|A bandwidth-exceeding nightmare|
am I being paranoid?
| 12:53 am on Jul 5, 2005 (gmt 0)|
I was just checking out a web hosting company, and everything seemed great until we got to the small issue of what happens when one exceeds the monthly transfer limit. Apparently the only option available is that you get automatically upgraded to the next plan, and I suppose that if you exceed the bandwidth of the highest plan, you get charged an exorbitant amount per GB.
Ideally, I would just want my site to go offline if the monthly limit was ever exceeded. Is this that unusual an option? I certainly didn't think so!
The nightmare scenario, of course, is that some malicious user/program completely uses up the bandwidth within 24 hours. Now, I rarely go a day without checking emails, but there are stretches (like when I am away on holiday) where it does happen. So say I miss the first few email notifications, and by the time I return, I'm faced with a bill of hundreds of dollars?
How common are "attacks" of this type? Am I just being silly worrying about this? Or is it the site that's silly (for neglecting to implement straightforward safeguards like the one I mentioned)? Thanks in advance!
| 1:22 am on Jul 5, 2005 (gmt 0)|
Hello, Kuyler. Most hosts I've looked into have the option of shutting down the site untill the end of the month.
>some malicious user/program completely uses up the bandwidth within 24 hours.
It doesn't have to even be malicious. If you have a good site you could get slashdotted, for example. (slashdot.org has a huge number of viewers, and sites that get linked to experience a massive spike in traffic.)
| 2:09 am on Jul 5, 2005 (gmt 0)|
If you go offline it will be at the end of the month, around about the time that google will be indexing again.
Throw some more pennies at the site and upgrade your plan or get a better host.
| 2:15 am on Jul 5, 2005 (gmt 0)|
Having your site go offline is very unprofessional. Shop around for better providers.
Some ISP's are sticking to 90's-era bandwidth charges, which can be very expensive. OTOH, I am on a reasonably priced plan (in my opinion) that includes 1,000 gigabytes of bandwidth; very hard for a normal site to exceed that.
| 11:25 am on Jul 5, 2005 (gmt 0)|
Well, I understand it may be unprofessional to have the site go offline, but would rather that (or at least have the option of this) than have this "unlimited liability" hanging over my head. I mean, at the end of the day my monthly bandwidth (probably 100GB) really should be more than enough given the nature of my site. If it's somehow exceeded in a short space of time, all is probably not well anyway!
I'm wondering: what would you guys regard as the worst-case scenario I could realistically budget for in a short period of time? Purely from a malicious attack perspective? My site is fairly standard, no more than 50K per page I should think (and less if you consider caching of sidebars etc), say 350 pages max. Have any of you heard of DoS attacks that use up more than 70GB of bandwidth within 48 hours?
| 4:52 pm on Jul 5, 2005 (gmt 0)|
Bandwidth these days is plentiful and cheap, even on base hosting packages. My suggestion would be to shop around for a host and package that offers you a lot of bandwidth headroom and acceptable "overage terms". There are thousands of hosting companies that offer an excellent combination of bountiful bandwith and features - there is no reason you should have to "settle" for terms you are not happy with.
Major hosting providers that have solid track records offer deals like 100GB hosting plans for $20 / month. If you are running a medium sized site, it would be a challenge to chew through all of those gigs, even with spikes in traffic.
Although the concern may be warranted if there were previous attacks, having the site down for any duration of time is simply not an option. I think if you occasionally monitor your bandwidth usage stats you'll be fine.
| 7:17 pm on Jul 5, 2005 (gmt 0)|
I believe DOS attacks are designed to flood your server with requests faster than it can respond. I've never heard of an attack designed to eat bandwidth. Seems to me that an experimental or out-of-control bot is a more likely scenario.
Anyway if it's that big a concern then do a search for "unlimited bandwidth" and go from there.
| 9:13 pm on Jul 5, 2005 (gmt 0)|
"then do a search for "unlimited bandwidth" and go from there."
Or just save yourself the bother and realize that since bandwidth costs money, there's no such thing as unlimited bandwidth, in fact, that's a sure sign you're looking at a worthless hoster as far as I'm concerned, when you actually start using a decent amount of that bandwidth, you'll find yourself kicked off the server.
If for some weird reason somebody does decide to target your site, which is unlikely, most quality hosters, the kind that charge a modest fee if you exceed your alloted bandwidth, will work with you to resolve the issue.