UK2, Spammers, And The Mysterious Disappearance Of My Website

Friday lunchtime, everything was fine in the world, or at least in my on-line portion of it. My new website was up, functioning, and looking – dare I say it – pretty good. Granted, I was getting a torrent of grotesquely horrible spam comments on the blog portion of the site, but the WordPress spam filter was catching them. It wasn’t very nice having to periodically log into the site’s admin pages and delete 156 comments with links to things like “ch***d p**n” and “p**do r**pe” (no, I wasn’t being naive when I said this spam was horrible – I’ve been on the net nearly fifteen years, and the type of spam my blogs been getting shocked me deeply, and while I’m guessing it doesn’t actually link to what it purports to be linking to, it’s still deeply unpleasant to receive), but other than that, and that is a big other, things were fine.

(Except, of course, that it’s managed to raise my hatred of spammers from its already incandescent level to a white hot level of biblical fury. I’m regretting being an atheist, because it means these scumbags won’t go to hell. I hope they accidentally spam Osama Bin Laden with porn and then get taken out by an Al Qaida suicide squad. I’ve moved way beyond the point where I hope they come down with particularly painful cases of rheumatoid arthritis, and instead want them to stay flexible enough that I might one day read of them accidently choking to death on their own genitals during a solo sex session. I no-longer agree with Barak Obama’s shutdown of Guantanamo Bay and his abandonment of torture. Sure, I’ve previously said that the Western world needs to maintain the moral high ground, but that was when we were talking about suspected international terrorists, for God’s sake! I have no problem whatsoever with the CIA kidnapping spammers off whatever rat-infested streets they might happen to be inhabiting, extraordinarily renditioning them to Camp X-Ray, and giving them a damn good dose of water-boarding.)

Anyway… On Friday evening, I whipped out my iPhone and tried to show my site to Martin, a guy who might be taking over Tales of the Decongested, and found that I got a page saying: “This site has been suspended. If you are the administrator of this site you should contact either our support or billing departments as soon as possible.”

This was not fine, however loosely you define that word.

Of course, by then it was past Friday 5 pm, and UK2 (my hosts) are strictly a Monday to Friday outfit when it comes to support for basic hosting. If they’d given me the basic curtsey of sending me an email that afternoon to tell me they’d just turned my sodding website off, I could have phoned them before the support lines shutdown. (Note: the host account’s registered email account is not with them, so even if everything in the account was turned off, they still could have emailed me). But no, they left me to find out myself, and by then it was too late.

So I had no option but to spend the weekend periodically checking the site to see if it had come back, finding the message there each time. It’s not a nice message. “Suspended” is a dodgy sounding word, which could cover everything from “This man doesn’t pay his bills” to “this man has been distributing Nazi propaganda” to something far, far worse. Alright, it’s not like coming home to find the word “pedo” scrawled across your door, as I believe once happened to a paediatrician who made the mistake of living on a housing estate populated by illiterate vigilantes. But it’s still not very nice.

About the only good thing about the situation was that it was only the website they’d turned off; my email was still working.

So first thing Monday morning, hoping it was just some kind of direct debit snafu, I phoned up the billing department, and was bluntly informed that my website had been “banned” by the “abuse team” for “abuse” and no, they couldn’t tell me what it was. The only thing I could do was go to the support section of the website and create a support “trouble ticket”. Which I did.

Hi there,

Some time on Friday, my website (jonny-nexus.com) stopped being available. There was just a message saying that it was unavailable due to being suspended and that the owner should contact either the billing or support department.

I phoned billing this morning, and they said that it had been banned due to some kind of abuse issue (spam etc).

I’m a bit mystified by this as I never done any kind of spamming whatsoever, my website is very harmless, and I’m using your mail server for mail (i.e. it can’t be one of those cases where spammers are using a misconfigured server).

The only thing I could possibly think it might be is that I recently installed a WordPress blog (using your install script) and I’m getting a lot of really horrible spam comments. They’re being caught by the spam filter, so they don’t go on the blog, but I have to log into the admin page to delete them – so perhaps one of your systems saw the WordPress admin page with the spam comments on it being sent out to me, and that tripped some kind of alarm.

The page I would be looking at is (from memory) something like:

http://www.jonnynexus.com/wp-admin.php

Anything on that is just stuff that I’m seeing, having logged in as admin.

Obviously, I want to get my site up and running asap. If you can sort out what’s going on and get back to me I’d be very grateful. You can email me on the above email address or call me on 07954 589313.

Thanks,

Jonny

I then sat back and waited for a response, which – and this will be no surprise to anyone who’s ever googled the words “UK2” and “Complaints” – didn’t come.

First thing Tuesday morning, I phoned the support line, quoted my trouble ticket reference, and was told that only the system-admins could deal with this sort of thing. I said that at this point, I just wanted to know why I was banned. (It’s not a very nice feeling. You wonder if someone’s been doing something awful in your name, and you might get into trouble for it.)

But the guy on the phone line could only apologise, saying that the only thing he could do was ramp the priority of the trouble ticket right up, and then email the sysadmins to ask them to respond. I asked him to do that, and waited for a response.

4pm, seven hours later, that response still hadn’t come. I phoned again, three times, and couldn’t get through. I tried again at 4:40pm, and this time did get through, and got the same non-answer. By this time I was really wound up. Forget getting my website back up and running; I just wanted someone to tell me what it was I was supposed to have done. The guy promised to go over to the sysadmins right there and then and ask them to email me with an explanation, and said I would have something in 10 minutes.

Well it wasn’t 10 minutes, it was nearer 30, but lo and behold, the following popped into my inbox, around 96 hours (and three phone calls) after they took my site down without even bothering to tell me.

Hi Jonny.

Please accept my apologies for delay in getting back to you. We have received large amount of spam via your account and as your disk quota has been reached, random message we picked up looked like was sent from your account. We have unlocked your account and it should be online shortly. Please accept my apologies for any inconvenience.

Kind regards

XXXXXX XXXXXXXXXXX
Server Engineer

UK2 IT

Ticket: www.uk2.net/submit_ticket

At UK2 we promise to bend over backwards to help you! www.uk2.net/webendoverbackwards

I have no idea what that means. Really. I understand the words, but not the way they’ve been put together. John suggested that perhaps someone out there at Server A was sending a stream of dodgy emails to Server B with my address put in as the return address so Server B was sending response emails to UK2’s server and that was what caused the problem – but in that case, surely it would have been my mail they’d taken down not my server?

And what’s all this stuff about disk quota? There’s hardly anything on my site. I’m probably using about 1% of my disk quota. About the only thing you can discern from the mail is that there was nothing wrong with my site and it was taken down in error due to some kind of false positive. But without knowing what that false positive was, I can’t take any actions to prevent it happening again.

At the end of the day, I’m pretty unhappy with this. The idea that they might take down my site (in error!), not tell me, and then – when I contact them – refuse to do anything more than confirm that yes, they’ve taken down my site – well it’s not good.

Needless to say, I won’t be recommending them. The standard signature tacked onto the end of the email stated:

At UK2 we promise to bend over backwards to help you!

Well someone got bent over backwards last Friday afternoon, but I’m not sure it was them.

9 comments to UK2, Spammers, And The Mysterious Disappearance Of My Website

  • That does very much look like a problem with email domain stuff, not the website. It’s an old domain, spammers are using it, all my old domains get spam sent ‘from’ it, bloody insecure email specs.

    But that’s a very good reason to not even consider using UK2 for anything vaguely professional, if they take a site down Friday and can’t get it back until Tuesday, that’d kill a lot of businesses or campaign sites.

    • Well exactly. Their reply only makes a vague sense if you assume it was an email issue. But they left the email up and took the webserver down. And like you said, faked reply addresses are not exactly a new problem.

      I recently offered to make a small website for a friend for a hobby business she might be starting. I was thinking of doing in on UK2 because although I’d had problems with it, I have now figured my way around the interface.

      But I couldn’t in all conscience do that now.

  • As I’ve discovered:

    1. WordPress blogs are prime targets for comment spam; to fight them, install the Akismet plugin, which is remarkably effective. It may also help to hold comments for moderation which contain URLs. Keep your WordPress and all plugins up to date.

    2. There’s something called “backscatter”, where a spammer puts your domain in the “From:” line and your account fills up with error response mail and Out-Of-Office autoreplies. One solution is to configure only a few mail accounts at your domain and reject the rest instead of using a catch-all, but that may be something the mail server admin needs to configure.

    3. UK2 don’t have a great reputation when it comes to suspending your account over backscatter or spam links.

    • Well so far, WordPress has caught practically every single spam mail (i.e. held it for moderation). Only a couple have made it through to the blog, and they were just innoculous random chatter with no links.

      And I’ve only got a couple of email addresses defined (one of which redirects to the other), and no catch-all address (if you’re referring to a “*@jonnynexus” type arrangement). There certainly wasn’t a big build up of spam in my account.

      And it’s not good to hear that UK2 have a poor reputation in this regard, but it doesn’t surprise me. It seem like they shoot if they hear a noise, and then apologise if/when you stagger bleeding out into the light.

  • It was good to meet you last Friday. Glad to see you managed to get back online!

    • Yes, as you can see it was something of a struggle. But at least now you can see the site I was trying to show you!

      Good to meet you too, and if there’s anything I can do to help with Tales, on the newsletter idea or anything else, please let me know.

  • Hi Jonny

    I am going through exactly the same situation as you experienced and I am assuming it’s for the same reason.

    My account was suspended without warning over the weekend and referred to the Abuse section, who have been totally unresponsive in the 48 hours since my site went down. The reason is apparently MySQL overload of the server on which I host my WordPress blog. I too get a lot of comment spam which I keep in check with Akismet.

    I normally enjoy good response from UK2’s tech support but I get the feeling once you get referred to the Abuse section it’s the virtual equivalent of being incarcerated a Russian gulag, doing time with the phishers and spammers. 😉

  • kris

    i like spam. Fried with scrambled eggs and toast.
    Sorry to hear about your troubles.
    How did the party go btw. there were a few of our mates down that weekend time-warping.

    I had to change my e-mail address a couple of years back to avoid ‘hot farm s e x’ spam.