Page 1 of 2 12 LastLast
Results 1 to 40 of 47
  1. #1

    1and1 Hosting - The Ultimate Business Killer

    I have been slowly building an online business of web design services. With over 35 websites built in the last 2 years I can say it is growing well for a single designer.

    My biggest mistake was to use 1and1 for my hosting.

    At first it was all going well, with only a few issues of server down time and some maintenance periods.

    Then I got hacked last month.

    One website was hit and I contacted 1and1 customer service as one does to ensure they do what they can from their end.

    The response? A cold email...

    "This is your fault. You had an outdated version of Wordpress on your site which put the server in a vulnerable position".

    1and1 Security Team

    If outdated they mean this one Wordpress blog was not updated since the last available update just a week before, then WOW. Talk about no responsibility.

    I took matters into my own hands and found a nasty piece of script which led to my troubles. I then went and changed my ftp password, MySQL passwords, all usernames and passwords and installed some additional security features. After this decided to do a Google Diagnostic on my site in which Google kindly gave me a link to 1and1s shared server diagnostic as well. This showed over 490 websites on this one server alone which was infecting over 1000 other websites.

    The shared server which my 30+ websites are sitting in is infected as hell. Thanks 1and1! Wow, you really make me feel secure. 1and1s shared servers are strewn with Malware-infected websites.

    In their "Premium Package" (ha!) they boast about their Symantec anti virus protection on the servers. Yeah right, the only protection 1and1 has is probably a Windows 95 firewall.

    1 day later... 10 websites go down with malware warnings.

    So, I made a BIG STINK about these infected servers. I threatened to leave 1and1 unless they assisted me in finding out WHERE this scripts are entering from - I kindly pointed out that the shared server I was on was 50% full of virus infected websites. Their response?

    "Dear Mr ----, This is not a problem on our end. You need to find out where the scripts have been placed on your end..."

    Wow, and wow, and wow.... If I was a hosting company with a heavily infected server affected thousands of websites, I might want to assist in cleaning these up. But no. They ask me to troll through tens of thousands of pages and code to find something I am not even sure what to look for.

    So I gave them the little birdie and set off to resolve the matter myself (you see, despite having backups and replacing the files, the hackers were gaining access to the 1and1 server and kept placing additional files after I had cleaned them so I could not move my files elsewhere).

    So despite ALL file permissions reviewed and made tighter, ALL passwords and usernames from every possible angle being changed including my hosting account, installing 3 expensive virus/malware detection softwares on my computer and scanning over and over.. I just kept getting hacked.

    And the grand finale? This email in from 1and1 today:

    "This is an urgent notice regarding the websites you host in your 1&1 account.

    Your 1&1 webspace has been attacked by a third party: Malicious files have been
    uploaded via your password secured 1&1 FTP access.

    Our team of experts analyzed the incident and averted the most dangerous
    consequences of this attack. However, further measures on your side are required
    in order to re-establish the security of your personal data and your 1&1 account.

    Your contract is now locked until further review."

    What does this mean? All 30+ of my websites are now offline, my ftp access cancelled, no access to my MySQL databases - nothing. Get ready lawsuits, I am about to get Medieval.

    Summary - 1and1 has destroyed my business. Despite professing having a "crack security team" I got no help, just blame. I will continue to spread the word about this mafia-based hosting company who seems to have godly rights without any willingness to help.

  2. #2
    Join Date
    May 2007
    Posts
    2,599
    Okay correct me if im wrong you have outdated hackable scripts and somehow its 1and1's fault? Correct?
    Automated, Secure & Low Cost cPanel Backups (on the cloud)
    For Users & Web Hosting Providers - User Backups

  3. #3
    Join Date
    Nov 2009
    Location
    Auckland
    Posts
    458
    I also don't like the service/support of 1and1.
    But you also have to consider that your FTP accounts have might been compromised from your PC - or to one of the PCs of your developers. You need to make sure, as well as those who are using your FTP accounts (devs, designers, etc), that your not your PC isn't infected. When your FTP account is compromised, it's then used by botnets.

    Make sure that your antivirus is up-to-date, then run a virus scan.

  4. #4
    Join Date
    Jul 2005
    Location
    In the Internets
    Posts
    3,611
    Heh, we see this happen every day. Someone doesn't update their scripts, get hacked, blames us.

    Doesn't really work that way, you are responsible for keeping your scripts up to date, we can't protect our customers with every single exploit out there.

    When a customer gets hacked, we suspend their account as well. Mostly because if we don't, it's either going to send out thousands of spam messages or host a phishing page. We rather it not.

    However, 1&1 is not the best host, but keep in mind you would have been hacked anywhere, it's not specific to them.

  5. #5
    Join Date
    Oct 2011
    Posts
    1,258
    In 2 years 1 downtime and hacked for one time ?
    ▓▓ 9xvps - A WEB HOSTING COMPANY
    ▓▓ Quad Core Dedicated Servers - Click here
    ▓▓ Windows and Linux VPS - Click here
    ===============================================

  6. #6
    Join Date
    Sep 2010
    Location
    Houston, TX
    Posts
    463
    They were correct in telling you that your script was outdated. Clients are the biggest security concern of anything. But I stayed away from 1and1when about 8 months ago we purchased a server to use for backups, it never backed up our data because it was never online. I think our total uptime for three months was around 65%.

  7. #7
    Join Date
    Oct 2011
    Location
    Norwich
    Posts
    183
    @OP, you're not alone in experiencing issues with 1&1.
    We were managing some sites with them for a few weeks during which we experienced nothing but problems. Numerous server errors / downtime, useless & clueless support.. Anything except the "business" solution they proclaim to provide.
    Enterprise Solutions Architect & Photographer
    Independent Wordpress Consultancy available to help with setup / site commissioning, troubleshooting, Wordpress performance tuning & server configuration issues.

  8. #8
    I agree with you all on this point. I expected, 1) some more assistance as the 1and1 security team had the ability to tell me WHERE the problem was but would not and left it to me 2) the Wordpress version was 3 week old...

    Of course anyone can get hacked, but when it gets to a point where it is spreading like wildfire you would expect some assistance. As a shared server user (for these specific sites anyway) you do not have the permissions to scan the server to locate the files or view entry logs etc etc.

  9. #9
    Join Date
    Oct 2011
    Location
    Norwich
    Posts
    183
    I'd imagine that diagnosing a problem with a site on their environment was a long way outside of most of 1&1 support tech's experience.

    Needing to spend far too long arguing with a clueless individual to get them to accept that a site was offline because its database had disappeared, and not because we weren't using 1&1's name servers was one of the last straws...
    Enterprise Solutions Architect & Photographer
    Independent Wordpress Consultancy available to help with setup / site commissioning, troubleshooting, Wordpress performance tuning & server configuration issues.

  10. #10
    Join Date
    Feb 2006
    Location
    Kepler 62f
    Posts
    14,751
    Being "outdated" doesn't mean a WP based site is insecure.
    Nor does being "updated" translate to security.

    The sad fact is that many of these large hosts are infiltrated at the server level, and malware overtakes sites from that end. Hosts generally like to hide this, blame customers. This was very common in 2009 and 2010, thought I've not heard of a lot of attacked in 2011. Innohosting was hacked in a major way, but they admitted it, as any decent host should be doing.

    1&1 isn't exactly the industry ideal of "quality" hosting.
    || Need a good host?
    || See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
    ||

  11. #11
    Join Date
    Jun 2003
    Location
    California
    Posts
    2,766
    Quote Originally Posted by kpmedia View Post
    Being "outdated" doesn't mean a WP based site is insecure.
    Nor does being "updated" translate to security.

    The sad fact is that many of these large hosts are infiltrated at the server level, and malware overtakes sites from that end. Hosts generally like to hide this, blame customers. This was very common in 2009 and 2010, thought I've not heard of a lot of attacked in 2011. Innohosting was hacked in a major way, but they admitted it, as any decent host should be doing.

    1&1 isn't exactly the industry ideal of "quality" hosting.
    I had that experience when testing ResellerClub's shared hosting for three sites. All three were infected at the same time, and as the OP noted in his case, I suspected that all the sites on the server were infected. The sites were managed by three different people, in three different states, and all of the installations were up to date. ResellerClub changed something about a month later, to great fanfare, but by then I had moved my customer's sites back to my own VPS.

    To the OP: it could have been an attack from the server side, or from your side. Ask if you can get access to download all your content. You may have to set your virus software to "allow" everything in your download location on your local PC. There are several tools that will search all files in a folder recursively for any string (I use pspad for this).

    I recently had a security oops myself; I was using FileZilla without realizing that it saves your FTP passwords in plain text. Even though I scan my PC daily for viruses, I was infected with a trojan that found my FileZilla password file and distributed it before my anti-virus quarantined the file. I don't know for sure, but this could have been just a few seconds. (There's more to this story; I thought I had deleted all the passwords earlier this year, but FileZilla retains the old file, even if you delete the program and reinstall).

    In my case, I not only had the Javascript inserted in files, but also lines added to .htaccess to append a file called "google_verify.php" to every file served by the webserver. You can search for "auto_append_file" to see if this hack has been added to your .htaccess files. The auto-appended file had the JavaScript; without finding that, removing all the Javascript from all the files is meaningless ... the next time someone logs on and views that page, the javascript is added back in.

    I posted a thread regarding a new type of Wordpress attack, where a backdoor is added to wp-config.php. The linked article shows how to look for it.

    I would recommend a reseller account from one of the highly regarded hosts here, like mine, MDDHosting.com. No host is going to hold your hand on these issues, and all hosts will suspend your account if the malware isn't taken care of, but at least with a good host, you can get some insight into what's happening. At the huge hosts, you have to work your way up through the anti-social first and second level support reps before you get to someone with people skills (gross generalization based on my personal experience).

  12. #12
    Join Date
    Nov 2009
    Posts
    544
    Come now folks, senseless bashing of any provider does no one any good.

    You have to know that anyone who wants the data on any public facing server can have it. The methods are openly posted on the Internet. For heaven's sake the code bases for the software used are out there too. It is always just a matter of how much someone wants it.

    It is probably some form of Murphy's Law that allows for the most popular being attacked the most. The more features provided to make it easier for the end user, the more open (vulnerable) the platform.

    Certainly, most things considered hacks are simply exercises in social engineering. Anyone using the popular free tools out there must know that anyone who cares already knows what and where data is stored on your local machine. They know how to retrieve it also.

    Considering the placement of any real business data on any shared system, and one that allows access to anyone for just a few bucks to boot, is known as a "fool's errand". As well is the use of popular free tools to transfer said data.

    Service providers are allowing those that would otherwise have no access to web services, at least a level of access that they can use for such things as advertising, long distance communication, etc...

    Use of services provided for what they are designed works very well in today's market. A thread with "business killer" in the title and any shared hosting provider as the subject is really just an oxymoron.
    Last edited by srfreeman; 11-13-2011 at 03:33 PM.

  13. #13
    Join Date
    Feb 2006
    Location
    Kepler 62f
    Posts
    14,751
    Quote Originally Posted by fshagan View Post
    I posted a thread regarding a new type of Wordpress attack, where a backdoor is added to wp-config.php. The linked article shows how to look for it.
    That's the difference between actual developers, and people that just play around with scripts. When I first came across Timthumb in 2009, I saw coding that was clearly flawed. I rewrote part of it in 2010, before using it for the first time on a site, and was not affected by any of the exploits.

    When you start to run heavily-customized sites based on existing open-source CMS/scripts/apps, you quickly realize that updating more than once per year is nearly impossible -- at least without having a dedicated IT staff on call. You have to seek out more effective ways to safeguard the sites. And therein lies another reason hosts screaming "always keep updated" is head-up-ass ridiculous. It's not just a false sense of security, but a massive undertaking in man hours.

    Quote Originally Posted by srfreeman View Post
    Come now folks, senseless bashing of any provider does no one any good.
    With a known-shoddy host like 1&1, I'd say it's justified "bashing".
    || Need a good host?
    || See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
    ||

  14. #14
    Join Date
    Jun 2003
    Location
    California
    Posts
    2,766
    Quote Originally Posted by kpmedia View Post
    That's the difference between actual developers, and people that just play around with scripts. When I first came across Timthumb in 2009, I saw coding that was clearly flawed. I rewrote part of it in 2010, before using it for the first time on a site, and was not affected by any of the exploits.

    When you start to run heavily-customized sites based on existing open-source CMS/scripts/apps, you quickly realize that updating more than once per year is nearly impossible -- at least without having a dedicated IT staff on call. You have to seek out more effective ways to safeguard the sites. And therein lies another reason hosts screaming "always keep updated" is head-up-ass ridiculous. It's not just a false sense of security, but a massive undertaking in man hours.
    And not just a "heavily customized" CMS. For the average web master, something like the TimThumb vulnerability is a perfect example of something that can slip under the radar. "Oh, I never installed that" ... but it was installed in the theme. And some Wordpress themes ... Woo Themes, I think ... actually renamed the TimThumb script so that the vulnerability existed without people knowing it. Even if they kept WP updated, TimThumb could be in their theme and remain vulnerable. Even if they had shell access and did search, they would have never found it.

    I watch this stuff pretty closely, but find I'm often several days behind the curve in getting things updated. Scary. And I've been guilty of doing very stupid things in the past (even the recent past!) That makes me more sympathetic to the web master, because I both host and manage web sites. Those who only host sites can pontificate all they want about "fault" and "keeping updated". Saying and having a track record of doing are two different things.

  15. #15
    Join Date
    Nov 2009
    Posts
    544
    Well, kpmedia seems to think the bashing is justified...

    Seems like sour grapes to me, a relative few upset customers and thousands of apparently happy customers. The relative few are simply in the wrong place, doing the wrong things.

    No company comes to the top of their market by doing wrong for their chosen demographic. To be on top, they are always doing something right.

    Why are there always those few that feel slighted because they do not fit into a top company's chosen demographic?

  16. #16
    Join Date
    Feb 2006
    Location
    Kepler 62f
    Posts
    14,751
    Quote Originally Posted by srfreeman View Post
    thousands of apparently happy customers.
    But that's just an assumption on your part. More realistic is the fact that so many people are non-savvy on hosting, and have no idea the service they are receiving is barely passable, much less a pinnacle of hosting excellence. 1&1 is better than EIG or Godaddy, but that's about it.

    No company comes to the top of their market by doing wrong
    Taking obscene shortcuts is often a way to get "to the top", too. It's sad, it's pathetic, it's crooked -- but it happens. Anything to save a buck, and quality takes a backseat. Sometimes safety and customer well-being is overlooked,too. Mortgage companies and banks were "doing wrong" in a severe way (gambling, profiting on failure), which is why the economy tanked so bad in the past decade.

    they are always doing something right.
    Like ... ?

    a top company
    According to ... ?

    chosen demographic?
    And that demographic is ... ?
    ___


    If you want to defend them, awesome.
    But do so with more than the same bland platitudes they use to describe themselves.

    The complaints, however, tend to be very detailed and specific on why 1&1 is a mediocre company to host with. This thread, for example, shows as a typical misplaced attitude of "always keep updated". Again, updates are not the same as security, and that's been proven over and over again.

    Nothing personal, but I've seen how slow 1&1 servers are first-hand. To brush it off as "sour grapes", on the other hand, is a bit condescending and dismissive.
    Last edited by kpmedia; 11-13-2011 at 10:39 PM.
    || Need a good host?
    || See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
    ||

  17. #17
    Join Date
    Nov 2011
    Location
    New Jeresy, USA
    Posts
    8
    I have never had a problem with 1and1 as my host, I have had them for about 2 years now

  18. #18
    Join Date
    Nov 2011
    Location
    WorldWide
    Posts
    87
    GRAPES are always SOUR and so the Hosting. Every Provider got angry clients!!

  19. #19
    Join Date
    Nov 2009
    Posts
    544
    kpmedia;

    I am not defending anyone, just saying that bashing any host is counter productive. When the bashing is directed at a top company (any metric you choose) it just appears silly.

    Any host that can push a decidedly large advertising campaign, apparently without VC money, must have a fair number of customers happily paying for their services. Just because they do not work for you does not make them bad for everyone.

    Now, if you have proof that they are part of the Fannie Mae / Freddy Mac debacle, let's talk.

    Otherwise, the meat of this thread lies in your assertion "This thread, for example, shows as a typical misplaced attitude of "always keep updated". Again, updates are not the same as security, and that's been proven over and over again."

    This issue has no bearing on any individual host and does beg for a solution. The OP clearly does not have an understanding of this issue.

    What, in your opinion can be done to alleviate this problem, given that there are a large number of users blissfully unaware?

  20. #20
    Join Date
    Nov 2011
    Location
    Mumbai, India
    Posts
    95
    As others said, it is always client's responsibility to make sure he has latest updates with the scripts that he is using on his server. But at the same time, I have read quite a lot of negative reviews about 1and1, so its always better to be safe then sorry when your data is concerened.

  21. #21
    Join Date
    Jun 2003
    Location
    California
    Posts
    2,766
    Is it your position that a server cannot be compromised due to poor management, and individual accounts cannot be compromised on that server due to the host's negligence?

    Infections should occur in a somewhat random manner among the mega hosts. If a host has an entire server where all the sites on the server are infected, what marketing magic have they done to attract only careless customers for that server?

  22. #22
    Join Date
    Oct 2011
    Location
    N/A
    Posts
    85
    Well you all have said everything.

    It is necessary on the part of clients to keep their scripts updated. An open source script like Wordpress comes up with a new version for some reason (most of the time some vulnerabilities). But just keeping the script updated does not ensure security. There has to be many other things.

    On the other hand, it is the responsibility of the host to ensure security and hardening on the server level.

    Regarding 1and1, I have heard mixed reviews.
    MantraGrid - Cloud VPS | Dedicated Servers | Managed Services
    |+| 24x7 Support | 99.9% Uptime SLA | Friendly Staff
    |+| High Performance • Enterprise Servers • Premium Network
    Join us on Facebook - FB.com/TheServerGuy or follow @theserverguy on Twitter

  23. #23
    Join Date
    Nov 2009
    Posts
    544
    fshagan;

    I am not answering for Nishant_Hostinizer but...

    It would seem that the "management" of an individual shared hosting server would not or should not extend beyond the scripts that install them and load customer accounts. After installation, any individual server is just a sand box with predetermined rules. Negligence on the part of the host would not seem possible.

    The fact that compromised servers at larger hosts represent such a small percentage of the whole (and in relation to smaller hosts) is an apparent testament to their ability to bring greater resources to bear.

    Given today's level of IT acumen among the general public and the current state of the art in advertising for hosting space, it would be easy to assume that the greatest percentage of users on any shared server are "careless customers".

    Customers are drawn in to nearly all hosts with statements promising "No IT experience necessary" and given single click installs of rather complex code for them to do what they will with. Throw in that it is so cheap anyone can enter the fray...

    Laying the blame for any problems at the feet of the customer is not only correct, it is the only way the current system can work, they are the only ones playing or... in the sand box. Yet there are so relatively few customers that have or perceive problems.

    What is your solution to the problem of "updates are not the same as security"? Clearly that is the issue plaguing the OP here.

  24. #24
    Join Date
    Nov 2009
    Posts
    544
    Quote Originally Posted by _theserverguy View Post
    ... But just keeping the script updated does not ensure security. There has to be many other things.
    How is the "general public" user of web hosting services meant to find out what the "many other things" are and what would be their realistic reasons for seeking additional education to use a service that was advertised to them as "no experience necessary"?

  25. #25
    Join Date
    Oct 2011
    Location
    N/A
    Posts
    85
    For "many other things", "general public" has to pay some price and let someone with better knowledge take care of those things. The web is full of people trying to harass the normal not so tech savvy users.

    If not this, then atleast some basic things have to be taken care of like strong passwords (have seen most of the people use passwords like "password1", "testpassword", etc), reset passwords after 30-40 days, don't save login details on shared machines, update open source scripts from time to time and some very basic things that can avoid 50% of this kind of stuff.

    I don't know about the "no experience necessary" claim.


    Quote Originally Posted by srfreeman View Post
    How is the "general public" user of web hosting services meant to find out what the "many other things" are and what would be their realistic reasons for seeking additional education to use a service that was advertised to them as "no experience necessary"?
    MantraGrid - Cloud VPS | Dedicated Servers | Managed Services
    |+| 24x7 Support | 99.9% Uptime SLA | Friendly Staff
    |+| High Performance • Enterprise Servers • Premium Network
    Join us on Facebook - FB.com/TheServerGuy or follow @theserverguy on Twitter

  26. #26
    Join Date
    Nov 2009
    Posts
    544
    Quote Originally Posted by _theserverguy View Post
    For "many other things", "general public" has to pay some price and let someone with better knowledge take care of those things. The web is full of people trying to harass the normal not so tech savvy users.

    If not this, then atleast some basic things have to be taken care of like strong passwords (have seen most of the people use passwords like "password1", "testpassword", etc), reset passwords after 30-40 days, don't save login details on shared machines, update open source scripts from time to time and some very basic things that can avoid 50% of this kind of stuff.

    I don't know about the "no experience necessary" claim.
    To verify the "no experience necessary" claim, simply put the words "web hosting no experience necessary" (without the quotes) into any search engine.

    These days it is quite hard to find any web host advertising that claims the user should gain additional help or education to use web hosting services.

    The things you consider basic are considered as just bothersome to many "general public" users - The statement "Well, it works this way" has been heard way too often.

    Is there really an issue with threads like this? Should we just discount the host bashing to something like - Oh well, some people just don't get it...

  27. #27
    Join Date
    Feb 2006
    Location
    Kepler 62f
    Posts
    14,751
    Quote Originally Posted by srfreeman View Post
    a service that was advertised to them as "no experience necessary"?
    That's really nothing more than a lie being perpetrated and perpetuated by the desperate mega-hosts of the industry. I often think the largest of hosts have spent beyond their means -- worse, are expected to always profit when publicly traded/invested -- and will do anything to get new customers, including lie. They stop just short of a "legal" lie (fraud), but it's a lie nonetheless.

    Many of them are trying to steal business from legitimate web developers, who are the people non-savvy know-nothings need to be using. Once a company like 1&1 gets you in the door, you find you're on your own for most activities. And that's where you fail at SEO, site optimization, proper content, security, etc. A good developer would have provided this, a host won't.

    Some of these customers are simply too cheap for their own good, and I can't say I feel overly sorry for them. It's the ones that get talked out of a good developer/host, when they were willing to budget for it, on promises of everything they want PLUS the low price given.

    --

    1&1 is pushing hard for affiliates to sell their latest come-on: Dear 1&1 Affiliate, Benefit from being a 1&1 Affiliate and earn up to £500 EXTRA!* How does it work? It's simple! Sell, for example, our popular 1&1 MyWebsite packages through your website. We will provide you with all necessary advertising materials and other marketing inputs. As a result of our prominent TV advertising and print campaigns, millions of people recognise 1&1 MyWebsite as THE customised website solution for companies, associations and professionals. With over 120 business sectors, 1&1 MyWebsite is flexible and can be tailored to meet anyone's needs. Benefit now and register by 15/11/11 to earn your additional bonus!*

    Spammy affiliates are just as much to blame. The irony is many of the people who push these products are the same ones who long-term fall victim to the same shoddy services being suggested!!! Karma, justice, hilarious.

    --

    And this is still ignoring pathetic administration that results in most server hacks of shared environments. I don't know if this is the case with 1&1, but it has been with other hosts. And some of the info provided by this thread's OP is fairly damning, I'd say.

    --
    Last edited by kpmedia; 11-14-2011 at 02:30 PM.
    || Need a good host?
    || See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
    ||

  28. #28
    Join Date
    Nov 2009
    Posts
    544
    kpmedia;

    To verify the "no experience necessary" claim, simply put the words "web hosting no experience necessary" (without the quotes) into any search engine.

    In looking at the list provided by Google and Bing, it does not seem to be only the "mega hosts", are they all just lies? ... you can check the others.

    It appears that most users do not care about "SEO, site optimization, proper content, security, etc." or probably rightly so, feel that they have been told it is part of the product.

  29. #29
    Join Date
    Jun 2011
    Posts
    70
    I have seen a cousin of mine suffering with 1&1 hosting for months. His mistake was that he paid a lot in advance.

    I don't know about other people but to me, 1&1 hosting sucks a little too much.

  30. #30
    Join Date
    Nov 2009
    Posts
    544
    Quote Originally Posted by fr600 View Post
    I have seen a cousin of mine suffering with 1&1 hosting for months. His mistake was that he paid a lot in advance.

    I don't know about other people but to me, 1&1 hosting sucks a little too much.
    It truly amazes me, what some people consider suffering.

  31. #31
    Join Date
    Feb 2006
    Location
    Kepler 62f
    Posts
    14,751
    Quote Originally Posted by srfreeman View Post
    It appears that most users do not care about "SEO, site optimization, proper content, security, etc." or probably rightly so,
    Or more accurately, don't know that they need to care.

    feel that they have been told it is part of the product.
    An assumption on their part, created by the disingenuous marketing.

    --

  32. #32
    Join Date
    Nov 2009
    Posts
    544
    kpmedia;

    So, you tend to agree that most problems are caused by users. They will buy services they don't understand, use applications that they don't understand, disregard any security issues, etc... When their accounts are compromised it may or may not affect other users but it means little to them.

    After all of this the user's hosting account is suspended / terminated and rightly so.

    This seems to be the same position held by the host mentioned in this thread. You agree with them, why the senseless bashing?

  33. #33
    Join Date
    Feb 2006
    Location
    Kepler 62f
    Posts
    14,751
    Quote Originally Posted by srfreeman View Post
    So, you tend to agree that most problems are caused by users. They will buy services they don't understand, use applications that they don't understand, disregard any security issues, etc... When their accounts are compromised it may or may not affect other users but it means little to them.After all of this the user's hosting account is suspended / terminated and rightly so.
    I would agree with that.

    This seems to be the same position held by the host mentioned in this thread. You agree with them, why the senseless bashing?
    Because the keyword is "most" and not "all". Many hosts -- especially megahosts -- have shirked their duties at maintaining proper security in recent years. What happens is hackers get into their systems, screw up lots of sites, and then all of the users gets blamed. To add insult to injury, the accusation is always about "updates" as if that were synonymous with security. It's not.

    With some detailed detective work, or mass community outcry, you'll often come to an obvious conclusion that the server itself was screwed up. And it would have happened with any customer, updated or not.

    Therein lies the distinction.
    || Need a good host?
    || See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
    ||

  34. #34
    Join Date
    Nov 2009
    Posts
    544
    kpmedia;

    Ok, it seems that you perceive a problem that does not exist.

    This may lie in the difference between your definition of "proper security" and that of someone else.

    Extensive security on any shared system will limit the users abilities. To provide more features to users - security is reduced. A balance is found.

    Since no information of any importance is stored on shared servers, any exploit is not really a problem. Cleaning the files and having the users rebuild their accounts will solve any problem. If some hardware goes bad, just replace it and have the users rebuild their accounts. The relatively small number of these occurrences will not affect any provider.

    I realize that there can be an effect on any user and it may not be his fault, just in the wrong place at the wrong time. People do get hit by lightning and I'm sure it hurts but everyone realizes we cannot change the weather - bashing the host in this case is as useless as cursing the sky.

    Shared systems have their uses and their issues, if you fit the ecosystem you are happy. The nice thing about computer systems is that you can always pick up your backup files and do something else.

    Regardless, a thread with "business killer" in the title and a subject based on a shared hosting provider does appear to be an oxymoron.

  35. #35
    Join Date
    Feb 2006
    Location
    Kepler 62f
    Posts
    14,751
    Quote Originally Posted by srfreeman View Post
    Ok, it seems that you perceive a problem that does not exist.
    If that were true, hosts would not be getting hacked.
    But they are, so it is.


    --

  36. #36
    Join Date
    Nov 2009
    Posts
    544
    Quote Originally Posted by kpmedia View Post
    If that were true, hosts would not be getting hacked...
    Yep, and you perceive the script exploitation as a problem.

    Given the current state of affairs it is not a problem, just an inevitable fact of life. Until you can change the way users interact with shared systems this is the way that it is.

    In the current scheme of things it is just unimportant, just something else that you need to learn to live with.

  37. #37
    i am sorry for you , i quite dealing with 1and but domains only and they are suck on that too , they deliver the domain week later not instantly like other , but they are cheap , so i deserve it

  38. #38
    Join Date
    Jun 2003
    Location
    California
    Posts
    2,766
    Quote Originally Posted by srfreeman View Post
    What is your solution to the problem of "updates are not the same as security"? Clearly that is the issue plaguing the OP here.
    I think its a true statement, as far as it goes. Not updating your scripts is certainly a security issue; but updating from the web master side is only one side of the equation. Due diligence is always required, by both the host and the web master.

    Always blaming the web master is at least premature; issues such as cross-site scripting vulnerabilities come up from time to time, as do misconfiguration of servers. The web host that doesn't upgrade his server software can be at fault too.

    Some hosts are good hosts, and some hosts are bad hosts. When you see an inordinate amount of infections on one host, and a much smaller number on another, what do you think explains that? They have somehow gotten all the dumb customers? Or perhaps they need to look at THEIR security as well?

  39. #39
    Join Date
    Nov 2009
    Posts
    544
    Due diligence may be something you will see from a host, there is a financial reward to them from caring for their network. From a 5-9 dollar customer, I think not. No reward and the main thrust of the advertising they see tells them that they need no experience beyond knowing how to click a mouse. Both sides appear to understand that it is unimportant, if something happens they just reload and go on.

    The occasional customer such as the OP here that wants to push the limits and then feels that he has been terribly wronged in some way when the inevitable happens would seem to benefit more from direction to understand the environment than just senseless bashing.

    The market will always vote with their wallet, if more of what you consider security issues appear on any given host than you would like, yet a large percentage of the user base are not leaving, you may want to adjust your thinking of security in relation to that host.

    Bashing of any organization, just because they do not conduct business as you would like them to, really does come off as sour grapes.

  40. #40
    Join Date
    Feb 2006
    Location
    Kepler 62f
    Posts
    14,751
    Quote Originally Posted by srfreeman View Post
    From a 5-9 dollar customer, I think not.
    Bad math.

    If there are 1,000 shared accounts on one box, and the box is fubar, that's $5k-9k -- not just 5-9 bucks. Account for the entire server, not a single $5 account (that simply blew the whistle and complained, and is far from being the only victim).

    Re-run your numbers.

    --

Page 1 of 2 12 LastLast

Similar Threads

  1. The ultimate Business Host
    By iwh-alexis in forum Shared Hosting Offers
    Replies: 0
    Last Post: 09-12-2010, 06:53 AM
  2. 1and1 UK side of business
    By andreb in forum Web Hosting
    Replies: 12
    Last Post: 03-31-2005, 03:41 PM
  3. Replies: 1
    Last Post: 08-25-2004, 08:51 PM
  4. 1and1 Strange way to do business
    By Lucifer in forum Web Hosting
    Replies: 20
    Last Post: 02-19-2004, 07:46 PM
  5. VDI - a business killer
    By JBIZ718 in forum Web Hosting
    Replies: 0
    Last Post: 04-25-2001, 12:48 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •