Category Archives: Web Hosting

Mass hacks – Not in our House!

From a recent Slashdot article:

More than 70,000 websites were compromised in a recent breach of InMotion. Thousands of websites were defaced and others had alterations made to give users a hard time accessing their accounts and fixing the damage. A similar attack hit JustHost back in June, and in a breach of Australian Web host DistributeIT just prior to that, hackers completely deleted more than 4,800 websites that the company was unable to recover. The incidents raise concern that hacker groups are bypassing single targets and hitting Web hosts directly, giving them access to tens of thousands of websites, rather than single targets. While the attacks have caused damage, they weren’t as malicious as they could have been. Rather than defacing and deleting, hackers could have quietly planted malware in the sites or stolen customer data. Web hosting companies could be one of the largest holes in non-government cybersecurity, since malicious hackers can gain access through openings left by the Web host, regardless of the security of a given site.

We’ve already closed these holes.   Are you really still hosting your sites with the volume-based hosters!

~ Oban

Oban Talks Hackers 2011 New Mexico Tour

A web site owner

The “Oban Talks Hackers 2011 New Mexico Tour” continues this Friday, June 3rd at the prestigious Hotel don Fernando de Taos at 11:30am.

Its $15 for Taos Chamber of Commerce members to attend and $20 for non-members.  Note that this loot doesn’t line my pockets, it goes toward the fantastic hotel lunch that you’ll be served while I dissect how hackers will get into your site and make your life miserable.  The details about the talk are here:

Please RSVP to Steve Fuhlendorf at

If enough people RSVP we’ll do a live webcast of this event as well.  i.e.  It’ll be blacked out just like a big sporting event unless it sells out locally, so RSVP!


~ Oban

PowerDNS migration creates bug ripples


There is nothing more tricky and fraught with potential problems than DNS upgrades.

This week we migrated from BIND to PowerDNS.  Prior to the migration we dutifully tested PowerDNS on different servers, in different configurations, consulted other sysadmins who were running PowerDNS, and found all tests to be working flawlessly.

So we went ahead and upgraded all three of our DNS servers from BIND to PowerDNS, and watched…

Continue reading PowerDNS migration creates bug ripples

The most secure shared hosting – Brownrice!


Until recently our shared hosting servers suffered from some of the same vulnerabilities that many of the volume-based hosting providers do.  Namely, if one site on a shared server was hacked it was possible for the hacker to deface other sites on the same server that had files or directories with loose permissions.  I.e. 777 permissions.

Yep, even if you diligently keep your site and code up-to-date your site could still be hacked because someone else’s site on the same server was hacked.

Ugly, eh?

Read about this nastiness in action at Network Solutions, Bluehost, Dreamhost, and GoDaddy here: Continue reading The most secure shared hosting – Brownrice!

Can’t login to Squirrelmail!

Squirrelmail, aka “The old webmail,” has gone wonkey on us as we migrate it to more robust servers and upgrade it.  i.e.  Its online but its broke.  So don’t use it.

For the four of you who actually use “The old webmail” to read your email, I apologize.  In the meantime you can use the real webmail, here.

We’ll update this blog, and our twitter account, when its fully functioning again.

Better uptime than Google, Rackspace, and Amazon?

Smooth Flying
Better than Air Kazakstan!


In 2009 Brownrice provided our hosting, co-location, and virtual server customers with 100% network up-time for the entire year – soundly besting the volume-based hosting companies.

OK, full disclosure: Our network was down for a total of 3 minutes and 11 seconds for the calendar year.  I think that was when Dave rebooted one of our main switches.

How did we fair against the big boys?

Google had multiple network outages.  Amazon’s cloud went down.  Rackspace had multiple extended network outages which brought down many of the biggest sites on the internet.  Many hosting providers who co-locate in the Rackspace data centers suffered from their outages as well. And Dreamhost – who advertises a goofy 100% up-time guarantee (read the fine print, it’s funny) – seemed to have nearly daily network failures.

Why is our up-time so good?  Because our network is quadruple-redundant, impervious to fiber cuts, and because we are small.

Why is being a small provider good?  Because we run less than 100 servers – instead of hundres of thousands – most of which are in our own, on-site mini data center, where the size of our operation allows us isolate and fix problems extremely quickly.

I’ve always known that our staff is smarter, more experienced, and provide better – and friendlier – support than the volume-based hosting companies.  Now the raw data is proving that we are more reliable as well.