Ongoing Work

24/7 Monitoring Link to heading

Website availability is automatically checked every minute (for some clients — every three minutes by agreed terms). When a resource becomes unavailable, an alert is generated, and I respond regardless of the time of day: performing initial diagnostics, identifying the cause of the failure, and executing necessary recovery actions.

On the server (virtual or dedicated), key parameters are constantly monitored:

  • CPU and system resource load
  • RAM usage
  • Free disk space and file systems
  • RAID and file system status
  • Critical services and daemons operation (web server, database, mail services, proxy, VPN, etc.)
  • SSL status and certificate expiration dates
  • Basic network indicators and port availability

When values deviate from normal, automatic notifications are generated and prompt response is executed.

Application and Service Monitoring Link to heading

Additionally, the correctness of application services is monitored:

  • Checking web application and API responses
  • HTTP response code control
  • Selective URL checks
  • Tracking incorrect responses from reverse proxy and backend services
  • Detection of looped processes and memory leaks

When necessary, automatic service restart or manual intervention is performed.

Backups Link to heading

Backup is performed automatically:

  • Daily database backups
  • Daily backups of website files and configurations
  • Separate backup of critical server configuration files

Copies are stored:

  • Locally on the server
  • On an independent remote storage (European location)
  • On an additional independent storage point

Thus, a scheme with multiple geographically distributed copies is used.

At least once a month, backup validation and test restoration are performed to ensure their integrity and usability.

Backup task monitoring is active: if a backup has not been performed for more than 24 hours, an alert about the problem is generated.

Updates and Security Management Link to heading

  • Automatic installation of critical security updates
  • Regular scheduled package updates within the distribution used
  • Control of version changes of key server software
  • Compatibility check of updates with the installed stack
  • Phased updates without mass simultaneous risky changes

Vulnerability Monitoring Link to heading

Specialized mailing lists and vulnerability databases for used software and server components are constantly tracked. When significant vulnerabilities appear:

  • Risk level is assessed
  • Decision is made on urgent update or temporary protective measures
  • If necessary, workarounds are implemented before the patch is released

HTTPS and Certificates Link to heading

  • Automatic TLS/SSL certificate renewal
  • Renewal is performed in advance (approximately 30 days before expiration)
  • Reissuance success control
  • Verification of correct certificate chain installation

Access Management Link to heading

  • Working with SSH access and keys
  • Centralized access key management
  • Prompt addition and removal of keys
  • Disabling outdated and unused access
  • Access rights audit when user composition changes

Protection and Network Perimeter Link to heading

  • Firewall and network policy configuration
  • Basic protection from scanning and brute force attacks
  • Integration with WAF and external protection services (when used)
  • Limiting administrative interfaces
  • Logging access attempts

Diagnostics and Incident Analysis Link to heading

In case of failures and abnormal behavior:

  • Log analysis
  • Root cause search
  • Eliminating not only the symptom but also the source of the problem
  • Documentation of atypical incidents to prevent recurrence

Configuration Management Link to heading

  • Maintaining server configurations in a clean and reproducible state
  • Storing and versioning configurations
  • Careful changes without chaotic “live” edits
  • Minimizing manual and untracked changes