Clustered website hosting is a type of hosting which involves multiple servers for the same task, and is generally seen as a more reliable type of hosting over standard shared website hosting. With clustered web hosting, all website services are ‘load balanced’ across multiple servers to ensure that the best redundancy possible is achieved; security resources and other standard features are also spread across multiple servers. No human interaction is required for the clustered hosting system to work; this is because most clustered hosting platforms are data driven in some way or another. Most clustered hosting services suffer no downtime because if one server within the cluster fails, there is multiple servers to take over its role; if downtime is ever experienced with clustered website hosting, the reason is normally because there has been a major problem with either the power or the network at the data centre in which the clustered setup - although both instances of fault are very rare. Most clustered setups are normally continually monitored, so if a server does happen to malfunction or face an error of sorts, an on-site network team or support team from the web host will be quickly dispatched to ensure that the problem is fixed quickly and effectively; there are also normally automated systems in place to ensure that the cluster isn’t affected if it is missing a server or two, but in most cases the end-users will not see any problems. Clustered hosting is seen as a solution for businesses and large corporations who require an update percentage which is near to or equals to 100%; this is because although clustered hosting does come at a cost, it is one that is cheaper than a dedicated server - one other thing to note is that the reliability of dedicated servers is not as good as clustered hosting, although some individuals think the opposite.

Virtualization

Clustered hosting could also be seen as a type of virtual website hosting; this is because the actual system is in a sense ‘virtualized’ because of the number of servers that are clustered together. To ensure reliability, and to allow clustered website hosting to achieve its job, websites and services related to the hosted websites are always spread across multiple servers; the systems are ‘load balanced’ to ensure that websites are always available since load balancing makes the use of the server which is being used at the given time of the request for any service - it goes one step further from redundancy since normal redundancy just makes the use of several servers, but does not spread the information out to ensure the maximum reliability is achieved. An example of load balancing would be an end user requesting a page on a website which is hosted on a clustered hosting service; all the web servers within the cluster are too busy serving other websites, so the user is served the web page from a server which is currently free and not serving too many visitors, it also has a low CPU usage at this point because it is not being utilized much. Some web hosts allow you to purchase power for your website; what is meant by power is ‘CPU’ or ‘RAM’, this is because a clustered server pool is a more or less infinite source of resources, and is perfect if you are unable to afford a dedicated server which can match the specifications and reliability of clustered website hosting.

Security

With standard shared website hosting, the security which is provided on both the hosting node and the network is pretty poor when compared to that of a standard clustered website hosting network. In most cases, a standard shared hosting network incorporates a basic hardware firewall as the main line of security to keep a number of server secure; after that layer of security it is then down to security software installed on the servers to fight back any attack or to stop any intruder from accessing the server and compromising any information that it hosts. With a clustered hosting network, the security is normally much more stronger as a series of hardware firewalls as well as redundant proxy, routing and switching technology to ensure that the network is both fast and secure; intelligent routing can help load balance information across multiple servers, along with the use of VPNs and proxies the intelligent routing is also able to bind more than one server to just one IP address to ensure that if one server on one IP does go down, there is a number of other servers to take over its role. This type of network architecture can benefit both the servers and their users / websites that they host during a DDos attack; this is because the attack is being dispersed amongst a large pool of servers in which it is having no effect, when the attack is aimed at one piece of equipment, that piece autmatically stops serving traffic because it is unable to take the strain.

High Availability Cluster

A high availability cluster is one that makes use of several physical hosting nodes with a goal of achieving a reliable network for a certain service which it has been built to host. High availability clusters are normally deployed for things such as file sharing, business class enterprises, customer services (specifically e-commerce websites) and mission-critical databases; all these types of business related IT activities are of the utmost importance for some companies and it is important that the information for them can be accessed when needed, this is the reason for deploying a high availability cluster to host them - albeit at a high cost. The automation processes involved are fairly complicated; nodes have the ability to start services on each other if the service concerned has gone down on another node - they can also carry out the appropriate processes automatically in order to start a service if needed, such as the importing and mounting of file systems. However ‘good’ this high availability may seem, the automation processes involved in it can easily cause problems; for example if the private ‘heart beat’ connection between the nodes goes down, then each node could think that every other node is down when in fact they aren’t and lead to an instance of a service being started although that service is the responsibility of another node - this could lead to data corruption, or even worse: data loss. Implementations of high availability clusters are sometimes put in to increase the reliability of a regular cluster; via the use of things such as storage area networks (SANs) and the erradication of single points of failure; multiple network connections are also used to ensure that there is always at least one connection route available, even if one does fail. Most nodes take advantage of a number of technologies to ensure that they can provide the utmost best reliability. Hard disk wise, they take advantage of disk mirroring meaning that if one internal disk does fail, another internal disk which is a mirror of the main one can take over to ensure that the server carries on running - the technical term for this is RAID (’Redudant Arrays of Inexpensive Disks’). Redundant network connections are also utilized to ensure that if one switch or network interface card fails, there will be another one network switch or network interface card available to ensure that the node stays connected to both the network and the internet. Most of the storage on a clustered network is taken care of by networked storage devices; multiple connections to the storage area network are also used to ensure that files can always be accessed. Multiple power connections are also available for servers via the use of UPS and diesel generators which can be used in the event of a power outage of sorts. The use of multiple connections and other devices ensures that even in the event of connections going because of a fault, the cluster will still be able to operate.

VPS stands for ‘virtual private server’ and is a type of hosting that can be categorized under both shared and dedicated hosting. VPS hosting works by splitting the resources of a physical hosting node amongst VPS; the number of VPS which you can fit on a node is dependent on the node’s resources. The result of the resource splitting is several VPS which have their own dedicated environment; all VPS have a guaranteed amount of RAM, disk space and bandwidth, but the CPU is shared amongst the VPS on the node. VPS are seen as the fill in for the gap between standard shared hosting, and dedicated servers; this is book you are given your own dedicated environment as you are with a dedicated server, but the CPU is shared with other users who are on the same node as you. Also, VPS packages tend to be a bit more expensive than a standard shared hosting package, but less than a dedicated server. With most VPS servers, you are able to choose any operating system that you want to use; in some cases you are also able to choose the size of the data pipe that you want to use, but options such as the amount of RAM and disk space assigned to you cannot be changed meaning that if you want more, your only choice it to upgrade to the next package. If you are on a shared hosting package, but your needs point more towards a dedicated server, but don’t have the funds then a VPS might be what you need; VPS are currently available mainly on Linux and Windows platforms.

Operating System Choices

With a VPS, you are limited to your choice of OS by the OS that the node is running; for example, if you have a VPS on a node which is running Windows Server 2003, you can only have Windows Server 2003 as your operating system, and if you have a VPS on a node which is running Linux then you can only have a Linux distribution as your OS. Most hosts allow you to install what OS you want, since you are normally provided with a control panel which you can use to reload your VPS to any operating system template which is in the host’s system; however, most hosts do not allow the reloading of Windows servers since it must be done manually by the host themselves. The use for your VPS should always be reflected in the choice of OS; for example if you want to host an ASP.NET web application, you should choose a Windows VPS, and if you want to host a PHP/MySQL based web application, you should go for a Linux based VPS. Your choice of operating system might also be affected by the specs of your VPS; for example if you have a VPS which is meant to be Windows based that only has 64mb RAM, then you won’t be able to run Windows since the minimum RAM requirement for Windows Server 2003 is 128mb.

Resources

All VPS are allocated a certain amount of RAM, disk space and bandwidth. RAM comes in two different types within VPS - guaranteed and burst; guaranteed RAM is the RAM which is uniquely assigned to your VPS and cannot be used by anyone else and is always there for you, burst RAM is RAM that is shared amongst all the VPS on a node and is utilized by a VPS when it runs out of guaranteed RAM. VPS which hog the guaranteed RAM or who carry on using it for a long time at the expense of other users may be shut down by the VPS software, or might just crash themselves. Disk space which is assigned to a VPS is exclusive and can only be used by the VPS to which it has been assigned. Bandwidth that is assigned to a VPS is again, exclusive meaning that it can’t be used by any other VPS hosted on the same node; most hosts allow you to purchase extra bandwidth, but it is quite expensive since it is a treasured resource. The CPU on a host node is not split amongst VPS like other resources; it is instead left how it is so that the VPS can use as much of it or as little of it as they want - VPS which use too much of it will be shut down automatically by the VPS daemon.

Uses

Due to the fact that VPS are somewhat ‘isolated’ environments on the physical node, they are commonly used for testing (sometimes known as sandboxes) for applications, so that if any problems are found they don’t harm the main node. Due to the fact that you have your own dedicated environment, you are able to install most programs of your choice, however this may be dependent on the resource specifications of your VPS; some software such as firewalls and anti-virus clients don’t run well within a virtual environment. Unsurprising, the virtualization software itself doesn’t run well within a virtual environment itself; for example, some people have tried without success to create VPS within a VPS - the main let down being that the performance decreases as you go through virtualization layers. VPS servers are sometimes referred to honeypots - the term that is given to the action of running a piece of software with known security flaws; these are run within VPS environments since if there are any problems with the software, then the host node is unlikely to be damaged.

VPS Software

All VPS need virtualization software to run them - this software can either come at a very high price or cost nothing at all. The main pieces of virtualization software that are run by web hosts are Virtuozzo by SWSoft which can run on both Linux and Windows, but comes at a high price tag, and OpenVZ which is an open source alternative to Virtuozzo for Linux, and costs nothing. Another solution which is used by large corporations as well as home users is VMWare, which is available for Linux, Mac and Windows and allows you to create multiple virtual environments from your desktop.

TRACERT

Traceroute is a small program that follows the route a packet takes from your computer to any Internet host. As it moves, or “hops” (some folks also prefer to call it a “hub”) from one router to the next along the network path, it measures the time taken for the data packet to traverse between your computer and that particular hop in milliseconds. Traceroute works by sending out packets in an incremental order to the Time To Live (TTL). This counter, which is present on every single IP packet is then decreased by each router that touches the packet, and the packet is then rejected when the counter reaches zero (0). This counter is used to stop packets from being forwarded infinitely in a routing loop. When the counter gets to 0, the router sends a TTL Exceeded message back to the source IP so that the station knows packets are being rejected. A traceroute looks for those responses and uses it to build the list of hops it displays, with the 3 numbers you see being the return results from 3 test packets sent for each TTL. Generally, a traceroute report shows the website’s name and IP address of each hop, plus three samples of the time, measured in milliseconds, it took to reach that hop and get a response. It also counts the number of hops between your computer and the host you are tracing to. Each hop is displayed on its own numbered line.

Steps for windows are as follows.

(a) Click on “Start”, then “Run”

(b) In the text box you see type “cmd”. Click on “ok” when done.

(c) In the command prompt, type tracert yourdomainname.com

(d) Press enter.

On a Linux machine, the command is traceroute domainname.com

Lets look at a sample traceroute report

traceroute to google.com (64.233.187.99), 30 hops max, 38 byte packets

1 OVZ5 (**.***.***.***) 0.050 ms 0.034 ms 0.031 ms

2 ge-3-43_ge-3-46.lion.bsh.mhd.as29131.net ( **.***.***.***)) 0.708 ms 0.660 ms 0.659 ms

3 10ge-1-4.tiger.thn.lon.as29131.net (**.***.***.***)) 1.896 ms 1.563 ms 1.490 ms

4 78-33-11-213.no-dns-yet.enta.net (78.33.11.213) 1.260 ms 1.219 ms 1.180 ms

5 72.14.198.46 (72.14.198.46) 72.068 ms 1.204 ms 1.270 ms

6 209.85.252.40 (209.85.252.40) 1.370 ms 1.339 ms 209.85.252.42 (209.85.252.42) 1.264 ms

7 72.14.238.248 (72.14.238.248) 1.549 ms 72.14.236.216 (72.14.236.216) 69.104 ms 69.812 ms MPLS Label=126510 CoS=5 TTL=1 S=0

8 66.249.94.235 (66.249.94.235) 101.951 ms 89.042 ms 209.85.252.166 (209.85.252.166) 89.360 ms MPLS Label=382031 CoS=5 TTL=1 S=0

9 66.249.94.235 (66.249.94.235) 89.057 ms 72.14.238.138 (72.14.238.138) 86.629 ms 86.582 ms

10 72.14.236.15 (72.14.236.15) 88.120 ms 88.108 ms 72.14.238.138 (72.14.238.138) 104.223 ms MPLS Label=674605 CoS=5 TTL=1 S=0

11 216.239.49.222 (216.239.49.222) 99.338 ms 216.239.49.226 (216.239.49.226) 95.546 ms 95.031 ms

12 jc-in-f99.google.com (64.233.187.99) 88.383 ms 88.245 ms 64.233.174.117 (64.233.174.117) 95.398 ms

The above output indicates that it took twelve hops to reach the website www.google.com.

When using traceroute, examine each line of data. If the report indicates that all hops after a certain point are taking 200 or more milliseconds to complete, that point on the network path is likely experiencing congestion problems that are creating high latency. However, it is not unusual for some hops to show high latency values, yet not be experiencing any problems. Several traceroutes in a row must be run in order to accurately show the condition of the network.

8 * * *

9 * * *

10 * * *

11 * * *

12 * * *

If a sample could not be taken at all, traceroute will show an asterisk. If all hops beyond a certain point show only asterisks, then there may be an outage at that location. Note that some routers are programmed to block IP packets originating from traceroute utilities, so they will always show an asterisk. Traceroute may or may not be able to trace past that point, but this in itself does not indicate a problem.

If you do have a very high millisecond rate between each hop or if samples cannot be collected because of which the traceroute times out, then contact technical support for help.

Sometimes actions performed by the attacker on the server may affect its functionality. So its always advisable to check server’s security to avoid attack on the server. Always check the resources of server which might be affected.

You can check the CPU usage by firing top command and look for the application or scripts that consume your CPU

For strange processes you can check with ps -awux command.

Check /tmp directory and /var/tmp directory for scripts and binaries copied there.

The attacker might use the server to host IRC bot like psybnc or eggdrop which connects to port 6667 when a server is compromised . You can if any of your applications connect to that port with sockstat:

#sockstat | grep 6667

If there’s not much traffic on your server you could use netstat command to see if suspect connections are made.

#netstat -a

Install and run regularly an rootkit finder application (for e.g /usr/ports/security/rkhunter).

Look for the other open ports that you run other than the ones you use for your running services.

Every computer which accesses the internet or is connected to a network uses ports to communicate. Ports are almost like individual conversations going on over the same telephone line but which each port talking about a different thing. For example, every time you access a website using http, the chances are you’ll be using port 80. For other protocols such as ftp (file transfer) different ports are used, in this case port 21. Email, secure connections, streaming etc. all use different ports which helps control the flow of data and filter desired information from undesired.

Now for many people, you never see or need to know that your computer is doing this automatically. However in some special cases, a program wants to use an unusual port number and if you have a firewall installed, it may be set to block the port, preventing the program from communicating. You may get pop-up windows telling you about the request but you may not so if a program tries to communicate across a network or the internet and  fails, it could be worth trying it without your firewall turned on to see if that is the problem. If it is, you can set up rules to allow that program access.

There are two key types of firewall: hardware and software based. Hardware firewalls are often built into routers or similar (you can often change the port you access your router admin on and use the address http://routerip:portnumber) and are generally more of an outer barrier preventing any obvious attacks on a system. These can sometimes cause problems but it is more often than not the software firewall will be blocking a connection and will need to be configured. Software firewalls are generally more configurable and allow you to choose which programs can access the internet or network and individual ports can often be opened (you will be able to find out which ports certain programs need by using a search engine) or closed down as necessary. Generally software firewalls have more flexibility than hardware based and have the advantage that they go with you wherever your computer is.

The need for a firewall more than anything is to only allow desired programs and information to be sent from your computer. Hackers and malicious code can exploit security holes in a firewall allowing data to be sent. Port scans often detect weaknesses and firewalls help to identify and protect against these. Hardware firewalls are particularly effective for this. Software firewalls will often alert you if a program wants to access the internet so if it is one you don’t recognise, don’t allow it. You can the investigate it further and if it turns out to be malicious, antivirus or anti-spyware software will help to remove it.

As a firewall is there for security, use it wisely and only have the ports open you need. If you’re not sure what a program is, deny it access and investigate. You can always change it later!

a) Using the IP address: this is the best way to access the domain names. Instead of the domain name, you can directly use the IP address of the website. To find the IP address of a site, you can use this tool:
hcidata.co.uk/host2ip.htm

b) Using the Google Cache: if you are not concerned about the latest content of the website, then Google cache is the best method. Search for the site in Google and then click on the cached link below search results.

c) Using an anonymizer: these allow you to use their sites/servers to access websites which may be blocked/banned at the user’s end. The following is a list of free web based anonymizers:
-proxify.com: This is one of the best free servers which hides original URL and provides an array of access of options.
-blockstop.net: New site
-anonymouse.org/anonwww.html- URL is seen in this site but it may get blocked by the filtering software.

d) Online translation tools: these are basically web proxies, the following is a list of free web based translation services:
- world.altavista.com:
-google.com/translate_t

e) Google Mobile Search:
-google.com/xhtml

f) Public proxy servers: although these require you to change your internet connection settings, the end result is quite effective; the following is a list of free public proxy servers:
-publicproxyservers.com/page1.html

g) Getting web pages through email: this is only useful if you want to access one website, however, accessing large files is not at all possible.
-Check out this link which includes we page subscriptions :
web2mail.com/lite/welcome.php
-List of Servers:expita.com/servers.html

h) Tor server: Tor is a proxy server which uses anonymous servers for a single web request. It requires application which should be installed and downloaded. See the link-
-tor.eff.org/download.html.en

i)Your own proxy servers: this is the best and most advanced technique which requires your server to be hosted either at home or with a hosting provider. You can enable SSl encryption and can prevent unauthorised access by others on the internet.
Remember to put access control so that no one can find the service and misuse it.
Web proxies:
-apache.org/docs/1.3/mod/mod_proxy.html
-privoxy.org
-whitefyre.com/poxy/

j) Using alternate content providers- if Gmail is blocked at your place you can use any other mail address to enable email forward at Gmail. If everything fails then use alternate service providers.