Do you charge VAT to customers in the EU?

As we are a US-based company, we do not charge VAT. If you require us to list your VAT number on the invoices you receive from us, please just let us know, and we will add it.

Do you install ModSecurity as part of your server hardening?

ModSecurity is an optional part of our hardening, and our staff will ask you if you want it before or after performing the initial server hardening.  If you do have us install it, schedule the installation for a time when you can test your websites.  ModSecurity can break certain websites. We may have to disable specific rules if they are breaking any sites or disable it entirely for particular websites.

Do you manage servers without a control panel?

Linux is our specialty, and we manage many servers without control panels. The reason we list our services by control panel is that most of our customers are in the hosting business and require the use of a control panel to host a large number of websites and email users. We want our customers to know we fully support their control panel.

Do you disable certain vulnerable PHP functions as part of your server hardening?

This, along with ModSecurity, is an optional part of the hardening process, and you have to request it.  Disabling certain PHP functions can prevent hackers from taking advantage of poorly written code and prevent them from gaining access to your server.  But it can also break certain websites.  If you have us perform this, schedule it for a time when you will be able to test your sites to ensure nothing has broken.

Can you not apply patches and updates to our server?

Yes, but you need to let us know this after you sign up for our server management service. If you have not already done so, we can lock versions of the software packages on your server to prevent them from being overwritten by automatic updates.

Do you perform an initial server audit?

Our administrators go through a checklist with every server added to management. A non-inclusive list of things we check for is that the OS is not EOL (end of life), that the OS, control and all services are set up correctly and fully patched, that resources such as CPU, RAM, and disk space are adequate and that the server has not been compromised.

What is not included with the server management service?

We do not provide web development, website updates (for instance, WordPress or Magento updates) or programming services. We also do not design nor implement complex environments as part of our management, though we have made exceptions for customers both inside and outside of our server management agreement. Please contact our sales if you are interested in this.

Do you support servers running Magento, WooCommerce, or other e-commerce platforms?

Yes, we do support many servers running Magento, WooCommerce, and other e-commerce platforms. However, we cannot act as a replacement for your web developer or website administrator as we are not familiar with the advanced configuration of these systems. Nonetheless, if you are having an issue where an e-commerce site will not load or comes up with errors, we can generally determine the cause by reviewing server logs and help come up with a resolution.

Can you assist in speeding up a server that is going very slow?

Yes. The first thing we do is ensure your web and database server are optimized. If the issue is still active, we try to determine the cause. A server configuration can be at fault, as well as misbehaving web code, plugins, database queries, backup scripts, etc.

Can you handle server outages entirely in my absence?

Yes. We do everything possible during an emergency to resolve the issue without your company’s involvement. We still ask all customers to provide us with a list of contacts we can call for outages that we cannot resolve without your assistance, for instance, a billing issue with the data center.

Do you support servers running WordPress, Drupal, or other content management systems?

Yes, we support many servers running WordPress, Drupal, and just about every other popular content management system. However, we cannot act as a replacement for your web developer or website administrator as we are not familiar with the advanced configuration of these systems. Nonetheless, if you are having an issue where a CMS-based website will not load or comes up with errors, we can typically determine the cause by reviewing server logs and help come up with a resolution.

Do you tune and optimize MySQL and MariaDB servers?

Yes, there are many things we can do to optimize your database servers. What we do often depends on what you are hosting, how large the databases and tables are, how many database queries are being executed per minute, etc.

What is your procedure when my server is down?

Assuming you have provided us access to your data centers support console, we log in and first check if there are any open tickets regarding a billing issue or a security incident with the server. For billing issues, we then call the list of emergency contacts you provided us at the time you signed up. For security incidents, we will ask the data center to grant us access to remove the security issue and then put the server back on the network. For the more common server crashes, we will invoke a reboot from the support portal or an external device such as IPMI, iLO, or DRAC. If that is not available or fails, we will ask the data center to reboot the server and, if needed, attach a crash cart to the server to determine what error is preventing the server from restarting. We will continue to work with the data center to get the server back online and functioning normally. It is vital to ensure we have your correct data center contact information on file. If you ever change it, please update us. Otherwise, we need to call your staff during an emergency.

Do you perform on-site or hands-on support for co-located servers?

No. We rely on your data center for this. If you colocate your servers and need hands-on support, we would recommend calling the colocation facility and ask them if they offer this service or if they can refer someone who does in the area. You might even directly ask the security officers who grant you access to the data center. They will often know of freelance system administrators who come in and provide this type of support at a better price than the data center.

What firewall do you install on my server?

We install the CSF firewall, which includes the Login Failure Daemon to prevent brute force attacks. The firewall has a user interface that integrates nicely with cPanel, DirectAdmin, CentOS Web Panel, Webmin and Virtualmin control panels.

Can you help with inbound spam issues?

Yes. We can install and configure software such as SpamAssassin, which is free, or MagicSpam, a paid solution. We can also configure the use of Realtime Blackhole Lists to block known spam sources and recommend the use of external mail filtering companies for customers requiring a much higher level of protection. But we can never solve the issue of spam entirely.

Do you tune and optimize Apache, LiteSpeed, and NginX web servers?

Yes. Please see the appropriate server management page on our website for the type of server we will be managing (for instance, cPanel or Plesk) to see some of the options. You can always ask our support as to what your best options are, given your environment, server resources, and traffic levels.

Do you do phone or chat support?

We ask that all support be done through our ticketing system, either online or through email. Our support department will take phone calls on business days between 7 AM until 5 PM Los Angeles time. However, we ask that you always open a ticket for an issue, even if you intend to call support later. All our work is performed on support tickets and tickets are responded to 24/7/365. We are considering adding chat support to our services.

Can you retain my IP addresses during a migration to a new server?

If your data center allows it, then we can. Most data centers will allow this so long as the new server is on the same network or switch as the old one. For the migration, we use a temporary IP address on the new server so we can migrate the data to it. When we are finished migrating, we swap the IPs. Access to the old server is then available through the temporary IP until it is taken offline.

Can you help me with outbound spam issues?

Yes. We set up an outbound spam monitor on your server to alert us when the outbound mail queue is growing, often indicating an outbound spam attack. We can also advise you on preventing the server from being listed as a spam host, such as securing web forms with CAPTCHA or reCAPCHA and disabling mail forwarding to specific domains (which can result in getting listed in blackhole lists or getting blocked by large mail providers). Our server hardening assists greatly as well, detecting rogue processes that may be sending spam, blocking brute force login attempts to SMTP accounts with weak passwords, blocking bots from abusing web forms, and more.

Can you help if my server is crashing or freezing up?

Yes. There are multiple things we can do to determine the cause of this. On servers that mysteriously crash, we always install a monitoring tool we wrote that logs the output of specific debugging commands a system administrator would otherwise run when logged onto a server having an issue. The logging includes the process table, memory usage, disk and CPU statistics, active network, as well as other things such as the MySQL process list. If the server crashes, our administrator can restart it then review these logs to see what occurred to cause the crash.

If my data center takes my server offline due to an outbound spam or abuse incident that I was unaware of, will you be able to work with them to get it back online?

Yes. The data center will typically send you an email notifying you to fix an issue like this within a specific time before shutoff, depending on the severity of the outbound attack. You can forward those to us ahead of time. But if you do not and the server is turned off by the data center, our monitoring will alert us, and we will access the data center support portal and see the cause. In almost all cases, the data center will put the server back online for us so we can stop the outbound attack.

Do you support CloudLinux?

Yes. If you are not already using CloudLinux but considering having it installed on your server, you may want to ask our support for the advantages and potential disadvantages of using it in your particular environment. We also provide licenses for CloudLinux.  Please contact us for details.

Can you install my website software such as WordPress, Magento, or Drupal?

We can. If you are a hosting company hosting many domains, we ask you not to utilize our support each time you need to provision a website. There are tools for this, and we can install those tools for you. If you, however, only host a few domains for your business, we’d be happy to install the website software for you.

What is your turnaround time on server migrations?

Very fast. We operate 24/7 and perform migrations almost as soon as you tell us to begin. But most customers open a ticket ahead of time, providing us a time to start the migration or at least a time to complete it, so they can test their sites on the new server before going live. Depending on the number of domains and the amount of data to be transferred, a migration can anywhere from 5 minutes to 48 hours. Most servers with 150 to 200 domains take somewhere between six and twelve hours. Sometimes it takes longer depending on how much data is stored for each domain.

Is Server Surgeon compliant with the US HIPAA Privacy Rules (required for US healthcare providers and insurers)?

No, we are not HIPAA compliant. If you require HIPAA compliant support for your health care business, we suggest you host at and obtain support from a HIPAA compliant data center such as Rackspace or Atlantic.Net. HIPAA compliance is not easy to achieve and is expensive. If a server management company claims to be HIPAA compliant, be very cautious and ask for a copy of their HIPAA Business Associate Agreement; unless they have one, they are not HIPAA compliant.

Can you restore a server that has been hacked without a backup?

In most cases, we can unless the attacker has maliciously removed files or data; in that case, we would need a backup. But many attacks, including very disruptive MySQL injection attacks and website defacing hacks, can be restored by a careful administrator who understands what the hacker did and can remove that action from the files and database. Nonetheless, it is always advisable to have a backup in place. If you do not have a monitored backup solution, please consider using our Linux Server Backup.

Can you restore my server from an R1Soft backup or other 3rd party backup system?

Yes, we can restore from any backup solution you have. A note of caution with any backup solution is to have a way of monitoring the backups to ensure they are consistently working. We had many customers using various backup solutions that worked when initially set them up, but found they had been failing for some time when they finally needed them.  If you do not have an adequate backup, please consider using our Linux Server Backup, which can be purchased as an add-on when you buy the management.

Is there any downtime with a server migration?

When migrating to servers that will assume the IP address of the old server after the migration is complete, the downtime will generally be less than one minute. When the new server has different IP addresses and requires a change in DNS, downtime is limited for the time it takes the DNS change to propagate across the Internet. If DNS propagation time is of concern, you can ask us to lower the DNS TTL (time to live) for all your domains to be 5 minutes at least 24 hours before the switch to the new server is made. This prevents DNS servers on the Internet from caching the DNS for your domains longer than 5 minutes, and the IP change will be seen very quickly after the migration If you ask us to lower the TTL before the migration, be sure to ask us again to raise it to 24 hours after the migration. This is proper Internet etiquette and lowers the amount of DNS queries your server has to perform every day.

Can you repair crashed MySQL and MariaDB databases without a backup?

Often we can, but it is always better to have a backup. If we cannot restore a crashed database in its entirety, we can often restore most or parts of it and give you access to that so a developer can fill in the spots. You may also have a local automated backup configured as well without knowing about it, and we will look for these. Periodically, backups are performed automatically by your content management system, the control panel on the server, or the control panels auto-installer, such as Softaculous.  If you do not have a backup plan in place, please consider using our Linux Server Backup, which you can purchase as an add-on when you buy management.

My server provider provides management. Do I need you guys too?

It depends on what the provider does as part of its server management. Many hosting providers consider themselves managed hosting providers because they maintain the hardware of the server, the operating system installation, and ensure the server has power, cooling, and network connectivity. Others offer a limited amount of support for you but would not help you, for instance, during a disaster, a migration, a hack, an issue with website, DNS or email configuration, etc. You would have to ask your provider what their management entails and what SLA you have with them. Some customers left us when moving to a managed provider only to return, saying the server management service is not the same as our Server Management Service. You would have to ask the provider what their management entails.

Can you monitor my control panel backups or 3rd party backups?

No. We do not have an adequate way of monitoring the results of any backups outside our own Linux Server Backup. If you are using a control panel, third-party, or homegrown backup solution, always ensure you have a way of monitoring the results of the backups. We had many customers using various backup solutions that worked when they were initially set up, but found they had been failing for some time when they actually needed them. Consider how important your data is to your business and what it would cost if you lose the data entirely.

What is your server migration process?

We migrate all the data on the live server to the new server without making the new server live right away. We then send you instructions on testing your websites on the new server, which involves tricking your testing computers DNS into thinking the domains are hosted on the IP addresses of the new server. When you are happy things are working correctly, you give us a time and date to go live with the switch, often during the middle of the night or on the weekend when server traffic levels are lower. At that time, we perform a final fast data sync, copying over files and databases that were altered or newly added since the initial data transfer, so no data is lost since the initial migration. If the new server is not retaining the old server’s IP addresses, we change DNS to point to the new server’s IP addresses. Otherwise, we have the data center swap the IP addresses causing the new server to go live. In this case, there is very minimal downtime if any. When changing DNS, downtime is limited for the time it takes the DNS change to propagate. If DNS propagation time is of concern, you can ask us to change the DNS TTL (time to live) for all your domains to be 5 minutes at least 24 hours before the switch is made. This will prevent DNS servers on the Internet from caching the DNS for your domains longer than 5 minutes and the IP change will be seen very quickly after the migration. If you ask us to lower the TTL before the migration, be sure to ask us to raise it to 24 hours after the migration. This is proper Internet etiquette and lowers the amount of DNS queries your server has to perform each day.

Can you recover my server after a hard disk crash without a backup?

Often, we can. The overall process is to install a new hard disk on the server and then attempt to mount the old drive so that we can restore the data from it. There are times when a drive cannot be mounted or read at all, and no data can be extracted from it. In these cases, when the data is valuable enough, you may be able to have the data center send the physical disk to a data recovery specialist who may be able to assist.  If you do not have an adequate backup plan in place, please consider using our Linux Server Backup, which can be purchased as an add-on when you buy management.

Is your staff able to provide support in Spanish or any other language?

Not currently. We do have many customers whose first language is not English but have sufficient reading and writing knowledge of the English language for communicating with our staff. Some customers even use someone they know to provide a translation of their requests and our responses.

Will you detect if my server crashes and reboot it?

Yes. We monitor your server 24/7/365 and will reboot your server within 10 minutes of it going down.  If we cannot contact the data center or access your servers remote reboot interface, we will call a list of emergency contacts you provided us when you started the management process for assistance.

Will you interact with my data center on my behalf during a hardware, network, or power issue?

Yes, we do this for all our customers. We need your data center support login and, if required by them, our company name or support email address listed as an authorized support contact for you. For data centers that have two-factor authentication, we recommend you disable that or create a sub-account for Server Surgeon that does not require it. Otherwise, every time we access the data center for support, they will send a text message to your cell phone with an access code, and we will need to contact you to get the code.

Can you help me create a failover server that is kept in constant sync with my live server?

In many instances, we can. If your server is running a control panel such as Plesk or cPanel, this is not possible. If that is the case ad you are concerned this may lead to a prolonged outage, we would recommend you maintain a secondary server running the same control panel as the active server and have the active server copy it’s backups to that server each day. In the event of a major outage, we can then restore the backed-up data already in place on the inactive server and change your DNS to make it the active server. We also manage the clone or backup servers at a very nominal fee, provided we also manage the active server. Contact our sales for details on the discount.

Do you do one-off, ad hoc per-incident support, or just server management?

We do not provide 24/7 support for non-managed servers, but we can perform per-incident support. You need to contact our sales department for a quote on the work. Our sales department is not available 24/7. Alternately if you are in an emergency, you can order our server management service, but we do require you stay at least three months. It is time-consuming to add a server to our Server Management Service, and bringing in a server just for one month does not cover our costs.

Can you detect if a particular website on my server is periodically becoming non-responsive or returning server errors, and fix the issue?

If you have a website that is becoming non-responsive or gets into a bad state and delivers server errors, you can ask our system administrators to set up a custom URL monitor for the site. Our monitoring server will download a webpage from the website every five minutes and alert us if it is erroring out, becoming non-responsive, or not returning the expected content. We will log in to the server to determine the cause of and fix the issue. These issues are often easier to debug and resolve permanently when an administrator can see the error while it is occurring, and the monitors enable us to do this.

Can you install the operating system on my server?

Yes. For bare-metal servers, we require KVM, IPMI, iLO or DRAC to be setup and accessible to our network to perform the installation. For virtual and cloud servers, we need either the login to the virtualization host or the login to your hosting provider’s control panel. Where access is extremely limited, we can use Team Viewer or other remote desktop software to access a Windows computer on your network that has access granted to the server.

Can you assist in getting our websites PCI compliant?

Yes. Many of our customers require PCI compliance for their e-commerce websites. You will still need an external PCI scanning company to perform the scans and grant the PCI compliance. But you can forward us the PCI scan reports, and we will fix any vulnerabilities found in them. Customers requiring PCI compliance run the scans every several months to ensure their websites comply with the latest PCI rules as the rules do frequently change, and so can the software on your server.

Can you configure 3rd party backup software?

Yes. We can configure almost any 3rd party backup software, and we can test it to ensure it works. However, we cannot provide ongoing monitoring of it. Unmonitored backup solutions can break for a variety of reasons, including lack of disk space, a change in file permissions, an unmounted disk volume, forgetting to pay the backup service bill, etc. Make sure the backup is monitored actively or consider using our Linux Server Backup.

Can you create custom monitors for my website(s) or application(s)?

Yes.  We take monitoring very seriously and can monitor almost anything for you, even accepting documentation from you on how to resolve complex situations unique to your environment.  You can also provide us a list of emergency contacts such as your developers or in-house administrators to call for certain complex problems unique to your environment that we cannot resolve.

Do you provide bulk discounts?

We provide discounts for customers who have five or more server management or server backup plans with us.  We also offer discounts to data centers and customers who provide virtual or bare metal servers to their customers. Contact our sales department for more details.

Do you manage media streaming servers?

We do manage media streaming servers and have set them up as well for many customers who hired us to do so. Note our Terms of Service does not permit us to manage servers hosting pornography, but we are happy to help in other cases.

Can you update or change the version of my PHP and MySQL?

Yes. What version we can update you to, or older version you want to downgrade to, may depend on the operating system version on the server. Older operating systems will not run the newer versions of PHP or MySQL, and later operating systems will not run all the older versions.

What information do you require from us to manage our server?

We require your company contact information which you provided at sign up. We also need either the server’s root login or alternately you can create our user for us and install our user’s SSH public key to grant us access. In the latter case, we need a way to switch to the root user. If you limit login access via a firewall, you need to whitelist our monitoring and access servers IP address, which will be given to you when you sign up. We also ask for your data centers support login and, if required by them, list our company name or support email address listed as an authorized support contact for you. You do not have to provide this, but then you will become our first point of contact during a server emergency when the server becomes unresponsive. Beyond this, we ask for and recommend you provide us a list of names, email addresses, and phone numbers, including off-hours numbers, of those we can call in a server emergency. We usually use this when we do not have the data center login information, or the login information has been changed without informing us, or when a server has been disconnected from the network due to a security or billing issue.

What is your SLA for response time and resolution time?

Non-urgent tickets are typically responded to within 15 to 30 minutes, often faster, depending on the current ticket volume, while emergency tickets are responded to within 5 to 10 minutes. However, there is no way to promise that all tickets will be answered within this time frame because ticket volume does vary at times.