Bad Support Indeed

[LibertyDean]

Hello all! We have had our domain (resaleworld.com) hosted with HostGator for years now - at least 4 years I believe. This past month or so, has been just terrible! I guess everyone is familiar with the "upgrades" that were done recently. I'm not sure how badly everyone else was impacted, but for us...

- we had no emails for 24+ hours
- many mission-critical libraries (PEAR, OpenSSL, etc.) were not installed when we were "upgraded" - this leading to many of our PHP-driven pages as well as our shopping cart to no longer function
- our databases (for forums AND our store) were restored (without our permission) to a date that caused us to lose 48 hours worth of data! During the days that followed, they then re-restored our database AGAIN, causing us to lose a week's worth of data!

This morning, we were (to say the least) stunned when we found our account had been suspended due to "abuse." From the ticket created by HostGator, is was clear that something malicious had been executed server-side. After some "troubleshooting" (I use that term VERY loosely), we took a look at our cgi-bin directory. Well, it looks like there are a bunch of new CGI scripts in there - particularly cgiemail. Where'd those come from? Yup, you guessed correctly - HostGator. These files were added on 2/8/2007. They are available also via the CPanel in the CGI Scrips section.

When I asked if these scripts were current (and not the vulnerable kind that can be exploited), they simply said "change your password and delete those immediately." Ummm, does anyone else find this a bit, well, difficult to swallow? For some reason, HostGator quickly glazed over the fact that these scripts were installed by them! While it is easy for us to delete them, why did HostGator A) install (potentially) vulnerable scripts, B) suspend our account for this (leading to a half business day of down-time) and C) order us to remedy this?

Has anyone else found this problem recently? The problem not only with CGI scripts, but with their (lack of) support?

Oh, one more thing...whilst being escalate to someone who could handle one of our issues (last month), one of their techs transferred me to an adult phone line!!! Yes, they actually did that!!! Good thing we record ALL phone calls, of which I will be physically mailing to their Sales/Corporate offices.

Anxious to see if I'm the only one in the Twilight Zone,

Dean

[GatorBrent]

Hi Dean,


I reviewed your ticket and as stated in there a few times your site was spamming because of the following scripts that were insecure that you or your staff uploaded not hostgator.

" Hello,

The files located there are standard files included on every site on a cpanel server.

We see that you have several PHP scripts.

Two of which are very vulnerable to injection spam attack:

dlmail.php: mail($recipient, $subject, $content, "From: $email\r\nReply-To: $email\r\nX-Mailer: DT_formmail");
emailtest.php:if (mail($to, $subject, $body)) {"




Assuming you had those two scripts up with us for years you were lucky they were not spammed through earlier. Please let me know if you have any questions regarding this. thanks!