[BNM] Fasthosts customers blindsided by emergency password reset

David Wilson dw at botanicus.net
Tue Dec 4 10:14:18 GMT 2007 

On 12/4/07, David Andrew <david.andrew at gmail.com> wrote:

> A customer of mine asked 'Is there any sort of prevention to stop this
> in future?' I don't think there is but I would like to be proved
> wrong.

You can't prevent it, but you can seriously reduce the risk involved by not
using a pack of cretins and/or cowboys to host your web site (Fasthosts are
both).

Negative indications:
- Technical support are clueless and/or don't give a shit (Fasthosts are
both).
- Service is shit and/or broken (Fasthosts is/was both).
- Threats of legal action in reponse to complaints about service (yup, you
guessed it, Fasthosts again!).

Below is a copy of a page I put online at the end of 2004, documenting my
experiences with Fasthosts. It got better PageRank than their own home page,
ranking first for any Google search for "Fasthosts" at the time.

They immediately contacted my ISP and tried to have my friend's colocated
machine switched off pending legal action. The ISP (who knew me)
demonstrated perfect rationality, calling me up instead, and giving me a
chance to take the page offline.

I basically have no pity whatsoever for any past/present Fasthosts customer
affected by the hack, as if they took just 5 minutes to evaluate the
company, service (quantitive measurement? never!), or customer reviews I'm
positive they'd have run away very quickly, regardless of how technically
adept they are or otherwise.


David.

==== 2004/12/05 ====

*Please note:* this page represents the experiences and opinion of one
person only, expressed solely for the benefit of the Internet community. As
such, your experiences with this company may differ to mine, but *in my
opinion*, you should not be doing business with them.

It is worth note that if I wrote a page of complaint for each company that I
dealt with, my web site would be nothing more than a trove of complaints
that mammothed the positive content on the site. I wrote this page after
spending many frustrating hours trying to work around *trivial and
amateur*misconfigurations on Fasthosts's servers.

Unfortunately due to someone else's decision, I have been forced to try and
utilise the suboptimal junk service that is Fasthosts
Internet<http://www.fasthosts.co.uk/>.
It has been well over a year since I first encountered them, and I've
finally been pushed across the line and decided it's time to do something
about them.
Why I Think FastHosts.co.uk Is Run By Idiots

   - *Their '24 hour' technical support is shit:*
      - They are ignorant and don't return your calls.
      - They demand an idiot PIN number off you before even showing
      signs of civility.
      - They have a habit of disconnecting your call if you ask a
      simple question they cannot answer.
   - *Their 'web cluster' is a heap of steaming shit:
   *
      - Their PHP configuration varies across each machine, some
      allowing certain functions, others not.
      - There is no documentation as to what you are allowed and what
      you are not allowed in your scripts. This isn't surprising, I doubt they
      know themselves.
      - Their NAS at peak times will give an astounding 3.2k/sec
      /bin/cp when logged in via their shell.
      - They rely on backwards features like *open_basedir* for
      security. This worries me deeply.
   - *Their Linux shell is completely useless:*
      - They disable public key authentication (*WHY???*).
      - The configuration in no way reflects that of the web cluster.
      - There are hardly any tools installed, beyond base-utils.
      - It runs Redhat 7.2!
      - It runs apmd!
   - *Their customer control panel is shit:*
      - Even the password reset script crashes!
   - *Their services are woefully overpriced.*

Summary

The above list was entirely from memory, which for me is impressive. I am
sure there are plenty of points that I have missed. I will try to keep the
list up to date from here on in.

In short, Fasthosts appear to be a pack of money-grabbing amateurs. The day
is coming where companies like this won't be able to exist any more. Well,
at least I hope it is. In the meantime, avoid this pack of hounds like the
plague.

If you are looking for cheap hosting with a hint of self-pride, check
out *BlackNight
Solutions <http://www.blacknight.ie/>* instead. For sites with more
demanding connectivity or processing requirements, I have had very good
long-term experiences with *Bytel <http://www.bytel.net.uk/>*, a local
company providing tier-1 connectivity to the MCI UK
<http://www.mci.com/uk>backbone.


>
> D
> --
>
> BNM Subscribe/Unsubscribe:
> http://www.brightonnewmedia.org/options/bnmlist
>
> Archive Search - http://icanhaz.com/bnmarchive
>
> List jobs for 10 pounds on Sussex Digital. Use promo code bnm10
http://jobs.sussexdigital.com/
>
> BNM powered by Wessex Networks:
> http://www.wessexnetworks.com
>

More information about the BNMlist mailing list. Powered by Wessex Networks