[thelist] How can I avoid a hosting disaster and liability

Faust at wwa.com Faust at wwa.com
Thu Feb 21 12:52:02 CST 2002


Hello,

Last year I worked for a company that helped a client sell tickets for a
special event.  The company is no longer around, but the client wants me
to help them sell the tickets for the event this year.  So I am looking for
advice.  Here is the scoop.

Last Year's Setup
The tickets for the event were sold on-line for two months leading up to
the event.  During that time, there were about 10,000 transactions, most
of them occurring during the final two weeks.  A static site about the
event was hosted on a Linux box.  The e-commerce part was hosted on
two dedicated Windows 2000 servers managed by Globix (a mistake).
One was the web server with Coldfusion 4.5 and the other was the
database server with SQL-Server 7.0.  Credit card transactions were
handled by IONGate.  No credit card numbers were stored on our side.

Last Year's Problems
We got knocked off line by the Code Red virus and IONGate went down
a few days before the event.  Since the static site was hosted on a Linux
box, it remained up and we were able to update it to instruct people to
order by phone.  It was an awful mess, but we survived.

This Year
The company isn't around anymore and neither are the servers.  The
client trusts me to help them pull if off the same as last year minus the
Code Red virus.

My Thoughts
I have most of the code from last year and the blessings of the former
owner and investors to use it to help them out.  The code needs some
revisions, but it would be simpler to start from last year's code than to
start from scratch.  I don't think they want to pay for two dedicated
servers, so I would like to do this in a shared environment to cut costs.
For safety, I would like to run parallel systems so if one fails we can
switch to the other.  I would also like to figure out what to do in the event
IONGate falls off line again.

My Concerns
My personal site and regular e-mail has been down for over a day due to
a DOS attack against FeaturePrice.com.  I have only been with them a
few weeks.  I know of several other folks who have been having lots of
problems with hosts and periods of downtime that last more than a day
(Web2010, Interland, etc...).  So, while I am sure of my ability to get the
code up an running, I am very concerned about how to keep this thing
from going down.  I am a couple times bitten and thus pretty shy.

My Questions
Is it even safe to run something like this in a shared environment?
If so, do you have any suggestions?

Would a plan like Verio's VPS Solaris Standard be a good back up to the
Windows environment (not vulnerable to the same attacks)?  That would
require using either MySQL (doesn't support transaction processing) or
PostgreSQL (supports transaction processing, but I've never used it).

Should I use someone like UltraDNS so I can quickly switch servers if
one should go down?  (FeaturePrice.com also had it's DNS hacked.  So
now I am worried about that possibility).

Since I am not a company to which this project is being outsource, how
can I limit my liability if something like last year happens again?  I don't
stand to make enough money off of this to risk any kind of lawsuit or
even get lawyer's very involved.


TIA

Faust



More information about the thelist mailing list