update : kiwi is backup – we are monitoring it to determine the issue

Update : We have identified an issue with a portion of the file system and are working to resolve it. You may be unable to post to your website and have some email delivery issues for the moment.

Update : Kiwi is going up and down while we attempt to fix the issue. Please bear with us.

Update : All of the accounts on kiwi have been transferred over to a temporary server while the new server is being provisioned. We apologize for the delay but it turns out that kiwi was not salvageable from an operating perspective however ALL data was recovered thanks to the nightly backups we take for “just in case” moments such as these.

9/25 We have transferred all of the accounts from Kiwi over to our Pinki server, which may cause somewhat of a slow down while that happens, overnight.  Starting Friday morning, we’re transferring those accounts back to the newly provisioned server and at that point, things should calm down.  Clients on both Kiwi and Pinki may experience intermittent periods of slow load times today while our techs get this issue sorted out – - it shouldn’t be for long and we super appreciate your patience!

Random Posts That May Interest You:

• Have a look at the new WordPress 2.7 Dashboard
• Site Uptime Monitoring Added
• New design launch and some great new features!
• Server Migration 12/13 – 12/14 2008
• Follow BlogsAbout on Twitter!
• [UPDATED] Early versions of WordPress under attack – upgrade to 2.8.4 today!
• Has Your WordPress Blog Been Hacked?
• New Hosting Packages Rollout!
• PINKI Server – Critical Hardware Update **Resolved**
• Akismet bug fixed

As we read on Mashable:

The warning comes from Lorelle on WordPress after it was discovered that a nasty attack is exploiting security holes in previous versions of the blogging software, creating a new “hidden” Administrator account and getting right down to the database level. These attacks are said to be “growing by the hour”. Lorelle writes:

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.

We are strongly encouraging our clients to upgrade their version of WordPress to make sure you are using the latest version of 2.8.4.  If you don’t know what version you are currently using, login to your WordPress dashboard and if you are running an older version of WordPress, you’ll see a notice at the top that looks like this:

Click the “Please update now” link to begin the upgrade process.

For any of you that are using really old versions of WordPress (versions 2.5 and lower) a manual upgrade will need to be done.  Instructions on manually upgrading your WordPress site using FTP can be found in the WordPress Codex here: WordPress Upgrade Extended.  If you need assistance with your manual upgrade – you can contact us for help/support by submitting a ticket in our Help Center.

For anyone who may have already experienced the attack – it’s going to be long Labor Day weekend for you, too!  You will need to export your all your content with the built-in WordPress export, uninstall and reinstall WordPress and re-import the content. It’s a nasty attack that goes all the way into the database, so exporting the database will result in exporting the hacked code too.

In short:  for those who have not yet been affected: upgrade to 2.8.4.  For those who have been, follow the instructions above to fix your site (you can contact us if you are a hosting client of ours)

For those who are already running 2.8.4 – Horray! Enjoy your Labor Day weekend!

[UPDATE] - Check out a great post by the WordPress.Org team on how to keep your WordPress secure – - a stick in time, saves nine (A/K/A/ – always upgrade your WordPress installation with the latest version)

Related Posts:

• PINKI Server – Critical Hardware Update **Resolved**
• New Billing and Support System
• WordPress 2.6.5 Security Upgrade
• Has Your WordPress Blog Been Hacked?
• Have a look at the new WordPress 2.7 Dashboard
• WordPress SuperCache
• WordPress 2.1 Release
• Wordpress for Dummies
• Akismet bug fixed
• New Hosting Packages Rollout!

Yesterday, 8/23/09, we experienced a sudden (without warning) hard drive failure on the Pinki server. Usually, we get notifications that the hardware is having some sort of issue that we need to look into, which gives us time to diagnose and troubleshoot. This time, however, there were no warnings – it just happened without notice…one minute the drive was functioning, the next minute not. Machines are not infallible – - and web servers are machines, after all. It’s frustrating and scary all at the same time!

We discovered this problem late yesterday afternoon and immediately went to work with our DataCenter (and hardware providers) at ServerBeach and commissioned a new server. The great news is that we do full adn complete backups of all client accounts on a nightly basis and store them on a separate drive for safekeeping. Once the new server was up and running with a new copy of the Operating System – we began the account restore and things are about 99.9% back to normal right now.

We do continue to work on the new server configurations, however your sites are in working order at this time. Some people have reported a few items that are off – - a couple missing posts, template tweaks that are not there anymore, etc. We are currently working on those issues on an individual basis.

Because our own web site was down during this time, as well – - we’ve been providing updates on our Twitter account as much as we possibly could during this outage. If you do not follow us on Twitter – it’s probably a good idea to do so at times like these: http://twitter.com/BlogsAbout

We want to thank everyone for their patience, and for those of you who write and Twittered words of support and encouragement – we are grateful. We realize that times like these are frustrating for everyone – including ourselves. So, thank you for your patience and understanding during this time. PLease know that we continue to work on smaller issues on a case by case basis and are getting through them as quickly as we can.

One thing that we have noticed, for WordPress users – when you go to update a plugin, or update your WordPress installation – WordPress is asking you for your FTP login information. It has never done this before and this is a function of our server configuration that we are working to resolve. In the meantime, you can just input the information as requested – or, there is a work around for individual sites that you can read about in the WordPress Support forums here: http://wordpress.org/support/topic/242686#post-1180641 (RESOLVED)

* – If you do not know what server your account is currently on – you can locate the IP number of your server in the left menu of your CPanel. Compare your IP number with the three I’ve listed above to find out which server your account is currently hosted on. Or, leave a comment on this post and I’ll do my best to help you determine your server assignment. Thanks!

Related Posts:

• New Billing and Support System
• [UPDATED] Early versions of WordPress under attack – upgrade to 2.8.4 today!
• WordPress 2.6.5 Security Upgrade
• Has Your WordPress Blog Been Hacked?
• Server Alert: Jingles RAM Replacement [Updated x2]
• Have a look at the new WordPress 2.7 Dashboard
• WordPress SuperCache
• WordPress 2.1 Release
• Wordpress for Dummies
• Mail Server Update

For our existing clients who are used to our old Client Desk ticket system, we now have a new Client Area where you can:

• Manage your billing and invoices
• Submit support tickets
• Directly login to your web hosting Control Panel
• Join our NEW affiliate program and earn 5% on all payments your referred clients make for the lifetime of their account!
• Access our knowledge base **Coming Soon**
• Access our helpful downloadable files to include free blog themes for your WordPress blog **coming soon**
• Access tutorials and helpful resource links **Coming Soon**

All of our existing clients have been migrated into the new system and you should have recieved an email with your login information for the new client area.  The emails were sent to the email address that you have set up as your contact email in your Control Panel.  If you did not recieve the email or do not know what your login/password is, you can visit the Client Area login page and request a password reminder – - be sure to use the same email address that you provided to us when you initially created your account.

Eventually, we will be cancelling all existing PayPal hosting subscriptions for existing clients, as all billing will be handled via the new system.  We expect this to happen by June 1.

For now, we will continue to use our existing/old Client Desk support ticket system through June 1 to answer your questions about the new system, but as of June 1, 2009 – the old Client Desk support ticket system will redirect to the new system.  If you have questions or need clarification – visit that Client Desk and submit a ticket and we’ll be happy to answer any questions you may have.

This new system puts everything you need to manage your hosting account, data/files, billing and support all in one convienent place!  We think you will find it very easy to work with!

Related Posts:

• PINKI Server – Critical Hardware Update **Resolved**
• [UPDATED] Early versions of WordPress under attack – upgrade to 2.8.4 today!
• WordPress 2.6.5 Security Upgrade
• Has Your WordPress Blog Been Hacked?
• Server Alert: Jingles RAM Replacement [Updated x2]
• Have a look at the new WordPress 2.7 Dashboard
• WordPress SuperCache
• WordPress 2.1 Release
• Wordpress for Dummies
• Mail Server Update

• OZ - 72.51.46.32
• TALIS - 72.51.38.154
• BUBBA - 72.51.34.113

We are performing a server migration to new, more powerful server system.  Skipping all the geek speak – basically it means more RAM (memory), more processors (CPU) – which means better, faster and more powerful, overall.  Accounts backups to an offsite location have been completed and we expect very minimal (if any) downtime for accounts on those three servers.  If you experience any problems with your site, please understand that the server migration is necessary to upgrade the equipment across all our server systems to better serve our clients and improve performance, and ultimately your hosting experience.  The migration will be taking place in the wee hours of the night/morning – we chose these times because they are the lowest in terms of web traffic and readership (when *most* people are sleeping..except me, I’m always awake when the rest of the world sleeps.  heh)

Currently, we are having an unrelated hardware problem on the TALIS server that our techs are working on, as I type this.  The migration of the accounts off TALIS to the new server will remedy the problem – however, we are working on getting TALIS fixed to remedy server load issues in the meantime.  As always, we appreciate your patience and your support!

Over the next 24 – 48 hours, our techs will be prioritizing questions and requests for support on an ‘urgent‘ basis only.   Questions and support requests requiring urgent attention will be attended to immediately.  General inquiries, requests for design assistance, upgrades to software, etc will be attended to starting Monday morning.  This weekend, our focus is on making the migration go smoothly for everyone and emerging on Monday morning with some powerful new systems over here!

* – If you do not know what server your account is currently on – you can locate the IP number of your server in the left menu of your CPanel.  Compare your IP number with the three I’ve listed above to find out which server your account is currently hosted on.  Or, leave a comment on this post and I’ll do my best to help you determine your server assignment.  Thanks!

Related Posts:

• Site Uptime Monitoring Added
• New design launch and some great new features!
• Welcome Clients from Weblog Design Studios
• New Hosting Packages Rollout!

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.

Get the WordPress 2.6.5 files from the official WordPress site.

Related Posts:

• Has Your WordPress Blog Been Hacked?
• WordPress 2.1 Release
• [UPDATED] Early versions of WordPress under attack – upgrade to 2.8.4 today!
• PINKI Server – Critical Hardware Update **Resolved**
• New Billing and Support System
• Have a look at the new WordPress 2.7 Dashboard
• WordPress SuperCache
• Wordpress for Dummies
• Akismet bug fixed
• New Hosting Packages Rollout!

This is also a perfect time for me to emphasize how important it is to keep your WordPress software upgraded to the most recent version. Old versions of WordPress are vulnerable for exploitation, simply due to the fact that the older versions have an old code base that is no longer being developed. This means that bugs and/or vulnerabilities that existed in old versions were fixed in the new versions – - so, if you’re using old versions… you’re also using the bugs and vulnerabilities, too!

Take control of your WordPress blog and don’t let his happen to you by upgrading as soon you can after you hear about a new WordPress version release. For those of you keeping up – WordPress 2.6.3 is the most recent version available right now. WordPress 2.7 is due for release on 11/10/08.

I use this handy plugin that allows me to easily, and quickly, upgrade my WordPress blogs from within my WordPress administration panel – - no uploading, no configuring, no messing with the file structure at all: WordPress Automatic Upgrade. Give it a shot – it will make your WordPress experience much more pleasant!

Related Posts:

• WordPress 2.6.5 Security Upgrade
• WordPress 2.1 Release
• [UPDATED] Early versions of WordPress under attack – upgrade to 2.8.4 today!
• PINKI Server – Critical Hardware Update **Resolved**
• New Billing and Support System
• Have a look at the new WordPress 2.7 Dashboard
• WordPress SuperCache
• Wordpress for Dummies
• Akismet bug fixed
• New Hosting Packages Rollout!

( The IP of the server you are on is listed in your account CPanel, in the left menu – if it matches the one listed above, your site is on Jingles)

We are upgrading the RAM on this machine today.  The server is functioning fine right now – although we did experience a minor 5 minute outage earlier this morning.  The RAM upgrade will occur overnight – during times of lower traffic and readership.  The integrity of all backup files will be maintained in our system, but you may experience some maintenance downtime in the very late hours of the night tonight, if you’re like me and are still awake at that hour!

Grab a book.  Catch up on the news.  Relax – have a good night of sleep, you probably won’t even notice.  Will provide updates here when it’s done and dusted!

UPDATE: 11:15 PM (CST/GMT -6) -> We’ve confirmed the time of the hardware maintenance on this server to be between 12:00AM (Midnight) – 4:00AM (CST/GMT -6).  That’s not to say the server will be down for the entire 4 hours – - but that is the window of time that the maintenance is scheduled for.  Will update here again with progress as it happens!  Hang tight – we’re getting there!

UPDATE #2: 10/21 – All is well and good in the land of Jingles!  Our Jingles got herself some brand new, shiney RAM – as well as a new chassis because we suspected the box had some I/O issues, as well.  Pretty much everything was replaced except for the hard drives and she is running smooth and we expect to hear ZERO whining out of her!  If you even noticed the downtime last night between 12:00AM (Midnight) and 4:00AM CST – we thank you very very much for your patience.  If you didn’t notice – all the better!  The intermittant problems we’ve had with Jingles are resolved and we expect smooth sailing out of her from here on out.  Yay!

Update 10/21 - We have worked with the fine folks at CPanel about a licensing issue for the CPanel software.  During/after the repairs to Jingles, our authorized license did not get transferred and access to CPanel was limited for a small amount of time.  The license has since been transferred over and we’ve not experienced any CPanel access issues since then.  If you have, or continue to experience problems accessing your CPanel – <a href=”http://tickets.blogs-about.com”>please file a ticket in our Help Desk</a> and let us know so we can get it resolved for you.  Thanks!

Related Posts:

• PINKI Server – Critical Hardware Update **Resolved**
• New Billing and Support System
• Mail Server Update

For those of us who *just* got used to the new dashboard that came with version 2.5 – prepare yourselves for yet another dashboard change for 2.7. It’s refined. It’s friendly. It’s really beautiful, I have to say!

Here’s a screenshot so you can see what I mean:

For those of you following my book, WordPress For Dummies – We are releasing the 2nd edition of the book that will shortly follow the release of WordPress 2.7. We (Wiley Publishing, my publishing company) are making every single attempt at closely following the actual WordPress development schedule as much as possible. It’s more than a job. . . it’s an adventure!

Related Posts:

• [UPDATED] Early versions of WordPress under attack – upgrade to 2.8.4 today!
• PINKI Server – Critical Hardware Update **Resolved**
• New Billing and Support System
• WordPress 2.6.5 Security Upgrade
• Has Your WordPress Blog Been Hacked?
• WordPress SuperCache
• WordPress 2.1 Release
• Wordpress for Dummies
• Akismet bug fixed
• New Hosting Packages Rollout!

We currently have 5 of our shared servers we are currently monitoring and good question might be… “How do I know which server my account is on?” – which would be an excellent question! The servers on the Site Uptime monitoring page are listed by name and IP address:

• KIWI – 76.74.159.114
• JINGLES – 66.135.55.41
• BUBBA – 72.51.34.113
• TALIS – 72.51.38.154
• OZ – 72.51.46.32

It is the string of numbers to the right of the Server Name that you need to worry about. The IP of the server you are on is listed in your account CPanel, in the left menu. Find that IP – compare it to one of the 5 listed above and BINGO! You know which one you are on! Feel free to bookmark our uptime monitoring page so you can visit it and check up on our regular progress of uptime! Those uptime stats are refreshed every 5 minutes!

Small triva that most of you don’t know: The names of our servers: Kiwi, Oz, Bubba, Talis, Jingles – those are all names of our pets. Yes, we’re pet people! We have three birds and three cats – so far!

Kiwi – our conure parrot; she recently died after choking on a seed
Oz – our Military Mackaw
Jingles – our Chattering Lorikeet
Bubba – our adopted kitten from Alabama
Talis – our Abysynnian cat

But there are only 5 servers, you ask?? Yes – we recently adopted a Pionus Parrot named Pinki who doesn’t have a server named after her yet! All in good time, Pinksters!

Related Posts:

• New Hosting Packages Rollout!
• Server Migration 12/13 – 12/14 2008
• New design launch and some great new features!
• WordPress SuperCache
• Welcome Clients from Weblog Design Studios