Rochen

The story how your provider can create a big problem for you from nothing.
Or what exactly happened with my website...

I was going to write all this 2 weeks ago, but too long English texts take me too long time. So sorry for my grammar and the rest.

I hope that you still remember that when i was in Russia in the beginning of the February almost immediately my site stopped working and this situation was without any changes during a week.

I want to say i big fat "thank you" for this to ROCHEN!
So..What happened?

The situation would be funny if it would not be so sad.

Some prehistory…
Before Rochen my hoster was Site Ground and it worked well until their limitations for quantity of visitors became too tight for me. I began to search for another company with business host plans.
I've chosen Rochen because of their great resume and recommendations.
During consulting all answers on my questions were positive and i was completely satisfied with them.

That what is written on their website:

"For top performance reseller hosting and excellent support for your business"
"The goal is simple: Make your site load as fast as possible, maintain the best possible uptime and make available to you a team of certified engineers who can be called on at anytime for fast and knowledgeable assistance. Here at Rochen we are proud to say "Performance Hosting" is more than a slogan - it is the way we do hosting."

Sounds great, isn't it?
And everything worked normal until my primitive Joomla sites were not interesting to anybody except me.
The story has began from my visit to Russia, perhaps this is not the best time spending but i have to.
So while i've been spending unforgettable moments in airports, railway and bus stations one remarkable letter come to my e-mail:

Off topic: My main opponent was Christopher Adams (quotes form Rochen site)
"Founder & CEO . As a veteran of the web hosting industry, Chris serves as Rochen's Chief Executive Officer, a role he has held since founding the company. He is responsible for the overall day-to-day management of all functions within the business including sales, customer support and operations. Chris credits Rochen's phenomenal success to the precision focus it places on customer support and investing in the best
possible infrastructure. He took a critical decision early on that Rochen would never outsource support and would own and manage all of its infrastructure instead of simply renting servers from a larger data center.")
Of course i feel myself guilty that could not answer my poor hoster immediately, this bad, readily bad.


In the letter there was notification that my account has used too many CPU and this violated their Acceptable Use policy and affected all users and they have suspended my account. I was offered to read what is CPU usage and asked to resolve everything in max 14 days or pay for more expensive services or move to another hosting provider.

Classical: "Money or live!"

I was a little bit confused and a little bit shocked. That is normal when you have no idea what happens.
So i decided to ask this original question: What exactly happened?
In the answer i was notified that i got all necessary info and that i need to read pdf files and learn what is CPU usage. After i would reach a nirvana reading this i should go and delete script that made a problem. After this i was promised to get partly access to cPanel. (Any idea how I can delete something without access?) In case i was not sure which script i need to delete i had to contact my developer.

The nirvana is unreachable for such a dumbass as me. My answer was that I still did not understand what has happened because I personally did nothing with the website: no new scripts or any other changes.

I said that since the collapse could not be the result of my actions I need detailed info about what exactly happened.

My suggestions about possible situations were:

"99.999% - the mistake of your staff or changing of server settings
0.00099% - wrongful acts of third parties (malicious hackers)
0.00001% - too many web users decided to visit my page, though when i've decided to buy your services your consultant said me very nice numbers, which you can hold without a problem
So i still have the same problem, what happened?
Where is the stats about this incident?"

Also I asked if it was possible to contact by phone or Skype to resolve everything asap and added that even if I knew what happened I could not do anything because I do not have ANY access to my account.

In the answer from Chris I was assured of virginity and purity of the hands of the experts and that the stats existed only for 24 hours and that, nevertheless, I had to go through nirvana, read about "CPU usage" and find the developer.

After this there were several letters more and finally i got the info when (not "what") our "event" had happened.

Chis explained me that at 0225 appeared the problem with Cairo and their "engineers discovered the server was under very high loads and the cause of the loads was processes executing under your account" They even did a post about this on forum! After all this somebody from staff has come and turned everything off, and suspended my account of course. The best salvation of all problems.

Actually later logs showed me that the problem began two hours before somebody has noticed something, uuh that famous Rochen active monitoring.

After this answer I thought how good that we had IT industry which gives a job to this kind of experts. Just imagine that he could go into medicine.
Then the report could be "I was on duty when i've heard signal from intensive care part. I was afraid that something would be broken and turn all the equipment off."

Once again: i'm so happy that IT industry exists.

Actually to this moment the diagnosis was clear to me, the thing that was not clear why each answer took so much time from 25 min to 1,5 of an hour.

I've asked for logs as long as they could not solve the problem by themselves and contact the police if the problem was the result of third parties actions.

If you think that I got logs or their analysis you are wrong.

I spent 24 hours trying to get any info about incident and explaining that I would be happy to do anything if I could do anything (I hope it is clear that it is impossible to do something when you don't know what happened and you don't have any access to the tools which may help you to understand this, plus everybody refuses to give you any info or this access.)

And once again I get the same answer: that I'd already get everything and they would not give me anything (whether info or access) until I would do something. WTF?

In Russian folklore we have a fairy-tale with similar quest: "Go there I don't know where and bring me something I don't know what"

Ok. I became really pissed off but decided to remind that I was ready to do something from the very beginning.

Tada! After 8 hours from my last answer and I got an access to the logs. 5 minutes more and my eyes began to look like like this O___O

Some "hacker" from 10 to 12 years old tried to make SQL injection to my poor website using default programs for this. It took him about an hour to understand that nobody waits for him there. It seems like this fact was rather offensive and he started DoS test and went to sleep.

Though even in 2007 it was well known that «This kind of primitive DoS-attack has minimal chances to success in the modern internet. Because Internet protocols of transferring data allow hosting provider to filter too intensive stream of requests from one IP address.»


I can understand his sorrow.

Guys, just tell me and for some little money I will give you admin password and password for database or user's database. Don't be upset I have to admit that there is nothing interesting there, i'm only photographer, not a porn site or casino.

But I looked like O_O not because of "hacker" but because my dear hosting company was to lazy to configure the server even from such children's actions from 1 (one) IP address.
(in the general case living without problems one or two lines are needed in configuration. something like
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_req zone=one burst=5;
As soon as there was cPanel there, example is for CentOS, perhaps there are some more simple ways but I'm stupid and may not know about them)
And of course I may not know about router, firewall configuration or any other working methods because i'm just stupid girl.

I feel necessary to mention that I had shared type of hosting and could not configure server by myself – this was the task and obligation of hosting provider.

I notified my dear hoster about what happened, gave a lot of info about what are logs and how they can work with them, asked why they had not have protection from such a primitive attacks and also asked why they had tried to make their client to work instead of them and work on their education. Then asked to restore my access to the account and read point three of my recommendations "3) all versions you offer are reduced to the actions of third parties alleged unlawful nature, please contact the police"

After this I asked a compensation for creating so many problems to me and my consulting services.

Perhaps I should go and read about "CPU usage" and to do a quest "contact developer" (this is second most popular quest after "Did you try to turn it off and turn it on again?")... But i'm sorry I had more necessary things to do in this day.

There is no limit to amusement, the answer was that they thank me for investigating but they were not obligated to many any protection from this kind of attacks, because this costs too much! ("too much" in this case was zero(0)), plus i've threatened them (oh deer, where? did they mean my ask for compensation for did not providing me the services I pay for?)) and I have violated Terms of Service Agreement (TOS) and Acceptable Use Policy (AUP) (cool, now i'm responsible for the actions of all idiots, may be the 2nd World war is also my fault?)

and the epic phrase (I cannot miss it here!): "As such we no longer wish to have you as a customer." !!!! They have broken my heart!

After this followed the words they I should fuck off from their hosting in 24 hours (of course not in this words but they fit best to the sense).

I think they have invented new type of attack: HPDos (hosting provider denial-of-service)attack

www.rochenhost.com/servers-and…

The iron heart of my opponents are not even twitch when I said which points of the agreement they have violated.
 I was bravely sent to the court ...
And of course welcome to Rochen Facebook www.facebook.com/rochenhost

Say "thank you" from my name.