Forced password update!

[gwyneth]

Quote:

Originally Posted by GvilleRick

Yeah, I apologize. Didn't realize that the Profile added that from signup. I agree that it is not a good idea to have the main username in there.

I had no idea, either--as many times as we've told people that they're the only one who can see the details at the top left of their own posts, this is even worse.

Regentronique, thanks for the quick edit and the enlightenment!

[WildCelticRose]

To say that I'm not impressed would be a gross understatement:

trying to get a straight answer was not easy.

I'm not certain I want to do anything over a holiday weekend. I think I'll be holding off until this has gone on a while longer, and a reputable tech news source has something to say about it.

Oh, did I mention that I am NOT amused? No warning... no chance to do it ahead of time, just an email that looks like a phishing scam and my files held hostage.

No, I am not amused at all.

[chat removed]

[gwyneth]

Quote:

Originally Posted by WildCelticRose

This all looks just a bit too much like a phishing scam for my liking, and I'm not about to click on a link sent via email. Nope... NOT going to happen.

I'm going to wait a bit longer before filling out a form and giving out all my information.

The email might have looked like that, but the secure link in GatorBrent's instructions above obviously isn't phishing--and you're only giving HG the info it has anyway.

[regentronique]

Quote:

Originally Posted by gwyneth

Rick, I'd thought you were right. But regentronique clearly just looked at my profile to discover all that stuff.

Users: you can (and should) remove details with "Edit details" in the User CP of this forum. I just did.

regentronique--you were right. Now would you PLEASE edit your post to get rid of my stuff (even though it's old)? Thanks--I really think you could have proved your point by saying "looking up a user's profile" without being so specific.

This information is PUBLIC from what HostGator think of it, anyone can access it...

Totally unacceptable, but who cares?

I informed HostGator support of this 2 weeks ago...

I had to ask them to delete my own informations, because i was unable to do it myself at the time.

[rmcewan]

Quote:

Originally Posted by GatorBrent

We have become one of the largest hosting companies in the world and with that we can't expect to get away with how smaller hosting companies run.

Hi Brent,
I'm pretty sure IBM, HP, EMC, AOL, and even Amazon might have something to say about that. These companies all make hundreds of millions from hosting services, servers, applications, even entire IT infrastructures for multi-nationals. Sure, they might not host a million domains, but neither are they making less than $10/month average per domain.

You are fortunate that you are in fact smaller - not small, but smaller - and that you have a certain segment of the market that is more tolerant of situations like this. You'll survive this with some small percentage of lost customers, and will handle it much better next time.

Rob.
(probably still a customer)

[TNET]

Any particular reason why you would choose a three day holiday weekend to force this issue?

This is/was the first weekend I've had off since January.... Thanks!

These types of requests should be done during business days and sent out during business hours.

As for the password change itself... was no big deal. Verified where the email came from, followed the instructions... fixed.

BTW, I use strong passwords to begin with.

[BrianH]

Thanks for the info Brent.

Maybe it's just me, but I'm still a bit confused.

When you say that ModernBill allowed access to a username/pw list, do you mean that ModernBill allowed access to a cpanel username/pw list, and only a cpanel username/pw list?

In other words, would it be equally possible that someone could have gotten their hands on a ModernBill username/pw list?

I would appreciate some assurance that my billing information is not at risk as part of all of this.

By the way, I appreciate HG taking the step of changing all of our cpanel passwords (although I sympathize with others for whom the process of getting a new cpanel pw was not as smooth as mine). I know of at least one other account holder who will not get the email until next monday or tuesday. If HG left the pw's unchanged and asked us to change them, that would have left this other user's account exposed for the next few days. So I say "thank you."

[Sam]

Quote:

Originally Posted by rmcewan

I'm pretty sure IBM, HP, EMC, AOL, and even Amazon might have something to say about that...

^^ They're not HOSTING companies

[golddave]

I admittedly did not read the whole thread but I have a question regarding changing my password. When I try to change it in CPanel I get an error saying that I can't change it because the password is based on a dictionary word. While it is based on a dictionary word it includes a number/letter substitution. Everywhere else I have tried to use this method of changing a dictionary word it has been accepted. So why not here? And if I can't use a password based on a dictionary word than how am I supposed to remember it?

While I'm complaining about this let me add my 2 cents on the way this was handled. Wouldn't it have been smarter to send an email asking me to change my password by a certain date or risk having it changed automatically been a smarter way than just automatically changing everyone's password? I understand the security risks here and the liability issues but you took a tough situation and made it even tougher by adding a burden to every one of the people who pay your bills.

[rmcewan]

Quote:

Originally Posted by Sam

^^ They're not HOSTING companies

Yes pal, they are. They all offer hosting services. No, not their core business - but they all make millions from hosting systems and applications for other companies.

Try typing any of those names + "hosting services" into your fave search engine.

[gwyneth]

Quote:

Originally Posted by golddave

And if I can't use a password based on a dictionary word than how am I supposed to remember it?

You're not supposed to be able to remember it (at least easily). That might sound flip, but it's not--something that's easy to remember would be easy to crack.

Perhaps the letters remaining in the rejected password form another word?

The concept of "secure" means as close to random a selection as possible.

[ice203]

My.. my... some folks just aren't too happy apparently. I personally do not mind the password change. It was a bit inconvenient... yes.. but certainly better than the chance that something DID happen. People anymore expect to be "instantly gratified" to a point which is rediculous. Ok.. so.. it took a moment to get thing sorted out and log back into my account. I tried several times in a row and it didn't work. I called HG and was told about the change of many passwords and to check my email for details. There was not an email.. so I went to Live Chat. After giving the verifying information they needed... I got my password. It was over. The entire process took less than 30 minutes. Not exactly what I was looking for at the time.. but.. hey is a half an hour really gonna kill me? I think not! Just a small inconvenience is all.

It actually is a good thing that HG did something. I would rather them do this than just sit there and let someone keep my info with them.. and then not tell me at all. If I were hacked.. I would be back up and running in minutes from backup.. no problem.... so that's not the issue. Fact is.. they saw a problem.. and they did what they had to do. Period.

Let's not forget... sure.. we pay them money for our accounts.. but.. our accounts are on THEIR machines. They can do as they see fit as administrators. Even with one account compromised, it can be a threat to everyone on that machine to get whacked as well. If HG had to do this to not only protect it's customers.. but.. ah.. possibly protect themselves too???... then.. I completely understand it.

Sure.. it could have been done a bit better. And.. sure.. it was sudden. Sometimes it needs to be that way. I'm rather positive that nobody will be locked out of their accounts permenantly.. so.. geez... it 's not as big of a deal as it's being made out to be. A few minutes.. an hour.. maybe more? Get a grip!!!!

Brent... I would say to you though, you might want to rehearse all of this in your mind. Perhaps from this, you can figure out a better way of "containment" from disgruntled employees. For example: The first wind that anyone got from that one employee you mentioned that was going to "do some damage"... should have been the moment that the biggest fella in the building was escorting that "prick" out to the parking lot and away from his system. These people are dealing with sensitive information and hints anything like this one said should be dealt with so that something bad could never happen. I see from your post that you've learned from the remote employees. I would think... that even if only one thing happened out of the examples you gave should have prompted a response from HG. Not all three.. plus the many you have not mentioned. Just something you might want to think about.

Point blank... they made an executive decision.. and that's that. It is better to ask for forgiveness... than beg for permission!!! Well done!

[galiel]

Brent,

We are supposed to be grateful that we can't log on to our own servers or handle those of our clients?

I followed instructions YOU (supposedly you) gave me personally in a private message to fix the problem, and it didn't work! I am supposed to be grateful?

You do all this on a Friday afternoon before a 3-day weekend, and we are supposed be grateful - let alone impressed with your diligence?

I still do not have access to the accounts I am paying for and have to explain to clients why I can't create new email accounts for them or FTP files to their site - and I am supposed to be grateful and praise your candor?

FIX THE PROBLEM, stop blaming the customer for "not reading" your messages, and stop treating us like children.

FIX THE PROBLEM. I've been locked out of my accounts for a day and a half now, and I followed YOUR personal instructions, which only generated an error message.

What part of that am I supposed to be grateful for, exactly?

FIX THE PROBLEM. Stop blaming the victim.

[WildCelticRose]

NOW, I can't get into my cpanel at all.

My website is still up and running (for now) by I get a time out error if I try to go back into cpanel after doing the password thing.

Oh, and I'm on a "live chat" where I am not getting any help. (actually, I'm not certain that the person on the other end hasn't gone to dinner, to the bathroom or home.

I really don't want to have to change hosts, but if this is the way it's going to be, I'll suck it up and do it.

[WildCelticRose]

So they can't help me on live chat, I have to email in.

They think my IP address might have suddenly been blocked.

I am NOT amused that this BS hit on a holiday weekend and now I'm locked even further out of my files than I was before this NO NOTICE forced password change.

I guess I'll be shopping for a new hosting provider, this is unacceptable on more levels than I could possibly express.

[galiel]

Note that there are ZERO Gators online right now in this forum.

[WildCelticRose]

Why does that not surprise me?

I left my previous host due to poor tech support (none at night or on weekends) and too much downtime.

I didn't think I could possibly find a worse host, but apparently I have

[snarl]

[galiel]

The most worrisome thing is that this is so different from the great support and attention I have received for years from HostGator. It is almost like a completely different company invaded their bodies - including Brent's - within the past 48 hours. And they are now flailing about blaming the customers for all of this, while still not fixing the problems. Unbelievable.

[WildCelticRose]

I move my site here in March and don't have anything else to base an opinion on.

There just aren't words; although disregard for the customer, poor customer service, badly handled and unprofessional to come to mind.

The other words floating around in my head are not appropriate for a public forum.

What do they care? They have my money.

[WildCelticRose]

I'm on the phone with tech support and am getting more pissed off by the minute...

[WildCelticRose]

Well, I can see that I shouldn't bother with the forum. "eaten by a gator" very cute, very helpful

NOT

[galiel]

Since I have been a vocal critic of this whole mess, I thought it only fair to post that my login problems have FINALLY been fixed by a great live chat tech named Matthew L.

This only after a MAJOR public client of mine had their site go down tonight, and I could not access their account to see what was going on.

Getting them to look at that and fix it finally budged things and I got my new password (which, for the client server, is actually less secure than the one I was using for them, but whatever - I'm going to change all of the "improved" passwords for all of my accoutns anyway as I do not trust HostGator with my info any more.

[windy]

Odd. I am one for which if it can go wrong it will and I had no problems getting the created password on the page referenced in the email. That password worked perfect to log me into my cpanels and change my password to something I could remember.
You might take note that the email the message came to may not be the email you need to type into the page to get your new password.
The email attached to your cpanel may not be the email attached to your billing. Since all you use is your user name and password, perhaps you forgot what email you attached to your cpanel. My billing email and my cpanel email are different. If I presented the get your new password page with my billing email that the message came to I would get an error. The instructions clearly told me to use the email associated with the cpanel. I did. It worked perfect.
So if you're still having a problem getting your new password, try and remember what email you associated with your cpanel. Use that one and the cpanel password. If it worked for me, I can't believe it won't work for you.
You might also wish to change the password in your email program for obtaining your domain's main email which is usually tied to your cpanel password. If not, you'll get an error when you attempt to get your mail.
Street lights turn off when I walk by. Sometimes they turn off when I drive by. Things have to go smoother for you ...
gayle

[artwebster]

Damned if you do and damned if you don't,
Whatever Hostgator did in these circumstances there would have been a high level of moaning from customers.
Why?
Because THAT IS WHAT CUSTOMERS DO!
For myself, I have been reminded that I don't manage my pass words very well and that I should take more care. When I am able to log in with my new password (I am assuming current lack of access is simply due to major traffic chaos) the only thing that will have changed - is my password.
I hope.

[shuriway]

Quote:

Originally Posted by WildCelticRose

NOW, I can't get into my cpanel at all.

My website is still up and running (for now) by I get a time out error if I try to go back into cpanel after doing the password thing.

Same problem here. Can't login to my cpanel.