HostPapa – Where’s the Support?

Categories: Blog, Business, Development, Personal, WordPress
Tags: , , ,

May 8
2012

A client I’m dealing with is hosting with HostPapa and the more I have to ask their support people for help the more I’m trying to drive people away from them. So right now, if you’re using HostPapa please, please, please save yourself some headaches and consider moving as soon as possible.

The Back Story

This client is using WordPress and wasn’t always vigilant about keeping everything up-to-date. Eventually that became an issue and his site was hacked. While we attempted to fix it we noticed that we could not access all the logs we would have liked to.

We asked HostPapa for information from these logs and just got the run around. Site was back up and running the best we could do and a few days later it was down again. Put it up again, it came down a few days later.  Each time we asked for logs and more info and got nothing.

Today the site went down again and this time I called them…

Today’s Fun

This latest hack changed out the index.php file in the root directory as well as the index.php file in the wp-admin directory. The database had the main user name and password changed. And there was a file called ‘MYSql.php’ in the wp-admin directory as well. Not a shell script this time but a database interface file. So they could do as they pleased to the database. Thankfully they only changed the user name and password (from what we could find so far).

On the phone with support I asked if they could let us know how the file was put in place. Was it through FTP or a WordPress upload?  They wouldn’t help and told me to open a support ticket.  When I asked how likely I was to get an answer to my question that way I was told, “Not very likely.”

Wow.

Since the log files that we can see are only kept a short amount of time I thought it would be a good idea to set up a cron job which would copy the log file every few hours but give it a new name with a date/time stamp on it.  This way I could see things developing over time.

Cron job wouldn’t run. The log files sit outside the client’s root web folder so I thought that might be why it wasn’t working.

Good time to jump on HostPapa’s live support chat and get some answers…. or not.

Here’s the support chat:

JonathanM: Hi there, how may I help you?

Me: I have a quick question that I hope you might be able to help me with.

Me: I notice that the raw access logs are only kept for a short amount of time. Is there a way to keep them for longer on an account by account basis?

JonathanM: unfortunately our log system is fairly simple – to not say old, and I’m not sure you can do that

Me: Okay…. a different question then….

Me: My initial thought was to setup a cron job that would copy the log file but give it a name with a date and time stamp.

Me: I tried this but it wasn’t working. Can I even run a cron job on the directory where the log files are stored? Or is access limited to just the public_html files?

JonathanM: I’m not sure… you can send us this question to info@hostpapasupport.com and we’ll make sure a technician will look at it

Me: Ummm okay… I thought I was talking with support here. No one there can answer this question now?

JonathanM: Not at this moment unfortunately

Me: Okay… well then thank you for your time.

I’m talking to support and they tell me to email support for the answer?  Why even bother having a live support chat then?

 

Anyway… this is more of a rant and a warning than anything useful to others. Just keep in mind that I believe WordPress recommends only 4 different web hosts on their site because they’re the one’s who offer great support and have servers set up properly.  Might want to make the move to one of those and protect yourself and your site.

 Update

Site was ‘hacked’ again today – a shell script injected into the theme’s style sheet.

On a brighter note – thanks to this post I was contacted by someone (Rick) who’s friend is have the same exact issue with her website. He website appears to be on the same HostPapa shared server as my client’s. Rick also mentioned that the information left in the hacked files he looked at showed domain names in the files. When he looked at those site they were hacked as well. All sitting on HostPapa’s shared server.

So however these hackers got in the first time it’s apparent they can get to other sites on this shared server. Not the best security measures there HostPapa… might want to fix that.

Update #2

Rick was kind enough to send me some excellent information last night that was sort of alarming. Seems his friend’s site that was hacked had a bunch of text files on them last night. All of these files were HostPapa user names followed by ‘wordpres.txt’ or ‘shop.txt’ (ZenCart) or … you get the idea. These were basically the configuration files for these programs and contained user names, database names and database passwords.

A quick call to HostPapa about this finally made them perk up enough to look at this as a server issue and not something that was just our fault. A ticket is in place with HostPapa now and we’ll see what they actually do about it.

 

Comments

Leave a comment

 

  • Sep 5, 2012
    @ 11:18AM

    Jim Walker says:

    During the course of an average week I receive a lot of calls from HostPapa clients whose sites have been hacked.

    My assumption is that either HostPapa is major target of hacker groups, as HostPapa has more than their share of hacked customers, or they have some rather serious server level security issues.

    Secure website hosting can be found. Look in Google for web hosts who offer free daily malware scanning or whose home pages discuss security (and not well endowed athletes or super models).

    On a positive note HostPapa has become pretty good at handling these hacking complaints; as they’ve been well battle hardened…

     

  • Sep 18, 2012
    @ 10:48AM

    Nick B. says:

    Hi Dan,

    Thanks for posting this article. I’ve had a similar experience with Host Papa support after my client’s site was hacked.

    In my case the WP site hosted with Host Papa was hacked repeatedly over a period of a month. I have built and manage 30 plus other WordPress sites for various clients on other servers and have never experienced this type of malicious attack on one single site. My online research revealed many WP forum threads with HostPapa clients complaining about repeated hacks.

    I’ve hardened WordPress’ core and do keep regular backups of all files and database but am considering switching to a host that is more familiar with WordPress. Unfortunately all WordPress.org recommended companies are US based.

    It would be great to know if you are still using HostPapa as your host and what the resolution was in your case.

    Thanks,

    Nick B.

     

  • Oct 2, 2012
    @ 1:52PM

    Dan says:

    @Jim Walker – From the countless calls to HostPapa I’ve concluded that their servers could be a potential risk. While I do understand that there is a strong need for those people running WordPress, Joomla, etc. to keep their sites up to date – there should be no way to get from one account to the next on a shared server.

    The two biggest issues I have with HostPapa is that when calling them they offer zero support – in fact they go a step further and blame it on the account holder. The other issue is the complete lack of care.

    I was contacted by someone who read this post and had a friend on the same shared server as my client. He provided me with a list of other account holders on that shared server who were hacked. When I passed this along to HostPapa they actually told me that all those sites were using content management systems that were not up to date. I don’t buy it.

    I use and recommend Dreamhost to all my clients looking for hosting. They’ve been nothing less than fantastic with helping out (when needed) and even locking down accounts when they’ve been in trouble.

     

  • Oct 2, 2012
    @ 2:04PM

    Dan says:

    @Nick B. – Oh man, sorry to hear about the repeated attacks on the WordPress site hosted with HostPapa. It sounds very similar to what my client was dealing with (and I was constantly fixing).

    Like you, I’ve hosted with a number of other companies and have never had something like this happen. Which is why I believe that HostPapa is the issue – and not the fault of having a previous version or WordPress (or other CMS).

    My client – sadly – is still with HostPapa. After 34 calls to HostPapa over a two month period they finally put me in touch with someone who would listen to me. HostPapa ended up changing something on their end but never mentioned what it was. But after they made that change my client was unable to upload images.

    Few more calls to HostPapa and the image upload issue was solved – but then a few weeks later he was hacked again.

    I’ve been pushing and pushing my client to move away from HostPapa and on to Dreamhost – who actually responded to a Tweet I mentioned them in and offered to help move my client over if he’d like.

    If you’re looking for a good host outside the US (other than HostPapa) I’d say go with anyone. Write the names down and toss a dart at it. Even if you end up with some shady guy running a server from his home you’re probably safer than HostPapa.

    Otherwise… if a US company is okay I highly recommend Dreamhost. Maybe someone else can chime in for a great non-US hosting company.

    Good luck!

     

    • Leave a comment

    Read comments

     



    Please do not submit your comment more than once. It will appear once it has been approved.