(NOTE: A lot of the information here has been updated for 2013 in this more recent post)
Lessons learned: [1] be security-conscious, and [2] don’t use 2MHost
It hasn’t been a very good year for this domain name.
For years now, my email and website have been hosted by 2MHost, a bargain-basement shared host charging only 30-something bucks a year. This suited my needs just fine. I briefly maintained a general-interest WordPress blog, but took it down after Facebook filled that need. All I wanted was email hosting and a static resume page, and 2MHost’s price was right.
However, things went sideways earlier this year. When I took down my old WordPress blog, I didn’t actually delete all of its old files. WordPress is so heavily crawled for security exploits, its code begs to be compromised if not kept up to date. Someone compromised my old abandoned WordPress install, and was using it to send spam email through 2MHost’s servers.
Moral to the story: If you’re on a shared host, and use a “standard” software package like WordPress/Joomla/etc, and aren’t customizing it in crazy ways… then don’t bother installing manually. Almost every host today uses a cPanel-type admin system, with one-click activation for these common packages. Update regularly (the WordPress dashboard makes this trivial), and remove applications that you are no longer using.
Before I knew there was an issue, 2MHost had suspended my account. Not only could I not check my email, but their servers weren’t even accepting my incoming mail anymore. They never notified me that that there was an issue. I didn’t know my account was suspended until I contacted them hours later, thinking there was a system outage. It took quite awhile to get back up.
I understand the gravity of my mistake and the position they were in, and I would understand locking down outgoing mail. However, I was a pissed off by their lack of communication, and how ham-handed they were once I reached them. I was also shocked by the overkill response in the first place. It dawned on me that, while I’m not super-rich, I can afford to avoid putting all my eggs in the basket of a crappy $2.75/mo shared host.