Attacks and outages…

Well as we grow Bluehost.com bigger and bigger we become more of a target for malicious people out there. We have literally hundreds of attacks per day on our system. When I say attacks I mean, denial of service attacks, password hacking bots, etc.

Many web hosting companies experience severe downtime due to these type of attacks. We are no exception, except that we are taking measures to eliminate this problem. The cost of eliminating these attacks on our type of network range from around $15,000 per year up to $60,000 per year. Many hosts simply accept the attacks as a fact of life.

We will no longer gamble with our network and hope that attacks don’t happen. We have implemented some high tech measures to virtually eliminate denial of service attacks and other outage causing worms. We are in testing mode now, and should turn these functions on live by the end of the week. We hope this will ensure a higher level of integrity for our network. I am ALWAYS open to any suggestions to improve bluehost, so let me have it with features you would like to see!

Thanks,

Matt Heaton / Bluehost.com

36 Responses to “Attacks and outages…”

  1. mark says:

    I make Independant films or think I do have not gotten any of the ground yet, I was thinking about buying a laptop computer or notebook, not shure what the differiance is, anyway is there a laptop that you can recommend for video editing for under a grand? as for Bluehost I think your doing a cool job just wish I could make a cool interactive website

    Mark Pfeltz

  2. david says:

    No pain, no gain. Bluehost.com did better and better.

    David
    http://www.oil-gas-news.com

  3. Fonzo says:

    Well I am glad to see you guys attempting to fix the issues before they become problems. Nice.

    The only feature I would request is better/updated stat tracking. I know you guys use AWSTATS, Webalizer, etc. and a few others, and maybe they are the best ones on the market right now, but they seem rather limited in the stats they report.

    Of course, this is pushing the fact that I do NOT want to have to install my own stat tracking software or purchase stat tracking via a third party.

    Also, speaking of AWSTATS, version 6.5 is (or is about to) go live. Will we be seeing an update soon?

  4. Bernard Peh says:

    Yes, at least you took great measures to handle it. Many hosting companies just ignore it. One hosting company had their forum hacked without them knowing for 1 week. I emailed them, informing them and asking the reason for their slow response…they didnt even thank me!!

    just to side track abit: why dont you set up have a forum(eg like lunarpages) to foster interaction between the bluehost team and the customers?

  5. Li An says:

    Dude keep it up… I’m hungry for more improvements :)

  6. jordi says:

    php5!!

    I´m a php freak, I need php5.

    It’s nice to know you guys are doing some preventive security checks!!!!!

    excelent job!!!

  7. Jeremy says:

    I just want to say that BlueHost is by FAR the best host I’ve ever used. I wanted to develope a Ruby site soon, and opened a Dreamhost account for this purpose. Man alive. In two weeks the service was down for short periods on three seperate occasions. hmmm. The control panel was very confusing and there is no support phone number (though email support was very responsive).

    Anyway, I canceled service and transfered the domain here. Ah well- no Ruby for me. BUT WAIT!! Just another reason to love bluehost. So cool. I’d pay double for this host. (Did I say that outloud?)

  8. self says:

    That is why I am proud to be associated with bluehost. Customer service that superior to all.

  9. Ayan says:

    When I see the hard work and dedication you put into your business, it makes me feel proud to be a customer. I have never tested out other hosting companies and have absolutely no clue how they manage their downtimes or what problems that come across but choosing this host as my first was a smart choice. Please do keep it up!

  10. Funsapple says:

    Bluehost is highly recomended by my buddy teddy low, without saying anything, I straightaway sign up for 2 years. What can i comment is.. Bluehost team, you are doing a good job! Its ease to use, flexible, lot of features are automated, i think even my grandpa also know how to implement this. It makes me more concentrate to my forex website http://www.learnforexsecret.com by not giving any technical problem.

  11. jordi says:

    Also more bandwidth will be great!

    cheers!!

  12. Dena says:

    I’m a relatively new subscriber but have been very impressed with the service and uptime so far. Keep up the great work!

    BTW if anyone needs a user-friendly, secure, free shopping cart system I highly recommend
    http://www.mals-e.com

    Best,
    Dena

  13. Tom says:

    Thanks! Makes the difference between staying and going!

  14. Stephen Gilbert says:

    Matt, here are three features that may not be in your business model, but I wish Bluehost had them b/c I’ve had to go elsewhere for them.

    1) SLA-style uptime promises – I’d be able to recommend Bluehost to my clients more readily if I could tell them that y’all, like other hosts have 9#% uptime etc.

    2) More robust back-up process – If I remember right from one of your friendly support reps (they’re great!!), there’s an account-wide backup every 15 days or so (maybe taken offsite? I forget), and then there’s an every-couple-days backup. But I was disappointed to hear that if I needed a specific file, you can’t restore just that file–it’s all or nothing. In my ideal world, you’d publish your backup process, do it nightly to an internal server, take a copy offsite every so often, and be able to restore individual files. (One other host, I know, can restore emails from your POP account that you’ve deleted off your own harddrive. Not sure how the manage that and stay in business, though.)

    3) Managed hosting – e.g. you provide a SysAdmin person responsible for my IT backend, and I pay hourly or a retainer. That way I could a) recommend Bluehost to some small company clients that have no clue about IT but want a website, etc. and b) I could ask someone at Bluehost to do tasks that otherwise cost me research time, like “Figure out how to make my WordPress blog do XYZ. Let me know if it’ll run over $300.”

    Just some ideas. Bluehost is great, though.

    Stephen

  15. Bill says:

    It’s nice to be kept informed, thanks.

  16. richard hellstrom says:

    http://www.bsecurity.se/index.html
    Maybe these people can help you set up a better system to stop these malicious attacks. Their suppose to be one of the best companies in the world at what they do. Give them a call at
    Phone: +46-46-38 60 50
    Fax: +46-46-38 60 55
    or make an online request.

  17. LadyDeath says:

    I had an attack on my index page recently and I called bluehost.com for help and the tech support was awesome. I love this server, it’s the best I’ve been on in the 7 years I’ve been building websites!

    Thank you so much for all the hard work you all do to keep our sites safe and running properly.

  18. Caleb says:

    Would this have anything to do with the DNS servers being down today? I’m only able to access my site via the IP address, and no one at the Help Desk has responded in the last 8 hours or so.
    If you guys are implementing new features or something, I suppose it would explain the downtime.

  19. Steve says:

    One of the things that will be an ongoing issue is keeping your software and scripts up to date. It seems you are doing a good job of that today – please keep it up!

    MediaWiki might be nice as an auto-install. I like the look and feel of it.

    I would really like to see tutorials for website owners on getting the most (or even the least) out of the various scripts/applications that you offer as auto-installs. I noticed that you changed the colors of this WordPress header to green and then back to blue. So I figured out how to change my WordPress colors.

    Also, it is hard to believe that your knowledge base help is as small as it is if you are getting as many tech support questions as you do. Maybe it should be updated alot more. Also, I hate forums since they sometimes answer questions but most of the time don’t and leave you looking at wrong suggestions.

    Thanks for keeping us up to date on what bluehost is doing!

  20. Well folks I will tell you this, I was with a hosting company called GNXonline, DON’t ever use them!!! They not only have poor up time and perfomance, but their support sucks too!! And when I got fed up and found Bluehost it was like going to heaven! Bluehost has excellent service and support and the price is very reasonable.

    And what I really like about Bluehost is that there is only ONE package which will fit all. That is nice not to have to try to guess at which hosting package would be best for my needs.

    Matt and the entire crew of Bluehost, thank you and keep up the great work and support!

    Rick
    Studio B Internet Radio
    http://www.studiobradio.com

  21. Lee says:

    Awesome service!

    Glad to hear that you are ahead of the game with this stuff and thanks for this blog. It really adds another personal touch to Bluehost. I’ve been really happy with your service. I have accounts for a personal site and 2 sites at work. Both have been great. Glad that you seem to have our best interest in mind with these upgrads and with your continued efforts.

    Thanks,
    Lee

  22. Niels Olson says:

    Matt,

    it was nice having the blog available even during this latest outage. Thanks for that.

    Can you provide some stats on how long the outages typically last, maybe a graph illustrating the distribution, or even some basic numbers like mean, median, standard deviation? 99% uptime promises (per someone else’s request above) are nice, but don’t really help me manage my time when I need to. I record the lectures for my first-year classmates at the Tulane School of Medicine. This is a fairly vital service as the school has been displaced by Hurricane Katrina, to Houston, until the end of May, and some people (with families) are living in New Orleans, five hours away. Long story short, I upload three or four of these ten megabyte, hourlong .wma files from our temporary lecture hall (Baylor College of Medicine), where bandwidth is essentially unlimited. When an outage occurs, I’m stuck at school until it comes back. Aside from time management, I also find myself having to ride my bicycle home in the dark. Some stats about the outages would help me manage my time. Maybe you could post a report on the blog.

    Regards,

    Niels

  23. Lou says:

    I’m glad to hear about the uptime/security improvements you’ll be making. That was an outstanding issue I had since I didn’t know what you were doing with respect to that.

  24. Taresa says:

    More domain names! Domains are like shoes…

    Automatically upgrade accounts. It seems kind of shifty that new customers automatically get new space, but loyal (old ;) customers get left behind :(

  25. Don says:

    Is this why I am experiencing a very slow response time/load time?

  26. edward says:

    You gotta Cluster! Have your gurus implement a Load Balanced LVS. It’ll probably increase your server population density and thusly maximizing your invest per server. You’d also probably want to a hire a dedicated admin towards the pursuit of ‘security’. You can have him monitor spam traffic, general ddos attacks, etc.. and formulate some sort of mitigation tactic.

  27. inversarium says:

    I signed up for space with bluehost at the end of 2003 and am continuing for another year now. I must say, it is most impressive apart from the downtime i was once experiencing last year during one particular month. You seem very zealous about getting rid of these problems which is really impressive. As long as bluehost continues to genuinely try and do its best, i don’t see any reason why i shud migrate to another host ever. Well done Matt!

  28. Selcuk says:

    Outages tend to be longer and more frequent?
    I am a new to bluehost. After studying several alternatives, I made my mind in favor of bluehost. And I like its easy to use cpanel, its nice features. I like its performance when it is up and running.

    But recently, I started to experience outages more frequently and longer. Just within the last week, my site went down a couple of times each for hours. I wrote to support department, and they kindly responded saying that my site “is” up and running. This, of course, does not mean that my site “was” up and running when I checked.

    Yesterday, my site was down for some time. Today, and right now, my site is again down for over one hour. (error message returnet, for your information: Http error:Unix.Unix_error(_, “check_connect”, “www.ip-numaram.com:80:Connection refused”))

    I do not know if this is an isolated or a general occurrence affecting all sites hosted by Bluehost. If it is something general, I think that webmasters would find it difficult to tolerate such long and frequent outages in the long run.

    I am sure that you are trying to fix the problem, and I would like to receive feedback as to the nature of these outages.

    Best regards,
    SB

  29. I want to thank you for putting together such a high-quality service team. I switched from another “large” hosting platform that had slow downloads, interrupted downloads, timeouts in their POP3 e-mail, and then tried to blame it all on my (and my customers’) connection to them! They even suggested that perhaps we should all have special software on our systems for doing reliable downloads from their site. The contrast that Blue Host has provided has been very gratifying. Every service issue has been handled promptly, professionally, and with an appropriate level of concern – this is my business at stake, and your service team seems to take that as seriously as I do. Please commend them, and keep up the good work!

  30. david griffin says:

    I thought I was going to get to the end of the list without a moan – and then there was one.

    Not that we expect hosts to be perfect – not possible in the ruthless land of zeros and ones.

    I made the error of trying http://www.computinghosts.com and it’s been bad for constant failed page requests, esp those linked to MySQL. I think I’ll give you a try.

    davID

  31. Hello Matt,

    I just read your email about the ‘catch all’ account and spam. I applaud you for taking such a great step in the right direction.

    Your comment ” refuse to let the filth that peddle their wares through spam to affect the performance of our servers any more. ” is right on the mark, I too and sick and tired of the hundreds of x-rated spam emails that I receive every day. My kids also receive these emails and it disgusts me what children under 16 have to process and deal with these days.

    Thanks again for such a great hosting service that is on the cutting edge,
    Mark

  32. โฮส says:

    Hi Matt,

    I ‘m your customer in Blue host. I like your host. It ‘s stable and has the best support team.

  33. Thanks! Makes the difference between staying and going!

    Everybody experiences these attacks, its all about how you handle them, and does your customer have any downtime because of it.

  34. Thanks Matt for keeping your customers the priority!

Leave a Reply