hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Web Hosting : 1and1 Hosting - The Ultimate Business Killer
Reply

Forum Jump

1and1 Hosting - The Ultimate Business Killer

Reply Post New Thread In Web Hosting Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
New Member
 
Join Date: Nov 2011
Posts: 3

1and1 Hosting - The Ultimate Business Killer


I have been slowly building an online business of web design services. With over 35 websites built in the last 2 years I can say it is growing well for a single designer.

My biggest mistake was to use 1and1 for my hosting.

At first it was all going well, with only a few issues of server down time and some maintenance periods.

Then I got hacked last month.

One website was hit and I contacted 1and1 customer service as one does to ensure they do what they can from their end.

The response? A cold email...

"This is your fault. You had an outdated version of Wordpress on your site which put the server in a vulnerable position".

1and1 Security Team

If outdated they mean this one Wordpress blog was not updated since the last available update just a week before, then WOW. Talk about no responsibility.

I took matters into my own hands and found a nasty piece of script which led to my troubles. I then went and changed my ftp password, MySQL passwords, all usernames and passwords and installed some additional security features. After this decided to do a Google Diagnostic on my site in which Google kindly gave me a link to 1and1s shared server diagnostic as well. This showed over 490 websites on this one server alone which was infecting over 1000 other websites.

The shared server which my 30+ websites are sitting in is infected as hell. Thanks 1and1! Wow, you really make me feel secure. 1and1s shared servers are strewn with Malware-infected websites.

In their "Premium Package" (ha!) they boast about their Symantec anti virus protection on the servers. Yeah right, the only protection 1and1 has is probably a Windows 95 firewall.

1 day later... 10 websites go down with malware warnings.

So, I made a BIG STINK about these infected servers. I threatened to leave 1and1 unless they assisted me in finding out WHERE this scripts are entering from - I kindly pointed out that the shared server I was on was 50% full of virus infected websites. Their response?

"Dear Mr ----, This is not a problem on our end. You need to find out where the scripts have been placed on your end..."

Wow, and wow, and wow.... If I was a hosting company with a heavily infected server affected thousands of websites, I might want to assist in cleaning these up. But no. They ask me to troll through tens of thousands of pages and code to find something I am not even sure what to look for.

So I gave them the little birdie and set off to resolve the matter myself (you see, despite having backups and replacing the files, the hackers were gaining access to the 1and1 server and kept placing additional files after I had cleaned them so I could not move my files elsewhere).

So despite ALL file permissions reviewed and made tighter, ALL passwords and usernames from every possible angle being changed including my hosting account, installing 3 expensive virus/malware detection softwares on my computer and scanning over and over.. I just kept getting hacked.

And the grand finale? This email in from 1and1 today:

"This is an urgent notice regarding the websites you host in your 1&1 account.

Your 1&1 webspace has been attacked by a third party: Malicious files have been
uploaded via your password secured 1&1 FTP access.

Our team of experts analyzed the incident and averted the most dangerous
consequences of this attack. However, further measures on your side are required
in order to re-establish the security of your personal data and your 1&1 account.

Your contract is now locked until further review."

What does this mean? All 30+ of my websites are now offline, my ftp access cancelled, no access to my MySQL databases - nothing. Get ready lawsuits, I am about to get Medieval.

Summary - 1and1 has destroyed my business. Despite professing having a "crack security team" I got no help, just blame. I will continue to spread the word about this mafia-based hosting company who seems to have godly rights without any willingness to help.



Sponsored Links
  #2  
Old
Web Hosting Master
 
Join Date: May 2007
Posts: 2,294
Okay correct me if im wrong you have outdated hackable scripts and somehow its 1and1's fault? Correct?

  #3  
Old
Aspiring Evangelist
 
Join Date: Nov 2009
Location: Auckland
Posts: 448
I also don't like the service/support of 1and1.
But you also have to consider that your FTP accounts have might been compromised from your PC - or to one of the PCs of your developers. You need to make sure, as well as those who are using your FTP accounts (devs, designers, etc), that your not your PC isn't infected. When your FTP account is compromised, it's then used by botnets.

Make sure that your antivirus is up-to-date, then run a virus scan.

Sponsored Links
  #4  
Old
Corporate Member
 
Join Date: Jul 2005
Location: In the Internets
Posts: 3,253
Heh, we see this happen every day. Someone doesn't update their scripts, get hacked, blames us.

Doesn't really work that way, you are responsible for keeping your scripts up to date, we can't protect our customers with every single exploit out there.

When a customer gets hacked, we suspend their account as well. Mostly because if we don't, it's either going to send out thousands of spam messages or host a phishing page. We rather it not.

However, 1&1 is not the best host, but keep in mind you would have been hacked anywhere, it's not specific to them.

  #5  
Old
Web Hosting Master
 
Join Date: Oct 2011
Posts: 1,212
In 2 years 1 downtime and hacked for one time ?

__________________
▓▓ 9xhost.Net - Limited
▓▓ Quad Core Dedicated Servers with WHMCS - Click here
▓▓ Windows VPS Plans - Click here
===============================================

  #6  
Old
Web Hosting Evangelist
 
Join Date: Sep 2010
Location: Houston, TX
Posts: 463
They were correct in telling you that your script was outdated. Clients are the biggest security concern of anything. But I stayed away from 1and1when about 8 months ago we purchased a server to use for backups, it never backed up our data because it was never online. I think our total uptime for three months was around 65%.

__________________


  #7  
Old
Junior Guru
 
Join Date: Oct 2011
Location: Norwich
Posts: 183
@OP, you're not alone in experiencing issues with 1&1.
We were managing some sites with them for a few weeks during which we experienced nothing but problems. Numerous server errors / downtime, useless & clueless support.. Anything except the "business" solution they proclaim to provide.

__________________
Enterprise Solutions Architect & Photographer
Independent Wordpress Consultancy available to help with setup / site commissioning, troubleshooting, Wordpress performance tuning & server configuration issues.

  #8  
Old
New Member
 
Join Date: Nov 2011
Posts: 3
I agree with you all on this point. I expected, 1) some more assistance as the 1and1 security team had the ability to tell me WHERE the problem was but would not and left it to me 2) the Wordpress version was 3 week old...

Of course anyone can get hacked, but when it gets to a point where it is spreading like wildfire you would expect some assistance. As a shared server user (for these specific sites anyway) you do not have the permissions to scan the server to locate the files or view entry logs etc etc.

  #9  
Old
Junior Guru
 
Join Date: Oct 2011
Location: Norwich
Posts: 183
I'd imagine that diagnosing a problem with a site on their environment was a long way outside of most of 1&1 support tech's experience.

Needing to spend far too long arguing with a clueless individual to get them to accept that a site was offline because its database had disappeared, and not because we weren't using 1&1's name servers was one of the last straws...

__________________
Enterprise Solutions Architect & Photographer
Independent Wordpress Consultancy available to help with setup / site commissioning, troubleshooting, Wordpress performance tuning & server configuration issues.

  #10  
Old
Web Host Reviewer
 
Join Date: Feb 2006
Location: Kepler 62F
Posts: 12,286
Being "outdated" doesn't mean a WP based site is insecure.
Nor does being "updated" translate to security.

The sad fact is that many of these large hosts are infiltrated at the server level, and malware overtakes sites from that end. Hosts generally like to hide this, blame customers. This was very common in 2009 and 2010, thought I've not heard of a lot of attacked in 2011. Innohosting was hacked in a major way, but they admitted it, as any decent host should be doing.

1&1 isn't exactly the industry ideal of "quality" hosting.

__________________
|| Need a good host?
|| See my Suggested Hosts List || New Editorial: HostGator Alternatives & Who is EIG?
||

  #11  
Old
Web Hosting Master
 
Join Date: Jun 2003
Location: California
Posts: 2,761
Quote:
Originally Posted by kpmedia View Post
Being "outdated" doesn't mean a WP based site is insecure.
Nor does being "updated" translate to security.

The sad fact is that many of these large hosts are infiltrated at the server level, and malware overtakes sites from that end. Hosts generally like to hide this, blame customers. This was very common in 2009 and 2010, thought I've not heard of a lot of attacked in 2011. Innohosting was hacked in a major way, but they admitted it, as any decent host should be doing.

1&1 isn't exactly the industry ideal of "quality" hosting.
I had that experience when testing ResellerClub's shared hosting for three sites. All three were infected at the same time, and as the OP noted in his case, I suspected that all the sites on the server were infected. The sites were managed by three different people, in three different states, and all of the installations were up to date. ResellerClub changed something about a month later, to great fanfare, but by then I had moved my customer's sites back to my own VPS.

To the OP: it could have been an attack from the server side, or from your side. Ask if you can get access to download all your content. You may have to set your virus software to "allow" everything in your download location on your local PC. There are several tools that will search all files in a folder recursively for any string (I use pspad for this).

I recently had a security oops myself; I was using FileZilla without realizing that it saves your FTP passwords in plain text. Even though I scan my PC daily for viruses, I was infected with a trojan that found my FileZilla password file and distributed it before my anti-virus quarantined the file. I don't know for sure, but this could have been just a few seconds. (There's more to this story; I thought I had deleted all the passwords earlier this year, but FileZilla retains the old file, even if you delete the program and reinstall).

In my case, I not only had the Javascript inserted in files, but also lines added to .htaccess to append a file called "google_verify.php" to every file served by the webserver. You can search for "auto_append_file" to see if this hack has been added to your .htaccess files. The auto-appended file had the JavaScript; without finding that, removing all the Javascript from all the files is meaningless ... the next time someone logs on and views that page, the javascript is added back in.

I posted a thread regarding a new type of Wordpress attack, where a backdoor is added to wp-config.php. The linked article shows how to look for it.

I would recommend a reseller account from one of the highly regarded hosts here, like mine, MDDHosting.com. No host is going to hold your hand on these issues, and all hosts will suspend your account if the malware isn't taken care of, but at least with a good host, you can get some insight into what's happening. At the huge hosts, you have to work your way up through the anti-social first and second level support reps before you get to someone with people skills (gross generalization based on my personal experience).

  #12  
Old
Web Hosting Evangelist
 
Join Date: Nov 2009
Posts: 544
Come now folks, senseless bashing of any provider does no one any good.

You have to know that anyone who wants the data on any public facing server can have it. The methods are openly posted on the Internet. For heaven's sake the code bases for the software used are out there too. It is always just a matter of how much someone wants it.

It is probably some form of Murphy's Law that allows for the most popular being attacked the most. The more features provided to make it easier for the end user, the more open (vulnerable) the platform.

Certainly, most things considered hacks are simply exercises in social engineering. Anyone using the popular free tools out there must know that anyone who cares already knows what and where data is stored on your local machine. They know how to retrieve it also.

Considering the placement of any real business data on any shared system, and one that allows access to anyone for just a few bucks to boot, is known as a "fool's errand". As well is the use of popular free tools to transfer said data.

Service providers are allowing those that would otherwise have no access to web services, at least a level of access that they can use for such things as advertising, long distance communication, etc...

Use of services provided for what they are designed works very well in today's market. A thread with "business killer" in the title and any shared hosting provider as the subject is really just an oxymoron.


Last edited by srfreeman; 11-13-2011 at 03:33 PM.
  #13  
Old
Web Host Reviewer
 
Join Date: Feb 2006
Location: Kepler 62F
Posts: 12,286
Quote:
Originally Posted by fshagan View Post
I posted a thread regarding a new type of Wordpress attack, where a backdoor is added to wp-config.php. The linked article shows how to look for it.
That's the difference between actual developers, and people that just play around with scripts. When I first came across Timthumb in 2009, I saw coding that was clearly flawed. I rewrote part of it in 2010, before using it for the first time on a site, and was not affected by any of the exploits.

When you start to run heavily-customized sites based on existing open-source CMS/scripts/apps, you quickly realize that updating more than once per year is nearly impossible -- at least without having a dedicated IT staff on call. You have to seek out more effective ways to safeguard the sites. And therein lies another reason hosts screaming "always keep updated" is head-up-ass ridiculous. It's not just a false sense of security, but a massive undertaking in man hours.

Quote:
Originally Posted by srfreeman View Post
Come now folks, senseless bashing of any provider does no one any good.
With a known-shoddy host like 1&1, I'd say it's justified "bashing".

__________________
|| Need a good host?
|| See my Suggested Hosts List || New Editorial: HostGator Alternatives & Who is EIG?
||

  #14  
Old
Web Hosting Master
 
Join Date: Jun 2003
Location: California
Posts: 2,761
Quote:
Originally Posted by kpmedia View Post
That's the difference between actual developers, and people that just play around with scripts. When I first came across Timthumb in 2009, I saw coding that was clearly flawed. I rewrote part of it in 2010, before using it for the first time on a site, and was not affected by any of the exploits.

When you start to run heavily-customized sites based on existing open-source CMS/scripts/apps, you quickly realize that updating more than once per year is nearly impossible -- at least without having a dedicated IT staff on call. You have to seek out more effective ways to safeguard the sites. And therein lies another reason hosts screaming "always keep updated" is head-up-ass ridiculous. It's not just a false sense of security, but a massive undertaking in man hours.
And not just a "heavily customized" CMS. For the average web master, something like the TimThumb vulnerability is a perfect example of something that can slip under the radar. "Oh, I never installed that" ... but it was installed in the theme. And some Wordpress themes ... Woo Themes, I think ... actually renamed the TimThumb script so that the vulnerability existed without people knowing it. Even if they kept WP updated, TimThumb could be in their theme and remain vulnerable. Even if they had shell access and did search, they would have never found it.

I watch this stuff pretty closely, but find I'm often several days behind the curve in getting things updated. Scary. And I've been guilty of doing very stupid things in the past (even the recent past!) That makes me more sympathetic to the web master, because I both host and manage web sites. Those who only host sites can pontificate all they want about "fault" and "keeping updated". Saying and having a track record of doing are two different things.

  #15  
Old
Web Hosting Evangelist
 
Join Date: Nov 2009
Posts: 544
Well, kpmedia seems to think the bashing is justified...

Seems like sour grapes to me, a relative few upset customers and thousands of apparently happy customers. The relative few are simply in the wrong place, doing the wrong things.

No company comes to the top of their market by doing wrong for their chosen demographic. To be on top, they are always doing something right.

Why are there always those few that feel slighted because they do not fit into a top company's chosen demographic?

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
The ultimate Business Host iwh-alexis Shared Hosting Offers 0 09-12-2010 06:53 AM
1and1 UK side of business andreb Web Hosting 12 03-31-2005 03:41 PM
DDI Hosting Ultimate Special - Celebrating our new Ultimate Reseller Plan! KNL-BSW Shared Hosting Offers 1 08-25-2004 08:51 PM
1and1 Strange way to do business Lucifer Web Hosting 20 02-19-2004 07:46 PM
VDI - a business killer JBIZ718 Web Hosting 0 04-25-2001 12:48 AM

Related posts from TheWhir.com
Title Type Date Posted
Join The WHIR for an Exclusive Networking Event at HostingCon in Miami Blog 2014-05-16 15:13:32
Codero Hosting Listing 2014-10-22 09:44:40
Codero Hosting Listing 2014-10-22 09:44:40
Web Hosting Sales and Promos Roundup - December 13, 2013 Web Hosting News 2014-05-23 15:42:37
AWS and GlowTouch Technologies Talk Public Cloud Opportunities in Upcoming Webinar Blog 2013-05-09 22:42:31


Tags
1and1, 1and1 hosting, review

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?