Rant & Rave!

I've just recently gotten an e-mail from my website host, telling me this:

Hello,

I apologize, when I saw your email address I realized what your domain name was.

The reason your account was suspended is because it uploaded hacks on the server and was running them, causing server downtime. Can you list for me all the PHP scripts used on this account?

Her-Name Here

Her-small-company-name

------------------------

My site has been down now for like 4 days total due to this "problem" and i've had a suspended page put up for that entire time.

--
This Account Has Been Suspended
Please contact the billing/support department as soon as possible.
--

ALL of my billing is taken care of, i'm not late with a single payment. That page is somewhat of an embarrassment as i've got clients who use my website on the daily.. and they're asking me about this.

I'm about to move hosts as I can't take 4 days of downtime with this message in place of my site too lightly.

What would YOU do in this situation?

Sounds to me that there was an exploitable php script in your web site somewhere. The host should have been able to track down which one by greping through the apache logs....

Man, I wish one of my hosts was that competent. Let me describe to you some of the horribleness that recently happened to us.

So apparently we have an exploitable upload script, which allowed a user to upload a PHP script, into a directory our host put in our home directory with 0777 permissions. The person then uploaded a script into this directory (I forgot what it was, some online WYSIWYG editor that the host randomly stuck in there), and he used it to run shell commands, which he then ran on our sql connection script and got our password. (Part of this was a foolish mistake on our part, however it was still annoying). He then proceeded with downloading all our sql data, all our pages, and several other things, and began cracking our members passwords.

We sent numerous request to the host to have them help us find the problem, however we were always met with absolutely NOTHING. They told us the problem was that our / directory was world writable (not set that way by us), and that would fix all of our problem (which it won't), and they claimed no responsibility or knowledge of what happened. They apparently "don't keep server logs, FTP logs, or any kind of logs", and "all of the raw logs are accessable to you via cpanel"... which is a lie, what they meant were awstats was accessable for previous months, which helped a little bit, but not very much. Even more insulting was after I repeated my question, which the support person failed to answer, they never answered back, still holding this was entirely my fault....He was also able to read the password files of several other hosting accounts on the server, and able to modify some other site on that server because of the world writeable home.... but the host hasn't noticed, nor have they said anything, nor have they been able to help. BAH!!!!! Thats what I have to say.

Any host that is not capable of grepping through access logs to find what script is causing a problem shouldn't be hosting anyone.