Website Hosting Reviews for IPOWER

IPOWER Review by sonjay, September 23, 2008

• Overall Rating
• Features
• Reliability
• Support
• Price

I cannot recommend strongly enough that you avoid iPower as your host. iPower’s servers may be the most widely infected servers in the known universe.

About 3 years ago, I had a client who had his hosting through iPower. His site was hacked into and an iframe containing malicious javascript was inserted into his home page. The password was a strong one, not easily guessable. A review of the server logs showed that the hacker did not do a brute-force attack, either; the hacker simply logged into the site via ftp, using the client’s username and password, and modified the file.

A search for information on the particular hack revealed a lot of other iPower sites affected by this same hack. The fact that the hacker simply logged in with the correct login info, and the concentration of affected sites within the iPower network, had me largely convinced that the vulnerability lay with iPower.

So I then did a search which focused on this particular hack at iPower: ipower iframe hack. And lo and behold! Many, many search results turn up discussing the many, many sites that have been hacked in this exact same way. The one thing these sites all have in common is that they are hosted at iPower.

Doing that same search again today (9/23/08) turned up a significant number of more recent occurrences of this hack at iPower. Whenever iPower addresses this problem, they say they’re working on hardening their servers to prevent it, but the sites they host continue to suffer from these hacks.

Don’t take my word for it, though. Here are a few articles and blog posts about the problem.

Reported by StopBadWare.org –
http://blog.stopbadware.org/2007/05/04/stopbadware-identifies-hosting-providers-of-larged-numbers-of-sites-in-badware-website-clearinghouse
on 05/04/2007:
StopBadware recently analyzed 49,296 sites which were submitted by trusted third parties to our Badware Website Clearinghouse. We identified five web hosting companies with the largest number of infected sites residing on their servers:

#1 iPowerWeb, Inc., (10,834)

Reported by the Web Application Security Consortium
http://www.webappsec.org/projects/whid/byid_id_2007-76.shtml
on 1/1/08:
A large web hosting firm inflicted by mass malware installation

Reported on the Washington Post blog
http://blog.washingtonpost.com/securityfix/2007/05/cyber_crooks_hijack_activities_1.html
in May 2007:
“According to a Security Fix analysis, more than 2,650 of those sites (hosted on 9 iPower servers examined by Security Fix) — or an average of 33 percent of all sites on each server — included computer code designed to silently retrieve malicious software from a variety of online locations.”

Reported at WebHostingTalk
http://www.webhostingtalk.com/showthread.php?t=723599
on 9/19/08
“I’ve had a Ipower hosting account since 2002 and recently even renewed both my service and domain registration…. I recently noticed that a small/odd javascript statement had been added to the bottom of my page and I didnt add it. I noticed this after visiting my page and when my Antivirus alerted me to ‘ HTML/Dldr.Iframe.DP [virus]‘ apparently some type of iframe redirect via this script to download malware.”

Reported at CodersRevolution.com
http://www.codersrevolution.com/index.cfm/2008/6/30/Bitten-by-an-iframe-downloader-virus
on 6/30/08:
“It appears someone guessed our FTP login’s password, (probably a port scan and brute force attack) and recursively perused through our site modifying any file which was named index.*”

The CodersRevolution post specifically did not blame iPower, assuming that since the hacker gained access by using the correct ftp login credentials, that iPower was not at fault.

But given the huge number of hacked sites on iPower servers, I am absolutely convinced it’s an iPower problem. Whether it’s because they don’t update their Apache or php, or whether it’s because they have an employee selling server login info to hackers, or whether it’s something else altogether, I don’t know. But I do know that iPower has a statistically significant, unusually high number of hacked sites.

Based on the numbers from Securty Fix, as reported in the Washington Post blog, if you host your site with iPower you have a 33 percent chance of ending up with a hacked site that spreads viruses to your visitors. Don’t host at iPower unless you truly don’t care about your site.