msgbartop
Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
msgbarbottom
Loading site search ...

Who Provides Really Secure Hosting?

   17 Nov 10   Filed in Hosting+Security

Many webmasters are happy with their hosting providers … until their sites get hacked. This is when some of them may get frustrated with their hosts.

There may be numerous reasons for that:

  • hoster doesn’t respond to support requests
  • or hoster responds with template answers and doesn’t really look at your site (e.g. they say you are using vulnerable scripts while your site is a vanilla plain HTML homepage)
  • or maybe they say that their servers are 100% secure, the problem is your fault and it is not their business to fix it
  • or they may be very friendly and help you clean up your site but can’t tell you how to protect it from reinfections. As a result, it gets reinfected every few weeks — you just can’t afford spending so much time fixing security problems — malware warnings hurt your site reputation.
  • or your hosting provider experiences continuous server-wide or network-wide hacker attacks and there is no sign that they know how to stop them.


Such frustrated webmasters regularly ask me to suggest a secure hosting provider so that they can move their sites and forget about security problems. However, as a security researcher I mainly have information about hosting companies that have all sorts of security issues and almost no information about companies that don’t have such problems.

The problem

It is not easy to tell whether specific hosting company is really good. You can’t trust all that they write on their web sites. You can’t trust positive user reviews – they may only reflect experience of webmasters who didn’t have security problems (either because they were lucky or just ignorant and didn’t notice them). You can’t rely on results of third-party tests — they only cover certain (not all) areas of server security. Moreover things change almost daily – hackers create new exploits, webmasters install new scripts, hosting providers hire new system administrators with different security practices and standards, etc.

The workaround

So, since I don’t know how to reliably evaluate real level of security that hosting companies can provide, I decided to ask them. The idea is to find companies that emphasize security features of their hosting plans and let them explain why those features matter and how they can protect their clients’ sites.

With this post, I create a new blog category: Hosting+Security. Here I will post interviews with hosting providers and other stuff about how hosting companies deal with all sorts of security issues.

My goal is to provide you (webmasters) with the information that you won’t find on websites of hosting companies. I’ll try to ask questions based on the things I learned investigating dozens of real life hacker attacks and participating in thousands of security discussions in webmaster forums, on the things that I personally consider very important. And although I can’t guarantee that hosting companies will always provide frank and informative answers to my questions, I think it is worth trying. I’ll leave it up to you to decide whether their words and security practices resonate with you. And by the way, you’ll be able to ask your own questions in comments.

By the way, two interviews are already in the works, so stay tuned.

Call for participants

I realize that there may be many different approaches to secure hosting infrastructure and protect clients’ websites (hosted solutions with maximum restrictions, advanced malware and vulnerability scans, specialized hosting, cloud solutions, etc), so I’d like to hear from any company that wants to tell webmasters why and how they can provide a really secure hosting service for them. I’m especially interested in unique and innovative features and solutions that cannot be found anywhere else.

If you represent such a company or know one, consider contacting me or leaving a comment below.

This Hosting+Security category is not limited to interviews. I will be happy to post your unique articles and case studies here if they provide useful information (not just marketing talk) about how hosting providers can prevent website hacks or at least efficiently detect them and quickly mitigate their negative effects.

Thanks!

Related posts:

Reader's Comments (3)

  1. |

    [...] This post was mentioned on Twitter by Denis, StopBadware. StopBadware said: RT @unmaskparasites Who Provides Really Secure Hosting? http://bit.ly/9Efx5H [...]

  2. |

    Hi Dennis,
    I would love to participate in an interview. I’m very proud of our company’s efforts in protecting our customers from malware as well as securing our servers to the latest PCI security compliance standards.

    Truly this (malware monitoring) is what marks the different between hosts who care about the success of there clients, and those just looking to hook another unsuspecting customer with an unlimited everything but service plan.

    Best Wishes,
    Jim Walker
    TVCNet