[scratt]

Hi Guys,

I just tried to vist my web site and found out that my entire portfolio of web sites has been hacked... Quite spectacularly! Needless to say this has put me out of business for the time being!

I have not logged into my accounts for an entire weekend (as I have been away racing) and have a unique password for my main site control panel, which I have not used since Thursday. So it is extremely unlikely this info was harvested from me at some point over this weekend, or that it was hacked due to any mistake of mine as I have simply not been online other than to check emails and check orders in my store databases. Neither of which uses that password, or email address to access. There has also been no compromise on any of my other web accounts or packages, held anywhere else on the web, just my IXWebhosting accounts.

Through a long drawn out conversation with IX Webhosting's 'helpdesk' it came out that my registered email address on their main database had been changed... It had been changed to something like haxorzRus@yahoo.com. This has been done in the last 4 hours, and points very strongly to the fact that their own system has been hacked... At first they tried to tell me that was my login email address () and that I had forgotten it...

Quote:

you: Can we set a new password now, or not? Srinivasa Rao Bodapati: You can set it now. you: I have no access to my site control panel. Or do you mean I can tell you and you will set it? Srinivasa Rao Bodapati: Could you please let me know the login user id and password you are using to login to the Hosting Account Control Panel. you: xxxxxxxxxxx you: xxxxxxxxxx Srinivasa Rao Bodapati: The given login userid is wrong. you: Then it has been changed. you: The above email addres is the one I have always used. It is my personal email and is the one I use to identify myself on your system.... Go check my purchase records. I am logging this conversation to show people that it is you who have been compromised. Srinivasa Rao Bodapati: The given login email id doesnt match the records in our database. If you want me to provide you the login details then please let me know the last 4 digits of your credit card and also your credit card type. Srinivasa Rao Bodapati: Also we dont get into any customers accounts unless they come up with a problem and ask us to verify. you: YOUR DATABASE HAS BEEN COMPROMISED THEN. My credit card is a xxxxxxxxxx. Last 4 digits xxxxx Srinivasa Rao Bodapati: Thank you for providing the information Srinivasa Rao Bodapati: Your login email id is "completely bogus email address" Srinivasa Rao Bodapati: and the password for it is xxxxxxxxx you: I suggest you get someone senior at IX Webhosting to look into this right now as you have a security problem there and I now have the evidence to prove it online and will be doing so today. Do you honestly think that "completely bogus email address" is a real ID? you: YOU HAVE BEEN HACKED! PEOPLE DO NOT USE FREE EMAIL ACCOUNTS FOR HOSTING ACCOUNT IDs. GET ME SOMEONE SENIOR ONLINE NOW. Srinivasa Rao Bodapati: Please hold for a moment. I am transferring the chatt to the senior personnel.

IX Webhosting steadfastly refused to accept it was their fault until I threatened them with Digg.. Now they are dragging their feet putting my sites back up..

I have full web logs of conversations with them, and also know who hacked me, and their handle and email address and so on. Obviously I am keeping this close to my chest as it is my proof of what has happened. But I am happy to share it with people if necesary.

I am passing this on so that anyone else using IX Webhosting can get the hell out of dodge... I will of course be going elsewhere for hosting as soon as I can.

IX Webhosting also offered me a Unix based 24 hour backup rotation as part of the package I paid for, and now tell me my restored site may be as old as 7 days! This is totally unnaceptable for a professional hosting package with live databases and so on...

Therefore I want people to know about this.. i.e. IXWebhosting suck!

[MCQ]

Sorry to hear about that Scratt - good luck with getting that sorted out.

I had a friend who was looking into hosting packages a couple months ago and had mentioned IXWebhosting, but I warned him against it after looking into some reviews and glancing at the packages. Good thing I did so.

You may want check out WebHostingTalk as part of your search for a new web host.

[scratt]

We are back up again!
I am now going to have a look at the people you recommend..
Anyone else with recomendations.. I am all ears!
I am going to hunt out that thread from a few months back that everyone was discussing hosts in...

I might just buy myself my own rack somewhere... Who knows!
Still 2 - 3 hours downtime and everything back up again, albeit with half my passwords changed so I have no idea how to access anything, is not too bad I guess! Shame I had to threaten them so much to get such a speedy response, and get them to take it seriously!

*puffs furiously on loaded joint*

My wife has sore fingers from surfing the web on my treo as we blasted across Thailand so I could get back to "Scratt HQ" and start making sure not too much dmage was done!

[PKIDelirium]

SurpassHosting.com

I and several of my friends use them. They're great, they VERY rarely have any problems, and if something happens it's dealt with pronto.

Oh yeah, and the helpers in their support forum speak proper English, and don't have names such as "Srinivasa Rao Bodapati"

[scratt]

Thanks.. Checking them out too..

By the way.. In the end IX Webhosting managed to only restore my site from a backup made in February! What a bunch of inept drooling fools.

Luckily I can re-upload my content.. But Jesus, what a royal pain!

[Windswept]

Scratt, last week, maybe on Thursday (I can't really remember which day), I was looking at who was online at AN. I often glance at the thread titles, out of curiosity, to see what threads *guests* are reading.

I noticed one guest reading my old thread "Cool Places You've Been", so I clicked on that thread title to take a look at some of the nice pics that were there.

What came up for me was a box with a key in the upper left-hand corner. Near the key was the title "Website Access" - or something like that.

The website listed was extremesportscafe, and your first name (presumably) was there.

It was all very strange. I've never had anything like that happen before. I've never seen such a box. I guess I should have sent you a PM right then. But it 'did' come up while I was logged in at AppleNova. Very strange.

I have the feeling that one of our disgruntled, banned ex-members is involved in all this hacking. Do you remember ever tangling with any of those who got banned from here in the last few months?

[scratt]

Wow! That is really wierd..

Any chance you can alert Brad, or someone.. Assuming his omnipotence is not watching over us right now..

That does sound awfully strange.. Particularly if it's a link from here...

EDIT - As for tangling.. I tangle with everyone, darling! As you probably have noticed...
I have pushed a few noses out of joint here, and elsewhere.. So I guess I had it coming!
Ah well.. Everything is back to normal now. Will ensure copious backups and contingencies are made in the coming days. Need sleep.....

[rollercoaster375]

Quote:

Originally Posted by PKIDelirium SurpassHosting.com I and several of my friends use them. They're great, they VERY rarely have any problems, and if something happens it's dealt with pronto. Oh yeah, and the helpers in their support forum speak proper English, and don't have names such as "Srinivasa Rao Bodapati"

Highly recommend. Mostly because their support staff is awesome. They've also got PHP5 on all their servers, now.

[Brad]

Quote:

Originally Posted by Windswept What came up for me was a box with a key in the upper left-hand corner. Near the key was the title "Website Access" - or something like that. The website listed was extremesportscafe, and your first name (presumably) was there.

Windswept: what you most likely saw was a login/password request from a .htaccess file. Any time a browser tries to access files that have been protected on the web server with a .htaccess file, even if they're embedded in another web page, it will pop up a dialog asking you to login to load them.

You can see examples of the .htaccess password request dialog in these examples:

http://www.appleinsider.net/
http://forums.appleinsider.net/
http://www.project-think.com/gallery.php

[scratt]

Ahh.. I understand what Windswept meant now...
It's still strange as it's only certain directories (that I do not link to) that have .htaccess file protection on....
I will go have a look at the thread and see if a link has expired / broken and is defaulting to somewhere wierd on the site... Thanks for your input, Brad.

[scratt]

IX Webhosting still deny that their database was compromised.

However, my account login email was changed without their knowledge, and without mine. They have also stated that that is not possible without my authorising it. However, it happened.

I have both them telling me I have forgotten my email address, and also telling me that it is impossible for it to change, without me authorising it using the existing email account as a verification method in email and chat logs. And yet, it was changed and they were even happy to try and convince me that a crazy looking free email account address was my log in and payment confirmation info from day 1. Do they not care that this may have happened to other web sites.. Or do they have a huge security problem they are trying to cover up?

I think they are hoping that I will just go away.. How wrong IX Webhosting is.

It is now a day later and they still have not managed to restore parts of my websites data with information any more recent that February of this year. This is now affecting my sites ranking and my customers experience..

I have several options I am looking at, but wondered if anyone else has any ideas of who I can show their chat logs, and contradictory statements to so that I can get them to at least shoulder their fair share of the blame for this... At the moment they are simply being deliberately unhelpful, and obtuse in their answers to my reasonable requests for recent backups... I really want to throttle someone in their offices right now... What an awful awful company! Really do not host anything with IX Webhosting, and if you are hosted with them right now... Get your data out of there as fast as you can when your contract next renews.. Or before if possible.

[scratt]

For those that are interested here is a log of the chats I have had with their 'technical' people... Hilarious!

I have added my notes with ** infront of them to clarify some points.

Quote:

Srinivasa, Bodapati, Mon Jul 17 03:58:04 2006 Customers website extremesportscafe.com has been hacked and the entire webcontent has been deleted. Please retrive the webcontent from the latest backup available. Srinivasa, Bodapati, Mon Jul 17 04:06:46 2006 Ticket Status was changed from Open to On-Hold Dear Valued Customer, Thank you for using our services. Your issue has been forwarded to System Administrators. As soon as your issue gets resolved we will get back to you through ticket. Should have any further questions,Please feel free to contact us 24/7. Stephen, Northcott, Mon Jul 17 04:46:59 2006 Ticket was closed <<<< Hacker closes my ticket for me... ** At this point I was still chatting with their help staff and they accused me of closing the trouble ticket! It is clear at this point an active attempt to wrestle control of my site from me was still going on and the hacker was logging in and closing my trouble tickets! This was because they would not accept that my email log in had been changed and I was still unable to get into my control panel, but the hacker could using his email address! All of this was going on in a cafe on the beach just outside Pattaya, on a GPRS connection, with my poor little iBook's battery trying to die on me, and the cafe owner wanting to charge me $2 to use the electric to recharge it.. This is after I had just bought lunch there, and paid to use their Wifi, which then stopped working!! What a day! Satish, Mdv, Mon Jul 17 06:24:55 2006 Ticket Status was changed from Closed to On-Hold Ticket Reply-To was changed from q8wars@yahoo.com to xxxxxx (My original email) Dear Valued Customer, Thank you for using our services. Your issue has been forwarded to System Administrators. As soon as your issue gets resolved we will get back to you through ticket. Should have any further questions,Please feel free to contact us 24/7. Satish, Mdv, Mon Jul 17 09:32:06 2006 Ticket Status was changed from On-Hold to Waiting Dear Valued Customer, Thank you for using our services. Your web content has been restored from the backup. Please get back to us still if you have any problems with your domains. Should have any further questions,Please feel free to contact us 24/7. ** At this point my site was restored using a February 2006 backup. Even though I had been assured backups were no older than 4 - 7 days, and this is despite the fact that I am supposed to have daily backups made of my site as part of my 'PRO' package... Stephen, Northcott, Mon Jul 17 09:56:33 2006 Ticket re-opened The site has not been restored properly. These are some (not all) of the issues.. 1. Pictures are missing from the OsComerce store. 2. Pages of the main site www.extremesportscafe.com are from February and before. 3. Wordpress blog skins are missing. 4. Folders and files are missing from the main extreme sports cafe site. 5. For example www.extremesportscafe.com/jobstore and www.extremsportscafe.com/kitstore are completely missing. 6. Passwords are changed or wrong. 7. Database info is unnaccesable. For example I cannot get into my www.extremesportscafe.com/admin folder. The list is endless. In short this 'restore' is not a restore. It is a mess and is months and months out of date. I need this resolved now. I will be consulting lawyers and online consumer sites to discuss how best to proceed against IX Webhosting for gross misconduct. ** I was getting a bit pissy at this point! Stephen, Northcott, Mon Jul 17 10:22:21 2006 Please disregard issue number 3, 6 and 7 from the above note. I have resolved them myself. I am mainly concerned about web content being up to date and the missing folders kitstore and jobstore being put back. *** The current web content on the www.extremesportscafe.com site appears to be from February and March, not after. This would account for missing pictures from the OSCommerce site. Please rectify this asap. ** As you can see above I decided to simply solve as many as the problems as I could myself as it seems that the 'technical staff' at IX Webhosting are unable to use simple Unix commands to unarchive and re-install tarballs! Satish, Mdv, Mon Jul 17 10:22:57 2006 Ticket Status was changed from Open to On-Hold Dear Valued Customer, Thank you for using our services. Your issue has been forwarded to System Administrators. As soon as your issue gets resolved we will get back to you through ticket. Should have any further questions,Please feel free to contact us 24/7. ** So at this point I decided to do their work for them and figure when exactly the backups were from Stephen, Northcott, Mon Jul 17 10:42:49 2006 Having investigated further looking at backups held on our site the OSCommerce store backups are from the 10th of February 2006. This ties in with our observations that the web content and folders are all from a Feb 2006 backup. Basically you have restored our site from Feb 2006. This is totally outrageous, of course, and totally unacceptable. Please have someone contact me and explain what is going on, what the latest backup you have is, and get my site restored correctly please. ** More stuff I found by digging around my fractured sites.. Stephen, Northcott, Mon Jul 17 11:01:46 2006 Also.. Most of the Extreme Sports Cafe subdomains that have been updated since February are out of date... They are all from February. For example caribbean.extremesportscafe.com is completely out of date.. Rectify this and please check each and every web site properly to see which is up to date and which is not. ** My ticket was immediately put on hold at this point.. Apparently that means someone is doing something, but all you get told is that your 'open' ticket is 'on hold'! Stephen, Northcott, Mon Jul 17 12:01:19 2006 Why is my ticket on hold? Please deal with my reported issues above. ** Finally, many hours later they manage to restore one of my sites from a backup from Sunday.. Why could they not have done that in the first place? And why are they still unable to do it with the rest of my sites? Mohammed, Mujahid, Mon Jul 17 12:09:15 2006 Ticket Status was changed from On-Hold to Resolved Dear Stephen, Thank you for using our services, Your issue have done and our admins have restored the data from the last backup (Sun Jul 16 03:38:17 CDT 2006) ,Please recheck it once at your end in this 'extremesportscafe.com.RESTORED/' directory. Should have any further questions, feel free to contact us at anytime, we are available 24/7. Stephen, Northcott, Mon Jul 17 12:32:32 2006 Ticket re-opened Hello, Thank you. That does appear to now be correct.. I have two more requests.. 1. Please verify that all of the sub domains of Extreme Sports Cafe are updated to the most recent copies.. And then please report back to me in this ticket. I have manually updated carribean.extremesportscafe.com, but have not checked the rest. 2. Please let me know how this hack occurred. The fact that my registered email address in your database was changed is of great concern to me. Regards, Stephen Northcott ** Now it just gets silly.. Can you understand any of the response below. I can't.. Try reading my questions and see if anything makes any sense to you.. Mike, Kolcov, Mon Jul 17 12:50:41 2006 Ticket Status was changed from Open to Resolved Dear Valued Customer! Thank you for the word to support. 1. I'm sorry, we cannot verify that because we cannot identify applications used on the subdomains. Please for most recent updates on vendor websites. ** wtf!?!?!? 2. Unfortunately, we can't locate tracks of the hacker - logs are rotated already ** Apparently only a few hours after a hack they have no logs or data to look over to see what the problem was... Very very suspicious.. Hmmmm... Please let me know should you need further assistance. Stephen, Northcott, Mon Jul 17 12:56:56 2006 Ticket re-opened Hello.. 1. I don't understand your answer. Please can you explain more clearly. 2. This is very concerning. I would like some sort of oversight, and some sort of guarantee that this will not occur again. I want to know how my user email can have been changed without a verification being sent to me. ** My comments seem reasonable to me.... Mike, Kolcov, Mon Jul 17 13:06:39 2006 Ticket Status was changed from Open to Resolved Dear Valued Customer! Thank you for the word to support. 1. We do not offer maintenance and troubleshooting services for 3rd party php/cgi applications. We can only say that bundled software (phpBB, osCommerce, formmail etc) is secured. If you installed custom applications to these websites, you need to check at official sites for the most recent updates. 2. Login ID cannot be changed by unathorized person - only owner of xxx (my email address) can confirm the change. Should you have any further questions, please do not hesitate to contact us 24x7. ** Again, totally useless and unhelpful responses to my queries.. Stephen, Northcott, Mon Jul 17 13:16:02 2006 Ticket re-opened OK... 1. I am not talking about applications. I am talking about the web content of the sub domains of Extreme Sports Cafe which have country names preceeding them. For example uk.extremesportscafe.com. 2. I am the owner of xxx my email address, and the only person with access to that email. I have all emails on file and have not recived any notification of a change of email address. Your database was clearly compromised somehow as the email address had been changed to one I have never heard of. Do I need to report this to the police and FBI? I shall do so unless you are forthcoming with a reasonable explanation as to how my accounts email address was changed without my knowledge and also without you being able to tell me how. We are not just dealing with my information here, we are also dealing with a potential break in which will yield my clients private info. We will not stop pursuing this until we get an explanaiton. If we need to involve the press, and the authorities we will do so. I suggest you pass that on to senior management today. DO NOT CLOSE THIS TICKET WITHOUT RESOLVING MY ISSUES AND ANSWERING MY QUESTIONS OR I WILL INCLUDE A COMPLAINT TO THE POLICE THAT IX WEBHOSTING IS OBSTRUCTING MY ATTEMPTS TO GET TO THE BOTTOM OF A SERIOUS MATTER.. ** So at least this time he did not 'resolve' the ticket so he could close it.. So they do speak English at least a little bit.. But his reply is still of no help at all... Mike, Kolcov, Mon Jul 17 13:37:06 2006 Ticket Status was changed from Open to On-Hold Dear Stephen! 1. If web content is html based and does not include scripting elements, it is safe. uk.extremesportscafe.com doesn't have any scripting elements besides pre-installed CGI scripts. ** This is not what I asked for.. I asked for him to restore my content.. He seems to be on some trip about CGI scripts from contact point one, even though I do my best to explain to him that I simply want my content replaced from backups... ** He then goes on to say that I have not told them that my email address was changed, even though it's one of the first points in this thread, and also the initial complaint I made with the online chat helpers which escalted this to the tech people.... Jesus! 2. There is no mention in previous conversation that account login ID (email address) were changed recently. I've sent this report to maintenance team to determine how it was changed. If you wish to start the lawsuit against hacker who compromised your website, you may report this incident to corresponding authroities. All information, required for the investigation will be provided without any doubt. ** Assuming the 'authorities' are able to understand monkey speak I guess! Stephen, Northcott, Mon Jul 17 20:05:10 2006 Mike!! 1. So what I asked was can you please make sure that all extremesportscafe.com sub-domains have the most recent backup re-installed in them. I am not referring to cgi scripts. I am talking about .html content and graphics. For example - I know that carribbean.extremesportscafe.com was restored as a February version. This is very old. I am not in the office at the moment, but on location, so do not have access to our own backups, and need to know that our web site has been put back as it was from Sunday the 17th July 2006. Or at worst Friday 15th July 2006. This has not been in the case with the subdomains, and it is very difficult for me to verify from here. It is also not the case with www.skydivethailand.com. It is affecting our traffic and our customers experience. Bearing in mind it is part of the service you are supposed to supply I do not think my requests are unreasonable. THIS IS A VERY SIMPLE REQUEST>>> PLEASE MAKE SURE THAT ALL MY WEB SITES HTML AND GRAPHICS CONTENT IS RESTORED WITH RECENT BACKUPS! IT TOOK ME MOST OF YESTERDAY TO GET YOU TO RESTORE WWW.EXTREMESPORTSCAFE.COM PROPERLY. WHY O WHY CAN YOU NOT SIMPLY COMPLY / UNDERSTAND MY REQUEST! 2. The first point of contact I made after the hacking of our sites was with your live chat people. It was them that told me that my login details were wrong when I complained that I could not get into my control panel. They actually told me I had forgotten my own email address as the one I quoted did not match your records on your database. In effect your databse was compromised and my login details were changed by the hacker without my, or your, knowledge. I have a copy of the chat log and will be using it as evidence. It is inexcusable that this could happen. It is also rediculous that your staff could believe that a free yahoo email address could be my main account login ID! I have that chat log on file, as I have said, and have already shown it to several online consumer bodies who state quite simply that your security, and your reaction to the problem are probably the least caring and most inefficient they have every seen. I have to agree... It is taking an ridiculous amount of my time to achieve simple results with you guys. You are not reading my explanations properly. Your responses are short and not clear, and do not answer my points at all. Go back through these notes and tell me if you would be happy if you were on my end of this conversation. PLEASE READ MY NOTES PROPERLY AND RESPOND TO THEM PROPERLY. WHEN I start legal action it will be both against IX Webhosting and the hacker. I have his information, which is more than you have been able to supply, even though he hacked your system. I do hope you realise how embarrassing this will be for your company when it is all made public, which it fully will be. At the same time your responses to my queries and problems will all have a bearing on how any third party (customer or legal body) sees your culpability in this situation. So far you have allowed people unknoown to completely wipe my site portfolio and change my account log in email without anybodies knowledge. I think that is enough of a gaff to lose you a very large percentage of your customers, and if I continue to get slow and uncooperative responses to my reasonable requests I will not only include IX Webhosting in the complaint, I will also make sure that logs of these conversations and my online chats with your help staff are made public accross the web for all your potential and existing customers to see... If you are not convinced go check out websites I have posted some initial info on listed where part of this fiasco is already public, and I am only holding back publishing the rest of your inefficient and unhelpful responses for a further few hours before I let the flood gates open. I will wait for your reasoned and thought through reply. I am also waiting for an offer of compensation. If it is not forthcoming I will of course ask my lawyer to file suit against your company this week. Kind regards, Stephen Northcott

[MCQ]

File a complaint with the Better Business Bureau. Seems like they've already had a number of complaints (24 in the last 36 months).

http://data.middletennessee.bbb.org/...=37010809&gid=

I'm not really sure what you expected from this web host in terms of service though - the prices just seem ridiculous for what they're offering in terms of space/bandwidth.

[scratt]

Thanks MCQ... Will do.

Yeah.. I guess you get what you pay for.. But that really does not excuse it...

I can accept people make mistakes and have problems, and so on.. I mean it was so lucky that I happened to be online at exactly the time my sites were being hacked.. A few minutes later and I may have been offline for a couple of days.. I did intend to come home, watch F1 on tv, catch up with Lost and then crash... As it was I did not get to bed until about 4am this morning as I have still been putting my sites back up by hand...

To simply not be able to comprehend and respond to simple requests such as, "Please restore my latest backups accross my entire site portfolio", especially when it's a Unix based system using daily tarballs, is just crazy!

The most worrying part is that within the same 24 hours period they claim they have no access logs to track a hack attempt. And that they don't seem to think that the same database which holds my personal info as well as my credit card and billing data being compromised and changed without their knowledge, is something to worry about.

Mistakes I can understand. Ineptitude I cannot.

EDIT - They also managed to lose all of my MySQL database backups.. When I returned home the only existing up to date copy was live on my site (it changes every day). On a site which was still not secure.
I had a worrying and fretfull 25 minutes as I pulled the database down from the MySQL server to my own harddrive.. Not something I was able to do on a mobile connection on the beach! I mean should I really have to backup a 50MB file from my servers every day to cover their backs? That's not a frivilous task.

[PKIDelirium]

Holy crap.
I just sent an email with a link to this thread to a friend of mine who uses IX, telling him to get the hell off of it.

[scratt]

Quote:

Originally Posted by PKIDelirium Holy crap. I just sent an email with a link to this thread to a friend of mine who uses IX, telling him to get the hell off of it.

Good call... People might think I am vindictive, but I think the only way these people will learn is if they actually see that this is going to affect their bottom line... At the moment they seem woefully indifferent to the whole thing.
If I showed this level of care to my customers I would expect to be sued out of existence. It makes me sick.

I have had my site and all my customers sites hacked for the second time in 2 months, it has become very embarrassing for me to have to explain to my customers why their websites are not there - again!

the first time our site was hacked i logged a ticket and asked for immediate assistance and explanations as to why our sites had been hacked.... 14 hours went by and not one person responded to my ticket, it was absolutely shocking service!!!

35 hours and still no response, at this point it was quite obvious that they didn't want to know.

i had to restore from backups, which took some time.

then, today, i get an email from a customer to tell me that once again our site has been taken off the air and further checks revealed that all our customers sites had also been removed, we have now had 2 customers demand refunds from us and lost business. We have again, logged a ticket (for what its worth!) with these people and 5 hours after logging the ticket i get a response :

it goes something like this "s I can see your ftp password too easy to hack. You need to change all passwords, install newest updates of antivirus software and scan computers where from ftp of account is being accessed.
But please note that most of hackers' attacks are usually done through vulnerabilities of website software which you are using (like forums, blogs, CMS). We cannot keep them secured as we are not the developers of such kind of software. From our side, all server-side software (web services, FTP services, etc..) we are keeping up-to-date and protected. Anyway, it is strongly recommended to review everything that you have in website folder and check web server logs to determine the way you may protect your application against further intrusions. If you have any widely-used software installed, check the vendor site for recent updates or security fixes. Thank you for your cooperation and bearing with us. "

this made me extremely angry at this point as they are quite obviously passing the buck back onto us! suggesting that somehow we have no antivirus software or some kind of malicious scripts running on our local machines that somehow managed to find a password to our site, log on to our account and delete all our sites.

secondly, we dont run anything other than basic html pages, with no scripts whatsoever, so we dont run any applications on the server or our account other than what IX have on there already! from what the previous posts suggest, this seems to be a cut'n'paste response from their help intranet...

it is unprofessional, unhelpful & insulting to the customer as they are basically wiping their hands from it.

i have followed up on this ticket by asking them to provide me with details on when the folders and files were deleted and what date/time.

they told me that they can't do this as the logs have been rotated already. Very strange, the same answer as previous posters have stated!

for me, and my company and the customers i have left who have not jumped ship accusing my company of being unprofessional, i am out of this farce that is a webhost (hanging that term very loosely!)

simply put, IXWEBHOSTING are at best, a place where you can store your files on the net for a few days or maybe weeks, whereafter it is most likely to suddenly disappear and unless you have a recent backup of it, you are unlikely to see again, and don't expect any real support from this outsourced indian "support" team who couldnt string two sentences in english together"

0/10 and possibly the worst webhost out there!

AVOID THIS MOB IF YOU WANT TO RETAIN A SECURE, RELIABLE WEBSITE!

[scratt]

For various reasons I have left some of my sites with IX this year.. Basically I have to fight to get some domain names from them, and while I do that I keep them hosted there.. I have various other reasons for keeping some of my sites there, so please don't reply to this post with.. 'Why don't you move..' as we've done that already.

But just for the record they did it again today.. With no warning, in direct violation of their own ToS they shut down all the sites I have hosted with them, because a company contacted them and said that we had one logo on one web page (out of over 20,000 web pages and 10 web sites) which they considered they had copyright over...

Now regardless of whether we should have that logo up or not, they should give me the opportunity to remove any offending material before shutting down any offending sites - unless of course it's something like kiddie porn - which I would expect them to take drastic measures about.

At the end of the day the world is not going to stop turning if they give me 24 hours, and I am their client after all.. But no, they simply pull the plug on everything.. Email, FTP, www etc. etc. So I cannot even remove the content we have the issue over!

In this case it is the corporate logo of a company I have written approval from to use their logo, and the logo recommends them as a company and links directly to their web site! But this necessitated all of my sites being taken offline without warning, and as of now over 5 hours of downtime without a single useful response from the company.

Quote:

Please wait for a site operator to respond. You are now chatting with 'Alexandr Gorbunov' Alexandr Gorbunov: Hello, my name is Alexandr, please let me know how can I help you today? you: Alexandr all of my sites hae been shut down for an apparent Tos violation.. I have not receieved a single email or call about this.. Firstly put them back up now, and secondly tell me what the hell this is about before I call my lawyer and sue the lot of you. Alexandr Gorbunov: Could you please provide the domain name? you: It's not just one domain.. But the main one is xxxxx. Alexandr Gorbunov: Please hold on, let me check you: i am calling my lawyer now and will be putting this on digg in about 1 minute. Alexandr Gorbunov: Please login to your account-->24/7Help Desk you: Alex.. It is totally unnacceptable what your company has done.. I am on hold on the phione and unable to get anyone.. I am aware of the bullshit reason you are giving.. PUT MY SITES BACK UP NOW. you: Simply put you have 5 minutes to do so or I will be sueing your company. you: It is one site in violation and you have cut every sinlge site we have with you... This is in violation of your ToS Alexandr Gorbunov: We have received legal notification from xxxxxxxxx notifying our company that your website is in violation of xxx copyrights and trademarks. Your account is hereby suspended. All materials in violation (Logo) must be removed, and we must have confirmation of your intent for compliance in order to unsuspend this account. Please call 1-800-385-0450. you: I am aware of this. This is rubbish. We have permission to use the logo. It is on one page of one site.. and you have cut our entire package off. A single email to me and I would have removed the logo while we dealt with this.... Cutting off our sites 1 hour ago without warning is totally unnacceptable.. We now have no email, no web presense no nothing.. you: You have cut 15 businesses off. you: As I said this entire story will go on Digg. I will publish the email you sent me 1 hour ago along with your reasons, and ask people to discuss if cutting off an entire web package of a long standing client is acceptable in this situation.. Your ToS says that you will contact us and give us the chance to remedy these situations... you: We have been given no warning.. You have smashed our business, and you have not given us one chance to respond, or deal with this. you: You are causing irreparable damage to us. For which we will sue you. Alexandr Gorbunov: Please call by the phone number I provided you for further investigation of this issue Alexandr Gorbunov: 1-800-385-0450 you: I have been on hold for over an hour. you: No answer. you: For your part you can resolve this simply by putting us back online now. you: If you do not then we will sue you. you: This issue could be dealt with professionally by you, or you can continnue in this way.. Believe me if you continue this way IXWebhosting will regret it.. you: Do you not understand that cutting off someones business at the knees is immoral? Alexandr Gorbunov: I am sorry for this inconvenience, but I am unauthorized to unblock your account you: Then put me in touch with someone who can.... There is no answeer on your phones... YOU HAVE SHUT OUR BUSINESS DOWN with an email that was sent an hour ago, and now no one is anwering calls or repsonding to my tickets.. you: Lauren Shivers CR Manager you: Get that women to contact me now on +6x 8x 9xx 7xxx or you will be hearing from our lawyers in the US and we will attempt to shut down your business also. Alexandr Gorbunov: Please login to your account at http://manage.ixwebhosting.com/ Alexandr Gorbunov: Then go to 24/7 Help Desk you: I have already done that. Alexandr Gorbunov: Open ticket "copyright infringement" you: I have responded immidiatelly to the message, I have called and I have contacted you. you: Lauren Shivers CR Manager you: Get that women to contact me now on +6x 8x 9xx 7xxx or you will be hearing from our lawyers in the US and we will attempt to shut down your business also. Alexandr Gorbunov: Please update this ticket you: I did so over an hour ago. you: i did so over an hour ago. Alexandr Gorbunov: Please reply to this ticket with your phone number you: Alex get Lauren on the phone to me now. you: Get someone on the phone to me now. you: Or put me in touch with someone who can put my sites back online. Alexandr Gorbunov: Sorry, but your problem can be resolved in ticket only you: I have tried calling all of your numbers.. There is no reply on any number. you: I have responded to the ticket. you: I am still waiting. you: You are in violation of your ToS. To shut a client down you need to have contacted them and have them refuse to comply first. you: You have not done so. you: So get on your phone there and get someone with some authority to contact me NOW! Alexandr Gorbunov: Sorry for delay, sir you: That's not good enough.. Get someone to call me now. Alexandr Gorbunov: I provided your ticket to concerned dept. You'll be called ASAP Alexandr Gorbunov: Please be patient and wait for a call you: ASAP is not acceptable when you have violated your own guidelines.. Get someone to call me now, and do not tell me to be patient when your comapny is in the wrong and damaging my business. Alexandr Gorbunov: Please be patient and wait for a call you: I have been patient for over 2 hours now. you: You are costing us money and damaging our companies profile. Alexandr Gorbunov: There's nothing more I can do from my side, sorry you: Of course there is.. you: Get me a contact now.. you: Get me a direct line so I can call someone. Alexandr Gorbunov: 1-800-385-0450 (inside USA) Alexandr Gorbunov: 1-270-707-2051 (outside USA) you: Those numbers do not respond. I have been on hold for over an hour on my office line.. Alexandr Gorbunov: They have to Alexandr Gorbunov: Please try to call again you: I have tried more than once. you: You are costing my business money. And you want me to sit on holdd to your apparently empty office on an international line for another hour! you: Get someone to call me now. I have provided details and a number over an hour ago.. you: I am logging this entire chat and will be publishing it. I want people to see how you deal with long standing customers. Alexandr Gorbunov: Please call by the numbers I provided you you: I have tried and tried again.. I am simply put on hold.. I have tried both sales and technical. GET SOMEONE TO CALL ME NOW. you: GET SOMEONE TO CALL ME NOW Alexandr Gorbunov: I provided your ticket and phone number to concerned dept. You'll be called soon you: Soon is not good enough.. GET THEM TO CALL NOW. OUR ENTIRE PACKAGE OF SITES HAS BEEN DOWN FOR 3 HOURS WITRHOUT WARNING. We are now getting calls asking if we have gone out of business.. you: This damage to us as a business is very very serious, and your company is totally to blame.. We have complied with all of your ToS requirements, and made our best endevours to contact you, and are getting nothing back from you. you: GET SOMEONE TO CALL ME NOW Alexandr Gorbunov: Sorry, but there's nothing more I can do from my side Alexandr Gorbunov: Please be patient and wait for a call you: Are you telling me you don't have a way to call internally at your company? you: Get Lauren to call me now.. She shut my sites down three hours ago.. We have been on this chat for most of that time.... I have responded to tickets within an hour of you shutting my sites down and you tell me to be patient. you: GET SOMEONE TO CALL ME NOW you: Rememebr this log is going online later today and will show everyone the way you deal with clients on your Pro package who have been with you for over three years. Think about it. you: This is the second time you have done this to us. Last time I warned that if anything like this happens again I will make sure IXWebhosting pay for it. you: Believe me I am going to make it my mission to destroy your reputation online. you: And I don't think anyone will blame me. you: Just tried again.. No one in your call center answering. Logging this and all other attempts to call. Alexandr Gorbunov: Please be patient and wait for a call from Lauren you: I have been waiting 4 hours. ... the chat is still open...

[scratt]

Do me a favor chaps n chapesses, please Digg the story..

I am a man on a mission to get these guys now..

http://www.digg.com/tech_news/PLEASE...ithout_warning

[Majost]

... damn

What's really sickening is that they have an adpage placeholder for your site. Not only are *you* losing money and customers; they are gaining ad impressions and clicks.

Are you in contact with a lawyer? It would be pretty marvelous if you could hand the phone off to an attorney (or better yet: 3-way it) once you finally get in touch with someone.

Best of luck.

(+1)

[scratt]

Thanks so much for that. Yeah I have a lawyer in the US dealing with it now.. The thing is to be honest he said we'll win but it could takes days.. My problem is (as you say) my sites look like I've gone out of business, and they are making ad revenue from the holding pages! Mental!

RIght now I already have about 25 emails from people asking if we have gone out of business!
I even have one from a very good friend offering financial assistance, which is terribly embarrassing.

[Banana]

Dugg...

Wow.

[scratt]

Thank you. It's very much appreciated.

[Phoenix]

Yeah i dugg as well. Not good. I think i dugg the other story about this company too. It's very poor from their end.

[scratt]

tks.

[PKIDelirium]

Dugg.

Damn, they're fucking idiots. I just sent this transcript to a friend of mine that is using IX.

[scratt]

Muchly appreciated. You guys are awesome.

One clarification.. I was pretty short in the chat, but it was the third of three which were equally unhelpful, and after trying to respond to tickets, and call their center with no reply to any of my attempts to get a real person.

I have not had a single helpful reply as of now and we are at the 8 hours mark!
Their excuse. They are busy. Mine.. I am fighting to open the door of my business!
But it took them 30 seconds between a warning email, and a shut down of my entire hosting package.

[turtle]

Sucks, hit hard.

Dugg

[ghoti]

I don't get it. You've posted about them for over a year here and warned others, why on earth are you still hosting your stuff there? Why don't you move it somewhere else instead of waiting for them to screw up again and again? This doesn't make any sense at all, and I really can't feel sorry for you because you knew better. It's your own fault that your sites are offline now and your businesses are hurting, it's not like you didn't get (and give!) enough warnings.

I'm really sorry to be an ass here, but this is way beyond anything a reasonable person would do, and I don't see why we're supposed to all feel sorry and digg your story now.

[Banana]

I thought it was because he had to fight to get his domains transferred to another hosting company, that he had to remain with them while that was being resolved?