always­da­ta is one of the few “pre­mi­um” hosts  to offer a free offer – and since we first start­ed oper­at­ing. This is rather excep­tion­al:  on one hand, the vast major­i­ty of host­ing com­pa­nies offer­ing free accounts pro­vide a rel­a­tive­ly basic ser­vice (often reduced to PHP / MySQL) and on the oth­er, the great major­i­ty of the more com­pre­hen­sive hosts nev­er make such a free offer.

Our free pack enjoys great pop­u­lar­i­ty, and a grow­ing one: Currently, dozens per day are being opened. Many will hard­ly be used, oth­ers will lat­er migrate to become paid accounts, and of course some of them will host real sites. We have host­ed active free accounts since ear­ly 2007 and are delight­ed about it.

One draw­back of offer­ing free accounts is to attract some nox­ious accounts, bent on phish­ing, spam­ming, prox­ies, script kid­dies, etc… We nat­u­ral­ly boast many safe­guards and tools enabling us to track these abus­es, but total and absolute pro­tec­tion is tech­ni­cal­ly impos­si­ble.

Until now, free and pay­ing accounts used to share the same servers. This has some advan­tages, includ­ing mak­ing it very easy to switch from a free pack to a pay­ing one (or vice ver­sa): The files need not be migrat­ed from one serv­er to anoth­er.

The DDoS attacks we have suf­fered from in ear­ly December were linked to a free account, which con­vinced us to make a dis­tinc­tion between free and pay­ing accounts. We had already con­sid­ered this pos­si­bil­i­ty before that, but the ben­e­fits / draw­backs ratio still seemed too low. No longer today.

Free accounts will hence­forth be host­ed on HTTP servers sep­a­rate from pay­ing ones. It is effec­tive as of today for new accounts, and the old­er ones are being migrat­ed grad­u­al­ly over the next few days. In par­al­lel, we will quick­ly estab­lish a mech­a­nism for auto­mat­ic migra­tion when an account moves from a free pack to a pay­ing one (and vice ver­sa). Finally, it will soon be required to start pay­ing on the day the account is opened, to check that clients do not have fraud­u­lent inten­tions.

Free accounts ser­vice qual­i­ty will not change for all that

The risks relat­ed to free accounts, to date, con­cerned all servers. From now on, only free accounts risk being affect­ed by them. Therefore, this does not change the qual­i­ty of ser­vice there­of.

Paying accounts ser­vice qual­i­ty will increase

By com­plete­ly insu­lat­ing free accounts on sep­a­rate servers, pay­ing accounts will be less exposed to some threats, includ­ing:

  • DDoS;
  • being host­ed on the same IP as a phish­er / spam­mer;
  • attempt­ed local attacks or abuse of ser­vices.

Of course, the risk can­not be total­ly elim­i­nat­ed: if a client with a fee pay­ing pack­age is attacked by a DDoS, for exam­ple, the entire serv­er will be con­cerned: this is at the root of the prin­ci­ple of shared host­ing. But expe­ri­ence has shown that risks are low­er than with free accounts. To be sure nev­er to expe­ri­ence down­time due to anoth­er account, we have been propos­ing ded­i­cat­ed servers since the end of the Summer hol­i­days 🙂

Moreover, the var­i­ous updates and devel­op­ments that we reg­u­lar­ly deploy will ini­tial­ly be per­formed on the servers reserved for free accounts. This is a great advan­tage: if the update meets with prob­lems, pay­ing accounts will not be impact­ed. This sce­nario has already occurred pre­vi­ous­ly, espe­cial­ly dur­ing our tran­si­tion to our new archi­tec­ture, last February. Despite our numer­ous upstream test­ing oper­a­tions – and we always try to make them com­pre­hen­sive – the shift to pro­duc­tion may indi­cate a past prob­lem hith­er­to unno­ticed…

In con­clu­sion, although the insu­la­tion of free accounts rep­re­sents a sig­nif­i­cant step for­ward in increas­ing our ser­vices avail­abil­i­ty rate, this is only one mea­sure among many oth­ers. We always work a lot, even more so cur­rent­ly, to make our archi­tec­ture more resilient. And we keep in mind the new fea­tures, too. Coming soon: MongoDB and CouchDB!