Home

Site hacked again

Special web hosting offer - LIMITED TIME ONLY
By Shlucky - June 18th, 2008

Google sent me an email saying my site had malicious code on it. 3rd time in 3 years. Apparently Ipower gets hacked all the time, and a large percentage of their sites have malicious code inserted on the pages. The worst part is that GOOGLE was the one to tell me, not my own web host.

The last time I complained, a guy in India said that my machine caused it. Yeah, because there are so many viruses out there that append malicious code to html files as you upload them. Ridiculous.

The company sucks and when my contract runs out I'm switching. Can't wait.

Comments

Yep, thats the way they work!
Submitted by dhazard on Wed, 06/18/2008 - 11:48.

I have had at least three sites with malicious code, I must have uploaded from my MAC when I wasn't watching. They are hysterical in that they have consistently blamed me - Guess that whole "never blame the customer" didnt make it to their meetings. If I could I would nuke them - and Im not kidding, I truly hope they lose all their business and go bankrupt (but not before I sue them)

Ipower is the new Great Satan

Ok, so?
Submitted by david (not verified) on Sat, 06/21/2008 - 18:43.

Why don't you just remove the mal code then? Tons of sites and companies deal with mal code hacks. Do you think calling some tech support guy in India is going to keep your site from getting mal code on it. Maybe he should just press the "make this customer's website hacker proof" button. Would that be your solution you dork? If ipowerweb knew your site had mal code then why would they contact you, wouldn't they just remove the mal code? Do you think they actually comb through their customers html coding on a daily basis looking for mal code? The reason google found it you idiot is because they monitor and use the html on people's sites for their search engine cataloging. Keep on blaming them because of hackers on the web. See how far it gets you.

Re: Ok,so?
Submitted by anonymous (not verified) on Wed, 06/25/2008 - 22:33.

Easy on the 'idiot' and 'dork' comments, okay? Geez, do you work for ipower or something? Perhaps (an i'm only assuming) dhazard hasn't removed the mal code her/himself is because he/she doesn't know what they would be looking for even if they were staring directly at the code themselves. Then again, maybe not. Either way, Ipower has a reputation for suckering non-web savvy clientele because 1. They are a cheap hosting provider and 2. They believe they offer clients easy solutions via their nonsense Vdeck tools. Not everyone is a web dev, nor an html/php/perl/etc. expert, skippy. Some people just want a simple online solution to their website needs without having to worry about malicious code suddenly being introduced into ipower's poorly secured servers, and thus risking being affected. Ipower servers have been compromised by overseas hackers more than ANY other hosting provider's servers have been to date - FACT. And I'd be happy to show you stats. Hosting providers WORTH A DROP OF PISS prevent this from happening to their customers every day. Why should ipower be any different? Well, I'll venture a guess: because they don't give a shit. They seem to run on a well-outdated company template of outsource, outsource, outsource. That way, they don't have to spend any money, their services become crap that's outsourced to data centers all over hell's half acre, and they really have no idea of security, or what monkeys might be in charge of running their networks. Bravo. That's some really sound web hostin', Lou...

In response to your comment about "If ipowerweb knew your site had mal code then why would they contact you": well, this stupid assertion is the crux of ipower's constant failures. A COMPETENT web host might try to forsee and iradicate said problems so that their CLIENTS, who pay them the MONEY to operate (let me know if I'm moving too fast for you) wouldn't be affected. And if worse came to worse, they could CONTACT their clients to give them a status on just what was happening, and what they were doing to solve said issue instead of going directly to placing blame on the hands that feed them (IE, their CLIENTS), as I've seen them do first-hand many times. I work with 3 other web hosting companies of similar size, and never have to worry about such a thing. Hmmm....how could that possibly be? Oh yeah, two words, dumbo: CUSTOMER SERVICE. Ipower does not possess this, and it will end up consuming their stupid company in the end - mark my words.

Being that the malicious
Submitted by Anonymous (not verified) on Thu, 07/24/2008 - 01:35.

Being that the malicious code that gets inserted into all Ipower's web sites is exactly the same, it shouldn't be too difficult for them to crawl the sites they serve and let owners know there's a problem before Google does it.

Ipower really does suck. They're awful.

I have had no problem with
Submitted by Anonymous (not verified) on Fri, 07/25/2008 - 18:53.

I have had no problem with Ipowerweb. Maybe it's because I use Namo Webeditor and it cleans all the crap out? Just sayin'.

Recent hack
Submitted by MrBits (not verified) on Sun, 07/27/2008 - 12:51.

A client who originally signed-up with iPower for his new site, has been hacked twice. Most recently on July 15-16. iPower blamed a compromised FTP login & said they cleaned-up embedded page code - yet the file modify dates still display as being last updated in June! And why did they not supply the IP addresses used to FTP during the date range the bad files were stamped with? At least then there some usable info for blocking future server access by them :P

They stated it was an 'iFrame exploit' and cited spambusted.com for the explanation, when in reality it involved inserting .htaccess.mal files inside all folders, which redirected the search engine traffic & matched the circumstances described at: http://www.webmasterworld.com/webmaster/3703125.htm - EXACTLY. Too bad the posters at that link did not name the hosting company's involved - or else the mods edited them out.

Clearly there are incompetence issues at iPower - given their poor track record on security, you'd think they'd try working harder in this area. I manage customer's sites across diverse hosting vendors who charge the same, or less, for service, yet the only client I've had who's experienced such problems... happens to use iPower. An unlikely coincidence, so we will be moving his site to a more reliable vendor shortly.

I say RUN, don't Walk from iPower.
@david RE: OK, SO? Either you are an employee, or just an ass. Perhaps both, eh ;)

Me, too!
Submitted by tess elliott (not verified) on Thu, 08/07/2008 - 22:10.

My website was also hacked in this way and I didn't know it until a customer told me something strange was happening when he visited my site. He forgot how to spell my name but googled it close enough that what came up first looked like my site. But it was www.tesselliott.com, all with my artwork, and all full of malware to get you to an Eastern European site waiting to give you a virus. My true url is simply http://tesselliott.com. My art was hijacked and my name just as I am marketing for an estore about to open (NOT with Ipower!). Ipower first tried to blame me, but now they are telling me the truth about the malware. I wrote that code myself--just plain HTML with no bells and whistles or malware.
But ,trusting fool that I was, paid for three years up front. I have no idea if I will ever see that money now, but I surely have to get out of there. The worst is, I can't relocate my website until that bogus www. site stops coming up. It's a marketing disaster for a self-employed artist. The standard answer is "we are working on it." Thanks for all the good advice, and thanks especially for the kind comments for those of us who are already too busy to be super web saavy. I make good art the old fashioned way, and it looks great on the internet where a dealer can't get 70% of a sale.

One more!
Submitted by Kristina (not verified) on Fri, 08/15/2008 - 09:12.

Not being a genius with malware, I didn't know what to look for initially when I was flagged by Google nearly a month ago. I cleaned up all my code, reloaded and the problem was still there when I was reviewed. This morning I went into the remote folder and found htaccess and htaccess.mal files in EVERY FOLDER. I manually removed all of these including every other unecessary file on the remote server, refreshed all my html from the local files and then went into the FTP root folder to find them there as well! So I cleaned out the FTP. Now my friend who is a computer programmer explained that this is most likely the result of lazy configuring. Rather than setting global configs they throw configs in each directory because the htaccess should not be in every single folder like that. He also mentioned that it's no secret Ipower had a huge breach earlier this year. So I sent off an email to their support (though, judging from the messages here I won't hold my breath) to see what they do, and if they are unhelpful I will be switching hosts ASAP. In the meantime I am going to monitor the remote server like a hawk. It is very bad for business to have my website flagged on a search like this.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <i> <b> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote> <p> <br>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.
iPower Sucks

Looking for a new web host?


Run, don't walk, to find a new hosting provider before iPower implodes.

Green web hosting - host unlimited domains!

Google

User login

Recent comments

Syndicate

Syndicate content
iPowerComplaints.com is a free service of Complainr