One of the issues for the DDOS attack was that we are on a shared hosting plan. This has the advantage of being Cheap ($). But you are sharing the same server with several others. Old(er) developers among you might remember a time when programming was done via terminals , connected to a centralized system. These systems were usually Unix Boxes and were known as multi-user systems. Windows Systems don’t have the concept of multi-user even on so-called Windows Server boxes. This is because computing horsepower is so cheap. Everyone can have their own computer. But Unix and Linux systems still have this feature even to this day.
What does this have to do with shared hosting? It turns out that web-servers can serve up different websites based upon how they are accessed. Apache calls this Virtual Host. Nginx uses server blocks. I’m sure that IIS has a way of doing this as well. For Example if www.domain1.com points to 18.104.22.168 and www.domain2.com points to the same IP Address. If Virtual Hosts is properly setup then domain1’s webpages will be different than domain2’s webpages. The users of domain1 will think that they are on a completely different site than domain2 and in essence they are.
Here is a better explanation:
On my shared hosting account I could log into my account but I was just a user. I could not see the access and error logs. This can be provided for me but Verio didn’t bother.
So what is a VPS? A VPS (Virtual Private Server) is a virtual host in the cloud. The VPS provides an operating system with some software pre-loaded. There is a control panel where I can stop/start the server. Re-install the OS if I wanted etc. They provide ssh access to it and you can login as root. In short you own the box. I chose a local VPS provider interserver.com, So far they are excellent. I chose the cheapest plan for $6.00. This is even cheaper than Verio’s shared hosting. You can get a site based in New Jersey unlike Colorado where the Verio servers are located. Since I am a Linux SA I found it easy to setup Apache. The great thing is that I fully controlled the box so I can access the logs, configure Apache and security the way I saw fit.
It turned out that I needed a VPS to fix my DDOS problem.