
Media Temple Hacked - ctingom
http://michaeltorbert.com/blog/media-temple-hacked/
======
leftnode
At my last job, my boss insisted on Media Temple because they had "good spam
filtering and the GridService is fast." Unfortunately, neither of those are
true. I had a horrible experience with them, response times were slow, and I
would never recommend them to anyone.

The real solution, of course, is to use Slicehost (or any of the other virtual
machine hosting company's) and Google Apps for email which has unparalleled
spam filtering.

While I'm not glad they were hacked, I do hope that people start realizing
they're not all they're cracked up to be, and just because they have a fancy
website doesn't mean they're that great a service.

~~~
tengkahwee
I left MT for Slicehost too.

~~~
mikeyur
Me three. After the huge grid failure. Moved to Slicehost and Webfaction.

------
petervandijck
I thought MT was good when I was using them, but once the site got a little
bigger I moved to EC2 and have never looked back. Much faster and much
cheaper.

------
mattmanser
"In my entire life, I’ve never heard of a company storing passwords in plain
text"

He needs to get out more. Happens all the time I reckon. Someone throws
together a prototype with plaintext username/password column on the person or
user table and 10 years later it's still there. I have personally seen this at
two different companies.

~~~
bigiain
Also, hashed passwords aren't all that much better these days - I know of a
vBulletin forum that got penetrated recently, and did a bit of digging about
how it stored passwords - MD5(MD5(password).salt) or somthing similar -
doesn't seem to stop prople with something called passwordpro from
bruteforcing passwords from hash:salt combinations - even things that don't
look particularly prone to dictionary attacks seem to be getting answers in
24hrs or so on various forums...

I'm wondering whether I trust myopenid or google's openid service enough to
centralise as much of my online authentication there as I can...

~~~
shpxnvz
Still, 24 hours is undoubtedly better than 0. It could mean that the attack is
discovered in time to warn customers.

------
Brentley_11
Just a heads up, the injected links are not always in the footer. I just
noticed on one of my sites that the injection was somewhere in the middle.

------
jrnkntl
MT = Marketing Temple. I doubt there are some competent tech people over
there. It's like those unlimited bandwith sites like site5.com , hostgator.com
or servage.net but then, a bit more expensive, better designed and with a more
loyal (and more known) user base.

~~~
Zak
I occasionally do some development work for a web design company that has most
of its clients using MT for hosting. MT is expensive, but their customer
service is actually quite good, their techs are knowledgeable and their web
based admin tools are nicer than what you usually get from discount web
hosting shops.

~~~
chime
> but their customer service is actually quite good

I would personally disagree with that. I know I'm just a datapoint of one but
every single time I've created a ticket on (mt), it takes 3-12 hours before
anyone even replies back. Phone calls take 30-60 minutes before a tech answers
and they don't always appreciate when I inquire about an open ticket because
I'm supposed to wait 12 hours when all my sites are down. I have had 3
different accounts (personal + job + projects) and experienced slow ticket
response times on all of them. I've created tickets for real, technical
problems with my account that were beyond my control and was treated like it
was all my fault. Looking over at some of my past tickets, here are the
subject lines:

> All my sites are extremely slow on this account

> All my sites are down!

> As of 9:15am EST all my sites are running painfully slow

> URGENT: What happened to all my sites?!!!!!!!!!!

There's not much I can do when I go to mydomain.com and find "Index / not
found" other than post a ticket. And it takes 2 hours before someone responds
with a canned "Please check if you uploaded your files correct." Actual
resolution takes another 6 hours.

I am still with (mt) and have no plans of switching right now (too much work)
but that's only because nothing has gone wrong in a while and everything seems
to be working at the moment. It's only time before I get frustrated or lose
money due to the long waits and decide to switch. I have worked with many many
hosts over the past decade and I'd say (mt) is pretty close to the bottom.
Sorry, didn't mean to bad-mouth a single company but I just wanted to justify
why I disagreed with your comment.

~~~
aarongough
Switch to Hostgator. They will migrate your previous hosting setup for free
after you buy an account. Their most expensive shared plan is only $13 per
month. And their support is generally fantastic.

I'm not associated with them in any way other than being a customer... And I
(and my company) have been a customer for over 4 years.

------
ladyada
I'm a major fan of ServInt...after being nudged off LaughingSquid for taking
too much bandwidth I was pointed to (mt) but found they didn't do server-side
backups and were demure about their tech support. Servint is more expensive
and its a VPS so you have to do some more work, but they've been -excellent-
at customer support with fantastic response times and smart staff, they really
do have daily backups (which we've used in our darkest moments), allow ssh
access (OMG, so useful), 4 static IPs, 'infinite' virtual sites, and can stand
up to a slashdot/engadget/boing/etc storm all at the same time. Anyways, I'm
picky and have had nothing but good experiences with 'em.

------
mtscott
Hello,

We appreciate your comments and concerns. We've updated our security post
hoping to answer several of your questions.

Please read <http://bit.ly/4A2loF>

We'll continue to update there with more information and answers to your
questions as needed.

Scott D. (mt) Media Temple

