I thought I would put this piece together after seeing a couple of incidences over the last 2 months involving improper website monitoring, a critical and often overlooked part of a website’s operational well-being. With the ever increasing and somewhat obsession with cloud based hosting services, such as distributed load balancing and content delivery networks, you need to know how your site is functioning from more than just one point of reference.
You really need to ask yourself the following;
- Do you really know if your website is even up?
- Is it up from other locations around the globe?
- Is the webpage loading properly for all visitors?
- Is the performance acceptable from all locations?
- Is HTTPS functioning properly?
- There are more than a few organizations out there that think they have it covered but in actual fact they don’t, are not sure or are making some incorrect assumptions.
Here are 2 real world examples we have seen in the last 2 months with a couple of our customers.
Case 1 A very well established E-Commerce site
Our system alerted our operations center staff that a site was not serving up a customer’s e-commerce web pages properly, there were missing images and then eventually nothing was loading. We emailed the customer that their server was not responding; there was no response from the customer so we called the emergency contact we had on file that was not up to date, since they changed their phone number and did not update their new number with us.
When the customer finally responded to us they immediately contacted their hosting provider (a very large global Managed Hosting provider).
Here is a recap of the emails between the E-commerce website staff and their hosting provider
Website Techs: “Hello, my webserver has been down for many hours!”
Managed Hosting Provider: “We monitor the port and response of the Apache server and according to the monitoring the server never stopped responding.”
Website Techs: “If the server never stopped responding, why did DOSarrest’s monitoring show it as down 15 hours ago and why can I not load the site either?
Case 2 A fortune 100 company running many different websites representing all their different products they sell. Some of these sites are running on Akamai’s CDN. As far as I know Akamai does not provide any external monitoring service, so customers cannot see their website’s performance from a number of different locations around the globe. Instead customers are left to find a suitable 3rd party service for this function.
I’m not sure what this particular company was using to monitor their website’s availability but whatever it was, it was inadequate. Their main website was not using our DDoS Protection service, but was on our external website monitoring service called “DEMS”.
Our service alerted our SOC to numerous intermittent errors after which we emailed the customer to see if this was due to some ongoing maintenance. They replied “The site seems fine to us.” This went on for a number of days and I myself saw an alert and tried to pull up the URL in question in my browser, but it did not load. Again we emailed the customer who replied all is fine and they insisted there was no problem. We knew there was something going on and after further investigation it would appear that their monitoring was based on the US east coast and would not pick up a problem for Internet visitors from other regions. We are based on the west coast and monitor east and west USA as well as Europe.
Here’s the actual downtime as recorded by our service, there was approx. 100 different outages due to excessive load times, DNS changes and just no response after 25 seconds from one or more geographic regions.
If I found two cases in two months, how many others are there out there?!
At DOSarrest we knew this would be an important part of our operation given that we cache and any-cast our customers’ websites data over a number of globally distributed scrubbing centers. Using a third party to monitor all of our customer’s websites from a number of global locations was going to be cost prohibitive with prices ranging from $75.00-$300.00/month per URL. To accomplish our goal we set up a system completely outside of our DDoS Protection nodes, comprised of six sensors on six different network networks in six different locations. Our SOC, will know if any URL does not respond, responds slowly, has a DNS problem and even if there is a content change. This service is free for any DOSarrest customers subscribed to our DDoS Protection service or may be purchased as a stand alone product.
GM, DOSarrest Internet Security