Why Lunarpages is no longer my hosting provider

I’ve been with Lunarpages now for nearly 10 years.  Of those 10 years, the last year has been terrible. There have been several instances along the way that were bad. I was more patient then.  I have paid for their services on a yearly basis. I would essentially be paying for 10 months per year. The downside was that I was locked in and had no where to go.

When I first started with Lunarpages, they were the friendly company that would try to help you. They were nice and their corporate image was one that made you feel comfortable. Today if we go to their website, it looks like someone built the website in Microsoft Word. I kid you not, have a look:

lp_home

And if that isn’t bad enough, go to their main hosting pages to select your service or even package, you are greeted with the same pages that look like they were made in Microsoft Word.

lp_hosting lp_hosting_basic

Anyway, that isn’t the reason that I left.  I left because Lunarpages have been treating me like crap. They have suspended my services down nearly a dozen of times over the past 10 years. Each time my account was suspended had nothing to do with something I have done.  But it doesn’t stop them from suspending your account without any warning. This is where it gets funny. After they suspended my account, they would send me an email saying it was suspended.  But the email they would send it to would be hosted on their services, I had no way of even seeing my email. Let me tell you this, getting your account reinstated was NOT easy.

The lack of email access made it that much more entertaining. Rather than fixing a flaw in their system, they would tell me that I absolutely need a Gmail account.  So why am I paying for hosting services with email hosting if I should be using Gmail? I realize I am not talking to sales guys, but come on. I didn’t want another email account, I had enough.  Told them I refuse to open another email for those reasons which always lead to argument over the phone.  Some on my nightly commute enjoyed my back and forths with Lunarpages support when trying to get my account enabled.

Let’s look at why my account has been suspended. I may be forgetting some instances, but you get the picture from this list.

  1. Unlimited storage is NOT unlimited storage.  I had to put up a file of a TV show, my own TV show up on my server.  Things like Dropbox didn’t exist back then.  My account was suspended because the file was too large (it was 1.5GB).
  2. My account was compromised through PHP Nuke. Yes I loved CMS software for a while. Nuke was notorious for being hacked.  My account was suspended and I was told I need to contact them to get it enabled again and assure them I would fix it.  The exploit left on my site was a 5 second delayed redirector to a website that said “You were hacked by…”. Nothing malicious on the page either.
  3. I was running some rather large community websites for Need for Speed on my hosting.  Some achieved up to 100k monthly active users and 50k daily active users. I was suspended because someone contributed a file to my site that had copyright information within it. I cannot review everything submitted and I had nearly 2 dozen volunteers at the peak helping me. There was a reporting process, no one reported it. I could have been sent a warning to take it down or review it.
  4. After hosting Need for Speed community sites, I went on to build Facebook apps. I’ve built several and at the peak I had 2 apps reach nearly 1,000,000 daily active users.  One application (App Bookmark) was adopted by Slide and RockYou. Almost overnight I went from 20k DAU to nearly 500k DAU.  The traffic remained constant for a few days before I was suspended.  I was suspended for using too many resources. Since I was studying law, took it upon myself to review the legalese and did not find any such limitations. I argued with Lunarpages to enable my account because that is not written in their legal docs, they eventually gave in and enabled me. No apology, lost a lot of ad revenue.
  5. Another one of my Facebook apps called App Broker was taking all the data from App Bookmark and crunching numbers to use as a game. This game was steadily growing. Again, my service was suspended because I was making too many requests to the database and it was affecting their other customers.  I implemented some very heavy caching which meant the number crunching would happen periodically.
  6. Again in App Broker, I released a new feature that app developers could put a 1×1 pixel image / iframe and would allow to gather very detailed analytics on the app’s traffic.  This time, rather than being told I called the database too often, I was told that I had too much data in my database as a result of all the WRITE queries from this new service. After a lot of arguing and based on the fact that they claimed I had unlimited web space and database, they reenabled my services.
  7. For 4-5 years, things get pretty quiet. Nothing new is launched and most of my work is now with Social Game Universe.
  8. Jumping to this year. At some point I am going through my email and it stops working, go to my website and it shows a suspended message. I contact Lunarpages and they claim my account was compromised. I get them to reenable my services on the phone, saying I will fix it.  Only a few scripts were affected and the exploit wasn’t bad at all.
  9. Same thing as last time, my account is disabled because it was compromised.  But why? I changed all my passwords last time. How did they get in and change all my files? They refused to reenable my account this time over the phone.  My FTP access was blocked. I was forced to use an online file editor to go through files and fix them. But Windows 8 decided it wouldn’t let me open the files in browser because it contained exploits. I had to turn off my security on my computer to perform this. It took me hours and it was painful. I told them I was done and asked to make sure I didn’t miss anything. They said all was good and they enabled my account.
  10. About 2 weeks later, same thing again. My account was disabled because of exploits. But this time I was confused. I had deleted every CMS on my domain and changed all my passwords again. As a result of changing my passwords, I couldn’t access the online file editor. I could not reset my password because my email address was hosted with them. They did not want to give me access to my account’s FTP. It took a few hours for me to get approval to get back on with FTP access to fix the files.  This time, the files were not compromised. They were files that I had missed in the prior exploit and looks like they did not confirm my site was clean as I had asked them to check last time.
  11. Yet again, my account is suspended for exploits.  This time I am beyond confused. What the heck is going on. How are hackers getting into my account all the time?  This time I got the email a few seconds before the account was shut down. I looked at the files on the online file editor. The files were false positives. They were encoded javascript files.  One was JQuery. Again, I tell them this and the service is enabled.

You probably got bored reading through that list. I know I would if I was reading this. Lately I’ve been running into other various issues with billing as well as support. I had to move and it was no longer a choice. Finding a new host has taken me a while. I love cloud hosting and have been using it for the past few years. But sadly for a personal site with a few apps running in the background, I didn’t need that kind of power and didn’t have the time to maintain that. It was necessary that I signed up with a similar service to Lunarpages, which is why I am with SiteGround today.

You’ve seen my prior post on two-factor authentication. I am boosting up my personal security.  One thing that absolutely shocked me was that Lunarpages can view your passwords in plain text. I am dead serious. I will have more on this soon.  I was infuriated and shocked.  We are in 2013 and they have plain text passwords. Something is wrong, very very wrong.

When you look at the customer reviews from SiteGround, look at their corporate image, look at how they talk to people on Twitter. You can tell they are a better place to be with. I also like the fact that I am now paying $7.95 per month rather than the $26.88 per month I am paying with Lunarpages.

And yes, SiteGround’s site doesn’t look like it was made in MS Word.

siteground

  • Katy

    We switched to WPBlaze.com for WordPress hosting.

  • Thanks! I am currently on SiteGround. Happy with it so far and very happy with my experience.

  • Bill Stevens

    1) of course it isn’t unlimited, what fantasy world are you living in where ANYTHING is infinite (besides the universe itself)
    2) So you’re suggesting that a responsible web host would leave a compromised web application online (or that tech support should be paid to troll through your ancient exploitable code and mark/fix vulnerabilites? They’re tech support, not programmers)
    3) Perhaps you’re not familiar with DMCA, or perhaps you didn’t respond to the email.
    4) Pretentious. Also, with that kind of traffic you were probably causing issues for the other hundreds of people on the server you were using (why are you using a $10/mo plan for such high traffic and then complaining? Would you refuse to invest more than $10 in any other business venture?)
    5) Again, why are you performing heavy database activity on the cheapest plan available and expecting it to not cause issues?
    6) Your application sounds woefully inefficient. Considered ‘code review?’ Look it up if you aren’t familiar.
    7) Thank god for small favors.
    8) “The exploit wasn’t bad at all” you don’t seem to understand how security works.
    9) Suddenly your terrible choice of OS becomes somehow their fault.
    10) and 11) probably because you don’t know wtf you’re doing and remoing a couple files from a compromised application doesn’t fix the vulnerability. Again, hire someone that knows what they’re doing.

  • The baselessness of your comments “doesn’t know wtf they are doing” and “doesn’t understand security” are staggering. Especially given the fact that your activity on this site doesn’t extend to other posts or pages.

    Lunarpages has failed me. They have failed hundreds of others who have expressed going through similar experiences. Lunarpages is known for their poor support and terrible security.

    Many have commented favorably to this post. Of course you cannot please everyone. As someone who claims to be an experienced manager, developer for 10 years and loves working people, toning down the personal attacks would be helpful.

    I enjoy a healthy debate. This is anything but constructive or healthy. Hopefully HostGator works out for you.