ctpb
11-04-2006, 07:38 PM
What do you expect for 60-100/month? I expect more than I get....
We have tried server management in the past, and have finally come to the conclusion that it is just not good for us. We started it out on a single server, which we brought online around 6 months ago. Decided first to go with Server Wizards, who we employed to set up the server, after our install of CentOS 4. They said the install would be done the same evening we signed up, and 24 hours later, still nothing done on the box. I opened another ticket, and they indicated it would be done that day, and sure enough, everything was online later that night, around 24 hours later than they indicated.
We opened a few tickets, and hours later we would receive responses such as "please provide the username" or "please create the test account" and other seemingly useless clarifications to items that were either already specified in the ticket, or items that we simply should not have had to provide, as they should have managed it within the ticket. Thus there were delays which extended simple tickets into something that required a day or more to resolve. I expressed my dissatisfaction within 5 days of signing up, and requested a refund, to which I received a response that they do not supply refunds, so we hoped for the best and continued for another couple of weeks before deciding to move to Acunett.
When we moved to Acunett, their initial setup revealed:
I’ve disabled "lamed server" logging that clutters your daily log files.
Sim was very poorly configured. No services were set to be checked.
SPRI was not installed. I have installed it.
I've installed PRM which monitors your server for processes that use extensive server resources for prolonged periods of time. These processes are logged and killed, preventing high loads and potential server crashes. An email is dispatched whenever a process is logged and killed.
/tmp and /var/tmp have been hardened to prevent the execution of malicious scripts
/dev/shm & /var/spool/mail have been hardened to prevent the execution of malicious scripts. Unused, insecure directories have been removed from your system.
Apache Web Server has been secured and optimized.
Lcap was outdated. I have upgraded it.
A log analysis system has been installed on your server. Emails are dispatched daily; the amount of detail in the emails can be changed on request.
I have modified nsswitch.conf to secure and optimize DNS lookups.
Sysctl.conf was not fully optimized. It also contained a few incorrect keys. I have corrected this.
Libsafe was not installed. I have installed it.
VF_Utime was not set in apf which can lead to lock up issues on restart.
Your APF was set in dev mode which means it wasn't even active. Your server has been running without a firewall .
Sysctl hooks were not set in apf. I have set this.
Syncookies was enabled which can cause many problems with client connections. Even apf itself states:
syncookies seriously violates TCP protocol and can result
# in serious degradation of some services (i.e. SMTP);
# visible not by you, but your clients and relays whom are
# contacting your system.
I have disabled it.
No ports were set in apf at all. If the firewall had been active it would have locked everyone out.
Whoever did the initial setup before did a fairly sloppy job. Antidos and antispoof rulesets have been enabled for apf.
I have hardened host.conf to prevent dns lookup poisoning & spoofing protection.
LES has been installed to add an additional level of local environment security to prevent against environment based attacks.
So we seemed to be off to a good start. We noticed quickly, that the old method we used to access the control panel no longer worked. Acunett indicated that they did not change anything that would have resulted in this new found error, but it only started happening after they completed their version of the server setup. A few days past, with communications back and fourth, and no resolution. Ronny suggested that it seems to be a problem with Ensim, and that we need to re-install it to correct the issue. I pressured that I did not feel that was an acceptable solution, and ultimately the provided a band aid solution and created a forwarder in the directory I suggested should bring up the ensim login. Made me happy I suppose, but did not find the root of the problem, only applied a patch.
A week later, we had another issue, where we were receiving python errors in the control panel, and none of the functionality was there. Again, Ronny indicated that he thought it was due to a bad install of Ensim. I reviewed the services on the machine, and found PostgreSQL to be stopped. I restarted the service, and the errors disappeared. That's when we became a little concerned. Twice now they indicated they wanted to reinstall our control panel, for what seemed to be very minor errors. Weeks went by and I found I had the same problems we had with server wizards. Tickets took way to long to get a response, and when we did get a response in a timely fashion, it was always 'Looking into this issue' or 'What is the password', even when the password was clearly stated in the ticket already.
2 months ago, during a proactive update, they updated our OS to CentOS4.3, which was not supported by Ensim 4, and it caused SSH,FTP & HTTP to go offline. The server happened to be one we had in a colo facility that we sub from, and we did not have access to it, and the only person who did at the time was away for the weekend, so offline it stayed for 3 days. Acunett was supportive over the phone when we finally did get access to the box, and did accept responsibility for bringing the server offline, and credited our account with not only their monthly cost, but our costs for gaining access to the server as well.
A month later, we moved the server they managed to a new location. It was offline for 5 hours before they sent the notification that the server was down. We then rebuilt the machine, and asked them to set it up again, and they could not get Ensim installed correctly. The box at that time, had a fresh OS install on it...
We have come to realize that we just don't need a server management company... In the few months that we were using this type of service, it seemed that most of the problems we had with the server, were related to the management company, and any ticket we opened that required any sort of configuration that was outside of the normal realm, was either 'not possible', or took days to resolve. Maybe this type of service is good for a standard cPanel box, with everything configured as 'normal' or one size fits all, but I certainly don't think things worked out well with Ensim and our configuration.
Today, we rebuilt the server, and moved one of our windows boxes to this IP. That was 8 hours ago, and I have still not received notice that anything is offline....
We have tried server management in the past, and have finally come to the conclusion that it is just not good for us. We started it out on a single server, which we brought online around 6 months ago. Decided first to go with Server Wizards, who we employed to set up the server, after our install of CentOS 4. They said the install would be done the same evening we signed up, and 24 hours later, still nothing done on the box. I opened another ticket, and they indicated it would be done that day, and sure enough, everything was online later that night, around 24 hours later than they indicated.
We opened a few tickets, and hours later we would receive responses such as "please provide the username" or "please create the test account" and other seemingly useless clarifications to items that were either already specified in the ticket, or items that we simply should not have had to provide, as they should have managed it within the ticket. Thus there were delays which extended simple tickets into something that required a day or more to resolve. I expressed my dissatisfaction within 5 days of signing up, and requested a refund, to which I received a response that they do not supply refunds, so we hoped for the best and continued for another couple of weeks before deciding to move to Acunett.
When we moved to Acunett, their initial setup revealed:
I’ve disabled "lamed server" logging that clutters your daily log files.
Sim was very poorly configured. No services were set to be checked.
SPRI was not installed. I have installed it.
I've installed PRM which monitors your server for processes that use extensive server resources for prolonged periods of time. These processes are logged and killed, preventing high loads and potential server crashes. An email is dispatched whenever a process is logged and killed.
/tmp and /var/tmp have been hardened to prevent the execution of malicious scripts
/dev/shm & /var/spool/mail have been hardened to prevent the execution of malicious scripts. Unused, insecure directories have been removed from your system.
Apache Web Server has been secured and optimized.
Lcap was outdated. I have upgraded it.
A log analysis system has been installed on your server. Emails are dispatched daily; the amount of detail in the emails can be changed on request.
I have modified nsswitch.conf to secure and optimize DNS lookups.
Sysctl.conf was not fully optimized. It also contained a few incorrect keys. I have corrected this.
Libsafe was not installed. I have installed it.
VF_Utime was not set in apf which can lead to lock up issues on restart.
Your APF was set in dev mode which means it wasn't even active. Your server has been running without a firewall .
Sysctl hooks were not set in apf. I have set this.
Syncookies was enabled which can cause many problems with client connections. Even apf itself states:
syncookies seriously violates TCP protocol and can result
# in serious degradation of some services (i.e. SMTP);
# visible not by you, but your clients and relays whom are
# contacting your system.
I have disabled it.
No ports were set in apf at all. If the firewall had been active it would have locked everyone out.
Whoever did the initial setup before did a fairly sloppy job. Antidos and antispoof rulesets have been enabled for apf.
I have hardened host.conf to prevent dns lookup poisoning & spoofing protection.
LES has been installed to add an additional level of local environment security to prevent against environment based attacks.
So we seemed to be off to a good start. We noticed quickly, that the old method we used to access the control panel no longer worked. Acunett indicated that they did not change anything that would have resulted in this new found error, but it only started happening after they completed their version of the server setup. A few days past, with communications back and fourth, and no resolution. Ronny suggested that it seems to be a problem with Ensim, and that we need to re-install it to correct the issue. I pressured that I did not feel that was an acceptable solution, and ultimately the provided a band aid solution and created a forwarder in the directory I suggested should bring up the ensim login. Made me happy I suppose, but did not find the root of the problem, only applied a patch.
A week later, we had another issue, where we were receiving python errors in the control panel, and none of the functionality was there. Again, Ronny indicated that he thought it was due to a bad install of Ensim. I reviewed the services on the machine, and found PostgreSQL to be stopped. I restarted the service, and the errors disappeared. That's when we became a little concerned. Twice now they indicated they wanted to reinstall our control panel, for what seemed to be very minor errors. Weeks went by and I found I had the same problems we had with server wizards. Tickets took way to long to get a response, and when we did get a response in a timely fashion, it was always 'Looking into this issue' or 'What is the password', even when the password was clearly stated in the ticket already.
2 months ago, during a proactive update, they updated our OS to CentOS4.3, which was not supported by Ensim 4, and it caused SSH,FTP & HTTP to go offline. The server happened to be one we had in a colo facility that we sub from, and we did not have access to it, and the only person who did at the time was away for the weekend, so offline it stayed for 3 days. Acunett was supportive over the phone when we finally did get access to the box, and did accept responsibility for bringing the server offline, and credited our account with not only their monthly cost, but our costs for gaining access to the server as well.
A month later, we moved the server they managed to a new location. It was offline for 5 hours before they sent the notification that the server was down. We then rebuilt the machine, and asked them to set it up again, and they could not get Ensim installed correctly. The box at that time, had a fresh OS install on it...
We have come to realize that we just don't need a server management company... In the few months that we were using this type of service, it seemed that most of the problems we had with the server, were related to the management company, and any ticket we opened that required any sort of configuration that was outside of the normal realm, was either 'not possible', or took days to resolve. Maybe this type of service is good for a standard cPanel box, with everything configured as 'normal' or one size fits all, but I certainly don't think things worked out well with Ensim and our configuration.
Today, we rebuilt the server, and moved one of our windows boxes to this IP. That was 8 hours ago, and I have still not received notice that anything is offline....