I have been slowly building an online business of web design services. With over 35 websites built in the last 2 years I can say it is growing well for a single designer.

My biggest mistake was to use 1and1 for my hosting.

At first it was all going well, with only a few issues of server down time and some maintenance periods.

Then I got hacked last month.

One website was hit and I contacted 1and1 customer service as one does to ensure they do what they can from their end.

The response? A cold email…

“This is your fault. You had an outdated version of WordPress on your site which put the server in a vulnerable position”.

1and1 Security Team

If outdated they mean this one WordPress blog was not updated since the last available update just a week before, then WOW. Talk about no responsibility.

I took matters into my own hands and found a nasty piece of script which led to my troubles. I then went and changed my ftp password, MySQL passwords, all usernames and passwords and installed some additional security features. After this decided to do a Google Diagnostic on my site in which Google kindly gave me a link to 1and1s shared server diagnostic as well. This showed over 490 websites on this one server alone which was infecting over 1000 other websites.

The shared server which my 30+ websites are sitting in is infected as hell. Thanks 1and1! Wow, you really make me feel secure. 1and1s shared servers are strewn with Malware-infected websites.

In their “Premium Package” (ha!) they boast about their Symantec anti virus protection on the servers. Yeah right, the only protection 1and1 has is probably a Windows 95 firewall.

1 day later… 10 websites go down with malware warnings.

So, I made a BIG STINK about these infected servers. I threatened to leave 1and1 unless they assisted me in finding out WHERE this scripts are entering from – I kindly pointed out that the shared server I was on was 50% full of virus infected websites. Their response?

“Dear Mr —-, This is not a problem on our end. You need to find out where the scripts have been placed on your end…”

Wow, and wow, and wow…. If I was a hosting company with a heavily infected server affected thousands of websites, I might want to assist in cleaning these up. But no. They ask me to troll through tens of thousands of pages and code to find something I am not even sure what to look for.

So I gave them the little birdie and set off to resolve the matter myself (you see, despite having backups and replacing the files, the hackers were gaining access to the 1and1 server and kept placing additional files after I had cleaned them so I could not move my files elsewhere).

So despite ALL file permissions reviewed and made tighter, ALL passwords and usernames from every possible angle being changed including my hosting account, installing 3 expensive virus/malware detection softwares on my computer and scanning over and over.. I just kept getting hacked.

And the grand finale? This email in from 1and1 today:

“This is an urgent notice regarding the websites you host in your 1&1 account.

Your 1&1 webspace has been attacked by a third party: Malicious files have been
uploaded via your password secured 1&1 FTP access.

Our team of experts analyzed the incident and averted the most dangerous
consequences of this attack. However, further measures on your side are required
in order to re-establish the security of your personal data and your 1&1 account.

Your contract is now locked until further review.”

What does this mean? All 30+ of my websites are now offline, my ftp access cancelled, no access to my MySQL databases – nothing. Get ready lawsuits, I am about to get Medieval.

Summary – 1and1 has destroyed my business. Despite professing having a “crack security team” I got no help, just blame. I will continue to spread the word about this mafia-based hosting company who seems to have godly rights without any willingness to help.