This time I paid a professional sysadmin. And we're not out of the woods yet -- there's a load of DNS changes rippling slowly through the system, and some backup files to transfer. But in principle ... yes, that was fast.
Do you fancy telling us about the details? I'm looking for some form of coloco/dedicated hosting solution at the moment and hearing about other people's setups is useful.
Arthur: not much to tell -- I'm using a debian box hosted by Bytemark (www.bytemark.co.uk) and we just migrated my configuration across from the old (as in: 2004 vintage) debian box I was previously renting from UK2net.com. The main headache was switching from using BIND 9 on my own server for DNS to hosted DNS provided by Bytemark (I've got several domains, variously registered via UK2, Network Solutions, and Joker.com).
Bytemark also offer virtual servers, which might be a good way to dip a toe in the water (if you're in the UK -- otherwise go look for a US equivalent).
Wh00t!
New server!
Do the happy-server-upgrade dance, you know you want to.
It involves cats, bacon, John Scalzi, the LHC, and a box of chocolates.
And beer.
@10: I concur, the site feels, for want of a better word, "snappy", posts and comment pages load pretty much instantly... now back to reading Jennifer Morgue... again.
Jack: yes, it's still in London. With a different firm, though -- one who provide actual tech support and a network-accessible console for reboots, at about 66% the cost of the previous deal. And, hopefully, a solution to the spam problem in sight ... (on the email side, not the web server side: I also run my email through this box, and before I started outsourcing the spam filtering earlier this year it was running at 20,000 spams/day, spiking to 60,000 occasionally.)
Welcome to the spam world, Charlie. Unfortunately, you are not the one getting a lot of it. I am a SysAdmin; I found that with my customers the solution for spam-flooding is greylisting. After putting a greylist filter in front of the mail server, the spam dropped. Of course, after greylisting I put an antispam/antivirus filter that eliminates the surviving unwanted mails. The only issue with greylisting I found are with badly configured MTA, but you can put them in the whitelist of the greylist :)
Luigi: I've been getting spam since 1992 (the "Green Card" spam that hit usenet). Frankly, what I'm getting in my mailbox now is junk from the spammers who don't even bother looking at MX records -- they just bombard anything that's open on Port 25. (Which, thanks to some upgrades and the new move, will be going away just as soon as I've moved some tech-illiterate family members to a different port.)
I arrived on Internet a couple of years later: I started with FidoNet. From my point of view, looking at the logs (good old tail -f) I noticed that many spammers attacks the secondary MX and THEN the primary, hoping that the secondary MX is less protected than the primary. Many domains use their ISP MTA as secondary MX and trust the mail coming from it, opening the doors to a lot of spam mail. But I don't think that there is a silver bullet to fight spam, and everyone should use a different strategy; in this way spammers cannot use a single strategy to defeat all systems.
Comments
That was fast!
Posted by: MWT | September 22, 2008 6:32 PM
This time I paid a professional sysadmin. And we're not out of the woods yet -- there's a load of DNS changes rippling slowly through the system, and some backup files to transfer. But in principle ... yes, that was fast.
Posted by: Charlie Stross | September 22, 2008 6:41 PM
Do you fancy telling us about the details? I'm looking for some form of coloco/dedicated hosting solution at the moment and hearing about other people's setups is useful.
Posted by: Arthur Chance | September 22, 2008 6:48 PM
Everything looks fine, except I was previously male, and now I'm stuck in this reality for years until the experiment ends.
Posted by: joelfinkle | September 22, 2008 7:50 PM
Arthur: not much to tell -- I'm using a debian box hosted by Bytemark (www.bytemark.co.uk) and we just migrated my configuration across from the old (as in: 2004 vintage) debian box I was previously renting from UK2net.com. The main headache was switching from using BIND 9 on my own server for DNS to hosted DNS provided by Bytemark (I've got several domains, variously registered via UK2, Network Solutions, and Joker.com).
Bytemark also offer virtual servers, which might be a good way to dip a toe in the water (if you're in the UK -- otherwise go look for a US equivalent).
Posted by: Charlie Stross | September 22, 2008 7:54 PM
Your bug-me-by-email form is down, I was going to drop you a line about this:
http://www.iht.com/articles/2006/04/27/business/nec.php
Chinese pirates making a fake company.
If you're still collecting scams.
Posted by: Sebastien Bailard | September 22, 2008 8:54 PM
Sebastian: thanks, I know what's missing (a perl dependency) and I'm fixing it.
Posted by: Charlie Stross | September 22, 2008 8:57 PM
Wh00t!
New server!
Do the happy-server-upgrade dance, you know you want to.
It involves cats, bacon, John Scalzi, the LHC, and a box of chocolates.
And beer.
Posted by: TechSlave | September 23, 2008 3:54 AM
Charlie,
It looks to me like the new iron is still colocated in London -- is that right?
Posted by: Jack Foy | September 23, 2008 7:06 AM
It could be the good old placebo effect, but now the website seems faster and more responsive. The comments pages load almost instantaneously.
Posted by: Giacomo | September 23, 2008 8:33 AM
@10: I concur, the site feels, for want of a better word, "snappy", posts and comment pages load pretty much instantly... now back to reading Jennifer Morgue... again.
Posted by: James | September 23, 2008 9:24 AM
Actually, by publicising the move, Charlie has opened himself up to an attack and this isn't the real antipope.
It may all look normal now, but expect a gradual increase in Chinese Ulster Unionist propaganda.
Posted by: Jim Smith | September 23, 2008 9:54 AM
Jack: yes, it's still in London. With a different firm, though -- one who provide actual tech support and a network-accessible console for reboots, at about 66% the cost of the previous deal. And, hopefully, a solution to the spam problem in sight ... (on the email side, not the web server side: I also run my email through this box, and before I started outsourcing the spam filtering earlier this year it was running at 20,000 spams/day, spiking to 60,000 occasionally.)
Posted by: Charlie Stross | September 23, 2008 10:48 AM
Welcome to the spam world, Charlie. Unfortunately, you are not the one getting a lot of it. I am a SysAdmin; I found that with my customers the solution for spam-flooding is greylisting. After putting a greylist filter in front of the mail server, the spam dropped. Of course, after greylisting I put an antispam/antivirus filter that eliminates the surviving unwanted mails. The only issue with greylisting I found are with badly configured MTA, but you can put them in the whitelist of the greylist :)
Posted by: Luigi Rosa | September 24, 2008 7:00 AM
Luigi: I've been getting spam since 1992 (the "Green Card" spam that hit usenet). Frankly, what I'm getting in my mailbox now is junk from the spammers who don't even bother looking at MX records -- they just bombard anything that's open on Port 25. (Which, thanks to some upgrades and the new move, will be going away just as soon as I've moved some tech-illiterate family members to a different port.)
Posted by: Charlie Stross | September 24, 2008 10:22 AM
I arrived on Internet a couple of years later: I started with FidoNet. From my point of view, looking at the logs (good old tail -f) I noticed that many spammers attacks the secondary MX and THEN the primary, hoping that the secondary MX is less protected than the primary. Many domains use their ISP MTA as secondary MX and trust the mail coming from it, opening the doors to a lot of spam mail. But I don't think that there is a silver bullet to fight spam, and everyone should use a different strategy; in this way spammers cannot use a single strategy to defeat all systems.
Posted by: Luigi Rosa | September 24, 2008 4:22 PM
Frigg and Mafdet get their own port!?
Posted by: Marilee J. Layman | September 25, 2008 1:02 AM