Greetings. If you are reading this, most likely you have received a notice regarding a spike in network activity on your (mt) Media Temple service. When network overuse is detected, our system will shutdown your VPS (virtual private server) to curtail the overuse of resources.
Please note: We want your service to be back online and functioning in a healthy manner ASAP. In this brief article, we will cover important information to help you understand and resolve any outstanding issues.
Wait... My server is down? Why?
Our network monitoring observed your service surpassing the PPS (packets per second) or BPS (bytes per second) thresholds. Oftentimes, this type of behavior is indicative of a server compromise or a DDoS attack. To keep your service secure and avoid unnecessary bandwidth overages on your account, we have automatically stopped your container.
Is my server compromised?
It is not likely, but it is possible. Non-secure web scripts or a compromised system user account could allow an intruder to gain access to your server, which could result in illegitimate network activity. Please see the following articles for more information:
How can I determine if my DV has been compromised?
Working with a hacked or compromised server
What is a DDoS?
DDoS stands for "Distributed Denial of Service" and is a common method used by attackers trying to take down a website or server. A DDoS attack focuses a large amount of network requests from a widespread array of remote machines with the goal of overwhelming the network capabilities of your server.
What do I do now?
To help you determine the cause of this event, we have captured a "process list" as well as a snapshot of the network connections that were present during the time of the usage spike. This information has been saved in the /root/ directory on your server. You will have to log into the server as the root user to access the data. Click here for more instructions on that.
Can I start my server?
In most cases, you should be able to start your server by using the "Reboot Server" option in the Account Center or by using the controls in the Parallels Power Panel. For help rebooting your server, click here. However, if your server has become compromised, this may prevent you from being able to start the server. Such scenarios are rare, but they typically involve more complexity.
What if my server won't start?
If you are unable start your server, you may need to enable "Repair Mode" to try to identify and fix the problem. It is also possible that you may need to revert your server to default settings. Or, you may need to restore to a previous backup.
Even more information on repairing and/or reverting your server can be found here.
If you would like to restore to a previous backup, please file a "Restoration Request". Instructions on that can be found here.
Can I get a higher data threshold?
The standard thresholds we provide are very high. For the vast majority of workloads, even in high-traffic or high-concurrency situations, these limits will suffice. Raising the limit is reserved as a last resort. However, we are generally quite understanding and can accommodate exceptions to the standard limits if you are able to demonstrate that the high usage is a legitimate traffic pattern. Even in such cases, we reserve the option to stop any service if it poses a threat to the overall stability and performance of our network.
What if I still have questions?
Your best bet is to respond to the initial notice from the Account Center. Alternatively, you may open a support chat for live assistance from one of our helpful support agents. If you prefer the phone, you may reach us at (310) 841-5500. We are here around the clock to assist you.