Ix Web Hosting Nightmare

Why NOT to do business with IXWebhosting The Interaction On Wednesday June 9, 2004, I received an IM around 6pm from Scott Dickinson, my fellow web designer for CDSoftball.com. He asked me what was up with the site. I was unaware of any problems so I went to the site to see what was up. When I got to the site our content was not visible. Instead there was a message that stated, “The account for domain cdsoftball.com has been suspended”. I went to the IXWebhosting site and spoke to one of their online instant message representatives. After receiving little help from the online support, I was left with no alternative but to submit an email that night as their business offices were already closed for the day. At 8am the next morning I called IX Webhosting and spoke to Sam in the Technical Support department. Sam indicated he was the supervisor. My goal was to find out why the site was down and when I should expect the site to be back up. Sam indicated the site was down and that I would have to submit an email to request for it to be reinstated. I asked when I should expect my sites to be back up and he indicated he could not answer the question. My site is a business. As a business owner it is important for me to know the state of the business and also any potential issues the business might be facing. In this situation I was aware the site was down. I needed a general time frame of when it would be back up. I needed this information to know how to move forward and to know whether it was necessary for me to notify my customers of a potential extended outage. Sam could not provide me with this information. He told me the only information he could provide me was that I had to submit a ticket via email. I indicated that it was unacceptable to me to just sit there and wait with no indication of the time it would take to clear this issue. He indicate that I caused a DOS attack that impacted a number of other customers and that all I could was submit a ticket. His tone developed into an accusatory nature as I pressed to get some indication of what type of impact I should expect on my business. He continually accused me of violating the Terms of Service by creating this DOS attack. My attempts to inform him that I had nothing to do with it were met with the same statement: “It doesn’t matter, it was on your account, you are liable.” I was not satisfied with his inability to provide this information to me. I asked to speak to his supervisor and he refused. I asked for his supervisor’s name and he refused to provide it. After several requests for additional information and several refusals to provide it, Sam hung up on me. I called back and spoke to someone in customer service to report the unacceptable service I received from Sam. I spoke to Kesha in the customer service department who also presented herself as a supervisor. I told her I was hung up on and she indicated she

would talk to Sam about the issue. I then asked her to find out how long my sites would be down. She reviewed my account and then indicated she could not provide me with any further details. She also kept referring to the fact that I violated the Terms of Service (TOS) for my account. My attempts to defend myself to her fell on deaf ears. Her tone quickly became unpleasant and I became more displeased with their service. The final time she stated that I violated the TOS I replied by saying: “I didn’t do a damn thing.” She quickly demanded that I not curse at her. Please note that during all of these extremely frustrating conversations with IX Webhosting, that was the one and only time I used a “curse” word. I remained professional, however extremely frustrated through the entire ordeal. The Root of the Problem During this whole ordeal my objective was to find out what I could about the true root of this problem. I was told that the problem was a DOS attack created by vulnerablescript, which was contained within a directory of one of my websites. They further indicated this script caused an overload on the server and the whole thing crashed. It resulted in the loss of service for every account contained on that server. I quickly regrouped with Scott to see if we could have possible uploaded anything that could have done this. A majority of what we used was created by us so we thought the possibility was rare. We determined the only outside material uploaded/installed within our directories was what is called phpnuke. Phpnuke is a website management tool, which we found online. We were concerned that this may be the root of the issue so we reviewed its contents to see if this possibly could have been the root of this issue. We determined that the vulnerablescript mentioned was not included with phpnuke. We further concluded that we did not install this vulnerablescript in our directories. Eager to learn more about this script that had quickly made my life a living hell I search online to see what I could find. I found 3 references to vulnerablescript. These are those references: http://barrie2600.com/list/1322.html http://www.donkboy.com/html/vol9.htm http://www.port7alliance.com/RadicalFuture5.pdf In all of the references I found it is apparent that the presence of list script on their server, albeit in my directory, was put there by a hacker. If you take a look at these links you will see they all seem to discuss how to hack systems using this vulnerablescript. It is certainly nothing a right-minded person would intentionally upload to their own site. I tried to pass along this information to IX Webhosting but they had zero interest in listening.

The Result IX Webhosting informed me that they were permanently suspending my account and would not reactivate it. I was blown away at this determination on their part, as I am confident my team had nothing to do with the root of this problem. It made it even more difficult as I was left with 4 websites that displayed a suspended account message and no access to my data. I spoke to them regarding my data and they indicated, once again, I had to create a ticket via email. I did and they finally got back to me indicating they would give me a 12-hour window to retrieve my data. They provide that detail last thing on Thursday night. When I got home I quickly logged on to begin the process of retrieving my data (we do maintain backups but they were a week plus old). I quickly found out that I now had access to the online control panel but I could not FTP in, nor could I access the webshell they provide via the control panel. Their offices were closed and I was left to contact them in the morning. I called at 8am to explain what they had done. I was told, you guessed it, to create a ticket via email. Kesha told me she would call when she heard from the admin department on this situation. 4pm rolled around and didn’t want the weekend to arrive without access to my files. I called Kesha to inquire on this situation. She coldly informed my that she had not heard from the admin department and that their was nothing she could do. So I sit here on Saturday with no access to my data, amidst the worst customer service nightmare I have ever experienced. Relation to Class Although we had no disaster recovery plan in place, and few companies plan on a hostile takeover by their hosting company, we were forced to set a plan in motion to get our main site CDSoftball.com back up and running. Scott, my fellow designer and database guy had the data backed up but our copy was a week old. The databases we used are constantly addressed by our customers on a daily basis and displays should represent real-time information. Luckily, we were able to access our databases hosted by IX Webhosting, even though we could not access the files making up the site. We were able to used backed up versions of the files for the site and transfer the data from the IX server. We then quickly secured hosting with another company and began the process of moving the data and the files to the new host company. We redirected the domain name servers to the new site and were pleased when CDSoftball.com once again went live on Friday about 6pm.