Brings a whole new definition to the word “clean-up”

Info Insecurity

I shouldn’t laugh at a fellow web hosting company’s misfortune, but when I heard about the almighty muck-up from 123-reg inadvertently nuking customer’s virtual private servers (source: BBC)  during routine maintenance, I couldn’t help but to try and stifle a chuckle.

But on a more serious note it highlights a couple of problems (least of which is to be very, very sure about what stuff you’re doing on the underlying host platform):

  • Virtualisation = multi-tenant server, therefore a dedicated server will be home to quite a few other clients, all doing their own thing.  Unless you’re using some form of shared storage for the virtual server image, or can quickly hot swap the drives out to a new standby chassis – if the server goes TITSUP (see below), many people will be affected, and for quite some time!
  • Backups.  I can’t believe people aren’t making multiple backups.  Especially if you’re not paying the hosting provider for the privilege.  NEVER assume that your hosting provider is taking backups of your data.  But there are many options available to ensure that you have sufficient coverage in the case of a failure. Some hosting providers usually provide something (at cost), but it’s always recommended that you store backups both away the hosting platform, in a different datacentre, and at least one copy preferably away from the hosting company.  Why not use a third party utility such as rclone to make sure you’re backing up valuable data to another service?  I’ve written a guide for cPanel server users here.
  • Redundancy.  If your business is truly that important, you’ll be looking at high availability options that can include, but are not limited to, load balancing (multiple web front ends, multiple DB and file backends).  If one more servers goes TITSUP (Total Inability To Support Usual Performance), others can take over.  Failover options are well worth investigating.  Note: it’s rarely cheap, but if you really value uptime of your business – it’s a must.

I think the best attitude to have in this situation is to tell yourself what would you do WHEN these things go wrong – not IF.  Aside from all of the above, your web site may be affected by malware (especially if you’re running legacy versions of the server components, or if your CMS or web site is itself based around legacy components – make sure you keep it up-to-date!), denial of service attacks, or a combination of both.

Running a web site and managing your email is fun, fun, fun!