Transferring hacked ecommerce site from ************

R

rbytbs

New member
I was hired by my company to oversee the completion of their ecommerce site. The owner had hired IXWebhost to build and host the site, but could not get them to finish the job. For the following months my entire job was comprised of getting the run around with IX and wrestling with their staff to complete it.

Not three months since getting it done we got hacked. They blamed us for not knowing that our shopping cart software was outdated, which left us vulnerable. I was originally told they were upgrading it for us, but they reneged on that and left the upgrade incomplete without letting us know. When I called for an update I was told they would do nothing more until we paid for the upgrade. A week passed while this went on.

On Monday I authorized the fee, and yet they have still not even begun. Now they tell me they could not do the work because they did not have our password. That information was in fact included in the same ticket several days before they asked for it. It is just another excuse to put us off. We have been down for two weeks solid.

I have two questions. I am not knowledgeable in web hosting. What do I look for in a host to determine quality of service?

Second, do I need to wait for IX to restore our site before I can transfer it elsewhere? I have ftp access but do not want to move corrupted code and do not know if it will work on other hosts having been built with outdated software.

Advice warmly welcomed. Thank you.
 
Welcome to Hosting Discussion, rbytbs.

Just read the same thread elsewhere. So you were hired to oversee the completion of your company's ecommerce site, but were not aware having an outdated version left your site vulnerable? There's more to this story than meets the eye. Please verify the site you have hosted with them to the mods here by clicking on Report Post.

You don't have to wait to transfer your site elsewhere, but if you've paid IX to restore your data, I'd give them time to restore the data first. Why risk transferring the same issue to a new provider?

What do you look for in a host to determine quality of service? Any number of factors including the length of time they've been in business.
 
I was not aware that it was outdated. I was hired on this year. Apparently the host was first commissioned back in 2009. I did not have anything to do with the service plan selection or site construction. My job was to communicate with them in order to understand what was preventing them from completing the work.

I have maintained my own websites through other hosts and have never experienced a vulnerability such as this due to outdated software. If the software did not automatically update then there was always an automated notification that an update was due.

We paid them on Monday and they still have not done any work toward restoring us. At this point I would just as soon cancel it altogether and quit wasting time and money on them.
 
rbytbs said:
We paid them on Monday and they still have not done any work toward restoring us.
Click to expand...

so you paid them to restore your site on Monday, as i guess you were expecting them to drop whatever that were doing to restore your site.

How do you know they may be busy with other clients and placed your job on their to do list and willget to it when they have allocated enough time to do this.

i know to restore a site is not just a five minute job. i had a client the other week sign up with me and asked if i could restore his site for him onto my server.
i did not know at the time his site had a large database. it took me 6 hrs to backup this site from his old server and then 3 hrs to have this backup uploaded onto my server and then another 8 hrs to restore the site.

just contact the host in a pleasant maner and ask for an update
 
What an angry bunch we have here. I am dealing with a large, professional company. I can assure you, having come from a history of customer service myself, I have been exceedingly polite and understanding with them. But this has gone beyond understanding. They have known for more than two weeks now that we were down and urgently needed to be restored. It took me a week just to extract the information that they were going to charge us (contradicting what I was previously informed). It took them another week just to ask for our password.

They provided me with the timeline that the project would be completed by today. Yet they waited until today to request the password and abandoned the deadline entirely because they claimed not to have it. Worst of all, I had provided them that information several days prior.

There is no justification for this level of unprofessionality from a company of their magnitude.
 
That is the problem with large hosting companies. They accept so many clients and at the end can't cope up with customer support. I suggest you look for a web hosting company that put their clients above anything else.
 
easyhostmedia said:
so you paid them to restore your site on Monday, as i guess you were expecting them to drop whatever that were doing to restore your site.

How do you know they may be busy with other clients and placed your job on their to do list and willget to it when they have allocated enough time to do this.
Click to expand...

I do not agree with this position, as it certainly not an excuse not to at least keep the client in the loop. The company has provided a timeline to the client by when the upgrade will be completed. It wasn't done. Simple as that, someone dropped the ball.
 
Artashes said:
I do not agree with this position, as it certainly not an excuse not to at least keep the client in the loop. The company has provided a timeline to the client by when the upgrade will be completed. It wasn't done. Simple as that, someone dropped the ball.
Click to expand...

i was slightly tired when i read and wrote my comment. i have just reread this again and it looks like why the timeline passed was

they requested the password and abandoned the deadline entirely because they claimed not to have it
Click to expand...

they mnay have already got the password, but rather than them looki up this in other tickets or at the start of what i would think is a long ticket they requested this again to make it easier and quicker for them, but the OP seemed to refused this request as they already had the password.

so i would say the problem was 50/50 and not all that of the host.
 
Artashes said:
Simple as that, someone dropped the ball.
Click to expand...
In this case, both the OP and ************ dropped the ball (assuming this review has been verified). I do know that IX used to assign a dedicated rep to each client. Was that the case here? On the surface, the OP's problems with IX seem genuine, and he needs to find a provider that will work with him. One sided reviews always raise red flags for me, though - even if they're completely accurate.

@rbytbs - Angry? Not hardly, just trying to keep an open mind. I emphasize with your frustration. If you haven't found a new provider yet, I'd recommend explaining in detail the problems you've encountered with IX and get agreement from them (to your satisfaction) that they'll expedite getting your site back online. Good luck
 
I certainly did not drop the ball, that is altogether hilarious. Thanks for the laugh. :) I have been spending my entire work day every day for two weeks trying to get progress or at least an update from them. Granted, I don't live at the office but I am here every day with nothing else to do while we are down (except apologize to our customers).

OP seemed to refused this request as they already had the password.
Click to expand...

Another assumption. You guys evidently run hosting services and are biased against the customer. Customers can indeed be notoriously unreasonable, but that does not invalidate every customer by default, nor excuse unreasonable service providers. You need to remember that. The customer is not always right. The host is not either.

If they had properly read the ticket they would have been aware that they had received the password information. This is why I was pleading with them to acknowledge receipt of my communications. And when they requested the information a second time I naturally provided it; what on earth would I have to gain by doing otherwise? I have already waited far too long to restore my service to give them more excuse to delay.

Thank you to Umbee and Hartashes for your input and support.
 
rbytbs said:
I certainly did not drop the ball, that is altogether hilarious. Thanks for the laugh. :) I have been spending my entire work day every day for two weeks trying to get progress or at least an update from them. Granted, I don't live at the office but I am here every day with nothing else to do while we are down (except apologize to our customers).



Another assumption. You guys evidently run hosting services and are biased against the customer. Customers can indeed be notoriously unreasonable, but that does not invalidate every customer by default, nor excuse unreasonable service providers. You need to remember that. The customer is not always right. The host is not either.

If they had properly read the ticket they would have been aware that they had received the password information. This is why I was pleading with them to acknowledge receipt of my communications. And when they requested the information a second time I naturally provided it; what on earth would I have to gain by doing otherwise? I have already waited far too long to restore my service to give them more excuse to delay.

Thank you to Umbee and Hartashes for your input and support.
Click to expand...

i run a hosting company and it a customer asks for help via ticket i will give them this support and if that means asking for login details i will ask for these and the client usually gives me these, so i sort the problem . if the client then asked for support later on in another ticket or even on the same ticket i will always ask foir their login details even if these were given at the beginning of this ticket which may be long or if these werre given in another ticket as this is the quickest way to sort this rather than me having to search through a long ticket or open another browser window to search other tickets for this information. you stated

Now they tell me they could not do the work because they did not have our password. That information was in fact included in the same ticket several days before they asked for it.
Click to expand...

how long is the ticket in them few days, most hosts will ask for this info again as i said earlier it is the quickest way to get things sorted. rather than search a long ticket trying to find this info and they may find this, but you have changed your password as some clients do
 
rbytbs, do you think you can post or PM me the URL of the site that you are working on, in order for us to verify the validity of your case/review.
 
I have to say that i wouldn't bother moving a hacked site to a new provider unless you'd agreed this with them and they where going to help you clean it up/ or you where cleaning it up

you'd also need to update to the latest version of whatever script it is your using (it bet zen cart!)

joe
 
another script we will not allow on our server as its always been hacked is e107.

zen cart are better now than they were, but in agree that you should always update your scripts that you are using.
 
You must log in or register to reply here.

Supporters

Back
Top