I’ve been managing VPS for quite some time from small to larger ones, but this is the first time I was locked down and asked to completely destroy everything just because they suspected vulnerabilities that they didn’t even care to investigate properly.
The droplet that was locked down was a completely closed system for an app with maximum 5 users, so it is very tiny. If such a small app gave me this much problems, I would definitely stay away from DO for any larger scale websites.
I can live with unmanaged VPS, but not with this type of terrible support.
The guy who locked down my droplet said that my droplet was sending out ddos attacks and accused that it was a vulnerability with the elasticsearch used on my server. Apparently since I didn’t even have access to my server logs there is no way I could verify whatever he said.
And he gave me this link – http://bouk.co/blog/elasticsearch-rce/
The first line on that article reads:
Elasticsearch has a flaw in its default configuration which makes it possible for any webpage to execute arbitrary code on visitors with Elasticsearch installed.
.. which is already a clear indication that this vulnerability on exists on DEVELOPERS machine, not production servers. As far as I know, ES was already configured for closed system operation only so it’s not possible to send DDOS attacks – unless its sending the packets to our app itself, which is very likely when you do a lot of searches.
I still have my account at MT, wouldn’t recommend moving away to DO if you want to save yourself the sufferings. Already wasted ~6 hours trying to communicate with the support.
I’m having the time of my life today after Digital Ocean conveniently locking down one of my droplets today. The support was completely clueless and worse, some of them weren’t even reading the replies. They take 1-2hr between replies and apparently it’s always not the same guy so the next guy would just briefly skim through the thread and insert another canned reply.
I’m left with no access at all to the server, not even to backup the data and having to deal with the terrible people at customer support. Seriously, I’ve had better experience with 5$/mth shared hosting.
The latest one-line reply I get was asking me to completely destroy the droplet… Seriously?
Does this sound like a familiar experience to anyone else?
I’ll put in a pull request for pluggable functions I’ve written in my version of AQPB, then you can plug the columns class and convert it to bootstrap or whatever really simply from within the theme
Sounds good. I think the before_block method should be a good place to allow developers to modify the CSS class.
@DistinctiveThemes Appreciate that
@PixelStores Currently, the XML export is able to export the templates, although a dedicated import/export tool is a good idea. Will look into this
Aqua Page Builder gets a new facelift and bug fixes. See all the details here – http://aquagraphite.com/2014/07/updated-aqua-page-builder-v1-1-4/
I’d urge that theme builders to at least try the new version on your themes to make sure it doesn’t introduce any conflicts. This will be made available in the coming weeks on WordPress.org to give some time for people to report any bugs or submit any small requests.
Most major sites that runs on WP are essentially “just a blog”. Any custom content types they may have are usually just an extension to the blog.
It’s well acknowledged that WP sites built for non-blogging purposes struggles to achieve parallel performance & stability enjoyed by sites using most modern frameworks available today. The decision to use WP is often out of budget constraints & lack of knowledge or sometimes overly optimistical expectations of WP’s real capabilities.
Let’s not forget that WordPress has some of the worst bloat of codes to enable it becoming a full blown CMS we know today. To use it simply for blogging means having to carry all the unnecessary weights a blog don’t need.
This is I think where Ghost can fill the gap, as well as a few other lightweight CMS/frameworks out there like Kirby etc. I don’t think that this is a niche that is rarely needed as Parallelus suggested, since most if not all major sites that runs on WP uses it as a blogging/publishing tool.
It sounds like you are saying buyers visiting here are eagerly waiting for “new ideas” to avoid spending money and still get download button. Remember they are purchasing license to make sure their usage is legit – not just the files.
No, that’s not what I mean, that’s the outcome of your linear thought process.
Piracy is a real thing. The marketplace’s interest is to minimise this effect instead of relying on our perception on how all human should ideally behave, which is inline with Envato’s policy against piracy discussion. I only re-iterate their opinion on this matter, i don’t necessarily have to support it.
Also, license is not the only motivation to purchase an item.
What Envato can do is to put a Ban, or a cool-off period for any User/Paypal/Credit card that had a sale reversal.
This will not 100% prevent reversal, but at least prevent the same scammers doing it on multiple items on Themeforest.
Also, I think this thread could do more damage than good. Those who didn’t know how to get items for free on Themeforest now knows a way to do it. Think of it like the discussion about pirate sites.