Popular web host terminates hacked websites and refuses to return customer data

They have: 1 posts

Joined: Jan 2013

I've had an encounter with a popular web host which did not turn out too well (to say the least).

Please consider asking your web host the following question:

++++
Dear Mr. Web host,
If my website is hacked can you assure me you will not suspend my account
before notifying me, and if you do, can you assure me you will give me
full access to my files and databases if this should occur?

++++

I've learned today that at least one web host, who hosts over 80000 websites, will summarily delete your account without recourse if your website is hacked.

So word to the wise folks, just ask your web host before this happens to you.

Greg K's picture

He has: 2,145 posts

Joined: Nov 2003

Or, you could read the fine print of the TOS to see what they say. Host I used to use, they let you know if there was a problem with a hack or mass spam on your account. disable first, ask questions second.

While it sucks, it is understandable to take this action, as what time window would you say they should allow a site to be able to "spin out of control", and possibly affecting other customers on the same server while they wait to hear back from you?

Do you realize how much damage it does if the IP for the server gets blacklisted because it was sending out 500 spam emails an hour while they waited 3 hours for you to return their call? Assuming most all customers are on the same shared IP, all those customers just walked into spam filter hell for their outgoing mail.

Worse case, if the server is configured so that a script can read anywhere on the server, the hacker could potentially read all database logins for all users and easily run a script to read their databases. If you think a hack is bad news for the end users, believe me, it is a nightmare for the hosting provider. I say this having worked for a company that had accounts compromised and also has been contracted to clean up servers that have been compromised.

All that being said, unless they have solid proof the problem was intentional by the account holder, then there should be methods to try to get the account cleaned up and at least for the owner to retrieve a final zip of the files. (of course, you should in best practice be keeping your own copies of files, and if it is for a business, at least nightly exports of databases, as most all hosting providers do NOT offer recovery service, their backups are for if their machine craps out, not for client use.

-Greg

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.