« Digg off | Main | Four, Five, Six... »

Secure Hosting

Working daily with websites and web application development, we used to deal also daily with different hosting companies and lot of different issues such DDOS attack, spam, spoof, ... etc.

Every business owner, or simply website owner, is concerned by these issues but the problem differ from a hosting company to another how they deal with DDOS attack for example or SYN attacks.

I was talking with a friend this morning about the possible solutions with minimum cost, and I told him the only solution is to protect at the hardware level with a good firewall, good router configuration, you should be able to avoid such attacks. Otherwise keep dreaming...

The problem here is that such protection cost a lot and many hosting providers keep it as option, then make you pay an huge amount when you ask for this protection the case of my friend who was asked to pay $3'000 per month for all his servers.

Today I heard jQuery website suffered from a DDOS attack the weekend and their hosting provider asked them to find another hosting company, and that's not everything ! Such stories happen almost daily to more and more websites and anyone could be victim.

In my opinion a wise decision should be taken by industry constructors and hosting providers to make these solutions available at more accessible prices, or try to find architecture which can help to establish a shared protection for a low cost.

And if your hosting provider don't protect you, he don't protect his business also, so it's better to switch for something else especially that many hosting companies are more professional at this level.

Posted by Hatem on May 7, 2007 11:05 PM to Editorial |

Bookmark this article at these sites
Comments
1

Thanks for sharing! Our company has actually had an attack with our "secure" hosting. I guess that it wasn't really that "secure".

Site icon Posted by Web Design MN | May 8, 2007 6:03 AM | Reply

2

Unfortunately the attack is inevitable if the hosting provider is not providing any real hardware protection.

Site icon Posted by Hatem | May 8, 2007 6:20 AM | Reply

3

sigh; its really unfortunate when folks don't even bother to check facts.

Not only can the web bring out the worst in people, it can also bring out
misinformation (who’da thunk it?!)

The author of this article is apparently not a big fan of fact checking. The fact is
that the customer’s server was hacked twice, and the attacks that occurred as a
result affected all customers on
the server for a brief period of time in both cases. Efforts were made to protect
all customers on the server, including the server hosting jquery.com. Assistance was
offered by the hosting company to
determine the method of attack after the first attack. No response was given to the
hosting company from the customer in regards to the aforementioned offering of
assistance.

If a customer fails to maintain control over their server multiple times, resulting
in attacks that can negatively affect performance of all customers on the server,
then that customer will be asked
to leave. One customer’s website and needs do not trump the needs of the customer
base on the server as a whole.

The customer in this case was not shut off by the hosting company, immediate actions
were taken in both cases to protect everyone on the server, and the customer was
informed that he could keep his
hosting services with us, but that the attacked site would need to find a new host.

If you are going to assume the role of a Linux system’s administrator, then you must
do your duty to be one. It is not the hosting company’s fault that the customer’s
server was hacked and DDoSd (not
DoSd), nor is it the hosting company’s fault that the local system’s administrator
(customer) failed to investigate the issue to patch the hole, resulting in the
second attack which prompted the
hosting company to inform the customer that the site would need to find a new home.
Nice try shifting the blame on the hosting company with lies and misinfomation
though.

Posted by Thomas | May 14, 2007 5:41 PM | Reply

4

Thomas unfortunately I'm talking about facts not lies and misinformation and certainly not blaming hosting companies only. But when we talk about network attacks it's not about blaming companies or customers, it's about finding possible solution. Unfortunately again, customer is not able to solve this problem.

You can blame customers for consuming too much resources than allowed (for shared hosting), for creating unsecurities with their scripts, even for not patching their server in case it is dedicated servers.

As you said it's not hosting company’s fault that the customer’s server was hackedٍ, but it's hosting company’s responsibility to offer protection because against denial-of-service customer can do nothing than cross his fingers.

I'm talking here not to blame anyone, but the problem is here and the solutions also. What's missing in your opinion ?!

Site icon Posted by Hatem | May 14, 2007 8:18 PM | Reply

Post a comment





(Email will remain hidden)





Please enter the security code you see here




Related entries
Email to a friend
Email this article to:


Your email address:


Message (optional):