This “big little city” that we call home and affectionately refer to as “Paradise” has been recognized by Google for having the, “strongest online business community,” in the State of Florida.
The award represents Google’s belief that businesses in Sarasota are embracing new technology to find and connect with customers.
Google uses its own data, including Search, ad revenue (both fees paid to Google by advertisers and fees paid by Google to publishers), and Ad Grants (provided by Google to non-profits) to estimate the economic impact of Google on each area. This forms the basis of its determination that local businesses are embracing technology.
ABC 7 reported on the reactions from some local businesses following a ceremony yesterday with the Mayor and City Manager.
The Herald-Tribune apparently also reported on the award, but their absurd paywall prevents us from accessing the article, so we won’t bother to link to it.
Congratulations to all of our local businesses who have endeavored to build out a presence online, use social media and other tools, and effectively generate a return on investment with digital advertising tools.
For the second year in a row, Sarasota made the “Top 10” list for moving destinations in the United States.
In its annual report published January 22nd, Penske Truck Rentals shows Sarasota climbing from the #10 slot last year (based upon 2012 data) to the #2 position this year (based upon 2013 data) in a new combined entry with Tampa. The company analyzes its one-way truck rentals in order to determine where people are moving within the United States.
Atlanta remains the top destination in the US for this year, and the Orlando—the only other Florida city in the Top 10—holds on to its number 4 slot.
Not surprisingly, Penske cites “the Northeast” and “the Midwest” as big originating points for many of these migrations.
Given this year’s harsh winter conditions, it’s easy to picture this trend continuing in 2014.
Why Combine Tampa and Sarasota?
The report acknowledges Sarasota’s previous #10 ranking, but fails to mention the rationale behind combing Tampa and Sarasota into a single, new entry for this year’s report. I guess we can speculate that Tampa, which didn’t make the Top 10 last year, must have seen an increase throughout 2013. CNN Money apparently believes that Tampa is the only city worth mentioning, as they dropped Sarasota completely from their story about the report. HuffPo managed to get it right, including Sarasota in the #2 slot.
As any resident of the region knows, the Tampa market and the Sarasota market are significantly different. In an infographic published with the report (see below), Penske compares a couple of key market dynamics which they compiled from other sources.
It paints a somewhat amusing picture of the region, showing Sarasota’s median income at $40,813 (6% less than Tampa’s $43,514 figure). Seeing that number compared side-by-side with the average listing price, which is $613,779 for Sarasota (compared to Tampa’s $258,675 average listing).
So… on average, we make 94% of what Tampa’s residents make, but our real estate costs 2.37 times as much as theirs!
Well… that’s the conclusion someone might draw who looks casually at Penske’s data, anyway.
The true story, as we know, is much more complicated than that. Thanks to the perfect storm of 2008, which combined the collapse of the residential housing market and a local Sarasota economy overly dependent upon new construction, our real estate is still a jumbled mess of foreclosures, an unusually high percentage of rental properties, and vacant or abandoned houses. That mess, alongside so many high-end properties on Casey Key, Longboat Key, Bird Key, and Siesta Key (let’s hear it for the #1 beach in the US, right?), makes for a statistician’s nightmare.
In any event, it’s nice to see Sarasota make the list again, even if we were combined with Tampa to get to #2. Perhaps the real estate market will really finish its rebound! Well… one can hope, right?
We all know we shouldn’t let an old WordPress site sit around without updating it. It’s dangerous, they say.
And… for the most part, I’m really good about staying on top of this—at least when it comes to mission-critical sites. But… I’ll admit, there are a few sites that I built and forgot about.
One in particular came to my attention this week. It was a site I built around a hobby of mine. It needed a WordPress upgrade.
Okay… it had missed a lot of WordPress upgrades.
But worst of all: it had a plugin that was very old and had stopped being updated by its original developer. It was a stats plugin that I really loved back in the days before Jetpack gave us access to WordPress.com stats.
That particular plugin had a vulnerability which was exploited by some nasty malicious hacker.
How I Found Out I’d Been Hacked
This particular site was in one of my longest-standing hosting accounts… one I’ve had since 2006 with 1and1.com. I keep telling myself I’m going to clean that account out and move all the sites, but I just haven’t done it. That’s part of the reason I’ve let some of the sites go unpatched—because why patch ’em if you’re gonna move ’em, right?
<sigh>
Well… somewhere along the line, 1and1 started the practice of sending an email when they encountered something suspicious going on. In the past, they’ve notified my when SPAM emails started going out because of the TimThumb WordPress vulnerability and when their antivirus scanner found malware in a PHP file.
I’ve always been quick to respond when I see one of those, and it happened just a few weeks back. In that case, it just turned out to be an old inaccessible file that I’d renamed after fixing a previous problem.
On Monday of this week, I got another one of these emails:
Anti-virus scan reports: Your 1&1 webspace is currently under attack [Ticket XXXXXX]
Even though I was busy, I jumped right in to see what was happening. They identified a file that had been uploaded to my webspace, and when I saw where it was located, I knew exactly what was going on. That old plugin was still running on the site I mentioned earlier.
So… I logged in via FTP, downloaded a copy of the “malicious file” just so I could see it, and then deleted it and the entire plugin that it got in through.
No big deal.
Or so I thought.
Sites Down
Yesterday, I discovered that all of the sites in that hosting account were down. For most of them, I was getting a simple “Access Denied” error from 1and1 when I tried to load them up in my browser.
A minor panic set in as I went in and tried to discover what was going on.
What I found was very perplexing. The file permissions on the index.php file, the wp-config.php file, and a handful of other files in these sites were changed to 200.
If you aren’t familiar with Linux file permissions, 200 basically means that the file can’t be read by anyone. So… if that file happens to be critical to the running of your site, then… your site doesn’t work.
So… I changed the permissions on a couple of these files in one of the most important sites just to try to get it working. Oddly… within a few minutes of me setting the permissions to 644, they were automatically changing back to 200.
“Hmmmmm…. maybe there’s some malware still running in my account,” I thought to myself.
That’s when I noticed a whole bunch of database “dump” files in the root of my webspace. They looked like this:
dbxxxxxxxx.dump.lzo
Uh oh.
So… I replied to the email I’d gotten a few days earlier, and explained what was going on. This updated the “ticket” in 1and1’s Abuse Department so they could have a chance to respond.
After working on things for a few more minutes, I couldn’t stand it any longer. I dialed the 1and1 Support Department (something I truly hate to do) and waited. Within a short time, I was on the line with someone from India who had undergone a significant amount of accent reduction, and explained what was going on. When he was unable to find my ticked ID, I explained that I’d gotten an e-mail. He put 2 and 2 together and connected me with the Abuse Department.
Then… for the first time in the 8 years that I’ve had this account, I spoke to an American. I mean… fluent English. Clearly no foreign accent. And also for the first time, he knew something about what he was talking about!
He reviewed the ticket and was able to explain a little better what had occurred. Hackers had gotten in through unpatched software (which I knew) and had managed to execute shell commands with my account’s user privileges.
Within what must’ve been a very short period of time, they inserted malicious code into approximately 1,500 files in my webspace. This means that they infected even the WordPress sites that were all patched and running the latest versions.
All told, somewhere near 40 sites were infected.
1and1’s systems were automatically changing the file permissions for any infected files to 200 in order to keep anyone from accidentally downloading malware when visiting my sites.
So… then began the painstaking process of removing all the malicious code that had been inserted and bringing the sites back on line one by one.