The great HostGator fiasco of 2008~HostGator ate my evening

~
WTF?

I spent my entire evening dealing with a BS problem that was caused by incompetence and downright contempt for the customer.

All I want from a gosh darn webhost is minimal downtime and some competent help if there is a problem. Otherwise, I’m happy with my basic little website, not asking much and being left the heck alone.

Short Version:

~HostGator changes every single one of their customer’s passwords on them and then sends them an email after the fact; No opportunity to handle it beforehand or ask questions, sites can’t be updated or worked on. Oh, and the asshats start this on the Friday night before a holiday weekend.

~We are ALL locked out of our web files (for some people they are losing big bucks every second they can’t work on their clients web pages)

~Host Gator sends out an email (attached below) that looks like a phishing scam and like something no legitimate business would do.

* the BEST part about the email? They screwed up their mail merge and got a bunch of people’s names WRONG, which really freaked them out

~Host Gator (when myself and several others log into online support though our regular channels not by clicking on the email) does confirm it’s legitimate (not professional but legitimate) but refuses to tell any of us what the parameters for a new password are (a lot of people trying had been failing)

~After doing a LOT of research and checking around, I click on an internal link within a hostgator forum and do the password switch. (which I am NOT happy about getting hit with after the fact)

~I’m successful.

~I log in can change my password to something that should meet their guidelines but works better for me and it works.

~Next time I try to log in, I can’t get to my Control Panel, I can’t get to my FTP. I’m locked out.

~”Live Chat” (where I sat for up to 10 minutes at a time with no response back to let me know the person “helping” me wasn’t in the bathroom wanking off, at dinner or gone for the day; I work for a company with excellent live chat service, I KNOW this sucked hard) could not help me. They told me to send an email.

~A couple hours, and increasing angry posts on the forum later, I call on the phone.

~was basically told that it was my fault, that I had done the password before I got the email or tried multiple times (bullcrap) NOT helpful.

~they did not know or understand my issue, but it finally resolved (after I wasted several hours of my life on this) when they reset the firewall.

~still no help on forums.

~one of their forum “staff” gave me MINUS 5,000 “reputation points” for expressing my discontent and stating that I was moving my hosting elsewhere as soon as I could get my files. I was red flagged and given the status of “eaten by a gator”

Very helpful and professional staff there… NOT

They did not do it to others who were more angry and said really harsh things, they just decided, “Screw her, she’s leaving anyway”

BAD Practices

BAD Communication

BAD Customer Service

HostGator SUCKS!!! (people who have been with them and loved them for years say that the last 48 hours does not even remotely resemble the company they thought they knew)

So the search is on. Asshats!

Here’s the email.

Serioulsy, this totally looked like phishing scam…



So this afternoon, as I’m getting ready to finally finish cleaing, I get what looks like a phishing scam; no person in their right mind should do something like this…

Dear Lisa Lawrence,

We've recently done an audit of HostGator's web hosting services and have found that many
of our customers have a weak password.

In an attempt to secure your hosting further we have changed all of our customers
passwords to a randomly generated password that meets our
guidelines.

In order to obtain your new password please click the following link:

For ( wildrose ) on ( gator205.hostgator.com )

https://secure.hostgator.com/password_reset/

You will need to fill in the email address, cpanel user name, and the original cpanel
password to obtain your new password. If you are not sure
of the original cpanel password, or if you do not feel comfortable filling out the form,
please contact us through live chat.


How do you know this is from HostGator?

1. We put your name in the email.
2. For more in depth detail regarding this change please see the HostGator forums at
http://forums.hostgator.com/showthread.php?t=33170
3. Mouse over the url and it is in fact https://secure.hostgator.com
4. Try logging into your account and you will notice the password has been
changed.

Why are we doing this now?

I myself understand what a huge inconvenience this is and I am extremely sorry for any
trouble it has caused. Here are my thoughts on why we are
doing this huge security update....

1. HostGator has been in business since 2002 without ever requiring a password change.
That means it has been six years for many of our
customers without ever changing a password!

2. Things are a little different now then when I started HostGator in my dorm room in
2002. We currently have over 150 employees working for us.
During a six year period we've had a lot of employees that have come and gone! Do you
feel secure knowing that they have once had access to your
password? I know I don't! Thus the reason we are forcing you to update!

3. We are about to launch our new billing system. The current system we use (modernbill)
displays your password for every employee in the company to
view. We have reached the size that no matter how trustworthy our employees are it's only
a matter of time before we hire the wrong person
that's going to attempt to do something evil. The new billing system we are close to
launching will never display the full password to anyone at
HostGator including myself!


*Please do not change your password back to what it was. Our current billing system
(modernbill) has been a major security risk allowing all of
our employees full access to your password. We are trying to make sure we are 100% secure
as we migrate to our new billing system. I'm extremely
sorry for this inconvenience and thank you for understanding.
**This does not affect any resold account passwords or email passwords, only the
cpanel/ftp password was modified.

Sincerely,

Brent Oxley

~L

Here are some of my favorite “tidbits” from the forums post on forced password change… (where they refuse to actually answer any questions)

The BEST one is a “live chat”

info: Welcome to HostGator Live Chat! You are now chatting with 'Cody S'
Cody S: Welcome to HostGator, how may I assist you?
max: What the Heck - no one has any business changing my passwords. If you have not changed over to modern bill yet - then what good would it do anyway? This is foolish - you have emailed me and told me you don't trust your employees with my password - that makes no sense - even if you don't have my password - you are domain admins - and can access anything - I'm an IT vetran for over 30 years - this is the silliest move I've ever seen. And now what
Cody S: I aplologize for the trouble. There is a forum post regarding this here: http://forums.hostgator.com/showthread.php?t=33170
max: don't need a forum and don't put me off on that - I'm a customer not a forum reader -please.
max: has modern bill been replaced yet?
Cody S: No it has not been replaced yet.
max: then what good is changing my password then?
max: r u there?
max: 12:03
Cody S: For those questions I would refer to the forum post from the owner of our company.
max: gIVE ME HIS EMAIL - i DON'T DO FORUMS. oTHERWISE i'LL START MIGRATING.
max: AND WHAT IS MY PASSWORD - I CAN'T GET IN?
max: 12:06
Cody S: You can email sales@hostgator.com with attention Brent in the subject line.
max: What is my password???
Cody S: What is your primary domain name?
max: buck55
max: .com
max: 12:07
Cody S: One moment please.
Cody S: What is the last 4 digits of your credit card number on file?
max: I don't know
Cody S: We would have to verify that to give you the password.
max: This is the biggest joke I've ever seen - it demonstrates they real company Gatorhost is - I'm blown away - and to think I trusted y'all. How can I log in to see whick credit card you have - I have about 10????
Cody S: You can login at https://secure.hostgator.com/billing
max: What security breach did y'all experience?
max: If you had one - you are legally bound to inform your customers.
Cody S: We did not have any security breach.
Cody S: The reasons it was done are explained in the forum post.
max: I don't believe that - your company would not just all the sudden do this - I read the email brent sent - it has no logic. First it says my password is not strong enough (Even Google say's it's Very Strong) then the email ends up admitting past employess have access and that the billing system you have not even replaced compromises security. There is a fishy smell to all this -
max: "We've recently done an audit of HostGator's web hosting services and have found that many of our customers have a weak password."
max: "During a six year period we've had a lot of employees that have come and gone! Do you feel secure knowing that they have once had access to your password? I know I don't! Thus the reason we are forcing you to update!"
max: "We are about to launch our new billing system. The current system we use (modernbill) displays your password for every employee in the company to view. We have reached the size that no matter how trustworthy our employees are it's only a matter of time before we hire the wrong person that's going to attempt to do something evil."
max: The last word "evil" is what bother me the most - this letter from Brent identifies You and all employess as potential "EVIL" - this is so not business like and I've never heard a company - this is scary stuff - sounds like Brent is up against something...
max: I suggest Brent get a lawyer before he sends out a letter like this and allow the lawyer clean it up - I hope you are not the "EVIL" person that Brent wrongly hired - you can see my password and you might be the employee Brent hired and per his letter - "the wrong person that's going to attempt to do something evil."
max: What a flippin joke this
max: is
max: 12:24
Cody S: I apologize for the trouble you have had. I am only here for basic support and have no control over this.
max: Got it - sounds like you need to look for a new job Cody - Brent may not trust you - I'd hate to work for someone that did not trust me!!!!!!!!!!! Good Luck. Please let Brent know - since I don't do forums - he is welcome to contact me - you have my account info therefore you have my email address. I have not intention sending a generic message to sales@... to Brent. I will be looking at my options. Thanks, Max max@picassomax.com
max: 12:27
Cody S: Ok I will pass along your comments.

People are pissed off.

Once you get past the first few posts on the forum, you’ll see how unresponsive they are.

Memorial Day weekend and I do not get along, never have.

Next year I am backpacking… alone.