Hosting

I use the EasySpeedy for my hosting. They already provide the most transparent hosting plans and hosting contract I have seen, but they continue to impress me. I’ve got 2 servers there and will put my 3rd one there if need be.

Apparently one of their clients where spamming with spoofed IP addresses from other users on their network. This is obviously a big problem as no one wants to get black listed.

From the beginning they have been incredibly open about it and gone that extra yard in uncovering the spamming vendor of Viagra and Penis enlargers.

I am not 100% sure if he used one of my ip addresses. I haven’t got mail servers on any of my servers. Both of do do outgoing mail though via ActionMailer in Rails.

Now what they did is send out a fantastic email that I will share with you below:

To make it cheaper for myself to register SSL Certs I have created a Go Daddy reseller certificate shop WideCert . I encourage everyone to use SSL on all web apps that use passwords or contain private data.

I find it really is somewhat disrespectful to users when a web site owner requires the users to type their passwords in clear text. In particular nowadays with WIFI where it is really easy to sniff the passwords of people around you.

For this reason I want to offer these SSL certs at the cheapest possible price to rails and other web 2.0 app developers. At the time of writing the lowest price I can offer is $27.95 for a 1 year Turbo Cert. GoDaddy is offering the same at the time of writing for $19.95, which I should be able to match this coming week. If you need the cert quickly go get it there. I will update this as well as post another entry in the blog when this is available.

I have posted complete instructions over on my technical blog in Installing certs on lighttpd.

Btw. You can also register domain names and virtual dedicated servers etc through widecert. I was a opensrs reseller before and am slowly transfering my domains over as they are a lot cheaper.

Last night my GMail account started acting funny. It wouldn’t let me communicate with the server. After a few hours they seemed to get it working again, but I didn’t seem to be getting any mail. I sent various test messages that never came through.

This morning it’s the same. I’ve done the standard geekoid telnet port 25 to various of their smtp servers and they just timeout. So what is the story here? A DoS attack or something like that?

It seems something happened so they had to first just shut everything down. They then managed to get the web part of it up and running so people could access their existing mail, but not the actual incoming email infrastructure. I have been able to send mail from Gmail, which sounds to me like their infrastructure is actually working.

Hmm, a massive DoS seems the most likely cause. I hope they let us know afterwards what it was and how they (hopefully will) beat it.

Until GMail works again, if you need to reach me for any reason cc my account at pbraendgaard@mac.com as well.

Update
After a brief loss of the web interface gmail came back around 5pm Danish time and most of my new incoming mail was ready and waiting in the mailbox. Still haven’t seen an explanation anywhere.

I have always been interested in security and cryptography and have always been annoyed with the security disclosures or lack of them that most web applications offer.

Therefore I am making StakeItOut’s Security Page
painfully public for the world to see. I think it is better for small fish like me to be honest and not end up in a situation with some huge liability on our head.

BTW. I am writing these kinds of things bit by bit in Backpack as I am putting most of my focus on site functionality at the moment. Backpackit is just great for these kinds of things. The next wave of beta testers should be invited in, within the next day or two.