No Support Linux Hosting deleted all customer sites

[jbulluck]

Long thread title I know...

They just deleted all their customer sites/databases without warning and fired off an e-mail that said "you may now restore from your own backups." What?!

They got "hacked" yesterday by some group that went around and defaced a bunch of sites. About 12-hours later they let everyone know that they simply wiped and rebuilt the server that was hosting all web sites. No warning, no backup, nothing.

Believe me, I feel like an idiot for not going in and manually backing up each site. It would have been a pain since each site has it's own cPanel login but I still feel horrible.

Their only response has been along the lines of, "For $1/month per site, what do you expect?"

So my suggestion to everyone who finds this thread, no matter how savvy you are, do not host your site with No Support Linux Hosting.

[twikamltd]

I hate to say it, but judging by the name of the company you're not going to get far...

Quite a bad way of handling the problem on their side though.

[FRCorey]

Most hosts always state in the TOS/AUP make your own backups even if they provide them. I learned once the hard way too. Jut remember stay away from those unlimited disk/bandwidth hosts, especially for a buck a month.

[KMyers]

Hello,
While I feel bad for you, but you should always keep a local backup of your sites. No Support Linux Hosting makes no claims that they keep backups and depending on the nature of the deployment, re-building the server may be the best course of action

[KMyers]

Most hosts always state in the TOS/AUP make your own backups even if they provide them. I learned once the hard way too. Jut remember stay away from those unlimited disk/bandwidth hosts, especially for a buck a month.

Actually its $1.00 per month for 1 GB disk and 10 GB BW. Not really bad when you think about it

[jbulluck]

I understand, and like their idea of "no support" when it comes to website/web app setup. They cater to the type of person who can setup/install their own sites. That is great for me because I don't need to pay for "fanatical support" from someone like rackspace. However, I expected them to know what THEY were doing.

They made it a point to tell me that upon rebuilding their server they installed updates to cPanel and the OS. Something tells me that their lack of maintenance cause the vulnerability in the first place.

What really sucks is they still have my money and won't give it back...yet.

[bear]

What really sucks is they still have my money and won't give it back...yet.

The whole $1, or a partial refund?

[krishhhosting]

I think in this case they should be offering some support or at least provide you with a kinder reply. It does not seem respectful to say, "what do you expect for $1 per month?" That is not a nice way to speak to customers.

[Server Management]

Something tells me that their lack of maintenance cause the vulnerability in the first place.

Incorrect, Banks have some of the highest security measures in the world yet they still get hacked from time to time, etc

They are a hosting provider not a backup provider, I wish people will start seeing this!

If your data is so important to you, You would keep your own offsite backups, Since you havent done this I assume the data means very little to you?

[KMyers]

The whole $1, or a partial refund?

I believe you need to deposit a "Minimum" of $12.00 (so its $12.00 per year). Regardless I do not think a refund is going to happen, and PayPal Disputes rarely work for digital goods

[jbulluck]

KDisk, yes and that's ($12) per site- I had many.

cd/home, what your suggesting is that web hosting has no responsibility to their customers to maintain safeguards against data loss and that it's just a crap shoot. Zero integrity. So all hosting companies should have a warning on their front page that says, "You can pay us to host your site but if something goes wrong, you're on your own."

krishhhosting, that wasn't an exact quote- I don't want to slander. However, in a roundabout way they did say that because their service was so cheap, they have no interest in backing up data.

[Server Management]

what your suggesting is that web hosting has no responsibility to their customers to maintain safeguards against data loss

Correct, Their merely a hosting provider not a backup provider...

I never understand why people think hosting providers are responsable for everything.

Backup providers exist for a reason, Maybe its time to use one?

[Incero]

You got what you paid for. Sorry to say it.

[Server Management]

You got what you paid for. Sorry to say it.

Exactly, They paid for "hosting" and they exactly got that

A web hosting service is a type of Internet hosting service that allows individuals and organizations to make their own website accessible via the World Wide Web.

[KMyers]

[QUOTE=jbulluck;7732665]KDisk, yes and that's ($12) per site- I had many.
Sorry, I meant to state the "Minimum Deposit" is $12.00, which per their site can host 1 site for 1 year or 12 sites for 1 months or 6 sites for 2 months...

cd/home, what your suggesting is that web hosting has no responsibility to their customers to maintain safeguards against data loss and that it's just a crap shoot.

It may sound harsh but its correct, Ultimately the client (not the host) is responsible for backups. Even if your host takes backups, you would be foolish not to make your own

[jbulluck]

I should have taken my own backups. I got it.

I still think they handled the "fix" incorrectly by simply wiping out all their customers data without notice or any way to recover from a self-inflicted wound.

I definitely got what I paid for.

[Server Management]

It may sound harsh but its correct, Ultimately the client (not the host) is responsible for backups. Even if your host takes backups, you would be foolish not to make your own

To futher add:

Also its how they can afford to operate with such low rates because they exclude "luxury" things like offsite backups and support, etc

they handled the "fix" incorrectly by simply wiping out all their customers data

How do you know they did this?

[KMyers]

I should have taken my own backups. I got it.

I still think they handled the "fix" incorrectly by simply wiping out all their customers data without notice or any way to recover from a self-inflicted wound.

I definitely got what I paid for.

While I dont agree about the method they chose to fix it, there are 2 options that may have been faced with

1) 48 hours of downtime to clean the damage and plug the hole. Another hour praying there was no backdoors left by the attacker. Give clients access to the files to pick apart the good from the unusable data. Pray that all clients change all passwords. Total 46 hours of downtime.
2) Spend 2 hours re-provisioning the server and another 3 hours installing cPanel, hardening the OS, applying patches and re-adding all accounts. Then allow clients to re-upload their sites. Total 5-8 hours of downtime.

Both solutions are bad, but which is the worst? #2 is best in many cases. It would have been nice for them to at least do a backup of the home directory before wiping the server.

[jbulluck]

KDisk,

Simply copying the contents of user folders to an external drive would have saved many, many hours. After all, this should just be HTML or PHP and relatively "clean". And all the MySQL databases? They could have dumped all those for us.

Lesson learned.

[citywidehost]

It's unfortunate that you are in this situation.

It does seem odd the way the host handled the situation too. We backup all of our hosting servers, even though we don't guarantee them. I don't consider myself a 'budget' host by any means, but even so, we charge extra for backup services if the client wants access to those backups.

I wish you the best. Live and learn.

[Server Management]

Simply copying the contents of user folders to an external drive would have saved many, many hours.

Incorrect, Depending how much content their was this could of taken well upto 72 hours to complete and even beyond if the transfer stalled for whatever reason...

[jbulluck]

cd/home, I get it. You think hosting providers should be completely foolish with data, hosting, security, and everything else. They walk on water. You've made yourself clear.

Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers.

[Server Management]

cd/home, I get it. You think hosting providers should be completely foolish with data, hosting, security, and everything else. They walk on water. You've made yourself clear.

Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers. Hosting providers are not backup providers.

Correct, I just merely stated that your way which would of "saved many, many hours" is incorrect and would of actually added more hours if not days...

I wish one would see that shared servers house 1,000's upon 1,000's of files and afew 100GB of data, Its not just like moving a folder A to B on your laptop...

[Incero]

cd/home, I get it. You think hosting providers should be completely foolish with data, hosting, security, and everything else. They walk on water. You've made yourself clear.

Mostly it's just about the profit. If you're paying $1/hosting account, they have to have 100s of accounts just to pay for the server each month. There simply isn't any profit available to spend ANY time working on a $1/month client's sites. There isn't enough profit available to keep a monthly backup either. And there certainly isn't enough profit to spend days (yes it would be) diagnosing the hack, and trying to wipe only affected files.

At $1/month you're lucky they even reloaded the server rather than just shutting down the business.

[Server Management]

Mostly it's just about the profit. If you're paying $1/hosting account, they have to have 100s of accounts just to pay for the server each month. There simply isn't any profit available to spend ANY time working on a $1/month client's sites. There isn't enough profit available to keep a monthly backup either. And there certainly isn't enough profit to spend days (yes it would be) diagnosing the hack, and trying to wipe only affected files.

At $1/month you're lucky they even reloaded the server rather than just shutting down the business.

Exactly, Also factor in payment processing fee's, The business model hardly seems worth it when times like this happen you could well end up loosing a good part of your business...