Stay away from hostgator

[camaya]

They have some virus affecting their accounts I literally had to move two servers today because some trojan was placed on my sites. They do nothing to fix the problem and claim you uploaded give you the same ipaddress when i submitted two trouble tickets from two different accounts.

[HTMLBasicTutor]

First of all, there's a virus going around that is infecting a bunch of web hosts, not just Hostgator.

Second of all, it's not the web hosting company's responsibility to inspect and protect the stuff you put on your site for the possibility of being hacked.

While the web hosting has a responsibility to keep their servers generally secure, if you install some script that can be hacked or you have not done your part of keeping all scripts up to date, their answer is right IMHO.

Quote:

It is your responsibility to ensure that scripts/programs installed under your account are secure and permissions of directories are set properly, regardless of installation method. When at all possible, set permissions on most directories to 755 or as restrictive as possible. Users are ultimately responsible for all actions taken under their account. This includes the compromise of credentials such as user name and password. It is required that you use a secure password. If a weak password is used, your account may be suspended until you agree to use a more secure password. Audits may be done to prevent weak passwords from being used. If an audit is performed, and your password is found to be weak, we will notify you and allow time for you to change/update your password.

Hostgator TOS - they even have it bolded on their page

Large-scale attack on WordPress - this is not Wordpress specific if you read all the additional info in that thread.

[turf]

lolz.this is the 2nd time i've heard this issue today.
they should have at least do something even when you uploaded it yourself.

[Jim Gillum]

Quote:

Originally Posted by turf

lolz.this is the 2nd time i've heard this issue today.
they should have at least do something even when you uploaded it yourself.

Just read the post above yours...
There is risk in any business ...and it is easy to blame the "supplier"....

I do not use hostgator...but many.many do....

[jawnmurray]

Quote:

Originally Posted by camaya

They have some virus affecting their accounts I literally had to move two servers today because some trojan was placed on my sites. They do nothing to fix the problem and claim you uploaded give you the same ipaddress when i submitted two trouble tickets from two different accounts.

oh. no. I just bought a domain from them.

Quote:

Originally Posted by Jim Gillum

Just read the post above yours...
There is risk in any business ...and it is easy to blame the "supplier"....

I do not use hostgator...but many.many do....

hostgator is very widely used.. it might affect a lot of people.

[deepsand]

Quote:

Originally Posted by turf

they should have at least do something even when you uploaded it yourself.

What would you have them do?

Continuously browse every clients' sites to see if they, as a user, get targeted?

__________________

[SiberForum]

I suppose the TOS and AUP violation took place. I have seen that is the main reason for many users of them.

[turf]

Quote:

Originally Posted by deepsand

What would you have them do?

Continuously browse every clients' sites to see if they, as a user, get targeted?

__________________

i'd like them to say sorry.. lolz


i guess people who are and will use tier service should at least now know their TOS.

Quote:

It is your responsibility to ensure that scripts/programs installed under your account are secure and permissions of directories are set properly, regardless of installation method. When at all possible, set permissions on most directories to 755 or as restrictive as possible. Users are ultimately responsible for all actions taken under their account. This includes the compromise of credentials such as user name and password. It is required that you use a secure password. If a weak password is used, your account may be suspended until you agree to use a more secure password. Audits may be done to prevent weak passwords from being used. If an audit is performed, and your password is found to be weak, we will notify you and allow time for you to change/update your password.

[HTMLBasicTutor]

Quote:

Originally Posted by turf

i'd like them to say sorry.. lolz

What do they have to be sorry about?

Quote:

Originally Posted by turf

i guess people who are and will use tier service should at least now know their TOS.

You evidently did not read all the replies to this thread before posting.

http://www.v7n.com/forums/web-hostin...ml#post1402358

[Snooks]

I just lost 2 blogs on a different host. I wont mention their name because in my opinion, even though im really annoyed, its not their fault.

Both latest wordpress and redirecting to malware site

[vnviews]

Oh, sorry for hear that.
Just question: does this kind of virus attack only WP blogs, or another websites also?
My website is hosted on Hostgator VPS, but it's powered by custom script. Hope virus doesn't touch me .

[drmike]

Quote:

Originally Posted by vnviews

Just question: does this kind of virus attack only WP blogs, or another websites also?

Look up a few posts:

http://www.v7n.com/forums/web-hostin...ml#post1402358

[hostgator]

Hello,


What is your ticket number with us? Our servers aren't the ones that have a virus on them it would all come down to the version of the script your uploading. If you install an insecure script it's going to get hacked. Think of it as we install the worlds best safe into a bank. They then forget to shut and the lock the safe at night and sure enough they get robbed. Our servers are very secure but if you don't lock that safe you're going to get into trouble.


There's been a lot of talk about tons of sites getting hit on godaddy and that's because they are. The attacks that are affecting them aren't affecting us at all due to mod security rules we have in place. These rules allow us to block common hacking exploits towards specific scripts which prevents the majority of exploits from taking place.

You can't block them all as new ones come out daily, and not to mention the rule list would become so large the server would become inefficient and sites would take a while to load. Every host in the world has customer sites that are exploited routinely due to out of date scripts. This is nothing new just everyone is thinking it is due to the volume of attacks hitting godaddy currently. We haven't seen any type of increase in attacks compared to six months ago towards are customers.

Please email me your ticket number at brent@hostgator.com

[deepsand]

Quote:

Originally Posted by turf

i'd like them to say sorry.

Why should they apologize for that which is not under their control?

__________________

[handytxg]

Hostgator is great, their support is very helpfull and fast..., maybe the virus come from a bug in your website.

[drmike]

Quote:

Originally Posted by handytxg

Hostgator is great, their support is very helpfull and fast..., maybe the virus come from a bug in your website.

Why not read the thread and find out?

Quote:

Originally Posted by deepsand

Continuously browse every clients' sites to see if they, as a user, get targeted?

We can actually do that on our servers as we use rollout packages for almost all of the platforms what we support. Just md5 checks against the known files.

Kind of torn on doing so as it does create load on the servers. Also some hacks involved additional files that aren;t included of course in the rollout packages so we would miss them.

[deepsand]

Quote:

Originally Posted by drmike

We can actually do that on our servers as we use rollout packages for almost all of the platforms what we support. Just md5 checks against the known files.

Kind of torn on doing so as it does create load on the servers. Also some hacks involved additional files that aren;t included of course in the rollout packages so we would miss them.

And, if the client uploaded corrupted code, the MD5 will check out fine.

Additionally, a sufficiently clever and industrious hacker can manipulate the file so as to duplicate the hash.

__________________

[drmike]

Quote:

Originally Posted by deepsand

Additionally, a sufficiently clever and industrious hacker can manipulate the file so as to duplicate the hash.

Probably but 1) the master md5 codes sit on my laptop, 2) take two second to throw in some extra code to throw off what the default md5 would be, and 3) in all the years I;ve done this I've only seen two computer games that have done this and they had to because the game itself ran an md5 against itself as part of it's registration check.

Granted I actually don't do this. Just an idea. We have other measures in place to recognize problems.

[deepsand]

Quote:

Originally Posted by drmike

Probably but 1) the master md5 codes sit on my laptop, 2) take two second to throw in some extra code to throw off what the default md5 would be, ..

Would that not require that you recompute the hashes of all extant files?

__________________

[drmike]

One of the pluses of catering to soccer moms and girl scout troops. They don't do much file editing to core files.