From: "Gary Britt" 

If I had that kind of problem, I would cancel with that company.  Can't you
just google the company's name and see how many complaints come up?  CNet
does uptime ratings, etc.  If a virtual server gets rooted that doesn't
give them access to other virtual and non-virtual servers does it?  I would
never use a hosting firm in India.  I've had a godaddy parked page on a
domain name for over a year.  Never been down.  Never received a letter.

Gary

"Geo"  wrote in message
news:4378713d$1{at}w3.nls.net...
> If the rent a server folks provide you and 253 other websites with the
> ability to write code that can be the doorway a hacker uses to root the
> server then who are you supposed to blame when someone elses code is the
> reason your website got wiped out? Who do you blame that your server is
> unavailable for a week while they rebuild their server farm because that
box
> was used to root the others? How do you know the hacker isn't one of the
> other 253 websites?
>
> The responsible disclosure folks have pretty much silenced the security
> community, the defaced websites tracking sites have pretty much been
> silenced as well so I can't point you to a site that shows how often this
> happens but people talk to me about their websites all the time and
rootings
> are happening more often now than ever from what I can tell.
>
> When Glenn told me about his server, I showed the form letter to our
techs,
> one of them who has his site hosted on some india web host laughed and
told
> me it was nothing. A week later his site went down due to a rooting and
was
> down for a week. Then again last month his site went down due to a
rooting,
> he's now getting the idea that maybe there was more to what I was telling
> him than he thought although he's still not convinced the problem is all
the
> checked checkboxes for server extensions.
>
> There are some good hosting services out there but the only way I know to
> find them is to ask people who have used them for a year or longer.
>
> Geo.
>
>
> "Gary Britt"  wrote in message
> news:4378199d$1{at}w3.nls.net...
> > I don't think its reasonable to blame the rent a server folks for
> insecurity
> > built into my web pages.  I'd have those same insecure web pages on my
own
> > server.  As long as they protect me from being bothered by someone
else's
> > server or virtual server getting rooted and my server getting rooted on
a
> > operating system thing, then they are doing their job.  Along with
> providing
> > a always on 24/7 uptime reliability.
> >
> > Gary
> >
> > "Geo"  wrote in message
news:4378021c$1{at}w3.nls.net...
> > > "Gary Britt" 
wrote in message
> > > news:4377c73b{at}w3.nls.net...
> > > > I didn't say it necessarily would.  Just that if you
don't have or
> want
> > to
> > > > spend the money for dedicated full-time people to
handle these kinds
> of
> > > > things, stay on top of everything security wise, and
handle all the
> > > > associated hardware costs, then it is far more likely that with a
> little
> > > > research you could find the few firms who do have quality experts
and
> > > would
> > > > do a better job at keeping a secure server going than some
part-timer
> > > inside
> > > > the company could do.
> > >
> > > It's just the rent a server folks don't care about security, they care
> > about
> > > having check marks in all the checkboxes on the list of available
> features
> > > so that everyone will go to them because they offer all the features
the
> > > people who don't know security always want.
> > >
> > > Look at PHP, it's insecure not because of the server setup but because
> of
> > > the actual code written in PHP. Security on a web server that's
running
> > php
> > > is up to the guys writing the web pages not the admin.
> > >
> > > So now that you know this, how can any hosting company offer PHP and
> still
> > > call their machines secure? I mean it's a joke right?
> > >
> > > Ok now look at any other web server extensions that offer real power
> > stuff,
> > > like cold fusion. Cold fusion offers the ability to modify the system
> > > registry. Hello? How can someone who rents websites allow every
website
> > > owner on a machine to modify the registry which no doubt affects the
> > machine
> > > security and every other website hosted on that machine? Is that
secure
> in
> > > your opinion?
> > >
> > > My point is to be secure and still use any of the power extensions
like
> > .NET
> > > or PHP you have to have your own server and you have to understand
basic
> > > security or the pages and features you make available may very well be
> > what
> > > opens you up to hacks.
> > >
> > > For Randall, he'll need to decide what extensions he needs then he'll
> need
> > > to learn how the exploits for those extensions work so he knows the
weak
> > > points and what sort of stuff to watch out for. Doing the patches and
> > typica
> > > l machine security is easy compared to that and having control over
the
> > > machine configuration instead of being stuck with some rent-a-server
> > > standard image config would make things a lot easier. I'd say do it
> > yourself
> > > and deal with the learning curve.
> > >
> > > Geo.
> > >
> > >
> >
> >
>
>

--- BBBS/NT v4.01 Flag-5