Pissed off this evening. Well, for the past three evenings, ever since the underwhelming Dreamhost shut down the Scribble Designs website. I came home from work to receive the following message:
Your script found at /server-path/index.php (your WordPress installation) has been exploited and was being used to send out spam emails through our system. We have disabled the script to help prevent our servers from being used for this purpose, as it is adversely affecting the stability of our mail system. Please do not re-enable it until the security hole has been fixed (you can go to http://www.wordpress.org for upgrade instructions). We thank you for your attention to this matter.
That’s my business website, fools! Why’d you shut it down? WordPress doesn’t generate email spam, does it?
Well, it doesn’t bloody seem to. I googled for a solution, hit the support forum and the WordPress Codex. Nothing.
I emailed back, asking for an in-depth answer. Why my website? What led you to diagnose this problem and pinpoint my website? Was a plugin at fault? What response did I get:
You’ll need to contact the authors of wordrpess for more information on patching the software. We do not provide support for third party scripts.
Don’t provide support for third party scripts??? You just offer a one-click install of the damned thing. You’re reknowned as a WordPress/blog hosting company. The guys at WordPress actually recommend DreamHost. They know WordPress well enough to diagnose a blog as a source of spam, but not well enough to advise of a solution. Hmmmm.
Oh yeah, and I’m sure Matt Mullenweg loves to wade in and intervene in individual support calls. Hi Matt! I’m having this problem with Dreamhost…..
So, as of right now, I’m a web designer without a website, all thanks to those lovable chimps at Dreamhost! No straight answers. No fault resolution. Oh, and did I mention that their servers are running at a snail’s pace at the moment?
Do I get my money back when I decide to move to another – better – host? I’ll keep you posted.
Gerard McGarry 
You have a right to be pissed, but dreamhost is just doing their job. It isn’t really impossible that wordpress was being exploited. When I was using a “contact us” plugin that was exploited and being used for spam too. I realize that’s a little different, but I digress.
I’m actually suprised dreamhost hasn’t shut down my account. During one huge burtst of traffic I was getting a half million page views a day. It completely brought the server I was on to it’s knees. Instead of shutting my site down, they quickly moved it to a temporary server to give it the resources it needs and to not affect the other sites on my server. They left my site on this new server for a good three weeks before my traffic went back down to near normal levels.
For the price, customer support has also been amazing. They must be losing so much money from me consider I have used hours of their reps time, and my anual costs wouldn’t even cover their hourly wages. Yet they treat me like I’m paying hundreds a month.
Plus, with the new bandwidth increase to 1 TB, I actually got a refund for this months bandwidth overages! I had gone hundreds of GB over my limit and was being charged overages on a daily basis, and sure enough they cancled all the charges for my current rebill cycle. Again, something they didn’t need to do, took them effort, but they did it anyway.
Sorry you had a bad experience, but I dont think by any stretch that Dreamhost sucks.
Hi Justin. I’m glad you’re finding Dreamhost decent.
Now, I don’t doubt that they should have shut down the site if it was generating spam. However, they haven’t given any evidence to prove this, and they’ve given no advice as to how this might be rectified!!!
I’m surprised to read that they went out of their way to accommodate your site when it had a traffic burst. That’s actually pretty decent – I wonder why I’m getting cold-shouldered.
As you can appreciate, this is my business website. Taking it down is cutting off my web presence and making me – as a web designer – look bad. I’ve had plenty of experience with web hosting firms in the last…ooohhh…decade to know that this is outrageous behaviour. Grrrrr!
Pingback: Gerrybot » Dreamhost Update
What version of WP was installed when they said that?
It appears that, through v1.5, it _can_ be used to generate spam: http://www.gerd-riesselmann.net/archives/2005/09/sending-spam-through-contact-forms
That’s interesting. Funnily enough, I’d only just upgraded to WP2.0 at the time all of this kicked off!
Look http://www.dreamhost-sucks.com/. People are not alone when it comes to being screwed by dreamhost. They do this all the time. Should they support a one click install. You bet your sweet hiney they should. The one button installs is a service offered by them. Who else would know? Not the oneclick install user.
Dreamhost is loaded with unprofessional idiots. Dont believe me? Read their blog and what users had to say about them on their own blog. http://blog.dreamhost.com/ and http://blog.dreamhost.com/2006/03/10/the-four-horsemen-of-marketing/
Dreamhost will be lucky if in another year they can post entries to their blog about vacations to hawaii when the shut down users sites without notice and for using the cpu usage of a single blog.
Dreamhost aka LameHost
Disclaimer: I am not an employee or representative of Dreamhost. I am merely a (very) happy customer [actually, the soon-to-be husband of one].
Dreamhost:
http://www.dreamhost.com
In operation for 9+ years
200,000 Websites Hosted
Dreamhost-Sucks:
http://www.dreamhost-sucks.com
3 Complaints as of March 15th, 2006. All posted in February of 2006
LA Better Business Bureau:
http://www.labbb.org/BBBWeb/Forms/Business/CompanyReportPage_Expository.aspx?CompanyID=13131294
12 Complaints total, ever.
Giving the benefit of the doubt that the 3 guys at Dreamhost-Sucks haven’t yet filed BBB complaints, we’ll add them on to the 12 rather than assuming them to be included: 15 total complaints.
Customer Disatisfaction Rate:
.0075% Dissatisfied Customer Base.
Customer Satisfaction Rate:
99.9925% Satisfied Customer Base.
Unfortunately, a lot of people these days display a fundamental lack of understanding of computing & communication architectures & applications and (ultimately) what is (or is not) most suitable in particular environments for a particular purpose.
Worse still, when these people are adversely effected by their lack of understanding, rather than taking responsibility for their own failures of design and poor planning, they frequently prefer the easier option of simply blaming someone else. And, even worse yet, they can get really nasty about it. This does not engender compassion–either from your customer support rep, or the (intelligent) world at large.
To be fair though, I had a similar experience at a previous ISP. And, it’s hard to get over the first time your site gets shut down, regardless of the reasons why. But developing that understanding (of “why my site got shut down” and how to “not let that happen again”) is an important stepping stone for anyone desiring to work in web design or consultancy.
ISP’s have a reputation to uphold. Your business’s entire web presense is tied in with that ISP and YOUR reputation depends on theirs as well. Spam originating from that ISP is the surest, quickest reputation killer there is. How would you feel if your domain was listed with SOBRS, or was filtered by firewalls because your ISP’s IP block range is listed in other network abuse tracking registries? You wouldn’t be very happy. Though, honestly, unless you were astute and informed, you might not even notice you were hosting with an irresponsible ISP for a long time. Some have gone years. Some still unwittingly continue.
Dreamhost is a very responsible ISP, very concerned and involved with all their client’s issues.
(But, I warn you. They’re people too. And even the best Customer Service guys can only take so much crap.)
When your web applications get exploited, it’s either for a commercial or malicious purpose, as long as that exploited application is allowed to continue running it is literally spewing out whatever abuse the exploit is tailored to deliver.
It’s nothing personal against you or your business. It’s not a matter of being heartless or thoughtless. The exploited application MUST be shut down immediately. It is actually ILLEGAL to allow it to continue running.
Think of it as if you’re an avid arms collector, and you accidentally left the door to an unlimited supply of AK-47s unlocked, and word got around. And (yes, imagine this, its a good analogy) every SECOND of every minute of every hour of day (24/7) several criminals were (each) taking more and more of your AK-47s AND shooting (more and more) innocent people. Only, here, the AK-47s are TCP segments and the victims are network servers (Usually Spam email and Mail servers). Lives arn’t being lost (though they could be, in coordinated attacks on critical network infrastructures), but (more typically) money (or service) is (effectively) being stolen. And, end users of those network services experience diminshed (sometimes crippled) network speeds and even find legitimate mail being rejected because their IN-Box is full of spam!
You’re ISP isn’t the one that’s made you the victim here. It’s the people who exploited your web applications to do their evil bidding. Hating dreamhost in this case is as illogical as hating the police because your house is a crime scene. You have a right to be angry, yes. But direct your rage where it belongs, please. The criminals.
What you should be ranting and raving about is: If this is a crime scene, then where are the police? Whose trying to catch these criminals? Who will bring them to justice?
You should be saying: I’m pissed as hell and I want to see someone go to jail for what they did to me, now!
The fact is, it probably has been reported somewhere along the way. And, this incident is just another bit in the statistical engine of tracking systems that follow millions of computer crimes and try (very unsuccessfully) to zero in on internet criminals.
You should have entries in the raw log files that will reflect the occurances. Though, they aren’t usually helpful in actually catching the culprits. It’s complicated. I won’t go into it. Study up if your interested.
If you want, you can send the logs to the FBI and report the individual crime committed against YOU–a denial of service via exploitation of your web application. Though, frankly, even there, your not looking at much sympathy.
It would probably be recieved with as much enthusiasm as a kindergardener whining to their over-worked, under-paid, highly-stressed out school teacher that their imaginary friend stole her favorite red crayon yesterday, but look! here it is?
By the way, you do realize that process accounting is attributed per shell account, yes? And, that one of the truly beautiful things about dreamhost that you won’t find anywhere else in shared hosting is that you can get a lot of multiple shell accounts? You should always have testing / development / (conceivably) untrusted applications allocated to a seperate account than your primary business and integrated in such a way that its failure will not effect your primary site.
Hi Tim. Thanks for your comments.
To set the record straight, I am still with Dreamhost. In fact, I’ve even started hosting a couple of new blogs with them.
My issue at the time was, I couldn’t get answers. Simply “we’ve shut down your website for sending spam”. Each response used up virtually all of the maximum response time, and my website languished the whole time. I do agree that if you’re offering one-click installers that you need to provide some support for the product in question.
Anyway, all water under the bridge (for the moment). Your Formerly-Pissed-Off But Now-Happy-Again DreamhostCustomer
I think dreamhost is better than the rest, my site with dot5 sucks
Dreamhost lost a couple of first class technicians who found a better place (and salary) to put their talents to good use. This happened, as far as I can recall, about 2 months ago. Since that time, Dreamhost started to face an increasing amount of troubles. Clearly they couldn’t cope with the enormous growth anymore, and now they are literally drowned into their successes.
It all went too well the past couple of years, making them believe that success has become routine. Their way of presenting themselves as “relaxed” speaks for itself, seen from a marketing perspective.
I have been their customer since early 2001, but now I am going to move all my domains and websites to another hosting provider, because my websites have been more down than up over the past two months.
As my websites are my source of income, I cannot afford losing customers just because of a hosting infrastructure that keeps on falling apart, both their systems and their management.
For the record, WordPress recommends those hosts because they get a kickback via the affliate link for each new account.
A fairly large kickback.
Dude its your fault for not updating your script, you have to keep updating to the latest patches you know? and no hosting account is responsible for doing that, you need to do it.
Besides the fact that it is very common for spam to be sent via exploits in forms from the script, so yeah It all sounds “normal” too me, the only one to blame would be yourself for not properly maintaining your own site, the web host has nothing to do with this.
Anyway glad to see the problem resolved and your site back up.
And the prize for the worst web hosting company ever goes to….
DREAMHOST!!!!
Pingback: Dreamhost Sucks At Hosting by Elliott Back
Pingback: The “Break it Down” Blog » Blog Archive » Media Temple - Problem #1
Pingback: Icheb’s weblog » Am I the only one facing Dreamhost problems?
i´ve put up with all i can stand from this ridiculous isp for the last 2 years. our time together is finally up in a week. can anyone suggest a good isp. thanks
dreamhost sucks like hell.
look in their wiki: it is outdated crap.
Payment via paypal and other is offered…when you try,
you figure out they only accept checks and creditcard.
The support is arrogant like hell, coz they just explain
“it is that way due to bad experience”…but that would
actually work as an excuse for EVERTHING.
“Mail?nooo, we had bad experience with that. we dropped it.”
Thanks for all the input. I’m looking for a new host even though I’m happy with my current one (webintellects), but general prices have gone down faster than webintellects prices and I want to host client sites on one account (expensive with WI).
That said, I’ll probably pass up on Dreamhost in spite of posts (14 -18) which were just babies crying without telling you they have damp diapers (no explanation).
Has anyone had any experience with Ultra Website Hosting? I haven’t seen any bad comments about them and they’ve answered my initial queries about their service rapidly. The only heartburn is that they don’t equate “domain” with “website” (as many don’t) when telling you how many sites you can host. Now, this is correct, but many others go the other way and it’s confusing.
I have worked at a company for almost 2 years. We have only has dreamhost for 1 year and in that time I have come to a conclusion. I would not recommend them to anyone. In the beginning things weren’t too bad. After about 6 months however our server and email would go down every Friday. Whether it was just updates or not, we were losing business because of it and I’m sure a lot of other people were too.
Now instead of only going down on Fridays, our server is down probably about 3 out of the 5 days of the week. We work strictly from 9-5 and with the server going down that puts us out a lot of money (one of our main sources of communication is email.) For example: we opened our office at 9AM today (eastern time) and here it is 1PM and the email is still down. We are not able to send or receive email in or out of the company all together.
All in all we will be switching soon but I wanted to let you know there are better companies out there. Before you settle with DreamHost I highly encourage you to look elsewhere beforehand.
Lot’s of defamation politics & hoaxes these days especially in webhosting businesses, i suggests all the people to try at least one year and see whether they’re good or not. Been using dreamhost for like 5 years, well, i guess everythings are fine with me tho sometimes i got some problems like some people mentioned, but well… doesn’t really matter, coz maybe they’re targeting the different audience, not for business & stuff.
i got my web also in media temple, and they’re also really nice. 🙂 at least these 2 companies are much much better than some company i hosted my site before.
How’s downtown when it comes to their service? Though dreamhost has immensely tempting offers (with disk space and bandwidth increasing every week) I’m quite put off by the reviews I’ve been reading here and at webhostingtalk.com.
downtown seems to have good reputation amongst them and their offers also seem more down to earth and realistic compared to the rates I’d be paying. Anybody here recommends downtown? I’m new to this whole web hosting thing and would need a reliable shared hosting service to put up my demoreel for potential employers.
I had horrible experiences with dreamhost lucky it happened during the money back time and I quit with them but I actually had to fight to get the money back. My site was down several hours daily and their support was worse then anything I have experiences with a lot hosts I had to deal with. I switched to another place and I am happy I did!
I use DreamHost for a year now, and I am still happy with them!
My blog (optimiced.com) works fine, and up to now was down just a couple of times, in a whole year!
Support was OK. Billing was OK. Emails and server uptime was fairly OK.
And, yes, you must take care of your own installs of blogging software and other things!
What you should do then is ask them to send you the WordPress file, which was eploited, after it was modified by the exploit, and then re-send it to WordPress.org forum. You could ask help in wordpress.org forums, anyway. You should ask DreamHost guys to look into raw log files and help you find how the file was hacked…
Yeah, maybe they were not so helpful, but you also don’t have the right to blame DreamHost from stopping a malicious script executing freely on their servers, right? 🙂
Hope everything’s fine now… and, yes, I still like DH and recommend them, and not only because I can get 10% referral discount for referring clients to them! 😀
I have bad experience with Dreamhost….
Everyday day I have problems, Dreamhost server down, mysql down, cluster …. as!@#!@3…server…
And everyday i can see new restrictions and lose of performance…tooooo sloooowwww…..
I will quit soon.
From 1-10 i can give them only 3 !
This hosting may use people who don’t have any script running on web site and don’t matter when working and when not…
I think no matter which hosting company you choose to go with you will at sometime get problems, I have used a few different ones and no matter which one I chose I have had my sites offline at some time or another.
Server outages are just the roadworks of the internet… get over it!
If it was sooo extreemely lifesavingly important for your site to have five nine reliability then you’d pay for it by going to a corporate host (that’ll be a half million dollars a year).
Personally, I’d *want* dreamhost to shut my site down. If my site is producing a million mails that a) are wasting everyone’s time, and b) are adding me to a load of spam blacklists, then I’d take the hit.
Not to mention that in lots of countires DH would be breaking the law by not shutting it down.
Warning dreamhost.com shared hosting is NOT for you unless you want to do this below on your site:
1) do not use any image magick commands
2) get less than 1000/pageloads per day
if you use image magick commands, they will claim your going over CPU seconds alotted, with their fake made up CPU seconds metric that they invented, and shut off your site without notice.
if you get more than 1000/page loads a day, you are most likely going to get a random shut down of your site.
and they dont give a cr4p if your losing adsense during the shutdown.
I think everone has trouble at some time or other with the hosting company, at the moment I use hostgator, I have had 12 months trouble free but before that I had problems with them but I stook firm and glad I did.
Pingback: Fed Up With Dreamhost: Horrible Hosting Company
I have never had a problem with DreamHost!
I once made a 3rd party picture section for Digg (digpicz.com (see also reddit pics :)), and the shared hosting for $9.95 a month handled 100’000 (hundred thousand!!!) visitors the first day!
I blogged what I optimized to handle such a traffic on a cheap shared host in this post: A few words about Digpicz.com.
Just a quick question – if your website is critically important to your business, why aren’t you using a business-grade hosting provider? $40/month for an account with a business-oriented company surely wouldn’t break the bank?
Curtis Bayne I whole heartily agree 110%. If you website is critical don’t go with a basic hosting plan. You really should be running a dedicated server. First with a dedicated server you have full control of your hosting options and can make changes to the way your host your site. Second if you do major traffic you wont have to worry about a host shutting your down. Third your support with a dedicated server is always going to be better than just a basic web hosting account. I run a dedicated managed windows server through Server Intellect and have about 30 sites running on one server and never have to worry about if someone else website is going to bring the server downDedicated servers are the way to go if you need critical up-times and support.
@trey: that “made up” cpu seconds argument is hogwash, it’s called sa, a common linux/unix utility:
NAME
sa – summarizes accounting information
SYNOPSIS
sa [ -a | –list-all-names ]
[ -b | –sort-sys-user-div-calls ]
[ -c | –percentages ] [ -d | –sort-avio ]
[ -D | –sort-tio ] [ -f | –not-interactive ]
[ -i | –dont-read-summary-file ]
[ -j | –print-seconds ] [ -k | –sort-cpu-avmem ]
[ -K | –sort-ksec ] [ -l | –separate-times ]
[ -m | –user-summary ] [ -n | –sort-num-calls ]
[ -p | –show-paging ] [ -P | –show-paging-avg ]
[ -r | –reverse-sort ] [ -s | –merge ]
[ -t | –print-ratio ] [ -u | –print-users ]
[ -v num | –threshold num ] [ –sort-real-time ]
[ –debug ] [ -V | –version ] [ -h | –help ]
[ –other-usracct-file filename ] [ –ahz hz ]
[ –other-savacct-file filename ]
[ [ –other-acct-file ] filename ]
DESCRIPTION
sa summarizes information about previously executed commands as
recorded in the acct file. In addition, it condenses this data into a
summary file named savacct which contains the number of times the
command was called and the system resources used. The information can
also be summarized on a per-user basis; sa will save this information
into a file named usracct.
Signed up for DH today – first time for a new client. Never do it again. The admin website has been down since we signed up – no telling how long it’s been down but it’s still down and Support is not responding. Worse than that – they’re not accepting mail from me since I’m not emailing from my client’s email address and I can’t log a case since that would go through the ADMIN panel. If you’re reading this, you should STEER VERY CLEAR of Dreamhost – not at all what they’re cracked up to be.
They promised 99.9% uptime too – that’s only 7 hours of downtime each year. Two hours and counting today and no telling when we’ll be back up.
“They know WordPress well enough to diagnose a blog as a source of spam, but not well enough to advise of a solution.”
They did provide a solution you whinging baby; they asked you to upgraded your wordpress installation! Maybe instead of wasting time emailing them and writing this angry blog post you could have just upgraded? Upgrading would have taken far less time and now you look stupid.
Wow, Brett, what a moron you are. The WordPress install was actually on the latest version already and all plugins were up to date. Shame you didn’t have anything useful to add to this discussion.