What IX Web Hosting claims to do to protect your site from getting hacked

At IX Web Hosting we use one of the most respected software’s in the world on network security, to make sure your site is secured and not hacked, and we do this by performing 3 main task.

• Monitoring Services
  This regularly checks your website against various blacklists, including Google, Firefox, Norton SafeWeb, and McAfee SiteAdvisor. It’ll instantly notify us if the site is ever placed on a blacklist.
• Discovery Services
  This determines if your website has been infected with Malware by parsing through all your site’s files and discovering any malicious content.
• Recovery Services
  This automatically filters out the malicious code on each infected web page and corrects your files so that your visitors will not be exposed to anymore Malware. It helps to instantly remediate problems without disrupting experience of your visitors.

If you believe that, you probably believe elephants can fly!!!

The Reality

IX Web Hosting is STILL very insecure, and the above statement that is posted on their site is just another example of how IX Web Hosting decieves their paying customers… Paying customers like these below, who in most cases are just trying to make a living online.. If only they had not chosen IX Web Hosting to look after their sites.

ALL these sites are hosted at IX Web Hosting, and have been HACKED.

Click on image for larger preview.. links to sites are posted below each screenshot.

www.basden.us

www.thetillers.net

www.mcintyrefamilyreunion.com

www.devenports.com

www.computingfromthefarm.com

Everyone in the industry knows how slow the servers are at ixwebhosting.. Yes, it is true that the servers are drasticly overloaded, and outdated,  and that slows things down. But another reason why almost all ix hosted sites have an average 68% downtime is because their servers are constantly under DOS [ Denial-of-Service ]  attack, bringing down 1000′s of  customer’s sites.

If this is not bad enough, things get worse if you happen to live anywhere in Australasia, ‘cos ixwebhosting is blocking IP’s  from this region… But at least they guarantee a 99.99% Uptime… hahahahaha 

“you may come to know what a brain seizure is really like after you’ve experienced the comical and incredibly maddening world of IX Web Hosting Customer Support.”

Just compare the very high ratings of Host Gator with the Embarrassing LOW  ratings IX has.

OVERALL RATING : Host Gator 95.29 :  IX Web Hosting  35.13

UPTIME & RELIABILITY  : Host Gator 9.73 :  IX Web Hosting  5.30

SERVER & CONNECTION SPEED : Host Gator 9.49 :  IX Web Hosting  5.13

TECHNICAL SUPPORT & KNOWLEDGE :  Host Gator 9.27 :  IX Web Hosting  3.62 

CUSTOMER SERVICE & BILLING : Host Gator 9.33 :  IX Web Hosting  4.86 

VALUE FOR MONEY : Host Gator 9.40 :  IX Web Hosting  4.87 

Luckily for IX Web Hosting  SECURITY issues were not rated, But  a rating of  3.62  for TECHNICAL SUPPORT & KNOWLEDGE  !!!  It’s time for IX Web Hosting to pull the plug…  These figures say it all…
AVOID IX WEB HOSTING  

Hahaha.. I know it is really not funny, but sometimes you just have to laugh…  The above screenshot is from www.examinarse.com  Seems like the owner packed his / her bag and left in a hurry..

While I’m here, I might as well post a few recent comments from HAPPY IX CUSTOMERS.

———————————————————————————————————————————

I hope Google ranks this website in their top search results for anyone wanting to know more about IXWebhosting. I had been with that webhost for more than 4 years and changed all my sites to a different host just last week. IXWebhosting is the most poorly managed, technically incompetent and frustrating company I have ever had the misfortune to deal with.

Why have I been with them for 4 years?
Their webhosting plans were at the time and still are pretty cheap when compared to other competitors. But its true, if you throw peanuts, you’ll get monkeys. You are ok till the time you have a website with only static (html pages). That’s what I had for 2 years. The moment you have a dynamic site, have anything to do with databases, use pages in asp or php… God save you. I’ve had nothing but trouble for the remaining 2 years pulling my hair out with every trouble ticket raised.

Customer Service
Its the most slowest, incompetent buffoons I’ve ever interacted with. Every ticket raised takes a minimum of 14 hours to be verified. Their typical replies are “everything’s ok at their end”. They do not understand your query, nor can they understand any technical issues.

Spam-
I lived with spam in each of our mailboxes for all the time I’ve ben with IXWebhosting. Spam is like its brother. Besides having issues with our mail disappearing from our mailboxes (their backup could only restore some of it as it was infrequently taken), I had to put up with tons of spam. At the time of writing this, I believe they have made the web access to the email accounts over https, but still, my experience with them was ghastly.

Server Security-
My websites were hacked many a times. Their servers are easily vulnerable to anybody. I will rate my expertise with networks and security at advanced. To test the security I have hacked into my own hosting webserver and seen the list of domains, their entire contents by simply installing a ridiculous script. I raised this issue in a trouble ticket and the response was.. you guessed it..”everything’s ok at their end”

Their famed easy to use preloaded scripts (Easy Apps collection)-
It is user friendly to install, I’ll agree. But every one of them is completely outdated, buggy to customize and of course vulnerable to hacks. Their excuse- Its the entire collection of scripts that they install when they update the server software (maybe years before). The scripts in them cannot be changed or upgraded.

Final Comments-
If you have a simple website with a couple of html pages and you don’t mind spam, if your wesite is hacked or defaced, its good value for cheap hosting.
Otherwise, Avoid Them Like The Plague… as someone else wrote in here.

I am not affiliated with anyone or anything from anywhere and all the experiences above are my own.
Archie H

=====================================================================

We have been using IX for a long time. First thing that happended was that they allowed my EX-Wife access to my account after we were divorced because she has paid by her credit card at one point for one domain name. They changed the admin panel and allowed her full access to everything because she did not pay for her domain and called them! MORORNS! We have a pro business account and they allowed her access to customers account info, OMG what a night mare! Finally after getting the police involved they fixed it. Now 3 out of 7 of our accounts have been hacked… We have not done or changed anything, in fact the accounts that have been hacked are just place holders for domanins… I have asked it to be fixed from backup 4 times so far and as of yet nothing… I am just in the process of moveing everything to a new local box and say GOOD BYE loosers!
Michael

===================================================================

Server vulnerable to hacking, infected our site, IX Web Hosting refused to acknowledge or address, arbitrarily shut us down. Luckily, we had just completed set up with an alternative server and this didn’t cost us the significant downtime, money and trouble it could have. AVOID them like the plague!
Dayl

====================================================================

 

In the beginning (up to a year ago) everything was fine. Now I have had so many problems that today I have changed my hosting company and left ix-webhosting and went to BlueHost.

My problems:
1. extremely slow server response (average response to a simple html page over 5 seconds). Regularly browser says: no server response. My customers are complaining. Maintaining my blog is almost impossible
2. ftp regularly does not work (complaint by server: too many clients, but I have just one ftp connection open)
3. average response time of trouble ticket about 24 hrs
4. tremendous problems in upgrading from php4 to php5 (I had to change ix-webhosting servers), without any help from them. They offered me help but that would cost me over 200$
5. their mysql server is slow

When I complain to them they tell me these problems are temporary and that they are about to improve it all.
Ad

=================================================================

Once again I have had a horrible experience with IX WebHosting. Here is a list of issues that I exprienced over the last year of being with them:

1. The password to the control panel keeps getting reset and I know for a fact that only a select few have access. Any changes made by those few are logged and disseminated to the rest. When I ask I am made to look like “what’s the big deal?”

2. They NEVER return calls and almost never update tickets except to close it and say that it was your fault. They refer you to the “system admin” who is a ghost as far as I am concerned then are quick to tell you that they can’t do anything else to help you.

3. Press as you might the cannot suggest when the problem can be fixed. It is like they think that your business and clients that are affected by problems don’t matter.

4. Their first level support are unskillful googlers who waste no time in presenting irrelevant rubbish explanations that clearly shows that they have missed the basics of training.

Most Recent Exerience:

Unfortunately they host my mail (haven’t gotten around to hosting my own as yet). One of my customers suddenly cannot send me any mail from their domain, at least I no longer receive it on my domain hosted with IX Webhosting.

My customer had a recent SPAM issue that was resolved however they were not blacklisted. All this time I was receiving mail fine. However a while after the issues is resolved I cannot receive any mail from them.

I try chat support who quickly tells me that I need to call in to report the problem.

ok I call and some guy is trying desparately to convince me that there is a problem with the MX records of my client. And even though I tell him that mxtoolbox gives me a clean report and also that my hosted mail is the only domain that is not receiving mail from my client along with other information he refuses listen. Eventually he gets tired and tells me that he has to get a system admin to call me back.

24 hrs later no call from any admin and I decide to log a ticket myself and describe the problem – no response.

I call back again and a young lady informs me that the issue was left untouched, whatever that means and puts me on hold after every question I answer. She then routes it to the “correct” queue and pomises me that I will receive a call.

24 hrs later no call and no update other than hers that says the call is on hold.

I update the ticket to ask what is going on?

12 hrs later no response so I call and was informed that since I updated the ticket to ask a question it was reverted to the end of the queue. Apparently I was punished for quering the status on my issue….

Another young lady can give me no indication as to an estimated resoution time or at least response time.

I ask for her supervisor who refused to give me his name but was quick to tell me that I would have to wait until the admins got around to looking at the problem.

He didn’t think it was reasonable for them to at least update the ticket and was quick to tell me that “we are just the phones” and that they couldn’t escalate beyond redirecting my problem to the admin queue. They would get to it whenever they can and I would have to wait…”there are other customers ya know?” so I have absolutely no idea how long I will be in that queue. His entire tone suggested that he had worked a tripple shift and was tired and grumpy or he simply couldn’t be bothered. Meanwhile I embarasingly have to tell my customer that I am in the process of moving my mail services which after this I definitely will.

It really upsets me when companies like this get away with such horrible service.

The least you owe your customer as a service provider is a timely and honest update(s) especially when there is a problem. Lack of communications leaves people to assume the worst and suggests that the customer is not important. It does not matter where the fault lies – you are providing a service and it should be your obligation to protect the reputaion of that service by open communications to the client at all times. As an IT consultant I can personally attribute the retension of my business not to my knowledge as much as to ensuring that my customers are always informed and have open access to me. Many times it has been my saving grace during the few hiccups I have made over the years.
Anson

=================================================================

Ordered web hosting form them on Thurs. pm, finally setup on Fri. However, could not upload web since FP extensions were not installed; I installed them from the panel. Long story, several calls to tech support, they can not get the FT issues resolved; moved up to admin. Called over the weekend and told it would be 24 hours…I had to wait in the queue. On Monday afternoon I was told give them another 4 -5 hours. I cancelled later that night about 10 pm…issue not resolved. Tech support was useless. They did offer 2 months extra time if I stayed. After 30 days I would have los the $$; they did refund my $$. I had used them for a couple years in the past without too many issues, site did go down several times. Not recommended.
Rick

===================================================================

And the list goes on and on and on, but that makes good posting for another time.

Just see for yourself what REAL Customers that have NOT been paid to post positive comments about IX have to say:

http://www.webhostingreviews.com/ix-web-hosting-reviews.htm

AND

 http://www.webhostingstuff.com/review/IXWebHosting.html 

AND Another one

http://www.web-hosting-top.com/web-hosting/web-hosting-top.ixwebhosting.com-reviews

You will start noticing “Positive” reviews being posted by the Paid Affiliate Army.. but they always stand out as being Fake.

Feel Free to contact IX Web Hosting about this matter, but they will only blame you for their issues, and  lack of  knowing how to treat their customers with respect.

Please send us a message if your site has been comprimised.

A new wave of the .htaccess injection is affecting 1000′s of sites, but things just get worse and worse, Google is flagging sites hosted by IX Web Hosting because of the sites being redirected to infected sites.
Some customers sites are even getting “Splashed” by Google with “‘Reported Attack Site’ ” can you imagine spending YEARS building up a reputation and then having your site and your reputation  Destroyed because of a hosting company that after 10 MONTHS!! still cannot and has not fixed this security issue…

10 MONTHS!!!  IX WEB HOSTING… You should be ASHAMED!!

Here is an example of someone who has spent YEARS working hard to build a (basic) website and a reputation, and all was lost…

This is the third time I’ve requested review and had it result in a continuation of the ban. I’m a simple artist trying to make a living while going to school. My reputation is being destroyed by this, as well as my art. I’m not a programmer but I know my html that I wrote for my site, and it’s ridiculously simple. All the 3 pages, even though it was said there where 5 pages, that were listed in webmaster tools were the same exact html files I wrote. These were:
 http://www.****art.com/ADAbout.html
http://www.****art.com/ADBreedKirin.html
http://www.****art.com/Itemhtml/directions.html     { Links killed by neverix}

I’ve downloaded and looked at the code of each of these, finding nothing wrong with them.
I also have called my Host, IXwebhosting, who crawled through my site and looked at my files. They said they couldn’t find anything either and that there seemed to be nothing wrong. They also said the ‘Reported Attack Site’ html page google slapped on top of my index wasn’t showing up for them. I had posted once on this forum before with the question: ‘WHERE is the malicious code showing up,’ and I was told how to submit a review. Google is ruining my reputation, my site, my client base, and wasting my precious time. I don’t know what to do anymore, because nothing I have done seems to have worked. I re-uploaded my site, changed permissions to 444, removed any kind of php and unnecessary files, changed my two user passwords to more secure ones, and everything else I’ve mentioned in the above text. I don’t know what else to do. I’ve spent years establishing that site and it’s reputation…years now wasted and ruined.  Please someone help me.

I hereby invite IX WEB HOSTING to send me their side of the story about this issue, I will post it on this blog for everyone to read…  It’s only fair to hear both sides of the story.

And NO, this is not just a “One Off”  see 1000′s more : http://www.google.com/search?hl=en&safe=off&q=%27Reported+Attack+Site%27+ix+web&start=0&sa=N

 

From a Unhappy  IX  customer

I was beginning to think I was crazy. My site would get hacked and I would change the password. This would keep happening over and over. Yet every time I would call in they would say it was my fault. Well today I discovered that once again my site had been hacked as well as all the other domains in my userid for them.  While going through one of my sub domains I found a hackers control panel which I downloaded and took a screen shot. I even looked around in it. I realized quite quickly that I had server root access and I could see other peoples files like I was on a regular computer. This control panel seems to have it all. Anyway here is a screen shot for all you who wonder what is going on:

I have marked my info out to spare me as well as the folder I was browsing. But this control panel seems to have any exploits you want on it with very little effort.  It even has a handy self kill button which I used. Of course I am sure they will be back and hack right back in. Meanwhile I have to look into another host.

CLICK ON IMAGE FOR LARGER PREVIEW

100% ….. 30 day(s) …. Money Back ….. Guarantee 

Sounds good, but is this really true??.. or are the small letters hidden in some dark corner.. Well we found someone that gave it a try, and here is the story…..

PACKAGE :  Business package incl. 2 FREE domain names

PRICE PAID: With their end-of-year special, I even got a special price ($17.27 for three months, with a year agreement)  and paid $95.40 via credit card for a year’s worth of service.

CANCELLED : on day 30 ( the last day)

( needed for 100% refund) REASON OF CANCELLATION :  I was blindly suckered in by your outrageous claims regarding the quality of your service. In the last two weeks I have experienced no less than *THREE* outages due to database issues. I’m going back — no, *RUNNING* back — to a former provider. They  provide better service, and at a better price to boot. Please terminate this account immediately. Monetarily, rape me for whatever your contract allows — I don’t care. At this point, I’d just about pay you to be done with you. Good riddance. [name witheld]

So, they refunded you the full $95.40??

hahahahahaahaa!!!

As mentioned above, IX Web Hosting’s package came with two “FREE” domains, which I promptly registered. They were stupid domain names that I’ll probably never use, but hey, they were “FREE”, right? Uh, no. Of the $95.40 I paid to IX Web Hosting, they credited me :

• $57.45 “for unused but prepaid period of Business Plus”
• charged me $18.21 for the first domain
• charged me $18.21 for the second domain

• refunded me a grand total of $21.03

WHAT!!!!  $21.03!! … but that is just 22% of $95.40

Now that is what we call DECEIVING YOUR CUSTOMERS!!!

These 2 examples were reported to IX Web Hosting in Jan. 2008, 3 months BEFORE the May disaster that led to 10′s of servers being seeded, and up to 200,000 sites infected… Now let me be clear, that these examples are probably not related to what happened, but the OBNOXIOUS mentality of IX Web Hosting definitely has!!…

Please note, that these issues have now been fixed ( otherwise I would not post them here) 

ISSUE 1 :

” – Using phpshell and runing the chsh program on server side
the users are able to change their default shell from /bin/nologin to any other shell and get
access to the IX servers by ssh.
I hope my effort to inform you about the flaw will you not understand as a malicious activity. ”

 

IX’s RESPONSE :

” – Although pointing out that minor security flaw wasn’t viewed as malicious activity, please understand that any other attempts to hack into our system will be viewed as such, and it will be treated according to our policies. ”

 

?? !! What not even a Thank You!!??… Nope.. wayyyyy to obnoxious for a Thank You!!

ISSUE 2 :

The default installation of IX’s “click and install” E-commerce software allows read and write rights to users directory to anyone on the internet. You probably  have lot of affected users..

( No state of the art hacking needed. There is a nice php admin interface without password. OK, I know what is in your mind: You will notice at the first login that nobody asked your admin password. The trap is that the admin interface is linked only in to the cPanel and when you access it you have the feeling that the password authentication is missing because the authentication is derived from your cPanel access (as in many other applications and settings in cPanel). After all, a hacker can easily upload a malicious php file and execute some nice exec() calls affecting the rest of your domains hosted by IX webhosting.)

IX’s Response : ( you’re gonna luv this one!!)

“If you don’t like it, don’t use our Easy Install products.”

Ooooohhh Yes, it is good to be appreciated!!

Credits to ZolTan for the info



 




 

When we contacted Support, we were told ( lied to) that the server was down for maintenance, and to be patient (hahaha) things would be up and running within an hour!!.. after the SEVENTH phonecall (28 hours later) we were finally told that the server was fried  and backups needed to be transfered to the new server..

AGAIN another example of how IX Web Hosting LIES to their customers as for long as they can get away with it.. When they have been rumbled, and have their backs to the wall, only then do they admit to the truth!!

This is going to be pretty tricky for IX Web Hosting  to keep to their 99.99% uptime guarantee

:: EDIT May 25th ::

We just recieved information from an insider at IX Web Hosting, that for months they had KNOWN issues with the server that fried… but the issues were ignored.

Just goes to show how much they care..

 I have previously posted on this blog WHY you cannot find the code.. Because  the code is NOT on your page. The code is, and can be anywhere on the server ( I have posted 3 links to the code that was hidden as a .jpg)  The code added to your site is actually an Iframe, so what you should be looking for is a small snippet of code that calls the script. ( check your Config, Header, Footer, Index.php etc.. ALL pages that get called on every page

Yesterday someone contacted me with this issue, and that person was also banned by Google, and had spent weeks trying to solve this problem.. They  finally found the code in the CONFIG File . ( thanks to this blog)
The site is now clean, but it will only be a matter of days before it is injected AGAIN!!

Here is the post I posted in December last year:

Hundreds of  IX customers, are contacting me to ask about the Injected script ( posted in a previous post) they are asking me HOW to remove it, because they cannot find it…

The Reason they cannot find it??

Because of a MASSIVE SECURITY ISSUE on IX WEB HOSTING’s SERVERS!!.. the script is NOT actually put onto any of your pages, the script is actually hidded somewhere on the server..

So far I have found 5 “seeds” .. These are the codes that are appearing  in  over 100,000 sites

( These have now been removed by ix web hosting but as you can see, the actual file is well hidden and disguised as an image. REMEMBER, this is where the files were stored that YOU can see on YOUR pages )

• http://on3photo.com/onlinestore/photos/106-firefighter_foto/1147-gustav_deployment/di_img_0002.jpg 
• http://adventuresinstorytelling.com/modlogan/m_usage_200603_001_008.html

Remember to view the “source code” in the above links.

Very interesting is the second “seed” that is actually in an IX standard “modlogan” folder, that is standard a chmod 700 .

Secondly it should not be possible on any shared server to inject this script onto EVERY file on that server. The fact that this is happening means that IX web Hosting has not got a clue how to protect their servers, and customer web sites. 

So as you can see, this script IS  NOT actually put into your script, that is why you cannot find it.. HOWEVER, somewhere on your site, there is a bit of code  ”Calling” this script, and that appears in your pages.
Check  ALL the pages that get called for every page, ie. header, footer, index, config, sidebar etc. 

So far I have evidence and proven that the following IX servers running the following Database’s  are seeded:

• mysql33.ixwebhosting.com
• mysql15.ixwebhosting.com
• mysql27.ixwebhosting.com

If you know of any others that are seeded, please let me know.

Hope this helps

:: Some people have contacted me to tell me that the Injected Script is ( also ) injected into the database, and in some cases a new table is created.
I have checked 9 databases of infected sites, and I have not yet come across the script in my Database’s, so I think that this might be “script” related, maybe that some scripts such as PhpBB2 allows for this to happen, so I recommend searching your Database for the script as well ::

=================================================================

This issue has now been going on for more than 10 months…. 1 year this May.. Will IX Web Hosting be celebrating  this milestone?

This blog is intended as a warning, and hopefully help / prevent  innocent   customers from having to go through what I myself  and 100s of 1000s others went through and are still going through with ix web hosting.
As you can see, there is no advertising on this site at all, and I will never recommend another hosting company on this site.

Also, I would like to thank Root@ix,   (s)he has been extremely helpful and willing to help and listen to people posting on this blog with issues, and I have personally sent a few people who contact me by email with issues to him directly, and each time he has helped these people.
I must  say that it is big shame that the people I sent to him, had already been through the normal IX Support procedure, and got nowhere!!..
I do not post peoples details /  Email @ , but you can find Root’s details on this blog somewhere in the comments, and I do recommend contacting him directly with issues that cannot be solved through the normal IX support.
I’m sure he / she will do his / her best to help you.. I just wish everyone at ix web hosting was as helpful and open as Root@ix  is.

Thank you Root@ix

you: every day down

Lesya Geychenko: I am so sorry, our admins are working on the issue

Lesya Geychenko: Sorry, we do not have any ETA yet, the issue will be fixed as soon as possible

you: we have to contact ixwebhosting just about everyday about the servers being down.. this is not the service we have paid for

Lesya Geychenko: I understand your concerns about this, you can create a ticket and provide statistics on the server side issue and ask for permanent solution

you: we have already

you: what’s going on?

you: over 1 hour

you: hello, any updates so far?

Lesya Geychenko: Yes, our admins are working on the issue, they will send a notification to me when they finish

you: please

Lesya Geychenko: The issue should be fixed within 15 minutes

you: ok

Lesya Geychenko: I am extremely sorry to tell you, I just got the news from our admins

you: ok

Lesya Geychenko: They maintain the server longer than I have expected

Lesya Geychenko: The server will be up in 60 minutes

you: ixwebhosting is really unreliable…..   ixwebhosting.com, 05th 2009f February, 2009 Hello we understand our server is down for about 1 hour. We will fix it as soon as possible. Please do not bother us with your enquiries because it wastes our time. We are trying our best. If you don’t like it, please do not contact us or join our excellent web hosting server. You can see on this website we are rated very high. We are not interested in people just complaining and bothering us about our servers. We know it is currently experiencing problems but we will fix it!   Heidi, 03rd 2009f February, 2009 Just got off the phone with ix, for the past 2 weeks every evening at 6 o clock my sites stop loading, and I cannot retrieve my Emails. It is so frustrating that the support just say that everything is working fine. I’ll be looking to move my sites.   Matt, 02nd 2009f February, 2009 The server is currently down. IT is down about every 5-10 minutes for 30 seconds – 2minutes. Right now it has been down for over 10 minutes. We need to get to our database and info but we can’t. This is just bad for us. ixwebhosting.com really cannot get it right. We have contacted them over 100 times in the past month but they keep saying they fixed the problem. I don’t see how ixwebshosting rating is high on the right menu on this website. It means they probably get some cut when referring clients.
]]> http://ixwebhostwarning.wordpress.com/2009/03/01/ix-web-hostings-reviews-feb-2009/feed/ 2 neverixweb http://ixwebhostwarning.wordpress.com/2009/02/20/ix-web-hosting-changes-all-ftp-passwords-without-warning/ http://ixwebhostwarning.wordpress.com/2009/02/20/ix-web-hosting-changes-all-ftp-passwords-without-warning/#comments Fri, 20 Feb 2009 17:25:42 +0000 neverixweb http://ixwebhostwarning.wordpress.com/?p=197 ]]> During the past 2 days I have been bombarded with unhappy IX Web Hosting customers that can no longer update / change their files because IX Web Hosting changed  ALL FTP Passwords without warning.

Here is one  Email I recieved today.

Dear  ******,

We would like to inform you of the new security updates we are making at IX Web Hosting. In our ongoing efforts to maintain security, we have dedicated our system administration team to investigating all possible vulnerabilities. One of the necessary updates we are making to enhance security is to change all FTP passwords. This will ensure that all of the protective measures we have and will be taking remain impervious to outside influence – this includes any security compromises that exist on the Internet that may negatively affect your account.

If you experience any problems logging in to your account via FTP, please take a look at the following information to regain FTP access.

You can visit http://www.ixwebhosting.com/index.php/pages.manual14 for an in-depth tutorial with screenshots on how to update your FTP password, or you can follow the simple steps below.

• Visit https://manage.ixwebhosting.com and login.
• Look for the section called “Hosting Products” and click on the Manage button for your hosting account.
• Look for an icon called “FTP Manager” and click on it. In this area, you will find an icon that resembles a pencil and paper. Click on it to change your FTP password. Please note: to ensure the security of your website, you should not use the same password as your previous password.

It is always recommended that you choose a strong password. We have provided you with a website which will help evaluate the strength of the password you choose:
http://www.microsoft.com/protect/yourself/password/checker.mspx

We are in the process of performing several upgrades to strengthen security. As new developments are made on the server-side and in regards to your FTP account, we will be sure to keep you informed!

We would like to sincerely thank you for your understanding and also, of course, for hosting with us. If you have any questions about this topic, please contact us via ticket, live chat or our 24/7 phone support. We are here for you 24/7 and would be happy to address any concerns you might have!

Thanks again,

Sammie Taunton
Director of Customer Relations
www.ixwebhosting.com 

————–

I thought it was a scam because all the links pointed to “rs6.net“, so I just ignored it for a while.

Later in the evening, I was going to forward the email to IXWebhosting, but on a lark decided to check out rs6.net, and found out it was a mass email company.  It then occurred to me that IX might have used them, so I started digging into my sites.

I did indeed find that they had hosed ALL of my FTP passwords.  This is not a big deal if you are just uploading static HTML pages with pictures of your puppies, but I have 16 sites on a PHP CMS I wrote myself.  Since every site has at least one unique FTP password, and they are scattered here and there (trying to be somewhat unspecific on purpose   ) it’s going to take a while to change all this.

I tried to call IX, but of course the wait was an hour, so to amuse myself I started a chat session with “customer support”.  Yes, those quotes are there for a reason.  I realize this may not place me in the best light, but I was REALLY ticked off.  Here’s the transcript of the chat…

—————————————————————————-

Chat InformationPlease wait for a site operator to respond.

Chat InformationYou are now chatting with ‘Kirill Skripka’

Kirill Skripka: Hello, my name is Kirill. How can I help you today?

you: I got a VERY strange email today about changing my FTP passwords – I think it’s a scam – have you seen it yet, or do you know anything about it?

Kirill Skripka: That is e-mail from us. Please change your password for the FTP from your Control panel->FTP manager->Password

Kirill Skripka: All password were changed, due to ProFtpd upgrade on the server side

Kirill Skripka: Please change your FTP password and try to connect to your site via FTP again

you: Are you guys out of your minds????? How about a little notice???? I have a lot of programming changes to make for several sites!!!!!!

you: Why isn’t there anything about this on the Control Panel?

Kirill Skripka: We have send notification e-mail to all costumers

you: No, you sent notification that you had DONE it, not that you were GOING to do it

Kirill Skripka: yes, that was notification. If we sent e-mail before changing password then could be misunderstanding about when exactly we will change it and other. Also we could not check if you have read our pre-notification and only then start to change passwords

Kirill Skripka: We are honestly apologize for inconveniences caused to you

you: Do you have any REAL programmers there???? I have like 16 sites I have to change RIGHT NOW. What is WRONG with you people????????

you: You have to be out of your freaking mind if you think this is good customer service!!!!!!!

you: I’m on hold on the phone line – I’ll be speaking to a supervisor. I figure I’ll be on hold for about 90 mins. at the rate it’s going.

you: And by the way – the email LOOKS like a scam. I’m not even sure I’m really talking to IXWebhosting here.

Kirill Skripka: We are sorry again, but that was necessary move to change FTP passwords

you: Actually, no, it wasn’t. You could have let us know this was GOING to happen. I’m gonna have a bunch of VERY pissed off customers. Not unlike the way I’m pissed off with IXWebhosting right now.

you: Is there anything on the site about this?

Kirill Skripka: there should not be anything on the site. It is not non-costumers business that we have something change to our costumers. They are not allow to see that info just view our site. We have sent e-mail.

you: That’s a bunch of crap and you know it. Or you should.

you: This is completely unacceptable. I’m going to be up half the night trying to fix this.

you: Explain to me again as best you can why this had no notice.

you: Did it not occur to anyone that there might be programming issues on sites to deal with????

you: As for non-customer business – I can understand that – BUT THE EMAIL LOOKS LIKE A SCAM

Kirill Skripka: We did notice you. E-mail is the best way to do it. Pre-information will not be fine.

you: Look, child, do you have any programming experience?

you: Have you ever dealt with anything like this?

you: Do you have a supervisor there with any experience?

you: Actually, in one regard you are correct – email is the best way to contact us – but an email pointing to a page visible to us AFTER we sign in, and with a notice that “in 48 hours (or whatever) we will be upgrading…blah, blah, blah…”

you: Honestly, this is BUSH league. I will be copying this chat exchange and putting it onto a blog for other people to see.

you: People need to know what kind of stuff IXWebhosting pulls

Kirill Skripka: I want to inform you of the new security updates we are making at IX Web Hosting. In our ongoing efforts to maintain security, we have dedicated our system administration team to investigating all possible vulnerabilities. One of the necessary updates we made to enhance security was to *change all FTP passwords*. This will ensure that all of the protective measures we have and will be taking remain impervious to outside influence – this includes any security compromises that exist on the Internet that may negatively affect your account. We are in the process of performing several upgrades to strengthen security. As new developments are made on the server-side and in regards to your FTP account, we will be sure to keep you informed!

you: Yes, thank you, I read it the first time. It doesn’t make any more sense now than it did when I first read it. The problem is THERE WAS NO NOTICE. I have to go SITE BY SITE and see if there is anything I have to change. My hope is the existing passwords are all still working.

you: Honestly – do you think I had nothing better to do tonight than change all my sites. WHAT WERE YOU THINKING!!!!!???? WERE YOU THINKING??????

you: Is there a supervisor available?

Kirill Skripka: Please note, that changing FTP password do not affect your site work  [NOTE:  I LOVED this line!  >.<]

Kirill Skripka: but you should change it to be able upload your files with FTP connection

you: You are REALLY stupid. Excuse me, but you are. THE FTP passwords are in the programs that my customers use to upload files.

you: They are embedded in the programs I wrote.

you: DO YOU HAVE A SUPERVISOR?????

Kirill Skripka: Yes, we have

you: THEN PLEASE PUT THE SUPERVISOR ON

Kirill Skripka: hold on please, let me transfer you to my supervisor

you: Thank you

Chat InformationPlease wait while I transfer the chat to ‘Yuliya Gordeeva’.

Chat InformationYou are now chatting with ‘Yuliya Gordeeva’

Yuliya Gordeeva: Hello, my name is Yuliya.

you: First, Yuliya – are you Kirill’s supervisor?

Yuliya Gordeeva: Let me read your conversation with Kirill

Yuliya Gordeeva: yes, I am

you: While you’re reading – I realize you probably can’t do anything about any of this – but I’m REALLY pissed off. This is completely unacceptable – both the way the change was handled and the idiot advice from Kirill

Yuliya Gordeeva: Please accept my apologies for some misunderstanding in the previous conversation

Yuliya Gordeeva: Let me draw your attention to that fact that our system administrators are investigating the problem related to the security of our servers in order to help customers protect their websites from any hack attempts. That is why changing all FTP password was an urgent action. Please accept my apologies that we have not informed you about such actions.

you: Yes, you sent me an email telling me you had already done it, not that you were going to do it. ALL MY SITES ARE BROKEN – EVERY LAST ONE. Well, I take that back, I’ve checked about four of them, but I’m certain they are all hosed

you: This is not in the presentation of the site to the public, but rather in the administration of the site by my clients.

Yuliya Gordeeva: As you already know we are in process of updating Apache on all

Yuliya Gordeeva: servers from 1.3.1 to 1.3.36, ProFTPd from 1.3.1 to 1.3.2

you: Again – if I’d had some notice, I could have made this a relatively transparent change.

you: Sorry, no, didn’t know that – no one notified me

you: It’s not that big a deal to me – I like upgrades, as a rule, but I needed some notice.

Yuliya Gordeeva: I’m sorry, but all your websites are not broken due to that fact that we have changed only your FTP password. Please understand that if such changes have not made all the websites can be hacked or affected by any malware

you: Since this one BROKE my passwords, it has a larger than normal effect

Yuliya Gordeeva: So all the actions were turned to increase the security of your websites

you: Excuse me, but as a matter of fact they ARE broken. I just tried several of them – not on the front end, but on the site administration for MY clients – through the PHP CMS I wrote

Yuliya Gordeeva: Please understand that you need to change only your FTP password and then use your new password to access your FTP

you: Again, I appreciate upgrading the security, but you made a false assumption that changing those passwords had a very small effect

Yuliya Gordeeva: Kindly please give it a tty

you: I’m number two on the telephone cue – I’ll see if someone there has more understanding of this. Have you ever tried programming FTP functions in PHP?

Yuliya Gordeeva: Please be sure that changing FTP password is not the only one change we made

you: It is relatively simple, but I have a lot of places to change it.

you: Thanks – I’m aware of that, and I really do appreciate the upgrade – I REALLY DO! But since they changed my passwords without any notice, I’m in a bit of a bind for time to fix it.

Yuliya Gordeeva: Please note that some widespread trojans have a functions to steal FTP passwords from user`s local PC`s and send these passwords to hackers (or special bots which were made by hackers). So please imagine that some of the password were stolen before we made such changes

Yuliya Gordeeva: and how many websites will be hacked if passwords are still the same

you: Yes, I know. It’s a very old problem. One I’m not sure we’ll ever beat as a computing community.

you: It’s not like I have a choice here, is it?

Yuliya Gordeeva: I’m really sorry that we made a couple problems for you by these changes but I hope that all that we are doing right now will save you and your websites from any hacking alerts

you: Gosh, thanks so much. Actually, it’s about 16-20 passwords, and 16-20+ scripts to change them in.

you: They were all random characters already.

Yuliya Gordeeva: I would like to assure you that we are trying to provide the best services including web service and fast technical support. We are working hard to prevent any issues from happening and doing our best in order to advance the level of services provided.

Yuliya Gordeeva: Yes, I really understand you

you: Yes, thanks. You’ve been so helpful.

Yuliya Gordeeva: You are always welcome!

you: I’ll talk to the phone support and let them know how REALLY UNHAPPY I am.

Yuliya Gordeeva: Again we deeply apologize for all inconveniences you have faced with our services and would like to say that we are more than thankful for your great patience and understanding. We will do our best to satisfy you as our customer and provide an upper-scale support and services to you.

Yuliya Gordeeva: I’m sorry, but there is really no way to restore previous passwords

Yuliya Gordeeva: So kindly please change it to the new ones

you: I’ll get right on that…

Yuliya Gordeeva: ok, that’s great. Thank you very much!

————–

(sigh)  I then talked to someone with a little better command of the English language on phone support, and he said something to the effect that he’d come on at 10:30 PM and when he heard what they had done he knew it was going to be a bad night.

Well, I’m looking for a new host.  Please feel free to post any of this you would like.

Hey buddy, 
nice website, i wish i had seen it before I renewed my contract with the crooks at IX for 2 more years…
well, i am writing because i couldn`t find on your website a solution to clean the infections automatically. so maybe you want to post a solution:

here is what I did:

1 – download the entire site
2 – Open an infected file with Adobe Dreamweaver
3 – Look for the infected code, select all of it and copy it to the clipboard (starts with “<?php if(!function_exists(‘tmp_lkojfghx’))…”). You must copy ALL the code!
4 – Still on dreamweaver, click on EDIT>FIND AND REPLACE
5 – on the FIND box you paste the infected code 
6 – On the FIND IN dropdown select FOLDER and point it to the folder where your website was downloaded.
7 – click on REPLACE ALL (dreamweaver will replace the code with whatever is on the REPLACE box, as we didn’t write anything there, it will clean the code)

I found out that all the infected files on my sites had exactly the same code, so it was quite fast to remove them.

Ivan

Thanks Ivan for your feedback, I hope this helps others, also sorry to hear your sites are still constantly being injected. It’s clear that IX Web Hosting still has not got a clue how to solve this issue, and on top of this they are having 3 other mayor issues to deal with.

The past 4 weeks I have recieved and seen an alarming amount of customers furious about the “Downtime” of their sites.

Downtimes of  6+ hours is normal…

I am curious who IX WEB HOSTING is going to blame this time

Today

ixwebhosting   Reviews
ixwebhosting htaccess  
ixwebhosting hacked  
ixwebhosting injection .htaccess  
ix webhosting hack  
rip off hosting account   
ixwebhosting cannot connect to database   
ix web hosting htaccess deleted  
ixwebhosting php issue  
how is my site getting hacked? ixwebhost  

Yesterday
 
ixwebhosting hacked  
ixwebhosting  
my php file infected contains iframe cou  
infected website with directed wedsites  
fake yahoo counter  
ixwebhost php wordpress problems?  
ix webhosting reviews
ixwebhosting injection .htaccess  
ix webhosting injection  
ix web hosting virus issue

As you will see, there are a lot of issues going on.

Search Engine Terms

These are terms people used to find this blog.

Todays  Search 

1. ix hacked  
2. ixwebhosting virus  
3. ixwebhosting hacked  
4. ixwebhosting  
5. ix webhosting hacked 2008  
6. http://ixwebhostwarning.wordpress.com/  
7. ix web hosting has been hacked  
8. http://ixwebhostwarning.wordpress.com  
9. ix webhosting htaccess  
10. ixwebhosting .htaccess hack  

Yesterdays  Search 

1. ixwebhosting hacked  
2. ixwebhosting malware  
3. ixwebhosting malicious  
4. fix ixwebhosting .htaccess  
5. modlogan hacked  
6. htaccess exploit passwords ixwebhosting  
7. ixwebhosting exploited  
8. how to remove yahoo counter injection fr  
9. access htaccess ixwebhosting  
10. ixwebhosting hack