavy DDOS attack (surprisingly, if the page uses a lot of server resources, it doesn’t take thousands of hits to have an effect);
- it also adds a variety of checks and balances against other security issues, many of which we have been addressing already through other systems. CloudLinux have proven themselves to be particularly good at adding other security measures as time goes on and we want to take advantage of this as another layer of defence to our servers.
We maintain our systems at current patchlevels and releases constantly to guard against industry security releases, installing security related O/S patches within hours, and system software patches usually with 24 hours of release.
This article just discusses the operating system and some of the things we do to keep you safe there – we actually do a lot more in other areas as well and we’ll be sharing some more of those things with you over time.
We believe that with this and the many other measures we run across our servers we offer one of the most secure environments for hosting your websites that you’ll find anywhere on the internet, and we have further upgrades planned for the new year (and if you do get hacked, we can nearly always disinfect you without charge). Obviously with the prevalence of hacking these days, and the recent terrible news about the Sony hack, we take security very seriously and have the advantage of having built up some experience in the area.
Holiday wishes from your hosting team at WD3! We hope you have a great, safe and enjoyable break with family and friends and look forward to talking to you in the new year.