Author Archives: Sean Valant
Written by Sean Valant
Thursday, April 11th, 2013
As I type these words, there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence. This attack is well organized and again very, very distributed; we have seen over 90,000 IP addresses involved in this attack.
At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements specified on the WordPress website. These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including “special” characters (^%$#&@*).
You have now changed your WordPress password, correct? Good.
The main force of this attack began last week, then slightly died off, before picking back up again yesterday morning. No one knows when it will end. The symptoms of this attack are a very slow backend on your WordPress site, or an inability to log in. In some instances your site could even intermittently go down for short periods.
We are taking several steps to mitigate this attack throughout our server farm, but in the same breath it is true that in cases like this there is only so much that can actually be done. The servers most likely to experience service interruptions will be VPS and Dedicated servers hosting high numbers of WordPress installations, due to the incredibly high load this attack has been seen to cause.
If you are hosted on a VPS or Dedicated server and you would like for us to take a more severe, heavy-handed approach to mitigate this attack, we can do this via means such as password-protecting (via .htaccess) all wp-login.php files on the server. If you would like our assistance with this, please contact us via normal support channels.
Again, this is a global issue affecting all web hosts. Any further information we could provide at this moment would be purely speculation. Our hope is that this attack ends soon, but it is a reminder that we must all take account security very seriously.
We will update this blog post when we have further information.
If you have just a few WordPress sites, you can add the additional layer of security mentioned above, as well as block this attack, by following the instructions outlined in this article from our KnowledgeBase: http://support.hostgator.com/articles/specialized-help/technical/wordpress/wordpress-login-brute-force-attack
Written by Sean Valant
Saturday, April 6th, 2013
You’ve seen in prior posts how unattended desks at the HostGator offices can become innocent victims to roaming gangs of hooligans armed with pads of post-it notes and bent upon the defacement of perfectly clean work areas. Well, it’s happened once again. And I’m taking it personally, mostly because it was my desk this time.
It all began when I was summoned out of town for a week, on official HostGator business. I received cryptic text messages throughout the week about a “surprise” that I would receive upon my return. Multiple people from multiple departments, acting so innocent and saying how jealous they were about my surprise, and how great of a surprise it was. Little did I know.
No reason to beat around the bush, we might as well just tear the band-aid off in one swift motion. So, here it is; this is what I found upon my return to the office, in all it’s glory:
It hurts even just to look at, I know. Since we’re already here, though, we might as well take this all in piece by piece. Hopefully we can find clues as to the identity of the culprit, or culprits. We must endeavor to put a stop to this once and for all! Let’s have a look from a different angle, maybe that will help us make some sense out of this tragic circumstance:
We’ve come to expect the excessive use of post-it notes, and balloons have even been known to appear from time to time. But tinsel? Tinsel! This is just getting out of hand. Tinsel was never intended to be used in this manner. Tinsel is supposed to be for celebrations! This is no celebration, not at all! And gift wrap! This is a travesty. Let’s look closer as this inappropriate use of tinsel and gift wrap:
The above image is what used to be my mouse. It was placed on a bed of post-its, under a layer of tinsel and then gift-wrapped (well, probably not in that order, likely it was gift-wrapped first, but I digress…). There’s simply no excuse for this sort of behavior, it’s un-called for! Speaking of inappropriate gift wrapping, here’s a couple pictures of my monitors:
To be fair, only one of them was gift-wrapped, the second monitor was pseudo gift-wrapped, but with file folders instead of wrapping paper. I assume either the culprits ran out of wrapping paper, or otherwise were attempting to send me a specific message of some sort. I’m working very closely with Gator CSI in order to determine exact nature of the cause of this misappropriation of file folders, but clearly this was the work of an experienced hooligan.
Moving right along across the desk, we come to the computer tower and telephone; both of which have been treated in a way unbecoming of a computer tower or a telephone. The decorative “Sean” artwork was pre-existing, but everything else shown in this picture likely makes your blood boil! On the right is the telephone, and it’s worth noting that the base and the receiver were both gift wrapped separately. Oh, the humanity!
Truth be told, to this day, the receiver remains still gift wrapped, and will remain so until these culprits are brought to justice! If you’re like me, this is almost too painful to continue, but let’s finish what we started and take a look under the desk:
You can’t really make out what the balloons say in the image above, but I’ll tell you what they say. They say “congratulations.” Congratulations. Clearly this message was hand-picked in order to rub salt in the already very, very painful wound. I have no choice but to keep an eye out around the office, after something like this you really just never know who you can trust. It’s heart-breaking, almost.
And then there was the chair. How can you mess with a man’s chair? To my knowledge, this is the first time a chair has ever been involved in a crime of this nature. “Have a Seat,” it says. Have a seat, indeed!
To show just how far-reaching the impact of these types of activities can be, I will now share with you a picture of what my desk looks like today. We are trying to rebuild, but we just don’t have the resources necessary to make a full recovery yet. It is a sad, sad work space these days:
As mentioned, the telephone receiver remains gift wrapped and there is still lingering tinsel. Not shown: a solitary balloon still under the desk. I don’t know if we’ll ever get rid of all the post-it notes, but at least the mouse has made a full recovery.
If you have any information as to the identities or whereabouts of those who committed this heinous crime, please notify your local authorities.
Written by Sean Valant
Saturday, March 30th, 2013
Fresh from a successful show at the SXSW Music festival in Austin, TX, BugGiRL rolled through Houston on their current tour and Snappy found himself on stage, and backstage, with the band!
BugGiRL are Australian siblings Amber (vocals & guitar) and Clinno (drums) along with Austin’s own Heather Webb (bass), whom you may remember from a prior Adventures of Snappy post.
Playing loud and fast rock n’ roll, BugGiRL are a tight and impressive live band. Here’s Snappy rocking out on stage with them:
BugGiRL have released two EP’s and two full-length albums (with a new record on the way!) not to mention appearances on multiple compilation albums. A quick YouTube search will show you exactly what this band is all about; that good ol’ fashioned punk- and metal-tinged rock n’ roll!
Here’s Snappy hanging out with the band after the show:
BugGiRL virtually never stops touring; be sure to catch them live when they come to your town!
If you have an event in the Houston or Austin area that you would like for Snappy to attend, please get in touch with us by emailing firstname.lastname@example.org ATTN: Blog.
Written by Sean Valant
Thursday, March 21st, 2013
What is web hosting? Simply put, web hosting is a service providing the availability of space on a server connected to the Internet. Ostensibly, this server space is used for hosting websites, although there are potentially numerous other reasons that one may want to employ the services of a web host.
There are many different types of web hosting available today. This infographic endeavors to explain these different types of web hosting:
Written by Sean Valant
Tuesday, March 12th, 2013
Please have a seat. You’re already sitting? Well… good then. Before we proceed, we want to make it clear that you’re in a safe environment and that we all care about you very much.
We’ve gathered here to talk about Internet usage. Who’s using it, what are they using it for, and is it being over-used? Here is your Internet Intervention:
Written by Sean Valant
Sunday, March 3rd, 2013
Today’s ProTip from Snappy is going to be the one-two punch of accessing your website via a “temporary” URL and then applying that knowledge to accessing your webmail as well.
What is a “temporary” URL, and why do we keep enclosing it in quotation marks? Let’s answer the last part first: it’s not actually temporary, in fact it’s very much permanent. We can elaborate on that by addressing what exactly is this thing to which we refer as a temporary URL. First things first, here is the associated KnowledgeBase article: https://support.hostgator.com/articles/hosting-guide/lets-get-started/temporary-url
A temporary URL is simply a means to access your website’s files without invoking the use of an actual domain name. There are multiple circumstances where this might be beneficial, one of which would be while your domain name is in propagation. As you can see in the KB article, the actual syntax of a temporary URL varies dependent upon your hosting platform. For our purposes, we’ll stick with cPanel for our lesson here today, but the same logic applies across all platforms.
Let’s use the following information:
Primary Domain – ninjas-are-awesome.com
Username – ninjas
Server – gator1337
IP address – 188.8.131.52
Assuming that my domain name is not yet propagated, I can still access my website via both of the following “temporary” URLs:
Note that in both instances, we simply declared a server (either by hostname or IP address) and then used a tilde (~) followed by our cpanel username, which then will deliver us to the contents of the primary domain on our account (logically this would simply be the public_html folder).
What if we want to access an addon domain, or a subdomain? The same logic applies to both; simply continue down the file structure within your account in order to arrive at the desired location. In other words, if we have an addon domain called pirates-are-awesome.com and it is located in /public_html/pirates-are-awesome.com, then we would access that website via either of these URLs:
We now see that “~username” will deliver us to our primary domain (or public_html) and we can then expand from there to literally access any file or website within our hosting account simply by exercising logic and following the file structure that we created anytime we upload a file or created an addon- or subdomain.
How does this then apply to accessing our webmail accounts? Any email address created within your cPanel will result in a corresponding webmail account. Before we proceed, here is the related KB article: https://support.hostgator.com/articles/specialized-help/email/how-to-log-into-webmail
Again, using cPanel as our example, the actual webmail service resides on port 2095. Ports are accessed by using a colon in the URL, directly before the port number:
Instead of using the port, we can also simply use /webmail:
We would use our email account credentials (including the full email address) in order to log in at the above URLs.
Let’s apply what we’ve learned about temporary URLs in order to access webmail via URLs other than those presented above. Keep in mind that you can any domain pointed to your account in order to access webmail (or cPanel, for that matter), it does not have to be the primary domain, but it does have to be a domain that is pointed to your hosting server.
Back to the question at hand. Here are all the ways to access webmail, via temporary URL, using our same example account from above:
We now see that that there are a total of six unique URLs that can be used to access webmail, via domain name and temporary URL. We also understand that “temporary” URLs are actually quite permanent, and only referred to as temporary because, generally speaking, you will only need to use them temporarily. By and large, you will simply use your actual domain name to access your files. It’s always good to understand the use of temporary URLs though, as they can be utilized for a broader scope of purposes than what we’ve covered in this article.
Just for fun, access your website via temporary URL.
As always, please leave a comment with any questions or suggestions.
Written by Sean Valant
Saturday, February 23rd, 2013
The “Snappy’s ProTips” blog post series is an on-going effort to raise awareness regarding some of the most common support requests that we receive via ticket. By and large, all issues covered in this series can be resolved quickly and easily by utilizing information contained within the HostGator KnowledgeBase. As such, these issues can be addressed and resolved inrealtime, without necessarily needing to wait for a ticket response from a System Administrator. The issues covered in this blog post series account for hundreds of support tickets each week.
We receive many support requests each week regarding PHP, specifically what PHP modules are supported and how to enable specific version of PHP on our shared servers.
Typing “php” into the search field on the KB will result in an auto-suggestion for the article “PHP Modules”: https://support.hostgator.com/articles/hosting-guide/hardware-software/php-modules
The above link is a comprehensive list of every PHP module that is currently installed on our Linux and Windows shared servers. There is a very small number of caveats and exceptions, for example Imagic and Magicwand are currently only available on Linux servers and Oauth is installed, but must be enabled prior to use by adding the following line to the php.ini file: oauth:extension=oauth.so
As a rule, if the module is not on the list, then it is not compatible, or not allowed, on our shared environment. VPS and Dedicated servers are significantly less restrictive when it comes to requesting/applying PHP modules.
The next most common support request involving PHP is how to enable a specific version, usually PHP 5.3, on shared servers. As with every issue we’ll be addressing, full information is contained in the following KB article: https://support.hostgator.com/articles/hosting-guide/hardware-software/php-5-3
In a nutshell, this can be accomplished via a very simple addition to the .htaccess file:
# Use PHP 5.3
AddType application/x-httpd-php53 .php
It is very important to read and understand the associated KB article, because this can cause unexpected results relative to backwards compatibility issues with scripts; older PHP coding may not be compatible with newer versions of PHP.
If you are unfamiliar with the editing of an .htaccess files, the above KB article contains another link explaining that process. I cannot be stressed enough that you should make these modifications with care, and be sure to read the entire KB article before proceeding, in order to gather all the relative information to ensure you are as informed as possible regarding the changes you will be making. As always, you should create a full backup before making any changes of this nature to your account.
When in doubt, do join us in LiveChat so that we may assist you in realtime. If you are ultimately performing an action that will require a support ticket to receive assistance from a System Administrator, then we’ll certainly create that ticket for you via LiveChat.
Please leave us a comment if you have any topic that you would like to be addresses via the on-going “Snappy’s ProTips” blog series.