Icheb’s weblog

Some time ago, I noticed some kind of promotional thingy on digg.com about Dreamhost.com, and how great it was.
Well, with nothing to loose, I ordered the promotional webhosting package (to compare it to the stuff my own company gives the customers).

I ordered the ‘Crazy domain insane’ package, with 200 GB space, and 2 TB traffic. Which was supposed to be for $190.80 (for 2 years), but due to a coupon code, I was able to get this reduced with another $70 or something.

It sounded too good to be true. Well it was (and is).

Is it really crap?
First of all, they provide SSH access, nice and all, but you can clearly see the domain names of other customers, so you aren’t chrooted.
Note that I didn’t continue to ‘penetrate’ their security much further, as I don’t want to be suspended.

But allowing all users to work in a non-chrooted environment with ssh access is really the best way to go as a budget webhosting provider! (NOT)
Secondly, I know when someone logs in, as the ‘last’ command displays all output (ftp / ssh) for opened sessions.
Furthermore, the load is always above 3.something for the server I’m on. Even when it’s freakin’ midnight in the USA.

07:49:58 up 2 days, 21:24, 3 users, load average: 6.77, 6.80, 7.29

Oh and yeah, I can see the IP addresses of others with the ‘last’ command.

Benchmarking budget webhosting
Well, some time after I got the account, a friend asked me if I could sponsor him a few 100 GB’s of traffic on my own company’s hosting platform. Well, after thinking about it, it was a nice test for this account. So after some time, he linked his site nfshome.com to have all the demo’s retrieved from my site (icheb.nl).
After a while, everyone started getting 503 messages from Apache (’service temporarily unavailable’), so I mailed Dreamhost.com.
It appeared my site was maxing out their capabilities (at less than 1 TB of traffic per month).
So they increased the available resources to the site. (Thanks Javier :))

But 2 months later, after trying to deploy some test script, I made a mistake.
I accidentally used the wrong php-cli binary, effectively using almost all the resources the server had to offer (side effect of that program with PHP 4). So my account got suspended with the following message:

Hello,

We have turned off your website icheb.nl due to resourse usage, your user
account is at 1934.05cp when an avaerage user is around .1 thats less
then one, your using 49.00% of the whole server, this is not acceptible.
I see that most of the traffic is going to

GET /mirrors/nfshome/nfsmwdemo.exe

Remove this file as you are not permitted to offer the Need for Speed:
Most Wanted demo on our server to distribute. These servers are note made
for this, if you wanted to do this you would have to get a dedicated
server

You will need to contact us to let us know that you have removed it and
all other files like it before we will turn the site back on.

Thanks!

Javier

So, I guess hosting a few demo’s of games requires an dedicated server. Even when you’re buying enough bandwidth.
My reply was as follows:

Hello Javier,

I’ve taken the PHP-CLI script possibly causing the problem offline.
The PHP-CLI script in question requires more uptime to function correctly, it failed horribly with the power outage downtime / maintenance.

The nfsmwdemo.exe file isn’t something I’d like to take offline, as this is *not* using PHP.
Furthermore, the Dreamhost TOS doesn’t say anything about not being allowed to mirror / host demo’s.
I mostly hate this because the site was taken offline without contacting me first, which at this time is causing problems for some open source projects as well.

Dreamhost offers 2352 GB of traffic at this time, on a monthly basis, which is something, at least the first 2000 GB, I paid for. At least, that was the general intention.
Furthermore, in the last few days most stuff on the server is very slow, and the load seems a bit high. A load avarage of ‘load average: 11.72, 11.66, 13.46′ is quite about what a server with just two processors should have…

So, to clarify, I do not want to remove the .exe, however, the php-cli application causing the problem is no longer online. I actually do know what caused the problem. It tends to use a lot of cpu when started in php 4, but works nicely in php 5…

Wanting to sell me a dedicated server, just to host something taking less than 60% of the traffic limit, is just insane; how are your customers ever going to even reach the traffic limit, if that’s made impossible?
Just to clarify a few points; I own a webhosting company in my country, and am just using Dreamhosts services for some personal stuff… So I know what I’m talking about. A dedicated server based on the amount of traffic caused by one file is totally insane…

I hope we can get this problem out of the world, as the php-cli script causing the problem has been ‘disabled’, so to say.

With regards,
Icheb

Half a day later, the account was back online and I even got apologies (”I’m very sorry for the confusion, but as long as that file isn’t copyrighted then you’re free to host it with us if you need to.”), furthermore ‘Mike S’ agreed with me the load was a bit highish, and they would take care of it. Which later resulted in a bit more normal load, or at least something the server could technically handle.

Two months later, there was another problem, this time Apache wasn’t ‘balanced’ anymore, so it could not handle the requests. Whatever they did helped, and my site was available again.

But today, I received:

Hello,

I had to place a throttle on your domain icheb.nl due to the very large
number of hits it was recieving, effectively crashing the webserver.

James

So, what I think about it?
Well, > 70% of the requests to icheb.nl now receive a nice 503 error from Apache (it took me more than 20 tries to get into my own freakin’ site stats!!). Nice and all, but ehm, I’m still below 1.5 TB of the 2.2TB I’m able to use.

So what’s the big problem?
Well, Dreamhosts effectively seems to disable sites that do more traffic than they want you to use. So offering 2 TB traffic (that 2000 GB traffic) is nice, but they are limiting you before you even get close to it.
The Need for Speed demo’s I host are quite large, so there only is disk activity and Apache activity, the mirror doesn’t use any PHP (yeah, it does do some php, but that’s handled by one of my own Dutch servers).

Furthermore, the speed is limited. Download speed to The Netherlands seems to be limited to some random value around 50 to 400 KB/sec. While writing this, I’ve enabled a download (www.icheb.nl/100mb.bin which is 100 mb of random data) to a dutch server (with 100 MBit connection to the Internet).
To prove something is wrong, I enabled two more downloads, one from another dutch datacenter & one from a school network I have a shell account on.
Below you can see the output of wget (Linux download tool), and the speed measured:
Dutch 100 Mbit connection:

–14:11:32– http://www.icheb.nl/100mb.bin
=> `/dev/null’
Resolving www.icheb.nl… 66.33.223.235
Connecting to www.icheb.nl[66.33.223.235]:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 104,857,600 [application/octet-stream]

100%[====================================================>] 104,857,600 67.18K/s ETA 00:00

14:35:26 (71.43 KB/s) - `/dev/null’ saved [104857600/104857600]

So, that’s 71 kilobytes per second, not very much eh?

Other Dutch datacenter:

Resolving www.icheb.nl… 66.33.223.235
Connecting to www.icheb.nl|66.33.223.235|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 104,857,600 (100M) [application/octet-stream]

100%[=======================================================>] 104,857,600 65.31K/s ETA 00:00

16:52:14 (86.99 KB/s) - `/dev/null’ saved [104857600/104857600]

W00t, a whopping 86.99 kilobytes per second.
(Note, this is almost FIVE times as slow as the download of my ADSL connection)

The school network (at least 10 mbit):

Resolving www.icheb.nl… 66.33.223.235
Connecting to www.icheb.nl[66.33.223.235]:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 104,857,600 [application/octet-stream]

100%[====================================>] 104,857,600 57.48K/s ETA 00:00l

16:55:53 (77.11 KB/s) - `/dev/null’ saved [104857600/104857600]

This is more than FIVE and a half times as slow as my own ADSL download (I have 4 mbit).

My end conclusion
I think I have successfully proved Dreamhost is unable to give you what you buy, if you’re using more than 50% of what you buy. So they’re overselling, and people are just falling for it!.
Furthermore, their on server security is not 100% of what it should be.
I should not be able to see the domains of other users, or even their usernames. Example:

~$ ls -alh /home/rcc7369.wtf.22875/
total 40K
drwxr-sr-x 4 root staff 4.0K Oct 3 2006 .
drwxrwsr-x 454 root staff 28K May 4 04:03 ..
drwxr-sr-x 3 root staff 4.0K Oct 3 2006 XXXXXXXXXXX (removed by me).com
drwxr-sr-x 2 root staff 4.0K Oct 3 2006 ninjaweasel

I should not be able to see stuff like this:

~$ locate mysql.php
/home/rcc7369.wtf.22875/.com/home/mambots/content/geshi/geshi/mysql.php
/home/robotstephe.wtf.22203/.com/mambots/content/geshi/geshi/mysql.php
/home/swoleary.wtf.18742/.com/forum/db/mysql.php
/home/timesup.wtf.1954/.com/mambots/content/geshi/geshi/mysql.php

Furthermore, I’m even able to SEE the contents of the files locate give back!!!!
So, I can actually see files from other users. Granted, it depends on the chmod of a file (global read has to be on).

And yeah, they’re still running Linux kernel 2.4:
~$ uname -a
Linux willie 2.4.32-grsec+f6b+gr217+nfs+a32+fuse23+tg+++opt+c8+gr2b-v6.194 #1 SMP Tue Jun 6 15:52:09 PDT 2006 i686 GNU/Linux

But it isn’t a real issue, I too still have a few servers running on 2.4 (custom) kernels ;).

So, what the heck are these guys doing exactly?!!
Is this the way shared hosting is supposed to be done?

Note: I am not writing this just to be negative, but hopefully to allow people to realize it’s not wise to just go for the most cheapass hosting account they can find anywhere.
I hope someone at Dreamhost will take this seriously, and try to fix the problems. (And no, I don’t want my account to be suspended, I was planning to post an Asterisk howto today, but the flash movie is hosted at icheb.nl, so I don’t want to that yet…)

---

Edit:
I’ve had to disable some parts of icheb.nl, to get more critical parts working again. So all the disabled parts will now redirect here, until Dreamhost has resolved the problems. (Most likely the downloads won’t come back up, thank the perfect services of dreamhost for that:

Hello,

Unfortunately, we cannot allow one user to negatively effect the server
we offer other users. All bandwidth is not created equal. Even if you’re
not hitting your bandwidth limit, you can still cause problems.

We cannot allow you to effect other users, so if you plan on
maintaining this amount of traffic, you’ll need to move to a dedicated
server, as you would have outgrown shared hosting.

If you need anything else, please let us know.

Thanks!

Brian

Furthermore, please understand, I can’t just arrange it on another server, bandwidth in the Netherlands is too expensive for these mirrors at this time. Also, please don’t DDoS me for this… If you really want to DDoS anyone for not getting your downloads, please do that with dreamhost ;).