I've been with ThePlanet since 2003. Three years now. They have been good and were a fantastic alternative to EV1 at the time; they were run like a small company. Since then I've added servers at Softlayer and Steadfast, both of which I really like. I've been in colo/dedicated for almost ten years now, so I've seen it all.

Lately, ThePlanet has been getting worse, as far as I can tell. TWiT was hosted with them and they lost a drive that took over 12 hours to get replaced. Bad business.

My latest grief is more organizational. Today I was grocery shopping (Sunday afternoon) and got a call on my cell phone from ThePlanet. I was told that a site on the server had been hacked and was being used for phishing. No problem, it happens. I remove them immediately. I was told that I had 45 minutes to get the site down or they would remove the entire server from the network.

I finished buying my groceries early and rushed home and within 45 seconds had chmod 000'd the files. I called TP to enquire if this policy was the new way of doing business, and if it was in place 24x7. They said it was.

The ramifications are that if you are the contact on the account at ThePlanet, as I am, you have to be available 24x7 and cannot even go to a two hour meeting without worrying that if one of these calls came in and you missed it you would be down within an hour. Or if you went to a movie. So on.

This policy is making me work to begin pulling my 13 servers out of TP. I understand the critical nature of these warnings but would like more than one hour to resolve them. There are many many reasons why we would have to disconnect for more than an hour and to have to risk this occuring again is crazy. I believe they should give four hours or six, both reasonable. Or, better yet, use the root password to disable only the site or the part of the site in question and not the whole server!

I posted this to 1) let everyone know of this policy, new to me (it used to be 24 hours to respond) and 2) get your feedback.

I know in this business if you're #1 in charge you should always be on call due to other potential problems like hardware, but to have an institutional policy that could cause such problems seems like bad business. They informed me that if it is not handled in an hour that they get sued. Seems crazy - give us at least TWO hours or four.

Drew

Hi Drew,

While from your prospective it may seem harsh I think it is a policy you will see more and more reputable data centers adopting.

It is my understanding that The Planet still give 24 hours for most abuse issues such as UCE / SPAM but where it concerns people's financial information being stolen in phishing cases they give a 1 hour window for it to be resolved. Many providers have been under a lot of pressure from the anti-phishing community including big banks to tighten their policies on this type of issue.

The Planet will open a support ticket under your Orbit account as soon as an abuse incident arises which should be emailed out to your entire team. In the case of a phishing abuse issue they will also telephone the primary account contact after opening the ticket and if unable to reach them they will move down your escalation contact list until they do reach someone.

Logging into the server to disable the account could open them up to potential liability and is also dependent on them knowing how you have things setup etc. This is very often not the case.

I think The Planet's abuse notification procedures are a danm site better than a lot of data centers I have dealt with :)

- Chris

They informed me that if it is not handled in an hour that they get sued. Seems crazy - give us at least TWO hours or four.

Drew

This sounds like a blatant lie on the part of TP. We run our own network and deal with spam, security, phishing incidents daily. No one who has a complaint regarding an issue on our network has never sued us, and no one has threatened to sue us if an issue isn't resolved within one hour. Most who complain are appreciative of the fact that we resolve most issues in less than one day.

This sounds like a blatant lie on the part of TP. We run our own network and deal with spam, security, phishing incidents daily. No one who has a complaint regarding an issue on our network has never sued us, and no one has threatened to sue us if an issue isn't resolved within one hour. Most who complain are appreciative of the fact that we resolve most issues in less than one day.

That's the feeling I got too. We have a /22 worth of servers/ips (over 1,000 exposed IPs) on our own network/colo and the most threatening letter I've rec'd yet was from Barclay's, but it gave more than an hour - I believe it was 24 hours.

I would like TP to be able to disable this by providing abuse resolution instructions or something. This is a cpanel box, it is very standard, and I bet most clients are as well.

I think an hour is overkill.

Didn't the planet join up with EV1 ? EV1 does this regularly. I.e. they call you at 3 AM and talk to your answering machine: There's an abuse issue. You got one hour from now.

EV1 also does suspend servers immediately if there is a perl script on your server that does DDOS attacks. They are monitoring their network for these attacks and if one is comming from your server they pull the plug immediately and will not unsuspend it before they have investigated it offline to see if it was hacked. This will happen to each and all of your servers at one time because it lies in the nature of things that hackers upload nobody owned perl scripts to do DDOS attacks. If you are using EV1 you are forced to install a firewall on your server to prevent perl scripts from doing DDOS attacks. I've installed APF on all servers and never had problems after that. I think since the Planet and EV1 became one company ThePlanet may handle this just like EV1 does.

Now is it good what EV1/ThePlanet are doing ? It depends on the point of view. On the one hand they may save you from getting your server ceased by the cops. Also from a legal point of view as far as I know they would have to suspend immediately so that they do not become liable. Considered this way even 1 hour is a lot of time and risk. When I was talking to a lawyer whether to give a client who has security problems a second chance he told me not to do that as I may be held liable if it happens again... Not user friendly but that's the law...the law is not user friendly.
On the other hand other hosts are giving you 24 hours to resolve it and it appears to be working well for these hosts. Also EV1/ThePlanet could have a better solution in place i.e. automatically preventing phishing victims from opening the page via their firewall. They could set up a system that does only suspend a specific account/domain instead of the entire server. When I talked to EV1 they said they were considering to improve their abuse system in the future.

Didn't the planet join up with EV1 ? EV1 does this regularly. I.e. they call you at 3 AM and talk to your answering machine: There's an abuse issue. You got one hour from now.

EV1 also does suspend servers immediately if there is a perl script on your server that does DDOS attacks. They are monitoring their network for these attacks and if one is comming from your server they pull the plug immediately and will not unsuspend it before they have investigated it offline to see if it was hacked. This will happen to each and all of your servers at one time because it lies in the nature of things that hackers upload nobody owned perl scripts to do DDOS attacks. If you are using EV1 you are forced to install a firewall on your server to prevent perl scripts from doing DDOS attacks. I've installed APF on all servers and never had problems after that. I think since the Planet and EV1 became one company ThePlanet may handle this just like EV1 does.

Now is it good what EV1/ThePlanet are doing ? It depends on the point of view. On the one hand they may save you from getting your server ceased by the cops. Also from a legal point of view as far as I know they would have to suspend immediately so that they do not become liable. Considered this way even 1 hour is a lot of time and risk. When I was talking to a lawyer whether to give a client who has security problems a second chance he told me not to do that as I may be held liable if it happens again... Not user friendly but that's the law...the law is not user friendly.
On the other hand other hosts are giving you 24 hours to resolve it and it appears to be working well for these hosts. Also EV1/ThePlanet could have a better solution in place i.e. automatically preventing phishing victims from opening the page via their firewall. They could set up a system that does only suspend a specific account/domain instead of the entire server. When I talked to EV1 they said they were considering to improve their abuse system in the future.

I do belive EV1 will be adopting TP's abuse, well atleast I hope.

TP's abuse is generally one of the better abuse departments out of most providers, and they generally disable things rather than disconnect the entire server which personally i'd rather have done.

From what I was told it is EV1 adopting TP abuse department for the exact reason you just listed, they will disconnect you instantly. We had that problem just a few weeks ago with EV1 were they disconnected, which does nothing other than annoy the customer especially since if they given notice it would have been handled 2-3 minutes later, instead a disconnection leads to over an hour by the time it's reconnected etc. Yet the same thing at TP would have been resolved 2-3 minutes later, everyones happy.

-Scott

It is my understanding that The Planet still give 24 hours for most abuse issues such as UCE / SPAM but where it concerns people's financial information being stolen in phishing cases they give a 1 hour window for it to be resolved. Many providers have been under a lot of pressure from the anti-phishing community including big banks to tighten their policies on this type of issue.
I agree with this policy. As hosting providers, this kind of issue really puts a damper on our day. However identity theft, even just banking theft can dramatically impact someone's entire life. I do feel it is a bit demanding of The Planet though. Perhaps they could create an escalation procedure that would allow them to login and disable the site, rather than pulling the whole server. With that said though, with unmanaged server, by doing that, are they going above and beyond their responsibilities?

EV1 also does suspend servers immediately if there is a perl script on your server that does DDOS attacks. They are monitoring their network for these attacks and if one is comming from your server they pull the plug immediately and will not unsuspend it before they have investigated it offline to see if it was hacked. This will happen to each and all of your servers at one time because it lies in the nature of things that hackers upload nobody owned perl scripts to do DDOS attacks. If you are using EV1 you are forced to install a firewall on your server to prevent perl scripts from doing DDOS attacks. I've installed APF on all servers and never had problems after that. I think since the Planet and EV1 became one company ThePlanet may handle this just like EV1 does.

This really isn't true. We had this exact incident happen just last week with them (except it was php and not perl). They opened a ticket in Orbit and asked us to investigate the issue. They gave us the file the traffic was coming from and the fact that they had chowned the file to root and chmodded to 000.

They gave no specific timeline and were not unpleasant about it. Exactly what I would hope for.

This really isn't true. We had this exact incident happen just last week with them (except it was php and not perl). They opened a ticket in Orbit and asked us to investigate the issue. They gave us the file the traffic was coming from and the fact that they had chowned the file to root and chmodded to 000.

They gave no specific timeline and were not unpleasant about it. Exactly what I would hope for.

Yeah it really IS true. Maybe in your case the script was just sitting around but not used at the time when they looked at it (i.e. someone complained about a DDOS from your server but at the time they looked at it the attack was not going on anymore). However, if a DDOS script is running at the time when they take note of it they will unplug the server and refuse to bring it back online before investigating. Happened to me twice and I was not given a single second to resolve the issue before the server had been suspended. If they find out that the server has been compromised (root wise) they will refuse to bring the server back online without formatting it:

http://forum.ev1servers.net/showthread.php?t=56073
http://forum.ev1servers.net/showthread.php?t=60204
http://de.pastebin.ca/181532
http://forums.ev1servers.net/printthread.php?t=63136

Or maybe they really changed their way of dealing with such issues since they joined with TP. That would be good news of course. However, I can tell for sure that they used to suspend servers immediately if an outbound attack was going on.

They now give an hour, just like my original post. I believe this becomes a liability to me as a client. I am going to have to begin looking elsewhere for my critical servers.

I support this harsher mandate of an hour and wish all datacenters would implement it. Yes, it sucks but IT is a 24/7 industry. With technology it's not impossible for a firm to remain available 24/7 either by blackberry or whatever the latest high tech gizmo is. It does certainly bite to wake up at 3 am to fix an issue or deal with abuse. Heck back in the day there were times when I didn't sleep for 24-36 hours. Business is rough, some people have what it takes and others don't. I couldn't stand the heat so I got out of the kitchen.

Now back on track:

Think about it from the victims point of view. Some of these phishing scams are really convincing and if I didn't know better I would easily fall for them. Overnight people have their lives ruined by these malicious scammers and don't find out about it until months later when it's too late to do anything. A few uncomfortable moments for you is easily trumped by the benefits to society (the victim) .

No, it was an active attack. We've always been with TP, so I have no clue how EV1 handled it.

I mean I am already used to not leaving the house without a notebook but I am really concerned about some situations. I.e. what if I need an operation where I will be knocked out for a day etc. If you have 1 hour than it may be YOUR life that is ruined. When I'm outside I'm already driving extra slow because I know if I had an accident and couldn't work for a week I'd be ruined for life. I'd rather expect people to learn not to enter their credit card info on phishing pages than me no longer beeing able to obtain health treatment. Ok, I do not want my servers get ceased and I don't want to get sued but anything that goes beyond this is out of my responsibility. We have a right to live our lifes, too. DCs must adjust their services so one man hosts can use their services simply because they need us as much as we need them.

Glace, well said. We all feel this pressure. We need some sort of co-op, or something.

I mean I am already used to not leaving the house without a notebook but I am really concerned about some situations. I.e. what if I need an operation where I will be knocked out for a day etc. If you have 1 hour than it may be YOUR life that is ruined. When I'm outside I'm already driving extra slow because I know if I had an accident and couldn't work for a week I'd be ruined for life. I'd rather expect people to learn not to enter their credit card info on phishing pages than me no longer beeing able to obtain health treatment. Ok, I do not want my servers get ceased and I don't want to get sued but anything that goes beyond this is out of my responsibility. We have a right to live our lifes, too. DCs must adjust their services so one man hosts can use their services simply because they need us as much as we need them.

I second this statement. The DCs should take action on that specific "problem" and not disconnecting the whole server. They should bear the responsibility than continue passing the pressure to their customers. They can if they want.

They could provide an easy solution of suspending the account/script for you after an hour instead of the whole server. This would make everyone's life much easier. They disable the script immediatly and you don't lose the whole server.

This would have a really bad effect on your business if you're only starting out and are still small. Losing every single clients site for a few hours if you're unaware of the situation. I would go as far as to say that they can charge me for the half an hour they spend disabling the account from which the attack originated. They could even give you a choice, they disable whole server at no charge or disable the account for an hourly rate.

There are so many really basic solutions to this problem it's scary, but why they choose the easiest for them is beyond me. They will only negatively affect their clients by taking this route. They could even cause some of their clients to go out of business with bad timing, which in the end causes them to lose money. Makes no sense at all!

I agree that in such cases as a phishing site they should either take the script/site offline, or block via firewall, but never take down the whole server.

However, looking at TP's site, with the Platinum / Titanium service plans, you are able to have custom escalation/direct support escalation. The custom escalation is "Design and perform specific procedures"... maybe this could be adapted to such situations (file a plan with them beforehand should a phishing site pop up).

No question. An hour is not necessarily a lot of time. If you are the only technichian than there is no way that you can tackle this.

What you could do is setup the contact e-mail so that several employees are paged at the same time and try to get pro-active in this way. The best is to have people in different timezones/continents. For me that seems to work quite well.

What you could possibly do is make an arrangement with someone at PSM/Rack911/Acunett and have them added to your notification, so that they could go in and disable the site should that happen.

I personally carry my BlackBerry with me at all times, if something comes up I can log in remotely from wherever and deal with the issue.

1 Hour is far more then enough time to take care of any issue like this.

Seriously, the source IP should be null routed the moment any type of fraud running on a server is found, then notify the owner of the server as to how they can access the server (if the server only has one IP), remove the offending content and bring the IP back online. If it continues to happen with the same server the a notice of clean it up or get canceled should be given after which if it happens again the whole server should be brang down and the account canceled. Any client on your server running anything "critical" should have its own IP anyways. Any "critical server" should have daily security audits to prevent this type of abuse.

We all need to put our foot down when it comes to this sort of thing to stop it.

Think about it this way...
What if a fraud site was able to get a hold of your information would you want it up an hour so it can send the data out to be retransmitted and used to break into your accounts, spend your money, apply for credit cards in your name, etc.... Have you any clue as to how much time and money it would take someone to clean a mess like that up? As service providers it's our job to prevent this it's what we get paid for.

security
uptime
security
features
security
support
security
etc...

Wake up!

fyi. If you are an owner of a dc and login to a server running any sort of fraud you can be held responsible and if it's found that you didn't take a server down immediately you can be hit with aiding in a federal offence. Hacking, fraud, etc... is all a federal offence in the us now ever since the patriot act after 9-11.

I can read the headlines now... "Company XYZ lost today in class action suit in conjunction with federal prosecutors as they failed to implement a fraud protection policy that allowed (joefrauster, age 13), who could not be tried as an adult so they had to pin it on someone, to single handedly con 300k unsuspecting internet users out of 10 billion us$ within one hour by using there bank information and an automated script to transfer funds abroad into a Swiss Bank account where the funds have been emptied"

One hour is way to long people. Think more secure, think worse case.

One hour is way to long people. Think more secure, think worse case.

Which is why the DC's have to come up with a policy that not only shuts down the site immediately, but shuts down only the site/script and keeps the rest of the server up and running.

Drew, if your provider is not willing to work with you, provides no flexibility for accomodating your business, and refuses to suspend the site/scripts instead of pulling the plug, then look for a new provider.

I'm all for fast security actions to prevent fraud, but pulling the plug on an entire server after an hour is not reasonable when dealing with a legitimate business who is a host and maintains other accounts on the server. Not very "hosting friendly" for those who manage shared servers. They may want to re-examine this policy and come up with a way to suspend the affected site/scripts instead...

- John C.

Which is why the DC's have to come up with a policy that not only shuts down the site immediately, but shuts down only the site/script and keeps the rest of the server up and running.

Like I said null route the offending ip(s) it’s the best way.

The DC administrators legally cannot login to turn off the scripts they are suppose to shut it down and if they are served with an administrative subpoena then they have to turn in the information and cannot tell the client that they have done so. Try and figure out how to do that one. I don’t agree with the administrative subpoenas but you can thank bush for that law.

Can the DC admins log in legally and shut down the script if you specifically allow them to (approve via phone)?

The reason I ask is that the OP was reached by TP, he could have given the okay for the shutdown of the script over the phone and not had to rush back - especially if he was 1+ hours from the office/home.

Drew, if your provider is not willing to work with you, provides no flexibility for accomodating your business, and refuses to suspend the site/scripts instead of pulling the plug, then look for a new provider.

I'm all for fast security actions to prevent fraud, but pulling the plug on an entire server after an hour is not reasonable when dealing with a legitimate business who is a host and maintains other accounts on the server. Not very "hosting friendly" for those who manage shared servers. They may want to re-examine this policy and come up with a way to suspend the affected site/scripts instead...

- John C.

John - as mentioned initially, that's precisely what I'm going to do. I wasn't ever too comfortable with the mega-datacenter anyway. Too easy to get lost in the masses, even if you're Leo and have the TWiT army.

I am going to rethink my rented server argument I've made here before and may very well put these in my own colo.

I'm not asking so much for more than an hour anymore - if they want to enforce that then they should offer the option to fix it since it is a standard cpanel server under Gold management.

Drew

I agree that ThePlanet service is getting worse.
When i look at their ads on WHT, i can imagine 2 people paying different prices for different hardware configuration but they will get the same *** support. ;)

[sNip]
I'm all for fast security actions to prevent fraud, but pulling the plug on an entire server after an hour is not reasonable when dealing with a legitimate business who is a host and maintains other accounts on the server.

Spammers, for example, can inflict an enormous amount of damage in one hour, especially when they have a live fishing web site to accompany it.

This will probably seem harsh, but you folks are selfish. You think that it's okay to inconvenience the rest of the internet just because you couldn't secure your systems properly, and then you whine like a terminated spammer when you get disconnected? If I had to choose a hosting company, I certainly wouldn't want to choose one with an attitude like this; I would want one that takes a pro-active approach to running their systems competently.

Also, if you are maintaining multiple accounts on a single server that you don't have mirrored elsewhere (e.g., to a server in a competing facility) with a quick recovery plan, or some other alternative, then you're relying way too heavily on a major single point of failure. I hope your customers understand that you only have one server -- they do, right?

Not very "hosting friendly" for those who manage shared servers. They may want to re-examine this policy and come up with a way to suspend the affected site/scripts instead...

- John C.

I think disconnecting abusive systems as soon as possible is a matter of taking social responsibility seriously, and upstream providers who do so are far more likely to be in business in the long run because they won't get blacklisted in DNSBLs (a.k.a. RBLs) which can translate into losing customers fast.

If my upstream provider noticed that one of my systems was compromised and was actively posing problems for other internet hosts, I'd be pleased about them cutting it off because I really don't want to be an accessory to a crime, regardless of who the criminals are or what they're trying to accomplish.

At this point, I would have two options:

0. Get to the co-location facility so that I can take care of my servers in person; or,

1. Tell the co-location NOC staff what my IP address is (so they can make one exception in their routing rules; this is usually easy for competent NOC staff) so that I can take care of my servers remotely.

Freedom comes with a price: Responsibility.

I agree with the security issues and that thet scripts or accounts should be suspended immediatly, but taking down the whole server is a bit harsh. I think they're just too lazy to go through the extra effort of removing the scripts. At least give me some sort of choice in the matter! I will sign a paper saying that they can go into my server and suspend the offending account paying whatever hourly rate they charge to do so. At least it's better than losing a whole server of customers. It's not a very nice feeeling when you get 100's of emails from customers complaining that the server is offline due to this very harsh policy.

As a small who only started up lately this would threaten the existance of my business. I can't afford to get a mirror server in another datacentre at this time. Maybe in the future I will set something like that up to prevent any issues like this.

This will probably seem harsh, but you folks are selfish. You think that it's okay to inconvenience the rest of the internet just because you couldn't secure your systems properly, and then you whine like a terminated spammer when you get disconnected? If I had to choose a hosting company, I certainly wouldn't want to choose one with an attitude like this; I would want one that takes a pro-active approach to running their systems competently.


So what do you expect ? Should we manually analyze every single PHP script on our servers to figure out if it has a security hole ?? I guess in my case that would take 100 years and of course by then the customers would have uploaded new scripts to check.

The truth is: It is IMPOSSIBLE to prevent hackers from gaining access in some way. You can do a lot to reduce such issues but 100% is simply impossible. People who use the internet have to learn the difference between phishing mails and legitimate mails. While it is our responsibility to remove fraudulent scripts as soon as we know about them we can not be forced to stop sleeping just because some people on the internet are not skilled enough to use a computer properly and recognize the difference from phishing and regular mail.

The facts:
- It is impossible to prevent hackers from gaining access occasionally
- With todays competitition only few can afford to have a backup server or employ staff to watch their servers. This is not 1995
- Some of us (including me) are making a living off of it. I am paying my rent with webhosting money. You know it's not like I'm selling hosting accounts because I am saving for a new Playstation.
- We all are human beeings. We need to sleep, go to hospital etc. ! What's selfish about that ?

The only way to prevent hackers from ever hacking a computer is if it has no net connection!

You can tighten up securty on a server so much that there are virtually no hacks or scripts that can be uploaded etc, but then you sit with the issue of trying to get a clients script to run at all. There is always issues with scripts not running and other things not working properly if you tighten the server up too much. I know you're probably gonna say then the scripts that don't run aren't secure and shouldn't be allowed to run, but that's not true. Even if a script is 100% secure with no hacks and you upload it to a server that has security set up too tight, it might still not run. So it's easy watching from the sidelines and shouting do this, do that! It's not easy actually doing it on a server. So if you run a shared server you are bound to get a few uploaded scripts and hack attempts once in a while. If you are dumb enough to be caught by a phishing scam then you probably deserved it, especially if that scam had a whole hour to convince you.

As a small who only started up lately this would threaten the existance of my business. I can't afford to get a mirror server in another datacentre at this time. Maybe in the future I will set something like that up to prevent any issues like this.

I can afford this, but have no idea how you could implement this on a large scale without raising end user prices a lot. And I have NO idea how you could do it using cpanel.

Drew

We are maintaining a server on planet with 200+ clients with 250+ or so sites, some high profile, some with heavy traffic, and some with serious business volume since 2003 to date.

Up to this moment, both spam, uce, and phishing issues have been handled very nicely at planet, giving 24 or 48 hours for resolution, and everything went smoothly.

Since the recent change, a merger, which is i have long come to know as something that generally spoils otherwise good companies happened at planet, we have been a little wary as to the quality at planet would decline. With the 'new management' and such. And i have pointed this out in forums at the planet or here earlier, if i remember right. So far we have not experienced any problems with either network, connectivity, support or abuse resolve.

However this thread here is very annoying news.

We will be pulling out of the planet on repetition of this occurence, or if we get hint that we (and consequently our clients) would be hampered in that way.

Planet may have its legal concerns that they might be sued, we have our clients to take care of. I see taking down of 200+ people's sites due to a minor glitch in such irresponsible manner little short of murder.

[sNip]
This will probably seem harsh, but you folks are selfish. You think that it's okay to inconvenience the rest of the internet just because you couldn't secure your systems properly, and then you whine like a terminated spammer when you get disconnected? If I had to choose a hosting company, I certainly wouldn't want to choose one with an attitude like this; I would want one that takes a pro-active approach to running their systems competently.
lol, I guess you don't run a hosting company of any size then. Scripts get hacked, customer accounts get compromised, etc... This is par for the course. And most hosts deal with these issues very quickly. However, being with a DC that has a one hour and then pull the plug policy is not going to work for a host. If they are not flexible enough to either suspend the account on the server, or even charge a fee to do this if no action is taken after 1 hour, then it's there loss.
Also, if you are maintaining multiple accounts on a single server that you don't have mirrored elsewhere (e.g., to a server in a competing facility) with a quick recovery plan, or some other alternative, then you're relying way too heavily on a major single point of failure. I hope your customers understand that you only have one server -- they do, right? Remote backups are also par for the course. Having a fully mirrored second server complete with SQL replication and in-sync email with failover load balancers is not really something that is practical for most shared hosting... I hope your site is not mirrored cause it's down right now. ;)

Freedom comes with a price: Responsibility. Freedom also comes with the choice of choosing a more flexible and suitable DC as well. :)

When you pay $xx,xxx+ a month to a DC, you expect a little bit of help and support on issues when they arise to avoid a complete server shutdown. There are plenty of other DC's out there that deal with issues quickly while avoiding "pulling the plug" on the entire server.

- John C.

Amen John. I'm already packing my bags and will be leaving The Planet. My bill was $x,xxx and will be zero when all is said and done.

- With todays competitition only few can afford to have a backup server or employ staff to watch their servers. This is not 1995

Consider yourself lucky you don't have your site in your sig and no prospective clients can see this post. It's absolutely atrocious that you don't have people looking after your servers 24x7 and still feel the right to complain. Of course you're upset, you don't have a proper business running.