Mon Sep 24 11:15:08 PDT 2001 — Our Domain Name Registration Tool will be taken offline for the following registry imposed maintenance window:
Date: Sunday, September 30, 2001 (GMT) Saturday, September 29, 2001 (EDT)
Time: 0100 hrs – 0500 hrs GMT 2100 hrs – 0100 hrs EDT
This maintenance window has been set by the gTLD registry operator, and will affect all ICANN accredited registrars equally.
We apologize for any inconvenience this may cause you. -Chuckc
Mon Sep 24 13:11:20 PDT 2001 — Our Santa Rosa dialup pool 522-1003 had experienced the dreaded ‘All Circuits Are Busy’ error. This was brief and was corrected by a reboot of one of our remote access servers. -Steve
Fri Sep 21 15:32:17 PDT 2001 — We are currently beta testing our new email filtering software. The new software enables our customers to opt in or out of each of our anti SPAM and virus filters. It will also support customer maintained white and blacklists and stronger content based filters to block adult email. Initially customers will only be able to turn off all email filtering but we hope to have finer controls enabled soon. The new software also enables POP before SMTP relay authentication which allows customers from off of our network to send mail through our outbound mail servers. If you have any questions please post them to news:sonic.net Ultra, one of the four load balanced mail servers, is running the new software now. Unfortunately, due to a small typo in the default SPAM filtering options, we applied ORBS DNS based black-listing to all mail that was received by ultra between 1:30pm and 2:40pm. We deeply regret this error due to the controversial nature of the ORBx lists and do not ever intend to enable any of them by default. -Russ, Kelsey and Dane
Thu Sep 20 11:33:43 PDT 2001 — Over the course of the next few days, we are going to be pro-actively looking for customer machines that have been affected by the Nimda worm. This will take the form of several port scans per day, and we will be contacting infected customers. — Eli, ScottR
Thu Sep 20 01:03:47 PDT 2001 — Timber and its services have been restored. We were able to restore about half of the customer databases from a backup taken shortly before the RAID failed and were able to restore the rest from tape. However, updates that have been made to a database over the past few days may have been lost and may need to be reentered. The MySQL databases are now stored on the NetApps and MySQL has been upgraded to the latest stable version. This configuration has been working very well for us on our internal MySQL server. MySQL customers will receive an email detailing the events and the steps that we’re taking to prevent the same kind of failures from happening again.
We’ve also been able to restore all of the Urchin webstats from tape. The only data that was totally lost was our archived raw weblogs. We cannot currently provide access to the raw weblogs but should have them back online either later today, Thursday, or Friday, on the new log processing box which is nearly ready for deployment. -Kelsey
Wed Sep 19 18:42:35 PDT 2001 — Timber, our public MySQL server and weblog processing box has experienced a catastrophic RAID failure. We had scheduled maintenance tonight to replace the degraded array with an NFS export on the NetApps but, the RAID decided to fail altogether before it was obsolete. We are working to bring the server back online now. Once the server is back online we will be able to assess the damage to the MySQL databases which we hope can be restored and migrated to the NetApps as planned. At this moment we are not sure how long it will take to restore public SQL services. – Kelsey, Russ, Scott and Matt
Tue Sep 18 09:15:36 PDT 2001 — We’re having some network issues which are intermittently affecting mail and web services right now. We’re working to isolate and resolve the trouble.
This appears to be related to a new worm infecting Microsoft systems; we’re rejecting thousands of attempts from our servers, which seems to be the result this potential worm.
Update: Our load balancing systems are being impacted by what appears to be the new W32.Nimda.A@mm virus/worm. For more information, see:
www.sarc.com/avcenter/venc/data/w32.nimda.a@mm.html
We’re currently attempting to find a way to deflect the tens of thousands of worm connections that we’re getting to keep our servers and load balancing systems stable.
Update: A number of infected customers systems are spreading this virus actively, and we’ve taken some customers offline. Currently, Covad customers are down, plus a few PacBell DSL customers.
Update: Covad customers as a group were down for about five minutes while we regained control of our router. Currently, we’ve got a customer or two on wireless, DSL, T1 or Covad offline due to infection of their systems. We’re working with these customers to clean up their systems.
All Sonic.net services, including mail, web, news and Internet access are normal at this time, but we are seeing some traffic load due to this worm/virus.
Update: We’re seeing ongoing intermittent performance of outgoing email servers at this time. We’re working to stabilize the systems under the heavy load. If you fail to send mail, wait a moment and try again. -Dane, Matt, Steve, Kelsey, Scott and Eli
Tue Sep 18 15:55:17 PDT 2001 — W32.Nimda.A@mm virus/worm. We’re currently seeing no impact from this virus/worm that end users will notice, but it is busy attempting to spread itself on the Internet. Currently, almost 70% of the hits on our web server are by infected hosts attempting to spread the infection. Our load balanced array of web servers is holding up well.
We recommend firewall software for all Internet connected systems. We recommend the award winning “Zone Alarm” software firewall product. To purchase, visit the following URL:
click.linksynergy.com/fs-bin/stat?id=4C5jZbAZBys&offerid=26986&type=3&subid=0
This new worm/virus is unique because it uses many methods to attempt to spread itself. Like “Code Red”, it spreads to un-patched Microsoft IIS servers. Sonic.net does not use Microsoft operating systems, and is currently working to notify our customers if they become infected. Note that the vulnerability in IIS which the new “Nimda” worm uses was patched in October of 2000, almost a year ago, so any customers hosting IIS machines which are up to date have not been infected.
Nimda also uses email to spread, taking the form of a “readme.exe” or “readme.eml” file. Sonic.net is filtering for emails containing these viruses, so it should never end up in your mailbox. If you do receive a suspicious attachment, please do NOT open it, instead forward it over to support@sonic.net. It’s possible for viruses to change over time, and we may need to update our filters.
The virus also uses shared Windows filesystems to spread itself – you should not share your filesystems with any systems you do not trust and which you do not know are secure.
Please post to news:sonic.net if you have any questions or comments about this new virus/worm.
-Dane, Kelsey, Eli, Russ, Scott, Steve, Chris and Matt
Mon Sep 17 17:29:31 PDT 2001 — Quota changes. Effective October 1st, we’re making some changes to disk and bandwidth quotas.
The disk quota is being upgraded to 80 megabytes per account or hosting service. This means that a basic account includes 80 megabytes, and each multihomed “virtual server” website hosted on that account increases the quota by 80 megabytes. You may also purchase additional blocks of 80 megabytes of storage for $10 per month if you need more space. The disk space quota includes all data housed at Sonic.net, including web, ftp, mail and home directory space. It does not apply to data you download to your PC.
The bandwidth quota is being changed to one gigabyte per month per account or hosting service. As above, each hosting service on an account increases this quota by one gigabyte. Usage during the month that is trending above the quota (that is, is projected to exceed the quota by the end of the month based upon the current portion of the month which has passed) will generate a warning email, and additional usage beyond the quota will be billed at $15 per gigabyte. The bandwidth quota includes bandwidth used for content you host here at Sonic.net, including web, ftp and multimedia. It does not apply to content you download to your PC.
Both of these quotas are applied across all of your sites as a group, so you receive significant benefit if you have multiple sites hosted on your Sonic.net account. For example, if you hosted two multihomed sites here, your disk quota would be 240 megabytes, and your bandwidth quota three gigabytes per month, but it’s not required that either of these resources be used equally by the sites. This means that if you have one site that’s more popular or larger, it receives the benefit of the leftover quota for the smaller or less popular sites.
If you have any questions about the changes to the quota structure, please post to news:sonic.help.www or email support@sonic.net -Dane
Wed Sep 12 12:46:06 PDT 2001 — Sonic.net New York customers affected. Customers using Sonic.net MegaPOP dial-up numbers in New York, New Jersey, Connecticut, Syracuse and Buffalo are experiencing busy signals and operator error messages as a result of Tuesdays tragedy.
The POP experienced a power failure and because of the close proximity to the current events in New York no maintenance personnel are allowed access to the building to perform the repairs. We will post updates as we receive them. -Matt