Web Hosting
Crash And Burn!
Wow, Friday was an incredibly eventful day for a lot of people in social media!
(Not really how we prefer to spend our Fridays!)
The largest conglomerate of mid-range hosting providers, EIG, which owns companies such as HostGator (as of 2012), Bluehost and HostMonster (as of 2011, 2010), A Small Orange, and others experienced a problem...
While many people were quick to point fingers (and the customer response on the individual fan pages of these affiliated providers was down right nasty), almost no one actually knew WHY the central backbone of the hosting connection was down.
That's because, when you are fighting a DDOS attack, the last thing you want is some opportunistic script-kiddie to come along and make it worst... so you really don't want to mention the cause.
Rather than being equipment failure or any general "laziness" on the part of EIG... they were attacked by a "Distributed, Denial of Service" Attack.
A DDOS attack happens when PCs that have malware, and hosting accounts that have been infected, are controlled like zombies, from around the world, and suddenly all start attacking one location, at the whim of their (hacking) master.
DDOS is something that can bring nearly any server in the world to it's knees. It's very hard to fight, very hard to stop, and in fact, about six months ago, it nearly took down the WHOLE central backbone of what we call the internet.
Are you getting my point that this is serious hard core stuff?
Like many people, I was prepared to give EIG an earful if it had turned out to be hardware failure again (as it was six months ago)... but it wasn't.
So why did EIG say that it was hardware failure? Because it was easier to say than than feel embarrassed about a DDOS attack. Yet most of the affiliate hosting companies wound up eventually letting the (not so dirty) truth leak.
In fact, it was something that can (and does) hit many other hosts every year.
Most web servers were down for less than 12 hours. This is only 4 hours over the window of time that is in your basic service agreement to start with (and is negated when the host is attacked).
Hosts aim for a "gold standard" of 99.8% up-time per year... which gives them EIGHT FULL HOURS of downtime for any service work they need to do (and as I mentioned, is irrelevant when an external force is breaking the law and attacking them).
Fortunately, Matt Cutts has confirmed that a single incident like this is unlikely to impact your SEO. (It is chronic, frequent downtime you have to watch out for.)
The biggest problem on Friday and Saturday was that most of us felt VERY out of control of our own businesses when we could not access our websites. But you can wager that EIG was feeling VERY out of control when they could not get data in our out or get the attack to stop.
Even the hosting that Nile and I offer to clients was down because it sits on a massive HostGator dedicated server. My hands were just as tied as yours were.
Some clients asked me about alternatives to hosting on EIG. I don't actually think that's a necessary move, but if it would make you feel better, you should look at LiquidWeb or A2 Hosting (as a shared/vps/dedicated) alternative or look at WPEngine as a "managed" high quality, high security environment for your WordPress site.
I'm pretty sure you won't hold it against me for failing to use all this fear to sell you more stuff right?
At this time however, risk assessment does not yet warrant us moving our hosting solution from HostGator to LiquidWeb so we remain with HG. (And you do as well if you are hosting with us.)
If you ARE thinking of migrating, I suggest waiting a few days. One of the tactics to "dodge" a DDOS attack is to physically move the server you are hosted on to a group of servers that are not being attacked. This can mean broken backups and other hiccups until everyone gets settled back down and all the chaos is over.
Nile Flores has some great tips for how to manage catastrophic events like these from her latest post,
To the customer
Don't panic because your site will come back.
You are entitled to answers, so if it takes writing a message on Facebook, tweeting on Twitter, writing an official customer support ticket, writing in the web host's forums... do it.
Be patient for network wide issues as that may take up to 12 hours to get everything back in order.
Don't be afraid to give feedback, but be courteous about it.
As always, you should ALWAYS have a high quality back up on hand in case a server "never came back" (such as in a fire). I use and recommend BackupBuddy and to store your backups somewhere such as Amazon S3.
Whether you need a hand backing up and upgrading your site or need assistance installing BackupBuddy, or anything in between... I offer WP Support Services and can be reached through my support desk.
I know this has been wordy, but I hope it helps you understand the very scary chaos we experienced this weekend!
P.S. If you use Sexybookmarks by Shareaholic WP Plugin, be sure you see this security advisory.