* The Business of Software

A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

We're closed, folks!


» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)


Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

Majorly screwed by web host, need your thoughts

I'm a uISV with both shrink-wrap software and web services. I have a dedicated server--the most expensive plan at this particular web host.

This afternoon, right while I looking at my company site, it went completely offline. After making sure it was actually the server that was down and not an intermediate connection, I called my web host. The support guy said there was a problem with the server, and he said he would pass it on to the admins for them to open a ticket. I gave him an alternate email address (since the my mail server was on the same machine) but requested a phone call because of the urgency.

Minutes later I got an email saying that the server had been taken offline permanently.

Supposedly there had been a DDoS attack against the server, so they pulled the plug. They decided to make it permanent because they considered the site a security risk. End of story.

I called the manager of the dedicated server support team, and after trying to talk sense to him, he at least agreed to call other people at the host and see if I could at least get files off the server. He called back later to say that access would be granted for my IP block for the next few days. At the moment, I'm still not able to connect.

My site is quite active, and my customers use the web services heavily. Having the server offline is Very Bad. Of course I'm wishing that I had hot spares to which I could simply redirect, but I don't (don't have the budget for it right now). Who knew that my host would side with the attackers?

So I'm dead in the water. My paid customers and thousands of daily free users are out of luck. For several days, probably.

At this point, I'm looking for your thoughts about two things:

- Where can I go for (affordable) hosting that won't screw me over?

- What is my recourse against this web host? Clearly I'll have to go elsewhere, but I don't want them to just get away with this. This is a well-known company that is recommended almost every time someone asks about hosting on this forum.

In terms of hosting, this is what I need:
- Dedicated *unmanaged* server. I want the host to stay off the server completely, something the current host couldn't seem to do.
- Windows Server 2003
- Dual Xeon
- 2 GB RAM
- >= 73GB disk space, most preferably SCSI RAID 5
- >= 500GB/month bandwidth preferably 1000GB/month
- Solid connectivity from several upstream providers (of course)
- $400-$500/month if possible
- Competent defense against DDoS attacks
- A policy of fighting for the customer instead of just dumping the customer

Obviously there are many hosts out there, and everyone has a favorite. I need someone I can trust, however, and unfortuntately I can't spend enough to make them care about me for just monetary reasons.

Need a new home Send private email
Friday, May 05, 2006
I've heard some insanely enthusiastic stories about Rackspace customer service.  They aren't cheap but are supposed to be the best...
Oracle Consultant
Friday, May 05, 2006
You could try ev1 servers http://www.ev1servers.net/
I have 2 sites hosted on one of their Windows server and they have been quite reliable.
Friday, May 05, 2006
I have been using www.rackforce.com (Not rackspace) for our company site.

I can't tell you how great this place is. You might even want to look into their new VPS solution - a great buy for the money since they give you a 10 MB connection with no bandwidth charges.

I had a front page story on www.digg.com, and got over 60,000 hits within a few hours - including around 5000 downloads of my program. The connection did not even flinch.

When I do have problems, like if I install something that takes my server down - their support is right on it. Within minutes they will have someone working on the issue.

And for what its worth - I have nothing to do with this company (rackforce). I decided to try them out when I wanted to get away from hosting my own server.
Steve Wiseman Send private email
Friday, May 05, 2006
Are they definitely saying it was a DNS attack and that's why they took the server off line?

Why can't they just assign a new set of IP's or is it not that straightforward.

For $500 p/m I'd expect to be getting amazing service from my provider. It would be intersting to know who they are?
Neville Franks Send private email
Friday, May 05, 2006
If you want it unmanaged....isn't that pretty much the same as co-location?

If you're willing to pay $400 to $500, why not pick up a couple of Dell 850's loaded (3k each), and send them out for co-location?

I use a company called Networxhosting.com  Their co-location is good, very low priced, and a reliable connection.  I have 5 servers there no with no problems.  Course for all I know that could be the company you had issues with.
Friday, May 05, 2006
Oh please let us know who this company is.
Mark Hoffman Send private email
Friday, May 05, 2006
Thanks to Oracle Consultant, Joe, and Steve for your replies. I didn't mean to turn this into another recommend-a-web-host thread, however. I know most of the usual suspects in the hosting arena.

Mainly I'm asking for thoughts on how to cope with the situation from a broader perspective:

1. What to do about the current (soon to be former) host? They've wiped out my business for several days and cost me a great deal of money, not to mention damaging relationships with my users and customers. Should I sue them? Name names and reveal their treachery publicly? I don't really want to get involved in such ugly business, but I can't just let them off the hook, either. They need to answer for what they've done, and other people need to be warned.

2. What can I do to minimize the damage and prevent this from happening again? I just don't have oodles of money to throw at this problem (e.g., setting up redundant servers with different hosts). If I sign up with another host, what's to prevent this from happening again?

Here's another wrinkle: This is an unusual server. It doesn't just do plain vanilla HTTP. It performs various network services and creates a great deal of outgoing traffic to various addresses and ports. This is a legitimate business that has been around for years--nothing shady--but network admins tend to assume that anything other than the usual HTTP  and SMTP traffic is up to no good. The current host used this unusual traffic as a justification for permanent shutdown of the server. They preferred just to shoot first and ask questions never. Not once did they ask me about what the server was doing. (My previous web host of 7+ years asked about the traffic, I answered to their satisfaction, and they never bothered me about it again. Unfortunately their business model has changed, and I can't really go back to them.)

I should also reiterate that I'm not looking for managed hosting. Most hosts loudly proclaim all the stuff they'll do on your behalf, even on a dedicated server. I suppose most people want as much help as they can get. I am just the opposite. I don't want the host to touch the server at all. It should be like a foreign embassy--sacrosact foreign soil, even though it's located in the host country. I need this separation because I need to set up and control the server very carefully, and other cooks in the kitchen will just cause trouble.

What I really need is a friend in the hosting business who knows me and my business. Someone who knows I'm one of the good guys and will fight for me (and whom I can heartily recommend in return). I have a few friends that might be able to help, and I might be able to work with some of my customers as well. I'm pursuing those possibilities. I'm just seeing if anyone else has experience with this sort of thing.

They said it was a DDoS attack (not DNS) from 44,000 different IP addresses. They claimed they had to block traffic at the router to save the network and their other customers. I'm suspicious of their claims. I was using the site myself up to the point that it went offline. I now have access to the server again, and I don't see any indications in the logs of an attack, though I can't rule out the possibility.

They don't want to move the server to different IP addresses because the attackers would just find the server there, too.

I'm paying $400/month--their best plan--and yes, I would expect much better service. I would at least expect a phone call if they had a question about my site or if my site were attacked. Never heard a word. I had to call *them*.

I would love to tell you the name of this host, but I'm going to hold off for now until I know more about how to handle this situation.
Need a new home Send private email
Friday, May 05, 2006

Basically I'm looking for colo with a rented server. I'd rather not take the cashflow hit of buying servers right now, and I would want the host to quickly replace hardware in the event of failure.
Need a new home Send private email
Friday, May 05, 2006
I hear you on that, but hear me out on this one.

Quick price from the Dell Website, 850's 1U RACK, just over 3K each.  Thats about $100 per month lease/purchase with a 4 year 4 hour response warrenty.  Then co-location costs, Networxhosting $10/U and $200 for 200 gigs traffic. Total cost is about $450 per month (assuming 2x850's), and thats in Canadian Dollars. 

They also do dedicated servers as well.

Nice part is that if you don't like the co-lo company, you pull your servers and ship them off somewhere else.

I agree with the others though, why was your box a security risk?
Friday, May 05, 2006
Sorry I should have read your other post there.  Name their name here, we'll all avoid them.

For your customers, send them all a letter/email explaining that your internet hosting company screwed up and while it's not your fault you do accept responsability and are actively moving your servers to a new place to ensure better quality of service yada yada yada.  And I'd like to offer you one free month of addational service at no charge.

Yeah giving away a free month of service will suck big time, but you're customers will have lost money as well and one can only hope that this will be enough to keep them happy.

You could if you want also track any customers your lose, the lose of income for that months lost payment, lost money from your time getting this done.  Then sue them for that much.  You'll lose but if you find a real ambulance chaser lawyer that will work for a just percentage of the settelement, hey why not.

Also I think if you speak directly to Networx, you could get a dedicated server that you control.  They have been very flexable in meeting my needs.
Friday, May 05, 2006
I suffered a similar problem, and I found a Russian host that offers insanely good service (day and night they answer email, often within a few minutes). They worked through the night to get my site back up.

They went over and above the service they had to offer, migrated forums for me, did all kinds of handholding and they swore that whatever happened, I would never be offline again.

The company is called Rustelekom LLC. With the traffic you're getting, they'll host you on a US server so you'll be fine and dandy, American bandwidth with amazing Russian service that looks more like "friendship". (and they speak fluent English). Meil me for an email address if you're interested.
Frank de Groot Send private email
Friday, May 05, 2006
I had a bad initial experience with Rackshack/ev1servers that took a long time to resolve.  Out of laziness, I won't re-enter the brief synopsis/timeline here: http://www.astrogoth.com/node/111

On the bright side, they compensated by upping my hardware from the "ordered" 512M celeron with 1tb/month to a 1GB p4 and 1.4tb/month.

I've always had timely responses to my support tickets, but they haven't always been clueful.  When their peering was messed up from one of the data centers, preventing my proxy (and all connections) from connecting to a particular netblock, they refused to look into it until I obtained a traceroute from the other hosts back to ev1.  Since they weren't mine, and I didn't know the owners, it was a pain that was resolved only through patience.
art Send private email
Friday, May 05, 2006
Rant follows:
You may be running a "legitimate business", but there are very few reasons a person with control of "44,000 different IP", ie a zombie fleet, would bother you, let alone follow you to a new IP. My theory is you are connected with either anti-spam or anti-virus, in which case your circumstances are different to the average ISV here, and naming the host shouldn't influence others here. Your problems are just the cost of doing business in that arena.
I had a rant a while back about people complaining about their Paypal problems. It's exactly the same (assuming I'm correct about your product, otherwise I humbly appologise).
James Send private email
Friday, May 05, 2006
my rant a while back was about godaddy now i think more, but same thing.
Friday, May 05, 2006

You have some good critical thinking, but I have several responses:

>> You may be running a "legitimate business", but there are very few reasons a person with control of "44,000 different IP", ie a zombie fleet, would bother you, let alone follow you to a new IP.

First of all, I am suspicious of the host's claims. No one I've talked to has first-hand information (it's all handed down by elusive network admins), and some of their claims are provably wrong. (They claimed, for example, that I was running a SOCKS proxy on the server. I certainly didn't install anything like that, and I have now confirmed myself that the server is clean.)

I was using the site myself at the moment it went down. It was working till the last minute, and I can now see from the log files that the server has been running since a minute or two after I lost contact with it. Maybe there was an attack. Maybe the host exaggerated the problem and used it as an excuse. I can't tell, and they haven't been cooperative or communicative.

>> My theory is you are connected with either anti-spam or anti-virus

My site provides network software and tools. It is only indirectly associated with anti-spam and anti-virus in the sense that a few such companies are my customers. I don't produce or advertise anything specifically for "anti-ware". Sometimes word-of-mouth will suggest my site for helping investigate spam, but the site is general-purpose and is used for other things as well. Possibly someone out there thinks of it as an anti-spam site, but that's not my intended focus.

>> in which case your circumstances are different to the average ISV here, and naming the host shouldn't influence others here

I would think that the possibility of having your web site and livelihood cut off without warning would concern anyone. You would think that the host could have at least made a phone call. If they had concerns that couldn't be reconciled, they could have at least asked me to leave and given me time to do so. Instead, the site just disappeared this afternoon. I had to call them, wait for a response, and then all I got was an impersonal we've-shut-down-your-site-permanently email. I had to call again and do a lot of convincing just to get them to open the firewall enough for me to retrieve files. In short, they treated me like a criminal even though they specifically denied on the phone that they thought I had done anything wrong. If there was an attack, I was the victim--yet the host is essentially siding with the attackers and completing the job for them.

>> Your problems are just the cost of doing business in that arena.

1. To my knowledge, I've never had a DoS attack before.

2. I have never received any threats or extortion emails.

3. I don't know why anyone would seriously consider me an enemy.

4. DoS attacks are a risk for any popular site, and I'm guessing the increased popularity of mine would be the main reason it's at risk.

5. Even if I have an increased risk of DoS attacks, that doesn't justify the host's behavior. If they only want low-risk sites, that's their prerogative, but they have no business just dropping me one day (a Friday afternoon, no less!) without a peep of warning simply because they've secretly become uncomfortable with my site.

Consider this: what if eBay were attacked (which happens) and they outsourced their hosting (which they don't AFAIK). How do you think it would go over if eBay just disappeared one day because the host decided that they didn't want the hassle? It wouldn't happen, because eBay is too big a name, has too many customers with vested interests, pays too much money, and is capable of bringing a big lawsuit.

My host screwed me over because they think they can get away with it (and quite possibly they can). I'm small fry to them, and they just decided to brush me off.
Need a new home Send private email
Friday, May 05, 2006
I strongly suspect that, like everyone else, your host had a "we can terminate your hosting any time for any reason" clause.  So you really have no recourse other than generating bad publicity.

I have a dedicated machine with serverpronto, myself.  No problems yet in over a year.
Jonathan Ellis
Friday, May 05, 2006
Given what you have said, I believe that the malwarers are extorting the hosting company. There was no attack, only the promise of one if they didn't dump you as a customer.
Art Wilkins
Saturday, May 06, 2006
"They don't want to move the server to different IP addresses because the attackers would just find the server there, too.

Have you tried escalating this to someone with some authority and saying "look, I want to get to the bottom of me. I'm not looking to point fingers, I just want to make sure this doensn't happen to me or you again" and then really examine each of thier claims.

A smart customer service viewpoint here is that this is an opportunity to shine for a customer spending $5k/year.

If the guy in charge says "we're not interested in the truth" then, yeah, you gotta go elsewhere.
Mr. Analogy {Shrinkwrap µISV since 1995} Send private email
Saturday, May 06, 2006
I haven't read the entire thread but let me recommend that you contact http://acceleratebiz.com/.

Here's the background to my suggestion...

I was with ServerBeach (http://www.serverbeach.com) for a while on an unmanaged Windows 2003 server to test the waters of cheap self-managed dedicated servers. I setup a software firewall using the Kerio Server firewall product, as SB had no HW FW option at the time (Note: Kerio SFW has been purchased by http://www.sunbelt-software.com/ but ServerFirewall has yet to be re-released).

After testing the waters with self-managed hosting at SB and investigating redundancy options with them; I began to look for a different level of service. I priced out some options at http://www.rackspace.com for managed servers. I found their options to be expensive and lacking one main feature I desired, on-demand restore using imaging technology like Acronis TrueImage (http://www.acronis.com/enterprise/products/choose-trueimage/).

After discovering Acronis was licensing their technology to web server companies, I searched and found one company that provided Windows 2003 restores with an Acronis infrastruce already in place, http://acceleratebiz.com/.

I discussed a series of scenarios with an AccerateBiz tech support lead in pre-sales mode. We explored growth path options and redundancy setups. I was enthusiastically impressed by their attitude, expertise and motivation to deliver any realistic custom solution that I designed at a reasonable price (we actually priced several setups).

While I will revisit the market again before buying another server to check latest offerings, if I had your problem today, I'd call AccerateBiz and ask them what they could do for me.

AB impressed me as a company that could handle my future growth potential, especially with redudant configurations,  which I belive you may want to invest in.

You have a nightmare on your hands, I'm sure we can all empathize. 2 more cents, once you rebuild a hardened infrastructure make sure you tell your paying customers what you've done to prevent another outage and refund them some $. Also make sure you your software/services are hardened against attacks.

Best of Luck.
Saturday, May 06, 2006
"I would love to tell you the name of this host, but I'm going to hold off for now until I know more about how to handle this situation."


Nice lookin out.

The situation is you are looking for a new web host.  Spill the beans already :P

I would sue them, IMO.

I'm no legal analyst, though, so I dunno what you can *legally* do in this situation.

It seems like the host is lazy and just wants to save themselves some work.

Let the people know who to stay away from, find a new host, and get back to business :)

Nate Send private email
Saturday, May 06, 2006
I'm on my 30th hosting provider since I've been in this game, and they are the best. Them, or Crystaltech.
Shannon - PayLoadz.com Send private email
Saturday, May 06, 2006
If you are truely not involved in dodgy business, then I think it highly unusual that your host would terminate your site with no warning and so quickly. At a minimum, I believe they would have to notify you of their intentions, and my guess is they would also give you a second chance. Your claim is quite odd in that the host is dropping you with a "we don't like your kind" claim, which I find hard to believe as it empowers you (as it has now) to out the company and give them extremely bad press.

If you are truely legitimate, then I would actually go back and ask the company to immediately resume services due to the fact that you will not be able to transfer your site anywhere in a good amount of time (for starters, don't you need to transfer your DNS which takes a couple of days??). You would of-course have to agree to some work-arounds/changes to your site that would at least try alleviate some of the problems.
Simon Send private email
Saturday, May 06, 2006
Simon says: "If you are truely not involved in dodgy business, then I think it highly unusual that your host would terminate your site with no warning and so quickly."

No Simon, some hosting providers operate under the "avoid liability at all cost" credo and they will immediately terminate an account for several unsubstantiated allegations. My account was shut down due to a frivolous Copyright infringement claim by a competitor.

My provider (PowWeb) refused to discuss the matter. They said: "Someone claimed you violated their Copyright - case closed".

This is because, if the claim proves to be correct and they did not shut me down, they are liable for damages, according to the Digital Millenium act. They are not interested in entering a complex legal investigation paid by them for a tiny customer.

Oh, I had just renewed a payment for the next year of hosting and they refused to give my money back.
Frank de Groot Send private email
Saturday, May 06, 2006
Sue them.  You have a contract with them, right?  They can't just drop the service on their whim.
T. Norman
Saturday, May 06, 2006
Frank says: "some hosting providers operate under the 'avoid liability at all cost' credo and they will immediately terminate an account for several unsubstantiated allegations."

What you say makes sense. But trying to correlate it with other services I am familiar with causes me to again question the logic/legality of simply closing down a web-site. If you run a business in a rented office space and the land-lord hears that you sell drugs out of the same office, they do not necessarily kick you out. Nor do they kick you out on the spot with no notice. In essence you are telling me that a hosting provider can follow a 'guilty until proven innocent' credo, which I doubt is legal.

Now for a interesting query. Both yourself and the OP have apparently had your services terminated out of the blue. Did you get your monthly charges reimbursed? Or at least did they pay out the residual? Again, if you got booted but have already paid for the service, then my guess is that unless you have done something illegal the hosting provider must at least pay you back for the unused amount of the service.
Simon Send private email
Saturday, May 06, 2006
The "No refund, no explanation, no nothing" seems to be all to common for web based businesses. Consider the on line payment services and their account freezes.

Can you imagine a bank saying "We've seized your checking account, no we won't tell you why, no we are keeping all of it" because a restaurant said your tip was too small when you charged a meal.

You see, The Interwebs is special and normal laws don't apply.

Especially if you are headquarted in Barbados and your servers are in Bermuda, or something like that.
dot for this one
Saturday, May 06, 2006
Were you the victim of a DDOS attack or did you allegedly initiate it? I don't see how you can be held accountable for getting attacked.

Anyway, that's besides the point.  You still haven't learned your lesson.  If uptime really is that important, you should be looking for TWO companies to replace the existing one, so you can get redundancy at that level.
Saturday, May 06, 2006
WOW, that's one fairly long thread. I thought I would add my $.02

Your story somewhat remind me of my experience 4 years ago. I was hosting my community site not on a dedicated server but on VPS which is still shared machine with a couple of others.

As my community was growing I couple of emails from the hosting company that the site is rather high on the processor utilization, pitching their dedicated solutions which were priced unreasonably high.

I looked around, compared over a dozen dedicated hosters and found unmanaged dedicated plans from FullControl.Net (http://fullcontrol.net) working best for me. As a side note, I've been happily hosting all my sites with them since then (that's 4 out of 8 years hosting my site(s))

But I digress...

The evening I made the decision, I emailed the hosting company not to worry I will move the site although not with them but to FullControl.Net. Mistake, mistake! What can I do, I'm a genuinely honest guy, but at times honest is synonym for stupid :(

So, in the evening I sent my email and went to bed happy - man, was I wrong to sleep happy... The hosting folks sent me an official warning _in the middle of the night_ - request to cut my traffic twice. How silly is that, I probably could do something about the processor load but how am I supposed to turn the visitors away? ...

Apparently they decided that 15 min warning in the middle of the night gives enough lead time and shut down the site 15 minutes after their email. So, when I woke up in the morning I had email from them and the site was already down.

As the "hosting" company was incommunicado I pursued dedicated server with FullControl.Net.

48 hours with a little sleep and a lot of help from FullControl folks the site was up and running on the shiny new dedicated machine. Of that time it did take over 1 day to get FTP access back to my dead site with the "hosting" company.

So, that's my story, anyway. And I do promise to become laconic some day :)

Interestingly, 2 years ago I moved to newer server with FullControl.Net and the server specs are exact to your wish spec along with the preferable option ;-) dude, aim a little higher.
Serge Baranovsky Send private email
Saturday, May 06, 2006
Why not just host it yourself?


Obviously, hosting companies are subject to unanswerable failure.
Saturday, May 06, 2006
"Can you imagine a bank saying "We've seized your checking account, no we won't tell you why, no we are keeping all of it" "

That happened to me a couple times in California. Once with Home Federal and the second time I forget which bank.

Turns out there is a law that if there is no activity in 6 months, the State of California seizes your bank account and shuts it down. It's up to you then to argue with the State over whether you can have your money back - the bank refuses to assist you or even tell you what happened to your bank account.
Art Wilkins
Saturday, May 06, 2006
To Simon: I had just paid for another year of hosting with PowWeb. No, I did not get my money back. They refused to discuss the matter, I was simply thrown off their server, no discussion possible.

Their TOS says: "We can terminate service at our discretion and without a refund for any reason and we don't have to tell you why".
Frank de Groot Send private email
Monday, May 08, 2006
I heard Networx hosting has illigal billing practices
you ask them to cancle an account and they do not then with out contacting you they send it out to a collection agency that could lead to a bad credit
bob smith
Wednesday, May 24, 2006

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
Powered by FogBugz