Recently in Hosting Category

Unfortunately I've had to disable the ability to search the comments on this blog as apparently the script was using up too much memory. I ran a search this afternoon and ended up with the generic 500 Server error page. Looking through the error log (which can be found in ~/logs/errors/domain name/http/error.log for dreamhost users) I found that mt search page was being killed before completing but only if I used the SearchElement=both on the absoblogginlutely blog (the other blogs are fine). I must admit I am a bit surprised at that as I only have 3103 posts and 1446 comments so I wouldn't have thought this would put *that* much strain on a server. Dreamhost just said that I was "using too much memory" and to check the MovableType forums for support :-( I did a quick search and that recommended fastsearch, but this doesn't support searching comments either, so for the time being the search will only do the content (although interestingly I can search with no errors from the admin interface).

Hopefully this won't be the same in MovableType4 which I might get around to upgrading too one day.

I received the following email from dreamhost this morning which is not good news. Although I was one of the account affected, I've been able to login ok and it looks like everything was untouched on my account.

This email is regarding a potential security concern related to your
'xxxxxxx' FTP account.
We have detected what appears to be the exploit of a number of accounts belonging to DreamHost customers, and it appears that your account was one of those affected.
We're still working to determine how this occurred, but it appears that a 3rd party found a way to obtain the password information associated with approximately 3,500 separate FTP accounts and has used that information to append data to the index files of customer sites using automated scripts (primarily for search engine optimization purposes).
Our records indicate that only roughly 20% of the accounts accessed - less than 0.15% of the total accounts that we host - actually had any changes made to them. Most accounts were untouched.
We ask that you do the following as soon as possible:
1. Immediately change your FTP password, as well as that of any other accounts that may share the same password. We recommend the use of passwords containing 8 or more random letters and numbers. You may change your FTP password from the web panel ("Users" section, "Manage Users" sub-section).
2. Review your hosted accounts/sites and ensure that nothing has been uploaded or changed that you did not do yourself. Many of the unauthorized logins did not result in changes at all (the intruder logged in, obtained a directory listing and quickly logged back out) but to be sure you should carefully review the full contents of your account.
Again, only about 20% of the exploited accounts showed any modifications, and of those the only known changes have been to site index documents (ie. 'index.php', 'index.html', etc - though we recommend looking for other changes as well).
It appears that the same intruder also attempted to gain direct access to our internal customer information database, but this was thwarted by protections we have in place to prevent such access.Similarly, we have seen no indication that the intruder accessed other customer account services such as email or MySQL databases.In the last 24 hours we have made numerous significant behind-the-scenes changes to improve internal security, including the discovery and patching to prevent a handful of possible exploits.
We will, of course, continue to investigate the source of this particular security breach and keep customers apprised of what we find. Once we learn more, we will be sure to post updates as they become available to our status weblog: http://www.dreamhoststatus.com/
Thank you for your patience. If you have any questions or concerns, please let us know.
- DreamHost Security Team

If you can read this, then absoblogginlutely.net (and all my other domains) are now moved to a different host. It's taken a while with each host being moved across at a time, with the last one being absoblogginlutely.net I wasn't looking forward to it as there is a lot of customisation and tweaks in the background that I've done to the site. The actual process wasn't too bad, the complicated bit is the testing to ensure that the new site works whilst keeping the old site active at the same time AND remembering what changes have been made to the old site and replicating them on the new one. MT posts, were simple enough, I just reposted them back to this blog again. I did testing by setting the dns on one pc to the new dns servers on the new hosting company and used that to test whilst keeping another pc on the standard dns to ensure normal internet connectivity. Hopefully it all moved across ok. For those people that are hosting stuff on my site, give me a shout if you can't get anything to work and for those of you who have read this far, let me know too if there is anything you find that is broken.

If you notice anything funky with emails or hosting, please let me know via a comment on this site (or at my flickr account as I am moving hosts this week. First up is the helsby.net domain. The website (what little there is) was moved yesterday and emails setup on the main server for the appropriate mail forwarding and I flicked the dns switch just now. This should really only affect emails to Kristen and I as the website is not really used (at the moment)
After that I will be moving this absoblogginlutely.net domain - that is going to be a lot more complicated due to sql servers, MovableType installations, redirection of subdomains, ftp accounts and what not. The good news is that I won't need to pay more for hosting for the next two years and by this switch of hosts I'll be consolidating the various payments made to various companies for hosting and domain registration.

Danny wanted the ability to have stats for his subdomain so he can see where visitors were coming from. However the stats program that he used to use started to generate popups when the website was visited. I was not happy with this so the script was disabled. By following the instructions at AWStats Access I was able to provide him a url, username and password so that he could access stats for his website without having to provide him the control panel username and password. As he doesn't have ftp access to the directory the stats program is loaded, it is secure from the end user downloading the control panel password. (I hope!). I've also renamed and edited the couple of files to ensure that the filenames are not common to avoid any guesswork and file inclusion via any vulnerable xss scripts that could occur.

I didn't realise that after I moved servers with my new host, the path to imagemagic changed - this meant I wasn't able to upload any pictures to the gallery. It's fixed now by setting the path to /usr/bin instead of /usr/x11/bin

We're back! My site was closed sometime last week as the server it was hosted on was having resource issues. I was offered a move to a new server and unfortunately the flat web pages got moved across but the sql database backend didn't. It's now been fixed and we're live again. Expect a couple of posts from me as I catch up on my blogging from the past couple of days.
Now I'm off to ensure I have a REALLY good sql backup of my data - for some reason my control panel backup didn't include a valid copy of my mysql databases.

My site is currently hosted with hasweb and I'm trying to report a security flaw on the software installed on the server. unfortunately their main website has been unavailable to access, the forums are unavailable and nothing else on the hasweb.com domain seems to be working. Can anyone else confirm they do not get any hasweb.com web pages? I guess there are some other hasweb customers out there who may also be having problems. I'm getting a bit nervous that the reseller may be going bust - maybe its time to move (I think the hosting is up for renewal but I can't contact anyone to find out!)

for £16.99 a year, QiQ are providing 10gb web space, 100GB bandwidth, unlimited ftp accounts, emails, subdomains, mysql databases and ssh access (which is very rare) and also asp (although i suspect this is something like chilisoft). Sounds too good to be true (so probably is) but I must say it is a very tempting offer to get just to play with or even use as a mirror/backup of existing sites and data.
On further investigation, qiq is reselling webspace from heartinternet and qiq's overview page tells you how the company was formed and is more upfront than other web hosts i've used in the past! It also explains why it is advertised and has a post about qiq on the net4nowt page - its run by the same people.

Via Net.Works Acquires Amen Hosting. Poor souls - they don't know what a pile of pants they've brought! Apparently Amen is one of the fastest growing hosts in 2003 - probably as they had a good deal which lasted one year - I wonder how many customers they lost.

My helsby.net domain is going to be moving over the next 24-48 hours so if you send an email to this domain then it may bounce or be delayed in being picked up. I've taken up 1&1's us hosting deal of 3 years free hosting. The downside is that I loose my asp functionality but the upside is I get proper webmail interfaces (amongst others). I figured that I can use asp on my home server if necessary, but the helsby.net domain webspace wise was really just being used as a placeholder for data and not really changing so it shouldn't need asp functionality.

...when cpanel can stuff your site up for you instead? Cpanel issued an update to the software that a lot of hosting companies use to provide easy facilities to their clients. Unfortunately there was a major bug in the latest upgrade which came out on Thursday night (or thats the first I have heard it affecting someone) where a lot of the modules that used to be installed with the system were no longer available. As a result people who have used various modules to access their mysql databases etc have had their pages broken. It took my hosting company a day to fix it on their servers as they have had to go through and work out which modules are needed. The good news is that apparently there is a script that analyses the pure perl files and works out the dependencies and installs them but this does need someone to run this analysing script. Also the perl repositories are problably going to be hammered with all the hosting companies downloading the various files that are needed! There are Control Panel support forums but you have to register to even view the data (and I can't be bothered).

Thankfully all the various dependencies in PHP are now back in place after cpanel was upgraded on Thursday night by my hosting company...I can now blog again.

My year of hosting with Amenworld was up yesterday. They had been sending me warnings for the past month and I had already moved my web and email to another company, Redirection.net but hadn't changed the tag on the domain. It took 4 repeated emails, each one more snotty than the previous one, to their support site before someone actually answered my question and said that yes I would be able to modify the tags if required after the years hosting was up. This sounded great.....until the day before the year was up when they tell me that actually all details will be removed and the domain detagged! A VERY snotty and upset email was sent to them explaining that I would therefore move away from them but this process could take more than half a day. An email was sent back saying that they wouldn't detag for a month. Today I tried to log in and was told that I couldn't modify anything as the domain had expired...fortunately by this time the tag changes had already taken place. I wouldn't recommend AmenWorld for hosting as you get conflicting answers from their tech support (and this is not the first time either) and then they wait until you have less than 24 hours to make your changes - probably so that you would normally have no choice but to extend for one more year.....Grrrrrrr

Neil's website is playing silly sites again. This time instead of showing the main website it's now asking me to login and roll out his site. Co-incidentally, at the time I first tried to post this item, I had problems posting on my own blog!