Server and System Status

The problem with server NC020 actually started before the outage on Friday, about midday UTC. A client’s website was compromised, and the cracker downloaded scripts to cause the sending of spam. This took place over the course of a day or so, and eventually the spammer consumed all of the resources of the server. Although the server was still up, it was unresponsive.

Most websites are authorised to use the mail server on a hosting server, so we can’t block that ability completely. However, we will make a concerted effort to improve the monitoring of abuse (intended by the client or not) of this function.

In this case, we cleaned up all of the generated spam, removed the offending scripts, and will work with the client on the issues with their website security.

For the record, there are two levels of compromises: at the root level or the user level. At the root level is very bad, and requires a brand new server to be provisioned. This was a user-level compromise which, while bad, is easier to fix and recover from.

We again apologise for the downtime. We will be contacting and crediting affected accounts. We are always working to prevent security issues like this, but it’s an ongoing task. Thank-you for your patience and continued business. If you have any questions, please feel free to contact support.

An automated alert was issued at 14:04 UTC today that the web server on NC018 was down. Unfortunately no immediate action was taken by the data centre where the server is located, and the server was not restarted until 17:03 UTC.

We apologise for this significant delay. We have taken this issue up with the data centre to determine the cause of the delay and to ensure that it doesn’t happen again.

Other services on the server — email, nameservers, FTP and databases — were not affected by the outage.