Page 1 of 2 12 LastLast
Results 1 to 25 of 47
  1. #1

    1and1 Hosting - The Ultimate Business Killer

    I have been slowly building an online business of web design services. With over 35 websites built in the last 2 years I can say it is growing well for a single designer.

    My biggest mistake was to use 1and1 for my hosting.

    At first it was all going well, with only a few issues of server down time and some maintenance periods.

    Then I got hacked last month.

    One website was hit and I contacted 1and1 customer service as one does to ensure they do what they can from their end.

    The response? A cold email...

    "This is your fault. You had an outdated version of Wordpress on your site which put the server in a vulnerable position".

    1and1 Security Team

    If outdated they mean this one Wordpress blog was not updated since the last available update just a week before, then WOW. Talk about no responsibility.

    I took matters into my own hands and found a nasty piece of script which led to my troubles. I then went and changed my ftp password, MySQL passwords, all usernames and passwords and installed some additional security features. After this decided to do a Google Diagnostic on my site in which Google kindly gave me a link to 1and1s shared server diagnostic as well. This showed over 490 websites on this one server alone which was infecting over 1000 other websites.

    The shared server which my 30+ websites are sitting in is infected as hell. Thanks 1and1! Wow, you really make me feel secure. 1and1s shared servers are strewn with Malware-infected websites.

    In their "Premium Package" (ha!) they boast about their Symantec anti virus protection on the servers. Yeah right, the only protection 1and1 has is probably a Windows 95 firewall.

    1 day later... 10 websites go down with malware warnings.

    So, I made a BIG STINK about these infected servers. I threatened to leave 1and1 unless they assisted me in finding out WHERE this scripts are entering from - I kindly pointed out that the shared server I was on was 50% full of virus infected websites. Their response?

    "Dear Mr ----, This is not a problem on our end. You need to find out where the scripts have been placed on your end..."

    Wow, and wow, and wow.... If I was a hosting company with a heavily infected server affected thousands of websites, I might want to assist in cleaning these up. But no. They ask me to troll through tens of thousands of pages and code to find something I am not even sure what to look for.

    So I gave them the little birdie and set off to resolve the matter myself (you see, despite having backups and replacing the files, the hackers were gaining access to the 1and1 server and kept placing additional files after I had cleaned them so I could not move my files elsewhere).

    So despite ALL file permissions reviewed and made tighter, ALL passwords and usernames from every possible angle being changed including my hosting account, installing 3 expensive virus/malware detection softwares on my computer and scanning over and over.. I just kept getting hacked.

    And the grand finale? This email in from 1and1 today:

    "This is an urgent notice regarding the websites you host in your 1&1 account.

    Your 1&1 webspace has been attacked by a third party: Malicious files have been
    uploaded via your password secured 1&1 FTP access.

    Our team of experts analyzed the incident and averted the most dangerous
    consequences of this attack. However, further measures on your side are required
    in order to re-establish the security of your personal data and your 1&1 account.

    Your contract is now locked until further review."

    What does this mean? All 30+ of my websites are now offline, my ftp access cancelled, no access to my MySQL databases - nothing. Get ready lawsuits, I am about to get Medieval.

    Summary - 1and1 has destroyed my business. Despite professing having a "crack security team" I got no help, just blame. I will continue to spread the word about this mafia-based hosting company who seems to have godly rights without any willingness to help.

  2. #2
    Join Date
    May 2007
    Posts
    2,745
    Okay correct me if im wrong you have outdated hackable scripts and somehow its 1and1's fault? Correct?
    Automated, Secure & Low Cost cPanel Backups (on the cloud)
    For Users & Web Hosting Providers - User Backups

  3. #3
    Join Date
    Nov 2009
    Location
    Auckland
    Posts
    461
    I also don't like the service/support of 1and1.
    But you also have to consider that your FTP accounts have might been compromised from your PC - or to one of the PCs of your developers. You need to make sure, as well as those who are using your FTP accounts (devs, designers, etc), that your not your PC isn't infected. When your FTP account is compromised, it's then used by botnets.

    Make sure that your antivirus is up-to-date, then run a virus scan.

  4. #4
    Join Date
    Jul 2005
    Posts
    3,784
    Heh, we see this happen every day. Someone doesn't update their scripts, get hacked, blames us.

    Doesn't really work that way, you are responsible for keeping your scripts up to date, we can't protect our customers with every single exploit out there.

    When a customer gets hacked, we suspend their account as well. Mostly because if we don't, it's either going to send out thousands of spam messages or host a phishing page. We rather it not.

    However, 1&1 is not the best host, but keep in mind you would have been hacked anywhere, it's not specific to them.

  5. #5
    Join Date
    Oct 2011
    Posts
    1,459
    In 2 years 1 downtime and hacked for one time ?

  6. #6
    Join Date
    Sep 2010
    Posts
    465
    They were correct in telling you that your script was outdated. Clients are the biggest security concern of anything. But I stayed away from 1and1when about 8 months ago we purchased a server to use for backups, it never backed up our data because it was never online. I think our total uptime for three months was around 65%.

  7. #7
    Join Date
    Oct 2011
    Location
    Norwich
    Posts
    183
    @OP, you're not alone in experiencing issues with 1&1.
    We were managing some sites with them for a few weeks during which we experienced nothing but problems. Numerous server errors / downtime, useless & clueless support.. Anything except the "business" solution they proclaim to provide.

  8. #8
    I agree with you all on this point. I expected, 1) some more assistance as the 1and1 security team had the ability to tell me WHERE the problem was but would not and left it to me 2) the Wordpress version was 3 week old...

    Of course anyone can get hacked, but when it gets to a point where it is spreading like wildfire you would expect some assistance. As a shared server user (for these specific sites anyway) you do not have the permissions to scan the server to locate the files or view entry logs etc etc.

  9. #9
    Join Date
    Oct 2011
    Location
    Norwich
    Posts
    183
    I'd imagine that diagnosing a problem with a site on their environment was a long way outside of most of 1&1 support tech's experience.

    Needing to spend far too long arguing with a clueless individual to get them to accept that a site was offline because its database had disappeared, and not because we weren't using 1&1's name servers was one of the last straws...

  10. #10
    Join Date
    Feb 2006
    Location
    Kepler 62f
    Posts
    16,699
    Being "outdated" doesn't mean a WP based site is insecure.
    Nor does being "updated" translate to security.

    The sad fact is that many of these large hosts are infiltrated at the server level, and malware overtakes sites from that end. Hosts generally like to hide this, blame customers. This was very common in 2009 and 2010, thought I've not heard of a lot of attacked in 2011. Innohosting was hacked in a major way, but they admitted it, as any decent host should be doing.

    1&1 isn't exactly the industry ideal of "quality" hosting.
    || Need a good host?
    || See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
    ||

  11. #11
    Join Date
    Jun 2003
    Location
    California
    Posts
    2,786
    Quote Originally Posted by kpmedia View Post
    Being "outdated" doesn't mean a WP based site is insecure.
    Nor does being "updated" translate to security.

    The sad fact is that many of these large hosts are infiltrated at the server level, and malware overtakes sites from that end. Hosts generally like to hide this, blame customers. This was very common in 2009 and 2010, thought I've not heard of a lot of attacked in 2011. Innohosting was hacked in a major way, but they admitted it, as any decent host should be doing.

    1&1 isn't exactly the industry ideal of "quality" hosting.
    I had that experience when testing ResellerClub's shared hosting for three sites. All three were infected at the same time, and as the OP noted in his case, I suspected that all the sites on the server were infected. The sites were managed by three different people, in three different states, and all of the installations were up to date. ResellerClub changed something about a month later, to great fanfare, but by then I had moved my customer's sites back to my own VPS.

    To the OP: it could have been an attack from the server side, or from your side. Ask if you can get access to download all your content. You may have to set your virus software to "allow" everything in your download location on your local PC. There are several tools that will search all files in a folder recursively for any string (I use pspad for this).

    I recently had a security oops myself; I was using FileZilla without realizing that it saves your FTP passwords in plain text. Even though I scan my PC daily for viruses, I was infected with a trojan that found my FileZilla password file and distributed it before my anti-virus quarantined the file. I don't know for sure, but this could have been just a few seconds. (There's more to this story; I thought I had deleted all the passwords earlier this year, but FileZilla retains the old file, even if you delete the program and reinstall).

    In my case, I not only had the Javascript inserted in files, but also lines added to .htaccess to append a file called "google_verify.php" to every file served by the webserver. You can search for "auto_append_file" to see if this hack has been added to your .htaccess files. The auto-appended file had the JavaScript; without finding that, removing all the Javascript from all the files is meaningless ... the next time someone logs on and views that page, the javascript is added back in.

    I posted a thread regarding a new type of Wordpress attack, where a backdoor is added to wp-config.php. The linked article shows how to look for it.

    I would recommend a reseller account from one of the highly regarded hosts here, like mine, MDDHosting.com. No host is going to hold your hand on these issues, and all hosts will suspend your account if the malware isn't taken care of, but at least with a good host, you can get some insight into what's happening. At the huge hosts, you have to work your way up through the anti-social first and second level support reps before you get to someone with people skills (gross generalization based on my personal experience).

  12. #12
    Join Date
    Nov 2009
    Posts
    544
    Come now folks, senseless bashing of any provider does no one any good.

    You have to know that anyone who wants the data on any public facing server can have it. The methods are openly posted on the Internet. For heaven's sake the code bases for the software used are out there too. It is always just a matter of how much someone wants it.

    It is probably some form of Murphy's Law that allows for the most popular being attacked the most. The more features provided to make it easier for the end user, the more open (vulnerable) the platform.

    Certainly, most things considered hacks are simply exercises in social engineering. Anyone using the popular free tools out there must know that anyone who cares already knows what and where data is stored on your local machine. They know how to retrieve it also.

    Considering the placement of any real business data on any shared system, and one that allows access to anyone for just a few bucks to boot, is known as a "fool's errand". As well is the use of popular free tools to transfer said data.

    Service providers are allowing those that would otherwise have no access to web services, at least a level of access that they can use for such things as advertising, long distance communication, etc...

    Use of services provided for what they are designed works very well in today's market. A thread with "business killer" in the title and any shared hosting provider as the subject is really just an oxymoron.
    Last edited by srfreeman; 11-13-2011 at 03:33 PM.

  13. #13
    Join Date
    Feb 2006
    Location
    Kepler 62f
    Posts
    16,699
    Quote Originally Posted by fshagan View Post
    I posted a thread regarding a new type of Wordpress attack, where a backdoor is added to wp-config.php. The linked article shows how to look for it.
    That's the difference between actual developers, and people that just play around with scripts. When I first came across Timthumb in 2009, I saw coding that was clearly flawed. I rewrote part of it in 2010, before using it for the first time on a site, and was not affected by any of the exploits.

    When you start to run heavily-customized sites based on existing open-source CMS/scripts/apps, you quickly realize that updating more than once per year is nearly impossible -- at least without having a dedicated IT staff on call. You have to seek out more effective ways to safeguard the sites. And therein lies another reason hosts screaming "always keep updated" is head-up-ass ridiculous. It's not just a false sense of security, but a massive undertaking in man hours.

    Quote Originally Posted by srfreeman View Post
    Come now folks, senseless bashing of any provider does no one any good.
    With a known-shoddy host like 1&1, I'd say it's justified "bashing".
    || Need a good host?
    || See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
    ||

  14. #14
    Join Date
    Jun 2003
    Location
    California
    Posts
    2,786
    Quote Originally Posted by kpmedia View Post
    That's the difference between actual developers, and people that just play around with scripts. When I first came across Timthumb in 2009, I saw coding that was clearly flawed. I rewrote part of it in 2010, before using it for the first time on a site, and was not affected by any of the exploits.

    When you start to run heavily-customized sites based on existing open-source CMS/scripts/apps, you quickly realize that updating more than once per year is nearly impossible -- at least without having a dedicated IT staff on call. You have to seek out more effective ways to safeguard the sites. And therein lies another reason hosts screaming "always keep updated" is head-up-ass ridiculous. It's not just a false sense of security, but a massive undertaking in man hours.
    And not just a "heavily customized" CMS. For the average web master, something like the TimThumb vulnerability is a perfect example of something that can slip under the radar. "Oh, I never installed that" ... but it was installed in the theme. And some Wordpress themes ... Woo Themes, I think ... actually renamed the TimThumb script so that the vulnerability existed without people knowing it. Even if they kept WP updated, TimThumb could be in their theme and remain vulnerable. Even if they had shell access and did search, they would have never found it.

    I watch this stuff pretty closely, but find I'm often several days behind the curve in getting things updated. Scary. And I've been guilty of doing very stupid things in the past (even the recent past!) That makes me more sympathetic to the web master, because I both host and manage web sites. Those who only host sites can pontificate all they want about "fault" and "keeping updated". Saying and having a track record of doing are two different things.

  15. #15
    Join Date
    Nov 2009
    Posts
    544
    Well, kpmedia seems to think the bashing is justified...

    Seems like sour grapes to me, a relative few upset customers and thousands of apparently happy customers. The relative few are simply in the wrong place, doing the wrong things.

    No company comes to the top of their market by doing wrong for their chosen demographic. To be on top, they are always doing something right.

    Why are there always those few that feel slighted because they do not fit into a top company's chosen demographic?

  16. #16
    Join Date
    Feb 2006
    Location
    Kepler 62f
    Posts
    16,699
    Quote Originally Posted by srfreeman View Post
    thousands of apparently happy customers.
    But that's just an assumption on your part. More realistic is the fact that so many people are non-savvy on hosting, and have no idea the service they are receiving is barely passable, much less a pinnacle of hosting excellence. 1&1 is better than EIG or Godaddy, but that's about it.

    No company comes to the top of their market by doing wrong
    Taking obscene shortcuts is often a way to get "to the top", too. It's sad, it's pathetic, it's crooked -- but it happens. Anything to save a buck, and quality takes a backseat. Sometimes safety and customer well-being is overlooked,too. Mortgage companies and banks were "doing wrong" in a severe way (gambling, profiting on failure), which is why the economy tanked so bad in the past decade.

    they are always doing something right.
    Like ... ?

    a top company
    According to ... ?

    chosen demographic?
    And that demographic is ... ?
    ___


    If you want to defend them, awesome.
    But do so with more than the same bland platitudes they use to describe themselves.

    The complaints, however, tend to be very detailed and specific on why 1&1 is a mediocre company to host with. This thread, for example, shows as a typical misplaced attitude of "always keep updated". Again, updates are not the same as security, and that's been proven over and over again.

    Nothing personal, but I've seen how slow 1&1 servers are first-hand. To brush it off as "sour grapes", on the other hand, is a bit condescending and dismissive.
    Last edited by kpmedia; 11-13-2011 at 10:39 PM.
    || Need a good host?
    || See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
    ||

  17. #17
    Join Date
    Nov 2011
    Location
    New Jeresy, USA
    Posts
    11
    I have never had a problem with 1and1 as my host, I have had them for about 2 years now

  18. #18
    Join Date
    Nov 2011
    Location
    WorldWide
    Posts
    87
    GRAPES are always SOUR and so the Hosting. Every Provider got angry clients!!

  19. #19
    Join Date
    Nov 2009
    Posts
    544
    kpmedia;

    I am not defending anyone, just saying that bashing any host is counter productive. When the bashing is directed at a top company (any metric you choose) it just appears silly.

    Any host that can push a decidedly large advertising campaign, apparently without VC money, must have a fair number of customers happily paying for their services. Just because they do not work for you does not make them bad for everyone.

    Now, if you have proof that they are part of the Fannie Mae / Freddy Mac debacle, let's talk.

    Otherwise, the meat of this thread lies in your assertion "This thread, for example, shows as a typical misplaced attitude of "always keep updated". Again, updates are not the same as security, and that's been proven over and over again."

    This issue has no bearing on any individual host and does beg for a solution. The OP clearly does not have an understanding of this issue.

    What, in your opinion can be done to alleviate this problem, given that there are a large number of users blissfully unaware?

  20. #20
    Join Date
    Nov 2011
    Location
    Mumbai, India
    Posts
    95
    As others said, it is always client's responsibility to make sure he has latest updates with the scripts that he is using on his server. But at the same time, I have read quite a lot of negative reviews about 1and1, so its always better to be safe then sorry when your data is concerened.

  21. #21
    Join Date
    Jun 2003
    Location
    California
    Posts
    2,786
    Is it your position that a server cannot be compromised due to poor management, and individual accounts cannot be compromised on that server due to the host's negligence?

    Infections should occur in a somewhat random manner among the mega hosts. If a host has an entire server where all the sites on the server are infected, what marketing magic have they done to attract only careless customers for that server?

  22. #22
    Join Date
    Oct 2011
    Location
    N/A
    Posts
    98
    Well you all have said everything.

    It is necessary on the part of clients to keep their scripts updated. An open source script like Wordpress comes up with a new version for some reason (most of the time some vulnerabilities). But just keeping the script updated does not ensure security. There has to be many other things.

    On the other hand, it is the responsibility of the host to ensure security and hardening on the server level.

    Regarding 1and1, I have heard mixed reviews.
    ServerGuy.com - Indian Cloud Servers | Managed AWS | Managed Digital Ocean | Managed DevOps
    High Performance Enterprise Servers • Premium Network • Experienced and Empathetic Support
    Like us on Facebook - FB.com/ServerGuy | Follow @theserverguy on Twitter

  23. #23
    Join Date
    Nov 2009
    Posts
    544
    fshagan;

    I am not answering for Nishant_Hostinizer but...

    It would seem that the "management" of an individual shared hosting server would not or should not extend beyond the scripts that install them and load customer accounts. After installation, any individual server is just a sand box with predetermined rules. Negligence on the part of the host would not seem possible.

    The fact that compromised servers at larger hosts represent such a small percentage of the whole (and in relation to smaller hosts) is an apparent testament to their ability to bring greater resources to bear.

    Given today's level of IT acumen among the general public and the current state of the art in advertising for hosting space, it would be easy to assume that the greatest percentage of users on any shared server are "careless customers".

    Customers are drawn in to nearly all hosts with statements promising "No IT experience necessary" and given single click installs of rather complex code for them to do what they will with. Throw in that it is so cheap anyone can enter the fray...

    Laying the blame for any problems at the feet of the customer is not only correct, it is the only way the current system can work, they are the only ones playing or... in the sand box. Yet there are so relatively few customers that have or perceive problems.

    What is your solution to the problem of "updates are not the same as security"? Clearly that is the issue plaguing the OP here.

  24. #24
    Join Date
    Nov 2009
    Posts
    544
    Quote Originally Posted by _theserverguy View Post
    ... But just keeping the script updated does not ensure security. There has to be many other things.
    How is the "general public" user of web hosting services meant to find out what the "many other things" are and what would be their realistic reasons for seeking additional education to use a service that was advertised to them as "no experience necessary"?

  25. #25
    Join Date
    Oct 2011
    Location
    N/A
    Posts
    98
    For "many other things", "general public" has to pay some price and let someone with better knowledge take care of those things. The web is full of people trying to harass the normal not so tech savvy users.

    If not this, then atleast some basic things have to be taken care of like strong passwords (have seen most of the people use passwords like "password1", "testpassword", etc), reset passwords after 30-40 days, don't save login details on shared machines, update open source scripts from time to time and some very basic things that can avoid 50% of this kind of stuff.

    I don't know about the "no experience necessary" claim.


    Quote Originally Posted by srfreeman View Post
    How is the "general public" user of web hosting services meant to find out what the "many other things" are and what would be their realistic reasons for seeking additional education to use a service that was advertised to them as "no experience necessary"?
    ServerGuy.com - Indian Cloud Servers | Managed AWS | Managed Digital Ocean | Managed DevOps
    High Performance Enterprise Servers • Premium Network • Experienced and Empathetic Support
    Like us on Facebook - FB.com/ServerGuy | Follow @theserverguy on Twitter

Page 1 of 2 12 LastLast

Similar Threads

  1. The ultimate Business Host
    By iwh-alexis in forum Shared Hosting Offers
    Replies: 0
    Last Post: 09-12-2010, 06:53 AM
  2. 1and1 UK side of business
    By andreb in forum Web Hosting
    Replies: 12
    Last Post: 03-31-2005, 03:41 PM
  3. Replies: 1
    Last Post: 08-25-2004, 08:51 PM
  4. 1and1 Strange way to do business
    By Lucifer in forum Web Hosting
    Replies: 20
    Last Post: 02-19-2004, 07:46 PM
  5. VDI - a business killer
    By JBIZ718 in forum Web Hosting
    Replies: 0
    Last Post: 04-25-2001, 12:48 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •