So Friday night the worst thing for anyone running a website happened to us and a large number of other sites at our hosting company. We were knocked off the internet. The scary thing was that the only reason I knew about it was because I was trying to get my stats fix and couldn't login. Figuring I just hit a maintenance window, I went to Twitter to see if they had posted about it. I quickly realized that my favorite hosting company must have upset someone because they were fighting off a Distributed Denial of Service attack(DDOS). They were doing everything I know they should be doing which started with telling everyone on Twitter what was gong on.(I didn't look to see if they put anything up anywhere else but I am sure they did.) They told us when they started working with their Primary ISP and when that same ISP managed to block the attack. From beginning to end the event seemed to last about 4 hours in total with the worst of it happening in the first 2-3 hours.
DDOS attacks are by far the toughest thing to defend against. They are virtually impossible to prevent because they tend to use what looks like harmless normal requests. So until you can tell where in the network it's coming from and what it looks like you can't possibly know to block it.
There were several customers that were just totally upset with them. It felt to me when reading their responses that they both didn't understand what was happening and what the level of effort it was taking to getting us all back online. So here are some things to remember when you are choosing a hosting company:
- No one is perfect. So don't expect your host to be.
- You get what you pay for. Low prices generally mean lower quality of service.
- You can never pay enough to get 100% up time. It's a myth and completely unachievable. So read reviews from real users and not just the ones the host puts up.
- Look for hosts that understand good customer service and are good at communicating.
- Support and communications count when you are experiencing a problem.
When DDOS attacks are involved the best you can hope for from the host is good communications, quick response, and quick escalation to their upstream providers. Squarespace hit on all cylinders on Friday. Congratulations to them for proving why I choose them, continue to promote them, and look forward to paying my bill.