Friends Don’t Let Friends Have Unlimited Hosting
One of the advantages of having a VPS account is that you can play Web host to some of your friends. Currently, four people other than my wife and I have six different sites on my VPS, most of them small blogs or static sites. They’re not a burden by any stretch, at least no under normal circumstances and, since I’m nowhere near maxing out my VPS’ resources, they’re free to host effectively.
Typically, when I set up these accounts, I have just used the WHM/cPanel defaults, which include unlimited bandwidth and server space. Typically that has never been a problem, my friends sites usually take up only a few 100 MBs and draw almost no bandwidth.
That is, it wasn’t a problem until earlier this week.
What happened was a painful reminder that, even in friendships, sometimes you need to set firm boundaries as vague ones can be accidentally crossed and wind up hurting everyone.
A story of friendship, FTP and architectural drawings
Recently, one of the friends I came to host owns a medium-sized business. This followed a nasty incident with their former host where we performed an emergency “evacuation” to my server. However, since the company doesn’t do much business over the Web, the load they put on the server was small. As such, the short-term evacuation turned into a longer-term stay.
The first sign of trouble began at about six o’clock one evening. While I was at dinner, my cell phone chimed to alert me that my server was done. However, before I could do anything I received a similar alert that it was back up. Thinking it was either a glitch or a just a hiccup, I thought nothing of it.
However, the troubles continued as cPanel later notified me that the outgoing mail server, EXIM, was down on one port. A reboot seemed to fix the problem but we had also noticed an extreme delay in my wife getting her email. However, the pieces weren’t put together until the next morning when the company had no access to their email and no one could use cPanel due to a drive space error.
It was a nasty way to wake up in the morning, but I sprang into action. I contacted my host, Servint, to see if they could upgrade my account, at least temporarily, to fix these issues.
While they jumped on the mirgration immediately, it went less than smoothly. The account was so overstuffed that it was creating errors when they tried to move it. They eventually resolved the problem and, within a few hours, had my server back online. However, half a day’s email was lost (having been bounced already) and hours of time were wasted by me, my wife and others trying to fix the issue.
But what was strange was that the server, just a week or two before, had been at less than 25% capacity on the hard drive, barely touching the 30 gigs available. So what happened? It turned out that one of the contract employees at the company had been using the site’s FTP server to backup project files, which were large architectural images and, over the course of several weeks, had managed to add almost 20 gigs to the server. When the server finally succumbed she was in the middle of yet another huge upload.
This was in spite the fact that there was a company policy in place against long-term FTP storage (for security as well as file space reasons) and a broad understanding that the FTP was meant to be a temporary host for files to be transfered to others, not a storage center.
In short, in one mistake, she took out the company email (the server was too full for it to accept new messages) for half a day and caused several hours of site downtime for the upgrade/transfer.
However, in the end, the fault was mostly my own and I’ll explain why.
Why I Quite Rightly Blame Myself
In truth, I could have easily prevented this disaster. WHM/cPanel makes it easy to set limits on accounts. A 20 GB limit on this site would have prevented it from taking down the entire VPS. Though the uploads would have timed out when it reached the ceiling, I wouldn’t have had to watch as the entire VPS ground to a halt, all of its servers unable to find enough room to function.
In the end, only Apache managed to stay up for much of it. All of the sites remained active even as email, cPanel and even FTP began to crash. While this kept the public embarrassment to a minimum, it only masked a very serious problem.
However, it will not be a mistake I repeat. It’s a lesson learned. I’ve gone through and added high limits to each account ensuring that no one account can sink the server. I’ve also changed the default behavior of WHM to add quotas on new accounts, ensuring that I won’t forget it in the future.
Though my server is very oversold, meaning that my accounts have a much larger amount of space than I have available, the goal isn’t to divide up the territory evenly, but to ensure that no one site can wreak so much havoc again.
In the end, it all has a happy ending. Other than the bounced email, there is no data loss and the Web-facing downtime was minimal (an hour at most total). Though it was frustrating, it ended reasonably well.
However, it is a lesson learned and one well wroth passing on. If you have WHM and you host friends, be sure to set limits on their accounts. Though you can and should trust your friends, accidents happen and, sometimes, people don’t realize what they’re doing. Setting up a safety valve is important.
So be smart, set limits on your accounts, no matter how good of friends you are. You’ll be thankful later.