Jump to content

Recommended Posts

I now wish I'd found TCH before I got one of my sites hosted by a certain other company, which shall remain nameless for now. Last Thursday night, January 8, that other host got defaced. I went to my site and saw this instead of my index page:

 

hacked2.gif

 

I went to the host's home page and saw the same thing. Now, about a week later, my site and that host's site (and, presumably, all the other sites hosted by them) is still down. The domains are "not found". I've heard nothing from the host.

 

How likely is that to happen here? What measures has TCH taken to prevent catastrophies like that one?

 

Needless to say (but I'll still say it), I'm not really thrilled with that other host these days.

Link to post
Share on other sites

Other than being based in Linux which is not as susceptible to hacks as a Windows based server? I'd say the best defense is daily off-site backups. In the case of a mass disaster they can restore to a state less than 24 hours old. That's pretty good stuff.

Link to post
Share on other sites

Well, actually, being hosted on Linux doesn't really matter much. The big players are the server software packages used. If you'd say that we're safer because we have Apache instead of MS IIS, yes, we are safer ;) The OS by itself isn't really that important - still, when it is indeed important, yes, any Unix based server is better than Windows :)

 

As for the defacement, remember that many times defacers take advantage of weak passwords, not server exploits - so use a good password.

 

It's usually recommended that your password is at least 6 characters long and includes numbers and letters. I'd go even further and recommend that your passwords have at least 8 or 10 characters, include letters and numbers, use capital and regular letters and even some punctuation marks thrown in. Oh, another important thing is not to use known words or known facts about yourself, like your birthday, your nickname, etc...

Link to post
Share on other sites

Great point Raul. Considering the passwords we are assigned when we create our accounts I'd say that TCH is using pretty doggon good passwords :)

 

Take my password for example: *#,32.agt - no one would ever guess that! :P

 

Seriously, a strong password is the first line of defense and even the old Compuserve "secure" password suggestion of 2 unrelated words separated by a special character is not good enough anymore. At work my password is a pronouncable-yet-nonsense word that is easy to remember but impossible to guess. The one I use here is as uncommon as the example I gave above.

 

Also, Raul is right about the server software but I was thinking on the line of viruses and trojans since that's what we've been facing at work a lot. Not too many of them for the Linux flavors but windows has tons out there.

Link to post
Share on other sites

At the other hosting company, it wasn't just my account that was hacked and defaced, it was apparently most or all of the accounts hosted by that company.

 

So, if something like that happened here, about how long would it probably take until everything was restored from backups?

Link to post
Share on other sites

Server 8 just recently died. Here's the timeline of key pieces:

 

5:53 AM - down

8:16 AM - diagnosed and pronounced dead.

8:49 AM - server rebuilt

9:26 AM - Operating system reinstalled

7:30 PM - cPanel restored, Backups restored, quirks worked out.

 

This was a worse case scenario with the entire server smoking itself. If it were a simple hack as you described then it would have been more on the order of 10 hours for a full restore... and this server was pretty heavily utilized too.

 

You can see the whole thing as it unfolded at http://www.totalchoicehosting.com/forums/i...?showtopic=6868

 

I don't think you can beat it unless you keep on-server backups and they are not as secure.

 

Hope it helps!

Link to post
Share on other sites

Server8 was worse case. Both the primary drive and backup drives went up in smoke. We had to pull data from a remote backup server in another facility.

 

Best case we can restore accounts from internal back up drive. If a single site is hacked we can restore it to previous day backup in a matter of minutes.

Link to post
Share on other sites

My previous hosting company was using Linux, it didn't help them much. They were attacked three times in a row within two weeks, and after the final attack all information was lost, including my site. The good thing is that I started looking for a different place to host my site, and found TCH, which seems to be much better than I could have expected. :P

 

However, the difference is that my previous hoster kept backups on the same server as the sites backed up. When the server was destroyed, so were the backups.

 

Here at TCH they say that they keep backups on remote servers (somebody even said they keep them on different data centers, if I'm not mistaken). If this is true (and I don't have any reasons to suspect it isn't), we are in good shape. If they are as good in applying patches to Apache/Linux in a timely manner, we should be cool. :)

Link to post
Share on other sites

We apply all security patches as soon as they are available, and yes we do keep offsite backups in different DC's. Like bill said, worse case scenario both drives die in a server, we can have it full restored from the previous days back up. If the backups were kept on the same server, we would have some VERY unhappy customers.

 

Most hosting companies (in the same price range we are in) keep all of their back ups on the same machine as the websites to save money, but no matter how much money you save by cutting costs, if your customers leave because your server crashed and you cant restore their site, you stand to lose a LOT more than you gained by being cheap.

Link to post
Share on other sites
Here at TCH they say that they keep backups on remote servers (somebody even said they keep them on different data centers, if I'm not mistaken).

 

 

"...if I'm not mistaken", you are not :P

Link to post
Share on other sites

Well, that's it then. The other guy has been down for a week without a peep and, apparently, you guys can reasonably expect less than 14 hours down in the worst case. I'm about to open a second hosting account with TCH.

Link to post
Share on other sites
"...if I'm not mistaken", you are not  :o

Actually, this is beginning to bother me in a weird way. :)

 

When things seem too good to be true, it usually means that there's something important and bad hiding out there unnoticed. :P But I still can't find anything.

 

I'm paranoid, I know. Rock Sign

Link to post
Share on other sites

Here is our backup scheme.

 

Each server has two drives.

 

One primary drive and one backup drive.

 

We run backups on each server. This is done daily, weekly and monthly and all these backups get dumped to the servers 2nd internal drive.

 

This is our primary means of restoring data for clients. If your site needs a restore for any reason (hacks, client deleted files, etc) we go to the servers internal backup drive for this.

 

Now all servers are also backed up from a remote server. The remote backup server is in a seperate datacenter that we use ONLY for the backup server. We do not have any other servers in this datacenter, only the backup server. The backup server is a beast. 1TB of RAID storage it really is a very nice machine.

 

Remote backups are run every other day for each and every server. We backup the entire server, from FTP accounts to mail accounts we back up the entire server. This is what I refer to as, our last ditch effort. If both drives fail in any given server we can restore a server from our remote backup server.

 

Servers get hacked, accounts get hacked, hardware fails, drives blow up. This is just a fact of life and it is part of this business. We understand this and have done our best to prepare for any point of failure.

 

I hope this helps people understand our backup plans.

Link to post
Share on other sites

Time for my two cents...

 

While TotalChoice Hosting does WAYY more than most, there is never a substitue for a routine personal backup of your own site!!!!

 

cPanel makes this a snap with built-in backup utilities.

 

After all, it's YOUR data. Protect it.

 

NoDiety: I understand that just backing up surely wouldn't have prevented your loss with your current host. Backing up and being offline are two different things and not necessarily relational. I hope you'll feel more secure here with the TCH response to failures. Oh, and I love that dog! :lol:

Link to post
Share on other sites

My 1 cent:

 

Seems to me as if there a lot of companies having their sites on, TCH.

I dont know if whole world works as Sweden, but as Lianna says

 

>there is never a substitue for a routine personal backup of your own site

 

Invest in a CD-burner and as many cd-rw´s as needed. CD-RW can be used again and again and...

 

Space available on each CD: 650 to 700 mb or 2 of TCH starter plans.

 

If talking Swedish prices atleast, its a very inexpensive way of creating back ups.

 

I have in case of and mine is just a personal site and yes one more for my friend Michelle.

 

-Thomas

Edited by Tonsa
Link to post
Share on other sites

Bandwidth does cost money but you may not need to even back up everything. For instance, one of my customer's sites is just a basic web page. It is about 8 megs but has no guestbooks or forums.

 

Now on that site I create the pages here on my PC and ftp them to the TCH account. There is really no need to back those up because the "latest and greatest" version is here already and I would lose nothing if the site were deleted right now except some time.

 

If you have blogs or guestbooks or databases that need to be backed up then you MUST do that. If you do not then it is real bad if something happens to them. This is, however, smaller than the whole site.

 

The whole site backup is easy via cpanel but if bandwidth concerns are there then think about only backing up what can not be easily replaced. Either way we must all keep backups or we are being reckless.

Edited by TCH-Jim
Link to post
Share on other sites

If you kept your website files on your local computer to edit them, then uploaded them to your website, you wouldn't have loss of file updates at least.

 

Just a shameless plug to try to get you all to learn HTML. B)

 

Seriously though, I must agree with those opiniosn expressed in this thread. While it's awesome that TCH does backups on its own and has a wonderful backup scheme, you should still backup your files and database on your own when you can, because when you really get down to it, it's your own data, and you have a responsibility to see that you don't lose it all.

 

TCH's responsibility is to host the data. And even though TCH has no liability for the loss of the data, TCH still tries to backup your data to prevent disaster.

 

So help out TCH by keeping backups of your own!

Link to post
Share on other sites
If you kept your website files on your local computer to edit them, then uploaded them to your website, you wouldn't have loss of file updates at least.

 

.......

 

So help out TCH by keeping backups of your own!

 

That's what I do. I'm not the only one who creates files though, my visitors do so as well using the scripts I wrote, there's a guestbook and picture uploads.

Generally, I back up important files locally every other day. However, my previous host was hacked when I was out of town for the New Year's vacation, using lousy dial-up, and not having much time for this stuff. Result - I lost about a month's worth of information and my host is TCH now. B) If they'd kept the backups on a separate server like you guys I wouldn't have left them. :(

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...