Attack took out my godaddy hosted wordpress blog for most of a day.

May 29, 2020 Incoherent ramblings , , , , , , , ,

Guilty admission: The title of this post is click-baity, as the attack was not likely on my blog, but something colocated on the server that my blog happened to have been hosted on.  In particular, the math, physics, complaining about COBOL, rants, and other random garbage that you’ll find on this blog does not likely warrant a DOS attack.  This isn’t the story of my offending somebody enough to get DOSed, but is just the story of a painful interaction with godaddy customer support.

I used to use a wordpress hosted blog, and eventually decided that I wanted flexibility enough to pay for hosting.  I experimented a bit with amazon hosting, but the variability in price scared me off, and I ended up buying my hosting from godaddy.  I don’t remember anymore what other options I considered, nor why I ended up settling on godaddy’s “managed wordpress” offering, over any others, although low initial cost was a factor.  That hosting has generally been problem free, but their IT support, when there is trouble, has proven to be less than desirable.  Here’s that story in case anybody else is considering using godaddy for their own hosting.

Yesterday, I happened to notice that my blog was completely unresponsive.  I only noticed this because I wanted to make one small change to one of my pages.  All told, to get this resolved, I spent about 3 hrs with their IT support (1/2 last night, and the other 1/2 today).  Ironically, by the time I got to the fifth support professional, the problem resolved itself.  I am glad that I don’t run any sort of business off of this site, as the downtime was at least 16 hours.

My 1.5 hrs on the godaddy IT chat support with Parjeet, Jaspreet, and Shibin was a complete waste of time.  Parjeet (who’s name I am probably butchering, since I didn’t keep a copy of my chat log with him) managed to get the blog restarted.  However, it appears that he also disabled all the plugins at the same time without telling me.  He also didn’t identify the root cause.  Jaspreet insisted that the issue was the content I was hosting, even though that content was not an issue before yesterday.  He gave me various self help options (plugin tuning, …) despite the fact that the blog was performing abysmally even with all plugins disabled, and had been okay prior to the reboot, and despite the fact that even the admin pages were slow, which have nothing to do with the content being served for normal blog page or post content.  He also was not able to identify the root cause, and I insisted on dealing with his manager at that point.  That claimed-manager was Shibin, who was helpful seeming, but was not able to do anything, nor able to find somebody who had access to the server logs to diagnose the issue.  When I gave up for the night, he promised to email me the results of his investigation, but no such email materialized.

I was busy with work all morning, and at one point when I had a pause in my day, I thought of checking whether the response time issue had cleared up.  It had not, and the blog was still effectively down today, with 30 second response time for any page access.  Because of the complete ineffectiveness of godaddy’s 24/7 IT chat support, I opted for a half hour on hold to be able to talk with somebody directly.  With headphones available, that time on hold wasn’t a write off, since I was able to keep working the day job — but I have to say that godaddy has some of the worst “on-hold” music that I’ve ever heard!  Once I was finally off hold for the first time today, my support guy (I got today’s support guys names mixed up, and only recall that one of them was named Joshua) investigated what he could, and ended up having to pass the buck to their tier II support, because he didn’t have access to the server logs.  That put me on hold for another hour or so.  When I finally got to deal with somebody who had access to the server logs, the blog coincidentally became responsive without any intervention.  It turns out that there was an attack on one of the servers.  Either that attack, or the godaddy throttling that was instated as a response to that attack finally abated when I was on hold waiting for the tier II support.

The godadday response to an attack is pretty deficient.  If the server that your blog is running on is attacked, they throttle the performance of that server to mitigate the effectiveness of the attack.  The idea is that the attacker will eventually just give up.  That is done apparently done at the server level, and not just for the instance that is under attack.  It seems pretty dumb that godaddy doesn’t migrate the VMs that happen to be unfortunately colocated with attackee onto another physical host.  That’s not a good sign for anybody that wants a service that requires continuous uptime.

When I bought godaddy’s hosting initially, I do remember that it was one of the most cost effective options.  The godaddy hosting price went up considerably sometime after the first or second year of initial service, but I haven’t taken the time to figure out how to migrate to something else.  Perhaps amazon is worth looking at again? Basically, I’m allowing myself to be exploited financially a bit because the time cost to figure out how to migrate to other hosting is probably higher than the monetary cost of the blog hosting itself.

The support interaction that I had over the last two days might be enough of a kick in the butt that I’ll take the time to look at other hosting options, and how to do a migration.  One thing that I do recall was nice about amazon was they offered ssh access to the machine.  I only get sftp access on godaddy, which can be a pain in the butt, and is very inflexible.

You might wonder why I even bothered switching from hosting, which was free.  I did that to have the flexibility to install my own sanctioned plugins.  For somebody who is crazy enough to blog a lot of mathematics, that was very worthwhile, as I’ve been able to run a customized version of the Mathjax-Latex plugin, which renders very nicely, and allows me to replicate many of the latex macros that I use.  That streamlines my latex-to-wordpress conversion considerably, and has saved me many many hours.  That saving is in comparison to the time that would have been required to blog the same mathematics with the default latex plugin.  Recently, I also installed the Mathematica Toolbox plugin, which looks like it will allow some fun interactivity, much like the original Wolfram CDF plugin had before it became useless and eventually was no longer supported (i.e. it only worked in 32-bit browsers.)  So, I don’t think that I’m going to go back to hosting, but it’s definitely worth some investigation of the options.

Peeter Joot’s new blog: more to come…

May 21, 2014 Incoherent ramblings , , , , , , , , , ,

After 611 blog posts on my old hosted blog, dating all the way back to 2009, I’ve decided to ante-up and pay for more flexible hosting.

My primary motivation for this was truly geeky. I wanted the flexibility to be able to manage wordpress plugins (i.e. mathjax-latex and wolframcdf), and to also be able to put plain old html and arbitrary file content into the apache2 directory structure. I’ve wanted plain html hosting for a while, but made do with google sites (i.e. crappy but free). I’d also wanted to be able to use the wolfram CDF plugin on my blog, but also not enough to pay for it. However, once I tried mathjax-latex, I was sold. Compared to wp-latex, this “new way” completely kicks ass, and should save me a lot of time.

I tried out an amazon EC2 bitnami image for a while (amazon offers a free trial year to evaluate their offerings). That’s a flexible setup and offers direct access to the Linux VM, which is very nice. However, with an amazon EC2 image, I’m not really sure what I would end up paying. The charts seem somewhat vague, depending on future usage of both machine and storage. I would also have pay separately for a domain name, and pay separately for amazon hosting of the DNS entry.

I ended up deciding to use a go-daddy hosted wordpress instance, which is a flat rate service. It is less flexible than a godaddy standalone web-hosting environment, but also cheaper ($12 for the first year, including the domain name, and ~$50/year after that). It also looks like I can upgrade this to a more generic web hosting environment later if the cost of that seems justified. I’ll see first if only having sftp access to htdocs is enough of a major inconvenience to pay that additional yearly fee. If not, then I may consider changing to another host.

Configuring a custom MathJax configuration was a bit of a pain with only sftp access, mostly because I had to copy the MathJax tree, which was very slow for so many small files. I did that directory tree transfer with FileZilla since sftp ‘put –r’ appears to be busted. This MathJax setup was way easier on the EC2 since the ssh shell allowed for wget and local unzip directly from the apache2 htdocs tree. It’s a shame that the mathjax-latex plugin doesn’t allow the MathJax tree to be served from the default server (what the plugin settings calls the ‘MathJax CDN Service’). Logically, I’d like to be able to use that CDN service, but have my configuration file hosted locally. That config file (config/default.js) is a single small file, and is likely all that I’ll ever have to alter in that whole directory tree.

I haven’t decided whether or not I’ll keep my old blog, or switch unconditionally to this new blog (which will be the new home for any of my mathematical or physics related posts). This new blog has no blog-article content so far, and doesn’t yet have a theme template that I like. What is here so far is:

  • An enumeration of things I have written, including archives of all the individual pdfs that I have posted over the years along with my blog entries. All these pdfs are now stored directly on the new site in the htdocs tree. I will no longer be using any of my (three) old google sites pages as pdf stores.
  • A chronological listing of all the Mathematica notebooks I have written. The newest versions of these notebooks can still be found in my Mathematica github repository. A snapshot of each of these is now also available on the new site, so if you have the CDF plugin installed, these can now be examined by clicking on the links directly. Ironically, with chrome and my CDF installation, I’m able to view the .nb suffixed notebooks directly in the browser, but a click on any CDF (.cdf) notebook triggers a download?
  • I’ve made a couple notes about my setup of the mathjax-latex plugin, and the differences in latex markup with that plugin compared to the wp-latex plugin (which is available by default on My future mathematical blogging should be way easier, probably won’t require any of my old tex2blog script, and will also look better!
  • An About page, copied directly from the About page on my old blog.

More to come, … now that I’ve finally finished the Stokes theorem chapter in my Geometric Algebra compilation, I expect new posts to be more frequent.