Worst Web Hosting experience? 101
Tim asks: "I have just come through an experience with a web hosting company. Basically, a script on the server was compromised, because of incorrect security settings on the server, and used as a zombie phishing mailer script. My account was suspended for phishing, and through the course of several tickets, it was made clear that I had nothing to do with the phishing. Still throughout the entire ordeal, they refused to give me any of my files, saying that they could not be released now, or ever for 'legal evidence reasons.' So, here I am without a database (I should have backed up!), and without several files I was working on. What is your worst web hosting experience, and how have you dealt with it?"
Jason Scott's experience. (Score:2, Interesting)
Re: Worst Web Hosting experience? (Score:3, Interesting)
My Worst Experience... (Score:4, Interesting)
...was about a month or so ago. One day, a Saturday I'm pretty sure, I found that my email from the last three or so weeks was gone. Just...gone. I poked around for a while and realized that my DNS had changed without any warning! They had moved the server over and changed the DNS and had used a version of my data that was almost a MONTH old. They didn't even send a warning email telling me they would be moving servers. Granted this was personal email, and personal web site, but I was pissed.
I emailed back and forth with the sysadmin and could not figure out what the hell was going on, why they were using old data, etc. His final response was, "well, I guess I'll move your up-to-date data over from the old server for you if you want..." I ignored his last email for a day, found a new hosting company (site5.com [site5.com] who I'm quite happy with, they are a LOT better in many big and small ways) moved my data over to my new host (I still could log in using the IP of the old server so I grabbed everything that way as soon as I figured out what was up) and switched DNS. It only took me about a day to get back up and running.
At that point I emailed the admin a response, saying "if I did what you did at my job I would be FIRED. So, you're fired." The name of the company was imagelinkusa--I recommend you stay away from them.
P.S. Yeah, I know I should have been doing backups anyways...
Re:1and1 (Score:3, Interesting)
I've had to speak to my lawyer over this, as well as the consumer protection board, the credit card company, and I'll probably report this to the better business bureau as well if I find the time. What a waste of time, and what terrible service.
PS. I'm posting anonymously because I'd rather not put my name out there on this while a) it's still not completely resolved just yet, and b) it could give cause for them to argue libel against us if any little thing in here can be misconstrued, and since I'm not a lawyer and don't want mine billing me to read over a
Re: Cleverdot et al (Score:4, Interesting)
This can be really, really expensive if your site ever gets Slashdotted.
What I'd like to see is an option to redirect to a "bandwith exceeded' page when the bandwidth is exceeded, with no extra charges.
The problem with this, of course, is that if your bandwidth limit is exceeded near the beginning of the month, your site is offline for the rest of the month.
To avoid this, one company that I checked out had a 30-day "sliding window" bandwidth policy.
This meant that if you exceeded your thirty-day bandwidth limit, your site would be shut down only for the rest of the day.
(Unfortunately, I forgot to bookmark that company, and have been looking for it (or one like it) ever since.)
It would be really nice if sites that review web host providers would indicate which sites are pay-extra-when-bandwidth-is-exceeded, and which are shutdown-when-bandwidth-is-exceeded.
Yep... budget hosting (Score:3, Interesting)
Then, the big bomb hit. I know that SSH shell access isn't absolutely necessary to run a simple website, but I needed to run a few programs (ImageMagick and the like) and do some testing, management, and the like through a shell. When my shell access started coming up "denied", I started to get angry. Since letters addressed with ALL CAPITAL THREATS OF CUSTOMER LOSS OR RETRIBUTION, triple-CCed to "sales", "service", and "support" seemed to be the only thing that got through (trust me, I tried politer methods first), I sent off my trouble and heard back that "These features have been turned off because the server got hacked." These services were the ones listed in the product description... the ones that got me to buy in in the first place.
Well, long story short, I ended up transferring the domain (with excellent assistance by DotRegistrar [dotreg.com], whom I still use). It was a bit of a hassle, since I'd stupidly abandoned the contact email for the domain name, but I got it worked out. Then, as a final goodbye, my site was unceremoniously terminated, not honoring the 99% uptime guarantee that should have given me a free month.
After some further research, I found out that the site has been noted for shoddy service and poor support, and "Derek" of Superuser has even been known to vigorously argue with folks, on other web sites and boards, who disparage the service.
From there, though, I stayed with DotRegistrar [dotreg.com] for the domain name. This was the company that Superuser used, but they were unaffiliated and quite helpful in recovering my domain name. For webspace, I went with Just-hosting [just-hosting.com]. They're another budget shared-host setup, and I have had the not-unexpected shared-host downtimes every so often, but their technical support is quite good, they get it up and running... and often even relay what the problem was... and they were willing to accomadate my needs for extra domains, an alternate SMTP port (since my ISP blocks port 25), and working with me through the weirdness that some of my setups cause.
So, just to retierate-- Superuser.net: evil. Just-hosting.com and DotReg.com: recommended.
Re:Best and Worst (Score:4, Interesting)
I don't know when it happened, but one day I went to check on my web space, which had always been accessible as www.clark.net/~vgr, and discovered www.clark.net itself was simply redirecting to some Verio promotional page.
Where the hell were my files? After many phone calls to both Verio and to the few ClarkNet contact numbers I had, I learned that when ClarkNet's customers were "migrated," all web files were destroyed. Forever.
Verio's support was particularly irritating, since their first question was always, "Okay, what's your domain name?" I don't have a domain name, you jackass, you guys absorbed the competition who was from a time when domain names weren't handed out like candy. (Which was fine with me; a short URL is a short URL, regardless of the slash count.)
Perhaps if I'd been checking things frequently, I might have caught this at a time when they still had a backup somewhere. But I didn't check the web space frequently, because I never used it for commercial dealings; it was just a place to share some information.
The lesson I learned, of course, is to check one's web site frequently. And, as many other posts have said, back up your files yourself. The standard practices that every admin should follow, such as daily, weekly and monthly backups, are by no means practices to which large corporate ISPs feel bound. Indeed, I've since held a few jobs where it was evident the person administering the Windows server had little or no admin experience.
Re:You control your own experience (Score:4, Interesting)
Basically, a script on the server was compromised, because of incorrect security settings on the server, and used as a zombie phishing mailer script.
To a certain extent this is also the submitters fault. If you must rely on server configuration for security related matters runtime checks for required functionality or config options should be made and if not satisfied your scripts should quickly perform a respectable suicide.
A good example is PHP's magic_quotes_gpc which often protects novice PHP developers from SQL injection attacks, but when moving scripts to a new host where this functionality is disabled it will soon bite them in the arse.
Bargainhost.co.uk (Score:1, Interesting)
I wasn't the only one with these problems: http://groups.google.co.uk/group/alt.internet.pro
Eventually I gave up
Not my own experience, but... (Score:4, Interesting)
Part of my company's Information Security work is monitoring reported defacements of websites under various domains (such as .au). Through this work, we have seen numerous cases where ISPs ignore complaints from their customers about their sites being hacked, ISPs having every single customer site hacked at the same time (and still ignoring customer complaints), ISPs where a commitment to action means some time in the next month or so, and ISPs where their lead technical people have trouble understanding their own technology.
By a strange coincidence, or maybe not, the troublesome ISPs are those that also accuse us of hacking their customers, threatening us and generally abusing us for providing a report of an identified defacement. The abuse from ISPs and technical contacts has gotten so bad that we no longer report every defacement that we otherwise would have. Now we only report significant cases (such as complete server compromises or sites which may have sensitive information accessible).
Re:1and1 (Score:3, Interesting)
Re:1and1 (Score:3, Interesting)
Unfortunately their disk space and transfer pricings are such that it would cost me over 5X as much to host with them than 1&1, for a difference of > $4000 per year. I can also buy local colo space for about that price.