Sites get hacked all the time. When it happens it's a disaster. You need to do two things quickly: 1. Get the site back up and running. 2. Determine how the hacker got in and block the entry point.
If you need files to be restored you need the assistance of the server admin and fast. If you need to determine access points your need the assistance of the server admin.
Ok, with 1 & 1 you can forget that. The technical support is in India. They work off a screen. You could teach a 6 year old to prattle what they read. The server admin is in Germany. Not quite sure what he is doing.
To cut a long story short in July we had a hack attack. I reviewed the log files and I could see that the FTP ID used came from a former coder based in Eastern Europe. Thing is the moment we cut him loose we changed all passwords, deleted his FTP ID and made sure there were no loose ends.
Ok, according to the log files (and they are plain enough to see) he got in through his old and deleted FTP ID on the 1&1 servers.
The fact that it took more than a week to restore the deleted files is a subject we shall address later, mainly because the very memory of the tense and extremely angry hours (yep hours!) I spent on the phone listening to the Indian Tech support team read off a screen bring back the kind of ire that starts small wars, so for now I am cooling off.
The more interesting question is how the hack attack happened in the first place. 1&1 like to cover their ass. The first thing they ask you to do is forward the log files which chart who logged on your server and how, to their legal department. They do nothing that you can see to speed anything up.
Then their Tech team waits and waits and eventually you get back a canned reply (yep, they are HUGE on them) about how server security is your responsibility and you have a security breach in your company because someone used the master account to log in.
That in itself would be a serious allegation and one a worried, stressed out customer is not likely to appreciate even if it were true. You notice here I said the coder was based in Eastern Europe (which I let them know about) which means remote access only, therefore no access to any paperwork or physical contact with our PCs, no way to compromise our security and no Trojans either as we scan our PCs daily.
It went back and forth as few times, each time with me detailing what I just said in no uncertain terms (I have stopped trying to be professional with this outfit).
The reply comes back just yesterday (quality work takes time!):
I do not believe that your account was compromised through a security
flaw in our systems. I have already escalated a case to the
administrators in Germany and they replied that this user attempted to
login and failed. Maintaining your security is your responsibility, it
is our company policy that if you get hacked by something you did you
have to deal with it. I monitor the log files of the shared hosting
accounts on occasion, but dealing with this is your responsibility.
--
Sincerely,
Michael Lazin
Customer Compliance Operative
1&1 Internet Inc.
Yep! Exactly. Obviously Michael also decided to not bother being professional with me - no 'Dear Customer,' No niceties and no canned reply, which is probably why he could not be professional.
So you see he says that his counterpart in Germany tells him the FTP ID in question attempted to login and failed. I have to deal with the hacker. Ok, that's what I am doing but the point is on our end we did everything humanly possible to make sure that nothing like this happened. We changed master account passwords (the coder never had them in the first place), we changed FTP details, we deleted his FTP ID we did, everything in short, except what we should have done and did after we got hacked which was change hosting provider.
If the 'hole' in our defences had been through scripts we were implementing in our dynamic websites those holes would still remain in the new hosting service. We are monitoring it and they are not there.
It was Sherlock Holmes who said that after you discount the impossible whatever remains however improbable must be true. Ok, incredibly enough using this deduction we reach the conclusion that one and one are crap!
No, seriously now, the only thing that was required to guarantee the security of our site was a change in hosting providers. We have been dealing with sites and site security for about seven years so we know a few things so Michael's assurance that he occasionally checks the log files is good enough for us to speed up our efforts in transferring the few remaining sites we have with 1&1 off them!
Wednesday, August 29, 2007
Friday, August 17, 2007
1&1 - tips to dealing with them
Ok, I know it's been more than 48 hours and I get a response from the Billing Department and this time there is a name and contact details:
Thank you for your email.
Just to confirm that the invoice for the domain name XXXX.com has
been cancelled.
If you have any further questions do not hesitate to contact us.
Kind regards
Faraz Zia
Billing Department
1&1 Internet Ltd.
Handy Billing tips - Here are a few additional tips that may help you
with your 1and1 experience.
FREQUENTLY ASKED QUESTIONS - Always check our F.A.Q ( faq.1and1.co.uk)
section of our website before contacting us. This could save you time.
CONFIRMATION OF TERMINATION - If canceling an item or contract please
ensure you receive confirmation your feature was cancelled, the
confirmation will be sent within 10 days of your request. If you do not
receive any form of confirmation please contact our support team. Your
feature may still be live and being charged.
CANCELLING DOMAINS- If you cancel/transfer all domains out of your
contract always ensure you cancel the contract also. The contract can
still be used even without a domain and so charges will still be
applied.
AUTO RENEW - Remember, to take the hassle out of running your account
1and1 automatically renew the domains/features unless you have informed
us in advance via the online tool.
We hope these additional tips have helped.
Registered at Cardiff, Company number 3953678 - VAT No GB 752539027
Aquasulis House, 10-14 Bath Road, Slough, Berkshire, SL1 3SA, United
Kingdom
You can also contact us via phone at 0870 24 11 247
from 9am till 5pm Monday to Friday.
You notice the handy, 'helpful' tips in dealing with 1&1 which help with my "1and1 experience". I think they are brilliant!
Here are mine: FREQUENTLY ASKED QUESTIONS - these were put together by imbeciles who knew they would not be expected to do more than impress pre-schoolers in the under 3s age group. They state the obviosu are often out of date and do nothingmore than frustrate the customer.
CONFIRMATION OF TERMINATION - Apply this to the entire company if possible. 1and1 do not deserve to be in business.
CANCELLING DOMAINS - Cancel all domains you have with them and start transferring your wesbites to a hosting company that really knows how to treat its customers.
AUTO RENEW - NEVER EVER Auto renew anything with them!!!!
Better still never even go near them, so if you are reading this and are a client, bad luck, I sympathise and I am weaning my sites off them. If you are thinking of becoming a client of theirs, DON'T!!!!
Thank you for your email.
Just to confirm that the invoice for the domain name XXXX.com has
been cancelled.
If you have any further questions do not hesitate to contact us.
Kind regards
Faraz Zia
Billing Department
1&1 Internet Ltd.
Handy Billing tips - Here are a few additional tips that may help you
with your 1and1 experience.
FREQUENTLY ASKED QUESTIONS - Always check our F.A.Q ( faq.1and1.co.uk)
section of our website before contacting us. This could save you time.
CONFIRMATION OF TERMINATION - If canceling an item or contract please
ensure you receive confirmation your feature was cancelled, the
confirmation will be sent within 10 days of your request. If you do not
receive any form of confirmation please contact our support team. Your
feature may still be live and being charged.
CANCELLING DOMAINS- If you cancel/transfer all domains out of your
contract always ensure you cancel the contract also. The contract can
still be used even without a domain and so charges will still be
applied.
AUTO RENEW - Remember, to take the hassle out of running your account
1and1 automatically renew the domains/features unless you have informed
us in advance via the online tool.
We hope these additional tips have helped.
Registered at Cardiff, Company number 3953678 - VAT No GB 752539027
Aquasulis House, 10-14 Bath Road, Slough, Berkshire, SL1 3SA, United
Kingdom
You can also contact us via phone at 0870 24 11 247
from 9am till 5pm Monday to Friday.
You notice the handy, 'helpful' tips in dealing with 1&1 which help with my "1and1 experience". I think they are brilliant!
Here are mine: FREQUENTLY ASKED QUESTIONS - these were put together by imbeciles who knew they would not be expected to do more than impress pre-schoolers in the under 3s age group. They state the obviosu are often out of date and do nothingmore than frustrate the customer.
CONFIRMATION OF TERMINATION - Apply this to the entire company if possible. 1and1 do not deserve to be in business.
CANCELLING DOMAINS - Cancel all domains you have with them and start transferring your wesbites to a hosting company that really knows how to treat its customers.
AUTO RENEW - NEVER EVER Auto renew anything with them!!!!
Better still never even go near them, so if you are reading this and are a client, bad luck, I sympathise and I am weaning my sites off them. If you are thinking of becoming a client of theirs, DON'T!!!!
Wednesday, August 15, 2007
1&1 gets progressively worse
When you have a hosting company you expect it to do a few things right even if it cuts back on technical support (by the response time I guess they are high school students or part timers) and outsources its customer handling staff to India (where they work off a screen).
This leaves billing. After all it's your money and they have access to it in terms of charging you and if this goes wrong then what the hell are they doing?
A month ago I moved a domain from 1&1 changing registrar. So imagine my surprise when I get an email almost a month later with an invoice attached with their usual non-sensical parrot-speak (because, let's face it, the only conclusion I can logically draw is that they have all had group lobotomies at a cut-rate place) which passes for customer service at 1&1.
Dear [Customer],
Please find attached your invoice dated 12.08.2007.
The invoice appears as an electronic pdf document:
This pdf invoice can be read with Acrobat Reader. If you don't have this, it can be downloaded, free of charge, from the Adobe web site at:
http://www.adobe.com/products/acrobat/readstep2.html
Just double-click on the appropriate file to retrieve your invoice and produce a hardcopy.
If you have any billing questions, please contact the 1&1 billing department by following the URL below:
https://admin.1and1.co.uk
Here you will be prompted to enter your domain name and password in order to log on to your protected configuration area. Then simply select your contract and click 'Help & Contact', and the billing team will then deal with your enquiry as quickly as possible. It's that simple!
Please note that 1&1 does not charge for sub-domains.
These are listed only for customer convenience.
Kind regards
1&1 Billing Team
www.1and1.co.uk
P.S.:
If you chose to order 1&1's free software bundle with your 1&1 package, the shipping costs will be debited from your credit card, together with the amount due for your 1&1 package. Both amounts will be shown as a total transaction on your credit card statement. You will receive the invoice for the shipping costs with the software.
Notice the "1&1 Billing Team" moniker they are using a sign of one of two things (or maybe in their case both) that they are trained chimps and unable to use names, or that each email sent out is the laborious, collective work of the entire 1&1 Billing Department which means that they are all held accountable for mistakes or maybe none of them is because no one is sure who pressed the 'send mail' button exactly (the old Firing Squad trick).
I was so incessed by yet another 1&1 cock up to what is fast becoming a catalogue, rather than a list of errors and mishandlings (it does fill this Blog space nicely at least), I spent, yet again, my time firing up an email to them:
Hi. You just sent me invoice 7254XXX5 where you detail proposed charges for the next twelve months in advance for domain name www.XXXXX.XX which has been transferred to another registrar for over a month now and for which (seeing how you get paid in advance) you need to issue a credit note. Why is it that EVERY TIME I deal with you I discover ingrained institutionalised incompetence on an epic scale?
I do not expect to see a charge made for this domain. If a charge is levied I will take this matter up way beyond the next level of response because I am so fed up dealing with your incompetense. What exactly does it take to attain even a rudimentary level of customer service? Your complaints email address is a joke as no emails get acknowledged and NONE get answered and your billing has become ridiculous as it seems to reside in a land divorced from internet activities and any connection with what goes on in your clients' control panels and the company's database.
Acknowledge the amount you have refunded. Plus the fact that no charge will be made for this domain.
David
As you probabluy guess three days later and no reply. No charge either and I keep on checking because if one is made I am going to go to my lawyer as well as the banking ombudsman.
On the 15th I sent them this message:
Hi. On the 12th August 2007 - That's three working days ago, I sent you a very precise message regarding invoice 7254XXX5 which, in true customers-can-go-to-hell 1&1 style, has gone unacknowledged and unanswered.
Is there any point at all to anyone using these contact boxes to contact you? Are you really so overworked that you cannot answer or even acknowledge (beyond the autoresponder with its 24-48 hour message) emails? Or is it simply a case of such gross incompetence that your general behaviour and treatment of your customer base is going to create a new low in services which, in due course, will be one of the attributed causes to the demise of your company?
I would really be interested to know.
David
Ok, now all I need to do is hold my breath and face certain death by asphyxiation while they answer.
There's more with them.
I will keep you posted.
David
This leaves billing. After all it's your money and they have access to it in terms of charging you and if this goes wrong then what the hell are they doing?
A month ago I moved a domain from 1&1 changing registrar. So imagine my surprise when I get an email almost a month later with an invoice attached with their usual non-sensical parrot-speak (because, let's face it, the only conclusion I can logically draw is that they have all had group lobotomies at a cut-rate place) which passes for customer service at 1&1.
Dear [Customer],
Please find attached your invoice dated 12.08.2007.
The invoice appears as an electronic pdf document:
This pdf invoice can be read with Acrobat Reader. If you don't have this, it can be downloaded, free of charge, from the Adobe web site at:
http://www.adobe.com/products/acrobat/readstep2.html
Just double-click on the appropriate file to retrieve your invoice and produce a hardcopy.
If you have any billing questions, please contact the 1&1 billing department by following the URL below:
https://admin.1and1.co.uk
Here you will be prompted to enter your domain name and password in order to log on to your protected configuration area. Then simply select your contract and click 'Help & Contact', and the billing team will then deal with your enquiry as quickly as possible. It's that simple!
Please note that 1&1 does not charge for sub-domains.
These are listed only for customer convenience.
Kind regards
1&1 Billing Team
www.1and1.co.uk
P.S.:
If you chose to order 1&1's free software bundle with your 1&1 package, the shipping costs will be debited from your credit card, together with the amount due for your 1&1 package. Both amounts will be shown as a total transaction on your credit card statement. You will receive the invoice for the shipping costs with the software.
Notice the "1&1 Billing Team" moniker they are using a sign of one of two things (or maybe in their case both) that they are trained chimps and unable to use names, or that each email sent out is the laborious, collective work of the entire 1&1 Billing Department which means that they are all held accountable for mistakes or maybe none of them is because no one is sure who pressed the 'send mail' button exactly (the old Firing Squad trick).
I was so incessed by yet another 1&1 cock up to what is fast becoming a catalogue, rather than a list of errors and mishandlings (it does fill this Blog space nicely at least), I spent, yet again, my time firing up an email to them:
Hi. You just sent me invoice 7254XXX5 where you detail proposed charges for the next twelve months in advance for domain name www.XXXXX.XX which has been transferred to another registrar for over a month now and for which (seeing how you get paid in advance) you need to issue a credit note. Why is it that EVERY TIME I deal with you I discover ingrained institutionalised incompetence on an epic scale?
I do not expect to see a charge made for this domain. If a charge is levied I will take this matter up way beyond the next level of response because I am so fed up dealing with your incompetense. What exactly does it take to attain even a rudimentary level of customer service? Your complaints email address is a joke as no emails get acknowledged and NONE get answered and your billing has become ridiculous as it seems to reside in a land divorced from internet activities and any connection with what goes on in your clients' control panels and the company's database.
Acknowledge the amount you have refunded. Plus the fact that no charge will be made for this domain.
David
As you probabluy guess three days later and no reply. No charge either and I keep on checking because if one is made I am going to go to my lawyer as well as the banking ombudsman.
On the 15th I sent them this message:
Hi. On the 12th August 2007 - That's three working days ago, I sent you a very precise message regarding invoice 7254XXX5 which, in true customers-can-go-to-hell 1&1 style, has gone unacknowledged and unanswered.
Is there any point at all to anyone using these contact boxes to contact you? Are you really so overworked that you cannot answer or even acknowledge (beyond the autoresponder with its 24-48 hour message) emails? Or is it simply a case of such gross incompetence that your general behaviour and treatment of your customer base is going to create a new low in services which, in due course, will be one of the attributed causes to the demise of your company?
I would really be interested to know.
David
Ok, now all I need to do is hold my breath and face certain death by asphyxiation while they answer.
There's more with them.
I will keep you posted.
David
Thursday, August 9, 2007
Leave your sense at home if you are dealing with one and one
Ok,
The message just came back (please note the time difference).
Yes, I understand but what I am trying to say the recipient email
address does not exist.
If you are getting a bounce back message please forward it to us for
further investigation.
If you have any further questions please do not hesitate to contact us.
--
Sincerely,
Socrates Rallos
Technical Support
1&1 Internet
Great! I never mentioned a 'bounce back' and the email address and passwords appear active and functioning on the 1&1 control panel (why do they have it if it doesn't work?).
Useless!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
The message just came back (please note the time difference).
Yes, I understand but what I am trying to say the recipient email
address does not exist.
If you are getting a bounce back message please forward it to us for
further investigation.
If you have any further questions please do not hesitate to contact us.
--
Sincerely,
Socrates Rallos
Technical Support
1&1 Internet
Great! I never mentioned a 'bounce back' and the email address and passwords appear active and functioning on the 1&1 control panel (why do they have it if it doesn't work?).
Useless!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1&1 email service sucks
Problems with the service never stop. We are in the process of actually transferring 60+ sites from their servers. No easy task, especially with the sites being live,the clients trading from them, relying on the email service etc etc etc.
The easiest solution by far (we rather naively thought) is to repoint the sites to the new hosting, take the content across, reset the email addresses when the DNS updates and then transfer them.
Easy. Right?
Wrong.
After waiting for more than a week for two sites to update we got tired of it, decided to move on to transferring a couple of others and because the clients needed their email we repointed the sites back to 1&1 servers by choosing THE ONLY option on their control panel which says 1 & 1 servers.
You think that's simple. But no. The email addresses prompty failed with a 550 return message which translates to 'user not found'. We checked the email addresses (they exist), we chedked the passwords to access them (they matched).
So an email was fired off to the ridiculous customer service of an internet hosting company that deserves to go out of business:
Hi. On package XXXXX8 I have the domain rXXXXXXXe.com which I
have tried to repoint since Saturday night. Although repointing of DNS
servers takes a few hours at the most with the incredibly efficient
ultra-fast, customer-friendly service of 1 & 1 it takes the better part
of a week if you are lucky. Because the client could no longer wait I
reversed the domain (for now) back to the 1&1 servers. Trying to email
the client we receive a 550 5.1.1. error message (user unknown).
> The email addresses still exist and the passwords match and the
control panel at no time has indicated a DNS or an MX change.
> Can you please check to see WHY we are getting this message and it'd
better not be a canned response. The whole idea of using the 1&1 control
panel is that it is responsive and this IS NOT the case at the moment.
> David
I know the tone is a little frustrated but dealing with them was nightmare. Frustration doe snot even begin to describe how you feel after having had one problem with them, never mind a series of them.
In case you thought I was doing them an injustice in the content of my message here comes the reply like 10 minutes later by some employee who thinks he is being fantastically efficient by sending me this reply:
Thank you for contacting us.
With the error mesage you receive, " 550 5.1.1. error message (user
unknown).", you need to ask the recipient as this message indicates that
the email address is non existent.
If you have any further questions please do not hesitate to contact us.
--
Sincerely,
Socrates Rallos
Technical Support
1&1 Internet
This guy's namesake was a philosopher. It could be true in this case, and Socrates is too busy pondering existential dilemmas to actually spend TWO minutes to read the entire text of my message (then again maybe he did and I am doing him an injustice - the problem might be he just could not understand it).
So I fired back:
Socrates,
Did you ACTUALLY read my question? Did you UNDERSTAND the information I spent MY VALUABLE time typing in there? I have access to the control panel. The email address exists and a password check proves it matches. So how about actually ANSWERING what I asked in a way that makes sense? Or do you just want to prove me right when I say you guys are useless?
David
For the reply you have to wait because this is happening in real time and I am waiting too!
The easiest solution by far (we rather naively thought) is to repoint the sites to the new hosting, take the content across, reset the email addresses when the DNS updates and then transfer them.
Easy. Right?
Wrong.
After waiting for more than a week for two sites to update we got tired of it, decided to move on to transferring a couple of others and because the clients needed their email we repointed the sites back to 1&1 servers by choosing THE ONLY option on their control panel which says 1 & 1 servers.
You think that's simple. But no. The email addresses prompty failed with a 550 return message which translates to 'user not found'. We checked the email addresses (they exist), we chedked the passwords to access them (they matched).
So an email was fired off to the ridiculous customer service of an internet hosting company that deserves to go out of business:
Hi. On package XXXXX8 I have the domain rXXXXXXXe.com which I
have tried to repoint since Saturday night. Although repointing of DNS
servers takes a few hours at the most with the incredibly efficient
ultra-fast, customer-friendly service of 1 & 1 it takes the better part
of a week if you are lucky. Because the client could no longer wait I
reversed the domain (for now) back to the 1&1 servers. Trying to email
the client we receive a 550 5.1.1. error message (user unknown).
> The email addresses still exist and the passwords match and the
control panel at no time has indicated a DNS or an MX change.
> Can you please check to see WHY we are getting this message and it'd
better not be a canned response. The whole idea of using the 1&1 control
panel is that it is responsive and this IS NOT the case at the moment.
> David
I know the tone is a little frustrated but dealing with them was nightmare. Frustration doe snot even begin to describe how you feel after having had one problem with them, never mind a series of them.
In case you thought I was doing them an injustice in the content of my message here comes the reply like 10 minutes later by some employee who thinks he is being fantastically efficient by sending me this reply:
Thank you for contacting us.
With the error mesage you receive, " 550 5.1.1. error message (user
unknown).", you need to ask the recipient as this message indicates that
the email address is non existent.
If you have any further questions please do not hesitate to contact us.
--
Sincerely,
Socrates Rallos
Technical Support
1&1 Internet
This guy's namesake was a philosopher. It could be true in this case, and Socrates is too busy pondering existential dilemmas to actually spend TWO minutes to read the entire text of my message (then again maybe he did and I am doing him an injustice - the problem might be he just could not understand it).
So I fired back:
Socrates,
Did you ACTUALLY read my question? Did you UNDERSTAND the information I spent MY VALUABLE time typing in there? I have access to the control panel. The email address exists and a password check proves it matches. So how about actually ANSWERING what I asked in a way that makes sense? Or do you just want to prove me right when I say you guys are useless?
David
For the reply you have to wait because this is happening in real time and I am waiting too!
Subscribe to:
Posts (Atom)
