Notification of Downtime!

[OzBevNet]

Can I suggest that you notify webmasters of the unfortunate downtime they will experience with their websites, if not tell them to subscribe to this free service at www.siteuptime.com , this way you will not lose difficult customers. If people are making a living off a website then you got to realise that you need to improve your service for an e commerce websites, they even might be willing to pay extra to be 100% online! Like they say time is money!

I am hoping you consider investing in a simple script that can do the above notification process for you, besides that i am hoping 2006 is a great year
for everyone!

Peace

Bruno

[AlphaWolf]

I agree that is a great idea.  We subscribe not only to Site Up Time, (paid subscription so we have multiple service ports covered on each server), but we also subscribe to 3 other site monitoring services.  Any time any service is down, it is reported immediately via SMS to each of the sysadmins.  We may change this because we get some false positive results that a service is down when EXIM is running a stat update it will sometimes cause mail to time out for a minute or two.  This makes it appear as though the server is having issues when it is not.

Site Uptime is great - as long as you make sure you have it monitoring from at least 3 separate locations since a down report from one location can happen  when there is no issue other than the monitoring hit a router somewhere that didn't pass it along to the data center or server.

Thats why we also use other paid-for monitoring services.  Here is an example of Site Uptimes reporting for 2005 vs Server Management Inc.'s reporting for 2005 for our Phoenix Server.  Since the monitoring occurs every 3 minutes, each outage represents 1/2 - 3 minutes of downtime.

Site Uptime
Year   Month          Outages    Uptime    Downtime
2005   December   2     99.955%   0.045%
2005   November   3     99.942%   0.058%
2005   October             3       99.830%     0.170%
2005   September   3     99.942%   0.058%
2005   August              2       99.962%     0.038%
2005   July                1          99.989%        0.011%
2005   June               2         99.696%      0.304%
2005   May               2         99.977%      0.023%
2005   April                 0         100.000%       0.000%
2005   March               3        99.876%     0.124%
2005   February     11       98.750%   1.250%
2005   January              8        99.819%     0.181%
2004   December   2     99.146%      0.854%
2004   November   3     99.952%      0.048%

Server Management Inc
Year   Month          Outages    Uptime    Downtime
2005   December   0     100.000%   0.000%
2005   November   4     99.924%   0.076%
2005   October             2       99.960%     0.040%
2005   September   3     99.942%   0.058%
2005   August             1       99.982%     0.018%
2005   July                0          100.000%        0.000%
2005   June               2         99.960%       0.040%
2005   May               3         99.971%       0.029%
2005   April                 0         100.000%       0.000%
2005   March               1        99.996%      0.004%
2005   February     8       98.991%     1.009%
2005   January              9        99.840%      0.160%
2004   December   0     100.000%      0.000%
2004   November   2     99.981%        0.019%

[OzBevNet]

Any updates on improving your service, my website is down, again. I am a very unhappy. 

I warned AlphaOne Technology about the hacking attempts etc long ago, and the funny thing is I am a complete novice, newbie whatever you want to call it. So what will AlphaOne Technology do to make sure that every script is up to date on the shared server?

Will you invest in the time and effort to make sure everyone is secure, if not should we look at other hosting providers? 

I was hoping for some improvement? But your support and service has gone down in quality with the growth you have experienced in business!

[AlphaWolf]

Your website is down because you did not keep your installation of mambo or joomla up to date and secure.  There is nothing we can do to protect you from yourself in this case.

We have no capability of updating your applications for you, nor does any other host provider.  You could, however, hire a webmaster who could keep up to date on what is going on with the  versions of whatever software you are running to keep this from happening to you in the future.

Our servers are highly secured with firewalls and tipping point protection.  Nothing can protect you from setting your files or directories at world writeable or executable permissions or from running unsecured versions of applications.  Only you can do that by exercising caution and due diligence.  Any host provider who tells you differently is blowing smoke.  Software developers can not and will never make scripts that auto upgrade every instance of an application on a server since many installations need to be updated manually due to how the webmaster customized the application. 

Host providers also will NOT alter any of your files ever without express written permission due to potential legal liability.  That job rightly belongs to the webmaster, NOT to us.

I am very concerned when you say our support has suffered in the past few months and would like to know how.  We keep careful eyes on all chats and tickets to assure that they have been handled correctly and promptly by the first level techs.

peace

Wolf

[Jennifer]

I am one of the volunteers who helped Wolf and the sysadmins deal with the mess created by a bunch of webmasters who weren't responsible enough to keep their web sites updated. These guys worked 24 hours a day for days trying to help people like you salvage something after being hacked & try track down where it was coming from & what it was doing to protect more people from being hacked.

There are notices all over warning webmasters to watch their applications development sites & update them regularly. If you did that you might not have got hacked.  Mambo support site has 100s of messages on what you can do to help secure your site. How is this anyone's fault but yours?

You sound like a smoker who didn't read the warnings on a cigarette pack & wants to blame the tobacco company for not preventing him from smoking. Or a gun owner who shoots himself in the foot & blames the gun company for making the gun.  Be responsible for your own actions & stop trying to blame the staff here.  Like Wolf said they can't protect you from yourself.

If you want to hire someone to maintain your site and keep it secure send me a private message. None of the 20 sites I maintain got destroyed by this last hack.

Jen

[AlphaWolf]

Chuckle...that was a bit harsh, Jen, but I certainly understand your sentiments.

The problem is that a lot of people don't really get the fact that in order to 100% secure a server the entire server has to require validated o/s level logons to even VIEW a file on it.  Which means that any web server that allows public access can be hacked IF it contains applications that allow hackers in.  Its as simple as that.  A static HTML site is never hacked, (unless the webmaster turned on anonymous FTP for all their public_html files), because static HTML pages do not run applications on the server - they just display.

Given the nature of PHP applications, they are run as user 'nobody'.  99% of them do NOT need to be writeable or executable by 'world' once they are configured and operational, but MOST applications do not CHMOD permissions after installation and webmasters don't do so either.  Because some DO need to be executable, CHMODing an application so it is the most secure it can be is a trial and error kind of thing that takes patience and time from the webmaster.

In many cases webmasters even leave configuration routines or files open to view by the public - and some of these even contain admin user names and passwords for access to the database itself.  This was one of the issues with Bruno's site.  Or worse still, I have seen directories with install.php still in them which means any savvy web user could pull up the app in their browser and do a brand new install.

In order for a web server to function, there has to be a balance between openness and security.  The openness inherently means hacking is possible.  Only due diligence by the webmaster of a site can mitigate this potential.  Maybe when all applications support PHP 5 and it can be used on shared web servers that will change things a bit, but until then the responsibility for keeping an individual site secure is up to the webmaster.

People, like Bruno, don't generally understand that and get upset at us when their site gets attacked.  If I was a webmaster and didn't understand the extent of my responsibilities, *I* would get upset at the host too.

Same thing regarding Bruno's original post to this thread.  There is no such thing as 100% uptime.  And even if a server IS up 100% of the time during a particular day, week or month, not every user will SEE 100% uptime.  If their packets hit a router somewhere between their location and the data center, (or even a hiccuping router IN the data center), that particular packet may fail.  That has nothing at all to do with the server itself.

For example, Bruno's original post was written on January 2nd.  The ONLY downtime reported by SiteUpTime for December was on Dec 2 and Dec 5, with no other downtime reported again until January 10th.  Total downtime for December was under 20 minutes according to SiteUpTime and under 4 minutes according to other reporting services.  I doubt Bruno was complaining on January 2nd about not being able to get to his site on Dec 2 or 5!  Which means his complaint had absolutely nothing to do with us or our servers.  He just assumed it did.

Heck it can even be a DNS server at your ISP gone nuts.  I had 5 DAYS where I could not get to a site we manage and host.  I knew the server was fine and the site was fine by going to it via the IP address.  For some reason the DNS server I was assigned at comcast was not recognizing the domain.  This happened out of the blue since no DNS changes had been done for over a year.  I've seen that numerous times, though not for longer than a day usually.

All of these things are outside our control, BUT, many newer webmasters are relatively clueless about the technical aspects of the internet and assume that any time they can not reach their site it is somehow our server's fault.

We can't really blame them, only try to educate them.

Peace

Wolf

[songdove]

As another webmaster who may not necessarily be a newbie, but not an expert either, I can say that the first thought that goes through my head when I can't access either of the sites hosted here, is "did a router go down?".  I start asking other members of these sites to find out if they still have access or not.  Then I check to see if I can still access the support forums here.  If I can, then I know something is up with my site, if I can't, I know something is up with the server. 

I can say that planned downtime has always been preceded by a notice from the crew here(even if I have read the notice on the w4c tech page wrong *its out of date for whoever updates that*).  So webmasters are alerted to planned downtime for the server they are on.

Keeping a site secure and operational can be daunting at first for anyone who is new to the concept, especially for sites needing database connectivity.  Support websites for code-bases such as Mambo/Joombla, Postnuke, phpbb2, phpnuke, IPB, and others often have either documentation, or support forums where people discuss the best way to handle security for their sites.  Eventually you get used to what you need to do. 

Sometimes I still trip up, but one sure way to stay on top of security updates is to sign up for the security announcement list if the support forum for whatever code-base you're using, has one.  Then its just a matter of jumping on it to get the updated code put in place.

[OzBevNet]

Point One

When I first joined alpha-tech no mention was made for new clients to join the FORUM to keep up to date, with security issues
etc.

What choice do you give clients who do not want to be notified by FORUM means?


Point Two

" DNS server at your ISP gone nuts." Agreed thats what happened to one of your former clients (7 websites and growing)
And look what happened he jumped ship thinking it was your servers!

Point Three

"my responsibilities" to upgrade the script asap as it becomes available or humanly possible!

Point Four

"We can't really blame them, only try to educate them."

Hi Bruno!

   It seems that you hosting provider is using a security method that
   blocks certain URL string. You might want to contact them to
   rectify this.

Best regards,
Lee Cher Yeong

Email: cyatmosets.com
Website: http://www.Mosets.com/
Saturday, February 11, 2006, 12:54:11 PM, you wrote:


>> Hi Lee,


>> I installed the mambot_mtree-151 and if you use the joomla search
>> function for


>> Search Keyword: refresh water


>> Any words


>> http://www.ozbevnet.com/index.php?option=com_search&Itemid=5&searchword=refresh%20water&searchphrase=any&ordering=newest&limit=30&limitstart=30


>> If you try to see the next page or 50 results, the following error is
>> reported


>> *Script or Action Blocked*


>> The requested URL
>> /index.php?option=com_search&Itemid=5&searchword=refresh%20water&searchphrase=any&ordering=newest&limit=30&limitstart=30
>> contains a script or action that has has been deteremined unsafe. It has
>> been disabled to prevent abuse.

Please educate me, I see know reference in your forums, alerts etc regarding this script disabling one of the most popular
directory scripts for joomla/mambo???

Point 7

Sometimes I still trip up, but one sure way to stay on top of security updates is to sign up for the security announcement list if the support forum for whatever code-base you're using, has one.  Then its just a matter of jumping on it to get the updated code put in place.

As a host PLEASE put THIS in BIG RED WRITING so new webmasters know this!

Point 8.

I am one of the volunteers who helped Wolf and the sysadmins deal with the mess created by a bunch of webmasters who weren't responsible enough to keep their web sites updated.

So Jen, you volunteer your time here FREE in the forums, yet you want to be paid to install a script that takes less then a minute on average to update?

Actually I have christian values with my clients, I update for love!


Point 9

I have another website with another hosting company so far so good!

[AlphaWolf]

It is not OUR forums you need to join, but the forums for the software you run.

At one point we posted security announcements here as well, but since August, we have posted notices CONSTANTLY telling people to make sure to register with the official support sites for any software they run.

I cut and paste here from the Login Info email EVERY customer gets:

<p>c. USER SUPPORT FORUMS - Our user support forums are critical for obtaining important information to help you manage your web server and help you keep on top of security alerts if you are running any 3rd party applications. </p>

There IS no choice of notification because these are not OUR applications.  You are running applications developed and supported by other companies - NOT AlphaOne

As for people jumping ship because they can not comprehend that the issue is a router or DNS server someplace besides OUR servers, there is nothing we can do about that except try to explain.  If they don't understand or don't believe it, well, they can jump ship and when it happens at their next host sometime in the future, they will find themselves ready to jump ship again.  We can't fix something that is not in our control.

Script functions - if a script contains a function in it that is regularly abused and a potential hole, it is the function that is blocked, not the script itself.  Certain functions are blocked to prevent hacking and DDOS.  Script authors, good ones, know which functions they should and should not use when doing PHP code.

Jen volunteers her time with support in exchange for a variety of services members of our team provide her.  She is in the business of being a webmaster so she charges for sites she manages.  Updating is NOT a 1 minute process.  But if it is, why is it so hard to take responsibility to do yourself?

Peace

Wolf

[AlphaWolf]

Oh and Bruno, since you seem to know Geoff, the customer who just did not want to understand that it wasn't OUR servers causing his site to be down:

" DNS server at your ISP gone nuts." Agreed thats what happened to one of your former clients (7 websites and growing)
And look what happened he jumped ship thinking it was your servers!

We also explained to him eight TIMES that we had unlocked his domain registrations for transfer so he could manage them when he switched hosts.  We even provided him with a diret link to GoDaddy to let him initiate the transfer.  He never did, so when, 60 days later, they were cancelled from our account, his domain name is in limbo.  This will also happen to about 4 other domains we registered for him because he did not follow the instructions, then claimed he never got them.

We try hard to keep the servers as secure as we can, (hence why some scripts won't run), and to explain fully what customers need to do or watch for.  If they don't understand or don't read or don't pay attention, sadly we can't do much of anything.

Peace

Wolf

[ihatealpha]

Wolf.

This is Geoff, yes you metioned 8 times bout unlocking the dom ain name, what you fail to mention is it took 8 times to get a straight answer from you.

What you also failed to do is tell the client that he/she has 30 days in which to also TRANSFER that domain name over to another registrar cause you'll then cancel it, as you are now.

You guys control how a client operates, meaning you register everything in alpha's name on behalf of the client rather than registering those details of the client on the domain, and then fail to give the client the appropriate information so as they can administer their details and domain name.

Many things operate differently in gool ol USA compared to Australia, and thank god we have a simplified system with government regulators keeping companies like yours toeing the line rather than short cutting or failing to provide adequate details to the client, who after all is paying your wage.

After your tech guy hung up on me tonight after trying to get alpha to sort this cancelled domain mess, i am soooooooooo glad i am with Siteground, i crossed over at Christmas time, and in all honesty it is the best move i ever made, no more condescending crap to put up with from a cowboy outfit like Alpha.

Oh and cowboy outfit is by no means flattering.

I suggest Wolf rather than being a smart ass about everything work with the customer to rectify the problems you create, and YES i did say YOU CREATE, you NEVER EVER told me point blank that i need to find a new registrar within 30 days otherwise my domain name is cancelled, i assumed caused it was registered till April 2006 i would not need to worry bout anything till then, how wrong i was huh.? I met up with alpha One Technology.

Oh and in closing Wolf, the problems that Bruno has experienced with you guys, it DOESN'T happen over at Siteground, you want to know why.? They are courteous enough to let you know if theres a problem with your site and remedy it iimediately, and their servers ARE secured, the problems i had with you guys at Xmas time, that was the straw that broke the camels back, i always keep getting exuses off you guys, IT IS NEVER YOUR FAULT RIGHT. thats the common feedback from you guys is it is always the clients fault, no wonder so many of your clients are jumping ship.......and no wonder alpha is copping a battering in other forums for their lack lustered performance and service.

As far your service slipping WHO ON EARTH WANTS TO BE TOLD BY YOUR STAFF TO JUST SHUT UP..  yeh good customer service mate.................................not....!!!!!

[AlphaWolf]

Ah Geoff

You were hung up on because you were verbally abusive to the staff member who answered the phone.  This is not the first time. Our phone logs show we hung up on you in December as well because you were abusive and would not listen to what the staff member told you to do to solve your problem.

As for notifying you to transfer your domain, here are cut and pastes of parts of the tickets and emails you exchanged with us in December.  Heck Geoff, we even provided you with a LINK so you wouldnt have to figure anything out - just do the transfer.

Now tell me HOW you were not told to go to an ICAAN registrar and do a damn transfer within 30 days?
 

22 Dec 2005 12:51 PM - From Wolf
We are not an ICAAN registrar and merely register domain names for you. You can not manage your domain names like you do at an ICAAN registrar, so there is no user name or login. We can unlock your domains and allow you to transfer them to an ICAAN registrar for managing if you like.

23 Dec 2005 03:27 AM - From Pamela
In the morning when the customer service manager comes on duty, she will unlock all of your domains. All you need to do then is go to an ICAAN registrar and submit a transfer request. You will then be able to manage your domains and point them where you want them to go.

23 Dec 2005 07:19 PM - From Wolf
First read the email we sent you regarding domain registrations CAREFULLY. You need to go to an ICAAN registrar and do a domain transfer. We are not an ICAAN registrar and we manage all domains we register for customers. There IS no log in. Go to an ICAAN registrar, like GoDaddy.com, and put through transfers on all the domains. We have unlocked them so you can initiate a transfer.

25 Dec 2005 01:45 AM - From Brad
We have explained to you REPEATEDLY that you need to do a transfer to an ICAAN registrar in order to manage your domain registrations. It would have been through already had you gone and done so 3 or 4 days ago.
Since you dont want to do that, unless you provide us with DNS name server info, there is NOTHING we can do to assist you. If you provide us with DNS name server info, customer service has access to domain registration records and, when they return on Monday, can change the name servers for you. Then you can do the transfer to an ICAAN registrar within the next 30 days.

25 Dec 2005 03:38 AM - From Wolf

You have two choices to QUICKLY get your domains pointed to the new host.
First option, is give us the new DNS name servers. Had you DONE so when we initially requested them, your domains would resolve to your new host by now. Then, when you finally comprehend TRANSFERRING domain registration, DO SO.

Your second option is to go to any ICAAN certified registrar - GoDaddy, Network Solutions, pick one. Click the damn button that says TRANSFER DOMAIN REGISTRATION. Since WE are not an ICAAN registrar, we register domain names FOR you with a certified registrar. Hence YOU ARE NOT A CUSTOMER OF ANY REGISTRAR - WE ARE. You have no customer name or number. YOU CAN NOT MANAGE your domains. YOU DO NOT NEED A CUSTOMER NUMBER TO TRANSFER A DOMAIN TO A REGISTAR.

Since you seem unable to follow these instructions - which do NOT require you to CALL or email any of the registrars, HERE is a link to the page on GoDaddy for you to simply DO IT:

https://www.godaddy.com/gdshop/transfers/landing.asp?se=%2B&ci=255

We have unlocked all your domains and once you decide to stop making this harder on yourself and click the TRANSFER DOMAIN REGISTRATION button at any registrar, they will automatically send a transfer request email and OUR software will automatically agree to the transfer.