It’s been several years since I left Bluehost web hosting. Even before it was bought by EIG and officially went to shirt. I remember back then I was having a very long discussion with a support rep who simply wouldn’t understand what I was asking and kept pushing the conversation in the wrong direction. I had saved the chat to write a post about it but decided I wouldn’t waste my time.
I changed my mind about not writing when recently a client was having trouble setting up his recently purchased Reply By Email (a.k.a. RBE) plugin. He reached out for support and I found that his server was not able to connect to Gmail via IMAP.
Full disclosure: at the end of this post (and in this paragraph) I have an affiliate link to CloudWays, my current favorite host. If you’re at all amused or terrified by the (entirely, and sadly, true) story below, feel free to join me and countless others who have moved away from EIG companies into really good hosts like this one.
You see, the RBE add-on for bbpnns connects to an IMAP or POP3 server looking for messages that are meant to be posted to a given topic thread. When using Gmail, it defaults to IMAP at port 993 over SSL. The issue with Bluehost is that the Gmail host (imap.gmail.com) or port were being blocked. How do I know? Simple: I logged in via SSH and ran the usual telnet command to test connectivity:
$ telnet imap.gmail.com 993
Now, if you’ve ever played around with Linux or worked in an ISP, you probably know what telnet is. Heck, before I dove into full time programming I would play around with the command line and even send emails using telnet – just for fun. If you’ve never heard of it, suffice to say it’s a command that connects to the server through a given port (the number part) and lets you talk to that server. It’s not really secure and nobody uses it nowadays for anything other than checking if a port is open (receiving connections).
But I digress…
I told the client what the issue was and that he had to talk to Bluehost to get them to open the port. What ensued is bizarre, to say the least.
The client said he was having trouble answering the support rep’s questions, and asked if I could call him on skype and he’d put the support rep on speaker phone. We had our makeshift conference all set up. I explained the issue to the rep who would actually type our conversation to another tech rep over a chat window.
For clarity, let’s call the phone guy The Rep and the chat guy The Tech.
When I mentioned the telnet, The Rep actually asked me to speak a bit slower because the line was cutting out. So I typed the command to the Skype chat so that the client could read it out for him.
Client: It’s t-e-l-n-e-t space imap.google.com space 993
The Rep: Ok, let me read that back: t-e-l-M-e-t…
So, yeah, that happened. The Rep had never heard of telnet before. After learning the correct spelling, The Rep typed it over to The Tech, who replied that the port was open. After a brief moment of happiness, thinking that The Tech had realized the issue and quickly opened the port, I saw that my test was still failing.
# telnet imap.gmail.com 993
telnet: connect to address 220.127.116.11: Connection timed out
telnet: connect to address 18.104.22.168: Connection timed out
telnet: connect to address 2607:f8b0:400e:c00::6c: Network is unreachable
For those of you not very familiar with telnet testing, this is what a successful connection looks like (real example, against google.com port 80).
# telnet google.com 80
Connected to google.com.
Escape character is '^]'.
I told The Rep as much, who relayed it to The Tech.
Down The Rabbit Hole, on LSD
What happened next really baffled me. The Tech said that the IP I was trying to connect to was wrong. That it was supposed to be 50.xx.xx.xx (IP hidden on purpose). However, that’s actually the IP of the Bluehost box. And this was actually AFTER I had repeated multiple times that the plugin had to make an OUTGOING connection to Gmail IMAP.
And if things couldn’t get worse, The Tech then starts asking which directory the form is in.
I thought I had misheard ‘forum’, which may have had something to do with his reasoning, but he really did ask about ‘form’. Gravity Forms form, to be exact. And what email address was set up to receive the notification (??). It’s like they were talking to a different client about a completely different issue.
After explaining once again that Gravity Forms had nothing to do with the issue, that it’s a totally different and unrelated plugin trying to make a server-to-server connection and the originating server was blocking said connection, The Rep told us that The Tech was going to have to open a ticket to continue working on it. Ticket is good when it comes to opening firewalls, as it’s really not something anyone should be able to do without approval.
So I asked that they copy my email address to the ticket in order for me to answer any technical questions they might have. And that was the end of the call. The client and I decided to wait patiently until Bluehost support gave us an update.
But Wait, there’s more!
The next morning the client forwards me the followup email from Bluehost – of course I was NOT CC’d in it like I’d asked, but that was kinda expected. In the followup email, they again talk about… no, you wouldn’t believe it if I just said it. Let me paste the entire email (sensitive information redacted) and you see for yourself.
From: [email protected] <[email protected]>
Subject: Support Followup
To: “<<REDACTED>>” <<<REDACTED>>>
Thank you for contacting customer support, I am following up on your ticket regarding your mail ports. While looking in to this issue for you I was able to validate that your email port 993 for outbound emails is open and is open to google email accounts.
It seems that your form is currently attached to and is sending emails to <<REDACTED>>. If you wanted to use a separate email like a gmail account this will need an admin email update. I was able to find some helpful documentation on setting a notification email address for you to assist in this set up.
If you have any other questions or concerns please feel free to contact us at your convenience by either calling <<REDACTED>> or using our live chat at <<REDACTED>>
. Thank you very much!
HOLY INSISTENCE BATMAN! Are you forking kidding me? Still with the Gravity Forms crab?! I didn’t even risk hoping that someone had actually opened the port when I got to the GF part. But I tested it anyway, and of course it was still blocked.
The client and I are still waiting for an answer to my reply stating that they were totally off with GF and repeating my telnet tests (the same ones I provided above). Hopefully they’ll forward the message to someone who actually knows what they’re talking about and finally open the bloody port. I’ll provide an update once we get one.
In the meantime, if you’re looking for good hosting, know that Bluehost IS NOT IT. None of the EIG companies are. I highly recommend CloudWays over any of the other hosts I’ve tried over the years.
I don’t even know why Bluehost keeps sending me affiliate emails – I’ve never once used their affiliate system after leaving (and can’t remember having done so while I was still with them), and I wouldn’t dare send anyone their way. Nobody deserves it.
Update: The End Result
Several days have passed and the client has decided to leave Bluehost. He managed to reach a supervisor, who referred him to a tech from EIG (not Bluehost). The EIG Tech said he conferred with several sysadmins and they were concerned with the security implications of opening an outgoing connection to Gmail.
I pointed out that the incoming connections to 993 were wide open, and their concern was the same as the following analogy:
You have a house in a bad neighborhood. Your door is always wide open. You tell your kids to not go to the neighbor’s house because if they do, someone might come into your house (with you in it) and rob it.
Dear EIG, keeping your kids from playing at the neighbor’s will not keep attackers from robbing you if your door is always wide open. The neighbor’s security is their concern and will not affect you in any way.
Very interesting blog. I understand now the reason as to why I was recommended to read it by a friend of mine who is a client of yours I believe.
We do not know what happened but all of a sudden, we lost several strategic pages from our WordPress Website including a large number of images as well. This happen a couple of weeks ago and till today we do not know the root cause of this strange outcome. In a nutshell, we lost half of our website which is hosted by BlueHost.
When we realised that we had a problem with the website, we immediately contacted BlueHost in order to restore it. As per our contractual agreement, BlueHost are supposed to back-up our site weekly and I am sure you will not be surprised if I tell you that they never did so for unknown reasons.
We contacted them on many occasions but were just unsuccessful. Each time we called, we had to repeat the same story. Since our first call, and we have not received any concrete solution yet except that “we are working on it. Be patient someone from level 2 we will be contacting you soon”. Ten days later, no one from level 2 has dared to reach out to us. This is the worst customer service I have ever experienced.
In the meantime, our site is a mess and we are trying to fix the surface the best we can. Since this issue, the lead enquiries has stopped suddenly and this is a great concern.
We have been reloading manually missing images but the worst is that we lost strategic pages and content which we do not know how to recover – not to mention the links that led visitors to our sales funnel that are broken as well. In our misery, we were fortunate enough to recover all the blogs from the trash. I wish it would have been the same for the images and pages.
We’ve had the site for many years and this is the first time we are facing such a dramatic event. We though we were safe with BlueHost for being able to restore our site whenever required. This is the service for which we have been paying but in return this service is not available.
And there is more…
This is a long comment but I just wanted to react to your blog by sharing our dramatic story. I totally agree with the title of your blog and I will start preaching the same message from now onwards.
Thanks for sharing your nightmarish story. That said, it is always a good idea to have your own backups set up via a different method than only relying on the hosting company.
I strongly recommend setting up an account with ManageWP.com (no affiliate link here), which offers offsite daily backups for $2.00/month. Backup plugins such as Updraft Plus are only good if you configure them to save outside your hosting company.
Even better (and now I’m tooting my own horn, wink, wink), have a look at my WordPress Care Services plans. I’ll take good care of your site so you won’t have to go through all that again.