As a web designer I get asked certain questions more than others. What’s an Internet? Why are you so pale? What web host is best? I used to think I knew the answers to these questions. I’m not so sure about the last one anymore.
It’s so easy to write a disgruntled hatchet job about a product or service, just look at Yelp. So I am making a conscious effort to tell the story of the collapse of my opinion of the once venerable MediaTemple hosting service.
I used to describe them as the “The Gold Standard” of web hosting. It seemed like everyone who was anyone on the web was hosted at MediaTemple. Sony, Adobe, Starbucks, and Toyota adorn their client list, and that little (mt) logo appears on countless respected sites. I remember seeing it and wondering what club I was missing out on.
I wanted SSH and fancy doodads and I was willing to pay for it. I decided to give up my HostGator, and I upgraded to the best. Life was good. I had everything I needed. I had swift, informed responses to my support requests. I had web-based tools to accomplish almost any task. How did I ever live with this level of service?
Service isn’t everything. September of 2009 the outages begin. High server loads and severe latency caused incident reports to begin cropping up. My sites slowed down and became unreachable. MediaTemple repaired the issues and I was very quick to give them the benefit of the doubt. I mean, even Google goes down sometimes. Right?
In December the servers got hacked. We weren’t told how this occurred, but we were told that there was an “exploit affecting Storage Segment 01 on Cluster 05″, which was my home. This wasn’t a matter of a door being left open in my code, this was a server exploit. Files were overwritten. Data was deleted. Then the kicker: They couldn’t find my backup. The good news was that I keep backups, but data generated on the server was gone forever. They were very sorry. They gave me some service credit.
In early March, load balancing errors take my sites offline once more. All my service requests were replied to with links to the support incidents. We were all glad to hear that “The odds of a recurrence are minimal”.
Mid-March their servers get hacked again. Apparently a brute-force attack against the database servers allowed attackers to insert arbitrary code into our sites. We are now all required to change the passwords for our database users. Classy.
It is currently March 19th. All my sites are down. No one has any idea why. I can’t get to my WordPress installation, which is why I’m currently writing this post in TextEdit.
I don’t know how to move forward. The bells and whistles don’t seem to mean anything if the server isn’t up. If you can’t secure your systems against a brute-force attack, what the hell can you defend against? Switching hosts is an enormous hassle, but staying onboard isn’t exactly hassle-free. And frankly, I got no place to go.