IsMyWebsite Free Hosting Development Blog

While I Wait For HostGator January 6, 2011

So while I wait “10 minutes” for HostGator’s DDOS system, which it appears was accidentally tripped when restoring FireFox tabs, and ponder how much progress I could have made in the 50 minutes and counting I have so far lost, I wanted to give you a quick update on Node 1:

They did reply (finally) and said it would be easiest if I sent them a list of usernames, which I did. So fingers crossed, they should be able to restore things fairly quickly here.

As for Node 7, how many of you want me to keep trying data recovery, and who wants me to just scrap it?

Forgiveness January 5, 2011

One of the most challenging things for any individual who commits an act of large scale magnitude, is to face up to what they’ve done and move forward beyond it. It is only in this moment that forgiveness can be dealt to them.

I am very truly glad to know now the facts, and for the opportunity to forgive (never forget) what has happened. One thing that would be very easy for me to do, and I’m sure you would like a lot is for me to tell who I have forgiven. However, I do not believe any good would come from that, and if you hold those thought in your mind of anger and indignation please look within yourself to extinguish them now. We cannot change the past, and we can only change the future, moving forward with an understanding of the tremendous battle to a state of trust.

We also need to forgive Chris Reed, from Revogate, for what has happened there, and the discovery that backups did not exist. I have to realize that my few websites I lost on this node are inconsequential compared to some of the losses suffered by the rest of you. Chris has worked hard towards recovering this data. I do not want to give up on this, yet I know I must. We can start again, and those with backups can restore them. I hope it can be on 4.0 this happens.

The only thing which remains is SmokyHosts, who have as of yet still to reply to our ticket. I do suppose some actions are beyond forgiveness.

Update January 3, 2011

Node 4 is back up, thanks to Michael from WebLyte working tirelessly to get this done quickly. They have stepped above and beyond what would usually be expected, and proven to be very valuable as a service provider for us. All data should be restored, however databases are in your home directory named as .sql and your package features have been reset. This should all be fixed automatically when 4.0 launches, so please only report if you need something set urgently.

Chris Reed from RevoGate, who manage Node 7, responded shortly after to inform us that they have not been keeping any backups, despite this was advertised on their features page. He has spent a considerable effort to try to locate if any of the space left over on the server may have actually been a backup, however it turned out to be a 55Gb server error log for MySQL, which does explain where all our space went. It appears that backups are only taken for clients on their shared servers. He moved us to a separate server against my recommendation when we first signed up with them, offering to cover all the separate licensing costs and take care of the server administration for us. At present, it does not appear he is looking further into any data recovery options, though I have recommended this. Files which get deleted really just become unlinked from the system, and the core data of the files still exists until it is overwritten. Software is available, even for free, which can locate and help restore these files.

Node 1, managed by SmokyHosts, has not responded to our ticket at all, despite it being marked high priority and we added a second response.

The largest issue is that we still don’t know who did this, or fully how it happened. I’m sure the person responsible is quite ashamed of their actions, however they have not yet come forward to own up to them. Until we know this, the site must remain under fairly complete lockdown which unfortunately prevents the recreating of accounts.

Version 4.0 has already been created with fairly extensive encryption of passwords, limited time sessions of WHM access, with the password changed after every one, no direct database access, and a substantially reduced number of volunteers. But until we know for sure how this happened, we can’t be sure it can’t happen again.

I do wish to thank Arielle and her team of hackers from the Philippines from conducting a security test of our system, and also Chris Blair for his help and suggestions surrounding improving our encryption. He was apparently able to decrypt an account password in just 2 days using very sophisticated software, and we are working now on a solution which will increase this time to 2 years. We cannot have passwords falling into the wrong hands.

In addition I’m very interested in offering a service to back up websites onto another external storage, which could then be retrieved later at any time. This service would cost additional credits, and be available to clients who kept a positive credit balance.

One of the other largest updates is with the credit system on 4.0. It’s possible now to purchase domains. I’m also working to add many more ways of earning credits including more advertising networks, getting the forums working properly (Brendan has been putting in a lot of hours on this one), activity points, and properly working referral 2% commission, so you can get something back for that 10 credits you invested in your friends.

Account Management Offline January 1, 2011

As a precaution to the continuing security exploits existing in the site, all passwords have been changed once again and I am retaining the only existing copy. During this time, no new websites can be created, no cPanel account settings can be modified through your account (ie passwords), no upgrades can be completed, however everything else should perform as expected, unless you are already a victim.

Our team is working hard to bring 4.0 online as quickly as possible. Unfortunately, it is unlikely we will be able to do anything until the site is properly secured.