I use them, but literally only for DNS services, and as a secondary mail server.
I used to rent a dedicated server from them many years ago, but they literally supplied it to me with a Linux image that was so out of date and insecure it was laughable, but for which their update servers refused to provide updates. Additionally, the only official update available from the distro (I forget which, probably wasn't Ubuntu back then) to get over the hurdle required you to do something in the bootloader and came with all kinds of dire warnings.
Of course, you didn't have access to the bootloader, and when asked they refused to do anything about it, or even assist - they would charge if the machine became unbootable as a result, for instance! Literally, they supplied a booby-trapped insecure server from the very first second you clicked the button and there was no recourse that didn't involve a potential charge. I talked to support multiple times about it, who were singularly unhelpful and I think just avoided doing anything but remote-power-cycling on a server from their offices, I emailed, I wrote letters, and in the end I just cut the credit card payment. They moaned a bit but didn't even bother to chase.
The server literally never went into production, because it was just too dangerous - the OS was so drastically out of date that most of the usual services were remotely-compromisable, and you couldn't upgrade the services (things like Apache, etc.) without a kernel upgrade, which you couldn't do because they didn't supply it, support it, and would charge you if it didn't work. Oh, and of course they reserved the right to take your machine offline if it was found to be vulnerable, and still charge you for hosting it.
After that experience, I never touched them again, with one exception. My current employer holds a domain with 20+ subdomains with them. All of the A and MX records point to something non-1&1. Basically if their nameserver does ever fall over, I'm moving the domain, and I already don't trust them with anything else at all.
They keep trying to sell me SSL certificates, though. Which is hilarious since the advent of LetsEncrypt, but even worse when their prices are like 10 times their competitors even for a non-wildcard certificate.
Biting the hand that feeds IT
