Hopefully I won't reveal too much information here, as it's not my intent to run anyone down personally. Listen, childrens, while I tell you mah storay...

Once upon a time there was this really great hosting company. They offered resales and domain resales on Windows servers with SQL server (50 instances), unlimited resold account, unlimited e-mail accounts, PHP support, unlimited MySQL instances, full support for ASP/.Net 1.1/2.0/3.5, javascript, vbscript, CDONTS/ADO. Stats, downloadable IIS logs. Not a lot of space/traffic - like 5G/50G - but for $25 a month I wasn't going to complain. As in any situation, there were occasional issues, but for the most part, for six years Really Great Hosting Company was a Really Great Hosting Company.

Then...Really Great Hosting Company sold their shared/reseller business to another organization. This other organization appears to be run by a guy who has a great, friendly attitude...and staffed largely by incompetents. Consistent inability to differentiate between SQL Server and MySQL, for instance. Regular outages - control panel inaccessible, domains inaccessible, e-mail not working half the time, mission-critical URLs changed without notice, sites being regularly hacked, etc. etc.

I managed to track down the Big Cheese and sent him a long e-mail detailing my issues. He responded, with remarkable candor and admirable concern, and promised to get these issues resolved Right Now. Even gave me a year of service for free! A few things got fixed, and for a little while I thought...yeah, we're back to the standards I'm used to from Really Great Hosting Company.

Unfortunately...the improvements have not held. My hosting control panel is badly misconfigured, and half the time it 404s. It doesn't attach DNS information to new domains, and doesn't have a way to code that information by hand. SMTP mail won't send consistently. My CNAME redirects so my clients see "their" control panel at "custom.theirdomain.com" is broken. My SQL scripts have started taking injection attacks - which I realize is a coding problem, not a hosting problem but I don't understand why this code was unhacked for six years and NOW it's become an issue. For a while, my sites were regularly being hacked via WebDAV exploit..and I don't even use WebDAV. It never should have been enabled...and it never was, under Really Great Hosting Company.

Unfortunately, while I have nothing but the utmost *personal* respect for Not-So-Great Hosting company, as a business partner I've come to the reluctant conclusion that They Suck, They Will Continue Sucking, And I Must Move On.

SO!

White-label hosting and domain resales. Windows servers with full ASP Classic/.NET support and SQL server. Unlimited (or A Very Big Number) sub-accounts and attached domains. Unlimited (or A Very Big Number) POP/SMTP accounts with webmail access. Minimum of 15 SQL server instances (DSN-less; I use the Dreamweaver connection string method to connect my SQL servers), ideally with PHP/MySQL available as well. Domain reselling. Enough space that I can price competitively without having to oversell. On the order of $25 a month.

These Are The Things I Need.

Help me, WHT. You're my only hope.

Which control panel are you using?
You should consider finding a host with the same control panel so the transfer is easier.

Which control panel are you using?
You should consider finding a host with the same control panel so the transfer is easier.

Helm 3. One of the things influencing this decision was the host trying to upgrade to Helm 4...and failing.

That said, given the nature of the sites, I suspect I'd end up doing much of the transfer work myself anyway. I'm really not expecting a new host to handle that for me, for $25 a month. I'm not married to Helm - but I *am* married to SQL Server/ASP

I signed up with the company that answered this message today and made an error during registration. After contacting the sales department, this is the response I got:

======================
Hello John,

Whose credit card did you use to make payment?
To verify your order, we need scan image of your photo id and front/back of the credit card used.
Existing order with invalid domain has been canceled.
You can place a new order with correct domain name.
Thank you.

Regards,
Peter

Ticket Details
Ticket ID: IDU-101640
Department: Sales Enquiries
Priority: High
Status: On Hold
========================

and my response to them:

The credit card belongs to my client, XXX, who lives in XXX

Should I just have HER do the registration instead? Seems kind of silly…she’s actually a client of mine who has agreed to pay the cost of this hosting transfer as part of developing a site for her and for her husband. Certainly a scan of a photo ID plus the front and back of a credit card would be far more easily-duplicated information than I’d care to part with, or advise a client to part with, under any circumstances, especially through an unsecure process like e-mail. It would take an amateur about four minutes to steal an identity with that kind of information.

As I consider it further…yeah. I think I’m going to have to reconsider my options here. I’m not sure that I’m comfortable with any company asking me to part with that much information, especially when you’ve been given valid CC information including a full mailing address, CVV2, and even a telephone number for my client and certainly my presence, brand, and identity online are easily verifiable. If you need to verify the validity of the transaction, there are many, many ways to do that; ditto for my reputation and longevity as an active web site. While I can appreciate the need for security on your end, I think that any reputable and experienced IT professional would strongly recommend against sending this kind of sensitive information, especially via e-mail. If the card were of questionable origin, it would decline…and why in the world would I put a brand I’ve been building since 2001 at risk in such a fashion? And heaven forbid that you end up asking one of my clients to do something like this without my intervention…they might actually *do* it!

I can see where, from your end, if there *were* something funny going on, it would seem strange for me to back out when challenged…but frankly, I’ll take that risk. I’ve been an IT professional for nearly two decades, and spent a substantial part of that time dealing with security and identity issues; my presence online and my identity are readily verifiable through dozens if not hundreds of channels, and there are also multiple safeguards in place through VISA, XXX (the issuing bank) and law to prevent the kind of fraud that you have implied I’m attempting. I just don’t think I can do business with an organization that would even consider asking me (or my client) to put themselves at that level of risk, when I know beyond any doubt that there are far better (and less risky) ways for you as a merchant to verify the validity of the information I used.

My thanks for your time and consideration, but I think I’m going to have to consider other options…and advise my client to keep a VERY close eye on her credit card transaction register for a while.

Regards,
John H. DeJong
Owner, Lead Designer
LowGenius Enterprises

Hello John,

It appears as though their fraud detection software picked up your order as fraud. They maybe shouldnt have been so presuptious about it, but, I can see why they believed it was fraud. Any fraud screening software in the world would have flagged it as such. The way this stuff works is that your IP will be logged and a GEO IP will be run on it to determine where you are (roughly) - then the system will take the billing address of the credit card and check its GEO IP. So, if you are halfway around the country or the world from your client, this order would appear to be made with a stolen credit card. As such, if it is valid, a company would ask for additional information (asking for a photocopy of your drivers license along with a photocopy of the front and back of the credit card are not unusual requests).

I can tell you for certainty that we see no less then 100 such orders each month and easily, 99% of them are fraud. There is the occasional signup where one person completed the signup for another and it all turns out to be valid.

The provider in question should consider a boiler plated email they can blast out for instances like this - as they certainly should be a little more polite about things, just for those rare instances where these sorts of signups are legit - but, eitherway, dont judge them too harshly on this alone...

Hello John,

It appears as though their fraud detection software picked up your order as fraud. They maybe shouldnt have been so presuptious about it, but, I can see why they believed it was fraud. Any fraud screening software in the world would have flagged it as such. The way this stuff works is that your IP will be logged and a GEO IP will be run on it to determine where you are (roughly) - then the system will take the billing address of the credit card and check its GEO IP. So, if you are halfway around the country or the world from your client, this order would appear to be made with a stolen credit card. As such, if it is valid, a company would ask for additional information (asking for a photocopy of your drivers license along with a photocopy of the front and back of the credit card are not unusual requests).

I can tell you for certainty that we see no less then 100 such orders each month and easily, 99% of them are fraud. There is the occasional signup where one person completed the signup for another and it all turns out to be valid.(snip)...

Thanks for your feedback on this. As it happens, my client and I *are* on opposite ends of the continent. And I can understand wanting to be careful. At the same time...with all due respect, anyone who would send a scan of their ID and credit cards through e-mail is just *asking* for trouble. I don't know this company - it's like someone you just met asking to borrow your visa card.

Honestly, I wish I didn't have to move. I *like* my hosts, I just can't seem to get things working properly with them, after months of trying. If it's not one thing, it's something else. Maybe I'll try getting in touch with their management team again. I hate to be a pain in the butt...but man, I'd sure hate to see a company that has so much obvious care and respect on a human level for their customers bite the dust because they can't get the technical end together.

Yeah, maybe I'll do that. Then it'll be a good thing this other organization gave me attitude. I don't deal well with attitude, I've got too much of my own ;)

@BKerry

Thanks for the NON-SPAM recommendation (as opposed to the one that came in before your reply) ;-) At this time, however, I've resolved to work with my current hosts to improve and correct the outstanding issues.

I really like the way these guys do business in terms of treating their customers right; I think they're just having some growing pains. Additionally, I prefer to continue developing the relationship that I have; as a matter of long-term business strategy, a well-developed relationship is worth more than constantly changing vendors.

Their positive attitude and willingness to bend over backwards for the customer - especially in light of some of the arrogance, condescension, and/or ignorance I've experienced while shopping for other hosts - provides enough value in my mind that I'm willing to work with them to help correct outstanding issues (which will help not only me, but them and their customers) rather than changing hosts at this time.

They could have cut ME loose a long time ago - I'm not always the easiest customer to have - but instead they chose to work with me and even compensate me for my trouble with discounted service. In spite of the frustration I was feeling when I originally posted, I think that's a big plus on their side (not the discount, but the fact that instead of saying 'good luck' and tossing me out to get me out of their hair, they've continued working to resolve my issues), especially having taken a look at some of the competition.

As far as control panels, I'd really rather see them using something more comprehensive like DNP myself, but one thing at a time. I appreciate the notes on HELM4, as well - that somewhat mitigates my disappointment in it not being deployed (or more accurately, rolled back) at this host.

At this time I'm still not going to identify my current hosts...but if/when we get things properly sorted, you can rest assured that they'll have no more enthusiastic advocate than me.

Thanks again for your recommendation, though.