An update: 24 hours into our free .ORG domain offer


It’s been a dizzying 24 hours. With the launch of our free .ORG promotional campaign, we’ve registered dozens of domains for current and new customers.

A .ORG domain can be registered by anyone, though historically they are popular for non-profits, charities, volunteer organizations, and other community-oriented groups, as well as environmental companies, organic farms and co-operative groups, and publishers.

Our offer is genuine: Through the end of December 2014, the first year of any new .ORG registration is free. If you’ve ever wondered about getting a .ORG, now’s the time. There’s no obligation and no requirement to purchase anything from Canvas Host. Sure, we hope you’ll love the .ORGs and consider registering some .COM’s, or perhaps checking out all the amazing new top-level domains (TLDs) we offer, like .COFFEE, .EXPERT, and .TIPS. Our goal, however, is simply to get the word out about the availability of .ORG as a contender in the domain space, and to help bring light to the fact that in today’s virtual realty market, any TLD can be branded effectively to create a unique identity for you and your business.

We invite you to check out .ORGs, and consider registering a few to add to your domain portfolio. If you already have a .COM, consider securing the same domain in a .ORG to protect your brand. The list goes on and on.

After December 31, 2014, regular pricing of $12.99 per year on .ORGs will resume. Additionally, if you are wanting to transfer or renew a .ORG, please be aware that this offer does not extend to those types of transactions and they are charged full price.

On behalf of everyone at Canvas Host, I want to thank you for your interest and support of our business over the years. We hope you are as excited as we are about free .ORG domains, and invite you to register some today!

- David Anderson, Principal

Important: update WordPress now


WordPress has released an incremental upgrade, 3.9.2, that aims at correcting a potentially major vulnerability that leaves websites open to denial-of-service attacks, which could take down the website or even the web server it is hosted on.

Complete details of the release may be found here:

The release claims to resolve a major security issue in xmlrpc.php, and resolves the issue whereby xmlrpc.php can be used for a DDOS attack vector.  The reason we blocked access to xmlrpc.php on our shared servers and some dedicated servers, was due to this very security vulnerability. Unless all WordPress websites in our network are updated to 3.9.2 however, we will need to maintain the current block on xmlrpc.php.

Specific issues addressed by the release include:

  • Fixes a possible denial of service issue in PHP’s XML processing.
  • Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default).
  • Prevents information disclosure via XML entity attacks in the external GetID3 library.
  • Adds protections against brute attacks against CSRF tokens.
  • Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.

As a side note, if you have not upgraded WordPress in a while, please remember that as a customer of Canvas Host you are required to maintain and keep your software current. It protects your website and helps protect other customers’ websites as well. We will soon be upgrading PHP to version 5.4.x, which will require WordPress to be updated to continue to work. Maintenance

If you need assistance with WordPress updates, please remember that we do offer $50 monthly WordPress maintenance, that includes regular security scans, advice on plugins, and 1/2 hour of “use it or lose it” consultation. For more information on this, please see our WordPress maintenance service page:

Company updates and events

Green Drinks on Tuesday, August 5 at Forge Portland

greendrinks-150x150Portland, Oregon is a boiling pot for forward-thinking, sustainable business, and it looks like business is on the upswing. All the new construction and retro-fits of old warehouses, what could our economy hope for more? Some of that growth is deceptive, as Portland is receiving a lot of outside investment is flooding the area. The question being posed in sustainable business realms is: How do we actually bring responsible money to Portland? Further, how can we focus that investment on supporting social causes?

For a lively discussion on this topic, we invite you to join us for Green Drinks next Tuesday, August 5. It will be held at Forge Portland, a new co-working space located on the top floor of the Tiffany Center in downtown Portland. Attendance is free with a suggested $5 donation. Please RSVP if you plan on attending.

Announcing our new staff!

chrisIf you’ve called into Support lately, you may have noticed a new voice. Chris Kelly joined our Support team two months ago as Support Manager. Not to fear, James Brown (JB) is still with us! He’s focused his role into higher-tier Technical Support and Hostmaster duties (domain management).

Canvas Host is a small company with big ideas. Keeping it professional and personable is our goal, and with Chris on our team, we’re hitting a great stride, and it’s showing in the thanks and smiles we receive from customers daily.

Please let us know if there is anything we can do to improve our services to you.

Thank you,
David Anderson, Principal

Hosting security updates

Firewall Changes

We’ve made additional changes to our network firewalls to specifically protect against WordPress denial-of-service attacks. The result is lower server load throughout our shared hosting environment. Your WordPress website should not experience any impact in performance; In fact, whether you run WordPress or not, you should notice a solid improvement in website response and page load times.

Firewall management is as much an art as a science. Ever-changing threats and types of attacks mean we’re constantly monitoring break-in attempts throughout our network, as well as constantly researching script vulnerability trends and how to thwart those attacks. Because of this, we often institute changes without advance notification. Part of the trick in firewall management is to specifically not advertise what we’re doing to prevent the break-ins, while trying not to hamper your access to your website or any related services you have with us.

If for any reason you ever find yourself blocked by our firewall, please know we can fix it within moments. You can call or email us or open a Support ticket, and we’ll unblock you. We’ll also look into why you were blocked, and help you understand ways to prevent it from happening in the future. We understand that any type of block can be a hassle, and we thank you for your understanding as firewalls are our most important line of defense to protect your website.

Support System Spam Filters

As a customer, you can open a Support ticket at any time by emailing us for Sales, Support, or Billing. Our systems are designed to automatically identify you by your sending email address, and open a ticket on your behalf. Within reason.

We’ve run into a few issues that have caused us to implement some anti-spam measures.

Consider the scenario of a customer emailing us, then leaving for a week and turning on an auto-responder. We emailed them, and their mail program sent us back an automated reply. In some cases, the auto-reply didn’t contain the ticket number in the email subject line, so our systems treated the auto-reply as a brand new Support ticket and sent out a notification to the customer of the new ticket. To which their auto-responder again emailed us back. This turned into an endless loop.

We therefore had to put up a block for specific email subject lines in Support tickets, to prevent the “ping pong spam” from flooding our Support board. If your auto-responder contains the phrase “Out of office” or any other standard auto-reply subject, our Support system will likely ignore the email.

We’ve also added “Mail returned to Sender” and “Undeliverable” as catch phrases. Please note, if you have a legitimate Support ticket inquiry and simply forward us such a message, our systems will likely treat it like any other bounce-back and ignore it. Instead, please email us and paste the contents of the original email into your new message, including the original mail header, so we can help you. Alternatively, you can always log into Support and open a ticket directly, to ensure your ticket is received.

We apologize if these settings presents any sort of negative customer experience. If ever you have any concerns that messages to our Support team are not being delivered, please call us immediately (800.574.4299 x2 U.S. or 0800 081 1815 x2 UK) and we can assist you directly.

Service updates: WordPress maintenance and new TLDs!

WordPress Maintenance Services

Do you operate a WordPress website? Does it need updating, but you have no webmaster? Did you know that for us $50/month, our team can ensure your WordPress install and plugins are kept up-to-date with the very latest versions?

Our WordPress maintenance services run your website through security software to determine known threats, exploits and issues that need addressing. We report on any findings in plain English with a simple report of what we have found, and what we recommend needs to be done. If you have a webmaster of your own, you can still benefit from the security reporting service, as it’s designed to find unknown problems that may not have existed yesterday, but as of today have become an issue that need addressing immediately!

Please email our Sales team or call us at 800.574.4299 x1, if you’d like to learn more about our WordPress maintenance services.

Even More Domain Name Extensions (TLDs)

We’ve launched yet more TLDs today! .bar, .gripe, .lease, .maison, .media, .properties, .pub, .rentals, .rest, .tattoo, .trade, and .vision are now available for registration. Private registration is available for all of these new TLDs.

Do you need a new TLD? Not sure? Consider that few businesses have ever gone beyond .COM or .NET. Those domain spaces have all but filled up. How can you distinguish your brand in a unique manner amongst a sea of relative homogenous domains? Consider this scenario. Imagine you’re a realtor with an established .COM domain. What if you now owned the corresponding .CONDOS or .HOUSE? What if your business is a community restaurant with a brand that could use some refreshing? Try a .BAR or .PUB. Your art gallery would look sharp with a .MEDIA.

The possibilities are endless — and that’s the point. Rather than let your brand sink into that pool of .COM’s, you now have the option to completely customize your online presence. MyNew.HOUSE… Nontraditional.MEDIA, YourFavorite.PUB — the dozens of new domain extensions are making it possible to completely rebrand your presence in ways you’ve never seen.

Large corporation are jumping on this new approach to online branding. It’s affordable, and you too can benefit. For a complete listing of top-level domain extensions, please visit our page on TLDs.