Is CrocWeb worth the buck? The good, the bad, my opinion.
 

I recently moved to CrocWeb from Bluehost trying to figure out a faster, unthrottled and cheaper host. My sites knew they could settle for a limited bandwidth/space so they loved CrocWeb.

Bought the storage/transfer - 10GB/100GB plan to test them.

My Honest review on CrocWeb(1 month with it):
1> Good to amazing speeds with the their powerful lightspeed servers
2> Uptime that rocks
3> The new cPanelX is blazing fast
4> Support actually means "support" , they are helpful and really fast even through the email and ticket system(wasnt expecting this but yes they are 24x7) and they close tickets really quick, sometimes as quick as 5 minutes.

All in all a great experience with them in every regard except...

i tried setting up a board , myBB
-The latest script v1.6.8 (1608)
-Configured strong passwords and even complex usernames
-CHMODded and htaccessed as recommended by experts and myBB community stickies.
-Installed a nice new theme enjoyed it for a few days and boom...

Got Hacked, malicious code inserted and new php files added to a images folder (CHMOD 755), though myBB recommeds (777).
Despite changing passwords for cpanel, FTP(using sftp), board and denying access to hacker's IP, complaining to CrocWeb support it got hacked twice in 2 days, finally i had to restore all the files and database and allow only my IP to access the site. Still getting the Google malware message for the forum.

An answer from CrocWeb clearly says that they "There isn't much that could be done other than upgrading the script." which already is upgraded to the latest version as mentioned in question to them.

Most of the hosts i have been with including Bluehost and Hostgator tried and actually did patch the vulnerabilities for example tim thumb scripts and even went to an extent where they themselves removed malicious scripts for one of my client's site. But that's not what i am demanding here.

One thing that is important to note is, that my board is a week old, no-one knows about it except me, googlebot and baidu which have been crawling it lately but due to no content on it, its nowhere on the web.

Someone hopefully found a way in through their servers(what ever hacker call it).

Probably the server environment is insecure and the staff doesn't care about it unless they are under a DDOS attack.

I still like them for their services and very reasonable prices and recommend them.

Thank you for reviewing us. Our servers are very secure and patched/updated as soon as a vulnerability is found. Perhaps that's why we haven't had a single server infected or compromised within the past 4 years.

DDOS attacks are unrelated. Your account could be getting infected due to many reasons. A vulnerable script, plugin, addon, theme or an infected PC. However I can assure you, it's not related to a security issue from our end.

Leaving Bluehost for almost anybody else (aside from other EIG brands, Godaddy, Dreamhost, IX, or 1&1) will be an upgrade. :unsure:

Most hosts are good that first moth or two. The real tests is if they can still be good in 6 months, a year, or several years. Very few hosts have this sort of quality longevity.

Those MyBB hacks from 2011 and 2012 were really ugly -- and some had no timely fixed by the MyBB team, so your site was just left out there to be raped by a script kiddie. We had one MyBB forum at this time as well, and ended up migrating it to vBulletin. (Xenforo was another good choice, but we passed, since we have more vB experience.) The hack had nothing to do with cPanel, FTP or anything else -- just the MyBB script itself. Realize that those sorts of exploits don't even need a password.

Having a site exploited is not fun at all. But you have to realize the the developers of the script themselves have to address it -- not hosts. Sometimes users cannot even address the problem when the source is encrypted!

The timthumb.php exploit was a really easy fix, and was quite frankly blatantly obvious. We had fxed the timthumb.php script before an exploit was ever in the wild. But a forum is many scripts -- not one file as timthumb was. So unless somebody at the host is a PHP coding expert, in that specific script, and just happens to need the patch himself, it's not going to happen. That's a rare situation.

Again, no, that's wasn't it.

The reason for this bump was to find out if you're still with them. :hmm:

And in case you still need it:

Need a good web host? — Read our 2018 Review of the Best Web Hosts Quite often, problems with web sites are caused by having a rotten web host. Worse yet, many hosts try to blame you (the customer) for the problems! So dump that lousy company. Say goodbye to slow sites, unresponsive support techs, and downtime. Find yourself a new host today. Whether you need shared, reseller, VPS, semi-dedicated, cloud, or dedicated hosting, something on our list should be a good upgrade for you.