Hey Everyone! We’re going to be doing a server migration for Montreal customers next week. All Montreal customers should have received an email with details. If you want more details please submit a ticket.
Kickassd.com … New Update from the new owners!
Hello Ben Wade here. It’s been about a month now that I’ve been the owner of Kickassd.com. I’m absolutely loving it, and you guys are great customers!
Here’s an update of what’s been going on. Bobby and I have been diligently at work learning the new system here at Kickassd.com and getting to know you all and how you all operate. Like I said, it’s been a great experience. In the next coming weeks (possibly months) we’ll be moving sites around to different servers in our infrastructure to cut down on costs and greatly optimize things. Frankfurt server will move to another server in Frankfurt and Montreal will be moving to New York City. So not much further. We may need to ask you to update and/or access your cloudflare zones if you’re using cloudflare as your dns provider. There will not be any speed decreases. In fact, you may actually experience faster speeds after the transfers. Also there shouldn’t be any downtime, but we will notify you if there is any maintenance downtime. We’ll be performing the moves after business hours.
If you have any questions you can contact by any of the following ways. Bobby Broughton is my lead support tech so he will be taking care of you like Chuck did.
Regards,
Ben Wade
Please use one of the following methods to get into contact with us:
- send an email to support@kickassd.com
- Login to Your client area and submit a ticket
- use livechat on our website. https://kickassd.com
Updated Terms of Service and Privacy Policy: Kickassd is still fully GDPR-compliant!
The General Data Protection Regulation, or GDPR, is the new important regulation for data privacy. Originally approved back in April 2016 by the EU Parliament, the GDPR is coming into effect on the 25th May 2018. It replaces EU legislation that was established over 20 years ago in 1995 which was severally outdated in the fast changing world we live in nowadays. The GDPR is very broad in scope and can apply to businesses both in and outside of the EU.
Updates to our Terms of Service and Privacy Policy
We at Kickassd have always been committed to protecting any data that we collect concerning you. Today, we are updating our Terms of Service and Privacy Policy to match the new requirements set by the GDPR. While we have already followed similar principles as the GDPR for a long time, we have now updated our Terms of Service and Privacy Policy to fully adhere to the requirements also in writing.
What is GDPR and why does it matter?
GDPR is a big change in data privacy regulation and is designed to harmonize data privacy laws across Europe to protect citizens’ data privacy. It provides a set of guidelines and rules that force companies to improve the way they typically would approach data privacy or handle personal data. Part of the legal requirements in the GDPR is the inclusion of Privacy by Design. At its core, Privacy by Design calls for systems to be designed around data protection from the get-go rather than adding it on later as an afterthought. It was passed by European lawmakers to create a harmonized data privacy law across all the EU member states. Its purpose is to:
- support privacy as a fundamental human right;
- require companies that handle personal data to be accountable for managing that data appropriately; and
- give individuals rights over how their personal data is processed or otherwise used.
This creates a dramatic push towards data transparency and user empowerment – which we at Kickassd we applaud! 👏
What is personal data?
GDPR defines personal data as “any information relating to an identified or identifiable natural person.” but what does that mean?
In addition to the kinds of information you might think about such as name, address, email address, financial information, contact information, identification numbers, etc., personal data can also include information related to your digital life, like an IP address, geolocation, browsing history, cookies, or other digital identifiers.
It also could mean information about a person, including their physical, mental, social, economic or cultural identities.
Therefore, if information can be traced back to or related in some way to an identifiable person, it is highly likely to be considered “personal data” under the GDPR. You can find out more about the GDPR here.
What rights does the GDPR provide to individuals?
There are several rights an individual may exercise under the GDPR, including:
- Right of access: Individuals can ask for a copy of the personal data retained about them and an explanation of how it is being used.
- Right to rectification: Individuals have the right to correct, revise or remove any of the personal data retained about them at any time.
- Right to be forgotten: Individuals can ask to delete their personal data.
- Right to restrict processing: If an individual believes, for example, that their personal data is inaccurate or collected unlawfully, the individual may request limited use of their personal data.
- Right of portability: Individuals have the right to receive their personal data in a structured, commonly used and machine-readable format.
- Right to object: Where an individual decides that they no longer wish to allow their personal data to be included in analytics or to receive direct marketing emails or other personalized (targeted) marketing content at any time, the individual may opt out of use of their data for these purposes.
Please note that these rights are not absolute, and limitations/exceptions may apply in some cases.
If you exercise any of the rights that we mentioned above as an individual customer or representative of a customer, Kickassd will respond in accordance with our Privacy Policy. The Kickassd Privacy Policy explains what information we collect about you as a Kickassd customer and how your personal data may be used or shared by Kickassd. We suggest that you review how this applies to you. Note that we will be updating our privacy policy to align with GDPR. No worries, though, we’ll send all users a notice letting you know that it will be changing, so you’ll know what to expect.
Where required, we will also support you, as a Kickassd customer, in fulfilling GDPR related data subject requests you receive from your contacts.
However, access to personal data of domain name registrants may be granted when such access is necessary for technical reasons such as for the facilitation of transfers, or for law enforcement when it is legally entitled to such access.
“Controllers” and “Processors”
Generally speaking, there are two types of parties that have a responsibility regarding the handling of data: the “controller” and the “processor.” It is important to determine if you are acting as a controller or a processor and understand your responsibilities accordingly.
A “controller” determines the purposes and means of the use of personal data.
A “processor” on the other hand, only acts on the instructions of the “controller” and processes personal data on their behalf.
Kickassd can be either a “controller” or a “processor” depending on the data processing activities that are being performed.
Usually, Kickassd is a controller in relation to the personal data that you provide to us as a customer. In certain circumstances, you are acting as the controller, for example, when you decide what information from your contacts or subscribers is uploaded or transferred into your Kickassd account.
What do I need to do differently to comply with GDPR?
If the GDPR applies to you, there are various obligations you will need to comply with in order to continue doing business with your customers from the EU. Luckily, not all of these obligations are new, so you should be complying with some of them already.
The most important differences in this context are as follows:
- More information about your use of personal data must be communicated to your customers. You should make sure that your privacy notices/policies are updated to reflect the new requirements of the GDPR, including setting out the purposes of your processing personal data, how long you are retaining such data, and what legal basis for use of personal data are you relying on. As a customer of Kickassd, your agreement to our Terms of Service requires you to lawfully obtain and process personal data appropriately, including that of EU Individuals as part of the GDPR.
- You should determine the legal basis for your use of personal data: If you are relying on consent to use your customers’ data you should ensure that the consent you have meets the new requirements of the GDPR . Please note that sending marketing emails or showing promotional content in any form to your customers may require, in certain circumstances, prior opt-in consent from them. As a reminder, you have already agreed through acceptance of our terms of service to lawfully obtain and process all personal data appropriately and have attested that you have permission to expose your customers to promotional content.
- You will also need to comply with the rights provided to individuals by the GDPR. See section above “What rights does the GDPR provide to individuals?” for details.
You should consult with your legal counsel on the above and your other obligations under GDPR.
What To Do If Your WordPress Website Gets Hacked
With WordPress being so popular and the vast amount of themes and plugins, it is a favorite target for hackers. In 99% of cases, your WordPress website is not actually targeted, most of the hacks are automated and carried out by bots.
Why do hackers hack WordPress websites?
Usually, they are using your site to make money. They do this by finding an exploit that allows them to upload file(s) or inject an existing file with their code. The code most commonly used is mailing scripts to send spam and fake login pages for things like banks, PayPal, etc (phishing). They may also insert ads into your website’s files. In the vast majority of cases, we see, your sites are not specifically targeted and they are not actually after you.
How was my WordPress website hacked?
Hackers use bots that scan your WordPress website for vulnerabilities both known and unknown. There are some comprehensive scanning tools out there that will scan your WordPress site for 1000’s of vulnerabilities, and other possible weaknesses such as out of date server software (PHP, Apache, Mysql, etc..). If an exploit is found then the bot will try and use it, usually to upload a script or inject code. Once this has been done files and permissions can be changed/added as needed. Most commonly hackers gain access through out of date WordPress core files, plugins, and themes. Always keep everything up to date and if a plugin is not actively maintained by its developers then you really should get rid of it.
How do I know if my WordPress website is hacked?
In many cases, you will not know. The hacker that is using your website to make $$ will usually try and keep things quiet. Often you do not know until you are notified by us that your site has been compromised. Our systems constantly monitor your websites for suspicious activity such as mailing scripts, mail sending, and many other forms of malicious code. Other hints that something is awry may be:
- Website suddenly showing a white page or 500 error
- Ads and popups that you did not add.
- Decreased website performance.
- Logins stop working and mail recovery of login / password no longer working.
- Your website and or pages of your website redirect to another site.
How do I recover my WordPress website after being hacked?
The hackers usually will hide malicious code (backdoors) throughout your website and they can be hard to track down and eliminate them all. If you miss one they will be back in no time at all. The best way to recover your site from a hack is from backup, but before you do that you need to find out when your site was hacked.
Finding out when your website was hacked
First thing we need to do is find some of the hacked and or compromised files. There are a variety of ways that this can be accomplished:
- Use something like Wordfence to scan for malicious files (careful though it can remove legitimate files)
- Scan for malicious files from SSH (see below)
- Ask us to run a scan on your account
Scanning from SSH is quick and easy, here I will include the 3 most common types of base64 and variations that we see, these usually are enough to help you quickly identify compromised or added malicious files.
Make sure you are in your website directory using the cd command, for example, “cd public_html”
find . -type f -name '*.php' | xargs grep -l "eval *("
This scans for “eval”. This will return quite a few false positives as there are legitimate uses for this code in WordPress. Here is what I get from a fresh WordPress 4.8 install with this command:
./wp-includes/functions.php
./wp-includes/class-snoopy.php
./wp-includes/class-json.php
./wp-admin/includes/class-pclzip.php
These are legitimate and clean files in WordPress 4.8 that come with “eval”. Now lets scan specifically for “base64_decode”.
find . -type f -name '*.php' | xargs grep -l "base64_decode *("
Here again is the results from our fresh WordPress 4.8 install:
./wp-includes/class-wp-customize-widgets.php
./wp-includes/class-wp-simplepie-sanitize-kses.php
./wp-includes/class-smtp.php
./wp-includes/class-phpmailer.php
./wp-includes/ID3/module.audio.ogg.php
./wp-includes/IXR/class-IXR-message.php
./wp-includes/SimplePie/Sanitize.php
./wp-includes/random_compat/random_bytes_com_dotnet.php
./wp-admin/includes/file.php
These are all legitimate files that include base64 in WordPress 4.8. One last scan for “gzinflate”.
find . -type f -name '*.php' | xargs grep -l "gzinflate *("
Again results from our fresh WordPress 4.8 install:
./wp-includes/class-requests.php
./wp-includes/class-wp-http-encoding.php
./wp-includes/SimplePie/File.php
./wp-includes/SimplePie/gzdecode.php
./wp-admin/includes/class-pclzip.php
To verify whether the results are indeed bad files you need to compare them against clean WordPress files. Found some suspicious files in a plugin directory? Download a fresh copy of that plugin and compare the files.
Checking when a file was last changed
Once you have a confirmed list of “bad” files you want to check the date they were last changed, you can do so using the “stat” command.
stat date-test.txt
File: ‘date-test.txt
Size: 17
Blocks: 8
IO Block: 4096 regular file
Device: 803h/2051d
Inode: 27798301
Links: 1Access: (0664/-rw-rw-r–)
Uid: ( 1020/xoiwjrbc)
Gid: ( 1020/xoiwjrbc)
Access: 2017-07-03 08:11:22.511398107 -0400
Modify: 2017-07-03 08:11:22.511398107 -0400
Change: 2017-07-03 08:11:22.511398107 -0400
Sometimes the hackers script will attempt to hide file activity by modifying the Access and Modify time-stamps to match other files on your WordPress installation, but change time cannot be modified. Now that you have a general idea of when files were changed or modified you can move on to the best option of recovering from a hack, and that is backups.
Using backups to recover from hacked WordPress
Due to the complexity and difficulty of cleaning files and databases (yes they might have also added to your database) you best option for recovery is restoring files and database(s) from backup. This is the reason why we went through the above steps of finding a somewhat accurate date as to when the site was compromised. At Kickassd we provide complimentary R1soft backups that are taken daily and stored for 30 days. In the majority of cases a hack becomes apparent inside of that 30 day window, and our R1soft backups allow you to quickly and easily recover your website.
But some hackers will gain access and sit silently for months before using their backdoors. In these cases for most the only option is to clean their website which is a comprehensive and and complex task which is beyond the scope of this article. If you use our hosting services and find this is the case please don’t hesitate to let us know!
Shared Cloud Is The Future
At Kickassd we are always looking for ways to improve our service, and offer you the best possible service. What is the #1 cause of downtime in the shared hosting industry?
Typically shared hosting providers use strictly dedicated servers. When hardware fails on a dedicated server it often means downtime and it can in some cases be a downtime of days. Even if they have backups as they should, restoring that to a new server when there are Terabytes of data and 100’s or even 1000’s of accounts involved takes a very longtime.
As usual we are avoiding the “the norm” and doing things different in order ot bring you the best possible service. Shared cloud hosting has so many benefits that it makes perfect sense for us to go with it. Why are other shared hosting providers not doing this then?
Simple, $$. Shared hosting in the cloud costs the provider a bit more money, and so takes a bite out of the profit earned. This is a hit that we are willing to take in order to offer a better service.
How Does it Work?
With the exception of our Montreal location all of our Elastic Sites hosting is offered in the cloud.
- Each of our cloud servers is replicated across a minimum of 2 physical servers.
- If the physical server our cloud server is on has an issue that causes it to go offline our cloud server immediately and without interruption comes online on another physical server, and replicates to another physical server.
What About Performance?
We are all about performance, and carefully chose our cloud based not only on reliability but on performance. Our cloud is purely ran on SSD storage with cutting edge hardware such as CPU and Ram. Our shared cloud hosting offers the same high performance environment that you have come to expect.
Locations
Currently our shared cloud hosting is available only in Frankfurt Germany. We do not at this time have the option to offer our services as shared cloud in Montreal and that location will remain traditional shared hosting on dedicated servers.
- Chicago is our next planned shared hosting location followed by Amsterdam and London.
As always if you have any questions about our services don’t hesitate to contact our fast and friendly support!
Kickassd Elastic Sites | The Future Is Here
The 2 main reasons people change from shared hosting to a VPS are:
- More resources
- Performance issues
We are happy to introduce “Elastic Sites” which negates the need to move from shared hosting to a VPS. On our servers we run CloudLinux which allows us to isolate users and resources same as a VPS does. With Elastic Sites we offer plans that give you the same power as a VPS will give you, but keep the convenience and reduced cost of shared hosting. If you are a current customer of ours than you know performance is not an issue on our servers.
Kickassd Elastic Sites VS VPS
Pros
1. Setting up and managing a VPS is a ton of work, even if it is managed it will cost you more time, and more money than an Elastic Site. You also have the hassle of transferring your sites server to server. With Elastic Sites your upgrade path is clear and simple, and only a click away. Stay on the same server and just enhance your resources.
2. Elastic Sites reduce your costs in both time and money. To mimic our Big Shot Elastic Site plan on your own server would cost you $90 to $100 just for the server and licenses alone, that is not even managed which would cost at least another $50/mo! Our Big Shot offers enhanced CPU and Ram (2 CPU and 4GB Ram) and all the benefits of our shared hosting at only $71.99/mo.
3. High availability shared cloud hosting. All of our new shared servers are hosted in a high performance SSD based cloud. With a VPS or even other shared hosting you are susceptible to downtime due to hardware failure, something that happens all to often. Our cloud servers are replicated with auto-failover. This means if the server that our cloud server is on fails our cloud server automatically and instantly comes online on another server. This eliminates downtime due to hardware failure!
Cons
Elastic Site may not be suitable if you require root access, or if you require something like Node.js which we do not offer on our shared cloud servers.
For the vast majority of people Elastic Sites are the perfect solution and there is no need to move to a VPS or dedicated server as your site and business grows. There has been an alarming “fad” that I have noticed across different hosting communities where people are recommending to anybody looking for hosting advice that they simply “get a vps”. While they mean well this is not sound advice for anybody that is not an experienced systems administrator. There is an awful lot of work that goes into setting up and maintaining your own server, and it requires a great deal of knowledge and understanding to do well.
Ready to go Elastic?
Easy WordPress Staging With VersionPress
We recently changed the way you access GIT on all of our servers and have also now added wp-cli to all of our servers which makes it easy to setup WordPress Staging and recovery for your WordPress site. To set this up we will use VersionPress which is really an amazing plugin that is extremely well done and efficient.
Install VersionPress For Easy WordPress Staging
Unfortunately downloading and extracting through SSH does not create a clean install as some symbolic linking fails. Installing through WordPress admin remedies this so go ahead and download VersionPress than upload, install, and activate.
You should see it activate successfully. Now in your WordPress admin you will see:
Go ahead and activate it. If it complains about GIT version there are 2 options to fix it.
- Change GIT Version With Alias
- Add the following to your to your wp-config.php:
define('VP_GIT_BINARY', '/usr/local/cpanel/3rdparty/bin/git');
I will use option #2.
nano /public_html/wp/wp-config.php
Now you should be able to proceed with activation after refreshing the page in your WordPress admin area.
Create A Staging Site
Make sure you are in your site directory and issue the command:
wp vp clone --name=staging
You now have a staging site called “staging”.
This creates a full clone including all files, a database, and makes the needed changes to wp-config.php.
Let’s Have Some Fun!
Now to test things out change the theme on your staging site, and create a few posts and or pages on the “live” environment. When ready issue the command:
wp vp pull --from=staging
VersionPress will compare the changes and merge them properly on your live environment, how slick is that. If by chance something does go wrong you can instantly RollBack individual changes or do a complete RollBack to the point before you merged. Such an amazing way to setup a staging environment, and I have just barely touched the surface of what is possible with the combination of VersionPress, wp-cli, and GIT.
Keep in mind that VersionPress is still in development so always have your backups handy just in case (should you forget we have your back), though in my testing it has done its job extremely well and the only real thing I see lacking right now is plugin support. But this is something being worked on by the VP developers and it is expected to have extensive coverage of plugins by end of 2017.
Try this out on our premium Managed WordPress Hosting!
Kickassd Interview With WHSR
I recently had the pleasure of being interviewed by Web Hosting Secret Revealed and I must say it was a pleasure! The Kickassd interview was conducted by Lori Soard who is a writer, teacher of writing, and holds degrees in Philosophy, Journalism, and Creative Writing.
She also has won awards for her books and writing. Lori and Jerry from WHSR are class acts and great to deal with, if you are looking for blog and hosting related information their site should be one of your first stops.
The Kickassd Interview
The interview as you may have seen was very thorough, and it gave me a chance to think about some things I had not thought about in some time. I was forced to revisit my motivations for taking over Kickassd, and revisiting these things has renewed my sense of purpose, and energy.
The hosting market is extremely tough, and in order to make a go of it and be successful requires quite a bit of sacrifice, dedication, and lost hair! It can at times bring you down and wear you out, going back to the roots of why I was doing this has been great for me.
Thank You WHSR, Jerry Low, And, Lori Soard
It has been awesome, and I hope we can do similar things in the future!
Kickassd PCI Compliance Quarterly Scans
We take your data security very seriously, and so one of our steps to ensuring your security on our systems we do quarterly PCI compliance scans on all of our servers and client portal. We couple these with intensive internal security audits to make sure we are doing everything possible to keep you and your data secure.
The fact that all of our servers are PCI compliant also means that you have the ability to take Credit Card information and payments on your site legally (as long as your software is also PCI compliant). Our quarterly PCI compliance scans have come back all green, and our internal security audits as well.
There is a recently completed scan on our billing and client portal. If you have any questions or concerns please don’t hesitate to contact us an let us know, either through ticket or our Slack chat.
Kickassd Slack Chat Rocks | Join Us!
Slack is awesome, and so we decided to setup a channel where not only staff, but our customers as well can hangout and chat in real time. We want to get to know you as we hope you would like to get to know us. This is an awesome way to stay up to date in real-time with what is happening with Kickassd. The channel has Live Twitter feed from our Twitter account, live announcements from our external monitoring system (UpTimeRobot), a Chuck Norris bot, and we are constantly adding things to make it more entertaining and useful.
Note: Please note this chat is not for obtaining support, for that please submit a ticket as usual 🙂
Bots And Commands
Who doesn’t love Chuck … Norris! Just for fun we have a resident Chuck Norris expert and you can call on his expertknees by using the following commands:
/chuck
/chuck -cat
/chuck {category_name}
/chuck ? {search_term}
Slack has apps for your Desktop, Android, Iphone, and more so it is easy to stay connected and be notified of events.
Ready to join us?
Send an invite request to invites@kickassd.com and we will send you an invitation to join us!
- 1
- 2
- 3
- 4
- Next Page »