A random customer service story

This morning, I decided I was going to write a post about shared hosting and the dangers involved in ceding control of much of your stack to hosting companies that may be very clueless when it comes to security, particularly a lot of me-too Nigerian shared hosting providers. That was 10 hours ago. Between that time and now, Whogohost has succeeded in making the post about them. Fine by me.

So here’s what happened. My friend @FatherMerry woke up to this email from a security firm.

52c3e2df-c0dd-495a-9623-52d40d4732bd.jpeg1600×685 114 KB

We checked, and saw the files. In mindless haste, he deleted the folder without backing it up first. Which was not a problem, besides the fact that we didn’t get to see what the phishing website was all about. He replied the security firm to thank them for pointing this out and expressed genuine worry about how his hosting account got hacked in the first place.

Now this is where I would blame Ope a bit. He was using the default password he got after opening the account. Granted, it wasn’t “administrator” or “password”, but it was still an unchanged default nonetheless.

Still reeling from the fact that his account was compromised, we decided to go through the files on it and see which ones were updated recently. We ended up uncovering more folders, including one in the root called x.php. Curious, we checked to see what it was from the browser and whoa:

818555e1-ef73-43ca-98b2-b00015eb9517.jpeg1600×1000 328 KB

I’m not an expert in being a victim to these things but this appeared like after compromising the account, they dropped a file that essentially became their own cPanel to the account, for easy upload and manipulation in the future even if passwords get changed. I don’t know but the capabilities of this one little file appear to be fueled by an exploit of cPanel or some other software on the hosting company’s end. Of course we deleted the file as well.

Being a good samaritan that he is, Ope decided to report the situation to Whogohost support because you know, they might want to check to be sure this is an isolated exploit and haven’t due to inaction, compromised accounts of other customers. Then the clock started ticking…

9 hours later, he was greeted with this:

06d6868d-f059-4f13-8b47-925b6cf8ef11.jpeg1130×756 245 KB

Notice how this all reads without any form of empathy. Oh, and then he has to what? Purchase something called SiteLock? Then to crown it all, the threat to suspend his account. It’s almost as though they were the ones that uncovered the situation, except that the ones who really did and were directly affected by the attacks that followed were polite and reasonable about it.

Thoughts?

Lol. Do people still use Nigerian Hosting companies?

Like seriously , how do they sleep at night?

So annoying, they didn’t even take any responsibility

the Funniest part was the “Administrative Actions will be taken on the account” threat
i once had an issue with this same whogohost…their customer Care are clueless about so many things including how to respond to questions and the appropriate answer to give …it took the CEO’s intervention to get an appropriate response from them… then, @t.obaniyi came and did some PR job on the radar thread couple with some advertisement…

…i really don’t believe in Nigeria Hosting Companies…i always have this feeling of someone in the company is not doing his/her job right,most of these Hosting Companies are too profit conscious…instead of a good service delivery first.

The only possible explanation is that @FatherMerry password was compromised (somehow). The fact that the hosting company have no interest whatsoever in the particulars of the attack or the possibility that other servers under their control may have been effected is not a new case scenario.

Thank God the offending file has been removed, password changed, and no damage to speak of.

Although web hosting companies in Nigeria are improving in their quality of service and reliability, they are not there yet when it comes to Customer Service.

This is largely due to poor infrastructure, poor human capital and ILLITERACY.

I’m so fond of investigating my server cause I once found a Phishing Site on mine hosted in California, USA. Turned out someone installed a script on my laptop to get my user access to all my accounts.

[quote=“kelz, post:2, topic:5198”]Do people still use Nigerian Hosting companies?
[/quote]
This is not cool @kel; with the winning Startups in the Nigerian Tech Industry, I believe one of this Nigerian Hossting companies will make us proud.
Maybe they want a new player to come kick-their ass.

just like how Smile 4G ana Spectranet Kicked Swiftng’s Big Red Ass

…until then

Thank you for this post @xolubi. I will like to apologise for the lack of empathy in the mail we sent to Ope. That was not intended. We will definitely work on improving our communication as we definitely care about our customers and their business.

That said, sites getting hacked is not a Nigerian-host problem. It is a global issue. Some hosting companies would actually suspend your site first and then contact you to secure your site. There has been a serious increase in number of sites getting hacked and compromised. In most cases, the owner of the site won’t even know as the hacker simply includes phishing content to scam unsuspecting site visitors. In many of these cases, the hacks are due to outdated applications or insecure passwords, which grants the hacker initial access and then he gets even more access to do more damage. This is why we wrote a comprehensive checklist here on how clients can stay safe.

What most people will not realize is that hosting providers like ourselves are given a tight leash by our data centers when issues like this happen, and given a very short time to resolve the matter or risk the server getting suspended. This is the reason we insist that clients secure their sites and advise us on the measures they took to secure their sites to avoid a repeat of the matter. I also checked further and noticed that we contacted him about this matter in the thread in question. This explains why he was told to secure his site to avoid administrative action.

We will work on improving the tone of our messages, but it is important that clients understand that they need to take relevant action to secure their sites. Please understand that this is not a Nigerian phenomenon and we are definitely not clueless.

I will like to apologise to anyone who may have been hit the wrong way by our responses to these matters. We will work on improving the communication.

Thanks

And the CEO/PR Officer is back again…

Hello @O_niran,

I am sorry if our customer care team fail in some instances. We however work hard to give our customers the best of support. We are not “too profit conscious” as you stated, and we invest heavily in giving our customers the best support. However, like in even the best organisations, things don’t always go according to plan. I can assure you that we are dedicated to giving the best and we have sacrificed a lot to ensure this. While there may be some sad instances where we have not met some of our clients’ expectations, I believe there are even more instances where we have done even more.

Hope this has not changed your opinion of us

This is not PR. If you read through my comment, you will notice that we have taken some feedback and we will definitely work on improving our communication. I also explained that the situation was not clearly stated as the client in question was sent that mail as a response to the phishing complaint we got. That however does not excuse the manner of communicating this fact, and I apologize for that.

We are all learning and getting better. I however want to assure you this has nothing to do with the fact that we are Nigerian hosts as we are as dedicated, even more so, than many of our counterparts out there, in giving the very best. We are getting better and will get even better.

We have invested heavily in securing and monitoring our servers. I can assure you this is not a case of our servers being compromised. However, our communication showed that we do not care about the client and that is far from the truth. I apologise for that and we will definitely make amends.

Most cases of compromise are from the application level. You may read our post here to understand how most clients get compromised and how they can stay safe.

Wow. This is a very insightful statement from a Nigerian.

Its okay. However, you have also decided to take responsibility for the post I ended up not writing… which was supposed to be the general pitfalls of using shared hosting - especially when all one is doing is comparing pricing and gunning for the cheapest. Truth be told, if I had been asked for recommendations on Nigerian shared hosting providers this time yesterday, I’d have readily directed whoever to Whogohost or Gigalayer. Simply because I would assume from the little I know about you two, there is a drive for excellence.

Also, you may want to be humble about it but you know a bulk of the other Nigerian players in the space really don’t know what they are doing.

You guys need to fix your security issues…been a victim of this before.

Secure WhoGoHost! Not everyone wants SiteLock

I have never had the security issues I have had with WhoGoHost on Syskay or Gigalayer… Nothing is more annoying than being asked to pay for SiteLock, clients don’t get it when told the hosting company cannot protect their sites so they have to pay extra.

This hack that creates a cpanel has happened to me before and I was shocked.

I should have written a blog post on Whogohost security, sitelock etc. but still chilling hoping they improve… I will if they don’t as well as move to Gigalayer.

Whogohost has a great customer care service and I guess that’s what’s keeping people…really amazing team.

Shared hosting should be limited in stuff you can do and its not cool that a Cpanel can be created by a hack

You miss the point @segebee. Every serious hosting company, like Whogohost, has invested heavily in securing and monitoring their servers. However, compromises like this are usually from the application level or the client’s passwords being compromised, which no hosting company can protect you from.

Whogohost servers are secure and have not been compromised. Sites however get compromised from time to time due to several vulnerabilities, including outdated scripts, weak password, amongst others. Please read this article to learn how to remain safe.

SiteLock is an innovative solution sold by hosting companies around the world because it helps to keep clients even safer. It is not in itself not a complete solution as clients still need to keep their sites safe.

Whether you use shared or dedicated hosting, if you have a vulnerability that can be taken advantage of, you become a victim. If you use WordPress, you are especially more vulnerable. Keep your scripts secure, your passwords strong and your backups safe. That is the best way to stay safe.

I suppose this wasn’t because your password was knowingly compromised by you. Or did you share it anywhere? In Ope’s case, he doesn’t even know the password… as he simply starred the email and goes to search and copy it anytime he needs it. If Whogohost is hinging all of this on a password compromise, then there’s two possibilities

1. Ope’s email was hacked
2. Somehow whogohost was hacked and they happen to be storing passwords in plaintext somewhere.

@t.obaniyi In this particular case, the victim’s hosting account only holds flat files. There was no wordpress or magento installation or anything else to exploit. However, a simple search for “cpanel exploits” reveals tons of results. Completely absolving yourself and making it the victim’s fault without investigation essentially says no lessons will be learned and this will happen again.

We do regular security audits of all our servers and just completed a recent one, assuring us that our servers are solid. We have taken serious measures to harden our servers. cPanel vulnerabilities in the wild affect outdated cPanel. Also, all our admins are all use 2FA to further protect their logins.

The more likely possibilities of the compromise are

1. His email was compromised
2. His device contains a malware
3. His client area password was compromised

Most people assume that if their site is hacked, it is the host’s fault. This is the reason we posted steps users should take to stay safe. However, we will run another security audit of all our servers.