Help Us Explain Malware Version 2!

Hey folks,

We really appreciated your help the last time we put this up, and we have taken your advice to heart. You’ll find below two explanations now… one for “non-geeks,” and the other for “geeks.” We use the term “geek” most endearingly given that we are a company of 100+ geeks here at Site5. :)

Again, we would really appreciate your feedback on whether the explanations below are clear and concise. We’re happy with them, but ultimately our customers are the audience. Any constructive feedback you have is much appreciated!

Malware refers to the bad things that happen if an attacker gets into your website.

Non-Geek Explanation
Malware refers to just about anything bad an attacker can do if they gain access to your website. Usually it happens if there is a security bug in the script that is powering your website (such as WordPress, Magento or Joomla,) or in a supporting plugin, add-on, module, or theme.

Once an attacker has access to your website they use this as a launch point to do things like:

• Place extra, malicious code into your website to infect your visitors’ computers with viruses and desktop-malware.
• Display unauthorized advertisements to your visitors
• Send spam and phishing emails through your hosting account
• Upload fake webpages to your account, and attempt to get people to visit them and steal their information (i.e. a fake bank website) through phishing emails
• Other bad things.

Geek Explanation
Malware on websites has come to refer to just about anything that results from an attacker gaining access to a website or the scripts that power that website.  This is code, iframes, or scripts designed to provide malicious hackers with the ability to use infected websites for illegal purposes. Those illegal purposes include but are not limited to:

• Sending spam email
• Infecting your visitors’ computers with malware
• Displaying unauthorized advertisements
• Deploying identify theft attempts through fake webpages

Malware is also often used to create “botnets,” a collection of Internet-connected computers controlled from a central location for the purposes described above or to launch attacks on other websites.

Symptoms

There are several ways to tell if your website has been infected with malware:

• Your web host notifies you of spam/abuse complaints against your domain(s)
• Your hosting account begins using far more resources (CPU, RAM, storage) than normal
• You receive a warning when visiting your website because it has been blacklisted by a malware detection service which often partner with web browser development companies (e.g. Google, Microsoft, Mozilla, Safari, Opera)

Site5 Malware Protection helps prevent any of the above issues from occurring by proactively scanning your website, fixing any discovered problems, and alerting you to any issues before your end users begin to notice them.

Help Us Explain Malware

Hi everybody,

We are currently working on a description of our malware protection service, as well as malware itself. We would really appreciate it if you would have a look over the description of malware below, and provide some feedback. Is it clear? Is there anything we can do to explain malware better (when it comes to websites, not malware on your computer)? If you have any suggestions or ideas, please feel free to share them! Thanks.

Malware infects websites giving hackers access to your data

In short, malware is “malicious software” designed to provide malicious hackers with the ability to use infected websites for illegal purposes. Those illegal purposes include but are not limited to:

• Sending spam email
• Infecting additional computers with malware (A.K.A. drive-by downloads)
• Displaying unauthorized advertisements
• Deploying identify theft attempts through fake webpages

Malware is also often used to create “botnets” controlled from a central location for the purposes described above or to launch attacks on other websites.

Symptoms

There are several ways to tell if your website has been infected with malware:

• Your web host notifies you of spam/abuse complaints against your domain(s)
• Your hosting account begins using far more resources (CPU, RAM, storage) than normal
• You receive a warning when visiting your website because it has been blacklisted by a malware detection service which often partner with web browser development companies (e.g. Google, Microsoft, Mozilla, Safari, Opera)

Site5′s Malware Protection service helps prevent any of the above issues from occurring by proactively scanning your website, fixing any discovered problems, and alerting you to any issues before your end users begin to notice them.

State of Site5: May 2013

Hello Everyone!

It is May and the days are getting hotter in most parts of the world. The action is hotting up here at Site5 too as we have been busy working on some really important (and exciting!) stuff, all with the larger goal of giving you the best web hosting experience that money can buy!

Here’s a quick recap of what is going on:

1. Our software development team has been hard at work on revamping our billing & CRM system that will eventually replace the backend that powers Backstage. This is a significant rewrite from the ground up so it is will take time and there isn’t any ETA as of now. Our engineers are also working on other important internal projects, such as creating tools for staff that they can use to get things done a lot faster on our platform, such as installing SSL or making changes for Google apps to work. These tools will enable our staff to serve you significantly faster!
   
2. We’re working on setting up our helpdesk to route tickets automatically to staff members. We feel this will make our support process more efficient. This also serves as a base to test further ideas, such as routing tickets to the same staff member that worked it last, however all that is a long way ahead.
3. We have been in hiring mode for a while now, and a lot of positions have been filled. However, there are still some open positions so if you know of anyone who is qualified and interested in working for us, please send them over to our careers page. Site5 allows its employees to work from the comfort of their home and we greatly value work life balance.
4. Staying true to our commitment of providing free wordpress themes to the community, we will be releasing a new theme shortly, and work has begun on another new theme as well!
5. The recent attacks against WordPress websites have fueled our resolve to improve our defenses against similar attacks and traffic surges in the future. Our Technology team has been spending most of their time in these past weeks devising robust solutions to these problems in order to make sure that Site5 is more equipped than ever before to combat such attacks.
6. We will be adding a new location soon in Eastern Europe. More specific information on that soon, but I can tell you that it starts with Ro and ends with Mania!
7. Our Research & Development team has been putting in a lot of work on our custom kernel that is being designed to improve the way server resources are used. We aim to further increase efficiency and performance across our fleet with this new kernel.
8. We are evaluating the upgrade process to cPanel 11.36. Our current cPanel version (11.32) will soon reach end of life, so we want to make sure that we can safely upgrade to the newest version without any problems.
9. Work continues on switching the default PHP version across our fleet to PHP 5.3 and adding support for PHP 5.4. This is nearly done, with most of the shared/reseller servers having been switched over already.

That is it for now, until our next monthly State of Site5 post – take care and enjoy summer time!

State of Site5: April 2013

Hi everybody! It’s April! Wait, April? Wow… March was a complete blur as the Site5 team continued to support our customers, enhance our services, and work on ways to help everyone’s Site5 experience be a bit easier, and better.

Here’s a recap of what we have been working on:

1. We just launched SSL certificates! Site5 now offers three different SSL certificates to our customers, and all of the details are available in Backstage. We highly encourage our customers to select a Site5 SSL certificate as we can provide better support for them, versus third-party SSL certificates.
2. Site5 is still on a hiring spree, with multiple positions currently open! If you want to work at Site5, please head over to our Careers page and apply for a position!
3. Our WordPress themes team released Clippy, a pinboard-style theme. You wanted your blog to look like Pinterest, didn’t you?!
4. We also made several enhancements to our internal systems like beginning to roll out a new server monitoring solution, improving our VPS backups, and redoing our RAID array check tool.

We also have updates on some of our ongoing projects:

• Our new DNS system is not quite done, but we continue to work on it to make sure that the importing process is flawless. Once we’re happy with that, we will be able to make more strides forward.
• We continue to update the default PHP version on all servers, with new default being PHP 5.3, and PHP 5.4 being available as an option. All our shared, reseller, and cloud servers are running the new version, with just our VPS and cloud VPS servers left to upgrade!
• MySQL was upgraded across our entire fleet to help plug some security holes, and all servers are now running MySQL 5.1.67.
• Our new billing system is coming together nicely. Several key components were completed recently, and we’re all looking forward to its release.
• We have a few other projects that we should be announcing availability for soon. Keep an eye on the blog by subscribing to the RSS feed or checking Backstage!

We have covered a lot of ground, and the team here has a lot more in store for you. Until May, I leave you with this:

“Arriving at one goal is the starting point to another.”
- John Dewey

Widespread Attack Against WordPress Installations

Hi everyone,

I wanted to take a few moments to address the recent stability issues affecting our servers, and what we have been doing to combat them. Earlier this week, a large widespread attack began targeting WordPress installations across the Internet. Given how popular the WordPress blogging platform is, the attack impacted a large number of web hosting providers.

The Site5 team has been working diligently to find new ways to mitigate the attack. Some of the methods we have used include implementing hardware firewalls, traffic management systems, web server modules, rejecting certain UserAgents, and blocking connections from IP addresses that repeatedly attempt to access the WordPress login page over a specific threshold. It hasn’t been easy, but thankfully we have a team that has proved itself to be up to the task! Our forum post has additional details posted for those interested:

http://forums.site5.com/showthread.php?t=38008

After an extremely busy and tense few days, it looks like we have the issue under control. We will continue to monitor our fleet to determine if additional attacks are occurring.

We apologize for the increased support times and service issues, and we sincerely appreciate your patience as we worked through the attack.

We Bring You SSL Certificates

We know that many of our customers have been waiting for this for a long time, and we have appreciated your patience while we ironed out the details. We are very happy to announce that Site5 is now offering SSL certificates!

We have partnered up with Comodo, one of the top SSL certificate providers, to offer you the SSL certificates we know you need most. You get the peace of mind that comes with providing a secure site, your visitors get the peace of mind of knowing they are visiting a secure site, and everybody wins!

When logging in to Backstage, you will now see a new “SSL Certificate” option under the Add-Ons. The certificates we are offering are:

• Comodo PositiveSSL
• Comodo PositiveSSL Wildcard
• Comodo EV SSL

Of course, all SSL certificates purchased through Site5 come with free installation! We have also made the ordering process as easy as possible, making it easy for you to select the right SSL certificate for your website, and having our staff install the SSL certificate for you. At the end of the day, it really doesn’t get much easier than this.

If you have any questions, please feel free to leave a comment, or submit a ticket in Backstage!

4 Question Survey for current Site5 customers. Win $100 in Site5 Credit!

[Update] Thanks to everyone who took part! This is now closed and an email will be going out today to the winner :)

Hi Site5 customers!

If you have a few minutes could you take this 4 question survey about why you picked Site5 plus give us input on possible future products features you would like to see? We would really appreciate it.

This survey/contest is open to our current customers and in late April we will randomly select a winner for $100 in Site5 credit.

Thanks!

Who wants SSD Based VPS Hosting? Let us know!

We are currently testing our fully managed VPS offering with the option of using SSD storage. SSD stands for Solid State Drive and these are much faster than normal hard drives.

So what is difference between a VPS with SSD drives versus a VPS with traditional hard drives?

IO & Disk Speed = Much Faster
SSD drives are much much faster than traditional hard drives. Which really speeds up performance of your entire VPS, because anything being written or read from the drive happens so much quicker.

Disk Space = A Little Less
The amount of space will be less since SSDs are smaller in size. For every 1GB of server memory you would receive around 30 to 35GB of disk space. These will still be in RAID 10 just like normal VPS as well for maximum disk redundancy.

Price = A Little More
They will cost more than normal hard drive based VPS given the increased cost of SSD drives. But we are working to keep that increase as small as possible.

Interested now and want a head start?

If you are interested please email management@site5.com with your info, if this is a new or existing vps, and questions. And we will give you pricing details too. Special pricing to the first 50 people who email!

Feel free to hit us up with any questions as well!