Quaap home


Main

GoDaddy, you stupid …

GoDaddy and the American Healthcare System share at least one quality: People think it's great, until they need to actually use it.

A little history

A few years ago I became unhappy with my previous web host, Virtual Avenue. There were many outages, and perpetual performance problems. So I decided to move to GoDadddy.com, mostly because I'd heard of them and they were cheap. I decided to go "high-tech" and set up a Drupal-based website rather than maintain all the static html files, and GoDaddy offered to install it with some automated installer they use. Of course that didn't work (all kinds of now-forgotten problems), so I downloaded it myself and installed it manually. It worked ok, but it was always very slow. That didn't matter too much though since I'm not running a business or anything, just a bunch of stupid shit.

After a while, I decided to ditch Drupal (and PHP) and go with a real language. I did a bit of poking around and found that GoDaddy supported Java servlets and JSP. Awesome! However, their support page for Java listed a bunch of restrictions on which popular packages you couldn't use, and forbid disk access etc. And if your application violated one of these policies, the app would be disabled for 24 hours. Seemed a bit scary, and they didn't even give a concrete list of forbidden actions, just abstract things like "no disk access"… What, no reading of user files, or no loading of jars? Also, you had to switch your account to be "java enabled", which came with some other restrictions and mysterious-sounding requirements.

GoDaddy tech support blows

So, I sent a message to GoDaddy, asking for clarification on their Java policies and asked very specific question about their Java support page. I got back a form letter with a link to their terms of service policies. So I write back, explaining that that was the wrong kind of "policies". This time I got an email from a real live human, with a link to the publicly available help page on Java which I had included in the email to them. Ug. A few more emails and I get transfered to "advanced support" who told me they couldn't give me any more information on what was or wasn't allowed because of security reasons. Ok, I give up, how an I supposed to write an application that conforms to your security policy if I don't know what it is?

But at this point, I had gleaned enough information from other people who had written Java applications for use on GoDadddy to guess what should work and not work, so I trudged ahead and wrote most of my application (a wiki-ish thing with JSP and servlets). After a while I got distracted and didn't get back to it for a while. When I did, I decided to actually switch my GoDaddy account to the "Java-enabled" servers and test a few things. The change to Java happened the next day (all changes happen "the next day"), and I made the world's simplest jsp page (just a hello world thing)… Zero output, no errors anywhere, no explanations. Oh, I have to enable the error log? Ok… Oh, Java/JSP errors do not go into it. Uhhh…

I considered contacting tech support again, but decided against it. I decided just to switch my account back to the non-Java hosting and try testing GoDaddy's supposed "Ruby on Rails" support. I never got very far on that, because "the event" happened.

The Event: Being abused by the abuse department

The following Monday, I get a mysteriously worded email from "abuse@godaddy.com" which told me my account had been suspended for violations of the terms of service and/or abuse, and to send an email to request more information. Very helpful! So I send an email basically saying "what?", and waited. I logged into the ridiculously inept "control panel" to see what was going on, and all I get is an "account suspended" notice. So I can't even see my files.

A few hours later I get a another email from them saying that my domain "has been suspended for endangering the connectivity of Go Daddy's network" and that the "domain name was being used in conjunction with an email mailing. The bounce messages and return messages to this mailing have been responsible for abusive levels of traffic to the Go Daddy mail servers."

The best part was that they gave me two options:

1) Pay them $199 to reactivate it, but if the email problem happened again, they'd immediately cancel (not deactivate again, but cancel, ie remove and delete) the account.

2) Pay them $75 to allow me to transfer the domain to another webhost.

Very interesting… I know I didn't send any emails from the server, so what's up? Now, I assume the cause of the "violation" is that my account or server software was hacked and some spammer used it to send out a mass mailing, or possibly some spammer just spoofed the return address or sending host (or just possibly GoDaddy made the whole thing up…).

I replied to Go Daddy and told them my theory, and I gave them two options:

1) Reactivate the domain, but deactivate the email service.

2) Let me get my data from them, then cancel the account.

Of course, they replied (the next day) and told me that the options and fees were non-negotiable.

Now, if you think about this for a second: Because the spammer's software is presumably still sitting there on my server, if they reactivate the account, the problem would immediately re-occur, and the account would be "canceled immediately". Why should I possibly want to pay them $200 for that? The "options" are useless. They did not even give an option to allow me to get into the site to try to locate and remove the source of the problem (if it really existed).

Luckily, my domain name is next to worthless, never having gotten much traffic, so I was willing to just cancel my GoDaddy account and let them figure out what they want to do with it (I've removed the payment options from my account and I've even gotten a new credit card number so they don't try to just take the fee(s) anyway).

However, imagine if I had a more popular site? I'd be on the hook to pay these bastards their ransom money, with pretty much a guarantee it'd be re-shutdown immediately.

Not the only one

After the fact, I Googled around a bit and found hundreds of similar stories (google for the terms "godaddy" and "ransom" or "hostage", or the ever-popular "godaddy sucks" [1] ). All had supposed "Terms of Service violations", and no way to contest or correct it. You just pay a fee if you want to keep your domain.

Of course, from a customer-relations point of view, the best way to handle the "spammers took over my account" scenario would be to simply disable the account's email services and work with them to resolve the issue. But for GoDaddy, the quickest and most profitable thing is to wring a few years worth of payments out of as many poor schmucks as possible and then get rid of them. The saddest part of it is they're big enough to get away with it.

I completely understand that if the hackers (if there were any) got in through a weak password or software vulnerability in something I installed, it is my responsibility to deal with it and possibly even pay a fee for GoDaddy's trouble. However, GoDaddy has not performed any investigation to determine I was actually at fault (and I certainly did not intentionally send out spam), so their "fine first and never ask any questions whatsoever" policy is just plain greed, and they obviously don't give a shit about their customers.

Conclusion

GoDaddy.com is a piece of shit.

2010-01-28
.