First off, congratulations to Joshua Strebel and to his wife as they are now first-time parents. Secondly, Joshua has put together a pretty transparent view as to how he created Page.ly, a WordPress specific hosting service. So far, the guide is five parts long but I advise you to start out with part 1, Identifying the opportunity. ∞
WPShout Releases Results Of Their Webhosting Survey
WPshout which is one of many sites devoted to WordPress has published the results of their early 2011 survey that asked readers to review their webhosting company. The results are from 252 independent reviews. In the grand scheme of things, this is a miniscule number but it’s cool to see so many independent reviews from WordPress centric customers in one place. WPTavern is running on HostGator and so far, I don’t have anything to complain about. When I’ve needed it, support has been great. The live chat actually works and for the most part, gets my issue settles without it being escalated. Unfortunately, it looks like many people who reviewed HostGator didn’t like the performance of their site. I’m on the opposite side of the spectrum where HostGator performs very well for me out of all the previous hosting providers I’ve used.
Hostgator had 23 reviews and, impressively for such a large number, everyone rated their experience and support as “good”. A couple of people had had “some” problem with downtime, but comments gave the impression support was quick and friendly. However, a number of people had moved away from Hostgator to another host and commented that their new hosting was much faster, suggesting Hostgator’s a bit slow, just you don’t really notice when you’re hosting with them. For this reason, I’d consider the other hosts with more solid performance across the board.
It’s no surprise to me that GoDaddy ends up in last place with most of the reviewers mentioning that they switched hosts. Just as everyone has an opinion, they also have their choice of which webhosting provider to go with. Ask 100 people in a room which place should host your website and 75% of the answers will be different. With that said, you can add these independent reviews from WPShout to your list of legitimate researching material when it comes time to decide on a webhosting provider.
By the way, for those that have an opinion on which host to go with, WPShout is still conducting the survey and has plans at some point to release more detailed information regarding the reviews.
HostGator Now Has QuickInstall
HostGator who I know a lot of you use for hosting WordPress powered websites now has a new toy for you to play with that makes installing WordPress quick and easy with no uploading required. It’s called QuickInstall and is a custom developed script by HostGator that performs practically the same functionality as Fantastico. However, the major difference between Fantastico and this custom script is that there is little to no delay between software update roll outs.
For example when WordPress 3.0 was released, it was updated and ready to be installed within the software library within a few hours compared to days with Fantastico. Is this the end of Fantastico dominance amongst the various webhosting providers out there? It seems like each host is coming up with their own custom script installer, mostly in light of the delays introduced with Fantastico. If you use a host other than HostGator and notice they have a custom script installer, let me know about it in the comments.
WordPress.Net.IN Taken Offline
Back on June 1st, Michael VanDeMar published a lengthy post explaining the process he goes through in order to clean up an infected website. One exploit that Michael points out is a bad index.php file which if ran as an include(), pulls bad information from the domain WordPress.Net.IN. This domain according to Michael has been in existence for at least three years, first being registered in 2007.
Not only is it being used as an exploit delivery mechanism, but it’s violating the WordPress trademark. According to comments made on the post by Matt Mullenweg, he had attempted to contact the domain registrar to have the domain taken offline.
Okay, well short story is I looked into this when the hack first came up, but haven’t noticed it since and haven’t thought about the domain since then. I’ll contact some friends in the domain business to see what we can do now. (We have a lot more resources than three years ago.)
A few days later, Matt has confirmed that the domain has been taken down due to some help from Justin at GoDaddy. However, there is a difference between taking a domain down and taking ownership of it due to the WordPress trademark. It’s not clear yet whether Matt has put in the effort to try and take ownership of the domain. If not, it’s possible that at some point down the road, the domain will continue to be used but on a different registrar/host which wouldn’t be good for anyone, especially if it were to continue being used as an exploit delivery tool.
I’m interested in how the WordPress trademark is being protected. Is it the sole work of Matt going after violators or is there a team of lawyers acting on Matt’s behalf? I’d also be interested to hear in how a typical trademark violator is dealt with. Everything from discovery to the process of getting it removed or taking over ownership. I think it would be something a lot of folks in the community would be interested to know about.
As for the other point in Michael’s post regarding priorities, meh.
GoDaddy Hacks Due To Old Software – Bad Passwords
Over the weekend, numerous users on GoDaddy shared webhosting accounts reported that their sites had been hacked with injected malware. Neowin.net was able to get a hold of GoDaddy’s security expert Todd Redfoot who explained what happened:
GoDaddy reassures customers that the attack was via WordPress and not an attack on the GoDaddy servers themselves. The coordinated attack on WordPress was formed in a botnet-like attack, which targeted outdated versions of WordPress, however, the exploit was not found in version 2.9.2. In some instances, users not running WordPress were also hacked, but did have an active or inactive WordPress installation on their account. In as many cases, users were unaware that an installation of WordPress was present on their account.
So in this instance, GoDaddy was not specifically attacked but sites using WordPress on their servers were. This is another lesson that upgrading ASAP to lessen the chance of these types of exploits affecting your site is imperative in maintaining a healthy website.
On a related note, a couple of the U.S. Department Of Treasury websites have been hacked as well. These sites are located within the Network Solutions hosting system which explains the compromise. According to NetSol:
This past weekend, an application that we support on our hosting platform was exploited as we were in the process of fixing it. We believe we have fixed the issue and we were able to contain the number of potentially affected websites to less than 250.
Discussion regarding the hacks affecting the various webhosting companies is ongoing in the following WPTavern forum thread.
Sucks To Be A Network Solutions Customer Right Now
If I were operating Network Solutions right now, I’d be on my knees begging for mercy. Browsing through my feedreader today, I came across a post on ComputerWorld.com mentioning that customers hosted on Network Solutions.com have been attacked again. This time, it’s not targeted at WordPress users. Sucuri Security Labs has the most detailed information regarding the latest attack which again, uses an iFrame to point people back to a Ukranian server. Sites running Joomla, WordPress or no CMS at all have been affected. StopMalVertising has also reported on the issue.
Network Solutions has responded to customers in a public blog post that explains they are aware of the attack and are working hard to fix it. You don’t have to tell me twice that webhosting is a complicated business to do correctly and fighting hackers is a never ending battle but at what point will customers begin to jump ship? Going through a few attacks within the time frame of a few weeks is terrible PR and as a company, these guys will need some stellar months of performance and up time before reputation begins to come back and even then, the attacks have been documented pretty well on a number of websites which may never get out of the Google long tail.
Network Solutions Admits WordPress Is Not At Fault
Network Solutions has finally published a post on their blog that not only shows them accepting responsibility for what happened to their customers websites, but they also explain that WordPress was not the cause of the issue.
Recently, our customers have complained about malicious code on certain of their blogs hosted by Network Solutions. This was not an issue with WordPress. Sorry to the WordPress community and customers for any misunderstanding.
The post then goes on to say that what happened resulted from a complex set of circumstances that they have worked to prevent from happening again. No specific details regarding what these complexities are were revealed. While I still think it would be an awesome thing for them to highlight what exactly happened so others can learn from their mistake, I’m glad to see them own up to what happened and apologize to the WordPress community for jumping the gun. Unfortunately, I doubt all of the websites that reported about the incident will report follow up stories with correct information so the damage has been done.
I took some heat regarding the way I wrote about this story by highlighting the conflicting statements between Matt Mullenweg and Network Solutions. The post was not meant to fan flames but it was aimed at getting Network Solutions to tell us exactly what was going on and if it was not the fault of WordPress, to at least admit that much to the public. Thus in the end, Matt Mullenweg was right and Network Solutions was wrong.
While the discussion originally centered around Media Temple, there is a great discussion regarding security in general within this particular forum thread.
WPTavern Is Back – I Think
After what seems like a week of technology hell dealing with webhosting companies, I think things have started to calm down with a working solution. Right now, WPTavern is being hosted through HostGator after my first host, AnHosting told me there was nothing they could do to stop a Distributed DOS attack from happening to WPTavern.com. After AnHosting, I picked up and moved to WPWebhost but soon after I uploaded my plugin files, at least six of them failed to function properly. I was not in the mood to diagnose the problem as well as the issues I had with email so I moved to HostGator where I also had email issues but I think domain propagation had something to do with email. However, I also think the lack of clear instructions which don’t work on the Cpanel Email account setup page are also to blame.
Also with HostGator, I have no idea what was causing the problem and neither does the tech support but at random times on different files, WPTavern.com would hang. Whether it was a CSS file, an image, or something else, these files would cause the loading of the site to stop for extended periods of time. Today, I wiped out the install of WordPress and installed a fresh copy. I then imported the SQL database and installed all of my plugins from scratch. I’ve also installed WP-Super Cache as well as getting rid of two images that were almost 100K in size while also fixing a call to an image that produced a 404 error. I’m happy to report that so far today, the site and the forum have been loading faster than I’ve ever seen it after spending two years with AnHosting.
If you are browsing the site or forum today, please tell me in the comments how fast the site is loading for you or if you notice the site hanging.