Sonance
03-08-2004, 04:22 AM
Apologies in advance for the length, but I would appreciate it if folks read this in its entirety.
For the past 10 months I've had a hosting package with UK Web Solutions Direct (UKWSD). Up until now the service has been nothing short of excellent. However, an incident occurred last week that revealed a shockingly poor level of customer service. So much so that I must take this opportunity to bring it to the attention of anyone who may be considering their services.
Some time on March 3rd, I tried to access my web site to find it unavailable. My POP3 email access was also unavailable. Having ruled out a problem with my ISP, my next immediate thought was that UKWSD's servers were suffering some downtime. However, a friend's web site hosted by UKWSD on the same server was fine, so it looked like an issue specifically related to my domain.
I popped into the UKWSD client forums and found mention of a recent billing software upgrade, so I logged into my billing account to see if some sort of problem had occurred there. It transpired that my domain and hosting package were both flagged with a "suspended" status. I wasn't too alarmed, guessing that a billing software upgrade glitch may have caused this. I immediately opened up a support ticket with UKWSD to determine the source of the problem.
UKWSD's first reply was very short and abrupt. They simply informed me that copyrighted/illegal material had been found on my web site, that the subsequent data transfer was very large and that my account had therefore been terminated. They then provided me with a list of the files, but no evidence of the data transfer.
That was it. There was no offer to help me work out what happened. No billing invoice for the data transfer. No advice on how to go about resolving the issue. They didn't ask me for my side of the story to ascertain whether or not I'd been the victim of an exploit. In short, I felt like I was being treated as a criminal. Perhaps a melodramatic reaction on my part, but I would have expected something a bit more proactive from the get go.
I fully understand that it's the standard reaction of many host providers to terminate first and ask questions later, but UKWSD's initial response was to terminate and ask no questions. UKWSD had now placed the ball in my court. I explained that I had nothing to do with the files and offered a suggestion/educated guess that the files had found their way there as a result of an Invision exploit.
To their credit, UKWSD's second reply was a bit more helpful. Seeing as I was willing to pay the excess data transfer fee, they agreed to knock 30% off the bill. However, they were reluctant to agree that Invision was the source of the problem, telling me it could be anything. I was a bit perturbed by the fact that they didn't really seem to know what was going on, nor did they seem too bothered about investigating it. I don't know about anyone else, but if I were the administrator of a web hosting company and one of my users had suffered a damaging attack such as this, I'd be a bit concerned for the security of my servers and would be do everything possible to work out what happened. UKWSD didn't really seem too bothered by all of this.
Anyway, once I paid the bill, UKWSD sent a third message which was a bit more sympathetic, although they were still dithering about the precise cause of the problem, this time suggesting that Movabletype was responsible. This seemed unlikely. I'm pretty familiar with MT's security issues and this didn't sound like a known MT exploit. Besides, the malicious files appeared in a very specific directory of my Invision installation. There are documented reports of Invision exploits occurring within that subdirectory, so I was 99% sure that was what happened. UKWSD didn't really seem to have much idea of what was happening.
By this time, I was understandably annoyed and frustrated by the whole incident. Not so much with the exploit itself, which thankfully didn't cause any loss of data, but with UKWSD's initially stand off-ish attitude and their general lack of concern. Admittedly they did work quickly to restore my service and were kind enough to reduce the bill, but it was their very first, abrupt response to my support ticket that annoyed me and I'd lost all confidence in their ability to deal with this situation and assure me that something like this wouldn't happen again.
I decided to pop into the Something Awful forums, a regular haunt of mine, to post a message about my experience in their "Serious Hardware/Software Crap" forum. I also posted an apologetic message to the users of my Invision forums, explaining what happened, as well as writing an entry on my blog, which contained links to both these explanations.
UKWSD emailed me once again to express their disappointment that I'd decided to post comments that cast them in a negative light. I explained that while I appreciated the speedy resolution, I wasn't happy with the way I was initially treated and their general lack of concern about the whole incident, hence my decision to post details of my experience. I agreed that I would review the comments I made and make changes, if necessary, but would stand by what I said.
Now, this is where the whole incident should have ended. If things remained as they were at this stage, then I'd have happily continued to use UKWSD and would have removed the negative comments I made (I now felt that maybe I'd been a bit too quick to criticise UKWSD). The SA forum thread had only clocked up about a dozen readers at this point and had dropped off the first page, heading into obscurity. Give it another 24 hours and it would have been as if the incident never occurred.
However, one of UKWSD's support personnel decided to follow me into the SA forums in an attempt to defend his company's honour. While the forums are open to the public, there is a $10 fee for new accounts, so he certainly went out of his way to see what I had to say.
Within his very first message he fired off the legal guns, accusing me of deliberately lying, making libelous remarks and threatened to post the entire support ticket within the forums. I freely admitted that some of my initial remarks may have been inaccurate, but this was only because I was forced into a position by UKWSD where I had to try and guess what had happened, seeing as they weren't too bothered about investigating a breach of their servers themselves.
UKWSD's biggest bone of contention was that I was misleading everyone on the forums by telling them my Invision installation was up to date when it wasn't. It transpired this was true, but I then explained that as far as I was concerned, Invision was fully patched. The software has a built-in mechanism for informing the user if patches were available. In this case, the software was telling me I was up to date, when in fact I wasn't. This was the only reason I made a claim that my Invision installation was fully upgraded. I later retracted my initial claim in a subsequent post.
They then later went on to suggest that I was misleading people by telling them I'd requested certain things (such as ftp/http logs) when I hadn't. The truth was, I had requested these things. Admittedly not via the support ticket, but within the forums themselves. But this was due to the fact that the UKWSD support person was making numerous posts within the SA forums, responding to some of my messages in there. I assumed he was happy enough dealing with my issue in the forums in addition to the support ticket, so I pretty much lost track of what had been said via the ticket and what had been said in the forums. (Unfortunately I can't check because the support tickets I'm supposedly inaccurately reporting have been deleted outright and the minor ones have been closed.)
Anyway, to cut this portion of the story short, the UKWSD employee continued to make posts to the SA forum thread, inadvertently displaying an unprofessional attitude. Other SA readers, many of them server administrators themselves, started asking questions and noting the absurdity of a lot of what UKWSD's employee was saying in relation to various technical queries (such as why 20Gb worth of data was allowed to be transferred into a 300Mb hosting package -- UKWSD claimed there was no way to prevent it, while various SA readers sufficiently demonstrated that it was). By now, the thread was becoming extremely popular, clocking up approx. 10,000 page views.
I then submitted a support ticket to UKWSD asking them for some logs or records that showed the 59Gb worth of data transfer that they had been prepared to charge me for. UKWSD responded, but rather than offering to show me this evidence, they offered to refund the remainder of the fee I had paid. This second support ticket was then deleted. Naturally, I made a post in the SA forums informing everyone that UKWSD had waived the fee but that they were also unable to provide me with the logs showing the data transfer and that the support ticket had been deleted. UKWSD were now desperate to save face and responded by claiming I was continuing to lie and that no support ticket had been submitted. (I've got the receipt for the support ticket sitting in my inbox. How did I receive this if, according to UKWSD, I never submitted it?)
For the past 10 months I've had a hosting package with UK Web Solutions Direct (UKWSD). Up until now the service has been nothing short of excellent. However, an incident occurred last week that revealed a shockingly poor level of customer service. So much so that I must take this opportunity to bring it to the attention of anyone who may be considering their services.
Some time on March 3rd, I tried to access my web site to find it unavailable. My POP3 email access was also unavailable. Having ruled out a problem with my ISP, my next immediate thought was that UKWSD's servers were suffering some downtime. However, a friend's web site hosted by UKWSD on the same server was fine, so it looked like an issue specifically related to my domain.
I popped into the UKWSD client forums and found mention of a recent billing software upgrade, so I logged into my billing account to see if some sort of problem had occurred there. It transpired that my domain and hosting package were both flagged with a "suspended" status. I wasn't too alarmed, guessing that a billing software upgrade glitch may have caused this. I immediately opened up a support ticket with UKWSD to determine the source of the problem.
UKWSD's first reply was very short and abrupt. They simply informed me that copyrighted/illegal material had been found on my web site, that the subsequent data transfer was very large and that my account had therefore been terminated. They then provided me with a list of the files, but no evidence of the data transfer.
That was it. There was no offer to help me work out what happened. No billing invoice for the data transfer. No advice on how to go about resolving the issue. They didn't ask me for my side of the story to ascertain whether or not I'd been the victim of an exploit. In short, I felt like I was being treated as a criminal. Perhaps a melodramatic reaction on my part, but I would have expected something a bit more proactive from the get go.
I fully understand that it's the standard reaction of many host providers to terminate first and ask questions later, but UKWSD's initial response was to terminate and ask no questions. UKWSD had now placed the ball in my court. I explained that I had nothing to do with the files and offered a suggestion/educated guess that the files had found their way there as a result of an Invision exploit.
To their credit, UKWSD's second reply was a bit more helpful. Seeing as I was willing to pay the excess data transfer fee, they agreed to knock 30% off the bill. However, they were reluctant to agree that Invision was the source of the problem, telling me it could be anything. I was a bit perturbed by the fact that they didn't really seem to know what was going on, nor did they seem too bothered about investigating it. I don't know about anyone else, but if I were the administrator of a web hosting company and one of my users had suffered a damaging attack such as this, I'd be a bit concerned for the security of my servers and would be do everything possible to work out what happened. UKWSD didn't really seem too bothered by all of this.
Anyway, once I paid the bill, UKWSD sent a third message which was a bit more sympathetic, although they were still dithering about the precise cause of the problem, this time suggesting that Movabletype was responsible. This seemed unlikely. I'm pretty familiar with MT's security issues and this didn't sound like a known MT exploit. Besides, the malicious files appeared in a very specific directory of my Invision installation. There are documented reports of Invision exploits occurring within that subdirectory, so I was 99% sure that was what happened. UKWSD didn't really seem to have much idea of what was happening.
By this time, I was understandably annoyed and frustrated by the whole incident. Not so much with the exploit itself, which thankfully didn't cause any loss of data, but with UKWSD's initially stand off-ish attitude and their general lack of concern. Admittedly they did work quickly to restore my service and were kind enough to reduce the bill, but it was their very first, abrupt response to my support ticket that annoyed me and I'd lost all confidence in their ability to deal with this situation and assure me that something like this wouldn't happen again.
I decided to pop into the Something Awful forums, a regular haunt of mine, to post a message about my experience in their "Serious Hardware/Software Crap" forum. I also posted an apologetic message to the users of my Invision forums, explaining what happened, as well as writing an entry on my blog, which contained links to both these explanations.
UKWSD emailed me once again to express their disappointment that I'd decided to post comments that cast them in a negative light. I explained that while I appreciated the speedy resolution, I wasn't happy with the way I was initially treated and their general lack of concern about the whole incident, hence my decision to post details of my experience. I agreed that I would review the comments I made and make changes, if necessary, but would stand by what I said.
Now, this is where the whole incident should have ended. If things remained as they were at this stage, then I'd have happily continued to use UKWSD and would have removed the negative comments I made (I now felt that maybe I'd been a bit too quick to criticise UKWSD). The SA forum thread had only clocked up about a dozen readers at this point and had dropped off the first page, heading into obscurity. Give it another 24 hours and it would have been as if the incident never occurred.
However, one of UKWSD's support personnel decided to follow me into the SA forums in an attempt to defend his company's honour. While the forums are open to the public, there is a $10 fee for new accounts, so he certainly went out of his way to see what I had to say.
Within his very first message he fired off the legal guns, accusing me of deliberately lying, making libelous remarks and threatened to post the entire support ticket within the forums. I freely admitted that some of my initial remarks may have been inaccurate, but this was only because I was forced into a position by UKWSD where I had to try and guess what had happened, seeing as they weren't too bothered about investigating a breach of their servers themselves.
UKWSD's biggest bone of contention was that I was misleading everyone on the forums by telling them my Invision installation was up to date when it wasn't. It transpired this was true, but I then explained that as far as I was concerned, Invision was fully patched. The software has a built-in mechanism for informing the user if patches were available. In this case, the software was telling me I was up to date, when in fact I wasn't. This was the only reason I made a claim that my Invision installation was fully upgraded. I later retracted my initial claim in a subsequent post.
They then later went on to suggest that I was misleading people by telling them I'd requested certain things (such as ftp/http logs) when I hadn't. The truth was, I had requested these things. Admittedly not via the support ticket, but within the forums themselves. But this was due to the fact that the UKWSD support person was making numerous posts within the SA forums, responding to some of my messages in there. I assumed he was happy enough dealing with my issue in the forums in addition to the support ticket, so I pretty much lost track of what had been said via the ticket and what had been said in the forums. (Unfortunately I can't check because the support tickets I'm supposedly inaccurately reporting have been deleted outright and the minor ones have been closed.)
Anyway, to cut this portion of the story short, the UKWSD employee continued to make posts to the SA forum thread, inadvertently displaying an unprofessional attitude. Other SA readers, many of them server administrators themselves, started asking questions and noting the absurdity of a lot of what UKWSD's employee was saying in relation to various technical queries (such as why 20Gb worth of data was allowed to be transferred into a 300Mb hosting package -- UKWSD claimed there was no way to prevent it, while various SA readers sufficiently demonstrated that it was). By now, the thread was becoming extremely popular, clocking up approx. 10,000 page views.
I then submitted a support ticket to UKWSD asking them for some logs or records that showed the 59Gb worth of data transfer that they had been prepared to charge me for. UKWSD responded, but rather than offering to show me this evidence, they offered to refund the remainder of the fee I had paid. This second support ticket was then deleted. Naturally, I made a post in the SA forums informing everyone that UKWSD had waived the fee but that they were also unable to provide me with the logs showing the data transfer and that the support ticket had been deleted. UKWSD were now desperate to save face and responded by claiming I was continuing to lie and that no support ticket had been submitted. (I've got the receipt for the support ticket sitting in my inbox. How did I receive this if, according to UKWSD, I never submitted it?)