I recently moved to CrocWeb from
Bluehost trying to figure out a faster, unthrottled and cheaper host. My sites knew they could settle for a limited bandwidth/space so they loved CrocWeb.
Bought the storage/transfer - 10GB/100GB plan to test them.
My Honest review on CrocWeb(1 month with it):
1> Good to amazing speeds with the their powerful lightspeed servers
2> Uptime that rocks
3> The new cPanelX is blazing fast
4> Support actually means "support" , they are helpful and really fast even through the email and ticket system(wasnt expecting this but yes they are 24x7) and they close tickets really quick, sometimes as quick as 5 minutes.
All in all a great experience with them in every regard except...
i tried setting up a board , myBB
-The latest script v1.6.8 (1608)
-Configured strong passwords and even complex usernames
-CHMODded and htaccessed as recommended by experts and myBB community stickies.
-Installed a nice new theme enjoyed it for a few days and boom...
Got Hacked, malicious code inserted and new php files added to a images folder (CHMOD 755), though myBB recommeds (777).
Despite changing passwords for cpanel, FTP(using sftp), board and denying access to hacker's IP, complaining to CrocWeb support it got hacked twice in 2 days, finally i had to restore all the files and database and allow only my IP to access the site. Still getting the Google malware message for the forum.
An answer from CrocWeb clearly says that they "There isn't much that could be done other than upgrading the script." which already is upgraded to the latest version as mentioned in question to them.
Most of the hosts i have been with including
Bluehost and
Hostgator tried and actually did patch the vulnerabilities for example tim thumb scripts and even went to an extent where they themselves removed malicious scripts for one of my client's site. But that's not what i am demanding here.
One thing that is important to note is, that my board is a week old, no-one knows about it except me, googlebot and baidu which have been crawling it lately but due to no content on it, its nowhere on the web.
Someone hopefully found a way in through their servers(what ever hacker call it).
Probably the server environment is insecure and the staff doesn't care about it unless they are under a DDOS attack.
I still like them for their services and very reasonable prices and recommend them.