If something is too good to be true … it probably is.

It’s not merely that I created this site for Clare; I had to find somewhere for it to live too.

Not being particularly well versed in hosting I had recourse to my friend, your friend, all of our friends:

Before too long I’d stumbled across a company called 3iX. I couldn’t resist it; how could anyone? It offered us 20GB of storage, unlimited bandwidth, and the ability to host three sites there for the piddling sum of £1.77 per month. “Where’s the catch?”

We found out in early February that Clare’s work PC had contracted a virus from my site. Well colour me shocked! A Google search of the virus name showed that several other sites had caught the same bug … and all were hosted on 3iX.

I got in touch with their live support to discuss the issue. Rather than do anything about it, the jabroni on the end refused to help unless I had a ticket … not that the hard-of-thinking klutz would tell me what that meant or whence I might obtain one.

I eventually found out what to do and submitted the complaint. Later that day I received the following message from them:

Hello,

We have removed unwanted code from your index pages and now your site is working fine. Please check it and confirm.

Please feel free to contact us back in case of any other information.

Regards,

Simon
Host-Care Support Team.

That was jolly nice of them, especially their kind offer of inviting me to contact them. Not being terribly impressed that my supposedly secure account had had malicious code inserted I took them up on that offer. In particular, I asked them what they might do to ensure that this didn’t happen again.

I received an answer the next day. Apparently the secret to not having my account hacked by someone who breaks into their main server and thus gains access to sites hosted on it is to … change my password. Change my password. The sender of the e-mail was nice enough to paste a patronising mail about how to choose a strong password. Heaven forfend my brain be so shrivelled that I not know that opensesame is not as good as xp0Fr~~hT¬¦.

The brain train left the station without that particular employee, I fear.

Not long after my AVG pops up whilst I’m looking at Clare’s site.

In spite of the fact that I had changed the password, Clare’s site had now been infected.

I went into the files and deleted the malicious code and changed passwords again. Two hours later the index files once more featured the bad code.

Pissed off, I responded to the person who sent me the mail about how I needed to change my password to prevent this from happening again.

Thanks, but if I’d wanted a patronising note on how to choose a password, that’s what I’d have requested.

What I asked you was:

WHAT ACTIONS ARE YOU GOING TO TAKE TO ENSURE THAT THIS DOESN’T HAPPEN AGAIN? Don’t you dare attribute the blame to me for the fact that someone somewhere has got their hands on 3iX passwords. (Mine wasn’t the only site housed on 3iX that reported this on that day.)

If you are unable to answer the question yourself THEN DON’T FOB ME OFF WITH STUPID TALK ABOUT HOW TO CHOOSE A PASSWORD; put me in touch with someone who can answer my question instead.

My second question was to ask why I can’t have secure FTP. How do you, in 2008, justify the use of regular FTP?

Third point, and very important: My girlfriend’s site is on the same server, and now hers has become infected too. My site is also now infected with the same code again on the index.php file. This is true even though I changed the password.

Tell me how you propose to deal with this issue before I cease custom with you, get hosted elsewhere, and write a series of posts explaining to readers why I moved.

I expect relevant answers, so think before you respond. You are *this* close to losing a customer.

I never got a response.

A few hours later the virus had returned. I fired off another mail to 3iX:

I’ve already discussed this with you once. The former ticket was PKF-173548.

My site has been hacked and a malicious line of code placed on the index page. No-one else knows my password. If you look at my previous ticket, you’ll see that I researched the name of the virus and found a help thread in the WordPress forums where people said it was a 3ix issue.

The code is back, even though I have changed the password. It seems that there must be something extra that rewrites the bad code after I delete it.

So: I want this problem fixed. I also want answers about how and why this is happening. I want to know why I cannot have secure ftp.

Fix this issue. After that, fix the same thing on my other site http://meddysong.com/ which is hosted on the same server.

I am very, very unhappy about this. The frontpage of your website reads “satisfaction guaranteed”. I am far from satisfied so far. I expect this issue resolved with an explanation about why my password (and others on 3ix) fell into the hands of these hackers.

I expect an answer to all of my questions. If you can’t provide one, put me in touch with someone who can.

I actually received an answer to this one:

Hello,

We have removed unwanted code from your index pages and now your site is working fine. Please check it and confirm.

Please feel free to contact us back in case of any other information.

Regards,

Simon
Host-Care Support Team.

Anything about that seem familiar? Scroll above; it’s the exact same response that I received the first time. That’s right; 3iX either

1. sends you an incorrect response blaming you for their server getting hacked, since you’re obviously too stupid to think of a strong password, even this has no bearing on the fact that they were hacked, not you
2. ignores you altogether
3. pastes a default response because they have so much disdain for their customers that they can’t be bothered to answer questions that are put to them.

Not far off needing a megadosage of tablets to lower my blood pressure I replied:

Did you even pay the slightest attention to what I wrote? I am quite capable of removing the unwanted code myself, thanks. I want to know why I can’t have secure ftp and to whom I can complain, seeing as it’s *your* fault not mine that my site was hacked.

I suppose that you’ll ignore this message too like you’ve done my previous ones, you fucking retards.

With that, I went off to their live support:

Chat24x7: Welcome to 3iX live chat, my name is Susan, please hold for a moment, I am reviewing your question.

Chat24x7: may i know what is the issue ?

Tim Owen: Certainly.

Tim Owen: My sites (I have two on the same server)

Tim Owen: were hacked.

Tim Owen: It was the case that several 3ix passwords

Tim Owen: were obtained by a Serbian IP.

Tim Owen: The support people have removed the code

Tim Owen: but it keeps coming back, even though I’ve changed the password.

Tim Owen: So I am very, very angry.

Tim Owen: I want to know why I can’t have secure ftp

Tim Owen: and what you intend to do about this.

Tim Owen: Every time I’ve mentioned it to the support team

Tim Owen: they either ignore it

Tim Owen: of paste me a patronising mail

Tim Owen: about how to choose a good password,

Tim Owen: conveniently ignoring that it doesn’t matter how good the password is

Tim Owen: if some Serbian IP can actually see them.

Tim Owen: So, I want an apology, I want secure ftp

Tim Owen: and if I can’t have them, then I want a refund and to terminate my contract.

What is the response to this, you ask. Not what one would have expected:

Chat24x7: Network speed and technology

Chat24x7: http://www.3ix.org/data_center.php

Fortunately the respondent recovered:

Chat24x7: What is your domain/site name?

Tim Owen: http://radioclare.com

Chat24x7: Please hold for a moment

Tim Owen: and http://meddysong.com

Chat24x7: we provide secure ftp only with expert and extreme hosting packages

Chat24x7: and you are hosted with Extra hosting package

Tim Owen: oh … so you want more money to give me a service where I’m protected from hackers?

Tim Owen: You know how it says “satisfaction guaranteed” on your front page?

Tim Owen: That’s not exactly accurate.

Tim Owen: I’d suggest putting “if you take us up on our cheaper packages, we’ll allow your password to fall into the hands of hackers, and we won’t apologise or offer you standard protection like secure ftp”. That would be far more accurate.

Tim Owen: So, seeing as I can’t get an apology or protection, how about you give me a refund

Tim Owen: so that I can go to a service that actually cares about the security of their customers?

Chat24x7: To cancel your account please send an email to billing@3ix.org with the subject ‘MONEY BACK GUARANTEE – domain.com’ (specify your site name), use your registered email address to send the request and advise your cpanel username and password as verification. The cancellation and refund will be made within 48 hours.

Tim Owen: And that will be authorised?

Tim Owen: It’s just that your support people have done a wonderful job of avoiding issues like this, so I’m understandably dubious.
Chat24x7: if it is under 30 days money back guarantee than it will be authorised

Tim Owen: It’s not under 30 days

Tim Owen: Sorry, I don’t get hacked to order

Tim Owen: Maybe you’d be nice enough to let hackers see people’s passwords within the 30 days next time then.

Chat24x7: then you cannot get a refund

Tim Owen: Right

Tim Owen: So, about this “satisfaction guaranteed” thing: Can we at least both agree that that is a lie?

Chat24x7: if you want we can reset your account

Chat24x7: you can upload your data and change the password

Tim Owen: But what good is that if my account can be hacked?!

Chat24x7: if you keep changing your password frequently then this can be avoided

Tim Owen: You’re completely skirting around the issue! If things were secure

Tim Owen: I wouldn’t have to change my password at all!

Tim Owen: You people are ridiculous at putting the blame for your security lapses on to the shoulders of your customers.

Tim Owen: It’s nothing to do with me

Tim Owen: that some Serbian IP could see 3ix passwords!

Tim Owen: The responsibility for security lies at YOUR feet in this case, not mine.

I pause for five quiet minutes.

Tim Owen: So … You’ve gone quite

Tim Owen: What do I get? Refund or secure ftp?

Tim Owen: I’ve ruled out the potential of an apology; you staff seem particularly averse to acknowledging that it’s not my fault that you provide an unsecure service

Tim Owen: and will only give me something that can’t be hacked if I pay you some more money.

Tim Owen: I’m unsure whether one would label that ‘ransom’ or ‘blackmail’, but it’s not a good thing, that’s for sure.

Chat24x7: wait am enabling ssh for secure ftp connection

Chat24x7: you can now ssh with hostname as your domain name , port 3131 and cpanel username and password

Tim Owen: Thank you.

Chat24x7: Is there anything else I can help you with?

Tim Owen: No, everything is fine.

Tim Owen: Thanks you, you’ve been much more help than the people

Tim Owen: at the support group.

Unfortunately Secure FTP didn’t help, since the hackers had left in a backdoor or script to replicate the malicious code in the event that I deleted it.

In the meantime they mustn’t have appreciated my earlier line of “I suppose that you’ll ignore this message too like you’ve done my previous ones, you fucking retards”, since they sent me the following e-mail: (Right-click > View Image to see full-scale image.)

And not a few minutes later I receive their answer:

Yes … the same generic answer as every other fucking time!

That was it. I set about finding another host. In my rush I transferred the domain radioclare.com to other nameservers without first downloading the content that was on 3iX. Because of this, I couldn’t log back in to their hosting area. Feel my pain as I endured a conversation with 3iX’s support over 30 miserable minutes that brought a new low to the definition ‘customer disservice’:

Live-Chat: Welcome to 3iX live chat, my name is Mike, please hold for a moment, I am reviewing your question.

Live-Chat: Before the DNS has propagated you can view your site using http://serverip/~username and for cPanel you can use http://serverIP:2082

Tim Owen: It’s not allowing me to log in.

Tim Owen: My name and password were stored automatically as a cookie, so I know it’s not a mistake with the typing.

Tim Owen: So … any chance of an a response here? I need access to my hosting area. i awesome that the DNS hasn’t propogated so quickly. And if it has, could I not have direct access to my hosting area?

Tim Owen: *i assume

Tim Owen: hello?

Tim Owen: any chance of some acknowledgment?

Tim Owen: OK, you’re not paying any attentiont

Tim Owen: i’ll get the site redirected to 3iX again and

Tim Owen: retrieve the database that I need.

Tim Owen: Thanks for being so kind as to ignore me for the last 20 minutes …

Tim Owen: This is the point where you could offer me the nameservers that I’ll need to redirect to …

Tim Owen: Jesus. Is there *any* chance of acknowledgment at all?

Tim Owen: Look! Just tell me what your nameservers are, so that I can get redirected back to this site.

Tim Owen: Hold the front page: “3iX in awful service shock!”

Tim Owen: Right, I’m out of here.

Tim Owen: Thanks for nothing. Fingers crossed you’ll get fired

And that was that. Stick a fork in them, 3iX are done.

Clare and I are now hosted on A Small Orange. So far everything is perfect.

If you’ve made it this far, congratulations. Your reward is a free piece of advice: Don’t Use 3iX: They’re Fucking Shit.