We have done client website work on hundreds of webhosts over the years, and we fix 3-5 malware infected or broken websites per week. One thing typically remains constant – we get more virus infested and hacked / injected websites from these 3 webhosts than any other:
Is it irony that those are 3 of the most popular webhosts online? Are these webhosts more insecure or vulnerable than others? Do they get hacked more often? Or are they just a bigger target because they host so many websites?
Personally, as a company that does WordPress development full time we do not like, prefer to work on, or endorse any of those 3 webhosts just because we see more hacked and malware infested websites on their servers than any others. Today is prime example since we were working on a malware infected website on Dreamhost – and were very surprised as to what we encountered.
We secured and hardened a WordPress website that had been infected. We scanned, cleaned, and secured the database, and all theme and plugin files – and then did a complete reinstall of WordPress core files on top of that- AND checked the entire hosting account and reset all passwords. We scanned it for malware once last time and all was clean.
Then about an hour later sucuri.net found malware on one page of the site (SEO spam links). We viewed that page and found nothing. We did a fetch as googlebot in Google webmaster tools and saw a completely different webpage (of spam links).
At this point we knew that there was a redirect going on where the website was showing the googlebot crawler one webpage (with spam links) while visitors were seeing the normal webpage (only). But how?
We checked the .htaccess file (being the most logical place that the redirect would occur) but it was clean. We checked the theme manually, but everything was fine. We even scanned the database manually for rogue code and it checked out. As a last ditch effort we even reverted to site to the default 2011 WP theme and deactivated all plugins – and did the fetch as googlebot again, and it STILL showed the spam links.
In our opinion this could only mean one thing – the website was completely clean, and the redirect was happening at the server level in the apache configuration file (httpd.conf). Being a shared website, the only way to confirm this would be to contact tech support at Dreamhost. So we logged into the client’s account but there was no phone number. We went to Dreamhost.com – but their main website was down for 4 hours this morning (with 500 server errors). I’d say these were both bad signs. We figured there would be some type of live chat on their website (being a huge webhost), but couldn’t find that either.
So after a quick google search we found this on the Dreamhost wiki:
Here at DreamHost we mainly provide support through e-mail. We do however provide an option whereby customers can request a phone call back from our technical support team.
Callbacks are not included with our standard hosting package by default. You can, however, add three callbacks per month to your account for a nominal monthly fee.
Callbacks must be requested through your account control panel. Just log in to your account and click through to the “Support/Contact Support” tab. If you’ve added Premium Phone Support to your account you’ll see a “Request Callback?” checkbox near the end of the submission process.
WOW – really?! Not only was the main Dreamhost website down for 4 hours, but then we found out that you can’t even contact them by phone or live chat AT ALL! Seriously, this is an issue where we’re pretty sure we have verified that one of their shared hosting servers has been compromised, and we can only “submit a ticket” through the client account.
We did submit a ticket (since it was the only option), but still 12 hours later have received no response at all. We also saw from the web searches earlier today, that many Dreamhost websites were down earlier this month as well – maybe they’re just a bad webhost.
We’re often asked, if you don’t like this 3 popular webhosts – who do you like? We prefer Hostgator because they are one of the largest and fastest growing webhosts in the last 5 years, physically located in the US (Arizona), and the tech call center is in the United States (not outsourced). In addition they have full free phone tech support and full free live chat tech support for ALL accounts 24/7. They are also very WordPress friendly, and have much better server configurations for WordPress powered websites.