Ministry of Intrigue

My good friend Dan Patterson of Creepy Sleepy just recently had a rather nasty wake-up call with regards to his current hosting provider, Bluehost. Due to a security flaw on their servers, malicious files were injected into several of the websites he was hosting there, but despite the fact that it was failure to maintain security on their servers (as opposed to his account being hacked due to weak passwords or similar), they suspended his account. Dan sent out an email to both his friends and the folks whose sites he was hosting explaining the issue. Here is an excerpt of that email (reprinted with permission):

According to the tech support guy (who refused to let me speak to his manager) Bluehost recently (he wouldn’t say when) experienced a security flaw/vulnerability that exploited a vulnerability in php. They initially blamed the problem on Wordpress and said that “everyone” with WP sites was experiencing this right now. I told them that upon doing a Google Blogsearch and Twitter search, I’ve seen no other similar problems. I also pointed out that after the last Bluehost security flaw (yes, something similar happened a month or two ago) I made a point to keep every single site up to date. They guy tried to reiterate that it was not Bluehost’s problem if a security vulnerability doesn’t take down every Bluehost site. I replied, calmly (really) that it was their flaw on their servers and that even if it was a php or WP problem, and even if I wasn’t taking care of my servers, they have a responsibility to a) warn me first, b) give me the chance to backup. They killed even backend access. I stayed on the phone until they relented and allowed a short window to backup.

When the long hard ass pain of migration is done, I will look at this as an opportunity to talk about brands. At the core, Bluehost experienced problems that exposed their paying customers to a security flaw. Bluehost lied about the extent of the problem (first they wouldn’t say where the vulnerability occurred, then finally admitted that it originated on their end). Then blamed me, the customer. After prodding, they blamed Wordpress. Finally, they allowed me to back up, but refused to assist in the process or migration. I, the customer, stayed calm during the entire processes. I was not allowed to talk to a manager, and no one apologized or said “I’m sorry sir, we see that you’ve been a customer for a number of years. While we don’t believe the problem is our fault, we would like to assist you in restoring your sites, backing up your data, or migrating to a new provider.” This is customer service 101 and essential for every brand in the digital age.

Forget ethics, forget right and wrong - let’s look at the brand and company. Bluehost’s demo is web-savvy folk looking for affordable hosting. Is this the way a brand should act? Who’s calling the shots? I can understand a car manufacturer, but for a hosting company this is just complete incompetence. And it’s sad.

This is a pretty terrible way for Bluehost to deal with a customer, especially when it appears it was an error on their part. I suspect it has a lot to do with poorly trained, outsourced support staff. But, as Dan said later in his email, this is an opportunity to talk about what a competent brand should do when they make a mistake.

• Own up to it, confess. “We screwed up.”
•  Apologize.
• Make it right, or help the customer move on. Stories like this spread fast, make sure you are the good guy.

Anyone competent knows this, because competent people know that the best solution is to use common sense. So the end result is: Bluehost loses a customer, a customer who happens to be an excellent media producer at that. More than that, they will probably lose a lot of potential customers as well. At least, one would hope so.

Stories like this really mark the night and day difference between companies like Bluehost, and my current hosting company of choice. Webfaction (not an affiliate link, I don’t advertise here) has always been highly responsive and helpful. On the rare occasion that they have made a mistake, they have always been quick to take ownership of the error and make it right for any customers affected. This is what good brands do. This is what good people do. The two concepts usually (and should) lead to the same conclusions.

Really, when looking for the appropriate response to any situation, whether as a brand or a person, it’s actually pretty easy to figure out what to do. Use common sense, and do the right thing. Most importantly, remember what Wil Wheaton said and “don’t be a dick.”

Here’s hoping that Dan’s migration goes well, and that we see the return of Creepy Sleepy sometime soon.

Just another quick post that Dan and I just recently did a short podcast on Mahalo. Our contention is that Mahalo, while ostensibly a search engine, has far more in common with Wikipedia than anything else. We also discuss what advantage branding it that way may have, and come to the conclusion that Mahalo is Portal 2.0, but in a good way.

Listen to it here.

Just a quick post to let you know that I appeared on the latest episode of the Creepy Sleepy Show Podcast, where DHP, Greg and myself discuss the new Radiohead album, titled In Rainbows. In particular we focus on Radiohead’s digital distribution, what this means in the music industry and our experience as music consumers.

I do have to apologize for an error I make in the show. I mistakenly described the LAME mp3 codec listening tests as a comparison against vinyl, when I meant to say it was a comparison between a 320 kbps mp3 against the original CD. In my defense, I had just foolishly clicked on a link that Warren Ellis had put on his blog, which was so horrific that I had to restart my brain in order to retain my sanity. Just a word of advice to all of you, when you see a strange looking link on his site, think carefully before you look.

Anyway, it was a fun show and hopefully I’ll have chance to join DHP again soon. You can download/listen the show here.

Just a quick post to mention that I’m a guest on today’s episode of the Creepy Sleepy Show Podcast. We discuss the recent HDDVD Digg Storm controversy, Digg’s incompetence at proper PR and the differences between traditional media and social news. I’m always a little uncomfortable being presented as a tech expert, but it was a fun show and a really interesting conversation.

You should check it out. I’d love to hear your thoughts on these issues, particularly to the way social news sites like Digg are changing the way we consume information.