Please advise - is Dathorn fair with me? - Knowledgebase

Portal Home > Knowledgebase > Articles Database > Please advise - is Dathorn fair with me?

Please advise - is Dathorn fair with me?

Posted by mihai, 06-07-2005, 04:29 PM
Hi, my last message here was about 2 or 3 years ago when I was searching for a reseller account. I was recomended dathorn and everything was fine untill last nighr when one of my phpbb message boards(I run about 5 big sites plus few small traffic ones) got hacked for second time during last 3 years. My problem come that Dathorn decided that they put a page that account is suspended for non p[ayment. The site was 1 st ranked on search engines and market leader in his niche. Altough the problem was from the phpbb board they put all domain suspended and now I must keep it down untill i move to a new host thus making huge damage both to my profits and my site trust. I consider they should helped me in this situation not making me much problems considering and asking me to move that domain from them . Also no damage is made to them as they get automatically warned if anything like this happen. I think this is also a warning for each of their customers that at 2nd problem you will need to move even you are an old customer with them I woudl really apreciate some opionions on this especially from some other hosting companies. ModEdit: Hosting request are not allowed Last edited by The3bl; 06-07-2005 at 04:46 PM.
Posted by assuredhost.com, 06-07-2005, 04:46 PM
There are already a few discussions going on on this same topic of suggesting a new reseller host. As the phpbb is most vulnerable, and almost each and every week a new exploit is released, you should have patched them as soon as any exploit is released. Or you can consider the por the forum to any popular proprietary forum software. Best wishes for the best reseller host you find.
Posted by phpcoder, 06-07-2005, 04:48 PM
Hi, While I am not familiar with Dathorns policies that they have in place I would imagine the underlying reason for suspending your account is to ensure server stability and server security (unless you did forget to pay your bills ). By doing so, they are looking out for the majority of their clients on the server as they are liable. Either way, situations like this differentiate each web host as some companies handle situations poorly, strictly, good, lenient, etc. I wish you the best of luck in your quest for a new web host!
Posted by mihai, 06-07-2005, 04:53 PM
I have been for about 3 years with them and only 2 problems so far and never payment problems. Is this a regular isue that hosting companies all do it?
Posted by phpcoder, 06-07-2005, 04:58 PM
Good, but remember it only takes 1 problem/hack to compromise a server. Each company handles security/spam/etc in a different way. For instance we have found many insecure versions of phpBB installed on our servers and after numerous warnings they were still not upgraded and/or patched. A few boards were exploited because of this so in our eyes to protect our customers some type of action had to be taken. With that said, we developed a script used to search for insecure phpBB installations, notify them, disable them, etc. Security is a priority!
Posted by assuredhost.com, 06-07-2005, 05:03 PM
I compltely agree and want to just rephrase it a bit ( I hope phpcoder will not mind ) Security is a priority! and it to makes clients more secure.
Posted by phpcoder, 06-07-2005, 05:11 PM
Of course I don't mind as it's the truth!
Posted by demostorm, 06-07-2005, 06:56 PM
I agree with the others that security is vital. There is no doubt that Dathorn has the right to suspend the account but I also agree with you that if the issue was not payment then that notice ought not to have been used. It hurts your credibility much more. Only you and Dathorn know whether payment was an issue.
Posted by mihai, 06-07-2005, 07:15 PM
it was their default suspended page a message to contact billing or support but you know what visitors undertstand all my other websites are up so is clear not the payment isue Thanks everyone for the inputs
Posted by ldcdc, 06-07-2005, 07:56 PM
True, your visitors might get the wrong idea, but it's not like Dathorn stated publically that your site is suspended for non payment (or even that you did anything wrong for that matter). You'll have your own opportunity to dispell any myths by posting a message on your site and explain what happened. I'm really sorry to meet a compatriot in such an unfortunate situation. Maybe, as you said, Dathorn could have tried a more lenient approach and tried to work with you in an attempt to find a more reasonable solution, especially since you were a good paying long time customer. However, judging by your statements, IMO, it cannot be stated that Dathorn was out of line. They were simply applying their policies.
Posted by Dathorn-Andrew, 06-08-2005, 01:31 AM
It's a standard WHM suspended page that is the same on all systemsunless modified. Each reseller has access to modify theirs if they wish.
Posted by Website Rob, 06-08-2005, 03:02 AM
Andrew, your statement sounds like something a Politican would say. It is absolutely correct and tells us absolutely nothing. The TS gives the impression their account was Suspended by Dathorn which means the Suspended page is Dathorn's. As to the TS situation, what version of phpBB was being used? If the most current there is not much you could have done except to recode particular areas yourself, which most Clients cannot do. Which is also why most Clients use most pre-coded scripts to begin with. You also say your site must stay down until you move but no mention of whether you were told move because Dathorn will no longer host your sites(s). That would seem to be an odd situation to put a long-time Client in. Perhaps you violated the Dathorn TOS in some way or perhaps there is more to this story not yet provided?
Posted by Dathorn-Andrew, 06-08-2005, 06:11 AM
We suspended the domain but it still utilizes the reseller's suspended page. The domain was "suspended permanently" as this is the second time this exact issue occured on the account due to insecure scripts installed on it. The customer was warned after the first time that if this occured again this would be the result. We're not kicking the customer out entirely, but that one domain will not be placed back online. It was not the latest version of phpBB and was exploited using the admin_styles.php script as we've all probably seen numerous times before.
Posted by demostorm, 06-08-2005, 07:10 AM
As Dan stated the reference to support leaves you leeway to explain to your customers. I don't know what options you were given after the first breech. It would seem to me that on a phbb script it wouldn't be too extreme over a 3 year period for this to happen to you twice So if Dathorn made sugestions to you which you ignored or declined then I see them having no fault but if those options were not offerred and no assistance was given but - "one more strike and you are out" then you needed to find another host anyway. Again third parties have absolutely no way of knowing what happened..
Posted by mihai, 06-08-2005, 07:26 AM
I am not saying it is not partially my fault(altough it isn;t as i have a webguy who should have checked for security updates) What i want to say is that phpbb is a large comunity and even they can;t avoid all exploits If I am correct the version that dathorn have in cpanels so anyone can install is not always the latest update What i wanted to know is if most of other hosting sites would have done the same. I was very satisfied about their service but now i really believe they did it wrong.
Posted by Dathorn-Andrew, 06-08-2005, 11:53 AM
It can be a week or so delayed in getting to the latest version, but it has been at 2.0.15 for quite some time now. But you still have to upgrade your script using it and in cases like phpBB you must do this the moment they come out with a new version directly from the developers (www.phpbb.com) as has been exploited a countless number of times through various security holes. That's an inherent risk when you choose to run phpBB.
Posted by swflnetworks, 06-08-2005, 12:03 PM
mihai, Take this as a lesson to you, before you install any scripts, go to the makers web-page, and check to make sure it's up to date.. If not, then download the updated version from the official website instead of installing an out-of-date board from cpanel. I can see and read here that Dathorn did absolutely nothing wrong. They gave you prior warning, all it should have took you to do was to download the update from the website, backup the mysql on the old board, install the new version, and reinstate the backup. You chose not to, which got you here. If you can't depend on your "web-guy" to do it, then you need to learn to do it yourself, as your "web-guy" doesn't think your site is important enough for him to spend 30 minutes to do. All it takes is one time for your site to get comprimised from phpBB's old version, and all Dathorn's clients could be at risk. They protected their customers, which is perfectly within their right.
Posted by Website Rob, 06-08-2005, 04:44 PM
Whether or not another Hoster would have done the same (Suspended the account and told you to move it) is a subjective question. The answer depends on the Polices of the individual Hoster. Twice in 3 years is very low for anything but Dathorn was following up on previously mentioning to you that if it happened again, you would be asked to move that account. No time frame was given and from that point of view, they have done nothing wrong. Although it is true that every Client is responsible for what happens within their account(s), it is also true that each Hoster uses different setups and Security settings for their Servers. Hosters know, or should know, that some Clients will use scripts that are insecure -- some more than others -- and steps must be taken to secure a Server against those type scripts. phpBB is only one script that is known for its insecurities and there are known methods of securing a Server against 99% of the hacks available, for all scripts. I doubt if any Hoster will specifically mention the Security settings they have in place but when choosing your next Hoster, ask them if any Client has ever had a phpBB script hacked. Typically the Forum index page is replaced but access to the other parts of the Server is prevented. That is basic security. Good security will prevent even that from happening.
Posted by demostorm, 06-08-2005, 06:14 PM
I would venture to say that there are few reseller host servers that don't have one or more domains that are not up to date on their auto installed scripts so cut some slack. Mihai is not alone and from the comments made doesn't seemed versed enough to have chosen not to do anything just perhaps did not understand how or what to do. Theres a high possibility that there are other out of date phpBB installations at Dathorn but Mihai was unfortunate to have been the one hacked. This is a slippery slope to navigate because hosts abound that sing of the insecurities of PhBB but if you feel that way why offer it at all as an auto installation? Unless you put up a bold notice on your sales page that you don't want people who don't know about these things aren' t you bound to get these situations? So I don't think Dathorn is wrong for following their TOS but I don't think the client has to be castigated because they are a newbie which many reseller hosts accept with open arms. Not a good match and they should both embrace their mutual departure. SEEMS to have been a good client payment wise and didn't come on here guns blazing . Instead just asked if Dathorn was being fair. Sounds like alright people. Seems to be pretty good at building communities too. Can't all be tech people but we do have to take a particular amount of responsibility which I don't see them shirking either. Last edited by demostorm; 06-08-2005 at 06:17 PM.
Posted by mihai, 06-09-2005, 07:07 AM
Thanks everyone for the inputs. I think i will move up to Site5 from what i saw so far on different offers.
Posted by rouho, 06-11-2005, 11:09 AM
I had the same problem with phpbb and I understand why dathorn suspended the troubled accounts, however, I have to point out that phpbb was a script that you could install straight from the control panel! hence they should keep their versions up to date and when a new one is released or when a patch is released they should inform clients to upgrade. I suppose that the reason they have a library of scripts that you can install from the CP is because they are safe to use!!!!!!!!!!!!!!! I have been with dathorn for the last four years and i have been very happy with them. I have to admit though that threats like permanent suspension of the domain that came from Mr Andrew Thornton (dathorn) are not for me, particularly when I am explaining to them that I had installed the script from the control panel. Surely there will be other similar hosts out there that will RESPECT their CUSTOMERS!
Posted by Dathorn-Andrew, 06-11-2005, 11:15 AM
As I explained to you via e-mail, the script was fine when you installed it. It was the fact that you had not upgraded it from 2.0.4 afterwards when updates were released that is the problem. Each and every customer is responsible for maintaining their scripts. We even have a forum dedicated to this that long ago announced security problems with phpBB.
Posted by mihai, 06-13-2005, 08:39 PM
Thank you so much. I just checked if DNS propagation was made and surprise: Bandwidth Limit Exceeded The server is temporarily unable to service your request due to the site owner reaching his/her bandwidth limit. Please try again later. Thanks a lot. The fact you let your resellers change the suspended page message and you replace it at your will is really great. Now this is bad business. I understand you offer unsecure scripts to your not very knowledged user and knock them you but to alter the susped page where i was informing my visitors and put back a nonpayment one. WAW!!! You did it this time I am not trying to speak bad of your company that offer good service at very low costs(thank you here for the backup of my suspended domain) but as a long term customer i expekt a bit more consideration for me and my business. If everyone want to check the domain is www.pariurisportive.ro . The propagation should end soon but untill then my suspended domain exceeded the bandwith again
Posted by mihai, 06-13-2005, 08:50 PM
I got a prmompt answer!!! but i still don;t want understand why to have to submit a ticket if they already know about the problem to fix it: Your dis-#### account is a seperate account just used for WHM access. It is given 5MB of disk space and 5MB of bandwidth as an account, it exists for you to login to WHM. But this is where your suspended page resides as well, which is why the bandwidth limit is exceeded. We can correct this for you but you need to submit a ticket.
Posted by Dathorn-Andrew, 06-13-2005, 08:51 PM
You did not even wait for my full explanation in response to your e-mail before posting a flame on these boards. Your suspended page loads from the account that you use to login to WHM. We just create basic accounts for you to login to WHM with that have 5MB of disk space and 5MB of bandwidth. This covers most users and their suspended pages. In your case, it did not and that 5MB of bandwidth was exceeded, thus the reason for the page you are now seeing. In high traffic cases like this we recommend redirecting to an alternative location or wecan adjust these bandwidth values if you submit a support ticket.
Posted by mihai, 06-13-2005, 09:06 PM
I am not here to post flames about your company. I am here becouse you let me down. " In high traffic cases like this we recommend redirecting to an alternative location" You recomended me now that i find out about it. You told me to edit the suspended page in my WHM. You didn't told me that if few hunderead people will see it then it will be gone and bandwith exceed message will appear again, altough i mentioned the site has good traffic. The problem is however a matter of hours untill DNS change complete and this is probably my last post here about this matter. I don't like to wash the laundry in public but ..... Good luck with your business
Posted by Hamtramck Rick, 06-14-2005, 01:25 PM
Good luck to everyone concerned. One good thing came of this conversation: It motivated me to upgrade by version of phpbb.
Posted by gilmourrules, 06-18-2005, 09:41 AM
It amazes me how poeple want service CHEAP but expect dedicated server spec's etc.... Having been with Dathorn for over two years now, and only one melt down on Dathorn's side all has been fantastic. it was nothing serious and Andrew kept us updated If people would only READ and ask questions, the people at Dathorn will answer..... they won;t flower it up and use all kinds of marketing spin but you will get an answer More than fair IMO ...but people love to complain ... Mihai you could ask questions on Dathorn's forums etc..... Look ast windows.... you goot afor sure keep updating that piece of software...!!! Mihai do you run windows....... ???? Dathorn keep up the good work....!!!
Posted by net-trend, 06-18-2005, 01:07 PM
The thing most people do not realise when signing up for a hosting package is that the client themselves is very often liable for all content on the account, including the software running on it. The hosting company is NOT responsible for informing you to update your script. They could be responsible if you signed up for FULLY MANAGED hosting, but we know that isn't the case most of the time. I see no wrong in Dathorn's suspension of the account and I feel it's warranted, especially after a previous warning.
Posted by bhills, 06-22-2005, 01:55 AM
I am a dathorn customer. Myself and everyone else on a server expect it to be secure. If someone had an insecure script on my server, then I expect that account to be suspended immediately before it affects everyone else on the server. In fact, I would insist on it.
Posted by demostorm, 06-22-2005, 03:37 AM
And it amazes me that people won't take the time to read. Mihai did not come on here claiming she should get Dedicated server experience. Neither did she as net trend implied claim the script wasn't her responsibility. It isn' teven an issue of whether the site should have been taken offfline as Bhills suggests. She says it point blank for those who cared to ignore it The issue is not being taken offline its what happened after or could have happened. If Dathorn had ironed out a resolution for a long time customer then we wouldn't be here discussing it. period So since everyone wants to gang up on Mihai I'll be her (temporarry) advocate. Stop pretending that there aren't customers at every host that don't understand the necessity of upgrading scripts. Many of them believe that if the application had a history of security flaws the host wouldn't offer it. Stop pretending that hosts don't derive a signigificant amount of income from the kind of client that doesn't understand. Don't want their businesss? State openly in yoru sales copy that you are not newbie friendly . there are various ways of doing it. Stop pretending that if you offer and advertise Fantastico installed PHBB you have no part in the problem. PHBB is notorious for security issues and along those same lines stop pretending that it is unusual to have a phbb script hacked twice in three years. it isn't. Depends on the popularity of the forum dathorn is within their rights to adhere to their rules.and without a doubt the site should be taken down immediately. Fine. The client is within their rights to wonder given the longevity of their relationship why something could not have been worked out. (migrating to another forum script perhaps). Thats it . No need to gang up on the cleint
Posted by azfar800, 06-22-2005, 06:48 AM
yup, Dathorn are not newbie friendly at all. they sure have an attitude problem that is why i left them. why be with a company who really dont give a damn about you. dathorn would atleast have warned before putting the suspended page.
Posted by Goldwing, 06-22-2005, 07:45 AM
Sorry disagree here If the reason for the script becoming compromised was a new exploit on a current version then yes there is room for negotiating with a client over what has happened - however where the client has been warned before about keeping a script up to date and has failed to do so and is has subsequently put a shared server at risk by his/her actions then there is only one course of action left. Its not about pretending we don't all have newbies but about controlling the actions of these newbies, if they fail to be educated or simply do not listen I would do the same Dathorn The client has already admitted that they had a "web guy" who was supposed to monitor updates but didn't. Dathorn are not to blame and I fully respect their decision in trying to keep their servers clean. Not sure about you points on Fantastico, sure we provide that and it is up to the client to keep it updated that is part of the terms, we also provide email and ftp as part of a hosting package and we have to assume the client is capable of using these within the terms as well because they could also do damage there as well. azfar800 Depends on your perspective, by protecting their server they are "giving a damn" about their other clients. Overall this would appear to be about a client that failed to keep scripts up to date despite previous warnings so to answer the thread yes I would have done ( and have done) the exact same thing as Dathorn except I never even gave them the benefit of a suspended page.
Posted by v_login, 06-22-2005, 12:46 PM
It is the company policy and you must accept the facts. Move on man
Posted by demostorm, 06-25-2005, 11:46 PM
The only couse of action that protects a server is monitoring the existence of the PHBB script on the server. You can get one site hacked boot them to kingdom come and still have security liabilities because you have other installations still in existence on your server that just happened not to be hacked (yet). So no the idea that there is no option but to kick a customer to the curb that has two security lapses in three years on a suspect (and notoriously suspect script that you offered the client to begin with) is categorically false. As if to underscore that point we recently received communication for a plesk host we are using (being mostly Cpanel ourselves) that gives 30 days to remove all older PHBB instances on their servers or they will remove it themselves. They are not kicking any of their customers out. They are securing their servers by a full audit and if the customers wants to move if they find their forum gone after 30 days of inaction it will be their choice Again you are kidding yourself. Theres a sizable portion of the market that will never be on top of every new security update unless directly notified. Like it or not. Its the fact and this knee jerk reaction to her using the phrase "web guy" is essentially a monetary bias as there are executives and company presidents that have IT people who handle technical issues for them without and never planning on being web savvy. Every thread evolves. I've stated openly Dathorn hads a right to follow their procedure and that the thread starter had a responsibility (which if anyone reads they will see the thread starter was not denying) but recent responses to this thread turned to gettting all over the thread starter as if they are some kind of weird or way out anomaly. Can you say you have no old PHBB scirpts presently on your server? If you can it can only be because you've checked and If you've checked you could just as well have taken the approach that it has to be removed (not the client) as our Plesk host did. Dathhorn was in their rights under their TOS but the customer is not being unreasonable by wishing for another approach especially since there are hosts that would have handled it differently and withthe host we mentioned proactively handles it differently. if it exists in the market place the customer can reasonably wish for it but also must accept and move on (as she has) if the host doesn't wish to supply it. actually azfar800 was referring to his/her own experience with Dathorn and a quick search on WHT finds him not alone in that opinion. I think they have worked on this and it may be no longer true but they did have the reputation of being unfriendly to newbies and abrupt in their dealings with customers Last edited by demostorm; 06-25-2005 at 11:55 PM.
Posted by Goldwing, 06-26-2005, 10:37 AM
Actually don't think I am kidding myself. The "web guy" point was she claimed he was supposed to keep on top of updates but didn't therefore she was aware of the need to do such updates but did not herself ensure they were done despite previous issues. You are basing the points on PHPBB a well known vulnerable script ( or at least one with a history) but I was talking about the wider picture where a customer demands the ability to run server side scripts be it perl, PHP or ASP, they in the most part have very little knowledge about what they are doing and can open the server up to security risks. I don't think it is too much to ask for a customer to be responsible for the script they are installing on the server whether that be PHPBB or any other server side script as it is impossible for the host to carry out security analysis on each and every script, so in essence if the client wants the ability to run scripts then they have to also share in the responsibility for the security. If a client is approached and "warned" or given advice about the need to maintain such security and then fails to do so at a later date it is of great concern. There are hosts out there that do not allow clients to run server side scripts for this very reason. While I feel sorry for the customer as she has found herself caught in a bit of a mess, I do not know anything about Dathorn or their history with customers but given what I read here I felt they were well justified but do accept there is always two sides to a story.
Posted by demostorm, 06-26-2005, 11:25 AM
The "Web guy" thing wasn't directed particularly at you. It was mentioned several times by others as if something was wrong. I guess I look at it differently. Having an IT person actually indicates she did take precautions but they failed. TOTALLY agree with you in regard to scripts independently installed but with Fantastico the application is installed from the hosts side (files actually reside on the hosts server to begin with) and is advertised by the host. Thats where clients are going to have a natural belief that the application is secure and yes the fact that it was PHBB has alot to do with the issue. It has ongoing issues so there really is no huge shock there that one customer would get hacked twice in three years particularly if she has been good at building communites and attracted the hackers attention (really a shame when the hacker gets the demented pleasure of seeing the site offline for so long). So I understand where you are coming from and you are absolutely correct but the fact that it was PHBB and included in a hosting package installer makes the situation different at least to me. Either way both parties have moved on

Add to Favourites Print this Article