• open panel
  • Home
  • Blog
  • Got WordPress? Don’t Use Network Solutions Web Hosting

Got WordPress? Don’t Use Network Solutions Web Hosting

 

April 15, 2010   Tags: , , , , ,
Category: Blog, FAILS, Security, Web Design, WordPress   9 Comments comments

On Sunday I was building out a custom WordPress solution for a client who has been using Network Solutions for web hosting. I went to connect through FTP to upload the files and FAIL…I could not connect. I went to the site to log in to WP Admin to see what is up and got a white screen of death that read “Error establishing a database connection.” FAIL!

Network Solutions - WordPress FAIL

After contacting Network Solutions and we found out that the “site might be down for several days” and the service rep did not know why it was down. The whole thing sounded completely wrong to me, I had a bad feeling about it and several days was way too long for her site to be out of commission. Monday I checked again, same thing no improvement. Then Tuesday, same same. I got an updated on Wednesday from my client that the blog was back up. I was dismayed that it happened and at the amount of down time.

Proper Server Security Configuration Matters

Coincidentally I saw an article entitled Secure File Permissions Matter by Matt Mullenweg hit the WordPress Dev Blog on Tuesday and I re-tweeted it. Here was the description of the situation from Matt on Network Solution’s security FAIL:

“Summary: A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files, and some members of the “security” press have tried to turn this into a “WordPress vulnerability” story.

WordPress, like all other web applications, must store database connection info in clear text. Encrypting credentials doesn’t matter because the keys have to be stored where the web server can read them in order to decrypt the data. If a malicious user has access to the file system — like they appeared to have in this case — it is trivial to obtain the keys and decrypt the information.

When you leave the keys to the door in the lock, does it help to lock the door?”

Leaving The Keys In The Car and Blaming The Car For Getting Stolen? Really?

I learned the fundamentals of information technology security and the reason why Matt is using this metaphor is so that users can understand how amateur this mistake is. I will relate it here in a different way, it is like Network Solutions left the front gate open to their pay car lot open, full of other people’s running cars with the keys in the ignitions and then were somehow surprised when the cars were stolen or vandalized. The customer’s got taken for a joy ride and Network Solutions blamed the cars themselves for getting messed with. The gates and keys should have been secured by the lot owner and been guarded with good security. Got a metaphor that beats this? Leave a comment.

Three Days Down Time is Unacceptable. Period!

Net Solutions had my client’s WordPress site down for THREE DAYS! OK, I have used a lot of different hosting companies over the years Media Temple, Go Daddy, 1and1 etc. NEVER has a hosting company ever had one of my sites or one of my client’s sites down for as long as THREE DAYS! That amount of down time is just unacceptable by any web hosting standards. Not securing server files so that others can gain access to the server is an unforgivable and amateur mistake that no competent big, well respected hosting company should make. There are too many web hosting companies out there competing for a very saturated hosting and domain market.

Fails Happen, But Not For Three Days

Fails do happen, a couple of hours for routine maintenance and that is communicated in advance is just part of technology. Three days is not.  The worst I ever encountered was about 24 hours of down time because one hard drive head crashed failed on a server running RAID. It took a day to fix because the techies had to rebuild the hard drive to get my data restored. I received an apology email, a month free hosting and an exact explanation of what was happening while it was happening. This was not my client’s customer experience with Network Solutions, not even close.

NetSol Can Secure Their WordPress Blog, But Not Customers?

In one of the responses from Network Solutions they too were using WordPress for their official blog. Why is it the Network Solutions can secure their own WordPress Blog but NOT their clients? Perhaps NS should put themselves in their customer’s shoes and in a show of solidarity put up a great big ugly white screen of death reading “Error establishing a database connection” on their official company blog and then spend a good few days wondering if all of their password/database/personal/financial account information had been compromised by a hacker for a half a week.

Social Media is Nice, NetSol Should Get A Server Security Swami

Network Solutions has been engaged in using social media (blogs and microblogs) to do damage control for this major security FAIL. A really nice guy named Shashi Bellamkonda (Shashib) aka the “Social Media Swami” who I met at Blog Potomac 2 in 2009 heads up social media for NS. It’s great that they are using social media. It’s great that they have a @netsolcares twitter account they respond to for customer service (kind of like @comcastcares)….but as I have said time and time again -

“If your product, service, culture or company sucks then social media cannot save you.”

Pushing the same level of product or service into a new medium, does not solve problems and it can actually amplify them. My humble yet strategic advise to Network Solutions: Get a Server Security Swami.

Advice To Other WP Community Users and Members

If you have WordPress don’t use Network Solutions for WordPress web hosting. But hey don’t just listen to me, find out what the community is saying, listen to the conversation and check it out for yourself. Read the articles below and more specifically the comments on those blogs to hear exactly what happened.

From Matt Mullenweg (Founder of WordPress)

“A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.

“If you’re a web host and you turn a bad file permissions story into a WordPress story, you’re doing something wrong.”


Five years? Something wrong?

THE FACTS

  • Network Solutions had my client’s WordPress website down for three days.
  • Network Solutions impeded the time it took for me to deliver a product to my client and finalize a site, thus they took away value from my service.
  • Network Solutions made my client look bad, she was unable to post and no one was able to access her content.
  • Network Solutions delayed the presentation of an updated portfolio to a potential new client, possibly costing me an opportunity at a critical time.
  • Network Solutions has created more work for both me and my client because now we will have to cancel the hosting with NS due to security concerns and go through the setup process with a new better web hosting service.
  • Network Solutions has created even more work for me because I had to write this article when I could be doing more useful things.
  • I will not use Network Solutions or recommend them to any of my clients/peers.

Related Articles

04/14/2010


04/13/2010


04/12/2010


04/11/2010


04/09/2010


04/08/2010


If you have anymore links to good articles about this please post as comments and I will update this article.

Bookmark and Share
 
  • http://www.shashi.name/ Shashib

    Hi Todd,

    It was great meeting you at Blog Potomac 2 and thank you for acknowledging the work of our Social Media team which includes folks from our customer service as well.
    When you had a “Error establishing a database connection.” it was probably a result of an protective measure we took to change passwords and this needed to be done immediately. Almost all networks, ISPs, hosting providers are faced with an ongoing battle with malicious users/hackers trying to gain unauthorized access to websites. Sometimes, as in this case, we have to take quick preventive measures by changing passwords as quickly as possible to protect our customers. We regret any inconvenience caused to you.

    Apology is due to you for the incorrect info you got when you called us and we will be sure to address this customer servuce issue. We had a team who worked round the clock to help customers and get their sites back asap. Telling you it would take a few days was incorrect. We also posted http://blog.networksolutions.com/2010/update-for-word-press-customers/ workarounds for customers who may be able to troubleshoot this themselves.

    This has been a challenging time and at every step we have been upfront in communicating to our customers.See this post http://blog.networksolutions.com/2010/wordpress-is-not-the-issue/ where we own the issue. This issue was a result of a combination of several factors. I would like to assure that we continue to take measures to protect our customers and you should be confident and continue as a Network Solutions customer. Please feel free to reach me directly shashib at network solutions.com or our support team at listen at networksolutions dot com.

    We looking forward to the continued success of both you and your clients hosted with us.

    Shashi (@shashib)

    • http://zerostrategist.com/ Zero Strategist

      Thank you for responding and for the apology, of course it was nice meeting you at BP2 as well. FYI Solutions.com is a mail order catalog web site, so I probably won’t be contacting you via that website anytime soon. WordPress? Word Press? WordPress? What’s the difference anyway? The upfront communicating with customers part is debatable via the comments on the links at the bottom of this article and I already cited. As for the two links you embedded, I already linked to them. Tell me something new! Like an in depth analysis and time line of exactly what happened who is responsible, what actions were taken and why it will never happen again…not just blanket statements like “This issue was a result of a combination of several factors.”

      When an issue goes down with Media Temple I get an in depth 100% transparent explanation via email. What happened, what was the duration one of the down time, all actions taken another person who commented on the NetSol blog cited that too. http://blog.networksolutions.com/2010/update-for-word-press-customers/#comment-44641259 In essence I get real time status updates that tells me what it means and what it means for my client, so we can make more informed decisions based on the situation at hand. Because that did not happen well, we like the rest of the community were left to speculate for a few days, hence all of the “was it WordPress” debate. Leaving that speculation door open is not responsible and only breeds more inaccurate information, which we already have enough of on the Internetz.

      We are looking forward to discontinuing all web hosting with NS, continuing success with providers that can secure their servers and our client’s data.

      • http://www.shashi.name/ Shashib

        Todd,

        Agree we should be upfront and will be working to improve communications. This issue has several complexities . Please read my email address as shashib at networksolutions dot com .Thanks

        Shashi

  • http://www.shashi.name/ Shashib

    Hi Todd,

    It was great meeting you at Blog Potomac 2 and thank you for acknowledging the work of our Social Media team which includes folks from our customer service as well.
    When you had a “Error establishing a database connection.” it was probably a result of an protective measure we took to change passwords and this needed to be done immediately. Almost all networks, ISPs, hosting providers are faced with an ongoing battle with malicious users/hackers trying to gain unauthorized access to websites. Sometimes, as in this case, we have to take quick preventive measures by changing passwords as quickly as possible to protect our customers. We regret any inconvenience caused to you.

    Apology is due to you for the incorrect info you got when you called us and we will be sure to address this customer servuce issue. We had a team who worked round the clock to help customers and get their sites back asap. Telling you it would take a few days was incorrect. We also posted http://blog.networksolutions.com/2010/update-fo… workarounds for customers who may be able to troubleshoot this themselves.

    This has been a challenging time and at every step we have been upfront in communicating to our customers.See this post http://blog.networksolutions.com/2010/wordpress… where we own the issue. This issue was a result of a combination of several factors. I would like to assure that we continue to take measures to protect our customers and you should be confident and continue as a Network Solutions customer. Please feel free to reach me directly shashib at network solutions.com or our support team at listen at networksolutions dot com.

    We looking forward to the continued success of both you and your clients hosted with us.

    Shashi (@shashib)

  • http://zerostrategist.com/ Zero Strategist

    Thank you for responding and for the apology, of course it was nice meeting you at BP2 as well. FYI Solutions.com is a mail order catalog web site, so I probably won't be contacting you via that website anytime soon. WordPress? Word Press? WordPress? What's the difference anyway? The upfront communicating with customers part is debatable via the comments on the links at the bottom of this article and I already cited. As for the two links you embedded, I already linked to them. Tell me something new! Like an in depth analysis and time line of exactly what happened who is responsible, what actions were taken and why it will never happen again…not just blanket statements like “This issue was a result of a combination of several factors.”

    When an issue goes down with Media Temple I get an in depth 100% transparent explanation via email. What happened, what was the duration one of the down time, all actions taken another person who commented on the NetSol blog cited that too. http://blog.networksolutions.com/2010/update-fo… In essence I get real time status updates that tells me what it means and what it means for my client, so we can make more informed decisions based on the situation at hand. Because that did not happen well, we like the rest of the community were left to speculate for a few days, hence all of the “was it WordPress” debate. Leaving that speculation door open is not responsible and only breeds more inaccurate information, which we already have enough of on the Internetz.

    We are looking forward to discontinuing all web hosting with NS, continuing success with providers that can secure their servers and our client's data.

  • http://www.shashi.name/ Shashib

    Todd,

    Agree we should be upfront and will be working to improve communications. This issue has several complexities . Please read my email address as shashib at networksolutions dot com .Thanks

    Shashi

  • Robert

    Two of my websites are hosted through NS. I added WP through NS for flexibility I didn’t know that access info was stored in the clear. 6 months and 183 posts later, my WordPress blog was compromised. I could not recover the files and neither could NS. Gone.

    Now I know about the security issue but it can be fixed if I pay another $45 for SSL. Not. Hostgator or GoDaddy here I come.

    • http://zerostrategist.com/ Zero Strategist

      Sounds like another NS debacle, sorry that was your experience. Can’t believe you didn’t get any files back…but not surprised that it happened. Did you have the WP Backup plugin running or a weekly/monthly backup process for damage control? Were you able to restore anything to a previous period of time or get the MySQL DB?

      I would recommend HostGator over GoDaddy, because GD’s interface is so poorly designed and convoluted with adds! Also, their T&A marketing strategy is just really in poor taste and uncreative. Hope you find a good hosting solution and get your sites up and running quickly.

      Thanks for the comment.

      Todd / ZS

  • http://zerostrategist.com/ Zero Strategist

    Sounds like another NS debacle, sorry that was your experience. Can’t believe you didn’t get any files back…but not surprised that it happened. Did you have the WP Backup plugin running or a weekly/monthly backup process for damage control? Were you able to restore anything to a previous period of time or get the MySQL DB?

    I would recommend HostGator over GoDaddy, because GD’s interface is so poorly designed and convoluted with adds! Also, their T&A marketing strategy is just really in poor taste and uncreative. Hope you find a good hosting solution and get your sites up and running quickly.

    Thanks for the comment.

    Todd / ZS

© 2011 Zero Strategist LLC
Privacy | Disclosure | ZS 3.5 - Made in PDX