Another wall of text rant you can skip (but not about Patreon this time)

These days it seems like half of my posts are ranting. I'd love to go back to the days of half of my posts being renders of hot, 18+ teens getting boned. That day is still ahead of us.

If you've been following the page, you know that I set up a website, basically just to crosspost with this one and provide some additional marketing. It was hacked after a day or less. I took it down, and in the mean time I've been partially spending my time trying to get the page up and running.

But every time I'd try, across multiple hosts, it would go down. My current stop is at 1&1, a large American hosting company specializing in WordPress and passing off bad customer service as good customer service. 

With 1&1's setup though I could actually see the logs, and it became obvious that I was dealing with some script kiddy who had a bot set up to monitor my domain name. If there was activity it would immediately log in and exploit whatever it could, probably before the installation even finished, leaving me with no hope of securing the site. 

Yesterday this gentleman or his bot was connected all day except for the time I had the site taken down and attempted to come at it from a different angle. This is all there, plain as day, in logs that are available even to me. So eventually, late at night, I decide to contact 1&1 and let them know what's going on. 

As it turns out, you can't find (or I couldn't, anyway) a support email on 1&1's page. Plastered everywhere is their touting of 24/7 phone support. Fine, I thought, I'll call them then. After a few minutes waiting on hold I was greeted by noises that sounded nothing like the human voice. It was like Charlie Brown's dad talking only if Charlie Browns's dad were a Poltergeist. I literally couldn't make out a single word being said, so I say "Hello? Helllo? If you're speaking I can't hear you, it just sounds like static." A few seconds later I got transferred back to the music. 

This plays out in exactly the same way 4-5 times over 20+ minutes before I finally decide to give up on phone support. I went to Google for an email support address and contacted it with the following (most of it is rehash, feel free to skip):

 None of your agents had microphones that could produce anything in the neighborhood of human speech so I thought I would try calling[note-- obviously I mean emailing].

Over the past few weeks I believe I have been very often the target of a hacker or some hacker's bot. This is my 4 th service provider now because of the issue, but he she or they seem determined to continue. At this point I'm quite sure he's just running a bot that notifies him whenever I start up a new wordpress. I believe I've had to trash 3 so far just since I've been at 1&1. If you look at the logs I think you can see why. At this point I believe he is running a bot looking for any activity with my domain, then immediately attacks.

He wasn't aware of the domain name I registered with you guys, so it lasted a few days, then I made the mistake of trying to switch it over without every precaution in place. Immediately before you all I was (still am, I guess) with DreamHost, same thing happened. Also, I don't know if he's doing things different now or if the #s I see are outdated or only based on HTTP or what, but when I was at DreamHost he put up about 60gigs of traffic a day.

Before that I was with (and still am, I guess)  Host Gator and the same kind of thing was happening, though I never put it together with hacking because I hadn't really publicized my site yet.

Anyway, what can be done about this? Surely there is someway to blacklist him on your end? I don't know anything about hacking but from what I understand hacking WordPress is about the easiest thing in the world, so I doubt I doubt he really knows what he's doing.I've checked my personal computer dozens of times over so I'm sure there is no issue there, hopefully it doesn't escalate to that. 

Thanks for your time,

[my name redacted though anyone who cares to know can easily find it]

This seemed like a reasonable and measured response on my part. Several hours later I get a response back:

 Dear Customer,

Thanks for contacting us.

We have received your email and are happy to help with your inquiry. You will receive a response within 48 hours. The reference number of your ticket is [redacted]

You can also reach us 24/7 via phone at [redacted].

Sincerely,
Customer Care

[redacted]

"What?" I thought. Is that an appropriate response from a hosting company who's servers are presently being compromised? I realize this particular individual could do nothing about it, but I emailed back to see if I could possibly get some further assistance:

 So, to be clear, someone is running wild with ssh, has been all day long, for 2 or 3 days, and no one can do anything about it? For 48 hours? and there's nothing I can do it about it? 

 Here's his latest log by the way. He's still online. He's been doing this for literally days. 

I attached a log file, about 900k, with an entry from only minutes earlier. At this point he had turned to what looked like trying to brute force hack a password and trying to run up my bandwidth.

Today at 6:35PM I receive the following email from "hosting@1and1.com", whom I had yet to be in contact with:

 It appears that you are contacting us from an e-mail address that we don't recognize. Please note that due to security reasons, we can only provide assistance via e-mail to the primary contact e-mail address set by the account owner.

A copy of this mailing has also been sent to the account owner requesting this information. If the contact e-mail address needs to be updated, the account owner can use the following Help Center Article as a guide:
http://help.1and1.com/update-primary-contact-info

You may also contact a Customer Care Agent over the phone using the number below if you like.

Phone: [redacted]

[signature not redacted, because none was provided]

This was not a phishing attempt on the part of the hacker(unless he's much more clever than I give him credit for) as the email quoted my own emails to support. The first thing I noticed was the insinuation, if not direct accusation, that I was not the account owner: "a copy of this mailing has also been sent to the account owner requesting this information."

In WordPress there are certain times where rarely consequential passwords must be stored encrypted. For example, if you want to enter your SMTP password (to avoid using a pop mailer and getting thrown in with the spam) you have to enter your unencrypted SMTP password). I assume the hacker found the password to games@irredeemable.net due to dumb luck (obviously being too incompetent to find anything else of value) and decided to try his hand at some social engineering. He had been locked out of everything else so it was his only chance at harassing me for the day.

In any case, that is not a good excuse for 1&1's thorough incompetence. I emailed them back immediately:

 That's funny, because I'm logged in right now, want to see a picture? 

[screenshot of my 1&1 control panel, showing my full name, physical address, phone number, and email address on the account]

It's also the email address I signed up with and where I've received many, many emails from you all (I've attached a partial list below. [note-- I just did a search for 1&1 in gmail and sent them a ss of about the first 20, which included the incoice for the account and many PW changes, WP deletions related to the issue]

I am the account holder, and there is no question about what's happening. It's obvious from the logs (which are still in the log directory, if you'd care to look.) This person has followed me to four hosts now. He'd probably be harassing me right now but I got advice (not from anyone at 1&1) to allow only my own IP in using .htaccess before I was ready to launch the site. 

As for calling support, I did that. I was on the phone approximately 20 minutes and got passed around maybe 4 or 5 times. Not because of departmental issues, but because every single agent I talked to had a mic so poor that you literally could not determine whether words were being spoken or not. It could just as easily been radio static.

Also, in the future, if you're going to take that kind of attitude with someone at least have the courage to put your name behind your statements.

[passive-aggressive signature redacted, even though my name is easy to come by]

So now I'm waiting with bated breath to hear back from them. What can they possibly say for themselves after putting such full scale idiocy on display? Is it possible that 1&1 is an even worse company than Patreon?

Listen, I'm sure most of you don't care about the website. I didn't really care that much either, but I like idling animations and figured it'd make an awesome advertisement for the game. So I shat out a WordPress site (a CMS I had never used before despite a background in web development)  just to make it as quick and easy as possible.

Well some asshole decided to go and ruin that plan, so it's wasted much more of my time than I ever thought it would. For that, I'm sorry: but there's no way I'm going to let this asshole win. Hopefully the changes I've been able to make to an uncompromised installation, plus the new WP version coming out (tomorrow I think) are enough to keep the site online. If nothing else I'll just recreate the same style from scratch with a a simple blog and little potential vulnerability (while continuing to work on the game, of course).

I think that just about covers it. Oh, my trivia team lost tonight. But the questions were bullshit.