Ministry of Intrigue

My good friend Dan Patterson of Creepy Sleepy just recently had a rather nasty wake-up call with regards to his current hosting provider, Bluehost. Due to a security flaw on their servers, malicious files were injected into several of the websites he was hosting there, but despite the fact that it was failure to maintain security on their servers (as opposed to his account being hacked due to weak passwords or similar), they suspended his account. Dan sent out an email to both his friends and the folks whose sites he was hosting explaining the issue. Here is an excerpt of that email (reprinted with permission):

According to the tech support guy (who refused to let me speak to his manager) Bluehost recently (he wouldn’t say when) experienced a security flaw/vulnerability that exploited a vulnerability in php. They initially blamed the problem on Wordpress and said that “everyone” with WP sites was experiencing this right now. I told them that upon doing a Google Blogsearch and Twitter search, I’ve seen no other similar problems. I also pointed out that after the last Bluehost security flaw (yes, something similar happened a month or two ago) I made a point to keep every single site up to date. They guy tried to reiterate that it was not Bluehost’s problem if a security vulnerability doesn’t take down every Bluehost site. I replied, calmly (really) that it was their flaw on their servers and that even if it was a php or WP problem, and even if I wasn’t taking care of my servers, they have a responsibility to a) warn me first, b) give me the chance to backup. They killed even backend access. I stayed on the phone until they relented and allowed a short window to backup.

When the long hard ass pain of migration is done, I will look at this as an opportunity to talk about brands. At the core, Bluehost experienced problems that exposed their paying customers to a security flaw. Bluehost lied about the extent of the problem (first they wouldn’t say where the vulnerability occurred, then finally admitted that it originated on their end). Then blamed me, the customer. After prodding, they blamed Wordpress. Finally, they allowed me to back up, but refused to assist in the process or migration. I, the customer, stayed calm during the entire processes. I was not allowed to talk to a manager, and no one apologized or said “I’m sorry sir, we see that you’ve been a customer for a number of years. While we don’t believe the problem is our fault, we would like to assist you in restoring your sites, backing up your data, or migrating to a new provider.” This is customer service 101 and essential for every brand in the digital age.

Forget ethics, forget right and wrong - let’s look at the brand and company. Bluehost’s demo is web-savvy folk looking for affordable hosting. Is this the way a brand should act? Who’s calling the shots? I can understand a car manufacturer, but for a hosting company this is just complete incompetence. And it’s sad.

This is a pretty terrible way for Bluehost to deal with a customer, especially when it appears it was an error on their part. I suspect it has a lot to do with poorly trained, outsourced support staff. But, as Dan said later in his email, this is an opportunity to talk about what a competent brand should do when they make a mistake.

• Own up to it, confess. “We screwed up.”
•  Apologize.
• Make it right, or help the customer move on. Stories like this spread fast, make sure you are the good guy.

Anyone competent knows this, because competent people know that the best solution is to use common sense. So the end result is: Bluehost loses a customer, a customer who happens to be an excellent media producer at that. More than that, they will probably lose a lot of potential customers as well. At least, one would hope so.

Stories like this really mark the night and day difference between companies like Bluehost, and my current hosting company of choice. Webfaction (not an affiliate link, I don’t advertise here) has always been highly responsive and helpful. On the rare occasion that they have made a mistake, they have always been quick to take ownership of the error and make it right for any customers affected. This is what good brands do. This is what good people do. The two concepts usually (and should) lead to the same conclusions.

Really, when looking for the appropriate response to any situation, whether as a brand or a person, it’s actually pretty easy to figure out what to do. Use common sense, and do the right thing. Most importantly, remember what Wil Wheaton said and “don’t be a dick.”

Here’s hoping that Dan’s migration goes well, and that we see the return of Creepy Sleepy sometime soon.

I can’t decide if NaNoWriMo is harder than I thought it would be, or if I’m just a bigger wimp than I thought I was. Regardless, it is tough. So, rather than writing out a long entry about it, when I should be working on the novel, I decided it would be quicker to record a quick video.

More updates to follow as the month goes on.

I have not had time to post here in a while. My new job has kept me very busy and most of the time when I get home I just want to relax and spend time with my girlfriend. It is a little frustrating that I have fallen behind on personal projects (like this site), but the work is fulfilling so that is OK.

All that being said, it really nags at me. I haven’t had a chance to bring comments back online here yet, primarily because I realized that before I do that I should probably update the code of this site for Django 1.0 which was recently released. This site is currently running off of Django trunk, unfortunately in the midst of moving and switching jobs I’m several months behind and there are some major revisions that occurred during that time. It won’t be a trivial task, so I wouldn’t expect it to get done right away. So comments will continue to be disabled until the rewrite is done. You are always welcome to contact me, or comment on FriendFeed in the meantime.

The other reason that the rewrite is going to be delayed is that I’ve decided to participate in NaNoWriMo this year. This is actually going to be a serious challenge because it looks like November is already going to be a busy month for me and squeezing out 50,000 words at the same time is going to be rough. However, my right brain is feeling lonely and coding projects just aren’t satisfying my urge to do something creative. I don’t really want to get into a debate of the merits of people cranking out a word count during a month rather than focusing on writing really well. That’s a subject for another time. The way I’m looking at NaNoWriMo is that it’s a kick in the ass for me to get my act together, stop talking about writing, and just write.

I’ve actually attempted NaNoWriMo once before, but I kept it a secret at the time because I was afraid of publicly failing to meet the goal. Consequently, I used that as an out to procrastinate and not get anything done beyond the first few pages. Deadlines don’t matter if there is no consequence for failing to meet them, and I don’t want to fall into that trap again. This year, I plan to be very open and public about how I’m doing during NaNoWriMo, both by posting to the official NaNoWriMo site, as well as posting here and on Twitter. I’ll try to provide an update once a week here, and Twitter posts will appear with the same level of randomness they always do.

If you haven’t ever participated in National Novel Writing Month and you have the urge to write, but can’t seem to bring yourself to get it done, consider signing up this year. Post how you are doing online, and we can go on this journey together. Maybe we succeed, maybe we don’t, but we’ll learn a lot about ourselves as writers in the meantime.

Photo by golfer4life under a Creative Commons license.

I’ve had to shut off commenting functionality for the time being folks. The spammers have been trying hard to get in, and the code that I’ve written to run comments though Akismet for spam checking is occasionally resulting in a spinning process on the server if it gets too many requests. So, I’m rewriting my spam checking code, and will hopefully finish that up and have commenting functions available again soon.

Those of you who read this site via RSS probably wouldn’t have noticed, but this site had some unexpected downtime this last weekend. My webhost, the always wonderful Webfaction, uses The Planet for at least some of their datacenter services, however there was a nasty hardware failure at the Huston datacenter:

[May 31st] at approximately 5:45 p.m. CDT, a transformer in one of The Planet’s Huston datacentres caught fire, requiring them to take down all of the generators on site on the instructions of the fire department. This is one of six datacentres used by WebFaction. All servers hosted at that datacentre are currently offline.

According to this Slashdot article, the outage apparently affected approximately 9,000 servers. Because of the nature of the fire, and the directives from the fire department, all the redundant power sources were made meaningless, which is kind of a crappy situation. Luckily none of the servers were actually damaged, so when the box that my site is stored on was powered up at about 6:00am this morning, all my data and services came back online with no issues.

I’m not sure if this is a situation that suggests that Webfaction should use a different datacenter, or if this is an example that goes to show that no matter how well you set up contingency plans you are always vulnerable, but I tend to think the latter. Either way, I’m impressed with how responsive Webfaction was during this event, and I’ll continue to use them as my web host.

The important thing is that the site is online and I’m back.