We’ve been noticing that more and more people are switching to Google Apps Standard. After all, its cool, the standard edition is free, and they have all those awesome little Labs things.

We’ve also been noticing that people are nearly baffled to utterly baffled at times as to what, precisely, Google is asking them to do with regards to MX changes, cname additions, and so on. Usually, it takes multiple tickets back and forth to finally get it all set up and running. We eventually realized that we could do this far faster than you all could, and we also have direct access to edit the DNS records, which you all do not, so we’ve decided to implement a service at no charge to do it all for you, and hand you a Google Apps enabled domain back.

If you would like Google Apps installed on your main domain, or your add on domain, you can fill the form out here and we’ll do it for you.

What are some reasons that you would want Google Apps?

• POP (receiving email), IMAP (receiving email), and SMTP (sending email) are all figured into your bandwidth, your CPU use, and your memory use. Offloading your email processing to Google Apps can help higher resource sites bring down their resource usage.
• Google Apps Standard Edition comes with 7335 Megabytes for each email account, and up to 50 accounts can be installed with the free standard version. That 7 Gigs per account housing your email is 7 more gigs on the server that you can use for other things.
• Google Apps Webmail is, without a doubt, faster loading than our webmail. If you are a webmail user, its highly likely you’ll be happier with Google Apps performance since webmail here is simply one more thing running on the server, and Google Apps mail servers are devoted solely to churning out that email.
• It seperates out your mail and your site – if your server goes down, or if (gasp!) your site is suspended, your mail will still happily hum along.
• If your site is ever compromised, you don’t have to worry about the privacy of your mail. Well, not from the compromise, anyway.

What are some reasons that you wouldn’t want Google Apps?

• DrakNet will not support email problems that you have. If you have problems with delivery, with sending, you’ll need to go to Google for support. The only thing we will have is the DNS record pointing your email delivery that-a-way.
• If you’re going to go over 7 Gigs in your email, the Standard Google Apps won’t work for you for long, and upgrading is $50 per user per domain per year.
• For some reason, you just adore Horde.
• If you have Mailman mailing lists, they will no longer function.
• You just plain old hate Google.

If you decide to give Google Apps a whirl, fill the form out here, and we will get your Google Apps account, verify the domain, set up the administrator email for you, change the MX Records, install any custom URLs you want for any of their services, and change your SPF record at no charge.

Last night was billing invoicing night, and we’ve implemented some changes that people have been asking for.

One is that if you have an invoice generated, you get a notice – we’ve had this request quite a bit, even for the zero balance invoices that are generated every single month even when you have nothing at all due. So, a lot of you that have never seen an invoice notification except when you have a balance due got one last night. You would not get regular invoice notices previously if you have a lifetime account, or because you pay anything other than monthly. The purpose for this change actually made sense when people asked for it, for numerous reasons.

The first is there’s a small group of people that actually forget they have an active account, especially if they paid for two years and then forgot it. These notices can prompt folks to deal with their accounts, either by starting to work on their site, or canceling early to avoid any risk of further charges for a site that they no longer desire to have. Not sending notices for zero balance invoices and not sending out newsletters through billing (instead using news alerts like this) meant that for some, their account kind of went into stealth mode where they could just forget about it.

While common business wisdom dictates that your favorite customers are those that pay you and then ignore you, the simple fact is that forgotten sites present some level of a security risk to the servers. If people are not going to actively use the sites and what’s more, install things that they do not actively manage, we really don’t want them installed. So, this serves as a reminder of “Hey, you have a site!” so that people will be reminded that it should be looked at, or canceled if it no longer serves its purpose.

The second thing that helps is that we will get bounces – if your email is not up to date, especially on the longer billing periods, we’ll know early. We can start looking at the site to see if there is an alternative email listed, or search for a contact email in other ways. It’s imperative we have a valid way to contact everyone that has a site hosted here, and when we need to contact you is not the time we want to have to start trying to hunt you down.

And the third purpose is simply so we can impart little reminders that there is news and information available on various places like Twitter, this blog, and the Network Page. We still get emails regarding changes made in 2007 that people didn’t know about because they didn’t follow the links in their cPanel to keep up with the news. This will be an understated way we can email the pointers to that info without having to condense all of this into newsletter updates.

DrakNet introduces the “55″ account – that’s right, just “55″. No cutesy names. Just plain ol’ “55″.

Pay $55 flat per year, and get an introductory hosting account that will cost you little but give you an enormous amount!
You get:

• 2 Gigs of Disk Space
• 50 Gigs of Bandiwidth
• 20 Parked Domains
• 20 Subdomains
• 20 MySQL Databases
• 20 POP Accounts
• 20 Mailman Discussion Lists
• 1 Soholaunch Pro License

All for a flat $55 per year (domain name not included). This account can only be paid for annually or every two years – it cannot be purchased monthly, quarterly, or semi-annually. If you choose another billing frequency on your order form, the account will still be charged annually. As this is an Introductory account and due to its low cost, current accounts cannot be downgraded to it, and coupons cannot be applied to its fees.

Now, those of you that have been with us for a while are, admittedly, probably scratching your head – it resembles both the old “Intro” account in pricing scheme (can’t be downgraded to, must be paid annually only), and the old Junior account (which was $5/m or could be paid annually for $54/yr). You’d be correct – it was created to be a hybrid of the two.

Our Junior accounts were extremely popular – however, those that paid monthly and who’s cards repeatedly got declined would very quickly turn into a bare minimum of profit for us. Throw in a couple of tickets, and we were essentially paying you to host here. The Intro Account, bless its cheap little soul, was almost always a loss and continues to be for those that are still left here for the most part. We had thought it was a way for folks to sample our wares and then upgrade when they liked us – to our surprise, most of you stayed there, quite happy. The problem with that was that razor thin margins affect our non-profit program substantially, and it doesn’t pay for shiny new servers or cooler offerings.

And let’s face it. We’re geeks. We like new bright and shiny toys, and we like giving you new bright shiny toys. We’re much like frantic ferrets in that way.

The new “55″ account is a flat fee account that must be paid annually, removing the huge chunk of revenue we lost to the gateway fees every time we charge (or, ok, try to charge) a card, and is a financially feasible account for us to support. It also tends to be what drives our growth so you may see it periodically disappear if its installs begin to outpace our comfort level – we are very much focused on controlling growth, and server population, at a reasonable pace.

Those of you on Juniors already paying annually may want to compare the allotments with the new account, and your cPanel, as you may come out ahead on the new “55″ account vs. what you have now depending on what you use and how you use it.

We have implemented a comprehensive update to our mod-security rule set due to high resource usage from comment spammers, as well as forum/software exploitations. As with all mod-security rule set changes, there is a chance that tight rules can interfere with the normal operation of your site in some cases.

If you are having problems with error 403 Forbidden or other problems that happen once in a while for mysterious reasons, the apparent error that is generated is normally a page saying:

• 500 Internal Server Error
• 403 Forbidden: You don’t have permission to access on this server.
• Not Acceptable: An appropriate representation of the requested resource could not be found on this server.

You’ll need to contact support with the location of the file that you got the error on, or the IP address of the person that got the error if someone is reporting it to you. We will then look in the logs and see what security rule is causing the error, and remove it or write an exception depending on the severity of the risk.

---

Update: note from Network Status Blog Moved here:

We have had two reports of folks that have gotten mod-security errors on their entire sites, as well as our drak.net site, since our implementation of the expanded and stricter mod-security rules. We have left this backup server with the old rule set to enable folks to check on what’s going on here.

Apache now gives errors for anyone attempting to contact it who’s IP address is located on the Spamhaus SBL or XBL list. The SBL is a realtime database of IP addresses of verified spam sources and spam operations (including spammers, spam gangs and spam support services), maintained by the Spamhaus Project team and supplied as a free service to help email administrators better manage incoming email streams – we are now applying it to Apache as well. The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits – again, this is now applying to Apache as well in hopes that this will dramatically scale back the amount of attacks and comment spam on the server.

The XBL wholly incorporates data from two highly-trusted DNSBL sources, with tweaks by Spamhaus to maximize the data efficiency and lower False Positives. The main components are:
- the CBL (Composite Block List) from cbl.abuseat.org
- the NJABL Open Proxy IPs list from www.njabl.org.

The CBL List has caught two of our own clients. What the CBL list does is take its source data from very large spamtraps/mail infrastructures, and only lists IPs exhibiting characteristics which are specific to open proxies of various sorts (HTTP, socks, AnalogX, wingate etc) and dedicated Spam BOTs which have been abused to send spam, worms/viruses that do their own direct mail transmission, or some types of trojan-horse or “stealth” spamware, dictionary mail harvesters etc. The CBL also lists certain portions of SpamBot infrastructure, such as Spam BOT/virus infector download web sites, and other web sites or name servers exclusively dedicated to the use of Spam BOTs. Considerable care is taken to avoid listing IP addresses that have are or are likely to be shared with legitimate use.

If your machine is infected, you may be on the CBL list as a known part of a botnet even if you have no idea you are part of one. If a machine sharing your IP address at work or at home has performed actions as part of a botnet whether deliberately or because you have infected computers, you may be on this list. If you are accessing your site from a public place like a coffee house or public wifi, you may get 406 errors and apache may refuse to allow you to connect to your own site if you are coming in from an IP address that is a known risk. The CBL does not block IP ranges, only specific IPs that have evidenced the behavior they outline.

You can check your IP against Spamhaus here, and against the CBL list here. If you are on the CBL List, DrakNet will not whitelist your IP. If your computer is infected, you are putting your own site and your visitors and our servers at risk. You can read the DrakNet blog here regarding what a botnet does and some of the risks to your site here. You will need to secure your network, and remove yourself from the blocklist (there are directions on the site) in order to view your site on our Network again. If you are blocked at a public wifi spot, choosing another will likely clear up the issue.

DrakNet is now offering premium SHOUTcast hosting packages on our new server, espeon.drak.net.

What is SHOUTcast, you ask? SHOUTcast is a multiplatform digital audio streaming technology developed by Nullsoft. It allows audio content, primarily in MP3 or AAC format, to be broadcast to and from media player software, enabling hobbyists and professionals to create Internet radio networks with little fuss and not a huge amount of difficulty.

What is a shoutcast again?

A shoutcast is an audio internet “broadcast” similar to a radio station broadcast. SHOUTcast`s technology for audio delivery is MP3. All accounts that we provide can deliver audio or video live or on-demand.

Are the licensing fees included in the price for the SHOUTcast Streaming Server?
No, licensing fees are not included. Please contact Broadcast Music, Inc. (BMI), or The American Society of Composers, Authors and Publishers (ASCAP) if you wish to broadcast copyrighted music.

How do I broadcast to your SHOUTcast Server?
Broadcasting to our SHOUTcast hosting servers is not tough at all. You will first have to have a compatible player (for Windows, this is usually WinAmp) and the SHOUTcast DSP plug in installed on your computer. Once the plug in is installed, you will configure it to use an IP address we assign to you and a username and password to connect. The live content that you play is streamed to our servers, and available for others to connect and listen to.

What is DNAS?
DNAS is SHOUTcast’s Distributed Network Audio Server. It’s the software that runs on our servers, and it is responsabile for receiving the audio from you, the broadcaster, updating the SHOUTCast directory with broadcast information (titile, artist, bitrate), and then sending the broadcast to your listeners.

Can I broadcast at 128kbps or more? I want it to sound awesome!
Yes, you can – but keep in mind that you will consume more bandwidth the higher your bitrate, and higher bitrates do cost more.

Do your SHOUTcast accounts come with a Dedicated IP or is it shared?
Yes, all accounts have dedicated IPs included since that does produce superior station performance.

How do listeners tune in to SHOUTcast broadcasts?
By using a media player compatible with streaming MP3 audio. Recommended players are:
  Winamp for Windows.
  Audion for Mac.
  XMMS for Linux/X Windows.
WHMSonic, the cPanel Management tool for SHOUTcast stations, will also allow you to create a flash player and various tools that you can place on your web site if you also host your actual site here along with your station to make sharing with your listeners much easier.

Contact us if you have any questions regarding this new offering!

While the title of this is a joke, somewhat, I read a fascinating white paper published by the University of California, Santa Clara that outlined something near and dear to my heart – security.

The White Paper is located here, and while I recommend that everyone reads it, I also realize that most of you would start and then your eyes would glaze over in stark incomprehension, so lets hit the high points with regard to how what they found relates to you, and to us.

In short, UCSC managed to take over the Torpig Botnet for 10 days, and were able to study precisely how it infects, what it does, what it collects, how it communicates, and perhaps most relevant to you as Internet citizens, how you people make it easier for the Botnet to exploit and steal your sensitive information and use your sites to infect others.

Torpig starts on legitimate web sites – your web sites, our web sites, any web sites it can get to. The HTML is modified without your knowledge to include Javascript that instructs the web site visitor to download exploits that then infect their machine if it can. Eventually, the payload end results into the replacement of your applications with infected ones. UCSC found that in addition to replacing Windows system files, the botnet replaces: Internet Explorer, Firefox, Opera, and FTP clients like Leech-FTP and CuteFTP, and email clients like Thunderbird and Outlook and Eudora, and Instant Messengers like Skype and ICQ…

Yeah, it takes over. Silently.

The #1 Exploit we see on DrakNet, the #1 thing that we see happen to people’s web sites, the #1 thing that people have done to their sites is an FTP Exploit. And I don’t mean we get hacked. I mean computers from all over the Internet log in via FTP with legitimate credentials you picked and you store and you use, and begin changing your HTML Code, and uploading phishing pages to your site.

And hopefully we find them – and then we suspend you.

And you call us up and scream at us because you assume that its our server that got exploited – after all, there is the phishing page on your site!

For about a year now, I have had a mechanical, monotonous speech that I can rattle off in an attempt to explain that no one brute forced into your web site. We automatically firewall people so fast that the chances of that happening are next to nil. The cracker would have to be incredibly insightful, or incredibly lucky, to brute force or crack a password, because you try 5 times and we nuke you. OK, or we left the firewall off – but we don’t leave the firewall off. I know, sitting there, that the person yelling at me likely has their hands resting on a keyboard connected to a compromised machine, or gave the passwords to someone on a compromised machine.

I also know that the chances of them believing me are next to nothing. They don’t see it, so they don’t believe it, and its not THEIR machine acting funny, its their site.

To be frank, folks, this study feels like vindication. I have the urge to bold “I told you so! Sheesh!” and do the nyah nyah nyah dance. The fact is, though, its really not something I am jubilant about – we lose those clients, either because they leave in a huff or we ask them to leave because they cannot and will not abide by the security protocols we require and will not disinfect their machine (or they send us a printout showing rootkits were found by the virus program but were “disinfected” or “quarantined” so we should let them back on).

We’re a business. We don’t like to lose clients, and we don’t like to lose money, so this situation isn’t really vindication – but it does give us documented proof that the security of your site in many respects rests as much with you and your behavior on the Internet as it does with us.

UCSC studied you all, too. And they came up with some conclusions.

Out of the infections they studied, 10% of you actually discussed and were concerned about security – and yet had no idea the machines you were discussing security on were machines that were were infected. 28% of the victims re-used passwords. 40% of you used passwords that were so weak, they could be hacked in less than a minute – they shoved 173,686 passwords into a cracker, and in 65 minutes, got 56,000 passwords back. Another 14,000 were recovered in the 10 minutes after that – and 30,000 additional passwords were recovered in the next 24 hours.

That’s 6.9 passwords a minute. That’s 8.6 seconds per password on average.

Eight Point Six Seconds Per Password on Average

We employ a lot of security to try and stop attacks and exploitations. We use suPHP, mod-security application firewall, a software firewall, obscenely long passwords and changed ports, forced password strength, and a number of other things to to try and make the servers secure. Our rules and requirements on behavior here on our boxes are much stricter than many, many other hosts, and we don’t apologize for that – we’re not the host for everyone. You can’t do whatever you want here. Our servers run well, and our sites and servers crash much less than many other hosts. There’s a reason for that.

We are, though, only part of the equation and our implementations can only do so much. Your Internet behavior, your personal security practices, are paramount in keeping your site safe, and this is one of the single most common exploits we see – and as you can see from how this actually happens, there’s not a darn thing we can do to prevent it. It’s up to you - your practices, your password choices, your security software.

So, now that we’ve lectured you, what do we do to keep our computers safe?

1. Keepass – KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). We do not store passwords in plain text, in software programs, in browsers. Nada. They are all encrypted, so if we’re ever exploited, they’re not “get-able”, at least for now. (There is 1Password for Macs – thanks to Adam for reminding me that its not entirely the Windows people’s fault – though it mostly is. )
2. Kaspersky – We never, ever, ever run without Kasperky Internet Security. Ever. It’s my personal favorite, and if I could get it for my house itself, I would. One of the biggest problems we see is that people have a virus and malware scanner running weekly or so, but they run rampant all over the Internet with no constant firewall protection that gets things as they come in. If you run with a scanner, and it shows a rootkit, I don’t care WHAT your program says about how it quarantined this file and that file – you are very likely screwed already, to put it bluntly. If you have a rootkit, you nuke and rebuild (and overwriting and wiping the drive with dban for good measure is a good idea). Anything less is false security. The infection will very likely reinsert itself at the first possible chance it has. You don’t have to use what we use, but you need to use something all the time, every day, whenever you are connected to the Internet. Always. Without exception. And keep it updated.
3. Use Strong & Different Passwords for EVERYTHING – If I had a dime for everyone who asked me to change their password to something like pencil1 in cPanel (like their password is in billing), I could retire. My rule is if you can easily remember it, it’s bad. Use a site like password meter to learn what a good password is, or to generate one – Keepass is awesome for this as well, as it generates them for you as well as remembers them in an encrypted format. But whatever you do, don’t use pencil1 on everything. Oy vey. Please, don’t.
4. Don’t store passwords unencrypted – The programs that let you save passwords are convenient, aren’t they? Yep, they are – and for more than just you. If you wouldn’t post it on a web site, don’t store it plain text.
5. Know Your Site – Actually look at the file change dates on your site once in a while – did you last update that file in September 2008? Well, then why does it have an April 29, 2009 last updated date? Look at the code. If you find you were infected, CHANGE your passwords. Contact us and let us know that you need us to monitor your site for file changes, and we will, just to be sure.

These are small things you can do that make it much, much harder for you, your computer, and your site to be exploited. We’ve said it before, and we’ll say it again – these botnets don’t want you to know what they are doing. They want to use your computer for as long as they can to get as much information as they can to infect other people. They want your site to run as long as it can, infecting as many as they can.

Don’t make it easy for them.

In case you hadn’t noticed, the prices for DrakNet’s Reseller accounts have dramatically risen to $59.95 per month. We made that change in response to the fact that most of our Resellers are Soholaunch Developers, and most use our accounts to resell Soholaunch designed sites to their clients.

Since we began offering Soholaunch, Soholaunch’s pricing scheme has changed. Unlimited Server Licenses are no longer sold, Soholaunch has maxed out server license bundles to 50 per server at $100 per month. They now lease the software licenses at $15 a month, and the purchase/ownership of the product is now $149 per site. As the software value went up, the price was adjusted to reflect that while our prices stayed fairly stagnant.

There are points in business where you realize you got a good deal and you pat yourself on the back, and there are points in business where you realize that you are getting so far over on someone that you’re committing legalized highway robbery, and that’s kind of where DrakNet is today. The value that our resellers get for what they pay and the number of licenses they hand out is so far out of sync with the market cost of this software (and what we pay having to support it) that we realized the pricing scheme as it was simply couldn’t continue.

First of all, its not in our interest as a business to see Soholaunch lose that much revenue. Granted, they set the prices and they made the deal and they afforded us the ability to pay what amounts to spit in the bucket for what is, retail, worth thousands of dollars every month so hey, that’s business. However, they’ve also chosen to honor the deal they made with us even though they can see clear as day that we’re hitting their bottom line. While we would survive if Soholaunch vanished tomorrow (as Soholaunch makes up a small fraction of our hosting, and much of that fraction is made up of resellers with large numbers of licenses), the fact is those people who do use the software are extremely loyal to it, and we do like it a great deal.

Both Resellers and individual accounts will still get one heck of a deal from us with this new pricing scheme and the new rules, but not quite such a deal that it may drive Soholaunch to drink.

From now on, Soholaunch Licenses are 1 license per account. No add ons, no subdomains. Part of this is simple housekeeping – we have to manually audit our licenses to delete ones that are not in use and we can compare what is installed as an account with the list to delete licenses for sites no longer installed. That, and with 40 add on domains, you could feasibly have a $10 Jaz account with $600 a month in free licenses installed. Scarily “not fair” comes to mind here when the account is $10 a month and you already get a license worth $15 a month thrown in.

Resellers are limited to 50 Soholaunch licenses per Reseller account. That Reseller account costs $59.95 per month. That is still a screaming steal – a Soholaunch Server License comes in increments of 50 Licenses, is $100 a month per 50, and that’s before you pay for the actual server to put said server license on. After you fill up 50 licenses, you can purchase another Reseller account if you wish, which is still less than 50 licenses would cost you + a nice VPS. If you fill that up, you really should likely talk to us about transitioning to a VPS and a direct relationship with Soholaunch because at that point, you’re growing fast enough that will likely start to save you money.

Current resellers are grandfathered in at the price that they are paying, however, the 50 license limitation does apply to them as well.

As for regular Reseller accounts, well, for the most part we just don’t find that we have those (and never really marketed to that, so that’s not a big surprise). If you are a long term client that we know and you won’t be using the licenses (we will check) but wanna save a buck on multi-domain hosting, you’re free to talk to us and we’ll try and make you a unique deal tailored to what you need.

I realize there are still a few hosts left that will let you put as many Soholaunch licenses on your site as you can cram in there, but considering the situation we’re just not really comfortable doing that anymore.

If anyone has any questions, feel free to email in to support if you’re concerned about how this affects you – the vast majority of you won’t actually be affected at all.

Initially when we chose our billing program, it wasn’t quite as robust as it is now, and we had a lot less options. The initial way that we set things up with a grace period vs. a static due date left a lot of people confused as the dates weren’t static other than the invoicing date. This month, we’re going to change the billing system so that it, hopefully, makes a bit more sense.

The new date for invoices to be sent out is the 10th. This will start on April 10th, in three days, so you’ll get your April invoice on the 10th instead of the 25th.

The invoice will be due on the 20th. That’s the monthly due date, and you have 10 days to pay before we start hounding you. It will always be the 10th, and always be the 20th for monthly, quarterly, and semi-annual invoices.

Your packages will be invoiced in advance by 31 days, not just during the lifespan of the invoice as you have been used to (which, frankly, most of you didn’t get, anyway). That will make it clearer to those that have domain renewals that after the due date, if you haven’t paid, that you have a bit of a problem. It will also allow the billing system to hound you, and make clear to you that there is an issue automatically. It’ll also give you some time after the “final deadline” for us to reprieve you a bit because you technically won’t be into your unpaid for time yet.

So, the changes in quick overview:

• Your invoice date is now on the 10th for monthly, quarterly, and semi-annual invoices.
• Your due date is the 20th every month, 10 days after the invoice is sent. On that day, you are past due.
  
• Those invoices will cover your services for the following month, not this one, up to 31 days in advance.

We do realize any change may cause some confusion, and we’re not going to be suspension happy for the first month or two while everyone gets up to speed. We are doing this to solve some of the confusion over due dates and, unfortunately, there’s never an easy time to switch billing practices even if you’re going from what was confusing to what should now be clearer, as some people will be caught in the middle, especially those who’s packages renew after the 24th or so to the beginning of the month.

Keep in mind that while there may be two charges on some folks invoices, they will be for two separate service dates and not a double charge. If you can’t afford both, take your card off and pay the first half of the invoice now and the second half later. If your card gets declined, you can process half the payment now and half later. Just let us know the situation and for the next 30-60 days, we’ll work with you so this isn’t a major issue for you.

Please note that all invoice notices went out this month with:

Please note that a new invoice has been generated for services in your billing area and it was not paid for automatically. This invoice must be paid manually to avoid an interruption in services.

regardless of whether the invoice was paid automatically. We attempted to change some settings so that those who were on manual payments would have clear notification, and those on auto-pay would simply get the invoice paid receipt so everyone was clear where they stood. Unfortunately, it didn’t quite work out the way we planned it to – we apologize for any confusion this may cause.

If you got a receipt, and/or you logged in and had no outstanding invoices, everything is ok.

We’ll endeavor to find out why the setting didn’t work for next month.

So, Wordpress is admittedly becoming the gold standard of blogging – and we, like all other web hosts, happen to host a LOT of bloggers. The DrakNet blog is relatively new and we update as we do stuff, but our Network Status page is also run on Wordpress – but again, its only used in emergencies (which, thankfully, isn’t that much). So, that’s two blogs we’ve got.

I, personally, have two more – my kid convinced me to play City of Heroes, and then he convinced me we needed a supergroup and then, as Mom owned a web hosting company, convinced me we needed a Supergroup site for the supergroup. Blog #3.

Ok, this is starting to get confusing.

This past week, some friends convinced me that I need a personal blog, too, and so we now have Blog #4. I figured there had to be a better way to organize all this stuff, and lo and behold, there is – Blogging Clients. Which run off of xml-rpc which we, of course, blocked, as we are well known for being despicably paranoid.

Well, yesterday, you’ll be happy to know your web host owner grew so frustrated with trying to juggle so many blogs that she spent a vast amount of time writing and finding mod-security rulesets to lock down xml-rpc, and recompiled Apache on all of the servers so that you now can use all sorts of nifty blogging software to publish your blogs.

I personally settled on Scribefire, but there are many, many out there – here’s a great post with an overview of some of the blogging clients you have to choose from. All these clients have been tested and are fully supported (as of yesterday) on your DrakNet accounts, and we’ve locked down many of the risks in using some of them.

Happy Blogging!

Technorati Tags: wordpress, blogging, clients