| View previous topic :: View next topic |
| Author |
Message |
holiver
Cadet
Joined: Jan 15, 2006
Posts: 3
Location: USA
|
 Posted: Fri Jul 14, 2006 3:38 am Post subject: What is the best/most secure webhosting option ? |
|
|
My website was hacked again today. im tired of the web-host that I have, they dont seem to care, not to mention they charge me 15 dollars just to restore the files that get deleted.
I need to know what the most secure webhost is. I'm willing to pay whatever it takes to keep my site from getting hacked.
Does anyone have any suggestions?
Thanks
|
|
| Back to top |
|
 |
s0tet
PIRT Handler
Joined: May 21, 2005
Posts: 2976
|
| Posted: Sat Jul 22, 2006 1:15 am Post subject: try webhostingtalk.com |
|
|
Though, I am just making a guess, hopefully your FTP password is not weak (meaning it is a dictionary or proper noun in any common language), you could have been compromised because of that alone. Or it could be your host is not securing the webserver properly by not having a solid security implmentation in place (OS updates, firewall, etc)
Unfortunately, I do not have a host to recommend, but I gather you are hosting on shared servers and paying a small amount monthly, say less than $20.
You will get a lot of response if you add more information about what you would like at http://webhostingtalk.com
Make sure to mention how much space you need, approximate bandwidth, Windows or Unix, scripting languages and over there you will see more responses because it is about webhosting specifically. Good luck.
|
|
| Back to top |
|
|
bellgamin
Lieutenant
Premium Member
Joined: Nov 10, 2002
Posts: 244
Location: Hawaii
|
| Posted: Mon Jul 31, 2006 7:23 am Post subject: |
|
|
It is usually the Network Operations Center's fault when a web host's server gets hacked. No host or NOC is totally immune to being hacked. This is demonstrated by the fact that even *secure* Government sites have been taken down from time to time. So also have the websites of such AntiMalware experts as Kaspersky.
It is also a fact that the hosts who get targeted the most often are hosting *certain types* of websites that tend to draw hackers like roadkill draws flies. Thus, it is wise to carefully read a prospective host's TOS (terms of service) to see if that host allows porn sites, high-resource users (such as grey-hat or black-hat forums), & the like. If such sites are allowed, stay far away from that host.
I must say that charging you money to restore is outrageous! Be that as it may, I have had sites online since 1995 & I will NEVER rely solely on any host to back-up & protect my data. BOTTOM LINE- You GOTTA keep your own back-ups, no matter how careful your host (or your host's NOC) is!
~~~~~~~~~~~~
Even though NO host is bullet-proof, some hosts/NOCs (mine included) establish such good protection that it takes a REAL professional hacker to do them dirty.
I have been with my current host (Jatol) for 3 years now. No problems in all that time. Very satisfied!
Jatol provides a 30 free trial. You might want to give him a try. Here is the url...
http://www.jatol.com/
_________________
Primo freebeez: | TinyWatcher | POP Peeper | Kalender |
|
|
| Back to top |
|
|
Oldfrog
Special Response Team
Joined: Jun 27, 2004
Posts: 8576
Location: Deep in the Heart of Texas
|
| Posted: Tue Aug 01, 2006 7:50 pm Post subject: |
|
|
| Quote: | | It is usually the Network Operations Center's fault when a web host's server gets hacked. |
I would agree with that if we are talking about the server, but if it is only a website being hacked then it is more likely the fault of the site owner.
I see many examples of hacked sites every day and believe it fair to say that the single most common reason for sites getting hacked is outdated web applications. If someone is running phpBB 2.0.4 then they shouldn't be surprised if they are penetrated. There are also a lot of little things that a webmaster should be doing to secure his own site. File permissions need to be set correctly, folders need to have index files to protect the directory trees, and traffic needs to be analyzed to see who is visiting and what they are doing during their visits.
The hosting companies that I am familiar with provide free file restoral in the event of a server wide problem (ie it is their fault). If file loss occurs on a single account due to owner negligence they charge a fee.
_________________
 MS MVP Security 2006-2008
|
|
| Back to top |
|
|
bellgamin
Lieutenant
Premium Member
Joined: Nov 10, 2002
Posts: 244
Location: Hawaii
|
| Posted: Tue Aug 01, 2006 8:26 pm Post subject: |
|
|
| Oldfrog wrote: | | ...if it is only a website being hacked then it is more likely the fault of the site owner. |
Agree. If your website specializes in controversial &/or confrontational content, for instance, you had better study up on website security.
_________________
Primo freebeez: | TinyWatcher | POP Peeper | Kalender |
|
|
| Back to top |
|
|
Oldfrog
Special Response Team
Joined: Jun 27, 2004
Posts: 8576
Location: Deep in the Heart of Texas
|
| Posted: Tue Aug 01, 2006 9:08 pm Post subject: |
|
|
| Quote: | | If your website specializes in controversial &/or confrontational content, for instance, you had better study up on website security. |
Heh! Yes, that is sort of like painting a bullseye on your back.
Unfortunately, a lot of professional hacking goes on for more prosaic purposes. Most of the phishing exploits that I investigate are hosted on servers hacked for that very purpose. These guys want the biggest bang for the buck so they frequently target sites running a particular application and attempt to penetrate using known exploits. Logs show those rather handily.
I tend to monitor and defend my own site rather aggressively but watched a guy yesterday as he played around trying to get in and then found a hole in the Coppermine photo gallery and planted a malicious file in an obscure directory right there on my site. I dealt with both him and the file but it points out the need for vigilance. I have seen well over a hundred visitors since trying to access the file which was a trojan installer.
_________________
MS MVP Security 2006-2008
|
|
| Back to top |
|
|
s0tet
PIRT Handler
Joined: May 21, 2005
Posts: 2976
|
| Posted: Wed Aug 02, 2006 2:37 am Post subject: |
|
|
Great answer about PHP vulnerabilities, OldFrog! - I cannot believe I left that out of my first post. File permissions and allowing anonymous FTP are other factors that can cause hosting account compromises. Or poorly written scripts, such as cgi or php.
|
|
| Back to top |
|
|
CY
Guest
IP: 70.88.*.*
|
| Posted: Mon Sep 10, 2007 3:40 pm Post subject: Jatol |
|
|
Speaking of Jatol... It is now Sept 2007 and the site is completely down and the owner, so far, is untraceable....
What HAPPENED? It's beginning to look like a novel!
~~~~~~~~~~~~
Even though NO host is bullet-proof, some hosts/NOCs (mine included) establish such good protection that it takes a REAL professional hacker to do them dirty.
I have been with my current host (Jatol) for 3 years now. No problems in all that time. Very satisfied!
Jatol provides a 30 free trial. You might want to give him a try. Here is the url...
http://www.jatol.com/[/quote]
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
