[thelist] Windows Dedicated or VPS

Mark Groen evolt at markgroen.com
Mon Nov 20 13:44:57 CST 2006 

On Mon, 2006-11-20 at 21:01 +0200, Hershel Robinson wrote:
> I need a Windows dedicated server or VPS for 2 or 3 months. We have a 
> project we need to do to transfer data between MySQL and QuickBooks and 
> we have located this tool:
> 
> QODBC Web Server Edition ( http://www.qodbc.com/QODBCweb.htm )
> 
> which appears to suit our needs. We will only need it for a few months 
> tops, to finalize the code and perform the transfer. I have found one host:
> 
> webserve.ca

Stay far, far away from that company.

Here's my experience with them.

My client had a brochure-ware site with them that he never monitored or
really even used, but as it had sat there for a few years it was a
company name he was familiar with and so created a new account for the
launch of a new domain that was destined to be much more active.

The user name they sent us with the IP address for Cpanel returned a 404
error and we were unable to access Cpanel. No problem I thought, someone
just made a typo and some time later we had a new account with a
different user name that worked. 

Next day I started uploading files, the first batch was for an
administrative function that doesn't have ANY sensitive information what
so ever, but is nevertheless secure for it's own sake. Logged into
Cpanel and created the database for it, then went back to the local
config file to adjust the parameters to match and uploaded the new copy.
The config file is safe on it's own in it's own directory, but I wanted
to protect the folder itself and went back to Cpanel again to do that.

That's when the fun started, upon logging in, a virus laden WMF file
wanted to download along with a javascript file that I'm guessing was
the front end for a key logger script. These were being called from
within Cpanel and were trying to contact a Russian hack server, unless
someone can tell me differently it would appear that at the very least
this virtual space had been hacked.

I put a support ticket in with the subject line "rootkit found",
thinking that was sure to catch someone's eye. After about three hours,
I checked Cpanel and the thing was still running, so used the Live Chat
to try to get an ETA. Was assured the problem was being looked at and
would be fixed soon.

It's the next day, and they still haven't got back to me but a little
over 12 hours after the problem was discovered by me, they did send an
email to the client:

"Hello. At this point in time we are planning an urgent server rebuild
to eliminate recent technical problems we have encountered with the
server ns38.servepower.com. This should take place within the next few
days during the late evening to early morning hours (10 PM to 7 AM PST).
Sorry but an exact date has not been determined as of yet. "
<snipped bit about the migration to new servers and data etc. />

"If at all possible, please avoid making changes to your site over the
next few days. Also, we would like stress the importance of using virus
scanners and other forms of security on any computers you regularly use
to connect to this server, and that it is important to choose a
complicated password for your account. Thank you for your patience in
this matter. We apologize for the short notice and any inconvenience the
technical problems have caused for you. "

The two phrases that stick out for me are the warning to use a virus
scanner, thought this vulnerability had a patch for it out for some time
now.... then "choose a complicated password", the one they sent was in
the same clear text email as the user name, and consisted of real
English words, all in small case and no warning to change the password
to something more secure.

As well, instead of working around the problem of some ISP's blocking
port 25 for relayed outbound email by setting both 25 and 26 to accept
at the domain mail server, the instructions for email had this, "you
will NOT be able to use your SMTP server listed above to send mail if
you are using one of the following ISP for your internet access: Telus,
Rogers, Sympatico etc ... " which as already mentioned above, is not
quite correct.

Tons of horror stories about them on webhostingtalk.com.
-- 
cheers,

        Mark

More information about the thelist mailing list