Securty and upgrades question


#1

Hi
A friend recommend that I take a look at your hosting services. So far I’m pretty impressed with the amount of
service you offer for a low cost.

However I do have some questions which I can’t seem to find. Is there any downtime with your servers for upgrades or maintenance? How much advance time would I receive?
How often are the servers patch for upgrades? Do you have any QA processes to test those patches or upgrades?

If someone breaks into my website due to a server OS exploit or launches a denial of service attack. How does Dreamhost respond? Especially during a denial of service attack, can Dreamhost help stop the attack? When reporting the problem would it be one number to call? or would I have to navigate through phone mail “hell”

Another post mentioned Exodus. If Exodus goes out of business tomorrow, what would become of my site or even my account? How fast can Dreamhost get my site back up?

If someone could answer the above questions that would be great!


#2

We generally don’t have to even reboot for security upgrades (and when we do (for a new kernel or something), downtime is generally brief). We generally track the stable version of Debian Linux, which is one of the more stable / secure (ie conservative) distributions of Linux.

We do maintain our own packages (ie Apache, PHP) for certain software; in this case we patch software as soon as a vulnerability is made public.

Generally reporting an attack of some sort would be done via email, but we generally are the first to notice this sort of thing (since it usually causes other problems that make our pagers go off). While we try to prevent exploits, we would most likely swap out an exploited machine for a new machine (our system makes it pretty easy to swap out an entire web machine in a matter of minutes).

With a DOS attack, the response would also depend on whether the attack was distributed or not; obviously a DOS attack with one source is much easier to block at the router than a distributed DOS attack…

I think it’s extremely unlikely that one of our providers would go out of business without at least a few months of warning; we’ve done one move recently (with fairly little downtime), so it would not be difficult for us to do it again if necessary. We’re not going anywhere!