Philipp Haidenbauer
Back to Blog

Servers and their Management

Inspired by @twizzle post of today and my comment under it, I thought I should take the comment and make it an own article.

As I am sure I have written in the past, I have a small hosting business running. It is nothing special, just a convenient way to keep freelance customers nearby by providing not only the development but also the hosting.

I own one root server where all customer stuff is on and one small VPS where I’m doing some experiments from time to time.

Back in the day, when my business partner and I decided, it would be better to have a powerful root server than more small VPSs or reseller things, so we could expand easily and keep the cost low.

Well, the server itself isn’t expensive (46,80€ per Month) and it has plenty of unspent resources (The hard disks are maybe a quarter full, the ram is not anywhere near a quarter usage and so is the CPU).

On top of the Server cost, is the cost for the Administration Interface we use (Plesk at 21,60€ per Month).

With the few paying customers we have, about half of the cost is paid. Which leaves me with 34,20€ per Month.

More customers would help to pay the whole server, but on the other side, something is bugging me the last days. What happens if something inside the Server broke?

Sure we have backups and all the stuff, but if the server would burn up in smoke, there would be a major downtime.

Also, the 34,20€ are without the hours I spend administrating the server. Although Plesk does a great job, sometimes things break and need to be fixed.

2020-04-24

But there is also another thing bothering me. A few days ago our server’s IP was blacklisted on a spam list.

I checked our logs and the reputation scores. Nothing to be found. Everything looked normal. Still, some larger corporation did decide to manually add us. At least a message one of our customers sent us showed that.

“This is the mail system of [our server]. I’m sorry […]. The email system [email system of the receiver] refused to talk to me […]; Your IP has been manually blacklisted”

I took the action to sign up for the feedback system of the receivers email system, only to find out that we aren’t on their blacklist. What?

After some research, I found out we aren’t the only once having this problem. There are stack overflow questions going years back, other forum entries and my articles.

All come to the conclusion that nobody knows why there were blacklisted and that sometimes they were removed from the blacklist after a few days. Then a few days later, again on the blacklist.

Many reported that the problem was fixed when they contacted the author of the blacklist. A few weeks later, they were blacklisted again.

I’m not sure how far I can trust the server message which says “manually blacklisted”. There is no proof that it wasn’t automation that added our IP. Nor is the proof that it was added manually.

If it was added manually, what was the intention behind it and why is it so hard to get off the list, if you didn’t do something wrong?

Only questions, no answers.

2020-04-27

A few days later, we still didn’t receive any emails on our new set up abuse Mail account. Time to think about the server change again.

I took a look at managed servers that our hosting provider has. With our current customer base, we could order one which would allow up to 15 unique customer sub-accounts.

The Server would save us about 20€ per month, so the change would be worth it. But there is one downside, we would need to move all customer accounts again.

EMails need to be synched, Websites and Databases transferred. An overseeable amount of work, but still there needs to be good planning so nothing can go wrong.

Nothing is worse than losing emails or Database data along the way. So over the next few days, I will create a plan to move customer after customer. I will start with my own stuff, as I don’t need constant uptime.

I also decided to ditch the Metamo (Piwik) statistic instance I have set up for some of the websites I manage. I never take a look at it, and if I can remove the cookie requirement on all pages, I don’t have to think about cookie consent stuff anymore.

I’ll keep you updated.

TBC