Raw Thought

by Aaron Swartz

Why I Won’t Use Rimuhosting

I originally got a VPS at Rimuhosting because their website lauded their “fanatical service” and a friend had concurred. In September 2006, I ordered my first server.

In December, a friend asked if I knew any good VPS hosts. I said I used Rimuhosting and hadn’t had any problems. “That’s funny,” he replied. “rimuhosting is the company that’s just given me horrible support over the last 2 weeks. No answers to email for 2+ days, then a claim that they didn’t receive it, then I send them the mail server log that says they should have received it, then they say ‘oh, that’s interesting. oh well.’”

I guess that should have been a sign for me. But instead, he changed his tune: “Well, if everyone thinks they’re so great, maybe I’ll give them another chance.”

The server went down for maintenance three times and was moved to a new IP once. In April 2008, the real trouble started. I was dinged for bandwidth overruns, apparently because Yahoo! was crawling the same files on my server hundreds of times a day. In June, they complained I was monopolizing the CPU, even though when I logged in the machine was 100% idle. They complained again in October and November and December and offered to take a look at the problem if I gave them root on the box. “Over my dead body,” I thought.

In December they set a CPU cap on my VPS. Then came the amazing bit. Despite already having sold me a VPS and put a CPU cap on my usage of it, they manually edited my partition to add their SSH key to my authorized_keys, used that to gain root on my box, noticed that a CGI script was using up CPU, and responded by turning off Apache. They didn’t even try to call me to talk about it in advance. They didn’t even call me at all. They just sent a little email. After the fact. The subject? “index.cgi is causing high CPU usage”

I asked them what was going on. Here was their reply:

In our welcome email we do mention that we have installed our key on your server.

We use that to help our customers. You are able to remove that if you are not comfortable with that.

Of course, I did remove it. They used their control of the hardware to add it back in.

We work to ensure that customer’s get a fair share of the CPU, and that their servers perform well.

If everyone is trying to max out the CPU then everyone’s performance will be poor. We can set it so that you get a fixed amount of CPU (and then we don’t mind how much CPU want to use). Or we can let your CPU burst up to 100% of a host server CPU core, in which case your server will run fast, but in which case we’d need to make sure you do not monopolize the CPU.

Or, they can break into my box and turn off my webserver. Oddly they don’t mention that last option.

If you think we can help in any other way, e.g. investigating that script or anything, just let us know.

I suppose this is the service Rimuhosting is known for. I won’t be taking advantage of it again.

You should follow me on twitter here.

August 27, 2009


I have used Rimu for several years now, and have recommended them to numerous clients.

It is true they add a key to gain root access, which I was duly informed about. However, if I didn’t like it I could delete the key.

I had a case where they identified a problem with one of our server processes that had gone wild and used up enough memory that Linux started killing processes to keep itself alive. I got an email from them indicating this issue — they noticed that my database server was down before I did. I am very surprised that there was no communication via any of their supported channels after that action. Are you sure?

I think you’re being a little unfair. Any process that pegs the CPU is pretty much a rogue process, IMHO. It sounds like your issue was how they handled it. Our cases are similar: for me, they saved some downtime.

Their service has been truly exceptional for the several years I have used them.

Anyway, it’s your option to not like them :-). I just thought they deserved a chance to have an alternate view.


posted by Tom Harrison on August 27, 2009 #

I can recommend Joyent accelerators as an alternative. They use OpenSolaris containers, which IMO is superior technology.

posted by Fazal Majid on August 27, 2009 #

This sort of problem is a great reason to go with a Xen-based VPS host. Xen actually does resource limiting between VPSs properly which would have avoided this entire mess.

posted by Mike Cantelon on August 27, 2009 #

Rimuhosting does use Xen.

posted by Aaron Swartz on August 27, 2009 #

I know it shouldn’t matter, but you think they’d have some canned responses that had been proofread. (customer’s)

posted by Rich Wilson on August 27, 2009 #

I have to say that I’ve been using Rimuhosting for a couple of years and have always been amazed by their service. If they added back their SSH key after you had removed it then that’s pretty terrible, but generally when dealing with their support people I feel I’m talking to clued up people who are actually care about getting stuff fixed. Seems like they went a bit too far in your case.

posted by Rich on August 27, 2009 #

You’re a moron. Get a dedicated box with a reliable company. Wanting a good VPS setup is like asking for a girlfriend that also wants you to sleep with her friends… Ain’t happenin.

posted by anon on August 27, 2009 #

They use Xen, but don’t know how to throttle CPU per VPS. Yikes. I will make sure I avoid them.

posted by Mike Cantelon on August 28, 2009 #

Give slicehost a try. I hear good things.

posted by on August 28, 2009 #

+1 for slicehost, and also definitely these dudes— really tempted to try it http://prgmr.com/xen/

posted by Todd Troxell on August 28, 2009 #

Have to disagree about Joyent accelerators. Mine (with their image) was unstable, going down ever month or so and they were a hassle to deal with. After 6 months of poor replies I left, issue still unresolved.

posted by Josh on August 28, 2009 #

Aw, man…I’d never heard of Rimuhosting until last night, when I started researching java (ie scala :) hosting. They looked great…java specialists, start at $20/mo, scale up to monster dedicated servers if necessary. I thought I’d found my host.

Now I check the aggregator and find this post.

I’d use slicehost, but I think my setup might be really ram-heavy after a while…ram is cheap and rimu pricing reflects that. Slicehost doesn’t have an option for adding lots of ram cheap.

I guess I could bite the bullet and start with dedicated, but it’d be nice to keep it cheap for starters in case traffic stays light.

posted by Dennis on September 1, 2009 #

It seems you guys in the US get really raw deals in the hosting business. Looking at the rimu page they ask $49 for the “biggest” VPS which has not that great stats after all.

In Germany e.g. you get a dedicated root server with a Core i7, 8 GB Ram and 750 GB Raid 1 Disks for 49 € (~ $70)

For example here: http://www.hetzner.de/en/hosting/produktmatrix/rootserver-produktmatrix/Produktmatrix

posted by Ulrich Petri on September 8, 2009 #

I agree with the issues that others have had with RimuHosting. They used to be great, until, on top of a number of similar occurrences to those mentioned, one day they completely WIPED my VPS and I was forced to restore from week-old backups. This was supposedly due to a security compromise that was actually a non-issue. I was running portsentry, which was listening on a number commonly exploited ports, for the purpose of denying port scans. I had changed my recorded root password, as to deny access. So, during a ‘routine security scan’ of their network (which had never been performed before), a rep saw a number of trojan ports open on the box (their scanning host would have been blocked and all ports would have shown closed, if they had thought to try again). So, they saw the ports open, tried to log in as root, were denied, and assumed the machine was compromised. And reformatted it. This is TERRIBLE from a security standpoint, as no forensics would have been possible if it HAD in fact been compromised. Instead, they wiped all evidence that would have been present. No knowledge of the origin of the attacker or methodology involved. I would have recommended powering it down and notifying me, or at least denying all network traffic to the machine. Instead, after a few failed attempts, I log into a fresh install, with no data at all. I was not even notified — I had to contact them to find out what happened. Their response: Oh, we will note this on your account so this doesn’t happen again. Yeah… thanks. Needless to say, that was enough cause for me to take my service elsewhere.

posted by elixx on December 8, 2009 #

You can also send comments by email.

Email (only used for direct replies)
Comments may be edited for length and content.

Powered by theinfo.org.