Rant about my host service - Virtual Assistant Forums

JKVirtualOffice · #1 (**permalink**) 05-26-2008

So I got an email this morning from the owner of the web host company that I use and basically they decided to unilaterally change everyone's passwords and you had to log in to get the new password in order to get into your cpanel. From there you can change to something else that they deemed strong enough.

One of the reasons they claim they had to do this change was so that employees wouldn't have access to seeing your password as they've had some possible security breaches

So I got the new password, logged into my cpanel and changed it to something else, but then found that I could not get into the Site Builder to update my website. Both the cpanel and the Site Builder logins and passwords were the same and were set up by the host. I sent in a Help Ticket asking them to fix it and they sent back a response asking for my login and my password!

WHAT?? I thought the whole point was so that employees wouldn't have your password.

At first I protested and said no way, but the help person said they couldn't reset my site builder profile without that information. As of right now, I'm still waiting for them to reset it so that I can get into updating my web site.

This seems like a really poor set up and poor implementation. Tons of people are complaining about it on their forum.

Aargh. What a thing to deal with on a holiday weekend!

Tess · #2 (**permalink**) 05-26-2008

Oh the irony of this kind of situation never ceases to amaze me...it's so absurd it's almost laughable.
Sorry you have to deal with this kind of thing on a holiday - maybe it's an invitation from the universe to close up the computer for the night and relax instead?

VagabondetteVA · #3 (**permalink**) 05-27-2008

Who do you use? I switched to a new company and I love them. I've had to call them several times (because of my issues, not theirs) and I've always gotten a live, native english speaking, helpful person 24/7. It's also about 1/2 the price of what I was paying before and I can host unlimited websites through my account which means that I can potentially offer hosting services to my clients.

White Rose · #4 (**permalink**) 05-27-2008

I must have the same hosting service that you mentioned.

What bothered me is that they did not let us know ahead of time that this would happen. When I woke up and check few things on my client's blogs that needed to be corrected immediately, I quickly logged into my cpanel and what..... password was denied?? I didn't realize what was going on until I later checked my emails and found that letter you mentioned.

But, everything is back to normal now.

jeannedb · #5 (**permalink**) 05-27-2008

Okay - I think this explains the problems I'm having this morning. I wonder if I'm using the same company for one of my sites.

Prime Admin Solutions · #6 (**permalink**) 05-27-2008

They are having possible security breaches? So why are you still with them? It must be a bad week for web hosting companies. I had no access to email most of last Friday because of a server issue at my web hosting company. I switched web hosting companies that same day. The new company I'm using has their email servers mirrored, so if one goes down the other one picks up the slack and they have service 24-7. I could only get a live person at the other company during business hours in Edmonton (and I'm in Ontario). I am calling today to cancel the service. My new DNS has been populated so it's time to get rid of the old service.

When switching web hosting companies, always sign up with the new one and change your domain's DNS information and get your new site up and running on the new service before canceling your old service. That will avoid having your website down for any length of time. A previous employer of mine did that and had no web site for days. Just a tip.

jeannedb · #7 (**permalink**) 05-27-2008

Quote:

They are having possible security breaches? So why are you still with them?

If we're all talking about the same company, from the email I received, it doesn't really sound like a current security breach but instead an attempt to thwart possible breaches.

I've had a reseller and regular account with this company for several years and have had no problems with them and would have avoided confusion this morning if I read their email that came while I was out of town over the holiday.

This is the email I received with host name removed:

Quote:

Dear Jeanne Bolewitz,

We've recently done an audit of xxx's web hosting services and have found that many
of our customers have never changed their password since the inception of their accounts.

In an attempt to secure your hosting further we are updating our authentication
information for customers who have not recently changed their passwords with randomly
generated secure strings that meet our guidelines.

In order to obtain your new password please click the following link:

For ( xxx ) on ( xxx.com )

https://secure.xxx.com/password_reset/

You will need to fill in the email address, cpanel username, and the original cpanel
password to obtain your new password. If you are not sure of the original cpanel password,
or if you do not feel comfortable filling out the form, please contact us through live
chat.

How do you know this is from xxx?

1. We put your name in the email.
2. We have posted details regarding this change on our official xxx forums:
http://forums.xxx.com/showthread.php?t=xxxxxx
3. Mouse over the url and it is in fact https://secure.xxx.com
4. Try logging into your account and you will notice the password has been changed.

Why are we doing this now?

I myself understand what a huge inconvenience this is and I am extremely sorry for any
trouble it has caused. Here are my thoughts on why we are doing this huge security
update....

1. xxx has been in business since 2002 without ever requiring a password change.
That means it has been six years for many of our customers without ever changing a
password!

2. Things are a little different now then when I started xxx in my dorm room in
2002. Security is now a major aspect of running a web based business and regular password
changes is a step in the right direction to keep your accounts safe.

3. We are about to launch our new billing system. The new billing system we are close to
launching will never display the full password to anyone including myself!

*Please do not change your password back to what it was. We are trying to make sure we
are 100% secure as we migrate to our new billing system. I'm extremely sorry for this
inconvenience and thank you for understanding.
**This does not affect any resold account passwords or email passwords, only the
cpanel/ftp password was modified.

Sincerely,

xxx owner's full name

If when the company first started, employees did have access to account passwords and those employees are no longer employed there, then that is a security risk for those who have never changed their password. I did spend this morning using an online random password generator to change the passwords of all my accounts. And while I'm at it, I think I will use this time as a reminder to do the same for all of my banking/credit card accounts and then my online email accounts.

It's a pain, but it's something that should be done occasionally and today is as good a day as any.

White Rose · #8 (**permalink**) 05-27-2008

That's the exactly same email I received.

JKVirtualOffice · #9 (**permalink**) 05-27-2008

It looks like the three of us have the same web hosting company. I'm not so much peeved at having to change the password as much as I am about the way they chose to do it and then that it also affected my ability to get into updating my website through site studio and their only remedy was for me to give them my password.

jeannedb · #10 (**permalink**) 05-27-2008

Why is there a separate password for sitebuilder?