powered by

The official site is now powered by Thanks to Rasmus Lerdorf and Dan Brown for the support. is hosted on a server in California. We have nodes very nearby which load content, optimize it, and then deliver it either directly to clients or send it to myracloud nodes in other parts of the world in a highly compressed format. now accelerated by

Germany’s third largest online retailer is celebrating its 10th anniversary, and because of daily spikes in legitimate traffic it is now relying on to deliver even better performance to its customers. With myracloud’s built-in high-performance caching the load on the application servers has been improved significantly, so that even more parallel user sessions can be handled. myracloud serves millions of requests each hour directly without these requests affecting the customer’s infrastructure.

About In 2011 AG revenues exceeded 460M EUR which placed it behind,, and the now defunct

myracloud proves itself in DDoS attack

Just 48 hours after going live, we have observed the first major event. A customer, one of the most well-known sites in Germany, was being attacked at around 10pm. They went live on myracloud only 45 minutes later. The attackers then switched tactics to sending traffic against the hoster’s nameservers, one of Europe’s top addresses. These nameservers went down instantly. The customer then also switched his DNS to us, and has been up ever since.

myracloud provides DDoS-proof DNS and HTTP/HTTPS services.

We absolutely love myracloud, and we are confident that you will, too. Try myracloud today.

myracloud is live

myracloud the premium ddos-protection and content delivery optimization platform is live. Make your website faster today with myracloud for free. Congratulations to our great team who has delivered an amazing platform in a very short time (with the help of a lot of coffee and pizza :-) ).

We will add some more exciting information about myracloud very soon. If you have any feedback, please let me know (

First-hand IPv6 experience

So, in order to gain more experience with actually running IPv6 on the server- and client-side, we migrated all our users in the office to IPv6.

That sounds a lot harder than it actually is.

We installed radvd on one Linux machine connected to our office network. And that was basically it. radvd sends IPv6 announcements to all clients on the network. Windows, Mac, and Linux users automatically get IPv6 addresses that way. The one Windows XP machine you might have will need a manual “netsh int ipv6 install” once, and you are done.

So, we are using the following now:

  • all our servers have native IPv6 connectivity
  • our developers use SSH and HTTP via 6to4 from the office and home
  • our servers talk to each other via IPv6 (mostly SSH and HTTP/HTTPS) 
And it was very easy to set up.

Because all the clients are dual-stacked, we have removed the IPv4 addresses from the main development systems’ DNS. So, where we had an A- and AAAA-record before, there is only one AAAA record left. This forces the dual-stacked system to connect via IPv6. For emergencies, there is always a hostname-4 entry left which points to the IPv4-address.

We had no problems whatsoever with any of the services we use internally so far (e.g. Apache, nginx, OpenSSH, MySQL, munin, exim, stunnel, etc.). The only exception is nullmailer (a simple SMTP injecter) whose IPv6 support gets broken in Debian every couple of months apparently.

Feel like sharing your IPv6 experience? 

Service Configuration and IPv6 notation formats

In IPv4-land addresses are always written the same way.

Not so much with IPv6.

Here is a short rundown on what notations are around in IPv6 configuration land.

  • exim4: double every colon: 2001::db8::::/32 (exception from the norm)
  • nginx: listen [2001:db8::1]:80;
  • apache: Listen [2001:db8::1]:80
  • stunnel.conf: 2001:db8::1:80 (exception from the norm)
  • slapd.conf (LDAP): access to * by by peername.ipv6=2001:db8::1 read
  • munin-node: allow ^2001:db8::1$
  • sshd_config: ListenAddress 2001:db8::1
  • tinyproxy.conf: Listen 2001:db8::1
  • bind: options { listen-on-v6 { 2001:db8::1; 2001:db8::2; } }
  • nullmailer: broken in Debian regarding IPv6, dontuse

Generally, syntax formats including a port number are written using the bracket syntax [address]:port (except stunnel). If no port is specified, the brackets are not used. exim4 is a special case, because the colon “:” is used as default delimiter in exim4′s configuration format, and hence needs to be escaped using a second “:”.

Do you know other examples? Please submit a comment.

Note that the examples use the reserved 2001:db8::/32 prefix as specified by RFC 3849 for documentation purposes.

PHP FastCGI start script with LFS tags

Since Debian does not come with a start/stop script for PHP fastcgi I’m sharing my script which has been in use basically unmodified for 10 years or so. Latest additions are the LFS tags required by recent Debian/Ubuntus.

Put it into /etc/init.d/php-fastcgi and “ln -s /etc/init.d/php-fastcgi /etc/rc2.d/S10php-fastcgi”. Don’t forget “chmod +x /etc/init.d/php-fastcgi”.

#! /bin/sh
# Provides:          php-fastcgi
# Required-Start:    $local_fs
# Required-Stop:     $local_fs
# Default-Start:
# Default-Stop:
# X-Interactive:     false
# Short-Description: foo

. /etc/profile




# Socket path to have the webserver connect to

case $1 in
  su www-data -c "exec /usr/bin/php-cgi -b $path" </dev/null >/dev/null 2>&1 &
  echo $! > $pidfile
  killpid=`cat $pidfile`
  echo trying killing $killpid
  kill $killpid

exit 0

DDoS Mitigation Made in Germany

According to Kasperky Labs, 25% of all attacks against websites are conducted against online shopping sites.

After witnessing quite a few of these DDoS attacks against our customers, we have created a filtering/scrubbing solution called MyraCloud. MyraCloud uses intelligent routing algorithms to distinguish services such as HTTP and DNS, and to separate bad from good traffic. These algorithms allow us to instantly filter out unwanted traffic in the backbone already. This protects our customers, and the Internet itself.

By additionally using Anycast routing technology attack traffic is diverted to the nearest filtering/scrubbing center. This makes attacks on our infrastructure much, much harder. Anycast works by sending traffic to the nearest data center, instead of sending it half-way around the globe. Traffic is cleaned locally instead of potentially negatively affecting users globally.

myracloud is already deployed for a number of customer sites. Please contact us if you are interested in trying out MyraCloud.