

An Open Letter to Rackspace Cloud Hosting - bensummers
http://www.snipe.net/2010/01/an-open-letter-to-rackspace-cloud-hosting/

======
fookyong
I fail to see how this has anything to do with Rackspace.

They are there to provide infrastructure, not to support you on an application
level.

Rackspace's responsibility is to keep the infrastructure running and help with
backups if you are compromised. They aren't there to fix your wordpress
plugin's spaghetti php.

FWIW I used to run a dedicated box with Rackspace and now run about half a
dozen cloud servers with them. I think they are pretty great, personally.

If the OP wants ssh, logs and all that - fire up a Cloud Server and you have
an instant linux box of your flavour preference. Stop using Cloud Sites if you
want more control. You're using the wrong product.

~~~
leftnode
Exactly. If you want that access, go over to Slicehost (also owned by
Rackspace), get a 1024 slice, and you now have full root access to everything.

I've been running several WP blogs on it for a while with no problems.

I do agree that Wordpress isn't the best platform any more. It's too big, and
with over 100k lines of code, it's tough to keep it as secure as it needs to
be.

Also this guy doubts the WP-Supercache plugin as the vector, but wasn't that
the vector for the Techcrunch hacks?

------
jcapote
With wordpress's track record, you should _expect_ your site to get hacked at
this point. Migrate to a less vulnerable platform or go static.

------
PatrickTulskie
Looking through the comments on this article, it seems like there is more to
the story. Looks like the OP has been having a lot of issues with service, CS
response time, and cooperation when dealing with security issues.

I don't think it's RS's responsibility to figure out what's wrong with your
application, but I can understand the frustration one would have when
confronting a breach and not having the tools to deal with it.

------
Sejanus
A number of Rackspace hosted sites are reporting problems like this, unrelated
to WordPress vulnerabilities.

So calm down with the WordPress crying (yes, its basically a dropper) as it
may let an unrelated vulnerability off the hook.

