RSS
 
 

Incompetent hosting companies (Arvixe?)

26 Mar

Yes: we will be having a post about hosting companies, complete with sales emails and ‘support’ logs.
We will show how some of these companies just waste your time and in particular request you to upgrade to packages that JUST DO NOT WORK

First up will be: arvixe
You can find avoid them at : http://www.arvixe.com

So….. here we go.

There is actually far more stupidity and incompetence to this story than is possible for me to reveal, mainly because it would require me to release IP addresses or domain names and thus embarrass my customer to his customers.

Lets get started:
This was NOT a VPS system, therefore there was no ‘customer’ root for the hosting space.
The first rule of ANY hosting service should be to NEVER execute programs in the user space as root, Especially if the ‘customer’ has uploaded them himself (If you need to ask why, send me your bank account/credit card details and password and I will reply).

So what proof do I have that the hosting company repeatedly executed user programs as root?

Simple, when a program is started as root, then any log files/ directories generated will be tagged as owned by root.
(The names have been hidden to cover the owners Identity)

How NOT to execute a user space program

But the Stupidity does not end there, not only did they execute a user space program, but that program was Java & tomcat, which means that any programs running under the instance would be running as root…….
Another example again executed as root (note the time stamps), also it is a different directory location.

Another example of application executed as root

Now the other issue with Starting applications as root…….
1. NO ONE but root can terminate them
2. NO ONE can reassign the directory structure to the owner of the account, other than root

To complete either of the above tasks with some of  the Arvixe ‘customer support’, would often take 30 minutes of online chat.

One support operator who shall remain nameless actually only replied every 9 minutes. Why work hard solving the customer support issues quickly, when you can pretend you are doing your job but get away with less work.
Interestingly this support staff did this on EVERY request to him, and in some cases support from that operator was an eye watering 1 hour 40minutes, in the end whenever we were allocated to that support staff ,we would cut the line and re-apply in the support system, one other ‘trick’ to prevent you getting bored whilst you wait for support, is that the system ‘dummy types’ messages, but then erases them, this takes the form of “xxxx is typing” messages which generally occur at every 4 minute mark of waiting.

You may say that: ‘anyone can make mistakes’, personally my  thoughts are that operators should not be employed if they are incapable of knowing the risks of executing unknown user programs as root.

Especially as:


There are currently 8 chat request(s) before you in the chat queue.
Your request is important to us. Please wait, an operator will be with you shortly.
There are currently 8 chat request(s) before you in the chat queue.
Your request is important to us. Please wait, an operator will be with you shortly.
There are currently 7 chat request(s) before you in the chat queue.
Your request is important to us. Please wait, an operator will be with you shortly.
You are now chatting with ------- Support
--: 1. please check this!!!!
--: ~/jbilling/webapps]# ls -la
--: the tomcat WAS started INCORRECTLY
--: drwxr-xr-x 9 root root 4096 Mar 25 20:35 jbilling/
--: please kill ALL java threads for my account
--: remove THIS directory
--: ~/jbilling/webapps/jbilling/
--: and restart the tomcat as MY USER
--: sh jbilling/bin/startup.sh
--: using above

and AGAIN…..


You are now chatting with -- -- - Support
--: hi,
--: can you kill this process
-- --: Hello and thank you for contacting Live Chat. How can I assist you? If at any point of this conversation, you don't receive a response from me for a prolonged period of time, it may be possible that you were disconnected. If you think we may have disconnected please simply restart the chat session through our website.
--: root 914054 0.1 3.5 2010004 212924 ? Sl 04:56 1:17 /usr/local/jdk/bin/java -Djava.util.logging.config.file=/home/---/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/home/-----/tomcat/common/endorsed -classpath /home/-----/tomcat/bin/bootstrap.jar -Dcatalina.base=/home/-----/tomcat -Dcatalina.home=/home/-----/tomcat -Djava.io.tmpdir=/home/-----/tomcat/temp org.apache.catalina.startup.Bootstrap start
--: also can you makesure that this tomcat DOES NOT startup again
--:
-- --: Please hold on,

Why I would not recommend Arvixe

1. Some of their support staff are deliberately lax.
2. Many do not appear to be security conscious or minded.
3. They claim to have many years experience in tomcat, and yet they limit the memory to such an extent that tomcat struggles to run.
4. They continually start tomcat as ROOT, which means if a tomcat application crashes, but leaves the JVM intact, then it cannot be shutdown and restarted by anyone other than ROOT.
5. If tomcat is compromised, or loaded with a ‘rogue’ program, that program executes as root within the JVM.

As I stated at the beginning of my article, there was much much more, not least of which Arvixe recommended certain aspects of their service and when they did not work out, their TOTAL STUBBORNNESS to back down or correct the problem was astounding, instead insisting several upgrades would rectify the problem, indeed they seemed to know so little about Tomcat that they failed to see why such upgraded were doomed to failure.

At one stage we proposed ‘borrowing’ a VPS for a couple of days in an attempt to resolve the issues they were having, they FLATLY REFUSED, saying that they did not offer “FREE” accounts.
The fact that they completely destroyed any chance of the customer problems being resolved quickly, did not even seem to bother them, and this was from a customer who paid UPFRONT for 3 years service.

I now know never to recommend Arvixe to a customer again.

HC

P.S

After more than 1 week, Arvixe finally got back to me with a message requesting what I wanted to ‘make this right’, unfortunately the damage had long been done to all involved, they have also lost me a valuable customer.

 

Leave a Reply

 
*