Comments for Crained http://www.crained.com Marketing, Football and other musings Fri, 13 Aug 2010 20:05:39 +0000 hourly 1 http://wordpress.org/?v=3.0 Comment on MediaTemple’s Database exploit and why I’m Glad I left by Charlie http://www.crained.com/554/mediatemples-database-exploit-and-why-im-glad-i-left/comment-page-1/#comment-304 Charlie Fri, 13 Aug 2010 20:05:39 +0000 http://www.crained.com/?p=554#comment-304 I did some research and Rackspace did experience the same problem. It's a lack of updating patches on their system. And then it took until today for them to notify anyone about the issue. We had clients forwarding us emails about the issue today. Sure, Media Temple was fixing the issue, but I wrote about this on the 6th and it was a known problem. That's not great service. I have as many hosts on other hosting companies and none experienced the problem. It would seem to me that GoDaddy and 1and1 would be prime targets as well. I did some research and Rackspace did experience the same problem. It’s a lack of updating patches on their system. And then it took until today for them to notify anyone about the issue. We had clients forwarding us emails about the issue today. Sure, Media Temple was fixing the issue, but I wrote about this on the 6th and it was a known problem. That’s not great service. I have as many hosts on other hosting companies and none experienced the problem. It would seem to me that GoDaddy and 1and1 would be prime targets as well.

]]> Comment on MediaTemple’s Database exploit and why I’m Glad I left by Craig http://www.crained.com/554/mediatemples-database-exploit-and-why-im-glad-i-left/comment-page-1/#comment-303 Craig Fri, 13 Aug 2010 20:01:41 +0000 http://www.crained.com/?p=554#comment-303 Same story for us as well. Every site on eachof our clients' unique grid service accounts have been hit and all themes we make are custom as well. Like Brent all of the plugins vary from site to site and the only sites that have this script inserted by Wordpress are on MT. We've been using MT for the last year and things were great until about a month ago. Both Wordpress and the sites themselves are ridiculously slow, and every couple days we continually have to clean out the script that Charlie has been talking about (http://bit.ly/91vTvU). We will be moving all of our clients over to a new host very soon, canceling our accounts, and until this issue is sorted out we won't be adding any new clients' sites to MT. MT get your shit together. Same story for us as well. Every site on eachof our clients’ unique grid service accounts have been hit and all themes we make are custom as well. Like Brent all of the plugins vary from site to site and the only sites that have this script inserted by WordPress are on MT. We’ve been using MT for the last year and things were great until about a month ago. Both WordPress and the sites themselves are ridiculously slow, and every couple days we continually have to clean out the script that Charlie has been talking about (http://bit.ly/91vTvU).

We will be moving all of our clients over to a new host very soon, canceling our accounts, and until this issue is sorted out we won’t be adding any new clients’ sites to MT.

MT get your shit together.

]]> Comment on MediaTemple’s Database exploit and why I’m Glad I left by Zach Wingo http://www.crained.com/554/mediatemples-database-exploit-and-why-im-glad-i-left/comment-page-1/#comment-302 Zach Wingo Fri, 13 Aug 2010 17:46:39 +0000 http://www.crained.com/?p=554#comment-302 BTW, http://packetstormsecurity.org/filedesc/major_rls80.txt.html BTW, http://packetstormsecurity.org/filedesc/major_rls80.txt.html

]]> Comment on MediaTemple’s Database exploit and why I’m Glad I left by Zach Wingo http://www.crained.com/554/mediatemples-database-exploit-and-why-im-glad-i-left/comment-page-1/#comment-301 Zach Wingo Fri, 13 Aug 2010 17:41:55 +0000 http://www.crained.com/?p=554#comment-301 You accuse Media Temple of being at fault here and jumped to conclusions which were based on nothing more than weak theories only to find out that you were wrong. Several of Media Temple's customers reported on their forums that they were running Wordpress v. 2.9.2 while others said they were using the latest version. Well guess what? The latest version is about 2 week old and they've now reported it's vulnerable to Cross Site Scripting attacks. So all those people who used the latest version and blamed (mt) should be angry at Wordpress and bloggers like yourself who jumped to conclusion because it's easier to make assumptions than look at the facts. The fact is Media Temple was not to blame nor was Rackspace. Yes, I know it's probably a shock to you that Media Temple wasn't the only host affected by a larger than normal number of hacked Wordpress sites. A simple Twitter search and a little time would have revealed the dozens of reports from customers of other hosting companies reporting their Wordpress sites being hacked even though they were using the latest version. The real shame is that so bloggers like yourself not only don't apologize for your irresponsible and unfounded comments about a company, you usually attempt to justify your comments by trying to accuse the company of deserving it because of their history. Which for the record, with the exception of one (1) security problem they had with FTP passwords, Media Temple has had the best security and been the most open and proactive hosting company I've used. You accuse Media Temple of being at fault here and jumped to conclusions which were based on nothing more than weak theories only to find out that you were wrong. Several of Media Temple’s customers reported on their forums that they were running WordPress v. 2.9.2 while others said they were using the latest version. Well guess what? The latest version is about 2 week old and they’ve now reported it’s vulnerable to Cross Site Scripting attacks. So all those people who used the latest version and blamed (mt) should be angry at WordPress and bloggers like yourself who jumped to conclusion because it’s easier to make assumptions than look at the facts. The fact is Media Temple was not to blame nor was Rackspace. Yes, I know it’s probably a shock to you that Media Temple wasn’t the only host affected by a larger than normal number of hacked WordPress sites. A simple Twitter search and a little time would have revealed the dozens of reports from customers of other hosting companies reporting their WordPress sites being hacked even though they were using the latest version.

The real shame is that so bloggers like yourself not only don’t apologize for your irresponsible and unfounded comments about a company, you usually attempt to justify your comments by trying to accuse the company of deserving it because of their history. Which for the record, with the exception of one (1) security problem they had with FTP passwords, Media Temple has had the best security and been the most open and proactive hosting company I’ve used.

]]> Comment on MediaTemple’s Database exploit and why I’m Glad I left by Elijah Johannson http://www.crained.com/554/mediatemples-database-exploit-and-why-im-glad-i-left/comment-page-1/#comment-299 Elijah Johannson Tue, 10 Aug 2010 13:58:14 +0000 http://www.crained.com/?p=554#comment-299 Why were my comments not approved? I have been using Rackspace and had 3 of 4 Wordpress sites hacked this past week. I found at least a dozen other people on twitter that are non-Media Temple customers two others were Rackspace also and the others were various hosts. What concerns me most is this is a Wordpress probably a Wordpress vulnerability but no one is looking for it because they're busy blaming Media Temple and Rackspace. I think you're being pretty narrow minded blaming the hosts when these types of attacks where a single/few hosts have been targeted. Back in May Godaddy, Bluehost and Dreamhost were all the target of attacks while most other hosts were left virtually untouched. All I know is I will not be using Wordpress anymore. Why were my comments not approved? I have been using Rackspace and had 3 of 4 WordPress sites hacked this past week. I found at least a dozen other people on twitter that are non-Media Temple customers two others were Rackspace also and the others were various hosts. What concerns me most is this is a WordPress probably a WordPress vulnerability but no one is looking for it because they’re busy blaming Media Temple and Rackspace. I think you’re being pretty narrow minded blaming the hosts when these types of attacks where a single/few hosts have been targeted. Back in May Godaddy, Bluehost and Dreamhost were all the target of attacks while most other hosts were left virtually untouched. All I know is I will not be using WordPress anymore.

]]> Comment on MediaTemple’s Database exploit and why I’m Glad I left by Brent Lagerman http://www.crained.com/554/mediatemples-database-exploit-and-why-im-glad-i-left/comment-page-1/#comment-298 Brent Lagerman Mon, 09 Aug 2010 23:25:25 +0000 http://www.crained.com/?p=554#comment-298 thanks for the advice, I already know a good amount about apache, so I think I could figure it out. I just figured someone more qualified should be doing the sys admin work, but being hands-off with the server has gotten me into this situation... so maybe it's time for a switch... thanks for the advice, I already know a good amount about apache, so I think I could figure it out. I just figured someone more qualified should be doing the sys admin work, but being hands-off with the server has gotten me into this situation… so maybe it’s time for a switch…

]]> Comment on MediaTemple’s Database exploit and why I’m Glad I left by Charlie http://www.crained.com/554/mediatemples-database-exploit-and-why-im-glad-i-left/comment-page-1/#comment-297 Charlie Mon, 09 Aug 2010 20:53:51 +0000 http://www.crained.com/?p=554#comment-297 They have firewalls in place on the server and at the hosting provider. I've never had an issue with a VPS on any host we've had for 6+ years. There is a small learning curve to get started--but once you did you'll love the freedom. They have firewalls in place on the server and at the hosting provider. I’ve never had an issue with a VPS on any host we’ve had for 6+ years. There is a small learning curve to get started–but once you did you’ll love the freedom.

]]> Comment on MediaTemple’s Database exploit and why I’m Glad I left by Brent Lagerman http://www.crained.com/554/mediatemples-database-exploit-and-why-im-glad-i-left/comment-page-1/#comment-296 Brent Lagerman Mon, 09 Aug 2010 20:48:41 +0000 http://www.crained.com/?p=554#comment-296 I've never wanted to use a VPS because I don't want to deal with my server being upgraded and protect it's security manually, I figured that being on a shared server provided more security because if something goes wrong they'd fix it right away, but it seems like shared servers are becoming targets for hackers... I’ve never wanted to use a VPS because I don’t want to deal with my server being upgraded and protect it’s security manually, I figured that being on a shared server provided more security because if something goes wrong they’d fix it right away, but it seems like shared servers are becoming targets for hackers…

]]> Comment on MediaTemple’s Database exploit and why I’m Glad I left by Charlie http://www.crained.com/554/mediatemples-database-exploit-and-why-im-glad-i-left/comment-page-1/#comment-295 Charlie Mon, 09 Aug 2010 20:19:43 +0000 http://www.crained.com/?p=554#comment-295 Brent, If you get a Virtual Server and Plesk you don't need to use GoDaddy's admin area. Plesk is really easy to use and you are then in charge of your virtual server. You can get that for the price of a Grid Server. Or go to 1and1 Hosting. They are very good too. I had issues with GoDaddy in the past too for their general shared hosting, but have a completely different experience with the Virtual Server--even though at first I had issues--which I blogged about. Part of that was my fault and part was GoDaddy's lack of providing decent documentation. Thanks! Charlie Brent,

If you get a Virtual Server and Plesk you don’t need to use GoDaddy’s admin area. Plesk is really easy to use and you are then in charge of your virtual server. You can get that for the price of a Grid Server. Or go to 1and1 Hosting. They are very good too. I had issues with GoDaddy in the past too for their general shared hosting, but have a completely different experience with the Virtual Server–even though at first I had issues–which I blogged about. Part of that was my fault and part was GoDaddy’s lack of providing decent documentation.

Thanks!
Charlie

]]> Comment on MediaTemple’s Database exploit and why I’m Glad I left by Brent Lagerman http://www.crained.com/554/mediatemples-database-exploit-and-why-im-glad-i-left/comment-page-1/#comment-294 Brent Lagerman Mon, 09 Aug 2010 20:13:28 +0000 http://www.crained.com/?p=554#comment-294 same story here, every site on our grid service account has been hit and all themes we make are custom, the plugins vary from site to site but if you search this exploit you will see that all people that get this script inserted by wordpress are on MediaTemple, and there's plenty of infected sites out there... Not possibly a coincidence. Also when I'm in MediaTemple's admin area and go to the databases and click to go to phpMyAdmin it brings a 'this is not a trusted site' page on FireFox... very scary stuff... The thing that concerns me most about this is how adamant MT is about how it's not their fault, blaming it on anything they can when it's pretty obviously their problem... I can't say I'm happy with GoDaddy though, in the past I've used them and found their admin area a pain in the butt to get around... Wish there was something comparable to the grid service out there that I could point clients to, at the moment I'm searching... brent @ mimoYmima.com same story here, every site on our grid service account has been hit and all themes we make are custom, the plugins vary from site to site but if you search this exploit you will see that all people that get this script inserted by wordpress are on MediaTemple, and there’s plenty of infected sites out there… Not possibly a coincidence. Also when I’m in MediaTemple’s admin area and go to the databases and click to go to phpMyAdmin it brings a ‘this is not a trusted site’ page on FireFox… very scary stuff… The thing that concerns me most about this is how adamant MT is about how it’s not their fault, blaming it on anything they can when it’s pretty obviously their problem…

I can’t say I’m happy with GoDaddy though, in the past I’ve used them and found their admin area a pain in the butt to get around… Wish there was something comparable to the grid service out there that I could point clients to, at the moment I’m searching…

brent
@
mimoYmima.com

]]>