A second attack on MediaTemple servers has finally given me the incentive to move subQuark.com. MediaTemple used to be “the” host to have, especially if you did Flash work. They had a reputation for being solid.
Two months ago thousands of blogs hosted by MediaTemple were attacked. This is not new in the hosting world. Last year millions of Go Daddy hosted WordPress blogs were hit. The shame of it is that MediaTemple suspected an attack three days before it was executed (meaning they discovered a security vulnerability being exploited) .
Had they sent an email to accounts with WordPress blogs, there could have been much pain alleviated.
This blog is relatively small and only gets posted to a few times a month. However, also on this same account is the blog of my virtual world partner, Ener Hax. The iliveisl blog is a substantial blog, often with several posts per day. There are also five authors on that blog.
The iliveisl blog enjoys very high SEO (99.6%) and is in the top 3% of all web traffic. Hundreds of people read it daily.
So when an attack happens that injects an aggressive malware redirect into every single post, something has to be done. Ener Hax spent hours that first night manually stripping out the malicious code. The code was inserted into over 600 posts!
Had MediaTemple provided the heads up, measures could have been taken to reduce the damage. Ener does weekly backups, but missing 3 or 4 days could mean the loss of 5-10 posts.
MediaTemple never admitted to having a security issue, preferring to blame it on blog owners and outdated versions of WordPress. Anyone that knows Ener would know that “outdated” is not part of any online endeavors done by Ener!
They did supply instructions for stripping out the malicious code in the SQL databases a few days later.
Attacks like this will happen. Not warning your customers and/or not stepping up to the plate to say there was a breach is ethically poor. People understand that this happens on the internet, but they don’t like being lied to.
MediaTemple has not been in the top ten web hosting providers for a few years now.
This week, another attack happened on websites hosted by them. Malware HTML was injected into index pages. I submitted a work ticket and was automatically informed that there would be a 20 hour response time.
After the WordPress attack occurred, we moved the iliveisl blog to Host Gator. Their ticket response time has been under two minutes! They also have a reputation of being proactive regarding attacks and are consistently in the top ten hosting providers. They are also powered 110% by green sources!
This site, as well as a few others we have, was scheduled to be moved in the next two months. Looks like we should have moved a bit sooner!
subQuark.com is now on Host Gator and they have a wonderful control panel and for under $12 a month (Business Plan) we get unlimited domains, unlimited bandwidth, and unlimited disk space.
This is the third host we have used (we have about 25 websites). The first, WebScorpion, was rock solid but was $37 a month for 20 domains. I used them for 6 years (an eternity online) and only had one hour of downtime that I know of.
MediaTemple was used for three years and our plan allowed for 100 websites and 100 gigabytes of disk space but I know of at least four days where this site was down for hours at a time! Once for six hours! That is a long time by any hosting companies standards, but it did result in a credit for a free month.
If you are looking for a host, we have been happy with Host Gator so far and they have a very easy “one click” type of installer for things like WordPress.
Spend a few minutes researching online and good luck!
code used just in case others Google it looking for what happened:
<ads><script type=”text/javascript”>document.write(unescape(‘%3C%73% . . . ‘));</script></ads>
from Google about this and MediaTemple’s network:
Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 14 site(s), including, for example, pqshow.org/, crocro.biz/, adsnet.biz/, that infected 11077 other site(s), including, for example, stumbleupon.com/, latingossip.com/, larecord.com/.
I’m sorry that your sites were exposed to an attack. I understand the frustration in dealing with a hacked site. The work on this issue has been ongoing and we have been extremely transparent the entire time.
Currently we have the ability to scan and srub any sites that are reporting being hacked. We do ask that, after our cleaning operation, our customers take the necessary steps to harden their sites from attack.
We’ve created a page with a our recommended resources for doing this: http://mediatemple.net/security
I did want to address this comment:
“The shame of it is that MediaTemple suspected an attack three days before it was executed (meaning they discovered a security vulnerability being exploited).”
I don’t know where you heard this, but it is not true. If we were aware of a potential security threat days before the attack, we would have been proactive in trying to prevent our customers from being exposed. Not only would we have notified our customers of the potential threat, but we would have taken action on our side to harden our systems.
If you wish to discuss this any further, we’d be more than happy to chat with you on the phone. You can email your phone number to andrew at mediatemple dot net or travis at mediatemple dot net.
(mt) Travis O.
30 Aug 10 at 5:34 pm
does not explain why no ticket response in 48 hours – a simple direct to that link would have helped
so transparent that it was invisible i guess
there was never any notification on the WP attack (even after the attack), you did place a suggested solution two days later, which was useful but stated it was due to sites that were not updated
“Additionally, we have seen no evidence that up-to-date versions of WordPress are the entry points for the attacks.”
thank you for hosting us
Ener Hax
2 Sep 10 at 2:32 am
I’m beginning to have more problems with MT too. There service (response time) has always been very poor. But now I’m having validation errors on all my MT hosted WordPress sites.
It appears that MT has over-promised performance and service. I’m looking at other options now. Anyone have experience with Bluehost of Hostgator?
Patrick
10 Sep 11 at 2:43 pm
I like Hostgator quite a bit and have 16 sites hosted with them and it’s been a little over a year now. I have Ping services that check it and it has yet to skip a beat.
subquark
15 Sep 11 at 4:39 pm