Slashdot Mirror
Worst Web Hosting experience?
Tim asks: "I have just come through an experience with a web hosting company. Basically, a script on the server was compromised, because of incorrect security settings on the server, and used as a zombie phishing mailer script. My account was suspended for phishing, and through the course of several tickets, it was made clear that I had nothing to do with the phishing. Still throughout the entire ordeal, they refused to give me any of my files, saying that they could not be released now, or ever for 'legal evidence reasons.' So, here I am without a database (I should have backed up!), and without several files I was working on. What is your worst web hosting experience, and how have you dealt with it?"
1and1 (I'm not going to link them as it would help their pagerank) is HORRIBLE. They offer a free webhosting trial (easy signup, just need to give a phone number so they can call you to verify), but then when the trials over, they force you to go out of your way to cancel or they start billing. Of course canceling involves printing out a form, filling it all in & signing it, then faxing it to their offices (on a fax number that most of the time is busy or out of service). Then a few months later they'll try and send a collection agency after you.
Avoid them at all costs. They also go as '1und1' in germany, and oneandone in the uk I believe.
Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx
I'd argue that you're never going to have a good experience if you don't take reasonable care to protect your work. You should never trust an ISP with anything that's important to you. We colo our own stuff, and even though we own our own equipment and trust our ISP, we still assume that the box could at some point in the future become unavailable (stolen, buried under tons of rubble in an earthquake, etc.) Don't blame your hosting service for your own lack of preparation.
If you don't want crime to pay, let the government run it.
I learned the hard way to buy my domain names and my hosting from different companies. Tried to get control of the domain back, but that was a no-go, so I had to wait until it expired, then bought it back. Thankfully there was nothing major at stake, I just needed a new email address for a while.
Linux, you magnificent bastard, I read the fucking manual!
but instead of being a main-page link(wank)er, link to the permalink for the entry -- without that link, your "topical" link will be useless (in fact, it already is, since I had to scroll around to find the anecdote in question!).
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
My worst hosting experience was with a small, cheap company whose only real enticement was unlimited bandwidth. They didn't even meter it, you couldn't ask them how much you'd used in a month... anyway, I never got the whole story on why I was having a problem (they couldn't give me details for legal reasons?), but it had something to do with script kiddies attacking another website on the same box. Every Friday afternoon, mail would start getting sluggish, and by Saturday morning the websites would be down. And nobody would do anything about it until Monday, of course. This went on for six months, with only three or four weekends that the websites were up. I lost several customers over it, while the hosting company gave me excuses and then moved me to another server (oh boy! Five days with no email) - and, of course, they moved the script kiddie bait website to the same new server!
I put up with it a lot longer than I should have, and didn't bother to pursue any grievance against the company. Nope. Why? Hell, I don't know. I believed some of the excuses, I guess.
But one day, during a duscussion right here on /. that was remarkably similar to this one, I saw an ad for hosting in someone's sig. And, I'm still with SlashChick (hi Erica!) and her company Simpli.biz and have been with them for almost two years.
So obviously, the solution is to host with someone that knows the stuff and runs a tight ship. There's simply no substitute for competence, no matter what you're paying.
You can't take the sky from me!
...was about a month or so ago. One day, a Saturday I'm pretty sure, I found that my email from the last three or so weeks was gone. Just...gone. I poked around for a while and realized that my DNS had changed without any warning! They had moved the server over and changed the DNS and had used a version of my data that was almost a MONTH old. They didn't even send a warning email telling me they would be moving servers. Granted this was personal email, and personal web site, but I was pissed.
I emailed back and forth with the sysadmin and could not figure out what the hell was going on, why they were using old data, etc. His final response was, "well, I guess I'll move your up-to-date data over from the old server for you if you want..." I ignored his last email for a day, found a new hosting company (site5.com who I'm quite happy with, they are a LOT better in many big and small ways) moved my data over to my new host (I still could log in using the IP of the old server so I grabbed everything that way as soon as I figured out what was up) and switched DNS. It only took me about a day to get back up and running.
At that point I emailed the admin a response, saying "if I did what you did at my job I would be FIRED. So, you're fired." The name of the company was imagelinkusa--I recommend you stay away from them.
P.S. Yeah, I know I should have been doing backups anyways...
The main problem that I see with Cleverdot and most other hosting companies is that they charge extra for exceeding monthly bandwidth limits.
This can be really, really expensive if your site ever gets Slashdotted.
What I'd like to see is an option to redirect to a "bandwith exceeded' page when the bandwidth is exceeded, with no extra charges.
The problem with this, of course, is that if your bandwidth limit is exceeded near the beginning of the month, your site is offline for the rest of the month.
To avoid this, one company that I checked out had a 30-day "sliding window" bandwidth policy.
This meant that if you exceeded your thirty-day bandwidth limit, your site would be shut down only for the rest of the day.
(Unfortunately, I forgot to bookmark that company, and have been looking for it (or one like it) ever since.)
It would be really nice if sites that review web host providers would indicate which sites are pay-extra-when-bandwidth-is-exceeded, and which are shutdown-when-bandwidth-is-exceeded.
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
As an owner/operator of a small hosting company (I am not going to pimp my own company here), I can say this kind of thread is a bit irritating, because it happens way too often. I am regularly dealing with web server security issues caused by users.
/month.
Security is always important, but so is the user experience. I would love to only allow users to select from known good preinstalled scripts. But is that realistic? No.... I would love to run PHP in safe mode by default, but then I get plenty of customers jumping ship because their scripts no longer work.
The point is ignorant users are going to cause problems. Hopefully only to their accounts, but often enough those problems extend to everyone on a shared (read cheap) server.
If you buy cheap hosting, you get cheap hosting. Do not expect a hosting company to bend over backwards for $5
You install a poorly written script...Then your site gets hacked. Popular scripts make popular targets. How hard would it have been to do a google search BEFORE installing? another tip, get the script from the original author or official site. Web scripts are usually patched quickly, but often old versions hang around on mirrors and software search sites.
In this case, how much do you think your little screw up cost the hosting company? Did you ever stop to think that your mistake probably cost the company more $$$ than they will ever see from you?
Hosting company at a MINIMUM pays for:
1. The wasted bandwidth your error caused.
2. The administrators time to stop the problem.
3. The technical support persons time to deal with you.
4. The administrative time it takes to collect the files and cover their asses, in case law enforcement becomes involved.
5. The admin and support time it takes to deal with the numerous complaints that will flood them. Likely they heard from end users pissed off that they got spam/malware that originated from their IP range. They probably also had to answer to their upstream providers, and give them detailed evidence that the problem has been dealt with.
So your little error has cost the hosting company, in an best case scenario, hundreds of dollars by the time you add up the hourly costs for the administrator(s), technical support, the BW, storage and other overhead.
So how much did you pay them for hosting your site? $5 a month? $10 a month? You will probably move on to the next $2.50/month hosting offer you find, long before they recover the cost of your blunder.
Like, I said I deal with this situation regularly, it is not pleasant for anyone involved. It really is a lot easier (and cheaper) for you to install a copy of PHPMYADMIN and backup your database, and download your web site. Than it is for a hosting company to commit resources to holding your hand through every technical blunder you make.
If your data is important it is ultimately your responsibility that the data is taken care of, not your hosting company, not your ISP, not the maker of your PC or of your hard drive. If your data gets lost it is YOUR problem.
Yes, there are slime ball hosting companies (I personally hate them because they tend to make customers pretty paranoid, but at least their shittyness provides me with additional business). But customers need to understand that they have responsibilities and obligations too. Otherwise the hosting experience isn't likely to be a good one for anyone involved.
-Ms2k
I bought a year of hosting and a domain name from superuser.net, just something to host a personal domain and emails. The place was just a fly-by-night budget host, I came to find out. But, they had a "99 and some nines" uptime guarantee, and a phone tech support line, so I bought in. It was cheap, but I ended up getting what I paid for, and less. About a month or two after the year was up, my site started going up and down on a regular basis. I found that the "tech support" phone number had gone from giving me an answering machine to giving me a "disconnected" message. Sure enough, the tech support number had disappeared from the page. Tech support emails were either blackholed or poorly answered.
Then, the big bomb hit. I know that SSH shell access isn't absolutely necessary to run a simple website, but I needed to run a few programs (ImageMagick and the like) and do some testing, management, and the like through a shell. When my shell access started coming up "denied", I started to get angry. Since letters addressed with ALL CAPITAL THREATS OF CUSTOMER LOSS OR RETRIBUTION, triple-CCed to "sales", "service", and "support" seemed to be the only thing that got through (trust me, I tried politer methods first), I sent off my trouble and heard back that "These features have been turned off because the server got hacked." These services were the ones listed in the product description... the ones that got me to buy in in the first place.
Well, long story short, I ended up transferring the domain (with excellent assistance by DotRegistrar, whom I still use). It was a bit of a hassle, since I'd stupidly abandoned the contact email for the domain name, but I got it worked out. Then, as a final goodbye, my site was unceremoniously terminated, not honoring the 99% uptime guarantee that should have given me a free month.
After some further research, I found out that the site has been noted for shoddy service and poor support, and "Derek" of Superuser has even been known to vigorously argue with folks, on other web sites and boards, who disparage the service.
From there, though, I stayed with DotRegistrar for the domain name. This was the company that Superuser used, but they were unaffiliated and quite helpful in recovering my domain name. For webspace, I went with Just-hosting. They're another budget shared-host setup, and I have had the not-unexpected shared-host downtimes every so often, but their technical support is quite good, they get it up and running... and often even relay what the problem was... and they were willing to accomadate my needs for extra domains, an alternate SMTP port (since my ISP blocks port 25), and working with me through the weirdness that some of my setups cause.
So, just to retierate-- Superuser.net: evil. Just-hosting.com and DotReg.com: recommended.
Information wants to be free.
Entertainment wants to be paid.
You just want to be cheap.
Renewal protection is a common service that ensures nobody else can register your domain name should it expire for an additional X number of days. This is not cyber-terrorism, it's a nice-to-have feature.
putfwd.com - 1GB Free file storage with a twist
I wrote about the economics (as I understand them) of the market for web hosting, and why it's a market with problems:
_ lemons.html
http://www.dedasys.com/articles/webhosting_market
In short, you're right - anyone can get set up, and it's difficult to tell which ones are any good before signing up!
http://www.welton.it/davidw/
I was using an excellent local ISP, ClarkNet, which had been around since well before the advent of the Web. Then they were bought by Verio.
I don't know when it happened, but one day I went to check on my web space, which had always been accessible as www.clark.net/~vgr, and discovered www.clark.net itself was simply redirecting to some Verio promotional page.
Where the hell were my files? After many phone calls to both Verio and to the few ClarkNet contact numbers I had, I learned that when ClarkNet's customers were "migrated," all web files were destroyed. Forever.
Verio's support was particularly irritating, since their first question was always, "Okay, what's your domain name?" I don't have a domain name, you jackass, you guys absorbed the competition who was from a time when domain names weren't handed out like candy. (Which was fine with me; a short URL is a short URL, regardless of the slash count.)
Perhaps if I'd been checking things frequently, I might have caught this at a time when they still had a backup somewhere. But I didn't check the web space frequently, because I never used it for commercial dealings; it was just a place to share some information.
The lesson I learned, of course, is to check one's web site frequently. And, as many other posts have said, back up your files yourself. The standard practices that every admin should follow, such as daily, weekly and monthly backups, are by no means practices to which large corporate ISPs feel bound. Indeed, I've since held a few jobs where it was evident the person administering the Windows server had little or no admin experience.
The Internet is full. Go away.
Quite a story he's got there. And I can't fault him for being very pissed at his hosting company. But I also have to say their support sounds pretty nice. Sure, they messed up telling him to buy more bandwidth, but apparently they refunded him without a problem - and a mail "Go to hell." to their support actually got a very nice reply asking if there were any problems they could help with. That's all more than I would expect from some of the web hosters out there...
Switch back to Slashdot's D1 system.
Part of my company's Information Security work is monitoring reported defacements of websites under various domains (such as .au). Through this work, we have seen numerous cases where ISPs ignore complaints from their customers about their sites being hacked, ISPs having every single customer site hacked at the same time (and still ignoring customer complaints), ISPs where a commitment to action means some time in the next month or so, and ISPs where their lead technical people have trouble understanding their own technology.
By a strange coincidence, or maybe not, the troublesome ISPs are those that also accuse us of hacking their customers, threatening us and generally abusing us for providing a report of an identified defacement. The abuse from ISPs and technical contacts has gotten so bad that we no longer report every defacement that we otherwise would have. Now we only report significant cases (such as complete server compromises or sites which may have sensitive information accessible).
InfoSec that matters, when it counts.
I registered a domain using Network Solutions.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak