Slashdot Mirror
Worst Web Hosting experience?
Tim asks: "I have just come through an experience with a web hosting company. Basically, a script on the server was compromised, because of incorrect security settings on the server, and used as a zombie phishing mailer script. My account was suspended for phishing, and through the course of several tickets, it was made clear that I had nothing to do with the phishing. Still throughout the entire ordeal, they refused to give me any of my files, saying that they could not be released now, or ever for 'legal evidence reasons.' So, here I am without a database (I should have backed up!), and without several files I was working on. What is your worst web hosting experience, and how have you dealt with it?"
Jason Scott, of the BBS Documentary fame, recently detailed on his weblog an appropriate tale.
I learned the hard way to buy my domain names and my hosting from different companies. Tried to get control of the domain back, but that was a no-go, so I had to wait until it expired, then bought it back. Thankfully there was nothing major at stake, I just needed a new email address for a while.
Linux, you magnificent bastard, I read the fucking manual!
...was about a month or so ago. One day, a Saturday I'm pretty sure, I found that my email from the last three or so weeks was gone. Just...gone. I poked around for a while and realized that my DNS had changed without any warning! They had moved the server over and changed the DNS and had used a version of my data that was almost a MONTH old. They didn't even send a warning email telling me they would be moving servers. Granted this was personal email, and personal web site, but I was pissed.
I emailed back and forth with the sysadmin and could not figure out what the hell was going on, why they were using old data, etc. His final response was, "well, I guess I'll move your up-to-date data over from the old server for you if you want..." I ignored his last email for a day, found a new hosting company (site5.com who I'm quite happy with, they are a LOT better in many big and small ways) moved my data over to my new host (I still could log in using the IP of the old server so I grabbed everything that way as soon as I figured out what was up) and switched DNS. It only took me about a day to get back up and running.
At that point I emailed the admin a response, saying "if I did what you did at my job I would be FIRED. So, you're fired." The name of the company was imagelinkusa--I recommend you stay away from them.
P.S. Yeah, I know I should have been doing backups anyways...
We've had 2 dedicated servers with 1and1, one of which we cancelled 6 or 7 months ago. The other one is in the process of being transferred to another provider, because just last month, out of nowhere 1and1 tells us they weren't able to bill our credit card. I checked with the card co. and my balance was fine, but it ended up they were trying to charge us not for the $69 for that month but for over $900! Our bandwidth usage was well under what they allowed, so I said "What?!" They come back with a claim that we have outstanding invoices dating back to over a year and a half ago, for the server we cancelled half a year ago now. Not only is the claim 100% false (not to mention rather ludicrous), but it's the first we've heard of it, and their billing department has treated us like crap from the first email exchanged. I've tried to call them to discuss, but after sitting on hold for over an hour on 3 separate occassions (same thing for tech support), I gave up and simply continued emailing. I've maintained professionalism in all communications, but sometimes you really just want to give these people a piece of your mind.
/. comment, I'll just go with 'anonymous coward' for today. So take my words for what you choose to, but keep in mind that there are so many hosting companies that it's not worth the risk with a crummy but cheap one like 1and1.com. In this case, you get what you pay for.
I've had to speak to my lawyer over this, as well as the consumer protection board, the credit card company, and I'll probably report this to the better business bureau as well if I find the time. What a waste of time, and what terrible service.
PS. I'm posting anonymously because I'd rather not put my name out there on this while a) it's still not completely resolved just yet, and b) it could give cause for them to argue libel against us if any little thing in here can be misconstrued, and since I'm not a lawyer and don't want mine billing me to read over a
The main problem that I see with Cleverdot and most other hosting companies is that they charge extra for exceeding monthly bandwidth limits.
This can be really, really expensive if your site ever gets Slashdotted.
What I'd like to see is an option to redirect to a "bandwith exceeded' page when the bandwidth is exceeded, with no extra charges.
The problem with this, of course, is that if your bandwidth limit is exceeded near the beginning of the month, your site is offline for the rest of the month.
To avoid this, one company that I checked out had a 30-day "sliding window" bandwidth policy.
This meant that if you exceeded your thirty-day bandwidth limit, your site would be shut down only for the rest of the day.
(Unfortunately, I forgot to bookmark that company, and have been looking for it (or one like it) ever since.)
It would be really nice if sites that review web host providers would indicate which sites are pay-extra-when-bandwidth-is-exceeded, and which are shutdown-when-bandwidth-is-exceeded.
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
I bought a year of hosting and a domain name from superuser.net, just something to host a personal domain and emails. The place was just a fly-by-night budget host, I came to find out. But, they had a "99 and some nines" uptime guarantee, and a phone tech support line, so I bought in. It was cheap, but I ended up getting what I paid for, and less. About a month or two after the year was up, my site started going up and down on a regular basis. I found that the "tech support" phone number had gone from giving me an answering machine to giving me a "disconnected" message. Sure enough, the tech support number had disappeared from the page. Tech support emails were either blackholed or poorly answered.
Then, the big bomb hit. I know that SSH shell access isn't absolutely necessary to run a simple website, but I needed to run a few programs (ImageMagick and the like) and do some testing, management, and the like through a shell. When my shell access started coming up "denied", I started to get angry. Since letters addressed with ALL CAPITAL THREATS OF CUSTOMER LOSS OR RETRIBUTION, triple-CCed to "sales", "service", and "support" seemed to be the only thing that got through (trust me, I tried politer methods first), I sent off my trouble and heard back that "These features have been turned off because the server got hacked." These services were the ones listed in the product description... the ones that got me to buy in in the first place.
Well, long story short, I ended up transferring the domain (with excellent assistance by DotRegistrar, whom I still use). It was a bit of a hassle, since I'd stupidly abandoned the contact email for the domain name, but I got it worked out. Then, as a final goodbye, my site was unceremoniously terminated, not honoring the 99% uptime guarantee that should have given me a free month.
After some further research, I found out that the site has been noted for shoddy service and poor support, and "Derek" of Superuser has even been known to vigorously argue with folks, on other web sites and boards, who disparage the service.
From there, though, I stayed with DotRegistrar for the domain name. This was the company that Superuser used, but they were unaffiliated and quite helpful in recovering my domain name. For webspace, I went with Just-hosting. They're another budget shared-host setup, and I have had the not-unexpected shared-host downtimes every so often, but their technical support is quite good, they get it up and running... and often even relay what the problem was... and they were willing to accomadate my needs for extra domains, an alternate SMTP port (since my ISP blocks port 25), and working with me through the weirdness that some of my setups cause.
So, just to retierate-- Superuser.net: evil. Just-hosting.com and DotReg.com: recommended.
Information wants to be free.
Entertainment wants to be paid.
You just want to be cheap.
I was using an excellent local ISP, ClarkNet, which had been around since well before the advent of the Web. Then they were bought by Verio.
I don't know when it happened, but one day I went to check on my web space, which had always been accessible as www.clark.net/~vgr, and discovered www.clark.net itself was simply redirecting to some Verio promotional page.
Where the hell were my files? After many phone calls to both Verio and to the few ClarkNet contact numbers I had, I learned that when ClarkNet's customers were "migrated," all web files were destroyed. Forever.
Verio's support was particularly irritating, since their first question was always, "Okay, what's your domain name?" I don't have a domain name, you jackass, you guys absorbed the competition who was from a time when domain names weren't handed out like candy. (Which was fine with me; a short URL is a short URL, regardless of the slash count.)
Perhaps if I'd been checking things frequently, I might have caught this at a time when they still had a backup somewhere. But I didn't check the web space frequently, because I never used it for commercial dealings; it was just a place to share some information.
The lesson I learned, of course, is to check one's web site frequently. And, as many other posts have said, back up your files yourself. The standard practices that every admin should follow, such as daily, weekly and monthly backups, are by no means practices to which large corporate ISPs feel bound. Indeed, I've since held a few jobs where it was evident the person administering the Windows server had little or no admin experience.
The Internet is full. Go away.
I agree.
Basically, a script on the server was compromised, because of incorrect security settings on the server, and used as a zombie phishing mailer script.
To a certain extent this is also the submitters fault. If you must rely on server configuration for security related matters runtime checks for required functionality or config options should be made and if not satisfied your scripts should quickly perform a respectable suicide.
A good example is PHP's magic_quotes_gpc which often protects novice PHP developers from SQL injection attacks, but when moving scripts to a new host where this functionality is disabled it will soon bite them in the arse.
I used these a couple of years back and it was fine until they got too many customers & not enough servers and the speed of my site slowed to a crawl. This lasted for about a month. Then it went down completely - no website, no email. I tried to contact the guy who runs it (James Innes) by email and fax but no response. It came back up a week or so later, but my website had been restored to a much earlier copy, and I found out later that I was missing a lot of emails. Still no response from support when I complained.
v iders.uk/browse_thread/thread/2f0c27ac4d7e133d/c48 c25268d8e6192?hl=en
.. fortunately I had registered my domain elsewhere so it was easy to change to another. (I changed to mythic beasts (http://www.mythic-beasts.com/), who have been excellent.
I wasn't the only one with these problems: http://groups.google.co.uk/group/alt.internet.pro
Eventually I gave up
Part of my company's Information Security work is monitoring reported defacements of websites under various domains (such as .au). Through this work, we have seen numerous cases where ISPs ignore complaints from their customers about their sites being hacked, ISPs having every single customer site hacked at the same time (and still ignoring customer complaints), ISPs where a commitment to action means some time in the next month or so, and ISPs where their lead technical people have trouble understanding their own technology.
By a strange coincidence, or maybe not, the troublesome ISPs are those that also accuse us of hacking their customers, threatening us and generally abusing us for providing a report of an identified defacement. The abuse from ISPs and technical contacts has gotten so bad that we no longer report every defacement that we otherwise would have. Now we only report significant cases (such as complete server compromises or sites which may have sensitive information accessible).
InfoSec that matters, when it counts.
linode.com - manage your own server, less than $50 if you don't need tons of resources. I'm using a $20/mo plan, 80mb ram, 4gb disk, 50gb xfer.
Don't blame me, I voted for Kodos
Thanks for the pointer - the guaranteed CPU takes much of the problem of VPS out of the equation - this might be useful for some of my clients.
Unfortunately their disk space and transfer pricings are such that it would cost me over 5X as much to host with them than 1&1, for a difference of > $4000 per year. I can also buy local colo space for about that price.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)