Guilty admission: The title of this post is click-baity, as the attack was not likely on my blog, but something colocated on the server that my blog happened to have been hosted on. In particular, the math, physics, complaining about COBOL, rants, and other random garbage that you’ll find on this blog does not likely warrant a DOS attack. This isn’t the story of my offending somebody enough to get DOSed, but is just the story of a painful interaction with godaddy customer support.
I used to use a wordpress hosted blog, and eventually decided that I wanted flexibility enough to pay for hosting. I experimented a bit with amazon hosting, but the variability in price scared me off, and I ended up buying my hosting from godaddy. I don’t remember anymore what other options I considered, nor why I ended up settling on godaddy’s “managed wordpress” offering, over any others, although low initial cost was a factor. That hosting has generally been problem free, but their IT support, when there is trouble, has proven to be less than desirable. Here’s that story in case anybody else is considering using godaddy for their own hosting.
Yesterday, I happened to notice that my blog was completely unresponsive. I only noticed this because I wanted to make one small change to one of my pages. All told, to get this resolved, I spent about 3 hrs with their IT support (1/2 last night, and the other 1/2 today). Ironically, by the time I got to the fifth support professional, the problem resolved itself. I am glad that I don’t run any sort of business off of this site, as the downtime was at least 16 hours.
My 1.5 hrs on the godaddy IT chat support with Parjeet, Jaspreet, and Shibin was a complete waste of time. Parjeet (who’s name I am probably butchering, since I didn’t keep a copy of my chat log with him) managed to get the blog restarted. However, it appears that he also disabled all the plugins at the same time without telling me. He also didn’t identify the root cause. Jaspreet insisted that the issue was the content I was hosting, even though that content was not an issue before yesterday. He gave me various self help options (plugin tuning, …) despite the fact that the blog was performing abysmally even with all plugins disabled, and had been okay prior to the reboot, and despite the fact that even the admin pages were slow, which have nothing to do with the content being served for normal blog page or post content. He also was not able to identify the root cause, and I insisted on dealing with his manager at that point. That claimed-manager was Shibin, who was helpful seeming, but was not able to do anything, nor able to find somebody who had access to the server logs to diagnose the issue. When I gave up for the night, he promised to email me the results of his investigation, but no such email materialized.
I was busy with work all morning, and at one point when I had a pause in my day, I thought of checking whether the response time issue had cleared up. It had not, and the blog was still effectively down today, with 30 second response time for any page access. Because of the complete ineffectiveness of godaddy’s 24/7 IT chat support, I opted for a half hour on hold to be able to talk with somebody directly. With headphones available, that time on hold wasn’t a write off, since I was able to keep working the day job — but I have to say that godaddy has some of the worst “on-hold” music that I’ve ever heard! Once I was finally off hold for the first time today, my support guy (I got today’s support guys names mixed up, and only recall that one of them was named Joshua) investigated what he could, and ended up having to pass the buck to their tier II support, because he didn’t have access to the server logs. That put me on hold for another hour or so. When I finally got to deal with somebody who had access to the server logs, the blog coincidentally became responsive without any intervention. It turns out that there was an attack on one of the servers. Either that attack, or the godaddy throttling that was instated as a response to that attack finally abated when I was on hold waiting for the tier II support.
The godadday response to an attack is pretty deficient. If the server that your blog is running on is attacked, they throttle the performance of that server to mitigate the effectiveness of the attack. The idea is that the attacker will eventually just give up. That is done apparently done at the server level, and not just for the instance that is under attack. It seems pretty dumb that godaddy doesn’t migrate the VMs that happen to be unfortunately colocated with attackee onto another physical host. That’s not a good sign for anybody that wants a service that requires continuous uptime.
When I bought godaddy’s hosting initially, I do remember that it was one of the most cost effective options. The godaddy hosting price went up considerably sometime after the first or second year of initial service, but I haven’t taken the time to figure out how to migrate to something else. Perhaps amazon is worth looking at again? Basically, I’m allowing myself to be exploited financially a bit because the time cost to figure out how to migrate to other hosting is probably higher than the monetary cost of the blog hosting itself.
The support interaction that I had over the last two days might be enough of a kick in the butt that I’ll take the time to look at other hosting options, and how to do a migration. One thing that I do recall was nice about amazon was they offered ssh access to the machine. I only get sftp access on godaddy, which can be a pain in the butt, and is very inflexible.
You might wonder why I even bothered switching from wordpress.com hosting, which was free. I did that to have the flexibility to install my own non-wordpress.com sanctioned plugins. For somebody who is crazy enough to blog a lot of mathematics, that was very worthwhile, as I’ve been able to run a customized version of the Mathjax-Latex plugin, which renders very nicely, and allows me to replicate many of the latex macros that I use. That streamlines my latex-to-wordpress conversion considerably, and has saved me many many hours. That saving is in comparison to the time that would have been required to blog the same mathematics with the default wordpress.com latex plugin. Recently, I also installed the Mathematica Toolbox plugin, which looks like it will allow some fun interactivity, much like the original Wolfram CDF plugin had before it became useless and eventually was no longer supported (i.e. it only worked in 32-bit browsers.) So, I don’t think that I’m going to go back to wordpress.com hosting, but it’s definitely worth some investigation of the options.