11-06-2008, 01:32 AM
|
|
|
I signed up for hosting with IX Web Hosting in April of 2007. There have been two occasions that they provided the perfect example of Terrible Customer Service. So much so, my last pony ride with IX Web Hosting was my last. I decided to call it quits and move my account to Host Gator.
I keep my most important sites on a dedicated server at Servint.net. If you are interested in a dedicated server or VPS, I highly recommend Servint. You will not beat the level of service and professionalism this company offers. But thatâs another post in itself.
The point is, I had some SEO tests I wanted to perform and I was looking for a hosting company that would allow me to host 10 different domains in the same account on different ip addresses. IX Web Hosting had the plan I was looking for. So in April of 2007, I signed up for a hosting account.
Overall, I was pretty satisfied with the server performance at IX Hosting. I experienced very little if any downtime from server issues. They donât offer a standard cpanel interface like most web hosts. It appears to be a proprietary / in house control panel. It was pretty straight forward and with a little time I was up to speed.
Then on June 5, 2008, I got the following email from a System Administrator at IX Web Hosting.
---------------------------
Hello,
My name is Anthony, and I am a system administrator at IXWebhosting. Iâm here to ensure a reliable and fast hosting / e-mail environment. This is the reason why I ask you to get in touch with us.
We have received numerous complaints from third-parties about spam originating from your website. As you may know, spam is an on-going problem for all internet users, hence all companies have very strict rules against spam. I am here to ensure that neither you nor any other customer is facing any downsides which could be the result of these spam regulations.
We ask you to immediately cease and desist any such activities. If you are unaware of this activity, please contact me or any of my colleagues via this ticket, phone or live-chat so that we can find the reason for the spam activity together and fix the issue instead of the symptom. Viruses and things of that nature may be installed on your computer and will cause the spamming. We recommend that you run an anti-virus program. If you currently do not possess an anti-virus program, you may download a free version. Please just follow the link below to find Googleâs best links for free anti-virus software:
google.com/search?q=free+anti-virus+software (http://www.google.com/search?q=free+anti-virus+software)
In order to ensure your hosting and mail environment is working flawlessly, we ask you to get in touch with us within the next 72 hours. I highly appreciate your time.
Best Regards,
Anthony Washington
System Administrator
IXWebhosting
-----------------------------------
They identified the domain as bestadtracking.com. This is a domain I own but have never promoted. Not only had I not sent spam through IX Web Hosting, I averaged less than 200 sent email a month on all the domains on my account. So on June 6, 2008 I responded to IX Web Hosting with the following two messages.
-----------------------------------
Hi Anthony, I can assure you I am not sending spam from this domain or any others. Iâm a little surprised that this domain is in question? I set it up over a year ago and havenât ever promoted it. I donât send any type of email over this domain. I have no reason to. It gets no traffic or inquiries.
Are you sure there isnât some type of mistake? Otherwise, there are a couple of php style contact forms on that site. Could a hacker use that sort of thing to send spam? How can we track this down?
Thanks,
Brent Crouch
615-389-XXXX
-----------------------------------
Here is the second email I sent on the same day.
-----------------------------------
Hi Anthony,
I am using AVG on my computer and the scan completed finding no viruses. Besides that, I am using Outlook to manage the mail on several of my domains. I donât even have a send account setup for bestadtracking.com on my computer. As I stated in the previous reply, I have no reason to since this domain is not promoted.
Can you give me the IP address of where the spam originates? Iâd like to compare that to my IP address here at home and office.
Thanks,
Brent Crouch
-----------------------------------
I had no information to track the issue any further. The lack of response from IX Web Hosting left me to believe the issue had been resolved or there had been a mistake. Then 4 days later on June 10, 2008 I got this message.
-----------------------------------
Brent
We tried to reach you today in order to resolve this issue, but unfortunately it has been well over 72 hours since this ticket was placed. We must sadly suspend your services, please do not hesitate to call us at 1-800-385-0450 any time, day or night.
Best Regards
Ian
-----------------------------------
Amazing! They give me no information to solve this problem. On top of that, they donât respond to my ticket in 4 days and because I didnât answer the phone when they called they suspended not only the domain in question but every domain listed in my account.
I called in and spoke to a tech support guy who allowed me to remove the domain in question and in return, he restored my other domains. He also left a message to have the tech support manager call me the following day.
The manager I spoke to apologized for the way the ticket was handled and the lack of information that was given. He said he would follow up with the employees that were responsible for the ticket and make sure it never happened again. He was helpful in looking at the server logs and determining how someone had loaded a spam bot onto my site.
Apology accepted. Stuff happens. I considered it water under the bridge and not a big deal. Not so muchâ¦..
After my first run in with IX Web Hosting, I wrote the whole incident off as a fluke. The manager I spoke to seemed very sincere and assured me that wasnât proper protocol and wouldnât happen again. I was trucking right along until I got this email from them on October 26, 2008.
-----------------------------------
Dear Brent Crouch,
We have received notification of phishing material in your account. Phishing files are usually placed through some type of exploit of out dated code, weak file and folder permissions. Packaged shopping carts and photo galleries are usual sources as hackers find exploits and developers fix them almost daily, so unless you constantly update the software or completely secure it things like this can happen.
You must agree to remove this content and update any software that has resulted in security holes. To protect your account from further action you must agree to our request for compliance. Please respond to this message stating your intent to do so. You may either log into your control panel with us, and access this ticket via the 24/7 help desk, or provide this ticket number to our Live Chat or phone representatives. Failure to respond to this message within 72 hours will result in the suspension of the affected domain with us until such a time as this matter is resolved.
Michael
-----------------------------------
The email gave me no indication of which domain had been hacked. When I wrote to live help and gave them the ticket number, I spent 10 minutes waiting only to be told they didnât know which of my domains had been effected. They recommended I reply to the online support ticket.
Here is the email I sent them in response on October 27, 2008.
-----------------------------------
I replied to live help and they could not find any information. So far you havenât told me which domain is a problem.
Please give me the info I need to correct this problem and Iâll take care of it.
Brent Crouch
615-389-XXXX
-----------------------------------
Eight hours later, I was able to find the problem by viewing all the files on my domains and looking for the files that had been recently changed. It turned out my brentcrouch.com domain had been hacked and setup with all sorts of eBay and bank phising pages. The site operates on a Wordpress platform which is widely used and is a big target for hackers.
(http://www.seobook.com/wordpress-blog-hacking-checklist)
I wrote back to IX Web Hosting for a second time on October 27, 2008.
-----------------------------------
I found the problem on my brentcrouch.com domain. I updated the wordpress software to the latest and cleaned up the problem. The only exception is the brentcrouch.com/forum directory. I am unable to delete this directory as the hacker has removed my access. Please delete the directory.
Thanks,
Brent Crouch
-----------------------------------
The following day, here is the email I got back from IX Web Hosting.
-----------------------------------
Brent:
Thank you for your attention to this matter. Per your request we have removed:
/brentcrouch.com/forum - deleted
We will be closing this ticket at this time. If you have any questions please feel free to contact us. We will be happy to assist.
Please note that this is the second time this problem occurred. Unfortunately, I have to bring to your attention that as per our terms of service a third instance will result in immediate account termination without notice. No backups will be provided. If you have any questions about how to avoid this from happening again our support team will be glad to advise.
Respectfully
Frankie
Support Tech Representative
-----------------------------------
When I seen that response, I was pissed! I run my own server at Servint.net. Iâve hosting accounts at several other hosting companies. Iâve never had a site hacked except from IX Web Hosting.
In 4 months, Iâve had two sites hacked. In both instances, IX Hosting was zero help in locating the source of the problem. In the first incident, they didnât even reply to my ticket for 4 days. In the latest incident, they couldnât even tell me what domain was hacked.
Then they send me an email telling me if it happens again not only will they suspend my account, theyâll deny me access to my files! Huh?
Thatâs not a risk Iâm willing to take. With the high costs of obtaining customerâs in this business, Iâm a little surprised they donât do a better job of trying to retain them. In my opinion, this policy is unacceptable and makes IX Web Hosting one of the worst hosts Iâve ever dealt with.
I just signed up for a hosting account with Host Gator and have already moved all my domains over. So far, so good.
Whatâs your experience with IX Web Hosting?
|
11-06-2008, 01:37 AM
|
|
|
Never thought that IX web would behave like that. I read quite positive reviews for them.
Sory to hear. Thanx for sharing
|
11-06-2008, 01:44 AM
|
|
View Beta Profile
Web Hosting Master
|
|
Join Date: Aug 2004
Location: Canada
Posts: 6,078
|
|
Were you regularly updating your scripts hosted on the account? That is a major issue nowadays, outdated scripts lead to hacked web sites. It would also be a good idea to keep regular local backups of your data, regardless of who or where your hosting your web sites. Don't rely on the web hosting provider for backups.
|
11-06-2008, 02:11 AM
|
|
|
@WN-Ali - I do keep local backups of my site. The issue is most of my sites run on some type of mysql database that is updated daily. I'm not quite diligent enough to download each database everyday to make sure I have the latest copy. However, I just installed a cool plug in for wordpress that downloads and emails the database on a frequency that I select. So that should help.
I'm pretty good at updating my scripts. However, I wasn't using the last revision of wordpress when I got hacked. I take full responsibility for that. I just don't think it justifies a web host suspending all my domains and denying me access to my backups.
|
11-06-2008, 02:30 AM
|
|
View Beta Profile
Community Guide
|
|
Join Date: Feb 2005
Location: Australia
Posts: 3,190
|
|
So the short version is: Your sites were insecure. Two of them were hacked in quick succession. IX's support staff weren't especially helpful to you. You've now been warned that another similar incident will cause them to terminate your account, so you're pissed.
Sorry but I don't see this as "Terrible customer service". Ok, they could have been more helpful, but keeping your sites secure is your responsibility and it looks like you failed, twice. Let the same thing happen on any other shared host and while they might be willing to give you a bit more information I suspect you'd find the end result would be rather similar.
TBH I find it slightly disturbing that you don't seem to have any consideration for all those other users on the server who suffered each time one of your sites was hacked...
|
11-06-2008, 02:48 AM
|
|
|
I'm pretty good at updating my scripts. However, I wasn't using the last revision of wordpress when I got hacked. I take full responsibility for that. I just don't think it justifies a web host suspending all my domains and denying me access to my backups.
By not keeping your scripts updated you allowed criminals to come in and try (potentially successfully) to steal people's banking and credit card credentials. This is a HUGE liability for a host . Now the host could have been a bit more helpful in pinpointing your issue, however such support is likely beyond the scope of their support. It's ultimately up to the user to make sure that all of their 3rd party scripts are kept secure, even if that means hiring a professional to do it.
If anything, the threat of suspension without backup (which some hosts would have done after the 2nd time), serves as major motivation to keep your sites updated and secure. Something which this host doubts you will do having been compromised 2 times in recent memory.
|
11-06-2008, 02:50 AM
|
|
View Beta Profile
Community Liaison
|
|
Join Date: May 2006
Location: California
Posts: 4,314
|
|
By not keeping your scripts updated you allowed criminals to come in and try (potentially successfully) to steal people's banking and credit card credentials.
I understand what you mean but why would the server have people's banking and credit card credentials?
|
11-06-2008, 03:01 AM
|
|
View Beta Profile
Web Hosting Master
|
|
Join Date: Aug 2004
Location: Canada
Posts: 6,078
|
|
Your going to find the same terms on almost all web hosting companies, not updating your scripts which could lead to possible hacking of your account would be a violation of terms with many hosting providers.
Unfortunately you cannot blame the company in case of this, you are solely responsible for your own account.
I understand what you mean but why would the server have people's banking and credit card credentials?
Because the hackers uploaded phishing web sites of banking web sites stealing personal customer information.
IX Web Hosting did nothing wrong on their part in my opinion, first time they didn't cut off your service, 2nd time they let you know that you better start managing your accounts properly because if it happens again a 3rd time they will no choice but to let you go.
Since you have already decided to find a new provider, I would highly recommend taking proper steps to secure your account from hackers.
|
11-06-2008, 03:09 AM
|
|
|
They should have been more helpful in pinpointing the problem. I would say the majority of customers do not know how to deal with a compromised account. Generally people are aware of how to update their scripts but not aware of how to find any files uploaded (assuming any were such as in your case with phishing).
That being said, I don't think the threat is inappropriate - you've had your account compromised twice in a quick succession.
|
11-06-2008, 03:30 AM
|
|
View Beta Profile
Community Liaison
|
|
Join Date: May 2006
Location: California
Posts: 4,314
|
|
Because the hackers uploaded phishing web sites of banking web sites stealing personal customer information.
Ah, thanks - I completely missed the part about phishing websites.
While I don't agree with the sparse communication and helpfulness on IX Web Hosting's side, their policies are relatively standard in this industry and perfectly understandable because they need to protect their other clients as well.
|
11-06-2008, 10:41 AM
|
|
View Beta Profile
Community Liaison 2.0
|
|
Join Date: Oct 2002
Location: EU - east side
Posts: 19,421
|
|
The main fault that I can find on the part of the host is their lack of response to your ticket in the first occurrence, which then led to your entire account being suspended.
Other than that, you were pretty lucky that they did give you a notice first, giving you time to investigate. (I'm assuming they can afford to do this because you're not sharing your IP with other customers.)
You deserve to be commended for your detailed and relatively objective presentation of facts though, for it enables all readers to reach decent conclusions.
|
11-06-2008, 11:51 AM
|
|
|
Let's be clear. In the first case I wasn't running any third party scripts. I was only running a few html pages and a couple php contact forms. There was nothing to update. All my directory and file permissions were appropriate and at the end of the day, I'm not sure how this site was hacked.
The second incident was a WP site that was running WP 2.6 that was released in July of this year. It wasn't running 2.6.3 that was released in late October.
With that said, these scripts are updated because the old script had vulnerabilities and was hacked by someone. I agree that updating scripts is important, but it doesn't guarantee you will not get whacked and it is no excuse for a web host to deny access to your files.
If anyone here thinks that because your scripts are updated you are above being hacked, then give me permission to post your domain and a challenge in a few hacker forums. Let's see if you can make it to the end of the day.
Shoemoney that runs over 1,000 sites and is a true pro has been hacked. eBay has been hacked. Amazon, Yahoo, Buy.com, and the Library of Congress have all been hacked. If someone wants to hack your site, chances are they can.
@Foobic - I'm not so sure anyone else on my server was effected. If they were I find the 4 days it took to respond to the 1st ticket even worse. But I don't think that is the case.
@WN-Ali (http://www.webhostingtalk.com/member.php?u=77862) - My domains were suspended in the first incident. Are you saying you see nothing wrong with not replying to a support ticket for four days and then suspending my account? Is this the way you treat your clients? Even IX Web Hosting Management admitted fault in this incident.
By the way, Google Engineer Matt Cutts posted some good info on his blog about protecting your WP installations. You can easily find it by visiting his blog and searching for three-tips-to-protect-your-wordpress-installation. Hopefully someone will find that useful.
|
11-06-2008, 12:33 PM
|
|
|
One more thing to consider. Since I'm on a shared server could it be possible that another account on that server was hacked resulting in vulnerabilities with all the accounts? IX Web Hosting is not running a standard WHM / cpanel setup. It looks like their own in house system.
Another thing that makes me lean toward this conclusion is the comment that was just left on my blog. I posted this story there 12 hours ago and this is the comment that was left. Like this guy, I also had the Wells Fargo site.
Comment left on my blog.....
Found this site because of a problem I am having with IXweb.
I have 4 Buisness Accounts (about 35 sites)
In May, I had the exact same problem, a “Wells Fargo” Phising site was added to my site folder, .. I asked how it was added, and of course it was my fault, permissions, ftp virus.. bla bla bla..
During July, Aug, and September, 2 of my buisness accounts, ( 18 sites) along with 1000’s of others (ALL IXweb) were mass injected, base64 code injected into EVERY file, and permissions set to “server” (httpd) this happened EVERY 10 days for 3 months!!.. 1000’s of sites were affected.
5 weeks went by, and today, ALL my sites were again injected, this time with a .htaccess file redirecting the sites to porn sites.
The support at IXweb is USELESS, they know only what they have written in front of them, and even that, they get wrong!!..
I now have a daunting task of moving about 35 sites to another host.
Anyone serious about their web site, shoud not touch IXweb with a barge pole.
|
11-06-2008, 04:56 PM
|
|
|
Let's be clear. In the first case I wasn't running any third party scripts. I was only running a few html pages and a couple php contact forms. There was nothing to update. All my directory and file permissions were appropriate and at the end of the day, I'm not sure how this site was hacked.
PHP contact forms unless you coded them yourself = 3rd party scripts. They are one of the most common ways hackers get in. Anything that can accept a POST command is suspect to being hacked.
The second incident was a WP site that was running WP 2.6 that was released in July of this year. It wasn't running 2.6.3 that was released in late October.
I'd recommend checking monthly at a minimum. 4 months is an eternity in the black hat world.
With that said, these scripts are updated because the old script had vulnerabilities and was hacked by someone. I agree that updating scripts is important, but it doesn't guarantee you will not get whacked and it is no excuse for a web host to deny access to your files.
That should be a wake up call to make sure you always have your own updated local backups. I'd imagine IX has a clause in their TOS where they have zero responsiblity for your files and that a termination for TOS violations does not mean they have any obligation to give you files .
By the way, Google Engineer Matt Cutts posted some good info on his blog about protecting your WP installations. You can easily find it by visiting his blog and searching for three-tips-to-protect-your-wordpress-installation. Hopefully someone will find that useful.
Another great resource for info on hardening Wordpress can be found here http://codex.wordpress.org/Hardening_WordPress
I'm certainly not saying that IX was the most responsive, they could have done more to help. However it doesn't seem as if you've done nearly as much as you could to ensure that you keep your personal web space safe from black hats (that being said, I'm sure 80%+ of web site owners don't) . It's ultimately up to the website owner to secure their own space and have the technical prowess (or contract for it) to deal with hackings if you aren't paying for a service that explicitly does it for you. Budget Hosting providers in general will say such as service is beyond their scope of support.
|
11-06-2008, 05:08 PM
|
|
|
Eventhough hosting companies have their own rack in different DC they too have firewall protection to an extent for which they pay and if they have moderate plans in their DC ...then their servers are not well protected with FW..That leads to hack and inturn spamming and phising, But the rules set by DC are also very critical...they would unplug servers with certain timelimit. So it all depends on your host and the DC were the servers reside....
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
