« Canon 50mm f/1.8 | Main | Dreamhost Revisited »

December 27, 2005

Avoid 1&1 Internet Like the Plague!

So, here's a little story that is very important to anyone who is currently hosting with 1&1 Internet or has planned to host their site with 1&1 Internet. Probably a year and a half ago, a company called 1&1 Internet, who does indeed host a large number of sites in Europe, decided to launch of big U.S. operation. As part of it, they launched a marketing spree which included a front page ad in WIRED Magazine. Promised by this ad as a way of getting their name out there was 3 years—completely free—of their "pro" level shared hosting accounts. Figuring I had nothing to lose with three free years of hosting, I signed up. This blog has been hosted with 1&1 since that day, and is still hosted with 1&1 today. It will not be hosted with 1&1 for much longer if I can allocate the funds to move in the near future, however. There are three major problems with 1&1 's services of which any potential customer needs to be aware: 1. The administrative interface is ungodly slow and terribly obtuse. Getting anything done regarding your accounts (and hosted sites) requires a great deal of waiting because their backend servers are either overworked or underpowered. On top of this, the organization of options is so poorly designed that you spend even more time waiting because you have to continually click around to different areas in hopes of finding a very basic setting. 2. The servers are very unreliable. My guess is that this comes from 1&1 trying to lock down RAM and CPU usage on their shared servers. Whatever causes it, it is unacceptably common for a 500 error to pop up when you're using CGI or PHP. If you intend to host nothing but plain HTML files, you might be alright, but most of us expect hosting companies supporting CGI and PHP to successfully run CGI and PHP scripts. Generally speaking, I can't delete more than 5 comments at a time through the Movable Type interface without the server barfing. As many of us who have taken the time to contact 1&1 about persistent 500 errors can attest, they don't know what's causing them any more than we do. 3. Their administrative and support staff don't have a clue. I've asked two very simple questions of 1&1 over the years, each time getting a completely worthless and off-base answer that didn't address the topic at hand. But the piece de resistance for this point comes from an email received from their staff today, claiming my web space has been hacked. Two major issues (and one oversimplification, but that's minor) stand out. Here's the line 1&1's "Customer Compliance Operative" claims indicates that my site has been hacked: > access.log.46.gz: - - [19/Nov/2005:10:02:36 -0500] "POST /xmlrpc.php HTTP/1.1" 404 1997 If you're HTTP log literate, you'll notice two things that are rather obvious, despite the completely bizarre ordering of the log entry fields. The same two things I did. A: The date. This supposed hacking occurred 46 log rotations ago, and more than a month ago, and they're only just now, on December 27th, letting the affected customer know about it? That's a month and 8 days. That is *completely* unacceptable. If I had customer data stored on that server, God only knows how many nefarious hands it could be in. Who knows, if I was doing credit card processing for orders, how many people could have been ripped off. Who knows how much malware could have been placed on my web site to replace the clean software I myself produce. B: The status code. See that familiar "404" over at the right side of the log entry? That means that their web server returned an HTTP status code of 404, informing the requesting user *that the file didn't exist*. Regardless of how many security holes were in the PEAR XML-RPC library, it can't affect your system if it's not there in the first place. And if the server's returning a 404, the file ain't there. If you want to host your sites with a company that (a) won't be timely in informing you about security breaches and (b) doesn't have a clue even when they belatedly do, then I highly recommend 1&1 Internet. If, on the other hand, you expect your hosting company to be timely in letting you know about issues with your account, and have *someone* on staff with a modicum of technological prowess, look elsewhere. If you're in the budget market, Cornerhost and Dreamhost both are popular. I myself have had nothing but excellent experiences with Dreamhost. Not only do they know their stuff, but they're very good about keeping you in the loop about what's going on with your server and the company as a whole. If you're in 1&1 hell, check out Dreamhost, give it a whirl... This link will give me referral credit, which I'd be much obliged to receive. Even if you don't use me as a referral, do yourself a favor and check it out. They're twice as nice at half the price... Dreamhost charges $7.95 for what 1&1 will be charging you nearly $15 for.

Posted by Colin at December 27, 2005 3:23 PM

Trackback Pings

TrackBack URL for this entry:


Post a comment

Remember Me?

(you may use HTML tags for style)