“Domain Registry Of America” scams continuing

We’ve recently heard from several customers who have received what appears to be a domain name renewal invoice from a company called “Domain Registry of America”.

These “invoices” are a scam. Domain Registry of America is unrelated to our company, and has been cited by the FTC for “deceptive conduct”.

If you look closely at the “invoices”, they actually say something like “This notice is not a bill, rather an easy means of payment should you decide to renew your domain with us.” However, that small print is easy to miss.

We have a page about Domain Registry of America scams with much more information. We encourage you to make sure that whoever pays your invoices is aware of it.

Use WP Super Cache for WordPress speed, not W3 Total Cache

We keep coming across WordPress customer sites that have hurt their performance by switching from the “WP Super Cache” plugin we recommend to a newer plugin named “W3 Total Cache”. Unfortunately, their site often ends up being far slower after switching to W3 Total Cache.

If you care about the performance of your site, please stick with WP Super Cache unless you have a very good reason to switch. It works, and it works well.

Some people tell us that W3 Total Cache works just as well if it’s properly configured, and they may well be right — but it seems like it’s difficult to configure properly. Our experience is showing that it’s easy to get wrong, and performance ends up suffering. WP Super Cache makes it easy to get great performance.

WP Super Cache and FeedBurner

We’ve got a lot of customers running WordPress, and we definitely recommend running WP Super Cache to improve performance. It can help dramatically!

But recently we’ve seen a number of our customers getting hammered by a ton of requests from FeedBurner. Usually the request is of this form:

/somepost?utm_source=feedburner&utm_medium=feed&utm_campaign=SomeCampaignString

We’ve also seen FeedBurner going crazy and making thousands of duplicate requests. One of the sites we host has gotten 45,000 simple status requests (HTTP “HEAD” requests) from FeedBurner today, for no good reason that we can see.

Read the rest of this entry »

Registrars continue to violate the ICANN transfer policy

One of the most frustrating things we deal with is helping customers transfer domain names from other “registrars” (domain name companies) to us. To do this, we ask the old company to release the domain name, and they then have five business days to either release it or reject the transfer.

There’s an obvious potential conflict-of-interest here. An unscrupulous company could easily make more money by rejecting the transfer and forcing the domain name owner to renew it there instead.

Read the rest of this entry »

FTP virus spreading in new ways

An earlier blog post described how several of our customers got their personal computers infected by a new virus that has been spreading across the Internet. Initial versions of the virus spread themselves by reading a Web site’s FTP username and password stored on the PC, then downloading Web pages, inserting an “iframe” tag, and re-uploading the Web pages back to the server. As a proactive measure, we started scanning all uploaded files and stripping out any malicious “iframe” tags.

We are now seeing newer versions (commonly called “Gumblar”) which spread by inserting “script” tags with encoded JavaScript code. Because there are several variations of this approach, and because some legitimate commercial scripts use the same technique to hide their source code, we cannot perfectly identify and strip out these infections. Therefore, we will not automatically strip out the “script” tags from any upload file that looks suspicious.

Read the rest of this entry »

Protection against viruses that steal FTP passwords

Recently, several customers have told us that pages on their Web sites have been modified without their knowledge. Upon investigation, the customers found their computers had been infected with a virus that steals saved FTP passwords, such as the “Gumblar” or Trojan.PWS.Tupai.A virus.

We’ve taken a step to protect you against this problem (described below), but it’s wise to protect yourself, too.

Read the rest of this entry »

Scheduled maintenance for software updates (completed)

Due to software updates on our servers, most Web hosting customers will experience about ten minutes of scheduled maintenance downtime between 11 PM and 1 AM Pacific time starting on one of the following nights, depending on which server your site is on:

  • Friday, August 22 (servers beginning with letter “l-z”)
  • Saturday, August 23 (servers beginning with letter “a-k”)

(The servers named “bender” and “lrrr” have already been upgraded, and those customers are not affected.)

Read the rest of this entry »

Webmail “Thread View” is now a preference

One of the features of our new(ish) Webmail system is “thread view”. This groups similar messages together based on their “Subject” and other headers, which can occasionally be useful if you’re trying to see all the replies to a particular message and you want them grouped together.

However, thread view has a potential downside: it you have several active threads going with several messages each, new messages can sometimes appear on the second page of the incoming mail screens, instead of the first page.

That’s not a problem if you’re expecting it. However, since we introduced the new Webmail system, we’ve had several complaints from customers who accidentally clicked “Switch to Thread View” without realizing what it does, then thought some of their incoming mail was missing because they aren’t used to looking for new mail on other pages. Since thread view is “remembered” even after you logout and login again, this caused some people a great deal of heartache.

From our logs, we’ve found that very few people actually use thread view. Because it seems to cause frequent problems and few people use it, we’ve made it an optional feature instead of being always enabled.

If (like most people) you don’t use thread view, you don’t need to do anything. If do you want to use thread view, it’s still available: just click “Preferences”, then click “Display Preferences”, then change “Show ‘Thread View’ Link” to “Yes”.

Oddities with the MySQL “Table upgrade required” message

Here’s an obscure thing we spent some time on today that doesn’t affect our customers, but might be useful to someone else searching the Internet. The problem was a MySQL database table that, as far as we can tell, worked perfectly… except that it shows this message when we run CHECK TABLE:

Table upgrade required. Please do "REPAIR TABLE `users`" to fix it!

Read the rest of this entry »

Don’t rely on PHP file upload permissions

If you write your own PHP scripts that allow file uploads, we’ve discovered an unusual issue that might affect you. The “permissions” PHP gives to newly uploaded files aren’t always the same — and a recent change to our servers may have altered the permissions your script sees.

Read the rest of this entry »