[Hidden-tech] web host problem - advice request

R. David Murray rdmurray at bitdance.com
Wed Jun 9 21:56:24 EDT 2010


On Wed, 09 Jun 2010 17:53:11 -0400, Val Nelson <val at valnelson.com> wrote:
> Wondering what you think of this. My web host, Bluehost, has my website on a
> shared IP. One of the other websites on that server was attacked so now my
> site has been temporarily moved to a dedicated IP and I have to wait for
> propagation (anywhere from 4-72 hours-ish) for the site to be found again.

First of all, that number is wrong (4-72 hours) [1].  The "normal" real
numbers are 0-24 hours, and how long it takes for your new IP to be seen
varies per visitor.  That is, someone who is using a DNS server where no
one has visited your site for the previous 24 hours will see your new
IP right away.  For someone using a DNS server where your site *has*
been visited in the previous 24 hours, in the worst case it will be
24 hours before your new IP is picked up by that DNS server, but will
typically be less than that (12 hours on average).

This assumes your hosting provider is using the default TTL (time to live)
of 24 hours on your web server DNS entry.

A smart web host provider doesn't, they use a much shorter TTL, for
exactly the reason you ran in to.  I use 60 minutes, myself.

> To make matters worse, they will move it back once they solve the attack and
> then I'll have that same propagation situation. And they won't promise to do
> that move back overnight. Hate that.

If this is true, they don't know what they are doing.  If they *know*
they are going to make the move, then the standard procedure is this:

    1) set the TTL on the DNS record to 60 seconds
    2) wait until the previous TTL period has elapsed.  At that point,
        all DNS servers will be working off the new, 60 second TTL.
    3) change the IP
    4) wait 60 seconds
    5) change the TTL to the normal standard TTL that the hosting
        provider uses

> Bluehost claims this is a fairly common occurrence for shared hosting
> services but not common on any one server. Is this that common? Doesn't
> sound right to me.

A hosting provider with a lot of sites is bound to have a someone get
attacked (or turn out to be a spammer) every once in a while.  But as
they say, any given IP shouldn't be too likely to get hit, since their
large number of sites should be spread across a significant number
of individual IPs.

> I'm trying to decide between paying for a dedicated IP ($30/year) or moving
> hosting services. Can you advise?

If they really don't know how to do the transition back so that you have
minimal downtime[2], then you should definitely switch hosting providers.

--
R. David Murray                                      www.bitdance.com

[1] 4-72 hours is a number I have heard for transfers of DNS hosting
(that is, changing which *DNS* hosting provider is serving your domain).
Perhaps the person you spoke to was just confused about what was being
done.  Though even DNS hosting transfers don't generally take that
long.

[2] Even with a TTL of 60 seconds, the perceived downtime for many of
your visitors will be between 0 and 30 minutes.  This is because
Internet Explorer doesn't pay attention to the TTL on DNS records, it
always caches records for 30 minutes.  That is at least better than IE4,
which always cached them for 24 hours.

    http://support.microsoft.com/kb/263558

Firefox caches DNS records for only 60 seconds.  Not sure about
other browsers.


Google

More information about the Hidden-discuss mailing list