Server Maintenance

Routine server maintenance procedures and schedules for MDHosting Ltd infrastructure, ensuring optimal performance, security, and reliability.

Overview

Regular server maintenance is essential for maintaining service quality, security, and uptime. This document outlines scheduled maintenance activities, emergency procedures, and best practices for all MDHosting servers.

Maintenance Objectives: - Security: Keep systems patched and secure - Performance: Maintain optimal server performance - Reliability: Prevent issues through proactive maintenance - Transparency: Clear communication with clients during maintenance - Minimal Disruption: Schedule maintenance during low-traffic periods

Maintenance Philosophy: - Live Patching: KernelCare enables kernel updates without reboots - Proactive Monitoring: Identify and resolve issues before client impact - Scheduled Windows: Predictable maintenance schedules - Emergency Response: Rapid response to critical security issues

Maintenance Schedule

Regular Maintenance Windows

Scheduled Maintenance: First Tuesday of Each Month - Time: 02:00-04:00 GMT (low-traffic period) - Duration: Up to 2 hours - Scope: Non-critical updates, configuration changes, testing - Client Notification: 7 days advance notice (if reboot required)

Emergency Maintenance: As Required - Criteria: Critical security patches, service outages, urgent fixes - Notification: Minimum 4 hours notice (when possible) - Client Communication: Email and status page updates

Daily Maintenance Tasks: - Time: 03:00-03:30 GMT - Scope: Automated backups, log rotation, monitoring checks - Impact: Negligible (no service disruption)

Maintenance Calendar

gantt
    title Monthly Maintenance Schedule
    dateFormat YYYY-MM-DD
    section Regular Maintenance
    Monthly Scheduled Window (1st Tuesday)    :done, 2026-01-07, 2h
    Daily Automated Tasks                     :active, 2026-01-01, 30d
    section Quarterly Tasks
    Q1 Security Audit                         :2026-03-15, 7d
    Q2 Security Audit                         :2026-06-15, 7d
    Q3 Security Audit                         :2026-09-15, 7d
    Q4 Security Audit                         :2026-12-15, 7d
    section Annual Tasks
    ApisCP Migration Planning                 :2026-02-01, 90d
    Infrastructure Review                     :2026-06-01, 14d

Daily Maintenance Tasks

Automated Daily Operations

Backup Operations (02:00-04:00 GMT): - Full account backups via cPanel - Transfer to Hetzner BX11 Storage Box - Backup verification and error checking - Retention cleanup (>30 days)

Log Management (03:00 GMT): - Log rotation (Apache, MySQL, system logs) - Compression of old logs - Cleanup of logs >90 days - Error log analysis

Security Scans (03:30 GMT): - Imunify360 malware scanning - ClamAV virus scanning - File integrity monitoring - Suspicious activity detection

System Health Checks (04:00 GMT): - Disk space monitoring (alert if >80%) - Memory usage analysis - CPU load monitoring - Service availability checks - SSL certificate expiry checks

Daily Manual Checks (Weekdays)

Morning Checks (09:00-10:00 GMT):

1. Review Overnight Alerts:
2. Check email for backup failures
3. Review Imunify360 alerts
4. Check CSF firewall notifications

5. Review any automated incident reports

6. Verify Service Status:

   # SSH to each server
   ssh root@eu1.mdhosting.co.uk
   
   # Check service status
   systemctl status httpd mysql exim imunify360-agent
   
   # Check server load
   uptime
   top -bn1 | head -20
   
   # Check disk space
   df -h
   
   # Check memory
   free -h
   

7. Review Backup Status:

8. Log in to WHM → Backup → Backup Status
9. Verify all accounts backed up successfully
10. Investigate any failures

11. Re-run failed backups if necessary

12. Check Client Support Tickets:

13. Review new tickets in Blesta
14. Prioritise critical issues
15. Respond to urgent requests

Afternoon Checks (15:00-16:00 GMT): - Monitor resource usage trends - Review any new security alerts - Check for pending software updates - Prepare for next day if maintenance scheduled

Weekly Maintenance Tasks

Every Monday Morning (10:00 GMT)

Security Review: 1. Review Imunify360 Dashboard: - Check for malware detections - Review blocked IPs and attacks - Verify firewall rules - Check for false positives

1. Review CSF Firewall Logs:

   # Check recent blocks
   grep "Blocked" /var/log/lfd.log | tail -50
   
   # Review persistent offenders
   csf -d | grep "^Block" | wc -l
   

2. SSL Certificate Audit:

3. Check for expiring certificates (<30 days)
4. Verify AutoSSL functioning
5. Review any SSL errors

Performance Review: 1. Analyse Resource Usage: - Review CPU usage trends - Check memory consumption patterns - Analyse disk I/O statistics - Identify resource-heavy accounts

1. Database Optimisation:

   # Check for crashed tables
   mysqlcheck -Aao --auto-repair
   
   # Optimise all databases
   mysqlcheck -Aao
   

2. Web Server Optimisation:

3. Review Apache/nginx error logs
4. Check for slow queries
5. Analyse access patterns
6. Optimise configurations if needed

Every Friday Afternoon (16:00 GMT)

Backup Verification: 1. Test Random Backup Restore: - Select random client account - Restore one file to verify backup integrity - Document results

1. Storage Space Management:
2. Check backup storage utilisation
3. Verify BX11 Storage Box capacity
4. Clean up old/unnecessary backups if needed

Pre-Weekend Checks: 1. Verify Monitoring: - Ensure all monitoring systems active - Check notification settings - Verify on-call contact details current

1. Review Pending Updates:
2. Check for critical security patches
3. Schedule emergency maintenance if required
4. Prepare patch notes for Monday

Monthly Maintenance Tasks

First Tuesday of Month (02:00-04:00 GMT)

Operating System Updates:

1. Pre-Update Checklist:
2. ✅ Backups completed and verified
3. ✅ Current snapshot/backup of critical configurations
4. ✅ Rollback plan prepared

5. ✅ Client notification sent (if reboot required)

6. Apply Updates (AlmaLinux):

   # Update package lists
   dnf check-update
   
   # Review available updates
   dnf list updates
   
   # Apply all updates (excluding kernel - KernelCare handles this)
   dnf update --exclude=kernel*
   
   # Check for services requiring restart
   needs-restarting -s
   
   # Restart services as needed
   systemctl restart httpd mysql exim
   

7. KernelCare Live Patching:

   # KernelCare automatically applies kernel patches without reboot
   # Verify KernelCare status
   kcarectl --info
   
   # Check for available patches
   kcarectl --update
   
   # Verify effective kernel version
   kcarectl --uname
   

cPanel/WHM Updates:

1. Update cPanel:

   # Check for cPanel updates
   /scripts/upcp --check
   
   # Apply cPanel updates (automatic - verify only)
   # cPanel updates automatically via daily cron
   /scripts/upcp --list
   

2. Update EA4 (Apache/PHP):

   # Update EasyApache 4 packages
   /scripts/update_local_rpm_versions --edit target_settings.ea4
   /scripts/check_cpanel_rpms --fix
   

3. Update Plugins:

4. Imunify360: Auto-updates enabled
5. ConfigServer products: Check for updates
6. WHM plugins: Review and update

Security Hardening:

1. Review Security Settings:
2. Audit user accounts (remove unused)
3. Review sudo access permissions
4. Check SSH key authentication

5. Verify firewall rules current

6. Password Rotation:

7. Rotate root passwords (quarterly)
8. Update stored credentials in password manager

9. Verify new passwords work before finalising

10. Security Scan:

    # Run comprehensive security audit
    /scripts/check_security
    
    # Lynis security audit (if installed)
    lynis audit system
    

Database Maintenance:

1. MySQL Optimisation:

   # Analyse and optimise all tables
   mysqlcheck -Aao --auto-repair
   
   # Update MySQL statistics
   mysqlcheck -Aa --analyze
   
   # Check for database corruption
   mysqlcheck -Ac
   

2. Database Size Review:

3. Identify largest databases
4. Check for bloated tables
5. Recommend optimisations to clients if needed

Log Review and Cleanup:

1. Archive Old Logs:

   # Archive logs older than 90 days
   find /var/log -name "*.log" -mtime +90 -exec gzip {} \;
   
   # Delete compressed logs older than 180 days
   find /var/log -name "*.gz" -mtime +180 -delete
   

2. Analyse Error Patterns:

3. Review Apache error logs for patterns
4. Check MySQL slow query log
5. Identify recurring issues

Disk Space Management:

1. Cleanup Operations:

   # Clean up yum/dnf cache
   dnf clean all
   
   # Remove old kernels (if not using KernelCare)
   # Skip - KernelCare manages kernel versions
   
   # Clean up /tmp
   find /tmp -type f -atime +7 -delete
   
   # Clean cPanel caches
   /scripts/cleancpanelcaches
   

2. Storage Review:

3. Identify accounts consuming most space
4. Check for suspicious storage growth
5. Contact clients approaching quota limits

Post-Maintenance Verification:

1. Service Checks:

   # Verify all critical services running
   systemctl status httpd mysql exim imunify360-agent
   
   # Check website accessibility
   curl -I https://eu1.mdhosting.co.uk
   
   # Test email (send test message)
   echo "Test" | mail -s "Post-Maintenance Test" admin@mdhosting.co.uk
   

2. Client Verification:

3. Spot-check 3-5 client websites
4. Verify email functionality
5. Check cPanel accessibility

6. Monitor for post-maintenance support tickets

7. Documentation:

8. Record maintenance activities
9. Document any issues encountered
10. Update internal documentation if needed

Quarterly Maintenance Tasks

Security Audit (Mid-Quarter)

Comprehensive Security Review:

1. External Security Scan:
2. Run vulnerability scan (OpenVAS or similar)
3. Check for exposed services
4. Verify firewall effectiveness

5. Test for common vulnerabilities

6. Access Control Audit:

7. Review all SSH keys
8. Audit cPanel account permissions
9. Check reseller accounts

10. Verify API token usage

11. Compliance Check:

12. Review GDPR procedures
13. Verify data retention policies
14. Check backup encryption status
15. Update Data Processing Agreements if needed

Performance Optimisation:

1. Resource Analysis:
2. Review 3-month resource trends
3. Identify growth patterns
4. Plan capacity upgrades if needed

5. Optimise resource allocation

6. Client Account Review:

7. Identify inactive accounts
8. Review accounts approaching limits
9. Contact clients for service adjustments
10. Optimise package allocations

Disaster Recovery Testing (Quarterly)

Backup Restore Testing:

1. Full Account Restore Test:
2. Select test account or create dummy account
3. Perform full restore from backup
4. Verify all data restored correctly

5. Document restore time (RTO verification)

6. Database Restore Test:

7. Test MySQL database restoration
8. Verify data integrity

9. Check for corruption

10. Email Restore Test:

11. Test mailbox restoration
12. Verify email account configuration
13. Check mail filters and settings

Failover Testing:

1. DNS Failover (if implemented):
2. Test DNS failover procedures
3. Verify monitoring triggers failover

4. Document failover and recovery time

5. Service Recovery:

6. Simulate service failure
7. Execute recovery procedures
8. Measure recovery time objectives (RTO)

Annual Maintenance Tasks

Infrastructure Review (Mid-Year)

Comprehensive Infrastructure Assessment:

1. Hardware Review:
2. Assess server specifications
3. Review resource utilisation trends
4. Plan hardware upgrades or migrations

5. Evaluate cost optimisation opportunities

6. Software Licensing:

7. Review cPanel licenses (renewal dates)
8. Audit other software licenses
9. Evaluate license tier requirements

10. Plan for software migrations (ApisCP)

11. Service Provider Review:

12. Evaluate Hetzner performance and costs
13. Review backup storage adequacy
14. Assess registrar (internet.bs) performance
15. Consider alternative providers if beneficial

Documentation Update:

1. Procedure Review:
2. Update all operational procedures
3. Verify contact information current
4. Update network diagrams

5. Review and update disaster recovery plans

6. Compliance Documentation:

7. Update GDPR documentation
8. Review Data Processing Agreements
9. Update incident response procedures
10. Verify ICO registration current

Capacity Planning (Annual)

Growth Analysis:

1. Client Growth Review:
2. Analyse client acquisition trends
3. Review churn rate
4. Project next year's growth

5. Plan infrastructure scaling

6. Resource Forecasting:

7. Project storage requirements
8. Estimate bandwidth needs
9. Plan CPU/RAM requirements

10. Budget for infrastructure expansion

11. Financial Planning:

12. Review infrastructure costs
13. Plan capital expenditures
14. Evaluate cost-saving opportunities
15. Budget for migrations (ApisCP)

Emergency Maintenance Procedures

Critical Security Patches

Immediate Response (Within 4 Hours):

1. Assessment:
2. Evaluate severity (CVSS score, exploitability)
3. Determine affected systems
4. Check for active exploitation

5. Assess client impact

6. Client Notification:

   Subject: Emergency Maintenance Notification - [Date/Time]
   
   Dear MDHosting Client,
   
   We are performing emergency security maintenance on [date] at [time] to address a critical security vulnerability.
   
   Expected Impact: [Brief service interruption/No impact expected]
   Maintenance Window: [Start Time] - [End Time] GMT
   Duration: Approximately [X] minutes
   
   This maintenance is necessary to protect your hosting account and data.
   
   We apologise for the short notice and any inconvenience.
   
   Updates will be posted to: [Status Page URL]
   
   MDHosting Ltd
   admin@mdhosting.co.uk
   

7. Patch Application:

   # Immediate security update
   dnf update [package] -y
   
   # Or use KernelCare for kernel vulnerabilities
   kcarectl --update
   
   # Restart affected services
   systemctl restart [service]
   

8. Verification:

9. Verify vulnerability patched
10. Test service functionality
11. Monitor for issues
12. Update clients on completion

Service Outage Response

Immediate Actions:

1. Incident Declaration:
2. Log incident start time
3. Notify on-call staff

4. Begin incident log

5. Assessment:

   # Check service status
   systemctl status --all
   
   # Check system logs
   journalctl -xe
   
   # Check disk space
   df -h
   
   # Check load average
   uptime
   

6. Service Restoration:

7. Restart failed services
8. Clear any resource constraints
9. Restore from backup if corruption detected

10. Implement temporary fixes if needed

11. Client Communication:

12. Provide status updates every 30 minutes
13. Use Blesta announcement system
14. Update status page
15. Send post-incident summary

Hardware Failure Response

See: Incident Response Procedures for comprehensive hardware failure workflows.

Quick Actions:

1. Hetzner Support:
2. Open emergency ticket
3. Request hardware diagnostics

4. Arrange replacement if needed

5. Failover (if possible):

6. Migrate critical services to backup server
7. Update DNS for affected services

8. Restore from backups if necessary

9. Client Notification:

10. Provide transparent updates
11. Set realistic expectations
12. Offer service credits if significant impact

Maintenance Best Practices

Pre-Maintenance Checklist

Before any significant maintenance:

• ✅ Backups completed and verified (within 24 hours)
• ✅ Rollback plan documented
• ✅ Client notification sent (if impact expected)
• ✅ Change window approved
• ✅ Staff availability confirmed
• ✅ Testing plan prepared
• ✅ Monitoring systems active

During Maintenance

Communication: - Post start/progress/completion updates - Document all actions taken - Note any unexpected issues - Keep incident log updated

Verification: - Test each change before proceeding - Verify services after each major step - Monitor system metrics continuously - Check for client reports of issues

Post-Maintenance

Immediate Verification: - Test all critical services - Spot-check client websites - Review error logs - Monitor support tickets

Documentation: - Record all changes made - Document issues encountered - Update procedures if needed - File maintenance report

Follow-Up (24 Hours): - Review monitoring data - Check for delayed issues - Respond to client feedback - Verify backup success post-maintenance

Client Communication

Planned Maintenance Notification (7 Days Advance)

Subject: Scheduled Maintenance - [Date] at [Time] GMT

Dear MDHosting Client,

We will be performing scheduled server maintenance on:

Date: [Day, Month Date, Year]
Time: [Start Time] - [End Time] GMT
Expected Duration: [X] hours
Expected Impact: [Minimal/Brief interruption]

Maintenance Activities:
- Security updates and patches
- Performance optimisations
- System health checks

Your hosting services should remain available during this maintenance window. In the unlikely event of service disruption, downtime will be minimal.

You do not need to take any action. Your websites and email will be automatically restored if any brief interruption occurs.

If you have any questions or concerns, please contact us via:
- Support Tickets: https://mdhosting.co.uk/billing/submitticket.php
- Email: admin@mdhosting.co.uk

Thank you for your understanding.

Best regards,
MDHosting Ltd

Emergency Maintenance Notification (Minimum 4 Hours Notice)

Subject: URGENT: Emergency Maintenance - [Date] at [Time] GMT

Dear MDHosting Client,

We must perform emergency security maintenance to protect your hosting account:

Date: [Today/Tomorrow]
Time: [Start Time] - [End Time] GMT
Expected Duration: [X] minutes
Impact: [Brief service interruption expected]

Reason: Critical security vulnerability requires immediate patching

We apologise for the short notice. This maintenance is essential for your security and data protection.

Your services will be automatically restored. No action is required from you.

We will provide updates via:
- Email notifications
- Status page: [URL]
- Client portal: https://mdhosting.co.uk/billing

For urgent concerns, contact: admin@mdhosting.co.uk

Thank you for your understanding.

MDHosting Ltd

Maintenance Completion Notification

Subject: Maintenance Completed - Services Restored

Dear MDHosting Client,

Our scheduled maintenance has been completed successfully.

All services have been restored and are operating normally. Your websites and email should be fully accessible.

If you experience any issues, please contact support immediately:
- Support Tickets: https://mdhosting.co.uk/billing/submitticket.php
- Email: admin@mdhosting.co.uk

Thank you for your patience during this maintenance window.

Best regards,
MDHosting Ltd

Monitoring During Maintenance

Real-Time Monitoring

Service Availability:

# Monitor HTTP response
watch -n 10 'curl -Is https://eu1.mdhosting.co.uk | head -1'

# Monitor service status
watch -n 5 'systemctl status httpd mysql exim'

# Monitor system load
watch -n 5 'uptime; free -h'

Error Monitoring:

# Watch Apache errors
tail -f /usr/local/apache/logs/error_log

# Watch MySQL errors
tail -f /var/lib/mysql/$(hostname).err

# Watch system messages
tail -f /var/log/messages

Post-Maintenance Monitoring (24-48 Hours)

Automated Checks: - Service availability (uptime monitoring) - Response time metrics - Error rate monitoring - Resource utilisation trends

Manual Verification: - Client support ticket volume - Error log analysis - Backup success rates - Security alert review

Maintenance Tools & Commands

Essential System Commands

# System Information
uname -a                    # Kernel version
cat /etc/redhat-release     # OS version
uptime                      # System uptime and load

# Resource Monitoring
top                         # Interactive process viewer
htop                        # Enhanced process viewer (if installed)
iotop                       # I/O monitoring
free -h                     # Memory usage
df -h                       # Disk usage
du -sh /home/*              # Directory sizes

# Service Management
systemctl list-units --type=service --state=running
systemctl status [service]
systemctl restart [service]
systemctl enable [service]
journalctl -u [service] -n 50

# Log Analysis
tail -f /var/log/messages
grep -i error /var/log/messages | tail -50
journalctl -p err -since "1 hour ago"

# Network
ss -tunlp                   # Listening ports
netstat -an | grep ESTABLISHED | wc -l  # Active connections
ping -c 4 8.8.8.8           # Network connectivity

# Security
csf -l                      # CSF firewall status
csf -g [IP]                 # Check IP in firewall
fail2ban-client status      # Fail2Ban status (if used)

cPanel/WHM Specific Commands

# cPanel Scripts
/scripts/check_cpanel_rpms --fix     # Fix cPanel RPMs
/scripts/upcp --force                # Force cPanel update
/scripts/restartsrv_httpd            # Restart Apache
/scripts/restartsrv_mysql            # Restart MySQL
/scripts/restartsrv_exim             # Restart Exim

# Account Management
/scripts/listaccts                   # List all accounts
/scripts/suspendacct [user]          # Suspend account
/scripts/unsuspendacct [user]        # Unsuspend account

# Backup Management
/scripts/pkgacct [username]          # Create account backup
/scripts/restorepkg [username]       # Restore account

# Security
/scripts/check_security              # Security audit
/scripts/compilers off               # Disable compilers (security)

KernelCare Commands

# Check KernelCare status
kcarectl --info

# Update to latest patches
kcarectl --update

# Check effective kernel version
kcarectl --uname

# Verify license
kcarectl --license-info

Additional Resources

Internal Documentation: - Security Monitoring - Imunify360, KernelCare, monitoring procedures - Incident Response - Emergency response procedures - Backup & Recovery - Backup procedures and restoration - Network Architecture - Infrastructure diagrams and configuration

External Resources: - AlmaLinux Documentation - OS documentation - cPanel Documentation - cPanel/WHM guides - KernelCare Documentation - Live patching guides - Imunify360 Documentation - Security platform guides

Tools: - Server Status - Public status page (if implemented) - WHM - Server management - Blesta Admin - Client management

---

Last updated: January 2026