MediaTemple And Dreamhost

[Jeffro]

Must have been a bad week for webhosts with MediaTemple having some of their services hacked where plain text passwords were seized. Now, DreamHost ended up with a nightmare of a datacenter migration. Anyone on either host or working with clients on either host? I think Michael Torberts personal site is hosted on MediaTemple.

http://blogs.zdnet.com/BTL/?p=27841&tag=trunk;content

[kyle]

I've got a bunch of Wordpress sites hosted on Dreamhost, and thankfully no problems. Had a bit of downtime (on all of my sites) on Monday, but nothing Wordpress specific.

[Jeffro]

That's good to hear. Every host has problems but how they respond to them and how transparent they are makes up a large part of perception.

By the way, how pretty are those ZDNet URLs :)

[foress]

In my working days with WPWebHost, I couldn't even keep track how many websites I've help the customers to transferred from Dreamhost/MediaTemple/GoDaddy.

These big guys' problems and inpersonalize service create opportunities for the little guys.

But every host really have their bad days. For me, after addressing all the support request (aka 'calming them down'), I would normally make an announcement (like this one: http://wpwebhost.com/its-hard-to-admit-your-hiccups/) and compensate the customers 1 extra month.

[JLeuze]

I'm on Media Temple and I got an email from them about these issues. My sites weren't hacked luckily, they just reset my passwords.

I have been using Media Temple for about a year. I've switched webhosts every year for the last 3 or 4 years. They have either had poor MySQL performance, making them useless for WordPress, or they had unacceptable downtime.

So far I have been satisfied with Media Temple. The few times I have need customer service they have been fast and helpful. I have several WordPress sites running on a gs account and the hosting has always been fast and responsive.

Uptime has been quite good, only one serious incident where my sites were down for maybe an hour in the middle of the night. They resolved the problem quickly and comped me a month of hosting.

After my poor experiences with other webhosts and the number of times I've had to move everything, I'd like to give Media Temple the benefit of the doubt.

If Media Temple's security was up to snuff, they got hacked in spite of their best efforts, and they were open and honest about it, I couldn't hold it against them.

But I'm pretty frustrated with what seems to be lax security measures and a less than transparent response to the issues.

Doesn't seem like the whole story is out there yet, so I'll withhold judgement, but I'm going to start looking into other hosting options at least.

I'm sort of stuck in the middle where I have too many sites and too much load for shared hosting or a low end VPS in the less than $20 a month range.

But I don't have the need or the budget for a dedicated server yet, so I have mostly looked into mid-range VPS and cloud hosting options.

Does any one have any good recommendations?

[dremeda]

That's good to hear. Every host has problems but how they respond to them and how transparent they are makes up a large part of perception.

By the way, how pretty are those ZDNet URLs :)

Jeff, in the case of Media Temple, there are bigger problems than an isolated security breach.

You're right, every host has its problems, however this is a bigger issue. This is a very high profile host which has adopted some very obscure and bad practices when it comes to security. Security through obscurity is old school, and not best practice!

I use MT for personal sites and have been very happy with service, especially with their easy and scalable container management. However, now knowing that they are passing credentials in the clear, making them readily available for internal use, and now proven to be vulnerable to the world, makes it difficult to remain a loyal customer.

This raises a major trust issue in my opinion. If this blatant security no-no is found to be the root of the problem, what other bad security practices do they have in place? Not for nothing but in my experience, where this is one issue this big, more follow, and so do future exploits!

A response is indeed necessitated, but more importantly a full root cause analysis is needed as well as a speedy resolution.

I think a 3rd party security evaluation would be a good step, and full disclosure of the findings would help close any room for negative public perception.

oh, and ZDNet URLs rock :)

[Scott D @mediatemple]

Hello,

We appreciate all your comments and concerns. We've updated our security post hoping to answer several of your questions.


Please read http://bit.ly/4A2loF


We'll continue to update there with more information and answers to your questions as needed.


Thank You.



Scott D. (mt) Media Temple