I've happily hosted Surreal CMS on Media Temple ever since it launched in 2008. Alas, due to a recent influx in security-related blocks that are affecting my users, I have little choice but to move to another host.
If you've been following my Twitter feed lately, you're probably aware of an issue with Surreal's host blocking random IP addresses lately. In short, Media Temple has a very protective security filter that blocks all requests to and from a specific IP address if something at that address is caught doing bad things to the Media Temple network.
This may sound desirable — and for many of Media Temple's customers it probably is — but due to the nature of my service, it's been causing a lot of headaches lately.
Blocking legitimate sites
The problem is that many of my users host their websites on shared servers. That means their website lives on a server with hundreds of other websites, and all of those websites resolve to the same IP address. So if any one of those websites gets compromised and "attacks" something on the Media Temple network, all of the websites using that IP address get blocked — even the innocent ones.
To make matters worse, Media Temple blocks IP addresses globally across their network. That means once they block it, no applications hosted by Media Temple will be able to send or receive requests to or from the offending IP address — valid or not. It becomes a black hole.
Policy change or major compromise?
Although this policy has been in effect for as long as I've been with Media Temple, it's seldom been an issue. Historically, it would affect perhaps one or two of my users per month. However, something changed over the last two weeks, and I'm seeing multiple blocks on a daily basis now.
The most logical explanation is that Media Temple recently tweaked their security filter and made it much more sensitive. However, they insist that nothing has changed on their end.
If that were true, however, it would imply that a lot of shared web servers from a lot of different hosting providers have simultaneously become infected and are now attacking the Media Temple network. That doesn't seem likely, but I guess anything is possible.
“Set in stone”
As a result of these blocks and my ongoing effort to restore service to affected users, Media Temple escalated the issue to one of their systems engineers. I was informed this week that there's nothing they are willing to do.
We have a particularly strict policy to protect you, our customers, from any IP seen operating maliciously regardless of their origin. This policy is set in stone and will not be changed, since it is not a problem for 99.9% of our users.
Thus, I've made the difficult decision to bid farewell to Media Temple and relocate Surreal CMS to DigitalOcean. Over the next few days, I'll be preparing the new environment for a seamless transition with the goal of little to no interruption to users.