We’ve been with FatCow hosting for quite a while. Up to this year, they’ve been an inexpensive, reliable company. Two incidents in the last six months changed all that. They’ve lost our support. Here’s why.
WordPress Sites Shut Down Because of a False Positive on a Default WordPress File
Every WordPress installation includes many default files, we’re talking thousands of little bits and pieces that make WordPress what it is, a reliable platform for bloggers.
Back in May, FatCow’s scanners decided that the standard WordPress file, moxieplayer.swf, was malware. Here’s the email we received:
Hello,
A routine scan of your account has found the following malicious or infected files:
wp-includes/js/tinymce/plugins/media/moxieplayer.swf
As a result, we have suspended your website, to avoid problems for website visitors or other customers. Please remove the malicious code, through FTP or the File Manager. I would recommend deleting and republishing your entire website from a clean copy; this should then erase any other code which may have
been injected into your pages to allow back-door access by unauthorized people.
You should immediately change your password through the control panel for the account, and most importantly, you need to make sure any application in your account are completely up-to-date as far as versions, security patches, etc. are concerned. This applies not just to the core application, but also plugins,
themes, modules, etc. If this is not done, your account will remain vulnerable to future attacks of this kind.
In order to secure your web application,you can use SiteLock Fix product which scans your website daily and removes any infected files. To learn more about SiteLock, please go to: (url removed) /product/sitelock
Sounds serious, right? FatCow did more than warn us, they suspended our websites. That means that FatCow removed access to them, no one could view any of our eleven websites.
In this situation, we had to go through every installation, find the suspicious file and delete it. We’re quite surprised that our WordPress installations still worked after they were put back online.
Once the sites we up again, we began to do some detective work. That file, moxieplayer.swf, is a standard WordPress file. It comes with every WordPress installation. When we notified FatCow of that, here’s what they said:
Comment:
It is possible that a few lines of malicious code was found within the file as opposed to our scanner considering that the file as a whole was malicious. I’m going to try to have this looked into a little further, but with the files already gone we might be limited in what we can research. I’ll get back to you if I find out more information.
Guess what? FatCow never bothered to get back to us. You will note that in the first message, FatCow was pushing Sitelock, an extra-cost feature that they recommended. Fatcow flagged a perfectly safe WordPress file then tried to sell a premium product using scare tactics.
FatCow never admitted their mistake. Every other company that we’ve dealt with over the last twenty years has taken the blame for their own errors. Not FatCow. Despite having our sites shut down for absolutely no reason whatsoever, FatCow never offered compensation either. In their ads and on their site, FatCow pretends to be wholesome, efficient and friendly. Trust us, they’re not.
Stay tuned for Part Two of our rating on FatCow Web Hosting. Once we find a reputable hosting company, we’ll come back a post a link to their site.
Comments and questions are welcome but Likes on our Facebook page get immediate attention. Here’s the link: Computers Made Simple on Facebook . Thanks for reading!