Web Hosting Talk : Web Hosting Main Forums : Reseller Hosting : Client's account hacked! Provider says I need to pay for investigation!

[Mikey this way!]

Hello,

One of my clients account got hacked and spam was sent through it. Provider rightly suspended the account and brought it to my notice.

I asked how we can proceed and my reseller host says I need to either convince them (which I see not possible for various reasons/criteria mentioned) or pay up consulting fee for them to investigate and clean the account.

I will only be provided a backup to investigate

I donot possess the advanced knowledge to investigate after a certain point nor do my clients.

I've been a Hosting Provider and have worked with various hosts over the past 10 years. This is the first time I have encountered such a thing.

This thing (charging fee for investigation) I see has started very recently. Is this normal for hosts to charge such fees?

Please let me have your comments.

[Wintereise]

Uh, I don't see why not. If it's an unmanaged service, they've every right to demand payment for doing what essentially counts as 'management'

[linux_geek]

What kind of hack is it?

[RRWH]

What does their TOS say? Did you agree to this when you signed up?

It is not unreasonable as long as it is covered under their TOS.

[Xarwin]

^ What RRWH said.
Check with what you agreed.

[SajanP]

It certainly is normal for a hosting provider to charge for necessary tasks that must be done which are outside the scope of of normal service. Finding, investigating, suspending, and cleaning an account would fall into that.

[astutiumRob]

Quote:

Originally Posted by Mikey this way!

I donot possess the advanced knowledge to investigate after a certain point nor do my clients.

So you have to pay for someone who does have that knowledge.

You can put fuel in your car, you can wash your car, you can drive your car, but if you dont know how to investiagte where that gawd-awful-smell is coming from 5 minutes into your journey, you pay someone to investigate at a garage !

[Eggyak]

Ive never really understood why hosting companies become hosting companies if they don't know how to manage a hosting company... even worse.. admit it in public.

Get harder passwords, and scan your site on a regular basis! it helps.

[Stuart_c]

Quote:

Originally Posted by Mikey this way!

Hello,

One of my clients account got hacked and spam was sent through it. Provider rightly suspended the account and brought it to my notice.

I asked how we can proceed and my reseller host says I need to either convince them (which I see not possible for various reasons/criteria mentioned) or pay up consulting fee for them to investigate and clean the account.

I will only be provided a backup to investigate

I donot possess the advanced knowledge to investigate after a certain point nor do my clients.

I've been a Hosting Provider and have worked with various hosts over the past 10 years. This is the first time I have encountered such a thing.

This thing (charging fee for investigation) I see has started very recently. Is this normal for hosts to charge such fees?

Please let me have your comments.

lol! y should ur host help u with a hacked site for free? did they advertise that they will help clean up the mess if u got poor security?

for them to even offer u the option is a good thing. Some will just tell u to do it urself!

how much did they want to charge for investigation?

Quote:

Originally Posted by Eggyak

Ive never really understood why hosting companies become hosting companies if they don't know how to manage a hosting company... even worse.. admit it in public.

Get harder passwords, and scan your site on a regular basis! it helps.

haha! true. u should always do ur research because people that suffer are ur customers and they dont deserve poor service

[Yujin]

Charging because the website was hacked?

Do you really need to investigate this? Or you can asked them to restore the most recent backup and update the script?

If this is a reseller account, your provider do not investigate the issue. It is your job or the website owners job to ensure that your script are updated and secure. The best and quickest way is ask your provider to restore the website and asked your client to fix the script.

[CrocWeb]

They should unsuspend the account and allow you time to clean/secure it yourself. Change all passwords. Then Ensure all scripts/plugins/addons are up to date. If the host offers ClamAV or similar, run it and make sure the account is clean. There could still be malicious code within files, if possible reupload them.

If you or your host takes daily backups, restoring from it would also be a good choice. Once restored, be sure to change passwords and update scripts.

[FernGullyGraphics]

Quote:

Originally Posted by Mikey this way!

Hello,

One of my clients account got hacked and spam was sent through it. Provider rightly suspended the account and brought it to my notice.

I asked how we can proceed and my reseller host says I need to either convince them (which I see not possible for various reasons/criteria mentioned) or pay up consulting fee for them to investigate and clean the account.

I will only be provided a backup to investigate

I donot possess the advanced knowledge to investigate after a certain point nor do my clients.

I've been a Hosting Provider and have worked with various hosts over the past 10 years. This is the first time I have encountered such a thing.

This thing (charging fee for investigation) I see has started very recently. Is this normal for hosts to charge such fees?

Please let me have your comments.

Unfortunately this is starting to become a bigger and bigger issue, the number cause I have found for sites being hacked is people going out and downloading free themes from untrusted places and using them for their websites. Often times free themes are either poorly written or contain malicious code from the start.

The second most common reason for a site being hacked (at least in my experience) are webmasters accessing website credentials via FTP from unsecure computers (hackers will hack the computer and harvest web hosting credentials from your computer).

To get to the bottom of this I would A.) find out what type of website your client was running (Wordpress, joomla..ect) and find out if they recently installed a free theme? B.) Make sure the users computer is secure and that they have a active/up to date firewall/virus protection installed on the computer they are using to FTP or access the account from.

Hope that helps!

[RC-Martin]

Quote:

Originally Posted by Mikey this way!

Hello,

One of my clients account got hacked and spam was sent through it. Provider rightly suspended the account and brought it to my notice.

I asked how we can proceed and my reseller host says I need to either convince them (which I see not possible for various reasons/criteria mentioned) or pay up consulting fee for them to investigate and clean the account.

I will only be provided a backup to investigate

I donot possess the advanced knowledge to investigate after a certain point nor do my clients.

I've been a Hosting Provider and have worked with various hosts over the past 10 years. This is the first time I have encountered such a thing.

This thing (charging fee for investigation) I see has started very recently. Is this normal for hosts to charge such fees?

Please let me have your comments.

How much did they ask to get the job done? I find it logical to ask for a fee to do this,but it all depends on the price they asked.

[Mikey this way!]

Lol! I see a lot of responses which include saying why am I in the hosting business . The reason I asked coz my current provider never did this and this is the first time they have asked. I see that they do have a point in charging me fee which I initially thought was not justified.

Hence, I request the mods to close this thread...