Thanks David and others who replied on an off the list. It was all very helpful. I think I will stay with Bluehost as they have been excellent in every other way, and it seems good enough under this situation. I don't want the hassle of a host switch. I will add the dedicated IP. Sounds like a good deal. To answer a couple questions people had: - They had to give everyone separate IPs temporarily so they could isolate and go after the attacker. - I have no idea if they know the 60 second TTL idea David mentioned. I was simply absorbing what I could from what the support guy said. Thank you!! Val On Wed, Jun 9, 2010 at 9:56 PM, R. David Murray <rdmurray at bitdance.com>wrote: > On Wed, 09 Jun 2010 17:53:11 -0400, Val Nelson <val at valnelson.com> wrote: > > Wondering what you think of this. My web host, Bluehost, has my website > on a > > shared IP. One of the other websites on that server was attacked so now > my > > site has been temporarily moved to a dedicated IP and I have to wait for > > propagation (anywhere from 4-72 hours-ish) for the site to be found > again. > > First of all, that number is wrong (4-72 hours) [1]. The "normal" real > numbers are 0-24 hours, and how long it takes for your new IP to be seen > varies per visitor. That is, someone who is using a DNS server where no > one has visited your site for the previous 24 hours will see your new > IP right away. For someone using a DNS server where your site *has* > been visited in the previous 24 hours, in the worst case it will be > 24 hours before your new IP is picked up by that DNS server, but will > typically be less than that (12 hours on average). > > This assumes your hosting provider is using the default TTL (time to live) > of 24 hours on your web server DNS entry. > > A smart web host provider doesn't, they use a much shorter TTL, for > exactly the reason you ran in to. I use 60 minutes, myself. > > > To make matters worse, they will move it back once they solve the attack > and > > then I'll have that same propagation situation. And they won't promise to > do > > that move back overnight. Hate that. > > If this is true, they don't know what they are doing. If they *know* > they are going to make the move, then the standard procedure is this: > > 1) set the TTL on the DNS record to 60 seconds > 2) wait until the previous TTL period has elapsed. At that point, > all DNS servers will be working off the new, 60 second TTL. > 3) change the IP > 4) wait 60 seconds > 5) change the TTL to the normal standard TTL that the hosting > provider uses > > > Bluehost claims this is a fairly common occurrence for shared hosting > > services but not common on any one server. Is this that common? Doesn't > > sound right to me. > > A hosting provider with a lot of sites is bound to have a someone get > attacked (or turn out to be a spammer) every once in a while. But as > they say, any given IP shouldn't be too likely to get hit, since their > large number of sites should be spread across a significant number > of individual IPs. > > > I'm trying to decide between paying for a dedicated IP ($30/year) or > moving > > hosting services. Can you advise? > > If they really don't know how to do the transition back so that you have > minimal downtime[2], then you should definitely switch hosting providers. > > -- > R. David Murray www.bitdance.com > > [1] 4-72 hours is a number I have heard for transfers of DNS hosting > (that is, changing which *DNS* hosting provider is serving your domain). > Perhaps the person you spoke to was just confused about what was being > done. Though even DNS hosting transfers don't generally take that > long. > > [2] Even with a TTL of 60 seconds, the perceived downtime for many of > your visitors will be between 0 and 30 minutes. This is because > Internet Explorer doesn't pay attention to the TTL on DNS records, it > always caches records for 30 minutes. That is at least better than IE4, > which always cached them for 24 hours. > > http://support.microsoft.com/kb/263558 > > Firefox caches DNS records for only 60 seconds. Not sure about > other browsers. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20100609/fa88052b/attachment.html