host4geeks and malware extortion

We’re always looking for ways to save money, and it was looking like we were going to require a very expensive SSL Certificate. But then we heard that some hosts provide those for free, as well as charge very little for hosting. In April (2018) we contracted with host4geeks, where for about $21.95 every three months we acquired hosting for our three domains and their associated sub-domains as well as free ssl certificates. It seemed like everything was looking up.

Well ……April was great. No troubles what so ever.

In May, hackers got into my site and redirected everyone to a faux virus page (pretending that my (or your) computer was infected with the “Zeus Virus“). That was fixed fairly quickly, but then it happened two more times. This time we blocked access from the ip addresses we determined were causing the trouble.

About mid May, I started to get notices that my site(s) were using too many resources. That went on for about two weeks, until we found the culprit lurking in the file system: zz1.php. This was installed in the root directory, as well as the main directory for one of our sites. In addition, two directories with over 1,000 .php files each were also found. All these files added up to a whole lot of resource wastage. We got it cleaned up, but it happened again several times. Then we found a cron job that was set up to load zz1.php whenever it did not appear. We erased that and created a new cron job to keep things clean.

The straw broke the camels back was when I added some product to our store. The illustration for the product consisted of a nude couple making love, her on top of him. The only thing you can see is her butt (which you can see on almost any art or naturist site). But, host4geeks would not allow it, but the way they censored it was insane. As soon as I hit the commit button it delivers a 403 error – that I don’t have permission to use the server. Took me awhile to figure out that the only problem was with the illustration. But …..I am a Liberal. Censorship, no matter what, is an outrage, and will not be tolerated. Incidentally: I wrote a short post on this site, with the picture, critical of host4geeks for their unwarranted censorship. It was up for a few days before they took it down, even erasing it from the database. Now, one thing interesting to me, is that they finally offered to sell me a rather expensive (and paid for monthly) software designed to scan the site(s) daily to eradicate malware, virus’ etc. Funny, I’ve been with maybe six hosts since 1999. The hosts have always provided protection from hacker creeps as part of their service. Makes me think the hacking activity was an inside job. Host4geeks was the first to try this kind of extortion. Hopefully, they are the last.As of right now we are being hosted by SiteGround. They came highly recommended by RDG‘s Senior Clerk (a webmaster also), and so I have a great deal of confidence that we will have a long and fruitful relationship with them.

In case you are interested, here is a list of the sites I have created and maintain.