So I had a long run of some very problematic website issues…vicious infiltrations on client-owned things that I managed. They followed me from host to host, and took me months of work to finally eradicate (they are clean, and have been for weeks now). It was a pretty bad nightmare, though.
It all stemmed from one of my clients loading in a shitty plugin, after he had set up a user account with the password of “password”(I am not kidding) – and this plugin with that even brief access created a gateway that quickly leaked out into other unrelated sites co-hosted on the server. The plugin concerned me from the get-go, but it was a crucial part of the guy’s build, and I was trying to be accommodating: big mistake on my part. Rules are not all meant to be broken.
The way the poison worked, was it would create a couple of files in a WP install – files that you would not ever see in normal WP dashboard management, but only thru FTP. Then, it would infect any site on the server it could exploit – in my case, it leaked out to maybe 5-6 of them in various ways…no consistency I could ever find.
The hidden files then start creating folders of “files” that are triggered to render from “normal” web operations. Self propagating keyword-based ugliness. So an otherwise standard header request, would instead get rerouted (in a millisecond) to a bad folder, with a spammy hateful page – inadvertently hosted by ME! I could find the folders and delete them, but they would regenerate at unbelievable speeds unless I found the root of it all.
It destroyed my account, and at Web Hosting Buzz, they shut down my account repeatedly, hurting all of the sites I had that were NOT compromised, only because it was a standard response they did. I then learned Web Hosting Buzz had changed my server, so I was working on an old one for over a week–and my live one, was even more compromised than the one I kept cleaning.
That was the final straw for me- Web Hosting Buzz was sliding for months, and now they were just infuriating me.
I dealt with their helpdesk a LOT, and they cleared me multiple times – -often to only shut me down again in a couple days for exactly the same thing they said I just completely fixed. I was losing my mind, and spending DAYS on this issue that became weeks; deleting files became half of every workday, and I was exhausted.
The way I finally found it, was by rebuilding each site from scratch that I had in this account (about 45 of them)…it was long, arduous work, but it was the only true way I could make it stop. All new user accounts and passwords, universally. Deletion of all old files/accounts.
It was easy for me to clean out the infected sites and make them whole – it just needed new WP installs, free from the vulnerabilities and exploits in Web Hosting Buzz.
I ended up moving my hosting for this account to Dreamhost, based on prior experience and some suggestions/support from some friends with many more sites than I have. The cost was reasonable, the support looked fine, the interface was actually refreshingly clean, simple and easy to manage.
When I got to the truly bad site, I saw almost immediately, that the problem came directly from ONE plugin – which I removed, kicked into the yard and went postal on for a while (at least in my head I did). I told the client that he could NEVER use that thing again – and I built him a new framework with trustworthy plugins.
So far, it has been weeks, and not a single incident on the new stuff – my nightmare seems like it is finally over.
So to avoid this kind of crap, the simplest thing, is to limit your plugins to only trusted ones (no duh, right?). It is something I got lax on, and I paid the price for sure…had to give away a lot of time to make it right with the poor folks who suffered thru no fault of their own.
Stick to frameworks that have MANY reviews, current updates, and transparency – there were red flags all over the bad plugin I fought with here, but being Mr. Nice Guy got in my way of killing it faster. It was also very insidious, and threw me in the wrong direction a lot…it did not create only one page, it varied its assault to keep trying to stay hidden…so no rules would prevent it enough. It was like a zombie.
Know what the files are for the latest WordPress install – compare it to the files in your installs…the bad guys are getting smarter at creeping in without you seeing them. Keep it updated and secure.
Use smart passwords, and even isolate sites if you need to (VPS, firewalls, hide the login page location) – there are some pretty simple ways to prevent them from getting in, since most of what they do is automated.
And above all, know that a cheap web hosting option rarely is worth it – I learned it the hard way, but am wiser for it now.
My website is in a current state of turmoil, as I was moving hosts, so I decided to change things up a bit too.
I have not fully determined what the look will be, but it will be tighter than what I have right now, anyway.
It is good to have this thing out of Bluehost hell, and away from all the spammy/crappy things that happened to my sites there in the last couple years.
No more bitterness though- I am done there, and in a better place for it.
But the site here, is hurting a bit, so I will get around to fixing it up…been way too busy. I have to work for others, not for me.
I like, and am moving to Web Hosting Buzz for hosting sites of mine, or to answer the needs of my clients.
I have been with Bluehost and others for many years, but am eager to change, and I will tell you why.
When I first got Bluehost, in like 2008, it was much more of an issue then to have the right hosting provider for your sites. As it is now, there are many languages to achieve any specific thing…but these languages, coding and platforms used to fight a lot more back then than they do today. It polarized hosts to be one team or the other. And things like cPanel and even Linux for a while were not universal, like it is today.
So at the time, Bluehost made things I needed simple and cheap…I could get stacked Windows or Linux hosting, with an uncluttered cPanel, and not worry on it to much- so I did.
I financed it, by becoming an affiliated sales rep- I sold it, as soon as I embarked. My first sales paved my way for years-of-hosting, and it continued to pay for itself, and a little more.
I truly liked it for a while, too – it was a clean, quick host, uncluttered.
Yet over time, the things I liked about Bluehost were replaced by examples of corporate bloat. The service and support I liked on entering, were eventually melted into a 3rd world, phone-it-in kind of thing, every time. Got to where I always knew more than the support person, which sucked.
As they grew bigger, their customer support became weaker overall but it was always kind of nebulous… you might find great help or nothing- no telling which-and all of it took more time to deliver in the years progressing, every time I had to tap support for anything.
I was also experiencing some technical issues, like slow speeds, hacked sites, and down time – none of it explained to me. Ever. No central feeling here, whatsoever- every call was a new walk in the park. There was even a day when all of my sites went down for about 5 hours with only a very feeble explanation as to why.
Things were getting pretty nutty out there, but I had questions about what was happening in hosting and only one guy was constant, always, with the goods- a guy in a forum I knew named Matt Russell.
Every time there was a burble in hosting services, Matt (who runs Web Hosting Buzz, as well as Namecheap and god knows what else) would tell us all (in the forum) what happened- while Bluehost remained mute. Remember when I mentioned where all my sites in there went down for about a half day, and I was freaked? Matt privately said to me what was happening, and after a short time, it proved exactly true. Did not fix it, or assuage my freaking out then (they had to fix the servers), but it helped knowing why, and I even emailed Bluehost to fix it…and it made me realize I was getting the shaft in my hosting…I was a number to Bluehost. Everyone is.
I wanted service that was smart and dependable- like what Matt always offered. Like what I used to get from Bluehost, but saw less and less of as time went by.
I think Bluehost SUCKS.
I started moving things over to Web Hosting Buzz, and I will actively support them as my new and improved hosting option.
Immediately, the interface is SOOOOO much faster, and uncluttered by sales pitches. I also had a support thing already (I signed up like an idiot) and they answered me within an hour, and solved it for me, immediately. They also offer a service – free – to move over cPanel accounts.
Let that sink in.
Yep – they will move all your Bluehost sites out, free.
I have a bunch in Bluehost, so I am going to take them up on it. [LATER NOTE: did, it was amazing…so nice for a host to offer this-ml]
I will round out any obligations to Bluehost without seeking refunds, but I am not impressed by what growth did to a company I liked. I no longer like Bluehost, and will stop offering it as a reliable, cheap option.It may be these things for other folks, but to me, it has been a cheapie-PIA, that always seems to get worse. I quit, as an affiliate.
My needs, though kind of demanding at times, are small. I am willing to put my money on the fact a guy like Matt only does business one way…I think his company answers my needs much better than Bluehost has been doing in the last 3 years or so. Absolutely held true so far.
Web Hosting Buzz is a reliable, trustworthy and safe host, fast and easy to work with. Cheap, too. Their support rules so far.
I felt for a long time, griping was not the thing to do – either do it, or change it. But I had prepaid for 5 years at Bluehost, so was simply letting it be.
I don’t like Bluehost anymore though, not at all, and I want professional distance. In the past couple weeks, an issue occurred where automatic updates to WP installs (which is a preset in most updated sites) had a conflict with a folder permission default, so it whitescreened the sites. I had 6 of them go – but by the 3rd one, I started doing a quick update, which turned out to fix it every time. It took me hours – and I mean hours – on the phone with BH support finding the issue, and fixing it in one site – and it was me who suggested the fix. The tech was simply doing his job, but he didn’t have enough in the toolkit to help me. I helped him instead- and that is silly.
I also had a site that was having issues, so I logged into the cPanel to see what I could see – and the files literally started to disappear on me…until the entire site was gone. We (me and 2 support techs) fished a copy off a mirrored backup, but I never saw anything like that in all the years I have hosted sites. No explanation, apology or otherwise- but I spent good hours fixing that mess which turned out to be 100% on them.
Just shaky service, overdone sales pitches, and all kinds of crap I don’t want to sidestep every time I admin my accounts.
Conversely, Web Hosting Buzz seems to be a great fit—all of the service and scale-ready technology I want, at a price point I can readily afford. Love it, so far.
[NOTE: Later add: loving WHB, still, months later. -ml]
I have hosted sites for over 13 years. I went to Bluehost in like 2009 I think, because I needed a simple service, offering me a cheap option for Linux.
This week, at least 5 sites I have hosted there got hit by the white screen of death.
I have fixed all but one- which had deeper issues…but all the rest, turned out to be due to a Bluehost thing.
The default permissions on a critical folder, are set to not write – so an update happening, would hit this folder and not update the files it holds. They will point out I could change the permissions here- but it is not something you do, unless very intentionally directed.
So the WordPress site, set to automatic upgrades, tried to upgrade, and did it, about 9/10ths of the way- but one file in particular on Bluehost, does not update for sure: wp-includes/formatting.php
This makes the whole site white out, and makes it impossible to admin thru WordPress.
I found, if you take the formatting.php file from a clean version of WordPress 4.0 and overwrite the local on your whited-out site (there are no unique identifiers in this file, it is a core wp file), you are gold.
Sometimes, it may be a plugin issue- but in the sites I put back online this week, all of them were on Bluehost, got whitecreened by a WP upgrade to 4.0, and all of them needed this file update.
Happily, after the first one, which took a couple hours to find and fix, this makes it fast and easy. At least to rule it out.
But God- Bluehost can suck it: I am done with these losers. Sorry for steering anyone that way, ever. They made simple muddy, and ruined the things that made them good.