my client expects to be the target of frequent hacking attempts. :)

What should I look for in a host, or are there any specific hosts of packages anyone would recommend?

edit: Their bandwidth doesn't justify dedicated hosting

thanks

Look for an Ensim host because that is the most secure control panel that is available to the mass market for hosting companies. Additionally, you should email any hosting companies that you're interested in and ask them specifically what types of security measures that they take with their servers.

However, be forewarned also that sometimes even secure hosting companies will flag a site that is the target of hack attempts and ask them to go elsewhere or move to a dedicated box. They want to keep their servers secure and the most determined of hackers will break in, no matter what type of security you have in place.

You could try a VDS server that way if your clients site is hacked it won't work over the rest of the server. Most hosts will not accept you knowing that you are putting them as a target though.

Ok thanks for the advice. I hadn't thought of them actually being rejected by hosts.

Assuming that it doesn't get to that point, do you have any specific hosts to recommend?

I assume for a good VDS plan the costs would be similar to a dedicated server?

If the host is subject to regualr hack attacks you should go to a dedicated server with a dedicated firewall. Ensim and VDS are not going to do it and neither is secure. A secure "control panel" has little or nothing to do with a secure server.

It also shouldn't matter how much bandwidth they are using. Even if you only use 1 Gb per month if you're hacked every other week you will be out of business or spend more money keeping your server running than the cost of your bandwidth.

Also if you get hacked your bandwidth could go through the roof. I know a guy who got hacked at a well known unmanaged host who got a bill for 82 Mbs of bandwidth used by hackers.

Greetings:

Make sure you call; don't just email.

Ask the hosting company if they have in-house or outsourced security management technicians.

If outsourced, then ask for the name of the company.

Ask the hosting provider to outline the steps they took to keep their servers secure.

Ask them what their current ongoing procedures are to keep the servers secure.

Ask them how often they have been hacked in the past five years; how many of those were in the past 12 months?

Ask the provider how they are monitoring their servers.

Ask the provider how quickly they are notified if there is a problem with a given server or a given application on the server.

Do they have in-house system administrators or do they outsource their system amin staff?

If they outsource, whom do they outsource?

The above list should get you started.

Thank you.

I believe dinix will manage everything for you, go with them. Or probably servint.

I wonder why someone could be constantly under hacking threat? If that was the case they should maybe get a dedicated server and split the cost with some friends, maybe.

wow, thanks for the tips.

In terms of a DDOS, I've heard there is nothing you can do. Is this true regardles of firewall and security precautions at the host?

In answer to why they expect attacks, part of what they do is protect copyrights, but they are small so it might not be an issue.

Greetings:

While the proper security layers, carefully managed daily, will minimize most DoS attacks, it is very hard for any software solution to protect against DDoS attacks.

See http://www.captusnetworks.com/solutions/pna/ddosm.html for a hardware solution.

Thank you.

Buy any exprensive servers, they might have some high sercuity protects.

It's not the price of the server that matters when it comes to security. It is what is between the server and the rest of the world that matters. You can run a Commodore 64 server more securely than Dual Xeon if you have the right kind of software and hardware protecting it. An open Xeon box is just as vurnerable to a hack as any other system.