Burned By IXWebhosting, How To Find A *secure* Host?
Nov 13, 2008
I'm a customer of IXWebhosting (actually their alias HostExcellence) and I'm completely disgusted. Their latest crime is denying and covering up a security problem which allows scripts to be inserted via cache directories. I now have people complaining of Bloodhound Exploit messages from their Norton Antivirus software. It's being done by somebody else on their servers, in turn infecting everybody else (for several weeks now).
Several months ago, they began SPAMMING the error pages with search engine affiliate links, which I'm sure they collect money from. I said I wanted them off, they said "do it yourself" using custom error pages.
Their outgoing e-mail servers are constantly blacklisted.
Whenever the database or main server fails, they never catch this on their own. I always have to call or create a support ticket.
Needless to say, I'm tired of their BS.
How do I find a replacement host that takes SECURITY seriously? Are there report cards anywhere?
I've used many webhosts over the years and have run into various issues from which I've compiled my key wants:
Reliability - availability of mail & web are both just as important - I've had a few hosts who have great HTTP uptime, but mail can go down for hours and is not covered by any SLA. Prefer clustered solutions using a NAS, or at the least RAID-1 (or 10). I recognise downtime is inevitable, I care more about the impact of single component failure and recovery time.
Control Panel/Security - I'd prefer the host to have a custom control panel (i.e. not cPanel/WHM, Plesk/Parallels, DirectAdmin, H-Sphere etc). I really like DreamHost's panel, in particular their model of arbitrary combinations of shell users and domains underneath them. I like to use this to separate installs of untrusted software (such as MovableType, Wordpress, Gallery, Joomla) into their own user accounts so that if one gets compromised it doesn't hose everything. Need multiple domain hosting.
Disk - 2GB sufficient, 3-4GB preferable. Bandwidth - 10GB or more (I don't really use more than 2GB but prefer not to worry about overage) Price - I'm happy to pay US$20-30 for a premium service. Support - I'm technically savvy and only need for support to be responsive to technical questions & issues (i.e. reporting downtime).
To provide some background - I'm currently a customer of both DreamHost and Media Temple (gs). DH sucks because their uptime is completely unpredictable, I have kept it only because their user/domain model is convenient for toying with untrusted software. (mt) was to be the ideal host but reliability of their (gs) service is crap despite all the claims about superior architecture. Additionally they don't allow separation of users/domains and I don't want to host multiple 3rd party apps in the one account. To their credit (mt)'s support is extremely responsive and the company as a whole are very transparent about outages but they simply have too many technology issues.
I have a web blog that shows promise of growing pretty big soon! This is a vbulletin whith chatbox and arcade games. The forum is for gamers and game modification talk. I want to keep my features such as in forum mp3 player for streaming music. I host no files everything is linked from outside sources. Even photos are linked from photo hosts. I forsee about 20-30 members on at all time browsing and chatting in chatbox. Playing in the online arcade!
I have no idea how much bandwidth all this will use up. I do know that 20-40 gig of space should be quite enough but as always I want all I can get. As far as bandwidth I have no idea what all those features will eat up.
I have looked at fatcow.com and talked to them they said their unlimited is this 300gig space 3000 gig bandwidth and they do not keep up with msql databases. I looked on BBB and they have an A+ record if compared to hostgator they have unsatifatory! The only problem is they are yearly contract only. I do not trust this! I also have to let them re-bill me at end of year and this gives them access to my account. The payment options are check,paybal, or credit.
I had asked for some help awhile ago and recieved some great advice. Unfortunately, the company I work for decided not to move at that time (between deciding to give the host more chance and also becuase we were all dreading another swich over. However, we are now ready to move.
We are currently on shared hosting and I belive VPS is the best option for us right niw (in this stage of our growth).
What I need is one that is fully managed and then some. I need someone that will provide the same type of support you get with shared hosting - meaning I can even come to them when suddenly we have an e-mail issue for example. And for things tht they don't do, at least have the patience to point me in the right direction, help me know what I need to do. I can handle the admin functions of a shared hosting site... but am leery of doing to much more without guidence...
Another thing I am looking for is someone that we can grow with seemlessly - even if it ends up resulting in going to a fully manged deciated server. With any growth, I do want want downtime or having to change DNS (that always causes us problems). I want someone we ca be with for years, allows us to grow, and is reliable/dependable. I really hate switching hosts!
What we need/our set-up/about us:
I would need at least 10 GB hard drive (SCSI HDDS) to begin with.
We currently have two seperate SMF forums (both private, internal with few users) operating on their own MySQL installations. We will probably add more forums (SMF) in the future - each with their own MySQL databases.
We have a Wordpress blog
We use Coppermine Album (it is also tied into the blog so that thumbnails of photos load into the blog sidebar)
For Transfer/bandwidth - I am not sure. I will guess at least 50G. We currently canlt send a lot of our e-mail out of our server due to e-mail limitations so I don't know exactly how much we will use.
On transfer - the majority of it is e-mail, followed by ftp usage.
I really do need someone who can handle and understand our high volumne of e-mail and will help make sure we have no issues with it. That is actually the lifeblood of our business. We recieve data from our clients each day via e-mail, and then send them back customized reports (each day) based on their data. This means we get a lot of e-mail in, and even more going out. When our e-mail shuts down - we shut down.
Our current hosting uses Cpanel and I do like it (and am used to it), however would consider a different control panel if it has the same basic features of Cpanel and is easy to use. However, I really like the fact that moving a Cpanel sitre to another one is very easy (unless that doesn't work when going from shared to VPS)
We will not be doing any reselling of hosting or anything like that - so i don't need anything geared that way. We actually will probably only have the one site, with a few other domains pointed to that. However, we may eventual create additional sites (with their own name) just for the forums.
I have seen about 10 companies listed in other threads that look really good, but not sure which I want... becuase I am hoping I can stay with who ever I pick for the next 10 years and more...
This is my first attempt at using a web hosting company. I currently use a free service from my ISP that gives me 25 MB of space for a personal web site. After only a few weeks, I have exceeded that limit and now find myself needing much more.
My personal website will contain information of a bowling league that my friends and I belong to. I plan to have many pages of data from an Excel spreadsheet included, either in a database format, or just plain html. I also plan to have several family photos and some video on my web site. I will be adding pages on a weekly basis.
I did some research and I felt I needed something like 25G of storage for all my pages containing tables and photos. Since I am not using it for business purposes, I am looking for something very basic, if that is possible.
If anyone knows a decent host that can accomodate my needs, which is simple, but requiring a lot of space, please share your recommendations. My budget is between $5 to $10 per month.
my domain [url] was hosted with ixwebhosting for the last 1 year. Before that I had 4 more domains hosted with Ixwebhosting. I will write up a review of me being a customer with them for the last 2 years and 2 months. Unlike most people, I was not entirely unhappy with their service, however the jotdown with points in different categories in this review will help you from deciding wither you want to go with them or not.
My Hosting Plan: Unlimited Pro
* Unlimited Domains
* Unlimited Transfer
* Unlimited Web Space
* 2 Free Domain Regs
* 8 Dedicated IPs
* Ecommerce Ready!
Why I joined them?
Because, I saw some reviews back in 2006 and I found out nothing but good reviews and in fact that year, they won the Webhosting Company of the Year Award from a very reliable hosting review company. I was excited to see the words "Unlimited", but little did I know what I was getting into. Support:
Their chat support is indeed a handy thing but its full of people who dont know what they are doing. Everytime you open up a ticket in the control panel, always give the chat support client, the ticket ID and tell them to fix it right away. They will reply back within 1 day which is just lame but if you dont bother chatting with them, then expect a reply in 3-5 days time. Server:
Their Unlimited Pro was based on the same servers shared with everyone else in their clients list. It was good enough for my forum when I had around 30-40 users online at once, but when it became 100 users online a day, you would get MYSQL errors and server downtime every now and then.
Loading was considerably very slow, I never found it even comparable to 1and1.
Money Back Guarantee:
Believe it or not, I got my money back when I asked for it after renewing my contract for another 2 years. I could not decide whether to go with them or not, but I just signed up for the heck of it. Later, I realized I needed to move right away, I did not care about the refund but they were nice enough to keep the promise for the Anytime Money Back guarantee. I did not get all the money back because they would charge you for the domains you have with them.
Worst Experience with them:
Novemeber 20, 2008 was my renewal date with them. I signed up in 2006 November for a 2 year agreement. In november, 19th, a guy with a funny Ukrainaian name "Tiberiu" from system administration sent me an e-mail saying I am violating their terms of service by having a big disk space. remember they said unlimited disk space and I stored only 5 gigs worth of data. But still, they threatened me the day before my renewal date. I was shocked and mad, they threatened to suspend my account if I dont take any action within 5 business days. I deleted most of the contents and kept nothing important, making all recommended backups. I signed up with them for another two years as I was a fool lost and not knowing what to do. If I wanted to move to another host, I would have my site on downtime. I could not take anymore downtime, as a result, I earned some more money and decided to move to a VPS.
Why I moved to VPS?
As they say, you get what your pay for and I got it. I understood my lesson. My site is more valuable than the 310 dollars they charge me for a 2 year agreement. My website is right now very successful with an alexa rank of 60,000+. With all this traffic and so much addictive members in my website, I had to move to a reliable place where you would pay more and get more as well.
Notes to other webmasters:
You can definitely sign up with IXwebhosting if you are new in the web development zone. But, always research and read reviews, understand the promises they make and never take anything for granted. And most of all, make regular backups (database and file contents). I know my vps guys monitor my server and keep regular backups, but I schedule my sites backup every week or less and believe me its a relief! I made my sites myself, edited all the commercial scripts (vbulletin, photopost, joomla etc.). I did it because, I have a passion. Always explore all the possibilities and go with a reliable hosting company. Don't depend on any of them and pay more for a better host plan if you love your site as much as I do.
i just purchased hosting from ixwebhosting about 9days ago and just for the last 3 days, i have not been able to use any FTP client to check my directories.
The username and password both passes the test but when its about to list the directories/files on the server, it say 'failed'. I have contacted them several times and they seem not to find any problem with it.
So folks, i have decided to pack in. The weird thing is am able to use their C-panel FTP Manager to login and alter the directories on my server BUT not with independent FTP's.
Guys, in terms of reliability, which host is best from hostgator, hostmonster, bluehost, lunarpages, webhostingpad, Dot5hosting and inmotion?
i have 2 blogs with ixwebhosting.com from 1 1/2 years. from 10 days my blogs are getting attack frequently. every time i am cleaning and reporting to them. they are also clean it. but it is attacking again. They said my system has virus. (but i have latest bitdifender 2010 total security,probably the best antivirus) i also have account with 3 more hosts with many sites. everything works fine.
i am asking them why only this account getting affected if i have virus in my system.i already moved one site to another host where it is working fine now. Except this problem they are very good. So i can't left them.
if any one has experience this kind of problems, please suggest me what to do?
how can i do a search for all files (probs using regex) of files consisting purely of numbers?
for e.g. find:
53243.php 24353.php 24098.php
(always have 5 numbers).
seems one of my accounts has had some script run which generated a bunch of these in various subfolders, and the php file basically does a callback to www3.rssnews.ws and www3.xmldata.info, which seem to be some sort of spyware servers.
when I get a dedi server for shared hosting. I secure it as much as i can and then just incase I miss stuff etc I hire 2 other companys to check over everything. Since I bought a vps from fsckvps are there any guides to secure and optimize a vps other then the one located in the vps section? thanks. I Dont feel like spending 50+ dollars on securing a vps that costs less then 15 a month.
How secure is my VPS? Anyone who has some free time and is reading this thread could please try to do some penetration-testing or something related (I really do not know much about network security) in order to know if my server configuration could be the problem?
Do you find any way to download the full database without login on the system (cPanel or phpMyAdmin)?
Check out this blog and suggest what thing more can be added to secure the vps and i think this information database can be helpful for newbies and intermediate users which like to secure the VPS.. which sometimes exploited due to bad scripts.
Ive been using Dreamhost for years and there great however, One of my clients needs has drastically changed and they are now required to comply with the Data Protection Act.
In particular this bit make Dreamhost a bit of a no go due to them being in California:
"Personal information may not be transmitted outside the EEA unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data."
Unless my client goes and asks all 1000+ customers they are kinda in a bit of a quandary. So here's what im looking for:
Secure UK Datacenter, eg Easynet, Blue Square etc 128mb RAM, 256mb Burstable, 20GB storage, 500GB transfer LAMP Environment Support within Business Hours Control Panel
The passfile is located in the same directory (ie. /usr/local/svn/test) and contains my users in the format:
[users] harry = harryssecret sally = sallyssecret
I then run my checkouts like so: svn checkout svn://mysite.com:7126/test
Now my question is how secure is this. I was tempted to use svn+ssh but I couldn't seem to figure out how to get it configured. Is the protection I have adequate? How easily can this be compromised? What steps should I take to lock it down further. Can I limit the connection to SVNSERVE to only come from certain specific IP's... similar to how apache does:
Order deny,allow deny from all allow from 188.8.131.52
What would be the most secure free CMS at the moment? I ask this because im looking to setup a website, and i dont have enough money to invest in a custom coded website, so to start out with ill use a free CMS, but i dont want to be hacked.
Now i know that because the CMS's are open source, they can still be hacked, what im looking for is something that is the most secure, preferably with sql injection protection.s?