On December 20th of 2004 I opened a reseller account with HostGator. What follows is a log of my experience with them from that time until today, when I cancelled my account.

December 20th - Initial Setup
Account was ordered and setup rather painlessly. I chose the Aluminum plan (details found here (http://hostgator.com/resellers.shtml) ). I setup the accounts I needed under my reseller, and things proceeded rather smoothly.

February 27th - SSH access
Having come from an environment where I was root, and had SSH access CLI access to the machines, going to a all-GUI interface such as with cPanel can leave a bit to be desired. Seeing that SSH access was not offered, I decided to query as to why. I first used the online chat interface and was rather quickly told to email support.

This struck me as a bit odd, why offer a form of support just to refer to another one?

Nonetheless, email I did.

Subject: security reasons?
Department: Hostgator Sales

Request Details:
Hello,

I was told you contact you about the security reasons for not having
jailshell turned on. Much as I stated to your representative, I'd be
happy to pass any security you'd like for me to have access to
jailshell. It's really just a timesaver for me, the ability to untar
something would be nice from time to time.

Thanks,

Ben


A simple request you'd think, just tell me what I need to do, and I'll do it.

You're able to do this from control panel under file manager. You upload your script and then you find the file and click on the unzip.

Thank you for allowing me to work with you!

Sincerely,
Brent


Not so simple apparently, I really dislike asking a question and then someone completely dodging it.


Brent,

Thanks, but that's not really what I'm looking for. Could you please
just go over what the security reasons are, and what I can do to pass
them?

Ben


Asking again, I get the reply of

So the server has better uptime and is not hacked there is no way around our shell limitation. I'm sorry

Right, to prevent "hacking". Jailshell anyone? Seeing that this was getting nowhere, I dropped it.

June 29th - Lost WHMAP Login.
I lost my WHMAP login here, so I request that it be reset.

Hello,


Please provide us the admin login details for autopilot so that we can reset them for you. Also provide us the last 4 digits of your credit card and the registered email address as we need that for verification purpose.

If you have any more problems or questions please let us know.


Warm Regards,
Bryan
Support team
http://hostgator.com/help


Right, which part of lost login details are you having trouble with?


Bryan,

As I stated in my original email, I don't know the admin login details
for WHMAP, if I did, why would I contact you to have them reset? As I also stated in my original request, I don't know the admin email
address, yet again, if I did, why would I contact you?

As for the last 4 digits of the credit card, for the last payment they were xxxx

Not quite so warm regards,

Ben Prince


After that they managed to decipher my ultra-complicated password reset issue.

July 14 to Aug 3rd - Website under attack.
On or about July 14th a website that I was hosting began being hit very hard with referrer spam. It took HG quite sometime to work through the issue, so I'm not going to post the whole exchange, just a few of the shining examples of customer service you can expect should you choose HG.

Hello,

If you already blocked that person's ip address then next would be ISP ip range block from .htaccess file or cpanel-> IP Deny option, but under this ISP there are lot of people who will not be able to access the site. Other than this I dont think so there are any other option.
If you have any more problems or questions please let us know.
Thank you.

Warm Regards,
Shane,
Support Team.
http://HostGator.com/help


Right, so no support from the support team, thanks guys!


Hello,

You can block that IP which you think is consuming your bandwidth by adding a line in .htaccess as follows-
deny from <IP_address_here>
Please do verify the same at your end.

If you have any more problems or questions please let us know.
Thank you.

Warm Regards,
Martin,


Please note, that was received after the first request. Didn't we already establish that I'd blocked the offending sites via .htaccess? After some confusion over the proper order of the allow/deny rules, I send the following


As you can see from my stats, they are still eating my bandwidth. I
need something a little better than a .htaccess deny apparently. Do
your server's use any kind of firewall? If so, since this is quite
obviously malicious behavior, I request the IP's be blocked at your
firewall. If you don't use a firewall, would you consider installing
one? If not, what else would you suggest I try?


To which i received the brilliant reply of


Hello,

We have firewall enabled on our servers, we have apf installed on our servers.
If you have any more problems or questions please let us know.

Warm Regards,
Nicole,


Thanks Nicole, comprehend english much? I reply back...


Yes, I certainly have more questions.

Much as I just requested in my previous response, I'd like the
malicious IP's blocked. If you need to know what they are, just take
a look at my stats.

Ben


I can see this going nowhere fast.


Hello,

Please let us know the ip address you want to block, we will do that for you.

If you have any more problems or questions please let us know.
Thank you.

Warm Regards,
Ana,


Anyone surprised by that? I wasn't at this point. Disiilusioned by the sheer lack of comprehension of these "support" representatives, I provide them with the IP's in the email. They then do finally block them from the server by firewall, kind of them. Two more days pass, then I reply with...


Sure you as you may have been, they did show up. My bandwidth
continues to go up, and these sites have NOT been blocked apparently.
Please see that it is done. As well, please see the attached file
that shows stats from today and a couple days ago, when the sites
where supposedly blocked. Please notice how they continue to use my bandwidth.

What else can be done to ensure this stops, now.


It appears at this point that my request was forwarded to someone who understood how to read, and took an active in interest in fixing the problem. The next tech support rep blocked the offending sites, and then checked the logs to make sure no more requests were coming through. I then received this...

One of the problems I see is the requests that are coming from various IP blocks of the prod-infitum.com.mx ISP. I cannot block this ISP globally.. and I see that the IPs that were attacking your website today are different from the ones already blocked. The only thing I can really suggest is... You can block all their IP blocks via .htaccess. This may prove to be the closest thing to what you need.

You won't block an obviously malicious ISP, but you will block SSH access "for the uptime of the servers". That makes sense...not. My bandwidth is exceeded again some point during this, so I send the following plaintive...

Hello,

It's been almost a week since I sent in my last response and I've
heard nothing back from you.

When I can expect some sort of response?

Ben

A response I do indeed get...


Ben was suspended on dodge.websitewelcome.com due to the site's traffic causing serverwide outages on apache.

Please consider moving the website on that account to a semi-dedicated server if the traffic is expected to continue. If you need more information on semi-dedicated servers, let us know and we'll direct this request to sales.

Thanks for choosing HostGator!

-HostGator Support


Right, so you completely ignore my request and then suspend my site due to high traffic. Maybe if you'd block what I'd ask you to block that wouldn't happen.

That was pretty much the last straw for me. I cancelled my account and moved to PowerVPS (http://powervps.com/) and am much happier for it.

I can see some communication problems partially caused by the staff's brevity but I don't see how HG is to blame for not wanting to give SSH, or not blocking an ISP.

They don't offer and thus don't have to give anyone SSH. They don't even have to have a motivation for it. They can't block a huge number of IPs server wide as you wanted them to, because it would mean denying true traffic to other sites on their server.

Maybe I didn't grasp the real problem here?

Originally posted by ldcdc
I can see some communication problems partially caused by the staff's brevity but I don't see how HG is to blame for not wanting to give SSH, or not blocking an ISP.

They don't offer and thus don't have to give anyone SSH. They don't even have to have a motivation for it. They can't block a huge number of IPs server wide as you wanted them to, because it would mean denying true traffic to other sites on their server.

Maybe I didn't grasp the real problem here?

Same here....the OP did state that he left out numerous emails as well, but obviously would only post the bad ones to better his argument. Sure the communication by staff wasn't the best but its a well known fact that hostgator does not give out ssh access as its been posted all over this board, plus its probably in their TOS/AUP.

1. You have every right to be upset for us choosing not to provide shell when we clearly say we do not before purchasing. I'm sorry every reason we gave you was not acceptable. (security and uptime)

2.Your autopilot password that you lost was emailed to you within 40 minutes after you provided the last 4 digits of your credit card.

1st email we sent you requested verification before we provided login details.

2nd email sent to you had username and password.


3. Unfortunately we could not block one of Mexico's largest Internet providers just because you requested us to do so. That would not have been fair to everyone else on the server and would have made a lot of people upset.

We would have been happy to host you in a more dedicated environment were we could have given you shell and blocked the whole world is you wished, however you said you did not want to pay us more than the $24.95 total for your many sites.

If all you had in the 8 months was two issues I know that would be considered excellent hosting by many.

1. You forgetting password and being emailed it within 40 minutes.
2. Us not being able to block most of Mexico in a shared environment.

I'm glad you went for a more dedicated solution, and wish you the best of luck with your vps

Originally posted by ldcdc
I can see some communication problems partially caused by the staff's brevity but I don't see how HG is to blame for not wanting to give SSH, or not blocking an ISP.

They don't offer and thus don't have to give anyone SSH. They don't even have to have a motivation for it. They can't block a huge number of IPs server wide as you wanted them to, because it would mean denying true traffic to other sites on their server.

Maybe I didn't grasp the real problem here?

No, you did grasp the problem. I don't know that I'd call it brevity so much as a complete lack of understanding, but the communication with their staff (or complete lack thereof) was what I was trying to convey.

Originally posted by jmweb
Same here....the OP did state that he left out numerous emails as well, but obviously would only post the bad ones to better his argument. Sure the communication by staff wasn't the best but its a well known fact that hostgator does not give out ssh access as its been posted all over this board, plus its probably in their TOS/AUP.

If you really think it would benefit anything, I'd be happy to post every single communication with them, it will only further my point.

Well known fact or not, when I asked what the reasons were I was told for security. No one actually went into what those security reasons were with me however. Perhaps their practicing security through obscurity.

Originally posted by hostgator.com
1. You have every right to be upset for us choosing not to provide shell when we clearly say we do not before purchasing. I'm sorry every reason we gave you was not acceptable. (security and uptime)

2.Your autopilot password that you lost was emailed to you within 40 minutes after you provided the last 4 digits of your credit card.

1st email we sent you requested verification before we provided login details.

2nd email sent to you had username and password.


3. Unfortunately we could not block one of Mexico's largest Internet providers just because you requested us to do so. That would not have been fair to everyone else on the server and would have made a lot of people upset.

We would have been happy to host you in a more dedicated environment were we could have given you shell and blocked the whole world is you wished, however you said you did not want to pay us more than the $24.95 total for your many sites.

If all you had in the 8 months was two issues I know that would be considered excellent hosting by many.

1. You forgetting password and being emailed it within 40 minutes.
2. Us not being able to block most of Mexico in a shared environment.

I'm glad you went for a more dedicated solution, and wish you the best of luck with your vps

Hi HG, so happy to see you guys.

1. Way to be rude. This serves as an example of the level of service you can expect from HG, after you get pass their first level of support.

2. You are correct, it was done within 40 minutes. However, your first response asked for 3 things, 2 of which I clearly did not have. This shows your staffs complete lack of understanding.

3. Yes, actually you could. The fact that it took your server down is a good reason to do so.

4. I'm sure you would have been happy for me to give you more money, however, due to your support, that won't be happening ever again.

Originally posted by nigma

Well known fact or not, when I asked what the reasons were I was told for security. No one actually went into what those security reasons were with me however. Perhaps their practicing security through obscurity.

I really can't see why this is a problem. They don't offer shell access.
You seem upset that they won’t enter into a technical discussion with you and explain their reasoning.



And yes I'm with Hostgator

For the third time now, I understand they do not offer shell access.

Yes, I am upset they did (past tense, I'm not hosted there any longer) NOT enter into a technical disccusion with me on it. If you're hosted there, you should be as well, security through obscurity is no way to manage a server.

nigma,

The most common reasons webhosts do not offer SSH access is because malicious scripts can then be very easily executed. Many hosts don't offer this at all, some offer it for free with the hosting plan, and still others offer it at a fee. At my company, we chose the latter method to ensure that any shell activity would more than likely be for a legitimate purpose.

If you look around, I'm sure you'll be able to find many fine companies that offer SSH access included with the hosting account for no extra fee. For instance, Site5 seems to offer free SSH access with their accounts.

Best of luck! :)

Originally posted by globalwebbrands
nigma,

The most common reasons webhosts do not offer SSH access is because malicious scripts can then be very easily executed. Many hosts don't offer this at all, some offer it for free with the hosting plan, and still others offer it at a fee. At my company, we chose the latter method to ensure that any shell activity would more than likely be for a legitimate purpose.

If you look around, I'm sure you'll be able to find many fine companies that offer SSH access included with the hosting account for no extra fee. For instance, Site5 seems to offer free SSH access with their accounts.

Best of luck! :)

For the fourth time now, the issue was not they did not offer SSH access.

Nigma..I salute you.
Those were some of the funniest posts I've read.
Sorry to hear your bad experience with HG, I always believed them to be a top host.

Better Luck Next Time

Way to go nigma.

I was put off by host gator for exactly the same reason. The staff has a complete lack of understanding and it is quite plain they don’t read your support request.
I would hazard a guess that HostGator’s staff gets paid by the amount of tickets they answer.

They should have offered you more bandwidth because one of your sites were being attacked. Not just suspend you and suggest you spend more money with them.

I feel very sorry for the people who are trying to back hostgator up on this. There is no hole in nigma's arguement. Excluding emails for the good of getting down to the point is an okay thing to do. I doupt those emails would of been better from my own experience with them.

At least I know it isnt me now. I was beginning to think it was me not making myself clear enough.

I understand this completely, nigma. I was helping you out by explaining why they didn't offer SSH access, just as you requested.

Originally posted by nigma
For the fourth time now, the issue was not they did not offer SSH access.

Originally posted by nigma
For the third time now, I understand they do not offer shell access.
So you knew they didn't offer SSH before you purchased your account with them, yet you asked them for it, and complain here when they did not give you SSH?

Is that correct?

As I read it Aussie Bob, he was not complaining about SSH.
He was simply asking why it was not offered. Sensible question as the answer is not already offered. Perhaps they may have bent the rules for him if he did send them some ID or something.

He was not complaining at all about it. He was simply showing how Host Gator's support was totally awful.


May I suggest people actually read his post and all the replies before accusing nigma of something.

Nigma,

It is clear that HostGator and you knew that they didn't offer SSH access. My question is what made you think, after you signed up for an account, that HG owed you an explanation as to WHY they don't offer SSH? HG told you that it was for security reasons. That should have been enough. It's a bit like knowing Walmart won't sell cd's with questionable lyrics in them, but demanding to know why, while standing at the checkout counter of said store. (pssst....it's because they don't have to & nobody forced you to go to Walmart) If you needed shell so badly, perhaps you should have picked a service that offered it.

Frankly, although HG's emails seemed curt, you came across, at least to me, kind of arrogant. So you see (or perhaps you don't), it's all a matter of perspective.

Greg

Originally posted by TresM
. . . May I suggest people actually read his post and all the replies before accusing nigma of something.
I read the post and totally understood it.

The OP knew hostgator doesn't offer SSH, but signed up with them, and then asked for SSH -

". . . Much as I stated to your representative, I'd be happy to pass any security you'd like for me to have access to jailshell. It's really just a timesaver for me, the ability to untar something would be nice from time to time."

HG gave their reasons for not granting SSH, and that's that. If the OP really needed SSH, he should have asked this in a pre-sales question, before purchasing the account, and not after purchasing the account.

The same scenario has happened to me many times. New client signs up - knows we never grant SSH access. Then starts to beg/complain/demand that we give them SSH - then demand to know our reasons why we don't allow SSH access - then try to debate as why we should allow SSH - or they'll cancel their account.

heh. Gotta love this business sometimes. :)

Originally posted by globalwebbrands
I understand this completely, nigma. I was helping you out by explaining why they didn't offer SSH access, just as you requested.

Actually, I never requested that, at least not of you. I did request it of HG, and their failure to provide it was what my main complaint was.

Originally posted by Aussie Bob
So you knew they didn't offer SSH before you purchased your account with them, yet you asked them for it, and complain here when they did not give you SSH?

Is that correct?

No, that's wholly incorrect (and a rather rude, discourteous, and frankly shortsighted synopsis of my post). For the fifth time now, it had absolutely nothing to do with the fact that they did not offer SSH access and everything to do with the replies I received from their support department when questioned about it.

Originally posted by botchka
Nigma,

It is clear that HostGator and you knew that they didn't offer SSH access. My question is what made you think, after you signed up for an account, that HG owed you an explanation as to WHY they don't offer SSH? HG told you that it was for security reasons. That should have been enough. It's a bit like knowing Walmart won't sell cd's with questionable lyrics in them, but demanding to know why, while standing at the checkout counter of said store. (pssst....it's because they don't have to & nobody forced you to go to Walmart) If you needed shell so badly, perhaps you should have picked a service that offered it.

Frankly, although HG's emails seemed curt, you came across, at least to me, kind of arrogant. So you see (or perhaps you don't), it's all a matter of perspective.

Greg

Greg,

You are correct, they owed me no explanation. However, failure to provide one denotes the worst and most common form of security, obscurity. It appears this is what HG practices and I thought it was pertinent to any review of them.

Originally posted by Aussie Bob
I read the post and totally understood it.

The OP knew hostgator doesn't offer SSH, but signed up with them, and then asked for SSH -

". . . Much as I stated to your representative, I'd be happy to pass any security you'd like for me to have access to jailshell. It's really just a timesaver for me, the ability to untar something would be nice from time to time."

HG gave their reasons for not granting SSH, and that's that. If the OP really needed SSH, he should have asked this in a pre-sales question, before purchasing the account, and not after purchasing the account.

The same scenario has happened to me many times. New client signs up - knows we never grant SSH access. Then starts to beg/complain/demand that we give them SSH - then demand to know our reasons why we don't allow SSH access - then try to debate as why we should allow SSH - or they'll cancel their account.

heh. Gotta love this business sometimes. :)

You've missed the point, again. See above.

Originally posted by nigma
No, that's wholly incorrect (and a rather rude, discourteous, and frankly shortsighted synopsis of my post).
No need to insult folks, just because they see something in a different light than you do. I look at the facts presented, and comment as such. If you don't want folks to comment, and god forbid, disagree with you, then don't post them into a public forum.

You knew they didn't offer SSH - you asked for it - they said no - you demanded their reasons - they said security - end of story.

Originally posted by nigma
Actually, I never requested that, at least not of you. I did request it of HG, and their failure to provide it was what my main complaint was. You're absolutely right - you did not request that from me. I was trying to help you out by explaining the normal reasons for a webhost not to offer this service. Rest assured that I won't make the mistake of helping you out again.