back to article Fasthosts customers blindsided by emergency password reset

Fasthosts has announced that "a number" of its customers'* FTP spaces were raided as a result of the major hack that triggered a police investigation last month. It has applied a system-wide reset of thousands of passwords as a result. The Gloucester-based webhosting firm yesterday performed the emergency reset of control …


This topic is closed for new posts.
  1. randomtask
    Thumb Down

    Not happy...

    I only run a small local forum and fasthosts have caused nothing but problems over the last year or so. First of all I lost all my content (luckily it was backed up to my home PC). A few months went by and then my SQL server just upped and left, it appears it had enough of fasthosts. Then I went to login this morning and it appears that my SQL database has shat itself as my site is showing nothing but SQL errors :(

    This is bad enough for someone like myself running a simple forum, imagine the hassle people must have trying to make a living on the back of all this!

  2. Andrew Brooks

    Enough is enough....

    I have just been charged a late payment fee!!! They are ignoring all the recent fuss over credit cards and bank charges and if you don't pay within 7 days of your hosting expiring they charge you £20 +VAT!! P.S. They don't tell you about the charge until your renew, in a kind of thank you for your repeat business charge!!

  3. Anonymous Coward

    Not sure what is more amusing

    Not sure what is more amusing... people not changing passwords when they've been given notice fasthosts has been ransacked or people using fasthosts for mission critical websites......

  4. Stewart Farquhar

    Password Resets

    I have two Fasthosts accounts and as I have my websites generated by WordPress, then the major MySQL database password reset brought both sites down and I was also banned from accessing both FTP accounts.

    I changed all my control panel, FTP, MySQL and email passwords on the 18th October when the security breach came to light. Yet, I was still barred from access last night.

    Fasthosts is hiding something here, as why would they disable/change my already changed passwords. A second security breach maybe?

    Honesty is the best policy here. Own up Fasthosts if there is a second breach.

    Also, if user's FTP accounts were breached, the hackers could easily upload sniffer programs to users FTP directories. Fasthosts have never warned the users to look out for suspicious files.

  5. voshkin
    Thumb Down

    own server

    I have used FastHosts dedicated Linux server in the past, until it was hacked, through a (as it later turned out) a well known vulnerability that was not patched, and all the websites on it were defaced.

    That was enough for me to buy my own Dell server, and host it in a professional data centre for £100 per month. Now that I, and only I have complete control over my own server, knock on wood, I have not been hacked in 5 years! All you need is to close all ports except the ports that you need, apply all the patches, and disable all, but critical services.

    P.S. and having your own server means that you can do whatever you want with DNS, email servers, etc – something hosters will not (or be unable to) do.

  6. thomasthetanker


    Oh, am I the only one that can't do any work because our websites down?

  7. Anonymous Coward

    My thanks to Fasthosts

    I offer my thanks to Fasthosts for this - I have been debating for a while (since the last debacle) whether or not to move to a different hosting company for me & my clients.

    Fasthosts by again showing their excellent customer service have made up my mind for me.

    Just packing my bags now.

  8. Barry Wise

    Fasthosts Password Blunder

    What a total farce. The person that instigated this change and the timing of it should be sacked along with the person that thought they were competent enough to be given the job. I have 4 fasthosts accounts and so am affected in many areas - web sites down, passwords for email not working, unable to manage domain registrations.

    The email says that a SMALL number of clients' FTP areas were compromised so fasthosts have shutdown a large number of their clients sites. This is worse than being hacked because I now just have to wait for the post. I can't call them because their phone lines must be overwhelmed.

    I have already wasted time dealing with support calls as a result of these changes and now I need to invest time in finding a replacement provider and transferring over 100 domains since I cannot trust Fasthosts - not the fact that they had a breach but their poor judgement on how best to resolve it.

  9. Kohul Thiagarajah
    Thumb Down

    Not the best business practive

    This is not the 1st time that fast host has pulled this trick. I had my clients screaming at me for not being able to access their emails or their bookings( on hosted database), in one case is a private car operator who rely on the database hosted on Fasthosts to manage their bookings - I do not believe he will be staying with Fasthosts for much longer along with many of my other clients.

  10. Archie Woodnuts


    I'm a Fasthosts customer, for my sins, and had previously been through my account and changed all the passwords following their cock-up. Despite this, I come to check on my site this morning and lo and behold, it's dead in the water courtesy of the database passwords having been changed.

    Curiously, this and the FTP account seem to be the only logins affected as the details for logging onto the control panel haven't been reset. Which seems a bit daft.I wouldn't mind but, as I'm sure others will attest, there was no warning, it just happened.

  11. James


    Great - fantastic, they've reset my Control Panel, FTP and SQL passwords (which also takes down my website) with the mail set to go in 10 days... no need to panic though as they're sending a new password via Post...

    ... which is nice as I'm working in Hungary for a year and post forwarding takes 4 weeks... if you're lucky.

    Tried calling them, but that's not happening. Maybe I should have paid attention to the first email... what a shitter.

  12. Anonymous Coward

    re: Not sure what is more amusing

    The key point here is that they did NOT give notice of this emergency password reset. They just did it. And now you cannot use the new details to access the FTP, because the FTP servers do not allow connections.

    I only have a couple of clients site's on Fasthosts, I keep my eggs in different baskets, resold to me by a third party, so I was completely unaware that a password change was required, and it turns out that this wouldn't have helped anyway, as even those who DID change their passwords got them changed AGAIN last night.

    On a different matter, the article posted on the 30th of November talks of email passwords changing on the 9/10 November, was that a typo? Should it say 9/10 of December?

  13. Anonymous Coward
    Anonymous Coward

    For the price, you can't beat them

    I changed our passwords after the original intrusion. As a result they were not affected by this forced change. The only problem we've had in three years is a faulty drive controller.

  14. Anonymous Coward
    Thumb Down

    What A Bunch Of Amateurs

    We received an email at 22:27 yesterday evening (Thursday 29/11/2007) informing us that all of our Control Panel, FTP and SQL passwords had been changed, effectively disabling all of our database driven websites and locking us out of every single website that we have hosted with them (approximately 200).

    A little bit of warning would have been appreciated. As it is we are now an internet company with absolutely no control over 50% of our business because someone at Fasthosts thought it would be acceptable to reset every single password without notice and then send the master password via Royal Mail on a Thursday/Friday. Needless to say that on Friday morning, this master password has not yet arrived!

    I can safely say that we will be removing all services currently hosted with Fasthosts within the very near future (or at least as soon as we can log in).

  15. the Accountant


    I spent a goodly amount of time changing my passwords, as advised, after the original debacle, and like others above, I now find that they gone and reset them anyway.

    Bunch of tossers. Time to move.

  16. stephen

    Morons, total morons

    Fasthosts. The epitome of mismanagement and bad decisions. Thanks for shooting me in the face. Thanks a short term future filled with talking customers through changes to their outlook email passwords. Thanks for completely reprioritising my already hectic schedule. Any other random, sweeping, ill-advised changes i can look forward to for Christmas?

  17. rge

    Any incentives to stay with FH?

    @AC. I've been abroad for the last two months (returned last night) and was unable to change my passwords, thank you. I certainly wasn't expecting the country's biggest host to get hacked in the meantime.

    Now I'm locked out of my sites until snail mail decides to send new passwords in a few weeks (that's assuming the postal workers don't go on strike again or they get lost in the Christmas deluge).

    Some sort of financial apology from fasthost would be in order if they want to keep my custom -otherwise they can all burn in hell

  18. Anonymous Coward


    If a small selection of accounts have been compromised, then just reset those account details. If you want to target people who haven't changed their passwords since the last hack then just reset theirs. To put a large selection of your client base through a major inconvenience because of the lax security of a few is ludicrous.

    I agree with the earlier poster - it does seem like they've been hacked again and had all their passwords siphoned off. Unfortunately it's likely that we'll never know. I'm looking forward to the day when companies are legally forced in the UK to publicly report in a timely fashion any security breaches resulting in the exposure of customer data.

    I forgave them after the previous incident. Now that it's happened again, I'm outta here. Any recommendations?

  19. Anonymous Coward

    You have noone to blame but yourselves

    Ok, none of you lot who replied have any excuse - you read The Register, I do to. All my passwords on our three Fasthosts boxes were changed within minutes of catching The Register story, and long before the weasels at Fasthosts actually bothered to tell us of the problem.

    If you have a hosting account with anyone, you have to pay attention to security announcements - and you can't claim Fasthosts gave no warning, you've had AGES since the hack to get your passwords in order.

    Not that Fasthosts are a shining light in the hosting world, by any means. I wouldn't host anything more with them now because of this.

  20. Anonymous Coward
    Anonymous Coward

    Reset passwords that WERE changed

    I changed my passwords - they reset them anyway.

    I am totally locked out of my website and SQL is broken.

    How can Fasthosts be so damn stupid.... it's incomprehensible.

  21. Anonymous Coward

    Fasthosts Phone Number

    Does anyone have a phone number other than 0870 888 3600 for Fasthosts, I need to give off, but haven't been able to get through all morning!

  22. Danger Mouse

    UKReg/FastHosts Suck

    Like many others, I changed all my passwords back in October when the first balls up came to light, then moved my important bits to another host. When I tried to log in to UKReg this morning to complete the move and change my IPStags to my new DNS host, low and behold I was met with the 'Wrong Username & Password' message. I thought, 'right maybe its me and I've genuinly forgot my password' so I clicked on the Forgot Password link only to find "Unfortunately this service is unavailable at the moment. Please contact Customer Support for assistance.", so I try to call customer support and get "All lines are busy".

    I'm now left sitting at my desk with UKReg/Fasthosts on redial contemplating driving up to Gloucester to speak to their 'Customer Support' face to face, if anyone wants to car pool drop me a line.

  23. Anonymous Coward
    Anonymous Coward

    How amatureish can you get.

    Our control panel passwords were changed following their previous recommendation, however they have still reset them

    We discovered our site was down around 10pm, we didn't receive the email until 00:54, my colleague finally managed to get through to support around 03:30 who claim to be unable to do anything and we must wait for the new passwords by mail, however they couldn't even guarantee that it would be mailed today, therefore at the earliest it will be Monday before we can get back up and running, with the vagaries of royal mail it could be much longer.

    Fortunately all my critical websites are hosted elsewhere, unfortunately we can't even access this particular one to shift the content to another server.

    I guess they are right from a security point of view you can't get much better than locking everyone out, from a business point of view they couldn't have handled it worse. I certainly won't be giving them any more money.

  24. Anonymous Coward
    Thumb Down



    We have 100 domains with an average of about 4 emails per domain with them. Since they have no export function I'm going to spend a good hour putting together a list of all our emails.

    Then generating random passwords for them all and writing a script to mail the new passwords to them all.

    THEN wait for the shit to hit the fan in 10 days when most people's emails stop working.

    And I can't even start on this until my master CP password arrives through the post :(

  25. Anonymous Coward

    I changed my passwords...

    ... after the first hack. They have now been changed again by Fasthosts.

    So yes, I do pay attention to security announcements. And no, I have no idea why they decided to reset my details and others who took the same precautions.

    Their fubar, not mine. Their responsibility, not mine. Still my problem though.

  26. Pie

    i did change my passwords

    I changed all my passwords as soon as I read on the register of the problem on the 18th of October, the second passwords to be changed were the database ones, howerver this didn't prevent FH from resetting them and 4 ftp passwords that I had also changed. FH had previously warned me of 2 ftp accounts that I had overlooked, which I deleted as they were no longer used (and didn't have access to anything).

    the timing was dreadful, the lack of notice is appaling, and yes I will be changing hosts.

  27. Hedley Phillips

    No surprises

    I moved away from Fasthosts many years ago when they shut my account down for abuse of their T&C's

    Apparantly, because my site was popular and a lot of people downloaded files (I was part of a group who modded games) they said I was breaking their T&C's by allowing non Web traffic.

    I argued that a zip file is web traffic as it was being downloaded via the web site and not FTP but they said nope, it was non web traffic as it was not html and my account was suspended. FFS!

    They only did this becuase my site was popular and had a lot of traffic. So, I can only say how sorry I am to all those caught up in this as I know how frustrating it is dealing with these muppets and I hope that Fasthosts finally lose a large section of their customer base and people realise what a bunch of idiots they are.

  28. Anonymous Coward
    Anonymous Coward

    re: Fasthosts Phone Number

    01452 541499

    01452 541250

    01452 541251

    01452 541252

    Fax: 01452 538485

  29. Anonymous Coward
    Anonymous Coward

    what a farce...

    Whether someone changes their password or not, what has it got to do with fasthosts? If people are stupid enough to not change their passwords and allow their accounts to be compromised, more fool them - as long as fasthosts have warned them to change it, the customer would have no comeback. I can't help thinking something here is being covered up.

    This latest change is a complete farce. I changed my passwords and now find myself thrown out of my acccount. Cheers fasthosts. Couldn't organise a piss up in a brewery.

    Mass legal action for loss of profit anyone and associated costs, anyone?

  30. John Rudolf

    Get rid of the geek at the top...

    The way Fasthosts works is like the IT department of yester-year. An arrogance - "WE know best, you're just a dumb user!". Remember those days?

    Well, the retard who should have stuck to sitting in a darkened room programming has somehow got to a position of authority and is still acting like those long-gone arrogant IT dinosaurs.

    This is not customer-service. This is not good management. This is not professional. It's a sweeping "we will do this because it's easier for us and we know best what is safest".

    Well, patently they don't. They forget that they are dealing with IT professionals of equal if not better abilities.

    Anyone with a modicum of sense would have thought the problem through and done the important thing which is KEEP THE SYSTEMS UP! A moment's thought would have revealed that sites in this century cannot be offline for several days while the postman does his thing. But then, why should this bother Fasthosts?

    I'll tell you why. Because the money saved in cheap hosting is money lost from disgruntled on-line customers. I cannot, and will not, keep my sites in a place where they are exposed to such unimaginative and unintelligent handling of security issues. Can you blame me?

    Would it have been so hard to send an email telling all customers of the problem, urging them to have all passwords changed within 24 hours and then putting in place measures to support those who for one reason or another did not change their passwords? Is it really necessary to "validate" authentic owners by posting passwords to the stored postal address? Could not the same validation be done on-line or on the phone using this and the plethora of other data held by Fasthosts? Could not "The Team" call the phone numbers which are also held by Fasthosts to explain and support? A quicker, cheaper solution and as secure as using postal information? If I can sit here coming up with better customer solutions over a cup of coffee, could not those paid professionals at Fasthosts come up with something even more elegant and efficient?

    Shoot the dinosaur. Heads must roll at Fasthosts.

  31. Anonymous Coward
    Anonymous Coward


    01452 541499

    01452 541250

    01452 541251

    01452 541252

    Fax: (0870 8883555) 01452 538485

    0870 8883500, 0870 8883530, 0870 8883700 & 0870 8883800

  32. K

    local number

    don't let fasthosts profit from their own misdemeanors, call tech support on the local number:

    01452 541499

    at 3am i was number 25 in the queue. good luck getting through!

    just wanted to add +1 voice for "i changed my passwords when told to, they still locked me out".

    fasthosts = incompetence by another name

  33. Jonathan Went
    Thumb Down


    Ask for a new password over the phone, they will do it after 3 hours on hold, and 6 security questions. 3 hours on an 0870 thats £15 on which fasthosts must getting a revenue share ...we've changed the passwords on 2 out of our 178 domains we manage - think 500-800+ passwords to change including emails! But even after the change we still can't FTP


  34. Oliver Bartlett

    I can't believe they actually did this....

    Unbelievable!?!?!? How about a warning that failure to reset your password would result in an automatic reset? Or how about posting the new passwords prior to the reset so we can log in again imediately after the reset? I have, as i'm sure many do, an important launch on monday which NEEDS the website updating. Will they give me a temporary password if i call? Given that it will take days to get through, maybe it's best to wait for the post - i can always redirect the website to a holding page till then.... oh no, wait, I can't.

    Right, so who should i move my hosting to?

  35. Anonymous Coward
    Black Helicopters

    Other Numbers


    0870 888 3600 came up with Fasthosts Internet Ltd 01452 541499

    And other information:

    01452 541250 /01452 541251 /01452 541252

    Fax: (0870 8883555) 01452 538485

    Also for 0870 8883500, 0870 8883530, 0870 8883700 & 0870 8883800

  36. UKSBD

    Are Fasthosts faking it?

    This makes you wonder if the reviews and recommendations they display on their site are fakes?

  37. Dave

    Fasthosts debacle - vote with your feet!

    Only Fasthosts could have poured contempt on their customers in this way! I run a small business - fasthosts have now disabled my website - rendering it useless, (even though I changed the passwords as instructed last month). I will now loose business in what will be one of my busiest weekends of the year. If I survive this, I will move my online business to another host.

    Heads should roll at Fasthosts - but they probably wont. Vote with your feet - find a host that doesn't show such contempt to their customers!

  38. Rich Harding

    Legal Action

    Count me in. And if I can work out a way to successfully move 100+ domains without causing my customers grief before my reseller account renews in Jan I'm off. I also changed all the requested passwords from the original PDF on the day it was sent. I don't really want to run a dedicated server but they've just tipped the balance of work decidedly in favour of it.

    It's very true that you get what you pay for and, aside from a couple of minor gripes that could happen on any shared server system, I've been more than happy with the return from FastHosts up to the last couple of months. I was fairly unimpressed with the original issue but it's the cackhandedness of the response to this one that is just unacceptable - and I'm one of the lucky ones in that at least all of my sites are still up.

    I'm also working abroad and won't be able to personally see any post they send me; fortunately it can be securely read for me. On this subject though, I also have a tip for those of you who've been told they've reset your CP password: I think they've said this in the PDF even when you changed that as requested and they've only changed the Admin one, not the overall CP one, if you didn't change the Admin one as well.

  39. John

    Had enough

    Enough is enough, can't get hold of anyone on support, changing passwords for all email accounts, web accounts etc. etc. etc. wasting time painful process - moving to Rackspace....

  40. Anonymous Coward
    Anonymous Coward

    Two CD's eh?


    oh, pardon me, I thought you said Royal Mail

  41. Anonymous Coward

    Full of Crap . . .

    Some spotty little work placement student has pressed the BIG RED BUTTON and some numpty at Fasthosts thought it would be a good idea to fill all of their customers full of crap.

    This stinks of a major blunder and a rubbish cover-up to me, no-one in their right mind would knowingly agree to this kind of service. I don't really know how good Heart Internet are, but they're getting about 200 new hosting accounts from us!

    I think Fasthosts will suffer reatly after this, their latest little cockup.

  42. Alan

    why are the passwords available anyway?

    okay, I must be missing a step here.

    why on earth was Fasthosts storing passwords in a clear text format in the first place?

    we run a rather large blogging community, and even if our system was hacked, the list of passwords would be completely useless to them. our passwords are stored using a special encryption.

    where they using the standard linux "passwd" mechanism to store the passwords?

    i think more questions need to be asked in how the passwords where being stored.

  43. Jonathan Carlaw

    But they've not changed everything...

    I'm also with Fasthosts, and in general been very happy with them (it's just a personal domain, web @ email) - on the few occasions I've delt with support they've been good.


    This password change is crazy.

    I changed all my passwords except 1 (my wife's email) when I heard of the hack, so reading this I was expecting to have to reset her email to somethign she'd remember, but no, just logged in via webail using the old (and not very secure!) password with no problems!

    Agree with the earlier poster - to fix this you send a warning email and post replacement passwords in advance. Its not that difficult to figure out surely...

  44. Anonymous Coward
    Thumb Down

    This is why I don't host with amateurs anymore...

    I've watched this and other horror stories unfold over the years and thank the heavens that when I chose to move in '99, I chose well. I have never had security issues with my current provider who are on the ball when it comes to 'sploits, patches, upgrades and the like. And I'm joined by some of the big names out there... Tom's Hardware (THE hardware review site in the world) being one.

    Vote with your feet, switch providers to someone who believes that customer service and security are not necessarily exclusive of each other. Viva Pair.

  45. John Rudolf

    Rescue bid?

    Given the amount of angst this is causing, and given that they have "closed the vulnerability through which access was gained, and have taken steps to ensure that this cannot happen again", might I suggest that they revert all passwords which they changed en masse (and not those changed since) to those current before this farce began?

    I think we have now got the message that someone wants us to change our passwords.

    Can this be a risky strategy since they "closed the vulnerability through which access was gained, and have taken steps to ensure that this cannot happen again" back in October?

    And on a risk management basis, getting the majority of users back on-line far outweighs the chances that a hacker is standing by to wreak, what? Havoc?

    I think even the most successful hacker could only dream of causing this much chaos.

  46. Anonymous Coward
    Anonymous Coward

    Rethink this, Fasthosts

    Having changed all the FTP passwords as advised in October, I now have to do it again? But also the email addresses as well?

    With hundreds of accounts on a reseller package, this may take a week, and your control panel is already struggling.

    Please reconsider this email debacle if you want to keep us.

    Blaming this on people who did not change their passwords is a red herring and I smell this fish. If they had not been changed, you should have done it for them there and then. Simply incompetent.

  47. Anonymous Coward
    Anonymous Coward

    To Rich Harding

    Depending on whether your customer sites are Unix (BSD/Linux) or Windows based, moving all of them across to a reputable service (like Pair Networks like I've done) should be fairly straight-forward. They also offer resellers significant discounts (I'm too small to be a reseller, but I've looked at their programmes), so it may be useful into looking at them.

    The only negative (if it is a negative) would be that they are based in Pennsylvania (and hence under US jurisdiction).

  48. Colin Towns

    Legal action?

    "Mass legal action for loss of profit anyone and associated costs, anyone?"

    if you know of anyone in the legal industry prepared to take a look at this then count me in.


  49. Anonymous Coward

    Come on people!

    How many stories like this (not just Fasthosts, many other low cost hosting companies) do you need to read before you get a clue?

    If your business can loose money/reputation through downtime, either pay for a quality host, multiple hosts, or at least drawn up (and if possible rehurse) plans for moving hosts (using your backed up sites/data) asap.

    We use fasthosts for domain registration (and have DNS servers at two other separate locations). We changed our passwords when advised, and they were not locked out yesterday. I think some people on here may be telling porkies to cover their arse cos they didn't act in time...

  50. Anonymous Coward

    Heart Internet

    Just to say, I have been using them as one of my baskets for some accounts, as to date they have been fantastic.

    They respond to queries rapidly and are very knowledgeable.

    But then, Fasthosts were like that once, weren't they?

    Just to really cover my arse, I haven't had any problems with Heart, and would recommend them, but your mileage may vary, as well as your needs from the service.

  51. John Rudolf

    Legal remedy?

    Just a thought, but does this constitute "negligence" and can we bring what I believe the Americans call a "class action" against Fasthosts for loss of business?

    Given that it is Christmas, a major retail spending "peak", a lot of people will be losing a lot of money over the weekend.

    Anyone have a "qualified" legal opinion on this?

  52. Chris

    Time to move

    We have over 300 websites spread over 3 Fasthosts reseller accounts. Every one of them is now queued to be shifted to one of our other reseller accounts with a different provider.

    Should I wait for Fasthosts to give me another reason to shift the dedicated servers we have with them as well? Hell no, that's next in the job queue!

  53. Anonymous Coward
    Anonymous Coward


    I see several people saying how good their current hosts are. Any chance of naming the good hosts so that the poor sods with FH can actually switch???

  54. Colin Towns

    Other hosts

    For shared hosting and reseller accounts I can recommend - support is great with no problems.

  55. Amer

    Phone line have been switched off!

    Just to let you all know, they've done and ISP classic, switched off the phonelines!!!

  56. Anonymous Coward

    Come on people

    Firstly, at voshkin... if you have a DEDICATED server, if it gets hacked it's your fault... no good blaming the hosts. That's like blaming the electricity company - not their fault. If it was a MANAGED server, different story, but still possible that you put some vulnerability on there (phpmyadmin, awstats, etc).

    Now, at everyone who said "how about some warning" or "send out the new passwords before resetting them all"... this was an EMERGENCY procedure! Originally they weren't sure if the hacker had the passwords in a usable form, now they know because some bugger used them to put nasties on the servers... that means that they didn't have time for any warnings.

    And for whoever said "if they haven't changed their passwords, that's their problem if their account gets hacked"... it isn't - it's everyone elses problem... because there is then another site hosting malware/selling drugs/etc, which means they'll then want to promote said site, for which they'll use an email account (which they have the details for) to send out spam (using authenticated SMTP - the scum), which makes it EVERYONEs problem.

    I happen to think that they've done something sensible here. The only issue is for those who did change their passwords and now have to wait for new ones - maybe you changed your password too quickly? I expect they took a copy of the database as was and have now compared the current one to that one... maybe they didn't have a working backup from before the attack (oops), and realised afterwards so took a backup then??

    Just think about things before you start flinging blame.

    We (as a company) will be sticking with fasthosts. We have 3 dedicated servers with them and are very happy with the service, especially at the price (one customer moved their dedicated server and saved £150/month and got a better connection - they're particularly happy!).

  57. Christian Royle

    73% of accounts affected.

    I was told by FH SUpport that 73% of customers had not changed their control panel passwords, and if the CP password had not been changed, then everything in that account was included in last nights reset.

    I guess this means that if you were putting your customers passwords at a higher priority than your own, then you were punished by the blanket change.

  58. Anonymous Coward

    Fasthosts deleted my account in error but told me my password was in the mail

    What a laugh this morning - Fasthosts automated support mail said my dedicated server was offline because I, like so many others, hadn't changed my password, when of course I had.

    Finally got through on the phone to discover they had actually DELETED MY ENTIRE ACCOUNT IN ERROR, instead of deleting just one of my dedicated servers which expired yesterday with impeccably bad timing. I should be thankful that they were able to rescue and reconnect my box before they formatted it, or even worse reallocated its IPs. So we were only offline for three hours.

    Now I can use all the time I have saved in not having to rebuild this server for resetting all the email and ftp passwords on my other reseller account.... or was I supposed to be doing someting else? A single mailbox password change just took about two minutes while the control panel server groaned under pressure - I guess I won't be going out tonight then after all!

    Oh Joy - and to think I actually recommend this supplier to my clients!

  59. Anonymous Coward
    Thumb Down

    very annoyed clients

    We too walked into work this morning to find nothing online working!!

    No additional staffing at customer services!!

    Will be closing my account asap

  60. Anonymous Coward
    Thumb Down

    Life or Death

    One of my websites co-ordinates charities that rescue dogs from being destroyed in Ireland and finds them homes in England, since last night the SQL Database password has been changed and no one can access the site - this is literally Life or Death for countless dogs due to be put to sleep in Ireland.

    I like many others did not have any warning abouth this nor did I recieve an email about the original security breach.

    Along with the rescue work, small charities sell christmas cards through the site, so it iwill be hitting everyone hard.

    I cant get through on the phone and they are not answering emails, they even kindly shut down the password reminder on the support site, if this was working, I could fix the problem myself.

    I think we will be investigating the possibility of legal action against fasthosts for this situation

  61. Anonymous Coward

    Would you prefer.......

    ...they do nothing?

    Granted this is closing the stable door after the horse has bolted - but seeing as most people will have ignored the email and they will have monitored activity on password changing would you rather they took no action?

    Clearly this is a reaction to a situation and we as outsiders don't have the full details - perhaps you should count your lucky stars that your card details haven't been stolen (or have they). And if you don't like it move YOU pay YOUR money and YOU take YOUR choice.

    If you're on shared hosting it's probably because you don't the the skills to host your own dedicated server or you're looking to blame someone else when it screws up - glass houses and stones.

    Give the engineers a break they'll be as p****** off as you are about the breach, after all it's their professionalism that suffering here.

  62. Reggy's Tar.

    Plain text passwords are 'sensible'??

    As I understand it, the hacked passwords were not in a database, but in plain text. They were used to support the 'Forgotten Password' tool that is currently switched off on the Fasthosts site.

    So, this "Emergency Procedure" was triggered one month after Fasthosts realised that plain text is not a good security policy. During that month, they had plenty of time to notify customers that the password would be changed by force.

    Which part of what happened last night do you consider 'sensible'?

  63. Anonymous Coward
    Anonymous Coward

    Best Practice?

    Here's an example of a Fasthosts 'Best Practice' approach to passwords - here is a quote from their site (on the forgotten login details page)

    "Quick tip: Once you have logged in, why not update your password to a more memorable word?"

    Great idea Fasthosts!! You should publish that as an industry wide standard.

  64. David Ryans
    Thumb Down

    Smug gits go away!

    Some people have posted comments to the effect of 'well you should have changed your passwords and read your emails', well please, up yours. We changed all our passwords immediately which was an immense hassle and still all our passwords were reset last night. Not only this but we didn't even get an email informing us of this or have heard anything back from customer support.

    I won't have access to the snail mail address for weeks so looking at a long time down for the website, at the most lucrative time of year.

    This is criminally negligent, I urge, nay beg all of you with fasthosts to leave at the earliest possible opportunity. We are in the process of moving right this second.

    I only wish there was a representative nearby that I could punch repeatedly in the face.

  65. Anonymous Coward
    Anonymous Coward


    What other ASP.NET2 hosts are out there? Any recommendations?

  66. Matthew

    Other hosts

    I've been using Goscomb Technology for a few years. I think I've had about 15 mins downtime over the last 4 years.

  67. Ben Smith

    I looked into using FastHosts years ago

    and thankfully came to the conclusion that they were cr*p.

    I use Titan Internet to host my sites. No, I'm not related, friends with them or anything - they are just very very good indeed.

    But you get what you pay for. People who used FastHosts because they were "cheap" are now finding out why. If your server is mission-critical - spend money on hosting - otherwise you only have yourselves to blame.

  68. This post has been deleted by its author

  69. Anonymous Coward

    Why is anyone using Fasthosts in the first place?

    Why would you want to use a provider that charges extra for things that come free elsewhere, like £50 a year for one MySQL database?

    They won't even let you run Cron jobs!

    If you want proper hosting, go to a proper hosting provider.

  70. Anonymous Coward
    Thumb Down


    Yet again, Farcehosts live up to their name.

    That's what you get for hosting with a bunch of amateurs on Windows boxes.

    Try, competent and been around since the dawn of time.

  71. John Rudolf

    How can this be "sensible"?

    Referring to the Anonymous comments that what Fasthosts have done is sensible...

    Are you serious? Do you really think that changing EVERYONE's password without warning makes sense? With no efficient plan for getting users back online or beefing up customer support to handle the increase in workload?

    Come on, this beggars belief.

    The most absurd part of the whole thing is posting passwords. Surely it is not beyond their engineers to email new passwords to everyone? Less effort, quicker and cheaper.

    But no. They're all up there stuffing envelopes and sticking stamps. Unlike those Fasthost customers who sell through their websites...

  72. Anonymous Coward

    damn you lamers

    I too have had this issue and to be honest its pretty much made me decide to look for another provider , they have not been a great host of late,well in my experience.. bye bye fasthosts my blog is down- cant log in to change password,,you really know how to treat customers ,where was the notice for the instant reset of all passwords?? ....Just a simple email with a reset password link should suffice since no one will have my access to my least to reset and prove who I am for other passwords etc but royal mail me my password?!! this whole weekend ill have no access for my ftp or sql db!!! this is unacceptable..I wonder what the real story was ?...

  73. Gavin
    Thumb Down

    Sinking Ship

    I jumped ship in the summer after 3 years of pain and frustration and closed down my reseller account. You can't run any sort of web hosting business as a reseller with Fasthosts as you will always be letting your customers down due to things like this. I don't know how they are still in business running such a poor level of customer service. They need an IT Gordon Ramsey in to kick some backsides starting with the Fasthosts management.

  74. Brian

    Fasthosts had better be well insured

    The arrogance of these people is astounding - to arbitrarily change all passwords THEN inform people retrospectively is a disgrace and borders on the criminal.

    That they have done this to those of us who had ALREADY changed our passwords is not only negligence, but extreme incompetence.

    Class action anyone? if so, I have already discussed with lawyers and they suggested keeping in touch - email me at brianinfrance2-fasthosts (at)

  75. Anonymous Coward

    Emergency procedures

    Regardless of what has happened, it is very frustrating to be so helpless in the situation

    Our SQL sites don't work after the password change, but we cannot even get in for a temporary fix, at the very least a holding page informing people of what is happening or a redirection to another server where we can offer some functionality.

    We have experienced outages before, and all cases have managed to maintain some form of service whilst the problem is fixed, but in this case we can only observe and hope FH come up with a solution

  76. Anonymous Coward

    Alternative host

    Haven't used them for a while, but for about 3-4 years, I used Giacom (I started with Fantastic Internet). I found their staff very helpful (especially for the set-up phase).

    I had one minor issue when our main email address was being spoofed into a load of spam, and we were getting tons of "bounced" mail that they helped sort out in a matter of minutes. Other that, very reliable - very easy to do business with.

  77. Anonymous Coward
    Anonymous Coward

    So why didn't you change your passwords last month?

    Yes, this is a screw up of majestic proportions at Fasthosts but I get the distinct impression that these people who are saying they are completely locked out did not change their passwords back in October. Why not? If I was one of their customers, I'd be asking why they ignored such a security warning from their ISP.

    I had changed my main password but got caught out on a MYSQL password so had an hour's downtime last night until I changed that. A bit embarrassing but my customers have been quite understanding.

    I've used Fasthosts since 2000 and this is only their second major cock-up. I'll be leaving now but mainly to save money. There's no guarantee the people I go to will be significantly better.

  78. This post has been deleted by its author

  79. John Warlow
    Thumb Down

    Passwords reset, databases broken and they think the post is secure

    It's all going pete tong!

  80. John Rudolf

    Read the comments - this is affecting people who HAVE changed their passwords...

    As it says, can Mr Anonymous etc al PLEASE READ THE COMMENTS ABOVE! This is affecting those who HAD changed all their passwords too.

    Have the phones gone back on yet?

  81. Anonymous Coward

    When I used to work for them...

    You could access the internal accounts information - with your network username and password - via a web interface, from anywhere.

    No VPN; simple SSL encryption with an employee's username and password.

    What was on these internal accounts pages? Full customer details; including passwords and credit card details.

    Security? They don't know the first thing.

  82. Paul Naylor
    Thumb Down

    Similar story

    Mine is a similar story to many already commented upon here. We have price list data on a Fasthosts MySQL server that is used by a number of our sites and this morning those sites were throwing up permission denied errors. So I reset the passwords before I ended up getting the email.

    Funny thing was, we reset the passwords of the same databases straight after the initial scare a few weeks ago, to something far more obscure and yet Fasthosts still reset them, claiming we hadn't changed them...

    We're now looking to host our data internally...

  83. Haku


    Well I hope they're quick at posting out the new passwords and that Royal Mail don't take their usual several-days-to-deliver-1st-class-mail farce, not too bothered about not accessing my main Fasthost website as Pipex have still kept my old webspace open despite being kicked off back in March, but I have a 2nd account with Fasthosts I need to cancel before the end of Dec or they're gonna charge me.

    So bloody hurry up Fasthosts & Royal Mail

  84. Simon


    Fasthosts actions are totally wrong.

    I am currently moving 427 sites to another host.

    Where is my letter !!!!

    Lost in the post probably.

  85. Anonymous Coward
    Thumb Up

    Oh, and did I mention something about Pair?

    If you are a web refugee (use the coupon code REFUGEE), you get free setup for the first account/domain. And they have a nice triple discount special on too for December (pay up front for a year, get 24% off).

  86. William Jenkyns
    Thumb Down

    Fasthosts -Never again

    This latest debacle is so irresponsible, plus their helpline doesn't answer (I've tried all day).

    I am working away from home at the moment need my PIN to log in, and I can't get my PIN because a) they won't answer the phone and b)the automatic reminder service isn't working. This has had a severe effect of our business operation.

    Any suggestions for other web hosts?

  87. Anonymous Coward
    Anonymous Coward

    Same problem for

    I look after a website hosted with and have just noticed that their FTP access has suddenly stopped working. After checking their Service Status I find that they are going through the same process of asking customers to change their passwords for their Domain Control Panel and FTP... are they linked to Fasthosts in some way?

  88. Neil Rigby

    Panic Button

    To be fair, I think FastHosts simply pressed the 'Panic Button' when they realised the extent of the security breach, the extent of which we'll probably never know about.

    FastHosts: The UK's Number 11 Web Host (down 10 places!).

  89. Justin Millner

    Gone from 54 to 38 in the queue in 17 mins

    All on an 10p per min per call, perhaps it's a revenue opportunity for them?

  90. Anonymous Coward
    Thumb Down


    Fasthosts are sending the passwords by normal (not recorded or special delivery) mail. YAY it's going to be two weeks before I get my password (yeah I am in the UK, first class here means it will take up to two weeks around here!) and then I'll have to wait for my UKReg password.

    Even if they really really had to do this - couldn't they have generated the passwords a few days before, printed and posted the letters - then after a few days THEN change the passwords?

    A frustrated fasthosts customer

    soon to be ex-customer - once i've transfered my domains out of UKReg!

  91. Anonymous Coward
    Anonymous Coward

    I've survived with few problems but...

    ... I'm still moving. What irritated me was having to hang on the phone for an hour to find out what was going on when NOTHING had been posted to the system status page. According to that page, all was well and nothing was even being investigated. Customer service used to be great but it looks like they've grown too big.

    I'm off to Heart. Anyone have experience of them?

  92. Julian

    Not very Vorsprung durch Technik....

    In the old days you could blame babyfaced Andrew Michael for Fasthost's woes (he set up the company from his bedroom aged 17). But now, shock horror, we can blame the Germans for not running the show properly!!,,48328,00.html

    I'll just go and grab me beachtowel....

  93. Anonymous Coward
    IT Angle

    Why NOT using e-mail to post passwords

    What is the logic of posting the paswords?

    I never got any written communication by FH.

    I even do not know which address they consider as mailing address,

    but it is NOT the one of credit card, and I have moved from one country to another.

    ALL THIS IS INTERNET BUSINESS, and it make no sense NOT to use e-mail to send new passwords.

    So what is the security breach scenario acording to FH?

    The hacker has my e-mail address and the password.

    At the moment FH is sending the new password (which he doesn't know, n.b.) he is loging in and stealing it.

    Oh, he knows, he hears about FH e-mail being sent, so he is on outlook on thousands of e-mail addresses.

    All that is childish and mediocre.

    Besides, it was enough to inform me that they were hacked.

    It is MY business and security policy when and how and whether I will change passwords.

    BTW for the record, I can confirm that my CP password was not reset neither one of FTP passwords,

    which I did change after the 1st alarm.

    I did change the rest (FTP, e-mail) after the 2nd alarm, but FH e-mail support

    has no brains to tell me if I will have to do it again (!?) after the famous Royal-Mail envelope arrives,

    if it arrives (as someone is bitterly pointing to Xmas deluge and postal strikes).

  94. Anonymous Coward
    IT Angle

    Spreading the risk

    Following Fasthosts recent "act before thinking" tactics we're going to spread the risk move our databases and probably our email from fasthosts and for the time being continue using their reseller package, at least this way the only system data of ours and our clients that they can loose / reset is the control panal and FTP - if our new SQL server Host goes down we can use a backup. Personally though I'm more concerned about the personal financial information they appear to have lost - I'd recommend speaking to your banks before this disaster goes from BAD to well.....

    I also think that as clients we should demand that someone's head roles for this - loss of business (existing & future) and loss of reputation....

    Do yourselves a favor, change your bank details, and spread the risk by hosting servers/emails elsewhere

  95. Alex Wood

    the start of a busy week

    We've got over 420 individual accounts with Fasthosts, all with FTP and all with mailboxes.. We've now got 9 days to change what could be as many as 5-600 POP3 mailboxes manually, then configur those clients who dont know how to, change server POP3 settings, respond to phone calls and support emails from clients... it's gonna be a busy few weeks :)

    The Fasthosts Control Panel has been up and down all day, and my email first thing this morning asking whether we were going to be compensated has yet to be answered..

    For my company this is going to be a MASSIVE job to put right....

  96. Anonymous Coward
    Anonymous Coward

    The cost of calling fasthosts tech support last night

    My calls to Fasthosts Tech Support last night. WIth a critical problem that had nothing to do with the passwords...

    Date, Time, Tel Number, Seconds, Cost.

    29-11-2007 23:21 00448708883600 4518 7.08

    30-11-2007 00:36 00448708883600 6614 10.36

    30-11-2007 02:27 00448708883600 4721 7.40

    The first call started at queue position 44, then was picked up and dropped without speaking on the cusp of midnight.

    The second call started at queue position 35, then when I got through to someone, they just said there was nothing they could do about it and essentially hung up.

    The third call started at Queue position 23, I got through eventually, but the call resulted in ....nothing.

    That is £25 for two people to be rude to me (do these people realise that I pay for the service?), and one to tell me that there is nothing they can do because they are too busy dealing with calls about passwords. Are you kidding me?

    Truth is, there was 2 people on support last night, more than 1000 backed up support tickets that were not being answered , and still haven't been answered.

    What support told me is that there is never more than two people on support overnight, and they rarely get chance to address the incoming tickets.

    ...and the two things that really get my back up:

    1) they have one unix/windows engineer on site who could have solved my problem in a few seconds, two commands at a unix command line, and the job would be done. But oh no, my problems are far too much trouble for an engineer to look at, after all, he's busy deleting passwords.

    2) Somehow, I have got used to this level of service! I expect it from FH, and they never disappoint me. I have never had a service request dealt with in under 2 hours, I have never spoken to technical support and been pleased.

    Time to move on... I think we may be seeing Fasthosts making a Fast Exit over this issue. I would be stupid to have email or sites on a FH server the day the company has to close it's data center. It's Northern Rock time...

  97. AJ


    This is FREE

    01452 541499

    But I have been in the queue for half an hour and its 23:47 and have heard the automated announcement that they will NOT reset your password over the phone it HAS to be sent in the post...

    ... Knobs have changed all mine and I ALREADY changed them when they asked me to the first time they fooked up! Incompetant wankers!!

  98. Anonymous Coward
    Thumb Down

    Sat here....

    ....twiddling my thumbs until the postman arrives with the elusive new cp password.

    After working for over 17 years in the IT industry I've never come across such an incompetant way of dealing with a security issue. I would love to hear the Security Managers reasoning on why an immediate lock down was ordered without sending any notification to their customers. He needs sacking.

    I am sure, even with Fasthosts indemnity clause in their T&C's, there will be a number of claims for loss of earnings, especially if our customers say that they are going to put a claim in to us as a reseller! I know for one that I ain't taking the flack or cost for loss of earnings to my clients seeing as I had followed their instruction in October. We are paying for a service, perhaps Fasthosts will remember that when they lose thousands of customers over the next couple of weeks.

  99. Anonymous Coward

    Not so cheap now though...

    A quick Google last night showed half a dozen sites doing what we need - unlimited/high bandwidth, SQL, PHP - for around the same price and in most cases less - around £80. Fasthosts were £49+the database charge and actually cost more.

    You know, even a small change on the website explaining what's going on and apologising would have been nice.

    I wonder if they have the foresight to offer discounts for those affected? Where cost is the issue it might make a difference.

  100. Gareth Evans-McClave

    Fashosts password change not working

    Our site was taken off air by the unilateral password change. As the site is used by our clients to monitor services, without FTP it is useless.

    I spoke to fasthosts yesterday (after queuing for 1.5hrs) and they finally agreed to fax the new control panel password through.

    I received this, and changed my FTP password at approx 12:00 yesterday. Its now 11:00 the next day and I still cannot get FTP access to my site.

    Fasthost phones are now continually engaged and we have been off the air for over 24 hours.


    This action will cost us hundreds of pounds as we need to send a technician round to many of our clients sites to update the on-site systems with updated FTP details. But more importantly, this outage makes us look amateur and our clients are losing confidence in our ability to provide a service.

    Has anyone managed to talk to someone in power at fasthosts? The poor call centre guys must be getting pretty used to people shouting at them now, but they wont let you talk to whatever muppet instigated this farce.

    For all those effected by this, we probably need to get together and present our compaints en mass, as the loss of one or two accounts wont phase them, but together we might get their attention!

  101. Kev K
    Thumb Up

    Alternate host

    I hated my time @ FH

    We now have a managed box in the states with

    24/7 manned phones - fantastic support - and with the $ being so far down the pan its almost like they are paying for me to host with them.

    Have a look and make your own mind up

  102. David Allamby


    DANGER. Ruining our businesses! Leave Fasthosts immediately!!!

    Took all day to speak to someone - would not help just said they would post password by ROYAL MAIL!!!!! Beggars belief for a web host!

    I have never seen such incompetence.

  103. Anonymous Coward

    Fasthost Rock

    In the way that Northern Rock...!

    I'm a solo web developer hosting our small business site with FH + SQL database for postal addresses etc - obviously not doing much trading on Thursday night / Friday /saturday.

    First I knew about all this was a kindly customer (maybe they'll come back..) emailing with sever error thursday night 7.30pm.

    I had changed my FTP password previously and had access to Control Panel. FTP came back later Thursday night, SQL down. Call centre (1.5hrs) told me to change the SQL password via the panel -

    Also given a reason ~'we couldn't inform people about the mass password scramble beforehand otherwise the baddies would have been alerted' . .

    Then I realise why I didn't change the SQL password, it's not accessible in my control panel as it was associated with a windows package that I had to change to Linux as FH didn't support Perl DBI properly under Windows Server- but that's another protracted story...blast!

    Rang back, eventually get through at midnight Thursday and then told no engineers were there that could trace my SQL database and hook it to my account.

    So what are Fasthosts thinking?! They have the biggest cock up in their history and they don't even get all the technical people they can in to man the datacenter? It's beyond belief.

    Remember the original email was:

    "We therefore recommend, as a precaution, that you now change the following passwords on your account:"

    "Recommend!" - not mandate etc.

    The only thing they will take notice of is people leaving so it's time to look for something better.

    Shame, as they were a lot better than previous hosts, if you can believe that!

    It's affecting our little business and my stress levels, I really feel for you guys that develop for clients hosted on FH - I guess you are moving data across to other hosts etc as quick as possible...

    Good luck all.

  104. Vince
    IT Angle

    Running Costs vs True Value of Service.

    While I understand you pay Fasthosts and expect a certain level of service, last I looked they offered insane deals of unlimited bandwidth, the moon on a stick etc for £4 a month.

    It's clearly logical that if you're spending £4.00 a month on hosting, but have an e-commerce site generating £10,000+ a month of revenue, that the expenses asociated with running the site is just too small a proportion and asking for trouble.

    You get exactly what you pay for - if you must penny pinch your business shop-front, then you must expect to have it boarded up regularly when things go wrong. The obvious move is to research providers, and find someone who offers a good level of service for a realistic price.

    People who go mad because the bargain basement service they have doesn't have the same level of security, reliability and after-sales approach (not to mention crisis management skills) effectively decided that running cost was more important than those factors, so it's hardly worth crying foul when you get just what you paid for.

  105. Jason

    I can still login?

    I can still login into my UKreg account where we register domains, no problems at all. I changed the password back in October as soon as I saw the article on el reg, but I'm thoroughly confused, have they missed my account?

    Im damn glad we're moving our registrations to another company in the next week or so, I'm fed up with being worried that all 1200 domains we have with fasthosts are gonna go missing.

    Thank god that we own our own servers and so only need to rely on a transit provider to keep them online.

    As a note to everyone out there, we also have 2 transit providers, so if the primary goes down (like builders cutting the cable, wankers), we can still keep functioning with no more than 20 mins downtime whilst the DNS systems flip over.

    You know what that's called? Redundancy, you should try it sometime, it's great, means that I can go out there, unplug 100 cables, and everything still keeps on running :D Don't rely on fasthosts, if you want a job doing properly, do it yourself!

  106. Sylvia


    They managed to grab my resellers fee, several days early, this morning, just as I was looking at all the less expensive options elsewhere. I'm another one of those who DID change all the passwords only to have a customer ring up yesterday to ask why his database wasn't working.

    I'm with everyone who mentioned class action, unless Fasthosts intends to offer compensation for the time, effort and embarassment.

  107. Anonymous Coward
    Anonymous Coward

    Just 'a few' customers? I don't think so...

    The queue length is currently in the 50's, the waiting time over three hours. This has been the case for 2 and a half days, and constantly over 24 hours.

    If Fasthosts are dealing with calls at 2 minutes per call, and there is a constant queue, and with a minimum of 2 support people answering calls, that makes 3600 calls in total. If there are more support people on site then the problem is larger.

    I am guessing many people have been put off by the holding system, or are just waiting for the letter. So just *how many* accounts are affected. It doesn't look like it's a "small number" at all.

  108. Anonymous Coward
    Anonymous Coward


    I am just writing this in the hope that it may make me feel a bit better!

    The same story as so many others: Website down without warning. OK, I forgot to change the passwords, but why wasn't an email sent out a day or two - or even an hour - before? Sorry - irrelevant. It seems from this forum that many who had changed the passwords were reset as well. Also, why are they being posted out? It is possibly less secure than emailing the registered controller, and certainly a lot slower.

    Why no information on their website about this issue? It appears that everything is great - the best company possible, looking after their customers. Tried for three hours yesterday to telephone them, gave up and emailed. Response promised within 24 hours (had to resend with the account information). 28 hours later I have had three responses. Exactly the same email (3 times) that was sent yesterday.

    This must surely be the end of Fasthosts - no hosting company can survive this. It is gross incompetence and pathetic lack of common sense, and I can't imagine many staying with them. I certainly won't be, and I am sure that there are quite a number whose income depends on their website who will, hopefully, be taking legal action. I have cancelled my card, and if they want to take me to court, let them.

  109. Anonymous Coward
    Anonymous Coward

    Post or Email?

    Given that Fasthosts recommend new customers to register their account using an email address that will not be hosted on Fasthosts servers, why have they chosen to send passwords to account holders by post?

    Security details for the account email addresses are not stored on their servers, so why not just send the bulk by email? Surely, it would be a simple programmatic matter to check if the email address is hosted locally.

  110. Gaz
    Thumb Down

    Bye bye Fasthosts

    I pissed off - i change my password when they notified me - now they change them again and lock me out whilst I wait for the letter...

    I'm moving hosts in January when my 12months ends.

  111. Dave
    Thumb Down

    0870 bonanza

    Tried calling customer services earlier. Bad idea. 60 people in que in front of me. Hang up, me thinks. Great way of making money with these 0870 numbers.

  112. Alex Wood

    Emailing clients direct

    I've also had a number of cases of clients being emailed direct by Fasthosts. As a reseller i'd expect Fasthosts to only contact us as we'd like to be the ones to manage our clients reactions, not have them feeling like they have to contact Fasthosts direct. A complete shambles all round..

  113. Alasdair

    Worth staying on the phone?

    I tried getting through last night but gave up after I saw my skype credit disappearing the queue number staying the same (45 mins)

    I've seen above that they may actually fax you your password - was this a one-off case or has anyone else actually managed to get the control panel password rather than wait for this letter, that means another day lost tomorrow.

    Did anyone actually receive a letter yesterday? I'm thinking if I don't phone up and sort this I may not even see one for a whole week. Especially if Fasthosts are involved in sending the letters out... over 100,000 accounts? 2 people on support? Hmmm....

  114. Anonymous Coward

    An appaling lack of communication,

    This is typical FH customer service and support!

    Recently they withdraw their Reseller forum with no warning or word of when or even if the service will be resumed.

    As a Reseller I am very concerned over their level of competence, integrity and lack of open and honest dialog!

  115. Кевин

    They just did it for the call revenue....

    .. or at least that's what I've gathered from some of the above comments. It amazes me that anybody would plop down any kind of "business critical" website on a hosting provider which will sell you space and bandwidth for less than a cheap bottle of Tesco Value Plonk. What did you expect? You might as well be hosting your company off of an AOL account (and using their web space).

    As for there not being enough warning, I feel as somebody with a fairly good grasp of the English language the term "EMERGENCY" usually indicates the reasoning behind it.

    As for me I can wait for the letter to come in the post so I can log in and renew my two expiring domains (which are both mission critical, expiring tonight at 22.59 and will cause 18 children to become orphans in south Lincoln).

  116. Ged

    Kept in the dark

    I had a client approach me about the original email sent out by FH. It sure looked dubious. Client attempted to change passwords but none would save - eventually client became an aggravated client and gave up.

    Same client informed me of the latest email and the password fiasco (I am not a Register regular, so missed out on a lot of stuff).

    I checked my own emails and only this afternoon have I received an email from FH stating they would be removing passwords. I had no warning at all.

    Luckily I have closed a hosting account and moved it elsewhere, but it's still an issue for some email accounts.This is not good.

    I will be moving all of my accounts including my clients elsewhere, once I have access to them.

    Not a happy teddy.

  117. PH
    Thumb Down

    FH even screwed up with my NEW passwords!

    Yesterday, 30 November 2007 at 00:43 I noticed none of my company's Farcehosts email login passwords were working. This is despite us changing them as instructed AFTER the FH security breach. But then after about half an hour all the passwords "magically" started working again. No notification - shame I was trying to work at the time.

    FH might claim to be "The UK's number 1 web host" but they must surely be haemorrhaging customers after so many schoolboy errors. Certainly, I've started looking around in earnest for an alternative host.

  118. Anonymous Coward

    Zero7 anyone?

    6.30am Sunday. Only 10 in the queue! 30 mins later at number 6, add it to the 3hrs since Thursday....gave up on saturday...will they have a Techie who can actually sort the problem when I get through? Doubt it.

    And to think I used to love Zero7...

  119. Anonymous Coward

    30 mins for 1 position

    Now 1hr and moved 1 position to 5. Can't waste anymore of my weekend, kids are loosing the plot with me wandering around with a phone!

    Paypal checkout reinstated - removing need for SQL database. That will do for now.

    Search on for new provider. My work colleague recommends NetHosted?

  120. Stuart Elliott

    Timing is everything...

    This just arrived in my mailbox this morning...

    Dear Stuart,

    The following debit/credit card registered on your Fasthosts account (XXXXXX) is about to expire:


    Card number: XXXX-XXXX-XXXX-XXXX


    To ensure that your account continues to run properly, please update your card details using your control panel as soon as possible.


    Step 1: Log in at (rofl)

    Guess who's upset that they won't be able to get anymore money off me...?

  121. Muddy Boots
    Thumb Down

    FASTHOSTS? Not very fast at all

    I am most displeased with Fasthosts over all this password nonsense. I have finally got the passwords sorted out, but I have one website that is way out of date now and I can't update it.

    The reason being is that I cannot access my ftp site on ANY of my sites hosted by Fasthosts. Other wb hosts are OK. I've tried and tried phoning Fasthosts, but I am always at queue position 50+ and have even been as high as 83!.

    I've sent emails to Support regarding this problem, but have only had an auto response from them. This sort of response makes me wonder whether Fasthosts are in some sort of administration trouble and whether I ought to change host. I also wonder how many other customers are experiencing the same

  122. Muddy Boots

    Re; Timing is everything ...

    Lucky you, Stuart. I've just updated my acrd and account before all this blew up.

  123. Warren Jones


    I did change all the passwords FH still reset them all.

    Actually got a phone call from Sales after sending them an email about a question for a reseller package. To my amazement they actually phoned me but where stunned that I was already a customer. Debatable now!!

    They gave me a password over the phone no confirmation who I was or account number. ***king amazing. Another security breach!!

    GUESS what the password doesn't work and I still cant get to my web sites. Ahhhh

    Recommend cancelling Credit Card which is associated with them. Due to the fact the security breach isn't fixed, they send letters to unverified addresses, they gave me a password over the phone without authentication. Plus they havent even attempted to send an email stating that they will not be charging us a few months service because of the trouble they have caused.

    Just leave these bunch of ****s

    Move once you get access.

  124. James Hyatt

    Passwords not reset on Fasthost account

    A client hosts with Fasthosts and the password was reset when first advised over a month ago. I was also rang by fast hosts in Australia as they had flagged the site as being e-commerce based.

    The password for SQL and FTP was changed and the site is still currently working, is everybody sure they reset their passwords when asked?

    As for other hosts, I currenly use Media Temple's Grid Server for new hosting after Fasthosts cocked up for other a week on a support question regarding why mod-rewrite wouldn't work..after a weeek of the site being offline and no answer from them as to the problem (it was constantly moved between people at their support), they finally came up with the problem that they don't support both SSL and Mod-Rewrite.

    By this time we had moved to Media Temple and have had no problems since.

    One other issue, if I am not wrong you are given the option when you create SQL databases with Fasthosts to choose the password. I wonder how many people used a password they use for much of their online presence and therefore if the hackers were given access to email data along with plain passwords it makes you wonder if they are able to gain access to services unrelated to Fasthosts?

  125. Mark

    Don't choose FastHosts

    We have over 100 sites with FastHosts and we hate them.

    Since the point of no return, where we had too many sites to move, we have felt like prisoners.

    Their servers are periodically awful and they never accept any responsibility for the poor performance, even when it lasts for months. Almost everything about them fails at one time or another and they wear you down, with idiotic support, until you give up complaining.

    As shown by this mess, they regard every customers as of little value and you can take it or leave it.

    Don't be tempted by their reasonable prices, as they will cost you your sanity and business, in the long run.

    We are desperate for an easy way to leave them and won't touch 1and1 by their shared ownership.

  126. Anonymous Coward

    Complete Joke

    We changed all our passwords & asked our customers to do the same back when the first breach came to light.

    Our phone hasn't stopped ringing with our own customers asking what is going on & we cannot help most of them till RM deliver a letter with our MASTER PASSWORD & I bet it hasn't randomly generated either

    We have access to the Control Panel & managed to reset all our FTP passwords but database & stats are inaccessible.

    We are looking to move all 300 websites & domains over to Heart Internet run by the guys behind 123-reg & WebFusion before they sold it.

    Fasthosts system status:

    Open: Control Panel / Database access

    Customers may find they are unable to log into their control panels, or access their databases. All customers affected will be emailed shortly with further information and instructions. We apologise if you have not received this email yet and thank you for your patience. If you have your control panel access password you should change the database access passwords for any database connections that are failing. You will also need to update your website code with the database password you have set.

  127. andrea menon

    just ask for damages !

    I've just written to Internet United to complain and to remark they've managing a dead walking brand. I don't care of Police excuses, they are doing bigfoot policy for customer relationship. Why don't they ask for cutting off the whole Internet without notice?

    If someone is interested (I see someone is) in asking for damages just step on,

    write to the owners you too.

    we'll do a legal action.

  128. Muddy Boots

    Oh dear!

    As only a small user of FH, I do sympathise with you guys who have multiple accounts. I only have 3 accounts, but inherited a 4th from an association I am a member of and they are fuming! I Passed a link to here and it seems like the committee believe me and are now going to discuss about leaving FH.

    I think that FH may have to start looking for many more customers to be the #1 web host in the UK.

  129. Anonymous Coward

    Public aware?

    Is this the only site where this is being discussed? Have Fasthosts "got away with it" publicity-wise?

  130. Vic Johnston

    Already left a sinking ship

    After the last fiasco, I took my 300+ domains and moved them away. It was a huge undertaking, monumental amounts of work involved, which I am so glad I undertook now as this weekend I have not had to apologise to each and every one of my customers and explain to them once again how to change all of their passwords. I am with 1 & 1 using dedicated servers (don't touch the shared hosting), and we are OK (never want to tempt fate). To you guys saying how you will move, and to the guy think 100 domains is a lot to shift, to the guys talking of moving, move, you will be glad you did, to the guy with 100 domains, move, you will be glad you did, it will save you a lot of ball ache in the future, and to be honest, even without all of these fiascos, fasthosts really is quite crap all of the time with slow conenctions, poor technical support and no interest in their customers. We have spent more than £15,000 with fasthosts during our time with them, and we were treated completely unsympathetically. We were told that we should change passwords as a matter of course, and that they were essentially doing us a favour with the last fiasco, and then that we should bear the cost of doing all of this and include this in our costs as a reseller. Well I have left, and I am glad that I did not lose this weekend out of my life, and instead managed to have a few beers, see some friends, get to the cinema, play at home on the Xbox, spend some time with my family, and even find the time to type out this message and check in on your poor long suffering fools still with Fasthosts. Take my advice, no matter how much work is involved in leaving, it will be worth it (if you go the right place). Good luck to you all

  131. yeah, right.

    profit centre

    I can just see it now:

    Fasthost Accounting: oh look, our quarter looks like it might be a bit slow this year, we need to boost income before the end of the year...

    Fasthost Manager: Let's chop off access to our customers and force them to call a pay-per-minute phone line to get things fixed. That should boost profits a bit.

    I'm betting Fasthost has a really good quarter ending in December, probably thanks to a sudden increase in support phone calls and people willing to wait hours in order to stay in business.

    Lovely company. I'm so glad I'm not their customer. Nor will I ever be.

  132. Anonymous Coward
    IT Angle

    It can only get worse... the Postie delivers (yeah, right) everyone's passwords on Monday. Fasthosts customer sites grind to a halt as we log in, change passwords, commence site downloads for safety and in preparation for the move...

    I wonder how many of our customers we will never see again as they have been forced to find alternatives? A few less than Fasthosts methinks.

    Just about to sign up with a US site, AdvancedNetworkHosts. Anyone had experience of US-hosted sites?

  133. Anonymous Coward
    Anonymous Coward

    Anyone got their new passwords yet?

    .. or will this be another example of someting being "in the mail", yet never arrives.

  134. John Rudolf

    Bl**dy HELL!

    Monday morning, post has arrived - password has NOT! As it happens, I'm driving up to Cheltenham tomorrow. Fasthosts are in Gloucester are they not? Assuming (can anyone confirm this?) their support team is located there, I shall be making a personal visit to get my password issues resolved. I will be taking my video camera with me and if I get a sniff of anything other than "certainly Sir, we apologise for the inconvenience. Your new passwords are xxxx." then my next stop will be to BBC Gloucester. FASTHOSTS, if you are reading this then please email me all my passwords now, to save me the additional trip. Again, please, for the love of God, email me my passwords...

    One of our domains, currently down thanks to you, is With around a thousand angry members...

  135. Bruce Hatton

    Send them a bill!

    I just sent them an invoice for the work involved in changing all the passwords - be interesting to see what their reply is!

  136. Ivor griffiths

    No warning

    I never received an email. All my sites are off now. I had a similar problem with FTP from donhosts, moved to Dotster and they got hacked. This is a systematic attack. The UK security service MI5 has issued a warning to all major UK business to be on the look out for Chinese hacker attacks. Shutting down all the hosting companies is a pretty gpood way of shutting down the Internet.

  137. Anonymous Coward
    Anonymous Coward

    No passwords today

    Post has arrived, no passwords included.

    Oh, and look at this:

  138. Mark
    Thumb Down

    Get the word out

    Get the word out...

    Lots of news and forum sites have been very pedestrian, in their reporting of this incident.

    Get it out to every 'news comments area' and 'Forum'.

    If it saves one UK business it will be worth it, because they are damaging the whole country by their poor performance and attitude.

  139. Anonymous Coward

    This made me chuckle...

    Someone with too much time on their hands while their sites are down?

  140. Daniel


    Perhaps it was the hackers that changed all the passwords?

    I moved from "", because there service was really bad. Help manuals were all out of date. They wouldnt even allow a MySQLi to be activated (removing the comment out on one line). Their Control panel was worse than etch'a'sketch.

    I only went to FH in july, and I'm wondering if I can get off of the ship already.

    Then hosting at FH seems like a bad option, costs alot for what I thought I was getting, and then gets hacked.

  141. Anonymous Coward

    New Fasthosts Resellers Forum

    If your a reseller this should interest you... I just hope the forum not hosted on Fasthosts! ;)

  142. Smell My Finger

    Happy Meal Web Sites

    You're paying £3.99 a month for a web site. You're paying barely a pound more than a McDonald's Happy Meal. If you buy a decent broadsheet newspaper everyday that's £30 a month. Anyone paying so little for a business web site clearly isn't serious about business at all. Decent 1U servers start at £1200 and then you have to add data centre costs, power, networking, software, etc. This only makes sense through both box stuffing and absolutely penny-pinching on every expense. Web hosting at this price is simply not economically viable. Pay up or piss off.

  143. Neil Sparky93

    they didnt change mine

    As subj, I just logged in to my FH on my old password. None have been changed by them. How odd.

  144. MiNiX
    Thumb Down

    Adios, Fasthosts!

    My websites are offline since last Thursday, their customer care doesn't reply to my emails and I haven't received their Royal mails (here in Italy) with new passwords. I think it's an unacceptable and unilateral choice of Fasthosts, that made all my users hangry with me! I can't wait for their new passwords, so I will go away from their unsecure server and bad services as soon as possible!

    I can't pay for their lack of service and security!

    I am absolutely disappointed. I am sure that the letter of my legals will reach Slow&HackedHosts before than their passwords!

  145. Simon

    My passwords

    Some of my FTP password are still working, however maybe not for much longer, see

  146. Anonymous Coward
    Paris Hilton

    Who is this person who knows how much we are paying?

    I pay £17.99 per month for what they call "business hosting" which as far as I can tell is normal hosting plus SQL Server. Now, I wouldn't run a rail network on it, but I would have thought that it was reasonable for people to expect be able to run their small businesses without someone pulling this stunt.

    I run a forum and online game on mine. I'm not losing any money, but I'm sure as heck not keeping my site members happy. I think the other complainants and myself have every right to have a good whinge.

    I think FH have let Smelly Fingers take a 5 minute lunch break - back to work mate!

  147. Anonymous Coward

    Royal Mail Anyone?

    Has anyone received their passwords today? Is it just another attempt to fob us off?

    Tried calling all the numbers a short while ago, constantly engaged so can't even get into a 'queue'. Probably quicker if I drive up there from Basingstoke.

    I can't beleive that someone 'in-charge' hasn't come forward with an apology or a more understandable explanation which necessitaed this course of action...

  148. adam
    Thumb Down

    i'll be off then

    I am an apoplectic reseller who will be moving all of my domains to another host as soon as christmas is done with.

    I was just in the middle of transferring a customer's website to fasthosts so I could upload the new website I've written for them when I lost all ability to touch any of my domains. Additionally, since my db password has been reset, my existing websites that utilize my dbs are all broken. I can't do anything about any of this until i receive my new login password. The mail has just come (it is now Monday) and there was no sign of this password and their customer support number is STILL unavailable!!!!!!!!!!!!!

    I do not take kindly to being made to look a fool in front of my customers. I am considering taking legal advice.

  149. Anonymous Coward

    Would be great if...

    the address on my fasthosts account is out of date, so now anyone can access my sites if they have the password which i didn't ask to have sent via Royal Mail... maybe they could

    On an aside, I hope that Fasthosts are aware that they must be facing a series of claims for business interruption, as they have, without reason, other than caused by their own incompetence, require me to change all the passwords and notify all my clients at my expense.

    Why don't Fasthosts just come clean and say what happened, my guess is an internal security breach, and try and sort out their lives.

    I am slightly bitter as i was unable to renew my corporate domain name because it wasn't in their system even though it was on their registrar details, and a cybersquatter grabbed it before the call centre staff could work out what was going on.

    oh well, at least i have the .net.


  150. Muddy Boots

    Getting annoyed now

    Well, like nearly everyone else, no mail from Farcehosts. They did phone my back with a password for one site and told me the old one should still be working. They were! I said ... were! Not anymore.

    I used and got alternative numbers and tried all suggestions and ALL were engaged..

    That's it! I thought I'd change hosts and phoned Freezone, where I have another site and they said I'd have to get the Tags from Farcehosts or where my domains are registered. Hah!!! You've guessed it. UKReg is owned by Farcehosts, so I tried THIER numbers and guess what? They're all engaged too.

    Hackers? Don't know about you, but something doesn't smell quite right to me. You'd think that they would put something up online explaining what the hell is going on here, or maybe they are still waiting for the Postie to bring the new password

  151. john Tait

    Fasthosts - same as all the other hosts...

    What a balls up - and surely so overkill!?

    However I've got to say, after spending £700 per month with those idiots at Coreix, for £140 a month on a fasthosts dedicated machine - cheaper and just as bad!!!!

  152. Rich Harding

    A Couple of Points

    No, price and value are not the same thing and yes, you do get what you pay for. It's very easy to tar everyone with the same brush but there are far worse hosts out there for what a lot of people use FastHosts for. The crass stupidity here is the way they have dealt with a "security breach".

    Yes, there are advantages to having greater control over servers. I'm sure that many of the complainants on here, including myself, use a mix of hosting providers - horses for courses. Catch-all "Should have known better" comments actually make the posters look slightly dimmer than they intend. I'm sure many of the complainants are also perfectly capable of managing a server should they choose to but have chosen not to for some websites - because for a lot of websites it simply is not worth the aggravation. Choosing to self-host some high-volume sites would actually be the height of stupidity. I'm quite capable of stripping and rebuilding an engine but I don't service my own vehicles (any more).

    Back to the "breach" itself - if it's to do with FTP, I'm sure I'm not the only FastHosts customer who has previously wondered about the wisdom of their policy for FTP logins and mainly chosen to use separately created accounts (I don't remember it always being how it currently is). Surely if they were going to cause the havoc they have anyway, it would have been wise to change this policy at this juncture.

  153. John Rudolf

    We're back online!

    Well, here's a thing. Apparently nothing to do with this:

    Was phoned at around 4pm by a helpful soul at Fasthosts. After a little trouble validating me - we finally agreed on the last 4 of my credit card - I was given the new password to the Admin CP of the site mentioned in the article.

    So, no apology but let's let that pass for now. The helpful soul said that only 25% of people had changed their passwords in response to their October email. He admitted that their email had come across as advisory rather than mandatory.

    When asked what triggered the password change, he said that a couple of customers' ftp sites had been compromised. I asked if email addresses/Admin passwords had been compromised and he said no, but what they wanted to avoid was password changes now, and then more changes later if something else had been compromised etc etc.

    Well, I'm in. SQL and ftp changed. Database backed up, downloaded and stored. And everyone must be doing the same as the ftp download is like walking through treacle!

    I must admit, now we're "back", the frustration/aggression has evaporated. Until the next time maybe?

    My solution for next time is for their engineers to allow validation on specific data (like the last 4 of your credit card) and allow users to get a new password through it. Posting passwords? Well if that was safe, Gordon Brown wouldn't be squirming quite so much at the moment - and of course, if you have moved since registering and not updated your details then a stranger will now have your admin password!

    Let's face it, the hackers won. Fasthosts have lost big time but then so have we, the customers, and indeed our own users. By over-reacting, and yes, it was an over-reaction, they have done more damage than the hackers ever could by a factor of a thousand. I would be laughing myself silly if I was the hacker concerned.

    Lessons learned? I'm afraid the harshest lesson was that Fasthosts don't have a sensible policy for security, handling hacking nor password change. Would another webhost? Who knows. But I am fairly sure that at the very least there would be apologies and rapid resolution. The biggest lesson, which Fasthosts MUST learn if they are to remain in business is that the systems must REMAIN UP as the highest priority. Everything else is secondary to keeping sites online. Risk analysis would have shown that what the hackers could achieve paled into insignificance with what Fasthosts did to us.

    We will be moving. In the absence of apology, good communication and compensation, it would be an afront to ourselves and our users to remain with Fasthosts.

    I do hope all those still offline manage to regain control of their sites soon.

  154. Anonymous Coward

    Move Domain

    If you have .uk domain you can simply log on to your nominet account (you will have got a letter some months after registering your domain) and change the ipstag yourself. It costs £10 but thats sometimes better than waiting for your isp to do it and it some cases cheaper.

    I did it recently to remove a domain from easyspace because to move a domain you have to ring an 0870 number so they can try and persuade you to stay, once you've finally confirmed you want to leave they charge £15 to change the IPStag.

    As for fasthosts my only experience of their service was a dedicated server which we dumped almost immediately once we realised it was their own (out of date) version of linux. When I mentioned it to a friend who lived near by and ran an IT business told me drop them asap because of experiences he had had. That was 5 years ago, seems like things haven't improved.

    Are they really using ftp? Surely this means passwords are being passed in clear text anyway and so can be grabbed by anyone?

    Not sure why someone hacking a few ftp accounts should mean reissuing every master password. If a few peoples ftp accounts have been hacked surely thats just a few sites defaced.

    It shouldn't mean that the hacked has access to everyones accounts. Looks like there is a lot more to this than we are being told.

    As for losing a domain, I guess you'll learn to always renew your 'corporate' domains well in advance. You should never leave it to the last minute as you can never guarantee their won't be a service issue somewhere in the renewal process.

    If you have lost a domain in this way it may be worth contacting the registrar (nominet for .uk) as they MAY be able to do something if it resulted because of this outage. That said I'm sure .UK's have at least a month cooling off period and for .COM's etc its something like 3 months so I'm a bit surprised someone has grabbed it so quickly.

    Feel very sorry for anyone affected by this. Fasthosts have clearly lost the plot. Their lack of communication is unbelievable as was their decision to change passwords before the letters had a chance of being received. To break web sites via an enforced password change beggars belief. If someone has hacked all their client accounts whose to say they haven't randomised peoples postal addresses too!

  155. Anonymous Coward

    There was the clever thing called....

    Back at the dawn of the net, there was this clever little thing called (or at least something like that) Now the way i figure it - this disaster must have had an effect on at least 3000 users - paying lets say an average of £20 per month (Resellers included) so thats umm £60,000 a month... which as a group buying Conglomerate i guess would have enough weight to not only negotiate better rates for all but also a higher rate of improved customer services - Anyone up for this????

  156. Ivor griffiths

    Why post them?

    Given the recent publicity concerning the wooden tops at the Inland Revenue and the cost associated with posting out so may letters (probably 75p per letter) one must wonder why such a decision was made.

    Fasthosts are a large and successful business, they are not fools. This is a calculated decision. Sending them by email would be no less secure and of course free.

    What are the advantages of doing so? Delay.

    Has anyone actually had a letter yet? No.

    Why delay?

    Perhaps the hackers told them they were going to shut them down and notwithstanding Police and other security involvement the hackers could not be stopped. National Security issues?

    I just do not believe that Fasthosts management are as incompetent as they appear. We loathe them now but these chaps will be intelligent, business savvy operators who are used to crisis management. It makes no business ense at all for them to have done this.

    But it is not just ftp, sql, httpd that is offline. It is also DNS. The whole system seems to be wide open. Anyone with even one site that is just for the kid's photos should move away, cancel the credit card used and get on with the rest of their lives.

    I always use reloadable cards to pay hosters, just make sure you have s75 protection as well.

  157. Anonymous Coward

    Not only are Fasthosts giving us Resellers a bad ruptation.....

    ... They're also ripping us off. OK so Jo Bloggs wants a windows business hosting package - Fasthosts deal - 15 advanced mailboxes (cost to reseller £150 plus VAT PA) an SQL Database (Cost to Reseller £180 PA) and the ASP enabled site (Cost to Reseller £10PA) Load Balancing (cost to reseller £40 PA) plus free this free that free etc etc Jo Bloggs gets this for £15.99 a month - £191.88 PA

    We Reseelers pay £380 just to be able the same service, as a NICE little sideline to our business TWICE AS MUCH - now that's a nice little sideline isn't it.

    Come on Fasthosts surely it's time to stop treating the rest of us like the bunch of tossers YOU are

    And please stop charging us for the things that are standard - ASP / ASP.Net...

    Its a bit like the icecream man charging you for the f***ing cone.....


    Well I guess we can all find alternative solutions - I mean there are enough discruntled clients on here, to team up and invest the money we currently pay you and open our own data center.......... (thoughts anyone)

  158. Rob

    Fasthosts debacle

    I think that Fasthosts have a bigger problem than they are letting on. This is why they have taken such drastic action without thinking through the consequences.

    I believe last Thursday evening they tried to change all the email passwords on all their servers too. But someone realised that when they did that their customers would not be able to dial in and pick up emails !! and wouldn't know what was going on, or be notified about what they were doing. I say this because there was a period for a few hours where they did change email passwords. My PDA couldn't dial in to their server because the passwords had been changed but then the passwords were changed back.

  159. Anonymous Coward
    Anonymous Coward

    How many?

    75% of 650,000 websites.

    Imagine that.

    No wonder they are engaged.

    Oh Mr Fasthosts, what *were* you thinking.

  160. Anonymous Coward
    Anonymous Coward

    This missive might make you feel a little better (or bitter)..

    "Like a death at a birthday party, you spoil all the fun. Like a sucked and spat-out Smartie, you're no use to anyone..."

    More at:

  161. Anonymous Coward

    No Apologies....

    Just sat for 1hr 40m in the Farcehosts "tech support" queue and insisted they gave me my cp password. I have a melted ear and burst bladder from the process, but hey, no one said it would be easy. Sods law the password arrives in the post tomorrow (yeah right!).

    At least I can get things moving along now, gonna be a late night, or is that an early morning?

    I enquired about the mail accounts, unbelieveably they are still resetting the whole lot on the 13th. BUT! Once you can get into your control panel, apparently in a day or two, there will be a tool you can use gratis from Farcehosts to list all the email addresses and passwords that are to be reset and they, <shock, horror> will do this for us!!! How's that for good customer service?

    Needless to say I am on the hunt for another reseller account elswhere...

    Night/Morning all :)

  162. Anonymous Coward
    Anonymous Coward

    thats it, i give in

    so i put up with the flooding, the deleted mailboxes, the unhelpful support staff, the unexplained downtime, delayed email, hacked passwords and even had my card details cancelled by the bank after they were passed a 'large list' by the police a few days later, got charged because i couldn't login to update my details with my new card details and finally this weekend lost FTP access at the worst possible time ever

    we changed our passwords and weren't affected the same as some of the people above, and after having bad experiences with nearly every host out there in the last five years thought 'better the devil you know'

    then today we had a problem with one of our databases, and our backup space was inaccessible. all we needed was some extra space on one of the live databases. Called support and got through really quickly (suprisingly), but when i asked for some extra space - the response was "yes, but i can't give an exact time when".

    cue some frantic backing up etc, etc, and moving to a new database instead. So i though sod it, its about time we had a dedicated database server - i'll just get one now.

    ater going through the signup process i discover i have been charged an extra £120.00 somewhere along the line, but have a working server within minutes - happily i log on to find that the server is equipped with sql server 2005, fantastic - if only i'd known that before i woudl have prepared all my databases currently on the shared 2000 servers for an upgrade, but its ok - i didn't want christmas, or january - or a business any more for that matter.

    having looked around the market for solutions, i have finally found one that works for me

    alcohol + passport + plane ticket outta here to somewhere that has no interent access

    i surrender.

  163. Simon

    They have some info on compensation -

  164. Simon


    I would advise anyone to email working lunch, link on the right of the page located at

    and maybe they will do a story on it.

  165. Ste

    Password Arrived In Post

    Hmmm, I like the fact that they try blame me for not hearing about the 18 oct changeover, the fact being they didnt send the bloody email out in the first place....

    Right off to log into the site.....

  166. Anonymous Coward
    IT Angle

    What problem?

    I changed my passwords but still got affected..what i don't understand is how people have domain hosting and web hosting on the same provider / Control panel?

    All companies will have issues at one point or the other - moving isn't the solution really, think of how many people will move to your new provider after this?

  167. Muddy Boots

    Postie, Postie, where is it?????

    Postie just been with confirmation that my Fasthosts payment has been taken from my card last month, but no password still. I can get into my CPs and emails, but still not able to get into FTP site.

    When, oh when?

  168. Anonymous Coward
    Anonymous Coward

    What does the letter actually say?

    Since Fasthosts wasted a day drafting a letter rather than just sending out a simple letter with your password in, this is a nice analysis of what the letter might mean:

  169. Anonymous Coward

    It's here!!!

    Must admit, I had a cheque from the National Lottery in the post for £75000-ish, but a greater excitement was that I had the letter from Fasthosts! This caused enormous pleasure for the following reasons:

    1) It actually arrived!

    2) It worked!

    3) It will now allow me to collect the website and find a proper web host! Goodbye, Fasthosts.

    PS - the £75000 was a joke!

  170. Anonymous Coward

    Not giving resellers a good name either

    My FH reseller has yet to reply to my emails since Thursday when the shit hit the fan. No one's told me what's happening. No one's told me when I should have access again. I only know what's going on because of The Register's article.

    If I was just relying on the password in the post it would be bad enough, but to wait for someone else to get the password in the post then be bothered to actually sort things out or even email their customers is beyond frustrating. My reseller didn't even bother to pass on the password reset warning when it went out in October (not that that matters now or would have made any difference given the blanket reset).

    I won't name and shame my reseller for now but I'm pretty tired of being shafted by companies that don't give a shit.

    I understand resellers have a lot on their plates right now, but it only takes a few seconds to email your customers and tell them why they can't access their FTP.

  171. Alastair

    Passwords working???

    Anyone else having problems trying to get the passwords working?

    I have 3 accounts and I can only get into 1 of them (not the one I REALLY need to get into).

    I have checked usernames against what they sent out when I subscribed and I am doing everything correctly !!!


  172. Mike Knowles

    DNS changes not possible?

    Now that I've got access to my most important domain, I've got one of my business partners to setup a new server for me at a different host. I've added a new glue record at Fasthosts to point at the new server. It should be live now, but it isn't. I guess Fasthosts aren't processing DNS host record requests at present? Anybody managed to successfully transfer anything *out* yet?

  173. Anonymous Coward
    Anonymous Coward

    Any news from FH themselves?

    The fact that there's not even a message on fasthosts website stating that there users could be having difficulty logging in is astounding. Fair enough there holding back from an apology but at least some clue to save there thousands of users from trawling the web for clues..

    Fasthosts sales methods and there actual service have always been poles apart, the fact that there own site is still intent on selling there over priced packages rather than trying to tell there existing userbase whats actually going on is just another example..

  174. Anonymous Coward
    IT Angle

    No password through post yet.

    Add another one to the list for "it's Tuesday and still no password". How about sticking a phone number on the Support Ticket - will they phone?

  175. Jonty Rose

    Fasthosts email password changer

    Hi there,

    not sure if anyone else received this, and it's only a solution to half the problems people are having but see below from fasthosts support:


    Please be aware we will be requiring all email passwords that haven't been changed since the 18th October 2007 to be changed in the next 10 days. All unchanged email passwords will be scrambled on Thursday 13th December 2007.

    Whilst we recognise that this is extremely inconvenient for our customers, it remains the only way to be 100% sure that you continue to receive a secure service.

    We will shortly be providing a mass email password change tool to assist with changing your mailbox passwords. This will be available in your control panel and will allow you to download a list of all your mailboxes, and enter a new password for each. Once this is complete, you can simply upload the file to Fasthosts, and we will change the mailbox passwords for you on the above date. This tool can only be used with email passwords.

    You can change your email passwords now however, either in your control panel, or by entering your mailbox details at

    Please remember that the passwords will need to be changed on any email client you use to download your emails (such as Outlook Express, Outlook or Thunderbird). For assistance with this, please view our knowledge base article at

    Under no circumstances whatsoever should you try to reuse any of your old passwords.

    Please note, you will only be able to log into your control panel if you have recently changed your password, or if you have been provided with your new control panel password (either from our support team, or via the letter we have sent you). We expect every customer to have received a letter containing their new Control Panel password in the next few days.

    We apologise for the inconvenience that this will cause your business during this period, but trust you understand that our primary concern is for our customers and for the security of their websites and data. Unfortunately, an automatic password change is the only way of ensuring that all of our customers are totally secure.


    At least you wont stop getting emails!!!

  176. Ivor griffiths

    No letter

    I got a letter yeaterday that was posted second class from London on Thursday. Fasthosts have not posted my letter yet. DNS is still off anyway. Intermittent connectivity, constant barrage of emails from Internetseer telling me it's on again, no off again. The only reason I want the password is to transfer out.

  177. Anonymous Coward
    Alert same problem! are definitely having the same problems as FH. They are now going through the same painful process of changing all passwords. This is a quote from their Service Status page:

    "Due to a security update across a number of our servers, we are asking customers to reset both their FTP and Domain Control Panel passwords. Current passwords will no longer be valid and all customers will need to reset these. You will not be able to use your existing password or a previously used password for your new FTP/DCP password."

    Either they are buying their services from FH or this problem is much wider!!!

  178. Name
    Thumb Down

    my password delivered today whoohoo..but....grrrrrrrGRRRRR NOT WORKING!!!!!

    it doesnt log me in for F%$%^&# sake!!!! i cant get through i cant ftp in to remove my files I cant do s*** its ridiculous ...AS SOON AS I GET ACCESS I'M REMOVING MY FILES FASTHOSTS!!!NO MORE MONEY FROM MEEEEEEEE

  179. djberriman


    Streamline appear to be hosted at rackspace - so seperate issue?

    4 ( 30.266 ms 168.671 ms 204.099 ms

    5 ( 203.198 ms 183.862 ms 174.135 ms

    6 ( 15.593 ms * 17.085 ms

    7 ( 16.264 ms 17.779 ms 15.647 ms

    8 ( 16.236 ms 15.672 ms 16.108 ms

    9 ( 17.553 ms 15.622 ms 16.441 ms

    10 ( 16.167 ms 16.171 ms 16.106 ms

  180. Colin Cook

    I Don't believe it!

    This is the icing on the cake for me. At the end of February the company that hosted my shopping website, Internet central in Keele managed to move my site to another server without backing it up first (as they promised they did every day), guess what they lost the lot! To cut a long story short, Just over a week ago the new re-built from scratch site was uploaded to fasthost by my web designer (we will use our IPS for now, they said). A week of trading, 3000 emails sent to our customers to let them know we were back, pay per click adds taken off hold, then this happens! The irony is if we had uploaded back on Internet central it would still be working! I give up!

  181. Alasdair
    Thumb Up


    Streamline, I'm quite sure, share Fasthost's data centre to host some of their shared hosting services. They therefore probably got blindsided too when Fasthosts hit the big red button. Their main site (homepage) could likely be hosted on rackspace so they have a 100% uptime network

    I got my passwords from fasthosts today, but annoyingly am finding that resetting the FTP password isn't working. This is after 7 hours. So it isn't a simple "it could take 20 mins to update" thing either

  182. Neil Rigby

    Where's the Support?

    I put in a request for support [previously changed database password not working and probably scrambled] 48 hours ago. I haven't had a reply as yet.

    Any other similar experiences out there?

  183. Anonymous Coward

    Be Careful

    This morning i got up, to discover that almost £500 has been taken via Paypal from my bank account. Not blaming Fasthosts on this, just seems a bit of a coincidence.

    If, like me, you used the same password for anything and Fasthosts may have had it, it is a good idea to change it NOW!

  184. Adam

    Contact tel no

    Has anyone managed to get through to tech support - if so on what number please?

    I STILL haven't received my new passwords.......

  185. David Ryans

    The worst treatment I've ever experienced online

    This is just beyond belief, truly staggering - I'm tempted to call it evil!

    So it's nearly a week now - despite having already changed all passwords when they asked I am STILL locked out of my account, website down, have had NO emails of apology or explanation, customer service are ignoring my COUNTLESS emails of increasing desperation, my business is in RUINS.

    Is someone over there taking pleasure in this? It's the only explanation for this sadistic behaviour.

    I finally managed to move the site over to another host after I found an old backup but the damage is done. Just one email with an explanation, just let me login and cancel my damn account! The password letter will never arrive because I no longer live at that address.

    If I get charged for one more month they will be done for fraud.

  186. Muddy Boots

    That's it!

    Had eneough. All out now to get me a new host! That's if I can get the tags. I tried UKReg only to have the call transferred to Farcenet. One prospective new host told me how to go through Nominet. Went to them and they said it'd cost me £10 plus VAT and it could take up to 24 hours to transfer. I don't mind paying that if I could just get these people that know my private email address and phone number, off my back. And I only do it as a hobby and I am retired, I could do without this hassle and at this time of year, I run a Christmas website - no money involved, so I really sympathise you folk who have a living to make.

    It's about time Farcenets came clean on this, because, as I've said before, something doesn't smell quite right and the rumours seem to be going around the industry.

    I STILL haven't had a letter with my passwords in it, but I did get an email last night telling me about the next step in this cock-up - Email Password Change - Thursday 13th. December. I'm not getting any via Farcehosts now, nevermind next week!!!

  187. Anonymous Coward
    IT Angle

    Credit card

    Just had the the credit card we use with fasthosts cancelled...coincidence??

  188. Ivor griffiths
    Jobs Horns

    No letter

    Still no letter. DNS is on now though. I just want to get everything away from them. I hope this causes them to go belly up (but only after I transfer out).

  189. Anonymous Coward

    dedicated servers are the way to go

    I've used FH's dedicated servers for the last 18 months and avoided disaster here (apart from being locked out my one and only control panel which I received the new password after 45 mins wait on the phone).

    To be honest, shared hosting on FH is an absolute nightmare (i.e. individual or reseller accounts). To be fair to FH, shared hosting has been a disaster for us with other hosting companies too (IXWebhosting in the US being THE worst). We switched away from shared hosting a long time ago because of the atrocious downtime that inevitably occurs, and/or simply the slowness of page loads much of the time. Also, reselling is EXPENSIVE with FH. Want a mySQL database? 29.95GBP a year. Want to use ASP? 10GBP a year. Not to mention: how on earth do you regularly backup the scripts and databases?

    Now some positive words for FH; we've never had any troubles with their dedicated servers in the last 18 months. mySQL databases? Free. ASP? Free. You can backup all of your data easily (how is this possible with shared hosting?). You get to install your own components, and there's simply no downtime (barring the floods of the summer where we had 6 hours of downtime, and a fibre optic cut in June 2006 when we had another 6 hours of downtime) - other than that, things have gone smoothly.

    Perhaps the best thing of all with dedicated servers (whether it's with FH or another company) is that there's no interference - no sudden upgrades of mySQL that break your scripts, no password changes without notice, far cheaper to scale up (no database costs, scripting costs). No bad "neighbours" who steal all the resources and crash the server.

    Whether it's with FH or another host, if you're currently a reseller, I'd recommend moving your domains to a dedicated server and avoid the nightmares. It's not that hard to set-up a dedicated server and once you use them, you wouldn't consider reselling on shared servers again.

  190. Anonymous Coward
    Anonymous Coward

    One week gone

    A week has passed, and I wonder how many people have actually received a letter and then been able to login to their control panel? Like others, I find the whole situation unbelievable. How could a web hoster deliberately change hundreds (thousands?) of passwords, knowing their action would instantly bring down many of the websites (any website that depends on MSSQL, for example).

    Who wins? Not Fasthosts, as they get the criticism and inevitable support call. Not the customer, who now has a dead website.

    With shared hosting, you have to live with the fact that people will try to break into the system. With access to the shared server (through the control panel or FTP) you have a starting point. A new account can be created instantly with a dodgy credit card number (which may not be noticed for weeks) so anyone can have a go. That is just a fact of life for a webhost offering shared hosting.

    So what has gone on this time? Some login details for some FTP/CP accounts have fallen into the wrong hands? Thats a matter for the police (who unfortunately aren't that good at investigating, especially since the previously dedicated team has been merged into SOCA). But what good would these details be? Bring down Fastshosts servers? That has always been possible. Deface some websites? Ok, that's an issue, but easily resolved on a per-case basis.

    It just does not make sense to reset all the passwords. And to then use Royal Mail to send out a new password, to an address which has not previously been authenticated, is pointless.

    Nice to see Fasthosts website wishes you all a merry Christmas though. Nice touch.

  191. Simon Metcalfe

    Just been on BBC2's Working Lunch

    Not sure if anyone saw, but it has just been featured on BBC2's Working Lunch (incuding my telephone interview)... maybe this will finally kick Fasthosts into talking to it's customers as humans and not as cash cows/idiots.

    Also, it's thursday afternoon and I still haven't had my password letter yet... who ever came up with that idea should be first in the Job Centre que on Monday together with the person who thought it a good idea to spin what is clearly their problem/fault and somehow make it our problem/fault !

    As soon as I'm back on (asuming I ever get back on) I'm off and I only hope everyone does the same !!

  192. Richard

    I still cant access fasthost (NO SUPPORT EITHER)

    I have been trying to log on to my account for weeks i did not even know about these problems till i discovered this site. My old password no longer works and i cant log in if i select " i have forgotten my password" it says " This service is not available please log on to the support section! HOW CAN I LOG INTO THE SUPPORT SECTION WHEN ONLY LOGGED IN USERS CAN! MY PASSWORD DONT WORK!!

    It then says on the support log in the same "Forgotten my password" you click it ans you get the same message this service is not available.

    You try to call their sales offices or numbers on the e-mails and they are all DEAD!!!

    I want to know whats going on as they just took £50 for last month out of my account and i cant use it or contact them

  193. Muddy Boots

    Blimey! Farshosts were quick this time!

    Like the above poster, Fasthosts took over £50 off me last month and I can't get in anywhere now, no password in the post or anything, so today I took my domain name and left.

    I've been with them since 1999 and this is all the thanks you get. I know I'm only a small user, but the old saying goes - from little acorns grow hearts of oak.

    I've just tried out my CP to see what happens and now I don't exist. Maybe that's why there's no one to help. Fasthosts may be too busy blocking all those leaving.

    It leaves a nasty taste in the mouth. I'll be popping back in here to see the progress, but now I have the job of setting up my mailboxes and FTP.

  194. Paul Fishlock

    Fasthosts incompetence, denial and irresponsibility

    7 days after the security breach Fasthosts have failed to reply to any emails. Updated passwords apparently sent by Royal Mail 6 days ago have not arrived. Their help line takes over an hour to respond. If you do get through and confirm your account number, pin, name and address you will be told that your post code is wrong on their database. Blatantly a false statement since a simple check on

    will confirm it.

    Told that they cannot send a Fax of passwords as they do not have the facilities, but if you want to send a complaint Fax to…

    Told that they do no have records of compromised information and cannot discuss.

    Told that there are no managers available to discuss further.

    Told to write to them.

    Then they hang up on you.

  195. John Greenwood

    Could it be worse...

    I suppose things could be worse.... the Department of Works and Pensions could still decided to reset our National Insurance and Bank Account Numbers the week before Christmas! I can see the Christmas card now;

    Dear Mr NE1011011F (formerly know as GW9087871K)

    Due to our ineptitude we have reset your NI number. Your new record shows you made zero contributions for the year 2007 and therefore you owe us millions - plus a £100 penalty for late payment!

    Happy Christmas


  196. Anonymous Coward
    IT Angle

    Phew, I'm back in

    Still waiting for my postal passwords so I spent 45 minutes on hold. I was quickly able to get my control panel passwords for my two accounts. They worked fine and I've now changed everything.

    I do feel sorry for those with multiple accounts.

    I hope they don't get reset on the 13th.


  197. Anonymous Coward
    Anonymous Coward

    Email Password Change Tool Not Available

    Fasthosts sent an email out today claiming:

    "Mass email password changer tool now available"

    Through another blunder, they forgot to actually make it available on the control panel. More at:

    With blunder after blunder, and countless websites still down after more than a week, how long is it going to be before Fasthosts are held to account?

  198. John Rudolf

    Still no posted passwords...

    Fortunately, Fasthosts phoned me and we got the password issue sorted. However, I still haven't received any postal password so God knows how the rest of you guys are coping... Best of luck!

  199. Robert Challess

    Password received, but does not work!

    Password received, but does not work!

    Telephone access seems impossible.

    E-mails are ignored.

    How do I cancel Fasthosts without them continuing to take money from account?

  200. Anonymous Coward
    Anonymous Coward


    I have another (very unimportant) website which I want to cancel - simply because Fasthosts host it, and I won't leave payment details with them. I have tried to ring Fasthosts and still (about ten days after their block password change) I start at queue position 38.

    I feel sorry for the poor suckers on the end of the phone. Bet they love going to work!

    Why is there no obvious way of cancelling online?

    I presume everyone got the apologetic email a couple of days ago, thanking us for our patience. Despite this being an important - nay, crucial - contact, there were two spelling mistakes or errors of grammar.

    "Throughout this period we have tried to make the right decisions to minimise the problems faced by our customers, and will continue to do so. We have a responsibility to act to protect our customer's data and, on this occasion, we had to act to fulfil this, even though we were aware of the problems it would cause."

    We have a responsibility to protect our customer's [sic - should be customers'] data. Presumably this should have included encryption of passwords, rather than being saved in a text file.

    They are trying to appear professional - they still say that no blame is attached to them, they have acted thoroughly responsibly.

    Is anyone going to take them to court? Sorry - after sending this dreadful email the company MUST pay and, I hope, go out of business. There is still nothing on their website - according to them it is the best hosting company in the country.

    And this is from someone who hates the compensation culture!

  201. Anonymous Coward

    Letter to fasthosts

    My letter to them.... if they read it ill faint...

    Further to my communication and no reply! - IN SEVEN DAYS , i wish to add to my original letter below:

    I had hoped that joining Fasthosts would be a pleasurable experience and that i would be able to connect

    to my webspace at a minimum. And set up the site with the minimum of fuss.

    This has not been the case.

    I now expect to find a new host for my domains and webspace, this is going to cost me a lot of extra cash that

    i do not really have to spend just before christmas and the final nail in the coffin is the non response with any communication

    for 7 days now.

    I fear the problems could have been dealt with better than locking everyone out of there account and then taking a week to mail some

    of the people there passwords, this too is not acceptable without initial communications, since the mess happened Fasthosts has updated

    every other day an update, this really doesn't undo what happend and is why i have made my choice.

    I expect no further cost to be projected my way in the future, i will move my domains away shortly .

    I understand your position with security but its like smashing a computer that has a virus on it, rather than fixing the problem properly.

  202. Anonymous Coward
    IT Angle

    BBC report

    Are the BBC going to do a follow-up report? Has everyone changed their passwords now? My letter eventually arrived.

  203. Dave

    Legal Action & New Host

    Like the rest I have a few accounts that make it difficult to move from fasthosts as dont want to cause more down time!

    All new accounts I use as they do care about you without all the red tape bull shit! You can also do alot more with their CP if you want to!

    Fasthosts Terms surely cant stand up to this mess and ££££ of costs to its resellers and exposer of resellers as resellers! What does white label mean? We need advise on legal action and image damage! Anyone???

  204. Paul Hillman
    Thumb Down

    Now I'm stuffed...

    No snail mail, was mid house move when this kicked off and couldn't get into control panel to change address. AND my email address for password reset is hosted by Farcehosts and as they've locked me out I'll never get to know about a new one.

    Anyone suggest a good hosting service ?

This topic is closed for new posts.

Other stories you might like