It’s been a rough week for internet security and a major bug in Jetpack has been discovered. If you use the Jetpack plugin in WordPress please upgrade right away!
During an internal security audit, we found a bug that allows an attacker to bypass a site’s access controls and publish posts. This vulnerability could be combined with other attacks to escalate access. This bug has existed since Jetpack 1.9, released in October 2012.
Read all the details here on the Jetpack website.
Hello! How are you?
It’s April, and the team here at Site5 is very excited that most of us are now into Spring and the warmer temperatures it brings to the northern hemisphere. Winter was long and cold for many of us, so the sunshine is a welcome change.
Here are highlights of what we have been working on over the past 30 days:
- Our account migration process is being reviewed to see where we can improve the process, help reduce errors, and increase customer satisfaction.
- There are four open positions including one Customer Support Specialist (L1), two Technical Support Specialists (L2), and a Software Developer (PHP). We’re looking for a native Turkish speaker for one of the L2 positions. If you know someone that has what it takes, please refer them!
- We have been enhancing our internal system monitoring tools so that we have a better downtime reporting, our reports load more quickly, and adding more statistics. We have over 3,000 servers to monitor, so these changes are vital to ensuring we keep optimum uptime and performance!
- We have also completely rewritten our RAID monitoring tool, and the new version is working very well. This will help us increase uptime going forward by ensuring we catch problems early and replace the affected hard drive as soon as possible. You can read more about the tool at 5ops.com.
- We have been standardizing the Perl environments on our shared and reseller servers to make it easier for our customers to use Perl modules. Every customer is being sent an email regarding this change and when their server’s Perl environment is being standardized.
- We also upgraded the kernel on all our VPS nodes and the primary gains have been in CPU loads and disk read/write speeds, though you may not notice depending on your site load. We will continue to bring in new versions of the Xen hypervisor kernel to improve performance going forward.
And that’s it! A lot of technical stuff behind the scenes, but all of it has the goal of improving your experience with Site5. It will never be perfect, but every step we make gets us closer to perfection! Today I leave you with this:
“The larger the island of knowledge, the longer the shore line of wonder.”
- Ralph W. Sockman
Many of you may have heard about the recent OpenSSL security issue dubbed “The Heartbleed Bug.” OpenSSL is the open-source library that handles a lot of backend cryptographic functions on our systems, with SSL website traffic being a key usage area for our company. This bug could allow an attacker to retrieve some stored memory from the server and possibly gain access to the private key for that SSL certificate. If the private key for an SSL certificate is revealed, the attacker could then use that to decrypt future website traffic through a man-in-the-middle attack. Other private information in memory could also be revealed, like user names or passwords, that should not be made public.
This is a very serious bug as it affects a key piece of security on the Internet that we trust every day to protect private transactions with our our banks, our on-line shopping, and logging in to your web-hosting account at Site5.
Luckily, most of our servers are not affected by this vulnerability because this bug only affects a specific set of OpenSSL versions that we do not use on the vast majority of our servers. For all of our other servers that are affected, we are updating the OpenSSL release and any related software and then reissuing any SSL certificates on those servers, just as a precaution.
You can test your website for this bug by using the following on-line tool: http://filippo.io/Heartbleed/#site5.com. But if you are on any Site5 web hosting plan (including reseller, shared, cloud, VPS) then your website is already safe. If you are on an unmanaged VPS, it is your responsibility to perform the necessary upgrades to your system.
Additionally, if you would like to read more technical information about the bug, please check out this site: heartbleed.com
It is March already, and we’re “marching” ahead at full speed here at Site5. Okay, I’ll admit that wasn’t very clever wordplay, but that doesn’t take away from the fact that we have had yet another productive month full of amazing improvements and growth!
Here are some key highlights:
- Our new billing/CRM system (that will eventually power Backstage) is almost ready – Beta testing is almost over and bugs are being ironed out. A number of improvements have been made and it will hopefully be ready for production use in a few months (and we’re thoroughly excited at the prospect!)
- We have built a Perl module installer into SiteAdmin which enables customers to view and install Perl modules into their accounts via a user friendly interface.
- Our Technology team has been busy working on the Passenger upgrade and addition of Ruby 1.9/2.0. We will have a more detailed blog post from them about the Passenger/Ruby upgrade shortly. In between all this they also found time to deploy the newest version of Drush to all servers!
- We still have multiple open positions, details of which were elaborated in an earlier post. If you know anyone with the advertised qualifications that wants to work at an awesome company, please have them apply!
Finally, I’ll leave you with this wonderful trip down memory lane that we just posted up as we complete 15 wonderful years of existence. It has been a great ride, and we’re looking forward to even more exciting times ahead!
Thank you, and see you in the comments!
Fifteen years ago today, Site5.com was registered. What can we give credit to for our founding?
Yep, the Nintendo 64.
Founder Matt Lightner once told me the backstory. Both he and the other founder Rod Armstrong each ran video gaming websites, and Matt decided to start reselling hosting. The biggest website was a N64 site, Rod offered to help, and they resold hosting for various other sites similar to a little gaming network. Their original plan was to resell until they could afford their own dedicated server to do a big game hosting network, but they instead decided to go the regular web hosting route. The rest is history. :)
Well, Site6.com was taken.
Okay, maybe that’s not exactly the reasoning. There actually isn’t any meaning behind the name; according to Rod, it just seemed to have a nice ring to it. Competitors at the time all seemed to have the word “host” in their name, so Matt and Rod decided to go with Site5 since it sounded different.
Enough of the history lesson; what about the future?
We’re very proud that we continue to innovate and expand on the original vision of providing best possible web hosting experience.
Here’s to another great fifteen years!
On January 8, 2014 the Internet Corporation for Assigned Names and Numbers (ICANN) made a substantial change to the domain registration process for global top level domains (gTLDs). The revised policy now requires domain owners to validate their WHOIS information whenever a domain is registered, transferred to another registrar, or the contact information is updated. This new requirement came into effect on January 8, 2014.
It is important for all domain owners to understand the change and its implications as it affects anyone that currently owns, or plans to register, a gTLD – such as .com, .net, or .org – regardless of the registrar used to register the domain.
It is vital that you complete the validation process as soon as you receive the notice because domains that do not complete the validation process will be suspended.
When Will I Receive a Domain Validation Request?
You will receive one when:
- You register a new gTLD domain
- You transfer a gTLD domain to another registrar
- You change the domain owner’s name or email address
- A WHOIS Data Reminder Policy email bounces
- The domain expiration notice emails bounce
If the domain owner’s contact information is up-to-date, you should not have any trouble receiving and acting upon the domain validation requirements.
The validation request contains a link. You need to click the link and follow the instructions that appear on the webpage. If the verification process is not completed, your domain will be suspended. This means your website and email will not be available until the contact information is validated. For this reason you should be using an email address that is not associated with the domain itself.
If you think your domain was suspended because the validation process was not completed, but you can’t find a verification request, please make sure you are checking the correct domain owner’s email address. If you still can’t find the validation request, contact Site5 support so we can help you.
What Can I Do Now?
- Make sure the domain owner email address is valid
- If you registered your domain through Site5, this is how you check the domain owner’s email address:
- Log into Backstage
- Select the ‘pencil’ (edit) icon next to your domain name
- View your contact details
If you need to make changes:
- Disable the registrar lock on your domain, click ‘Save’
- Edit your contact details, click ‘Save’
- Re-engage the registrar lock, click ‘Save’
If your gTLD domain is not registered through Site5, this message still applies and you should contact your registrar to verify that the domain owner email address is correct.
If you have any questions about this new ICANN requirement, please check ICANN’s information about the process or open a ticket in Backstage.
Our team is expanding and we would love to have you join us! Site5 is currently looking for a System Engineer, Senior Systems Administrator, and two Technical Support Specialists. If you think you have the skills to fill any of these positions we would love to hear from you.
We are currently looking for a Systems Engineer. You may be working on kernel optimizations, optimizing virtualization environments, improving internal and external security and more. Here are the skills you will need:
- Managing Linux-based servers (5+ years)
- Virtualization experience, Xen preferred (3+ years)
- Scripting aficionado (Bash, Perl, Ruby, or Python)
- Comfortable working with Git
- Desire to create quality code that is easy to understand by your peers and maintainable for the long-term
Senior Systems Administrator
Another position we have open is for a Senior Systems Administrator. This full-time position is for somebody who is experienced in using and managing things like Apache, Pure-FTPd, MySQL, Exim and BIND. The more of these you know how to manage the better. Here are some of the projects or tasks you could be working on:
- Handling escalated server issues, DDoS attacks, network problems, hardware or software related server problems.
- Investigating ways we can tweak services and improve performance while reducing resource usage.
- Investigating server problems and finding ways we can prevent them from occurring again.
- Act as liaison to support department via our internal ticketing system on some higher-level issues affecting customer accounts.
- Handling maintenance tasks (kernel updates, reboots, fscks).
Other Open Positions
Site5 is currently looking for two Technical Support Specialists. Both positions are Wednesday through Sunday. One is for a 10AM-6PM shift and the other is for a 6PM-2AM shift. These jobs require you have administrator experience with cPanel/WHM, critical problem solving skills, the ability to multitask and more.
Why work with us? We are a 100 percent remote company. This means you can work from anywhere in the world. Site5 goes a step beyond taking care of our staff. We pay for the books to help if you want to learn a new skill. All staff is provided with 20 days paid time off a year.
Check out our career information page for more information about any of these positions or to be notified when new positions are posted.
Our State of Site5 for January was a bit later than normal, but that doesn’t mean February’s update isn’t chock-full of goodness! Arun said in January that we’re continuing to focus on organizational improvements, but our Software and Technology departments are also moving ahead at full speed.
Here are the key updates from the past few weeks:
- We’re still looking to a fill a few more positions. We currently have one Customer Support Specialist opening available, and we’re looking for a new Knowledgebase/Documentation Specialist, a Systems Engineer, and a Senior Systems Administrator. Browse to the Careers page if you feel you have what it takes to join Site5!
- Internal testing continues on our new billing system. We’re making sure we get all the kinks worked out before we begin using it in production.
- The rollout of cPanel 11.40 was completed and went pretty smoothly.
- Our DNS system has undergone a transition to make it geographically redundant. Our secondary DNS server is now located in Amsterdam, making it even more resilient than it was before!
If you have a suggestion for us, please suggest it so that others can chime in, vote it up, and help Site5 improve its services.
If you have anything else to ask or say, please do so in the comments! This month I will leave you with this:
“We are what we repeatedly do. Excellence, therefore, is not an act but a habit.”