[UPDATED] Current Issue With Kiwi

The datacenter is working on the issue with kiwi. As soon as its back up we will notify everyone.thanks for your patience.

update : kiwi is backup – we are monitoring it to determine the issue

Update : We have identified an issue with a portion of the file system and are working to resolve it. You may be unable to post to your website and have some email delivery issues for the moment.

Update : Kiwi is going up and down while we attempt to fix the issue. Please bear with us.

Update : All of the accounts on kiwi have been transferred over to a temporary server while the new server is being provisioned. We apologize for the delay but it turns out that kiwi was not salvageable from an operating perspective however ALL data was recovered thanks to the nightly backups we take for “just in case” moments such as these.

9/25 We have transferred all of the accounts from Kiwi over to our Pinki server, which may cause somewhat of a slow down while that happens, overnight.  Starting Friday morning, we’re transferring those accounts back to the newly provisioned server and at that point, things should calm down.  Clients on both Kiwi and Pinki may experience intermittent periods of slow load times today while our techs get this issue sorted out – – it shouldn’t be for long and we super appreciate your patience!

[UPDATED] Early versions of WordPress under attack – upgrade to 2.8.4 today!

To all our clients (and anyone else who happens upon this post) who are running the WordPress software on their website: Upgrade now to the latest version 2.8.4. There appears to be a current and ongoing attack against older versions of WordPress. It could be a looooooooooooong weekend for us!

As we read on Mashable:

The warning comes from Lorelle on WordPress after it was discovered that a nasty attack is exploiting security holes in previous versions of the blogging software, creating a new “hidden” Administrator account and getting right down to the database level. These attacks are said to be “growing by the hour”. Lorelle writes:

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.

We are strongly encouraging our clients to upgrade their version of WordPress to make sure you are using the latest version of 2.8.4.  If you don’t know what version you are currently using, login to your WordPress dashboard and if you are running an older version of WordPress, you’ll see a notice at the top that looks like this:

Upgrade to WordPress 2.8.4

Click the “Please update now” link to begin the upgrade process.

For any of you that are using really old versions of WordPress (versions 2.5 and lower) a manual upgrade will need to be done.  Instructions on manually upgrading your WordPress site using FTP can be found in the WordPress Codex here: WordPress Upgrade Extended.  If you need assistance with your manual upgrade – you can contact us for help/support by submitting a ticket in our Help Center.

For anyone who may have already experienced the attack – it’s going to be long Labor Day weekend for you, too!  You will need to export your all your content with the built-in WordPress export, uninstall and reinstall WordPress and re-import the content. It’s a nasty attack that goes all the way into the database, so exporting the database will result in exporting the hacked code too.

In short:  for those who have not yet been affected: upgrade to 2.8.4.  For those who have been, follow the instructions above to fix your site (you can contact us if you are a hosting client of ours)

For those who are already running 2.8.4 – Horray! Enjoy your Labor Day weekend!

[UPDATE] – Check out a great post by the WordPress.Org team on how to keep your WordPress secure – – a stick in time, saves nine (A/K/A/ – always upgrade your WordPress installation with the latest version)