Media Temple drops the ball – again
A second attack on MediaTemple servers has finally given me the incentive to move subQuark.com. MediaTemple used to be “the” host to have, especially if you did Flash work. They had a reputation for being solid.
Two months ago thousands of blogs hosted by MediaTemple were attacked. This is not new in the hosting world. Last year millions of Go Daddy hosted WordPress blogs were hit. The shame of it is that MediaTemple suspected an attack three days before it was executed (meaning they discovered a security vulnerability being exploited) .
Had they sent an email to accounts with WordPress blogs, there could have been much pain alleviated.
This blog is relatively small and only gets posted to a few times a month. However, also on this same account is the blog of my virtual world partner, Ener Hax. The iliveisl blog is a substantial blog, often with several posts per day. There are also five authors on that blog.
The iliveisl blog enjoys very high SEO (99.6%) and is in the top 3% of all web traffic. Hundreds of people read it daily.
So when an attack happens that injects an aggressive malware redirect into every single post, something has to be done. Ener Hax spent hours that first night manually stripping out the malicious code. The code was inserted into over 600 posts!
Had MediaTemple provided the heads up, measures could have been taken to reduce the damage. Ener does weekly backups, but missing 3 or 4 days could mean the loss of 5-10 posts.
MediaTemple never admitted to having a security issue, preferring to blame it on blog owners and outdated versions of WordPress. Anyone that knows Ener would know that “outdated” is not part of any online endeavors done by Ener!
They did supply instructions for stripping out the malicious code in the SQL databases a few days later.
Attacks like this will happen. Not warning your customers and/or not stepping up to the plate to say there was a breach is ethically poor. People understand that this happens on the internet, but they don’t like being lied to.
MediaTemple has not been in the top ten web hosting providers for a few years now.
This week, another attack happened on websites hosted by them. Malware HTML was injected into index pages. I submitted a work ticket and was automatically informed that there would be a 20 hour response time.
After the WordPress attack occurred, we moved the iliveisl blog to Host Gator. Their ticket response time has been under two minutes! They also have a reputation of being proactive regarding attacks and are consistently in the top ten hosting providers. They are also powered 110% by green sources!
This site, as well as a few others we have, was scheduled to be moved in the next two months. Looks like we should have moved a bit sooner!
subQuark.com is now on Host Gator and they have a wonderful control panel and for under $12 a month (Business Plan) we get unlimited domains, unlimited bandwidth, and unlimited disk space.
This is the third host we have used (we have about 25 websites). The first, WebScorpion, was rock solid but was $37 a month for 20 domains. I used them for 6 years (an eternity online) and only had one hour of downtime that I know of.
MediaTemple was used for three years and our plan allowed for 100 websites and 100 gigabytes of disk space but I know of at least four days where this site was down for hours at a time! Once for six hours! That is a long time by any hosting companies standards, but it did result in a credit for a free month.
If you are looking for a host, we have been happy with Host Gator so far and they have a very easy “one click” type of installer for things like WordPress.
Spend a few minutes researching online and good luck!
code used just in case others Google it looking for what happened:
<ads><script type=”text/javascript”>document.write(unescape(‘%3C%73% . . . ‘));</script></ads>
from Google about this and MediaTemple’s network:
Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 14 site(s), including, for example, pqshow,org/, crocro,biz/, adsnet,biz/, that infected 11077 other site(s), including, for example, stumbleupon,com/, latingossip,com/, larecord,com/.
The Future of Education in Virtual Worlds
With Second Life’s Teen Grid closing in December, where does that leave the educational use of virtual worlds?
Adult education can carry on but K-12 may need to change. Certainly those working with students under 16 will need an alternative. Those working with students 16 and older may also want an alternative rather than be tossed into the main grid.
Over the last year, the trend seems to be social use for Second Life and education/business use for OpenSim-based virtual worlds.
Closing the Teen Grid is a clear indicator that education is not a priority for Linden Lab.
One alternative is to abandon virtual worlds entirely. Some educators will do this from lack of time, resources, and/or out of frustration.
Creating a good inworld presence takes a very real commitment. It can also require access to good content.
Not everyone is like our Ener Hax and just makes the commitment to create anything needed. Ener has also developed deep relationships with talented people who contribute to our work in Enclave Harbour*.
Many educators have relied on content available within Second Life which may not be available in OpenSim. Even with equivalent material, such as teaching tools available outside of Second Life, some of these may require reconfiguration and, taken as a whole, moving may simply be too daunting. Some educators will inevitably step away from virtual worlds.
However, many educators will stick with what virtual worlds can do and put in the effort to move. Ener Hax has written many articles on how to move plus the trials and tribulations of moving from Second Life to an OpenSim-based environment (see the iliveisl blog – this post appears there as well).
OpenSim alternatives include (1) installing OpenSim on your own server, (2) contracting a third party to install it for you, (3) having an OpenSim hosting provider create a private grid as a stand alone or hypergrid-enabled grid, or (4) joining an existing grid.
1) Installing OpenSim on your own server gives you the greatest control and the least expense. This assumes that you can do the install or have the IT support to get this done.
Installing OpenSim is within the reach of many and numerous articles are out there on doing this (Hypergrid Business has a current guide which may help you decide if this is a viable option).
Your own installation means you can completely secure your world behind your firewalls. For school districts this seems like a great option.
2) A third party can install OpenSim on your server or on website hosting servers that are suited to running OpenSim. Cari.net is a website hosting company that is heavily used by the OpenSim community. They have dedicated servers allowing root access that run OpenSim very well.
We looked into this and contacted Justin Clark-Casey about installing OpenSim for us on our own box. Justin is one of the core OpenSim developers and is available for hire as are others in the OpenSim community.
3) Another alternative is to use an OpenSim hosting provider. Hypergrid Business maintains an up-to-date hosting directory. Compare not only costs but hardware specs as well.
It turned out to be $100 a month less expensive for us to go with a hosting company than running our own box.
How is that possible? SimHost‘s owners include one of the core developers of OpenSim and an admin of OSGrid and they work closely with Cari.net who helps support the OpenSim initiative.
Going with a hosted solution frees you up to do education. You don’t need to know any of the technical aspects and this is similar to being in Second Life.
While I would like to have the technical know how, I would rather focus on our endeavors. For us, virtual worlds are simply a means to deliver science education content, much like a photograph in a textbook. I do appreciate the expertise that our host has because it allows both of us to concentrate on creating immersive 3D educational activities.
Being hosted offers additional options to consider. Similar to a self-installed version, you can be a private grid with your own registration page, you can be firewalled, or you can be part of an existing grid such as OSGrid or ScienceSim. As a private grid you also have the option to be hypergrid-enabled which would allow you and/or visitors to travel to other hypergrid-enabled regions.
4) Joining an existing grid has benefits and some hosting providers run their own grids, such as Reaction Grid. Reaction Grid has a business and education specific grid which is safe for use by students and allows teachers to network. We were with Reaction Grid for 10 months and they are an excellent option.
It seems that private grids, where you can turn hypergridding on and off, are becoming the preferred choice by both educators and business.
OSGrid is somewhat analogous to the internet. You can hop around regions (about 5,000) and hypergrid to private grids. The advantage with OSGrid and a private grid is that you could use OSGrid for your avatar account rather than create accounts for each private grid you visit.
There are many things to consider but there are also many choices. Those choices are growing rapidly.
If you have been thinking of trying OpenSim or are being forced to find an alternative, do your homework, study the offerings, and take the plunge. It certainly can be rough but once done, it is well worth it.
*- Enclave Harbour is a joint venture enjoying the talents of Dream Walker, Nickola Martynov, Micheil Merlin, Ener Hax, and David Miller. Its goal is to serve as a virtual field trip “world” to explore environmental science for middle school students from public, virtual, private, and home schools. To date there are 50 workbook activities developed with additional ones in the works. Expected launch is summer of 2011.
Enclave Harbour is hosted by SimHost and runs on a dedicated 64-bit server with 8 gigabytes of RAM, 4 CPU cores, 500 megabyte hard drive, 100 Mbps dedicated port, and 32.4 terrabytes of monthly bandwidth. Our server has been heavily customised beyond the standard install to give us options such as the ability to have 4 GB RAM per sim and additional web interfaces.
This has also been posted on the iliveisl blog.