An unemployed Austrailan truck driver appears to have had more than just time on his hands. David Cecil who allegedly gave himself the online nickname “Evil”, was refused bail when he appeared in court on charges of hacking into internet company Platform Networks, one of 13 service companies to offer services under the National Broadband Network (NBN).

It was alleged the 25-year-old Cecil is a self-taught hacker who acted alone, spending up to 20 hours a day on his home computer. Allegedly, Cecil had control of the entire system of Platform Networks for six weeks. David Cecil has been charged with one count of unauthorised modification of data to cause impairment, and 48 counts of unauthorised access to, or modification of, restricted data.

It's also alleged he was responsible for an intrusion into Sydney University's computer system, and had attempted to hack into other unnamed major companies.

DistributeIT claims David Cecil is also responsible for the attack that compromised their company's shared servers. The Evil call-sign was left during the DistributeIT attack which affected thousands of businesses and resulted in the permanent loss of some 4000 websites.

The Netregistry Group which took control of DistributeIT calls on “Evil” to apologise to all the businesses he ruined as a result of the targeted hacking attack.

Anybody else? The offences carry a jail terms of up to 10 years.

There are some media reports that Australian webhost Distribute.IT is reportedly suffered a malicious attack that has left it scrambling to reconfigure its network and servers. The company - best known as a domain name registrar - said in a post to its Twitter account that it had been the victim of a "very deliberate, coordinated & malicious attack".

Resellers and end users on the Whirlpool broadband forums first reported the hack at 5.50pm on Saturday 11 June   posting what appears to be statement from the defaced Distribute.IT website:

OWNED BY EVIL AT EFNET YOU MOTHER flappERS NEED TO GET A CLUE BEFORE YOU RUN A BUSINESS YOUR SECURITY IS HORRIBLE !!!!! THE ONE AND ONLY EVIL AT EFNET I AM BACK MOTHER flappERS!!! :D The Outage the other day WAS NOT an upgrade they got HACKED and fabricated it with a lame excuse.... 

Comments made earlier this week on this forum thread suggest that Distribute IT customers have been struggling with less than stellar uptime recently. A glance at Distribute IT tweets from twitter hint at a much longer timeline.

EPHosts out of San Diego have been awarded the contract to provide web hosting services for the official website of the U.S. Navy SEAL and SWCC Scout Team. The contract for web hosting of SEALSWCC.COM, which no doubt has been experiencing spikes in traffic since the assassination of Osama bin Laden, is worth $35,229.40

EPHost had to come through with a Web hosting network, committed monthly bandwidth of 28 Mbps per month (with bandwidth in reserve for peak traffic) as well as software support, firewalling, round-the-clock monitoring, anti-virus protection, server monitoring, domain name management, online data backup and OS updates.

Might be one client that you would not want to annoy!

 The Conservative Party of Canada confirmed that hackers had accessed information on their website, including the names, addresses and partial credit card numbers of some of their online donors.

Conservative Party communication director Fred DeLorey says the party is investigating the matter and is working with the authorities. "It has come to our attention today that information that was stored by our web site host was hacked into. The information contains names, addresses, and email addresses of people who donated online through our web host," DeLorey said in a statement.

HostJury is attempting to clarify the statement by Fred Delorey which appears to cast some blame on the Conservative Party Canadian web host Koallo which is located in Ottawa.

The hackers, who go by the name The Lulz Raft on Twitter claim to be behind the Prime Minister Stephen Harper's "hashbrown breakfast fail" hoax on Tuesday, They posted a partial list of Tory donors on Wednesday morning.

"The conservatives said no contributor data was accessed..I wonder where this sample came from then," The Lulz Raft posted on Twitter, adding a link to a website showing names and email addresses under the banner, "Donation Contributors – A Small Sample."

The website titled “Conservative Donation Contributers” included a list of 1,719 names and email addresses and an option to download thousands more. The list no longer appears to be online. DeLorey said the first four and last four digits of credit cards were accessed in some cases, but not enough information to be "useful, and that party's internal database was not hacked.  (Another interesting statement...were they just kept in bullet form on a page?)

The following who-is and trace route is courtesy of network-tools.com

In a press release to user, Magento announced that it has reached an agreement to be acquired by eBay Inc.

Stating that “The past several years have been an amazing journey for Magento, as we've grown from a new open source platform into an eCommerce leader. Along the way, we've built not only a platform, but a company and a worldwide community. Together, we've identified opportunities, taken risks, innovated, struggled, succeeded, and changed the face of eCommerce. Today marks a milestone on this journey as we announce the most exciting news in our company's history.

Magento has reached an agreement to be acquired by eBay Inc. We believe this move will open incredible opportunities for the entire Magento ecosystem. eBay is evolving to become a strategic commerce partner focused on delivering new ways for merchants of all sizes to drive innovation. As a centerpiece of this strategy, they are building a global, open commerce platform that leverages the worldwide developer community. And Magento will be at the core of this new, open commerce platform, called "X.Commerce."

Magento has had a relationship with eBay for some time and in March 2010 became the first outside investor of Magento. As the press release states “they (eBay) are eager to harness the power of this ecosystem to create the next generation of eCommerce innovation”.

The press release also states ”How will this acquisition impact our organization, customers and partners? It's too soon to know all the details”

Time usually tells the tale!

Chicago-based hosting provider Steadfast Networks announced that they are venturing into cloud hosting touted as the Steadfast Cloud Platform. The highly customizable cloud platform service offers all the major strengths of deploying your applications “in the cloud,” with the attractive ability to instantly increase or decrease your allocated system resources at any time.

“Everybody here at Steadfast Networks is incredibly proud to finally offer the Steadfast Cloud Platform to the industry,” says Karl Zimmerman, CEO of Steadfast Networks. “We understand that our customers need the flexibility of cloud hosting with the control of dedicated hardware. With this new service, we are able to provide a reliable cloud hosting solution that scales all the way from hobbyists to enterprise-grade solutions.”

“In essence, we are today launching a hybrid platform, allowing customers to use Virtual Machines within a public or private cloud and as part of an existing dedicated server or colocation solution. We provide businesses with a range of options to tailor the cloud hosting solution they have been looking for, fully compatible with their existing network setup,” says Zimmerman. “In addition, we offer a large, diverse range of software and a simple, hassle-free resource allocation process, which gives our customers the control over their servers that they have been craving. We are not in the business of charging people for what they don’t use, or might only use for one hour a month – our mission here is simply to give people what they want, when they want it.”

With the Steadfast Cloud Platform, Steadfast Networks says it has managed to create a cloud hosting solution that lets customers engineer the solution that they want to use instead of preconfigured cloud hosting solutions often found in the market.

Ubiquity Server Solutions announced late today that it would be canceling all plans to participate in the May 21, 2011 worldwide rapture event as predicted by Harold Camping.  While initial contingency plans  were to simply increase security measures during the rapture, at the last minute Ubiquity regrets that it must withdraw all participation in current and future apocalyptic events.

Citing a preexisting commitment to a 100% uptime SLA, Mike Gazzerro of  Ubiquity Server Solutions stated Friday that “allowing an apocalyptic  event to occur in the datacenter would pose a serious conflict of interest to customers and Ubiquity alike.  We regret any inconvenience this may cause to clients trying to avoid past due invoices by waiting until the end of the world.”

This change in policy will not affect current customers using Ubiquity services for hosting game servers set in post-apocalyptic scenarios so long as those game servers do not cause a datacenter-wide doomsday situation.

HostJury will update this story later today... if we're here. Its a long weekend in Canada! 

After several days of fighting off fake reviews from Webserve we've decided to post about it publicly. It isn't often we have to these days -- after the first or second removal they tend to get the point but someone from Webserve just simply doesn't get it. We've posted the details below including the IP address of the internal Webserve user doing the deed -- could someone talk to Javier for us?

Something noteworthy to consider is that while we were removing these reviews, we found several others that were much older from the same IP block. As it stands right now the only positive reviews that Webserve has ever had were from their own internal IP addresses. Avoid them like the plague, it's one thing to have bad service but to pay teammates to post positive reviews is just appalling.

With all that said it is in fact easier to post fake reviews than to actually improve your service, but it's appalling that someone would spend their time posting fake reviews instead of satisfying clients. It seems like the netgain of improving service would be tenfold in comparison to merely faking it for sales purposes -- but we're glad you enjoy their service Javier, perhaps employees get treated better than clients.

If you've got some webserve reviews of your own be sure to post them here on hostjury.

This week for approximately 40 hours Canadian web host Islandnet.com was the victim of a Distributed Denial of Service (DDoS) attack. While DDoS attacks can occur against any webhost the explanation provided by Islandnet owner Mark Morley on the company blog raises many more questions than it answers.

Quoting:

Steve and I have been here for over 35 hours, working with our upstream providers throughout the night to find a solution. We would manage to block an attack, only to have the attackers reconfigure and launch a new one an hour later. In the end we had to renumber all customer web sites and servers, identify and isolate the intended target, and implement a traffic scrubbing service that monitors and detects DoS attacks in real time.

We've seen no evidence of an attack for several hours now, and things are running smoothly for the most part. There is still a backlog of e-mail flowing in and out, and some customers may find they need to reboot their computers and routers so that they will learn the new IP numbers. There are a few minor glitches to do with renumbering our servers that we are cleaning up as well.

Even though it was beyond our control, we do apologize for the down time. We reacted as quickly as possible and did our best to mitigate the damage and get customers back online as soon as possible. We understand completely how frustrating something like this is, and how disruptive it is. We'd like to thank all the customers who called, emailed, tweeted, and commented on facebook with words of encouragement during these attacks.

UPDATE 3:12pm: we have been contacted by a group claiming to be behind the attacks. They identify the target (a customer of ours) and demand that the site in question be shut down or the attacks will continue. As much as I hate to capitulate, we can't afford to stand up for the rights of one customer at the expense of all the others, so the site has been shut down.

UPDATE 3:50pm: they contacted us again. They thanked us and said the attacks have been halted.

UPDATE 4:10pm: many people are curious about the content of the customer's web site that provoked the attack. While we aren't comfortable giving out too many details at this time, I will say that it was a personal "listen to my story of unjust treatment" type of blog that contained a lot of angry attacks against the perceived offenders, including numerous court judges, lawyers, etc. I'm not taking a position on the content itself, but I can see how certain parties would take offence to it.

End quote

Without knowing more about the site contents it would be hard to determine the source of an illegal DDoS attack. While it is normal for a web host to take the targeted site offline in the interest of other clients the contact by the attackers does add an interesting aspect that is rarely seen. Hostjury has asked for further clarification from Islandnet on what action (or reaction) is being taken by authorities regarding this outage!

Mark Morley responded very quickly to HostJury inquiry. 

Quoting:

"We've spoken with the site owner, obviously, and he understands that we have no official opinion on his site's contents, and that it was not about that.  Nor was it a case of simply giving into pressure.  We've been in business since 1992, and we've had many threats from all sorts of people over various customer sites (even pre-web, we had customers with Gopher pages who got threats).  We've stood up to the legal threats from the BBC in the UK, and even lawyers for the Church of Scientology, both demanding we shut down sites.  We have never had to shut down a site before except for violation of our terms of use, and we're proud of that.

But in this case we were literally off line, as were 5,000 customers.  I'm willing to stand up for freedom of speech, but not at the expense of my company and livelihood or the businesses of thousands of other companies.

We have an open case with the RCMP and their tech crimes people are investigating.  Bell Canada, our upstream provider) is working with them.  The "bad guys" emailed us from a Gmail account with their demands, and later with a "thank you".  Google has been contacted and is holding onto the account info until the RCMP can do whatever they need to do to get it (court order I presume).  How successful they will be in tracking these people down, who can say?"

HostJury will continue to track this story!

WordPress.com has revealed that someone has gained access to their servers today and that customers’ source code was accessible.  “Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed” Matt Mullenweg  the founder of Automattic wrote.

Matt continued “We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.

Based on what we’ve found, we don’t have any specific suggestions for our users beyond reiterating these security fundamentals:
-Use a strong password, meaning something random with numbers and punctuation.
-Use different passwords for different sites.
-If you have used the same password on different sites, switch it to something more secure. (Tools like 1Password, LastPass, and KeePass make it easy to keep track of different unique logins.)

Our investigation into this matter is ongoing and will take time to complete. As I said above, we’ve taken comprehensive steps to prevent an incident like this from occurring again. “

Hostjury will update this post if anything significant is revealed

Spiral Hosting announced it has acquired the Domain Registration and Shared Hosting business of Aventure Host.  Aventure Host have a large UK client base and was the first webhosting provider in Ireland to offer webhosting on the cloud.

Spiral Hosting also expanded into the American hosting market after acquiring the webhosting division of Eideashop in May 2010.

“The merger will result in improvements for all Spiral Hosting and Aventure Host customers. Our top three objectives are excellent servers, fast support and most importantly happy customers. The Aventure Host business will continue as a going-concern with the same website, services and billing portal. Our team will continue to provide 24/7/365 friendly personal support from our offices in central Belfast.” says spokesperson Peter Armstrong

It appears that media reporting on Endurance International Group acquiring Canadian web host Netfirms overlooked some key components of the deal that have many Netfirm clients pondering the future implications of the deal on social media sites.

Many Netfirm client are questioning the implications of being hosted on Endurance International existing cloud infrastructure (outside Canada).  Netfirm clients, having endured less than stellar service and up-time based on Netfirms Canadian connection, are expressing feelings of betrayal with the Netfirms acquisition.  Privacy, and the protections of the same under Canadian law, is very much contrasted by the lack of privacy afforded under American law with its far reaching Patriot Act. The issue of privacy continually surfaces as a sticking point in Border security discussions between government representatives. American counterparts in these negotiations, can not seem to comprehend Canada obsession with protection of its citizens privacy, and abiding by the laws in place to protect them.

Endurance International has stated that Netfirm Clients will be transitioned to the existing cloud infrastructure used by Endurance. While cloud hosting does have some advantages over location based hosting, many unanswered questions continue to be ignored by cloud advocates on security, the legal issues surrounding where the data is actually hosted, and which country legal system has precedent. Besides privacy, many countries have very opposing positions on the definition of areas such as defamation, and copyright.   

Many concerns are being raised over changes to Terms of Service (ToS) and Acceptable use policy (AuP).   Even finding Endurance International policies requires using a search engine as they are not openly linked on the main website. Endurance International AuP can be found here.

Endurance International ToS can be found here.

These Terms are effective April 1, 2011. For customers who created their accounts prior to March 2011, the previous Netfirms Terms of Service are in effect until April 1.  HostJury will provide more information on the specific changes in a separate post.  HostJury will also provide a partial list of web hosts using Canadian infrastructure.

Only in Canada some would say... pity!

 An interesting study was just released showing that customers of other sectors confront similar issue to those found in web hosting.

The UK government found the “up to speeds” advertized by DSL providers are hugely deceptive. Asymmetric DSL Internet connection (ADSL)  routinely advertise  "up to" 13.8Mbps speed. According to the latest comparison survey from UK regulator Ofcom, you're probably getting much slower performance—something in the neighborhood of 6.2Mbps or around 45 percent of the advertised speed.

"Very few ADSL broadband customers achieved average actual download speeds close to advertised 'up to' speeds," the UK regulator says. A mere 14 percent of customers on "up to" 20Mbps or 24Mbps services enjoyed download rates over 12Mbps. Almost sixty percent received average download speeds of 6Mbps or even less. The study did show that cable broadband subscribers in the UK are getting speeds that are far closer to the advertised rates.

Delivering the good... the good, the bad, and the ugly!

The official Royal Wedding website celebrating the marriage of Prince William and Miss Catherine Middleton has been launched by St. James’s Palace.

The website, www.officialroyalwedding2011.org, is the official information service for anyone interested in the forthcoming Royal Wedding. Regular announcements of wedding details in the run up to the wedding day will appear on the site.

The website will be regularly updated with exclusive content, including photo galleries, features, videos and links to important information for visitors on the day.The UK is gearing up for a very special wedding on April 29, when Prince William and Catherine Middleton will be married in Westminster Abbey in London. Unlike many previous Royal Weddings, this event will have its own website.

The website is hosted by Google App Engine, which is designed to handle large, global peaks in web traffic, and was built by Accenture. Design and creative advice was offered by Reading Room. Although no announcements have yet been made, expect Pingdom to announce that they will analyze site speed!

Royals are not known for leaving things to chance... details like a major change to search algorithms afecting page rank!

iNET Interactive announced the acquisition of the Web Host Industry Review (WHIR), a  leading news and analysis source for the hosted services industry. For more than ten years, theWHIR.com has provided its readers with daily industry news, feature coverage, expert opinion and analysis.

The WHIR joins Web Hosting Talk and HostingCon to form three complementary media properties serving different facets of the web hosting industry under a single iNET Interactive umbrella. The WHIR’s strength as an editorial content source covering primarily the business aspects of the web hosting industry complements Web Hosting Talk’s strength with user-generated content addressing primarily the technical aspects of the industry. The WHIR’s regional networking events are the perfect year-round complement to the annual HostingCon event.

Stephen Mayhew, the publisher and company founder, started the WHIR in 2000 and with the support of a dedicated team, has established a strong reputation as the trusted news source to a C-level audience in the hosted services industry. After a brief transition period, Stephen will be leaving the WHIR to focus on other business interests. “iNET is a great home for the WHIR. It has the capabilities and resources to take The WHIR to new heights,” said Mr. Mayhew.

Troy Augustine, iNET’s president and CEO stated, “Not only have we added a great property that perfectly complements our existing hosted services portfolio, we’ve also added great people. The WHIR’s editorial and sales talent will have a beneficial impact throughout the company; and the combination of the WHIR, Web Hosting Talk, and HostingCon opens up some very exciting opportunities.”

If Canadian web host Netfirms was a political party it would be in dire need of a new leader. If Netfirms reviews on HostJury are any indication, Jean Charest with the dubious title of most unpopular premier in Canada, has better ratings. (Jean Charest isn’t a webhost although many would argue he shouldn’t be a premier either!)  

In an announcement on the Endurance International Group website, Gary Engel, Sr. Vice President, Customer Support stated in part:   

We are excited to be working with the customers from Netfirms. Our team is committed to making the transition to your new hosting platform as simple as possible. Thomas Savundra and Suhan Shan, the founders and executives of Netfirms, started Netfirms 13 years ago with a goal of delivering top-notch hosting and domain services.        

Over the last year, it became apparent that given its growth, Netfirms needed a more scalable infrastructure. They realized that moving to an existing hosting platform with proven reliability would cause far less disruption to customers than developing a solution iin-house. We are delighted Netfirms chose the Endurance International Group to meet that need.

Many media are reporting that Netfirms has sold out to Endurance International but that does not appear to be certain from the wording of the Gary Engal note. HostJury is seeking confirmation on the details of a possible deal.

For the naysayers, some may claim that HostJury business model attracts disgruntled web hosting clients seeking a place to voice their dissatisfaction with a webhost on the web.

Possibly so, but with Netfirm reviews going back to 2006, what could be construed as the only positive review was the first which stated:

It's pretty reliable from what I've seen. I only host a few small, low-traffic but database-centric sites and the site rarely goes down. However, it is slower than other hosts (namely dreamhost), and the limit to simultaneous database connections (3) is way too small. The price was right -- with the coupon code, only $10 for the year!

Gary Engal’s note refers to continuing issues at Netfirms quoting: Over the last year, it became apparent that given its growth, Netfirms needed a more scalable infrastructure.

On July 26, NetFirms company's website posted:               

Netfirms Community, Date: July 26, 2010-07-26 Time: 1:00pm EDT

Some customers may be experiencing difficulties accessing their websites. Our escalations team is currently working on the issue and we shall post updates as they become available.

On July 27, Netfirms posted:               

Some customers may be experiencing difficulties accessing their websites via ftps.Our escalations team is currently working on the issue and we shall post updates as they become available.

July 28, Netfirms posted:

In 2009, it was reported that many Netfirm customers were complained that they lost all of their emails on Netfirms' servers.

When choosing a web hosting company for an ecommerce website, failing to take expected traffic spikes into account can be a costly mistake. (unexpected traffic spikes are a good wake up call to review your web hosting service and requirements)   Potentially, clients can become frustrated. Worse,they could take their business elsewhere. 

Valentine’s Day is a great day for any vendor selling flowers. And as demonstrated with most retail commerce, the buying trends of potential customers turning to the web marketplace continues to expand. This is big business. Americans alone are expected to spend in excess of $18 billion on Valentine’s Day gifts this year.

Uptime monitoring service Pingdom decided to see how some of the more popular flower websites would handle themselves on Valentine’s Day.

Slowdown and crashes

Several websites showed clear slowdown, especially in the morning hours of Valentine’s Day. A lot of last-minute orders by men no doubt. Here are some very telling charts for three of the websites monitored, Flower.com, Justflowers.com,  Sendflowers.com.

These three sites clearly illustrate the increased load these sites are subjected to, and that it can actually noticeably affect the performance of a website. ( With the images fully loaded, the overall load time was even slower.)

Out of the websites monitored for this survey, 1800flowers.com clearly stood out for two reasons. One was that it was generally much slower than the others, and second because it recorded a significant amount of downtime. More than eight hours in just the past few days, most of it on Friday afternoon, US time, when it was unavailable for four hours and then even more later in the evening.

Another site that also had downtime at a very bad time, almost and hour-and-a-half spread over the day on February 14, was 1stinflowers.com.

There were sites that worked just fine, with no noticeable issues. These included Proflowers.com, Shop.marthastewart.com, Hallmark.com and Findaflorist.com.

Downtime and slowdown can, and will happen to all websites. However a flower website having problems during business hours on Valentine’s Day is a prime example of bad timing. A slow website will turn away customers because it’s the equivalent of poor, slow service.  A crashed website is not only embarrassing, but is the same as completely closing shop with a big sign saying: “Go to some other shop and spend your money, we’re closed!”