I debated about a few hosting companies to use for a local organization. Bluehost seemed like a good option and I had worked with them before via other clients. They claim that they don't source anything and that their servers are fast and they limit them to 2000 users/sites per server.
However, I realized a few things after signing up with Bluehost and wanting to get cracking on a new site:
1) they have to "verify" your account before you get access to SSH. Don't do it if you're pressed for time.
2) you can't create addon domains and place them above the web root for the main site. This kind of sucks because you really don't want some stuff living inside of another site's web accessible files.
3) you have to "verify" addon domains which is a pain.
========================================================
Here is the conversation, special attention to the last two lines :)
========================================================
Gordon: [10:04:52 PM] Thank you for contacting our Support Live Chat! My name is Gordon. If you haven't already provided your primary domain name and validation such as last 4 of the password or last 4 of the credit card, please do so now. Also, please be patient as I am often on several different chats at once. Thank you!
mark: [10:04:52 PM] i need ssh enabled for mysite.com
Gordon: [10:05:15 PM] Can I get the last 4 of the password please?
mark: [10:05:22 PM] abcd1
Gordon: [10:06:23 PM] ok, I see here the account is not yet verified by our verification department. You will need to contact them tomorrow. They are not here right now since it is 10:06pm our time. Then once it is verified, follow these directions
[10:06:29 PM] In order to enable SSH on your account, log in to the cPanel, go down to the Security section, and click on the SSH/Shell Access. Click on the Manage SSH Access button, and you will be able to select "SSH access enabled". The username is your 8-character cPanel username. The password is your cPanel password you use to log in to the cPanel.
mark: [10:12:13 PM] hmm
[10:12:19 PM] what do they have to do to verify the account
Gordon: [10:13:17 PM] I think they just confirm the last 4 of the credit card and phone number and who you are to protect against fraud
mark: [10:13:45 PM] ok
[10:13:48 PM] one more question
[10:13:54 PM] im trying to add an addon domain
Gordon: [10:14:12 PM] ok
[10:14:52 PM] Do you get a message when you try to add it? DO you already have the domain purchased elsewhere?
[10:15:11 PM] or were you trying to register it with us as a new domain?
mark: [10:15:19 PM] well two problems
Gordon: [10:15:27 PM] ok
mark: [10:15:30 PM] first it asks me to verify the domain
[10:15:56 PM] You may also verify ownership of the domain "myaddonsite.com" by creating a page at http://myaddonsite.com/9d351b11.html or http://www.myaddonsite.com/9d351b11.html which contains the text "42688b8a" (retry assigning once the page has been created).
[10:16:03 PM] i created that file
Gordon: [10:16:05 PM] yes
[10:16:07 PM] ok
mark: [10:16:13 PM] but it wont let me verify
Gordon: [10:16:25 PM] hmm
[10:16:27 PM] let me try
mark: [10:17:11 PM] secondly it wants me to point the addon domain to public_html/myaddonsite.com/ but i dont want it inside the ~/public_html directory - I want it inside a different folder like ~/myaddonsite.com/public_html
[10:18:59 PM] it sucks that i can't get ssh access tonight. i wanted to rsync files to the server
Gordon: [10:19:38 PM] There is not a way to have it outside of the public_html folder, the public_html folder is where all website related folders go so it would have to be something like public_html/whateverfolder
mark: [10:19:54 PM] ok can you help me cancel my account please
Gordon: [10:19:54 PM] I am seeing if we can force add the domain on the account for you
mark: [10:20:09 PM] don't worry about that i just want to cancel
Gordon: [10:20:15 PM] ok
mark: [10:20:15 PM] i'm going with a different hosting company
Gordon: [10:21:21 PM] You would have to contact billing tomorrow during the time they are here or submit a ticket to them. I do not have a way to close the account for you.
mark: [10:21:43 PM] great. another reason to cancel. thanks
Gordon: [10:22:58 PM] You are welcome. let us know if there is anything else
1. Web hosting industry is RIFE with fraud and are huge targets for hackers who want to test credit cards/spread warez/etc. They're not asking you to verify before giving you SSH, they're asking you to confirm you made a legitimate order.
2. This is unfortunately a limitation of cPanel add-on domains. If you don't want sites to "live inside eachother" but you want cPanel hosting I'd recommend getting a reseller account from somewhere or a VPS that'll give you full root.
3. This is for security as cPanel/exim (I assume they're using exim) route mail locally. This means on a cPanel based shared host I could go setup "gmail.com" as an add-on domain, setup a catchall e-mail account and then any e-mail the server is trying to send out to Gmail will get forwarded into my catch-all mailbox. This is a pretty big security hole but unfortunately it's part of most mailservers. BlueHost is making you verify ownership of the domain in order to prevent from exploiting this security flaw. Same vein as Google making you verify domain ownership.
I understand you're frustrated but I don't really feel you're giving BlueHost a fair shot. On the other hand they ARE my competition and if you want to try out another cPanel based webhost I'd be happy to set you up with a coupon for some freebies. :)