Results 1 to 15 of 15
-
04-26-2011, 01:02 AM #1Newbie
- Join Date
- Dec 2010
- Posts
- 5
Live Chat Support and Security issues
I am frustrated that my current provider allows me to log in to a web chat window and type in a name and email address and make a request.
Of course this is very user friendly and the response time is very fast.
However, there are MAJOR security issues with this.
** There is no authentication verifying I am who I say I am. I make a request and BAM its done. I have managed ftp accounts and changed .NET versions on the server through a live help chat window. I could be anyone on the street making these requests.
There is something wrong here. I have already complained about it to my host but it happened a second time.
It seems like the live chat is over-used in lieu of using a form that requires authentication. Is this a problem with many providers? Has anyone out there faced this issue? Why not just set up a live help password or something?
We worry so much about firewalls, sql injections, csrf attacks, blah blah blah. Heck, you can just get the tech support people to change stuff using a live help chat for crying out loud!
I would love to hear if this is an issue everywhere or just for me. I would also like to hear any suggestions on hosts that better security measures.
Budget $40-$60 per month. I host about 5 to 8 low traffic sites on a mixture of Linux and Windows. I *could* go all linux if I had to.
Very frustrated!!!
-
04-26-2011, 01:08 AM #2Junior Guru Wannabe
- Join Date
- Jan 2011
- Posts
- 47
We use Comm100 Hosted live chat software to provide support to our clients
It can track visits count, geo IP, on every visitors.Last edited by PureVM; 04-26-2011 at 01:17 AM.
-
04-26-2011, 01:13 AM #3Temporarily Suspended
- Join Date
- Apr 2011
- Posts
- 351
Thats not good at all, personally I'm very strict with verification in the Live Chats at my company.
We start with IP... if IP/hostname = same then we ask standard security,
if IP = new then that flags payment checks etc.
Then a repeat failure in verification will cause an email to be sent + further verification, maybe a slower process but if my clients have any intelligence at all, they'll understand the reasoning.
-
04-26-2011, 01:14 AM #4Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
I've seen it before, even at high end providers like SoftLayer where if you provide enough information that is publicly available about a company in the right fashion you could have them take actions.
One thing you should keep in mind also is that anybody could spoof your email address, if they knew the right one, and send an email to support requesting them to do X, Y, or Z and chances are it would happen without deeper verification.
This isn't even close to being relevant, but thanks for trying to increase your post count.█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
04-26-2011, 01:29 AM #5Web Hosting Master
- Join Date
- Sep 2004
- Location
- Miami, FL
- Posts
- 2,762
Whatever the case might be... I still feel that most of the providers that I dealt with is doing the right thing.
Tech Support via Live Chat is there to help you out on small issues which could be resolved in a matter of minutes and does not need real logging into the server and stuff like that.
As soon as they need to login to your server, a ticket would be required in order to keep things in black and white. At least if something happens in between, they have a record of it and you could not deny that it isn't you requesting it. In the ticket, username, password and etc is requested as usual.
That's the best way to do things. Not just an email and name via live chat. That's way too risky and all chat has to be logged and etc. So if some tech forgets to log the chat up, you're in deep trouble! Live chat for solving issues which requires a login to the server to me is a NO NO.Aaron Ong
Dedicated Servers - 100TB Servers - 100Mbps Unmetered Servers - Web Hosting - CDN Network
Servers in Central, East/West Coast USA, EUROPE and ASIA
Welltodo Century - www.welltodocentury.com
-
04-26-2011, 01:33 AM #6WHT Addict
- Join Date
- Jun 2010
- Location
- Philadelphia, PA
- Posts
- 162
One thing that we have done as a company is prevent issues like this from happening. All technical support and billing requests must be called-in or open a support request. From there we can address the issues. We changed our live chat support from Sales, Billing & Support to just Sales which we saw a decrease in people trying to access our client's accounts.
Even with this change if done correctly we can still answer all support tickets virtually in real-time as the systems are monitored 24x7.
Not trying to make references/recommendations to my company, just stating what we've done over time because of situations like this.DedicatedNode, LLC - Making Web Hosting Great Again!
-
04-26-2011, 03:07 AM #7Web Hosting Guru
- Join Date
- Feb 2011
- Posts
- 269
Rackspace does this well. I have email hosted with them, and I have to be logged in with my user name and password to access chat support, then tech on the live chat asks me a security question I set before making a change to my account.
Preset security questions are really awful, as the answers are typically on people's facebook profiles. Always let clients set their own security questions.
-
04-26-2011, 03:25 AM #8Web Hosting Guru
- Join Date
- Jan 2011
- Posts
- 292
Guess you need quality shared hosting and I'm sure you will find the right one in the offer section.
-
04-26-2011, 03:38 AM #9Premium Member
- Join Date
- Dec 2010
- Location
- Schiedam, The Netherlands
- Posts
- 172
We have custom coded our live chat, which shows to the operator whether the user is logged in or not.
If they're not logged in, we simply ask them to login into the control panel and we'll instantly see when they are authenticated (and process their request).
Alternatively you should indeed just ask people to submit a ticket for critical things (e.g. installing/removing software, reinstalls, reboots, etc.)Snel.com Self-managed hosting provider
Cloud VPS ★ Dedicated Servers ★ Colocation★
██ Send an email to sales@snel.com. Call us at +31 88 3 088 099.
-
04-26-2011, 03:55 AM #10Web Hosting Guru
- Join Date
- Feb 2011
- Posts
- 269
When I worked on an IT department we only did critical stuff after phone verification. We had a list of phone numbers (mostly business phones) and we would call them with using the number we had on file, or call their office number to verify the person we were talking to was who we thought it was.
-
04-26-2011, 04:04 AM #11Web Hosting Master
- Join Date
- Feb 2008
- Location
- Wilkes-Barre, PA
- Posts
- 1,142
A lot of hosts make you set a security PIN or some type of special password before they'll change any account settings. I'd make that suggestion to them.
█ Loop Internet
█ AS 394868 - Wilkes-Barre, PA
█ Fiber Internet and Colocation
█ 99.999% Uptime SLA - 24/7/365 Support
-
04-26-2011, 04:11 AM #12Disabled
- Join Date
- Dec 2007
- Posts
- 3,597
I suppose that is always correct and good idea to use live chat for general questions. And ask client to send any billing or account related info only using Email.
I suppose in this situation customers feel more protected.
-
04-26-2011, 07:00 AM #13Temporarily Suspended
- Join Date
- Apr 2011
- Posts
- 351
I don't really work like this, the Live Chat is mainly for Sales, but also in emergencies it means our techies can solve issues while keeping the client updated, the ticket/email process is slower and certainly not real-time in many cases.
When I was with HostGator I dealt with everything over Live Chat, it basically meant I was guaranteed a reply.
I was verified each time though and thats all that really matters.
Another thing is tickets can be really annoying, I instruct my staff to create the initial ticket for the client, then all the client has todo is sit and wait for a reply, HostGator does the same, which is right.
Why would any client want to login to Live Chat just to be instructed to go somewhere else? It's not good service.
-
04-26-2011, 10:35 AM #14
We use WHMCS Live Chat Addon so we can see whether they are logged into their WHMCS account or not (they are logged in 9/10), if they are logged in then there is no need to ask them for their password. We only ask for their email/password if they are not logged in to their account.
If they say they have forgotten their password we just send something like
You will need to login at http://www.domain.com/support/
If you've forgotten your password, please use https://www.domain.com/support/pwreset.php
The email we have on file is <email>
Once you have logged in, goto https://www.domain.com/support/clien...ction=products and click on the green arrow button for the domain <domain>. There you can update your password, etc.HostXNow - Shared Web Hosting | Semi Dedicated Hosting | Enterprise Reseller Hosting | VPS Hosting
-
04-26-2011, 11:35 AM #15Hosting provider
- Join Date
- May 2002
- Location
- Moscow
- Posts
- 1,602
Depend from problem operator must forward customer to right destination. If server down (operator must check this) and live chat visitor would like reboot it there is no reason to refuse his request and ask him to open support ticket, provide pin etc. If customer want reinstall his server then only way which will be right is opening support ticket with account id, pin code or any other information which could confirm that request is legitimate.
TK Rustelekom LLC Dedicated server since 2002, RIPE NCC member, LIR
Similar Threads
-
IMsupporting: Affordable Live support / Live chat software
By lynxus in forum Software & Scripts OffersReplies: 0Last Post: 04-21-2011, 04:50 PM -
IMsupporting.com - Live chat support software for your website! (Live support button)
By lynxus in forum Software & Scripts OffersReplies: 2Last Post: 09-15-2010, 05:36 PM -
PHP LIVE CHAT & weird issues
By UnrealSilence in forum Hosting Security and TechnologyReplies: 0Last Post: 03-30-2006, 05:38 PM -
2 FREE HOURS OF SUPPORT | US Phone, ticket, and live chat Outsourced support
By dashawn888 in forum Other Offers & RequestsReplies: 0Last Post: 07-22-2004, 06:27 PM