I have been running my two blogs on media temple for quite some time. Recently they have been getting hacked. Very frequently. My hosting provider is Media Temple, and I can’t say I am very happy with them right now. I am hesitant to say that the hacks all are media temple’s fault, but at least one of them was (they admitted it) and they aren’t giving me any evidence that this has been as pervasive as they say.
This is the fourth time they have gone down in under a year, and the second time in less than a month. I want to believe that it is not specifically media temple’s fault, but if that is the case, then (even worse) I am just really disappointed in wordpress as a platform.
I have done most of the things listed in order to harden your wordpress install, and I am having a really tough time believing that even 10% of the existing wordpress installs out there are (a) jumping through those hoops and (b) still getting hacked.
As I write this, it seems that media temple’s server is down and I am unable to log in. They are also having an emergency staff meeting so all twitter customer service people are offline. That’s not a good sign.
I really want to believe that MT is a good host. They provide really good twitter service, and they usually help me get my hacks cleaned up in a reasonable amount of time. The problem is that I’m not seeing any evidence of a broad wordpress compromise. I’m not talking about people running outdated versions. I’m talking “fresh from the factory with several security focused plugins and lots of time spent under the hood tweaking things” boxes getting compromised. I would love for them to prove me wrong. The sad thing is that this is the second time I have been hacked and frustrated enough with media temple to post about it, and the first time they only did just enough damage control to keep people from losing it.
So, in my usual way I ask you, the faceless internet; Have you ever been hacked? Recently? Who is your host? What do you recommend for WP hardening? Do you have any good hosts to recommend? Can you explain any of this?
I await your responses with bated breath.
Here is one security site where they seem to be thinking in the same direction, and this was in response to last month’s hacks!
And here is a media temple page that they sent out while this was being written.
It’s almost laughable that this is their only response. Did this many people really ALL have the same incorrect permission settings?
UPDATE – (One day later) I spoke with one of the techs on the phone yesterday and he helped explain one possibility as to why the most recent hack happened. It seems that the hackers had hidden a malicious php file somewhere that served as a backdoor. I really appreciate the time he spent looking into it, and the time he spent explaining it to me. It still doesn’t explain what vector they used for the initial hack, or why it seems to be only targeting media temple and rackspace users. I am always really happy with the great customer service that MT provides. I just wish it wasn’t always after I have been “mysteriously” hacked.
ALSO, unmaskparasites has put up an analysis of the most recent round of media temple attacks, and doesn’t have anything good to say about them. If media temple has a reasonable excuse, now would be the time to tell it to us…