Frequently Asked Questions
Here are some frequently asked questions potential members (and the public) often have about NearlyFreeSpeech.NET and our services. If you wish to restrict the list of FAQs to only those containing certain keywords, enter them below. Otherwise, all public FAQs will be displayed. (Our members have a much more detailed FAQ accessible via the member interface. Non-members can peek at that here.)
2 questions matched your search.
General Questions
General Answers
- What if my web site gets attacked?
This is a tough question. We do host websites that get attacked by a wide variety of different methods. However, the variety is so wide that there is no "typical" attack scenario or "average" outcome that we can offer as an example.
At any given time, our network is typically experiencing between zero and three denial-of-service (DOS) or distributed-denial-of-service (DDOS) attacks. Most are short, lasting only a few minutes or hours, but the longest lasted for over a month. Most are not service-disrupting, but occasionally they can render a member site inaccessible, and rarely, if they are significant enough, large-scale DDOS attacks can sometimes briefly disrupt our entire service. (This is equally true of all web hosts.)
To help protect our members' sites, we employ a large number of passive network features like connection filtering and firewalls. These are generally very effective against the everyday attacks we most frequently experience. When attacks go beyond the simple, an active response by NearlyFreeSpeech.NET personnel is typically required. Our active response to attacks on member sites (or on our service itself) is roughly proportional to the square of the disruption caused; our response escalates very quickly as attacks become more severe. Thanks to our long experience in the area, we have a wide arsenal of tools that can be dynamically employed or tuned to help mitigate serious attacks. We take keeping our members' sites online very seriously!
Having your site attacked does sometimes consume resources, e.g. bandwidth, that we charge for. The cost of such an attack depends on the type, scale, and duration of the attack, as well as in large part on your actions before and during the attack. Since these factors are not under our control, vary widely, and cannot be accurately predicted, we will not under any circumstances attempt to estimate what the financial implications of a hypothetical attack might be. If you want such an estimate, simply figure out the bandwidth that would be used based on the size of your site and the anticipated volume of requests.
However, since our service is paid in advance, you always have complete control over your maximum financial liability simply by controlling the balance of your account. If you feel your site is attack-prone and you are primarily concerned about costs, we encourage you to maintain a low account balance to limit your exposure. Then, if a situation arises, you will be able to make an informed decision about your best course of action before incurring any significant expenses. If you feel your site is attack-prone and you are primarily concerned about availability, we suggest that you maintain a larger account balance and customize our account balance warning feature to notify you if your expenses spike in an abnormal way.
Our service is based on personal responsibility. Although our TACOS ensure that you have broad discretion in choosing what to say on your site, if you choose to say something controversial then you must be prepared to be first in line to bear the consequences. We will not indemnify you or waive any costs you incur arising from an attack on a site you host; we are a hosting provider, not an insurance provider.
In all cases, if you are concerned about your site being attacked, you are your own first and best line of defense. You should design a site that is lightweight and fast-loading so that it remains available under heavy load and minimizes bandwidth cost.
If you run into a problem with someone attacking your site or trying to bleed your funds dry, please feel free to contact us. It is absolutely not our intention to sit back and laugh while someone drains your account, whether your site content provoked the attack or not. In some cases, we can block obvious troublemakers and certain types of attacks so they will not reach your site. But since you are the site operator, we will expect you to take all reasonable measures to protect yourself first. Example 1: If someone is posting rude comments on your forum site, you will need to use your forum's blocking features to handle it. Example 2: If someone writes a script to repeatedly download the largest static banner graphic on your site, we may be able to block their IP address for you.
With all that said, it's worth noting that most sites will never be attacked directly and have absolutely nothing to worry about in this area. Even given our libertarian TACOS, fewer than 0.1% of our hosted sites have ever been targeted by noteworthy attacks.
- What kind of uptime can I expect with NearlyFreeSpeech.NET?
It depends. (Of course.) The short answer is: Not only don't we know, we can't know. The long answer uses the word "however" a lot.
Shared hosting has a well-earned reputation for volatility. You're sharing resources with other people. Who knows what they or the visitors to their sites are about to do? However, the most common causes of downtime are specific to the affected site. An expired domain, runaway scripts, or running out of funds are much more likely to cause downtime than a service failure.
We find that when people ask about uptime, they expect a magic number with a certain quantity of nines in it. That number allegedly represents the fraction of the time our service is available. However, the availability of "the service" depends on the definition of "the service." We host a large number of sites and they don't all move in lock-step. One person's downtime might not affect anyone else.
It would be easy (and blatantly dishonest) to pick an arbitrary definition that would allow us to claim 100% uptime, or any number of nines we want. Likewise, with enough hardware, something is always offline for maintenance. So we could make an argument for 0% uptime. (Though we prefer not to.) In the rare case where a production server crashes, it usually affects a small percentage of our members' sites for a few minutes. Sites move back and forth, servers go up and down, and most of it happens without any visible effect.
There's also the philosophical angle. If a server reboots in the forest, but no one tries to access it, was it really down?
At many providers, your site is 100% dependent on the availability of a single physical server. If it fails, you're out of luck. Our clustered approach provides resiliency against many types of hardware problems. However, we do develop and maintain our own clustering software. Occasionally something incredibly weird may happen here that would (or could) never happen anywhere else. Such events are rare, but not without precedent.
Sites hosted at NearlyFreeSpeech.NET run a small risk of being "collateral damage" of a denial-of-service attack not aimed at them. But the flip side is that we have extensive experience with such attacks. We're able to mitigate most small and moderate attacks without disruption. So although the risk might be higher, the expected impact is lower. There is (most likely) not much practical difference in DDOS risk between competent hosting providers.
All in all, our overall service availability is probably above average to very good when compared to other shared hosting providers. However, "overall service availability" is meaningless if your stuff is down. We understand that. One site offline because of a service malfunction is one too many. That's why we monitor our systems and services continuously from multiple offsite locations and respond to problems as quickly as possible, 24x365.