If you’re a customer who uses WordPress, you have probably already noticed the issues concerning logging into your WordPress control panel.
We wanted to send out this notification to alert anyone who hasn’t been briefed on the situation, as well as give some additional explanation about what is going on, how we’re handling it, and why we’re handling it in this manner.
- A global brute force attack on WordPress’ wp-login.php file began on April 11th. This attack affected WordPress users worldwide and was experienced by virtually every web hosting company.
- A ‘brute force’ attack is when an automated program (sometimes referred to as a ‘botnet’) repeatedly attempts to log into a password protected site by trying different passwords over and over again until it finds the right one.
- We implemented a server side check to reduce the number of wp-login requests, but found that the attack started to increase the time between login attempts.
- On April 12th, we noticed the botnet activity ramped up dramatically, and we were forced to block all traffic to wp-login pages. This was a temporary solution that remedied the brute force attack in the following ways:
- Customer WordPress sites were able to stay up and running
- All incoming brute force requests were stopped
- This also kept out any unwanted, malicious intrusions into our customers’ sites
- By blocking the malicious incoming traffic, it also stopped the slowness issues we were having on our Linux servers.
In the meantime, we began collecting attackers’ IPs so we could start blocking them.
On April 13th, we began using the data we’d collected on the attackers’ IPs to begin blocking them from connecting to our servers. This was a slow process that took time to refine and put in place as a permanent solution.
On April 16th, we removed the block on each server for wp-login once the new system was implemented across all of our servers. Users should now be able to log into their WordPress sites. Once you log in, we recommend that you change your password to something very strong (e.g. a mixture of upper and lowercase letters, numbers, and special characters like #, $, and &). You can find instructions on how to change your password here: http://codex.wordpress.org/Resetting_Your_Password.
The tactics used in the attack are changing daily (sometimes even hourly), and we are responding with adjustments of our own. While we currently have the situation under control, we are still watching and reacting to the attack to make sure it doesn’t begin affecting our servers again.
Although we can’t announce too many details about our attempts to block the attack (because we don’t want to give too much information to the attackers), we still want you to know that we are aware of the situation, and are working on it. Keep an eye on the status blog for major updates as the situation progresses.
Thank you for your patience as we continue to defend against this attack.
Director of Customer Operations
The New Year’s ball, that is.
It’s New Year’s! A happy time?
It’s a time for remembering. A time to celebrate. For a lot of us, it’s also a time for making resolutions that seem to get harder and harder to keep every day past the day we made them.
So, in light of that, I’ve decided to focus less on correct grammar, and more on what makes happy times even more happier. And no, it’s not drinking and getting all crazy…
This year will bring us a slew of fantastic stuff; new products we’re excited about, like our money-saving Domain Club, or our brand new account control panel (which you may have already read about). And, as always, we will continue to expand and improve our hosting services (I’ve even heard rumors about a new hosting control Panel in the works).
Happy people make better partners, parents, business owners, thinkers, and overall, people. That’s why my goal for 2013 is, simply, to be happier! You can do it, too!
Just be grateful for everything you have and to never stop searching for things in your life that make you happy. If you spend your time concentrating on the good around you, your world will, in turn, be more positive toward you.
Hopefully, as you search for the positive things around you to be grateful for, you’ll get so good at it that the bad things just fade to the background. It’s easy to lose sight of the fact that there’s plenty for us all to appreciate.
We’re extremely thankful to have you as our customer and our companion in doing better things with the Internet.
I hope 2013 will be a happy year for you.
What’s your resolution this year? Anything specific involving your business or website? Leave your answer in the comments and we’ll try and respond to each one!
Happy Host Excellence Leader
PS: I thought you might find this interesting; this Christmas I got myself these neat “prism glasses.” They’re kind of bizarre, but they’re also uber-cool and I love them. Go ahead and check them out; you might like them just as much as I do!
PPS: Hey, if you want to read more about happiness and warm, fuzzy feelings (and who doesn’t?) I’d really suggest reading “The Happiness Advantage”. It’s very insightful and has inspired me in many ways. In fact, I will be using my new prism glasses to read it in bed!
So, yesterday my mailman brought me yet another one of those Domain Registry of Amer*** letters. These letters are seriously annoying. Take a look (click below to see bigger image):
If you didn’t already know, these letters are a notorious marketing ploy. They try to convince you to renew your domain name with them by sending you an official-looking notice, by postal mail. If you follow the directions, not only will you pay an arm and a leg for a year of registration, but you’ll also be transferring your domain registration to another company. I often get letters from customers, who ask me, “How did these scumbags get my snail mail address?” It’s actually really easy. And sort of scary, too.
Your domain name’s ownership information (it’s also called the “WHOIS information”) is available in a public database – which can be accessed by anyone. See for yourself right here.
This is the same reason you usually started getting boatloads of spam to the email address associated with your domain.
Obviously this is bad. Only for specific reasons would you want to share your info (and I’ll tell you about those in a couple of weeks). But as a general rule, it’s better to hide your contact information from public view.
So how can you hide your contact information?
Until now, there hasn’t been a lot you can do about it. But because so many of you have been asking for it, we’ve added a sweet new feature called Domain WHOIS Privacy. It basically removes your information from the WHOIS database. You still own your domain, but now you won’t have to deal with all the spam, fake mail, and telemarketing calls. Of course you always have the option to turn privacy off at any time, but I don’t recommend it.
I’ve got all my personal names, and even some of my business names, protected with Domain WHOIS Privacy. It works wonders and the spam you get decreases considerably.
So if you want to add it to your existing domain(s), it’s only $6/year (which is like one or two lattes from Starbucks, depending on how complicated of a person you are). And it’s well worth it. Here are some instructions on turning privacy on.
To make it a no brainer, we’ve bundled domain privacy with new .com domain registrations. For a short time, you can register new .coms for just 4 bucks if you add domain privacy when you order them.
I hope you like this new feature, and that it’ll help you as much as it has helped me.
Fathi Said, CEO
Here’s the details on the five-featured knock-out punch for your domains. All five fall into the “you’ve been asking for it forever” category.
You would not believe the amount of emails I get from my customers asking about these features. They’re finally here. Let’s get right to it: (Drum roll please…)
Number 1: Domain WHOIS Privacy
When you register a domain, you fill out your name, address, phone, email, etc., right?
I’m not sure if you know, but this information is PUBLIC. It’s stored in the so called “WHOIS” database, and anyone, including bad guys (like spammers, identify thiefs (or phishers), and other online fraudsters go there to get the goods on domain owners like you and me.)
There’s actually a close-to-home story that I have of how one of my colleagues almost got shafted because she didn’t have her domains protected. I’ll tell you about it later this week.
The only way to solve it: Domain WHOIS Privacy – it hides your information and tells the trolls that it’s off limits!
Click here to protect the domains you already have registered.
To honor the release of this feature – for a very, very short time, we’ll offer new .com domain registrations for the crazy low price of $4, when you register them with Domain WHOIS Privacy.
Number 2: .ME and .NAME Domains
Have you ever wanted to grab a personal piece of web real estate for yourself, your children, or grandchildren?
We’re talking .name and .me domain names. Very cool. They’re the perfect way to put your unique, personal stamp on the internet, and get a really sweet email address. Over 14,000 domain names are registered every hour, so act fast if you want to secure your name.
See if yours are available here.
Number 3: Internationalized Domain Names.
Did you know that domain names can be registered in non-English language characters?
If you get traffic from other countries, you should snap up your domain in those languages and redirect the traffic to your site. Right away. Why? Because it will help your site rank higher in Google, and it’s likely that you’ll start getting more traffic.
It’s fast and easy, and now you can do it right in your control panel.
If you don’t know how to spell your domain in the language you’re looking for, simply visit http://translate.google.com. Plus, it’s easier to copy/paste than to try to figure out how to make a ¨, Б, or 买 using your keyboard.
Number 4: Premium Domains
I’m sure you’ve run into this problem before. You think of your perfect domain name. Alas, it’s not available anymore. Just like all of the other good domain names – all taken. But really, a lot of them are for sale! And with any luck, the name you really want is too.
They’re called “Premium” (or pre-registered) domain names, and they’re a great way to get the exact domain name you want.
But, like all good things, they’re not cheap. They can get pretty pricey – but you get what you pay for. Premium domains are often a big source of immediate direct traffic, built-in SEO rankings, and a reservoir of pre-existing backlinks (and all that stuff is really good for ranking your site higher on search engines.)
Take a look here to see if there is one you like, or if your perfect name is actually available!
Number 5: Easy Domain Transfer
For years, both my customers and my customer service specialists have been beating me over the head with this little tidbit: It’s a pain in the neck to transfer domains into our system.
So finally, we created something new: An automated tool for domain transfers that lets you extricate your domains from the grip of your former registrar, and transfer them quickly and easily to your account, directly in your control panel.
You can do it fully automated, and it doesn’t require any phone calls to our team. So transfer away!
That’s it for now. We’re all very excited about these enhancements. I hope you will be too.
Fathi Said, CEO
PS: Pesky Disclaimers: $4 .com domain registrations good for initial registration period only. WHOIS Domain Privacy Protection is available on .com, .net, .org, .biz, .info, and .mobi top-level domains only.
PPS: To get handy screenshots and instructions for all of our new features – check out the online hosting manual.
We’ve just integrated Paypal into our system, so you can now purchase domains, hosting plans and soon, even renew your existing plan with your Paypal account! There were a couple of reasons that we didn’t integrate it sooner, but in retrospect, they were all bad. I wish I had gotten this project rolling sooner.
Did you ever think about using Paypal to get paid on your site? It’s strikingly simple and if you’re interested in learning how to do it, keep reading.
When I started Host Excellence, Paypal didn’t even exist. It’s a really good time to be a business (forget the economy!). The integration of Paypal has already coincided with a sharp increase in sales (let me also give credit to the bustle of the Fall season for that, though) and a warm welcoming from a couple of you who were hoping for this change. It was easy to integrate and had a big impact.
Being able to accept online payment from your customers is for sure the most essential part of operating your business online. You lose a lot of business every time you ask a customer to call in or come into the store to make a sale in almost every single business case. The audience we can reach is bigger now than ever before. Don’t think people weren’t trying to sell web hosting in stores at one point. They were… and they became really irrelevant really fast.
So many of our clients have what is called a “brochure website,” or a website that tells you a bit about the nature of their business or what they do, the history behind it and what kind of services are offered, but isn’t actually selling anything via the site itself.
I personally don’t understand this. If you have something to sell, why not put your site to work for you? That’s like going through the trouble of having kids and not making them do housework (just kidding Department of Labor!!). It doesn’t cost much or anything, depending on how you do it. The payoff is great if you’re willing to put a little effort in… and there’s no reason not to put that effort in especially in today’s economy (which we should have forgotten by now).
Imagine the convenience for your customers and the growth potential for you if you were to start accepting payments online… or even just start making gift certificates for your products or services available on your site! People who were once only visitors to your site are now potentially paying customers and your best salesman is now working 24/7… for free.
The "Good Part"
It’s sad, but I’ve noticed that over the last decade, the power of a website is so seldom harnessed by their owners and instead, business owners dredge through more “traditional” paths that don’t make them much money and more often than not, lead them to giving up before they even get to the good part.
Hopefully, you’re reading this and ready to start getting paid. Paypal is probably the best, easiest, most painless way to get started accepting payments online. There’s a free* plan that allows your visitors to use their credit/debit cards or their Paypal account to purchase your stuff and it’s actually easy to set up.
So how easy is it?
Well, a quick summary would tell you that depending on how you’d like to integrate Paypal, it will either be very simple (about a 15-minute commitment): using Paypal’s shopping cart and easy HTML integration, or semi-simple: installing and integrating into your own shopping cart from our Easy Apps. You’ll also find that it can either be free or cheap ($30/month).
The free solution, “Website Payment Standard,” can be popped right into your existing shopping cart or installed using Paypal’s easy setup. You don’t have to go through any kind of credit check to get paid and your customer will follow these simple steps to purchase things on your site:
- Your customer clicks on the “Buy Now!/Subscribe” button that is available on your site via either your shopping cart or an HTML integration of Paypal (“HTML Integration” is literally just using their “Buy Now!” buttons to link to their shopping cart).
- Your customer is then sent to Paypal’s shopping cart on the Paypal website (with your site’s header and footer still in tact — the process will be seamless to the buyer, but there’s not much you can do with the shopping cart look and design. This is why many people choose to use their own shopping cart).
- Your customer is sent back to your site to complete the process (usually to a “thank you for ordering!” page that you’ve created).
- The cash from the sale goes into a Paypal account that you’ve created at the beginning of this process. Paypal will issue you a debit card if you want one and you can transfer funds online from your Paypal account to your own bank account.
Paypal has a great in-depth tutorial here, but you can also watch their demo -which is pretty cool- to make sure it’s the right kind of thing for your business.
Also, let me know in the comments if you’re not at the Paypal / “Get Paid” phase with your business. If you’ve read up to here and you’re not selling something now, you’re motivated enough as far as I’m concerned to start making money with your site. I need to get you to that point because the more successful you are, the closer you are to your goals, the happier you are… and if I can have anything to do with that, well, you know the rest.
Fathi Said, CEO
Mostly telephone and internet service providers. Look around, you can still find a few!
*They do take a small percentage of sales, but less than most merchant accounts and it’s free to implement and have on your site.
First Place - Woo Hoo!
Well, we did it again folks!
HE is the first American web hosting company to introduce Alipay as a method of payment for our customers. “What is Alipay?” you ask. Alipay is the preferred method of payment for China. Think of it as their PayPal. It is well known and trusted, and gives the Chinese consumer peace of mind when it comes to online purchases. It makes buying from America much more attractive.
Next question you’re probably asking yourself is “Why am I reading about a service I will never need?” Promoting the use of Alipay is not the intention of this blog (Actually we rely heavily on messenger pigeons to do the bulk of our promotions). The real purpose of this blog is to show you HE’s flexibility and responsiveness to you, our customers.
One of our Chinese affiliates asked us to consider offering Alipay. According to an article in China Tech News , the number of members have grown from 57 million in 2008 to over 150 million as of April of this year. Alipay reaches more than half of the people who use the web in China. Also of interest are the demographics of Alipay members. They are young (83% are between 21 and 35) and their spending is increasing faster than other segments of the population.
So, a few weeks after the original request – we are the first American Web Hosting company to offer this payment method!
Thanks for taking the time to read this. Feel free to send your ideas or suggestions by responding to this post. We might not be able to adopt all your ideas but at least you know we listen!