Media Temple Proactive Against DoS

I have some mixed opinions of Media Temple tonight.

On the one hand, I was completely unable to access swinny.net (IMAP/SSH/HTTP) or domains under the same account (10AM PST). Support told me (reasonably promptly - 10:52AM) that they could find no problems and to send in a traceroute.

On the other hand, I received an automated email (10:28AM) that my IP had been changed in response to a large DoS attack:

Recently, the IP address which hosts your site was the target of an extremely large Distributed Denial of Service Attack (http://en.wikipedia.org/wiki/Ddos#Distributed_attack). Though the attack was initially mitigated, as the severity grew, (mt)'s DDoS protection system began blocking all access to this IP address. This step is a final defense only required for the largest of attacks, and helps preserve the stability of the network as a whole. It is unclear at this time which of our customers is the target of this attack.

In the meantime we have updated your IP address to 70.32.71.8. This IP address is a dedicated IP address, used by your site alone, so this problem will not re-occur for you unless you, specifically, are a target of such an attack. If you host your DNS with us, this change has already been made for you. If not, please update your DNS zones accordingly. Please be aware that it may take up to 24 hours for these changes to your zone to propagate to the internet as a whole, so users may have difficulty accessing your site during this window.

We apologize for the disruption to your service. If you have any further questions regarding your (mt) Media Temple services, please feel free to contact us at any time.

So... GOOD for taking steps to mitigate the effects of the DoS, BAD for support not knowing anything about this.

As it turns out, I had installed a wiki on one of my spare domains (cycling-world.net), and that site had been getting pounded recently (ok, since mid December) by some kind of bot. MT's GPU usage graph and detailed log revealed all. In fairness it was a 'pounding' by my standards - under 1000 hits per day on the homepage of the site. This on its own would not have triggered a DoS alert. I'll be investigating whether it's related to the attack.

Update Friday 22 January 2009: Amanda from MediaTemple called, to apologise for the confusion and lack of information on my support request. In summary, the technician did have the IP-change information available, but did not notice it.

This was a nice touch to be called, and to have the situation explained personally. I have also been given a one month's hosting credit - only $20, but it's a nice gesture, and generous considering the minor inconvenience caused. I think that $20 has Haiti's name written on it.


Comments

It's quiet in here...Add your comment