back to article Brit hosting provider tsoHost takes needleful of 'unauthorized code' to the servers, suffers week of outages

UK hosting provider tsoHost is recovering from a week of major service disruption, after discovering "unauthorized code" was "injected into servers" in one of its data centres. The Slough-based biz said it was forced to apply "emergency security updates" but the process appears to have complicated the matter further, with …

  1. Anonymous Coward
    Anonymous Coward

    Every cloud has a silver lining.

    In this case it will be for the competition.

    1. Vince

      Re: Every cloud has a silver lining.

      Hah, fat chance. People are remarkably slow to actually do anything once the fire has been put out.

      Even though a few might shuffle things, the odds of it making a material difference is close to none.

    2. katrinab Silver badge

      Re: Every cloud has a silver lining.

      The competition being mostly other tentacles of GoDaddy.

  2. Anonymous Coward
    Anonymous Coward

    English not their strong point...

    "I am afraid that we cannot provide you with an ETA at this point. Having this said (sic), once we determine what is the root cause of this and have it resolved, we will provide you with an official statement on the matter."

    If I were to send out a company missive, especially one highlighting how the world's on fire, I'd run it by the Comms people in the company.

    Anon, just in case I've made some hideous mistake with my own grammar!

    1. Anonymous Coward
      Anonymous Coward

      Re: English not their strong point...

      but this is a new, disruptive type of business, i.e. no comms people, and probably very few people anyway (and these employed remotely, in a country where they can pay them much lower wages). Yyeah, even lower than in Sloughland.

      1. Roland6 Silver badge

        Re: English not their strong point...

        >but this is a new, disruptive type of business, i.e. no comms people, and probably very few people anyway

        You mean a startup agile company, or perhaps that company structure that was liked by management guru's over several decades one where everything was outsourced and paid for via subscription (standing charge) and meter...

  3. tin 2

    TSO have been circling the pan for years now. My problem has been that when something does go wrong the attitude of their support organisation is abysmal. The cover ups and long periods of time without status updates alleged in the article would seem to corroborate. It was not always so. Time to find another provider once more I fear.

    1. Will Godfrey Silver badge

      Indeed, and for some reason when I see that name, I seem to read. TossHost

  4. Anonymous South African Coward Silver badge

    The Cloud, just a fancy word for another man's (troublesome) computer.

  5. BinkyTheMagicPaperclip

    I have domains, but no hosting with tsohost (was vidahost before being taken over)

    The emergency patching message said 'we are updating these components, it may break your software if it depends on older versions. (sucks to be you)'

    I don't think I'll be moving my hosting to them

  6. Csmy

    Its a shambles, all sorts of weird stuff has been going on for the last few months.

    Plus we have this beauty that's still not fixed either -

  7. steven_t

    Lemonrock was affected by this

    "Tsohost - our hosting company - disconnected our Lemonrock server from the Internet early on Monday 10th June 2019. They did this without warning, and later claimed that they had suffered a cyber-attack."

    Their full explanation is here:

  8. Anonymous Coward
    Anonymous Coward

    cPanel you say? Big Exim vuln recently...

    cPanel runs Exim. Exim had a major security issue recently that allowed fairly trivial root level access to servers. Coincidence?

  9. CAPS LOCK Silver badge

    So, what's a good alternative...

    ...(since tsoHost recently killed the deal I was on) for a tiny personal web site.

    1. IGotOut Silver badge

      Re: So, what's a good alternative...

      I've been using tsohost for years (actually £5host before take over)

      I'm on their budget cloud hosting platform that doesn't use Cpanel. I wasn't affected by this outage.

      Personally I've always found their support really could, getting my old site back up and running after a zero day killed it.

      Your not going to get anything better if your on the lower tries, as most budget ones don't include backups.

      1. Pen-y-gors Silver badge

        Re: So, what's a good alternative...

        Exactly my experience. Started with them when they were (I think) Hostroute? 15 years ago? Several takeovers later and I'm still with them. I have several of their Cloud hosting accounts, hosting dozens of sites, at reasonable prices. Pity they've ended up at GoDaddy. Fingers crossed for a management buyout at some point!

        Support is good, usually via Chat. Knowledgeable people who usually sort things out.

        I've used various providers over the years, and they all have weaknesses. What starts off well as a small, friendly business end up being taken over and turning shitty.

        Basically you get what you pay for. If you can afford a full managed server experience, lucky you. Otherwise find someone who provides a nice, easy-to-use system, with decent up-time, and don't use it for anything absolutely critical. Oh yes, and keep daily off-site backups in case of emergencies! (I have scripts that do encrypted backup to AWS - Glacier storage is dirt cheap)

        1. Tony W

          Re: So, what's a good alternative...

          I've been through five hosting providers in the past 25 years, and had to leave four of them because of rapid and extreme deterioration of service when they got taken over. Tsohost (however they spell themselves, I've never bothered to remember and it hasn't mattered) have lasted the longest and (typing with crossed fingers) are still good. For a cheap provider the speed of support is unbeatable. Which is not to say they are perfect of course.

      2. Ynox

        Re: So, what's a good alternative...

        +1 for TsoHost. They're not perfect, by any means, but for the price I'm more than happy with the service really.

    2. Phil Endecott Silver badge

      Re: So, what's a good alternative...

      AWS Lightsail.

      1. Anonymous Coward
        Anonymous Coward

        Re: So, what's a good alternative...


        1. Norbie

          Re: So, what's a good alternative...

          If anyone remembers how good Tso was back in the day, you’d likely be pleased to know the original founders have started a new hosting company - Stablepoint.

          I started to move my sites over from Tso a few months back and they’ve been fantastic. They have a Slack community channel too for questions.

  10. Rainer

    Nice touch of irony

    By the ad for the „Serverless Computing“ conference ticket sale.

  11. Claverhouse Silver badge

    I really can't bring myself to trust entities with 'funny' quirky spelling one has to presumably remember.

    Same applies to GoDaddy, really.


    I can remember WordPress, which has an infinitely precious crowd running it, inserting code into an update to change any spelling in one's words without the camelcase to 'WordPress'. Their Fascist Doctrine, 'Decisions, Not Options' forcing their decisions was always the utter antithesis of open-source...

  12. Anonymous Coward
    Anonymous Coward

    I would be shocked if this was not, in some way, connected to badgers.

  13. steviebuk Silver badge

    All the small players end up being bought out.

    Is the sad truth. These sounds like they are Happy Shopper hosting. I suspect being bought up by GoDaddy and the others slowly killed them off. With staff being forced into working how the new owners want. It annoys me as some small hosts are really good with good customer service. That is what you're buying, so why then force them to work how the parent company does, the parent company that lots of people hate.

    I used to be with ariotek hosting but, alas they had a massive outage with two of their servers. Bare metal backups didn't work so eventually, with a heavy heart, Colin had to sell the business to Krystal who offered to help. I believe he went to work with them at the end of it. Everyone was shocked but Krystal have turned out to be really good. I had an issue with my site not working the other day and couldn't work out if it was their firewall or not. Raised a low priority ticket asking if it was the firewall. It wasn't. It was a plugin for Wordpress that had failed. They disabled them all so the site worked again and I was able to get in and find the one causing it. Something they didn't have to do, so they are all good. But I fear, they'll get bought out at some point. The owner is young and I wouldn't blame him for selling. If someone offered me several million for a business I'd started, I'd take it so I'd never have to worry about money again. Bit like Mark Russinovich and Bryce Cogswell. Got bought out by Microsoft. I think part of the contract was they both had to carry on working for 3 years I think it was, then were free to continue or leave. Bryce decided to retire and enjoy his new wealth. Mark carried on and now runs Azure.

    I had more of a point but started to ramble and forgot what the point was. Still posting this anyway :)

  14. Anonymous Coward
    Anonymous Coward

    The best providers of affordable hosting for personal/small businesses are small businesses. The reason is that every client matters and the tech support is usually competent.

    The problem with that is that many of their clients are not remotely "technical" and need a lot of support and it turns out that support becomes a high cost to the hosting provider. So they get loads of hassle for small reward and when a big company comes along offering £££ it's going to be accepted. The big providers use minimum wage "support" desks. They don't care if a client leaves because they are often the ones placing most demand on support so losing them is a net financial gain.

    In over 20 years I've seen several competent small hosting providers gobbled up by bigger ones, and the outcome is usually bad. Until recently I had a dedicated server initially with a small provider, it went through several changes of ownership and upgrades to newer hardware ending up in part of GoDaddy (but was still being billed as TSOhost). Being a dedicated box I had full control and any down-time was most likely to be a (fortunately rare) screw up by me. When I did need support it was slow and evasive (that's to say I'd get a response that completely missed to point and didn't address the issue). Hence my departure. The only positive was that with a bit of determination and a lengthy process it was possible to get an issue escalated to someone competent.

    I'm reluctant to give a recommendation for a "budget" hosting provider because they'll probably go the same way as the rest. A better strategy may be to pay a bit over the odds and beware of promises of "unlimited everything" go instead for adequate resources plus a bit as a safety margin.

    123reg seems to be part of the same shower now. I had to quit after repeated price rises, invoicing cockups and unimpressive "support".

    I've still got a couple of Vidahost (then TSO host, now GoDaddy) small hosting packages but only until renewal comes due.

    1. Muscleguy Silver badge

      Sounds a bit like a lot of stuff. I have a Kobo eReader, requests to them ALWAYS result in just boilerplate about what to do in various scenarios none of which are yours. IOW it's entirely automated and they don't have support staff.

  15. TramVanCollision

    Email password policy flaw

    I agree with most of the other comments here: the quality of service from TSOHOST has collapsed recently.

    In addition, I recently discovered a serious flaw with their email mailbox password policy: only the first 8 digits of any password are checked!

    My Dad's email account has been repeatedly hacked by spammers despite numerous, complex password changes. However, I was only changing the last digits of his password, the first 8 remained the same and so the spammers could carry on logging into his account!

    TSO support have confirmed the flaw but despite asking them to fix it almost two weeks ago, it's still present.

    I'd like to make other TSO customers aware of the issue but their forums have been shut down.

    Any suggestions?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020