Results 1 to 15 of 15
  1. #1

    Hacker Safe host

    Hello!

    I know this question was posted times and times again. But I had no clue how to find threads about it. so if you can tell me where to look I'll be glad.

    As with many sites. my site was hacked recently. my host was so negative about this. they didn't notice the hack attempt although it took the hacker 9 hours to break through.

    after that I made some search on my host to find that it is not a real host at all. they are just resellers to another company. I was very disappointed, Then I decided to go to a better host who can protect me from hackers.
    I read some threads about 'hacker safe host' but they all in general don't give a real name of trusted 'anti-hackers' companies.

    can you guide me to some of the famous hosts?
    if you can't my friends got a VPS hosted with WestHost. he offered me to move my site to his VPS. is west host trusted about hackers?

    thank you very much for helping me!
    regards

  2. #2
    Join Date
    Aug 2007
    Location
    Greece
    Posts
    390
    If the hackers are attacking some server daemons any proactive managed hosting company or third party system management would be great for you.
    But if the hackers are attacking a vulnerable web script of yours its not the hosts duty to update it but yours.
    NOT a webhost!helping here just for the fun of it!
    G(r)eek inside.

  3. #3
    Join Date
    Apr 2000
    Location
    California
    Posts
    3,051
    There's really no such thing. Some hosts have more skilled and caring staff than others. The one's that have the knowledge and skills can provide you with a relatively safe environment. However, it will always come down to your own site and scripts and how secure or vulnerable they are. I assume you're referring to a brute force attack over 9 hours and the attacker managed to gain unauthorized access then.

    Indeed, they should implement some brute force attack prevention to help prevent that, but you also still need to use strong passwords (a strong password can't be brute forced in a matter of hours). Again, I don't disagree that they should have implemented some measures to detect these attacks and there are existing and custom solutions that can be implemented to help thwart them.

    Anyway, you're not going to find a host that's accredited or something that says they are safer than another one, I'm sorry to say (and most will want to claim they are, even if they usually are not). It's also difficult for people to give their opinion about another host's practices without looking bad themselves for doing it, though I'm not suggesting the host you've specifically inquired about is vulnerable (I know nothing about them -- I've never heard of them and unless someone worked there, it's impossible to say other than what one user's experience is over another).

  4. #4
    thank you for you replay,

    Tim Greer, your 100% right! the attack was done thorugh my VB forum. the story is that I banned a member who wanted to sell his 'broken car as a new car', that member was mad at me becuase I warned the others about his cheat and so he hacked my site.
    but the host should have detected the process of hacking at least. I mean come on... it took 9 hours! the host most at least has a basic monitoring of the network usage!
    again thank you :-), maybe it is good to stick to my friends idea then!

  5. #5
    Join Date
    Apr 2000
    Location
    California
    Posts
    3,051
    I had actually meant a brute force attack on your account password (SSH, FTP, control panel login, and that sort of thing). It could be difficult for the host to try and detect what is or is not a legitimate access or login when someone's making web requests for a script, such as a forum script, chat script, and so on.

    Honestly, the script should have some sort of protection to block out accesses to the IP (or entirely) if there are too many failed login attempts. I'm unsure how a host could really implement anything to prevent logins and requests to a script in a normal fashion, and it could spell disaster for their client base if they tried to implement something to catch too many requests to a script (even if by name or type of access). That sort of thing is on the user's side and I don't think any host would be able to effectively block it.

    If the attacks were trying to exploit a known hole that's been out for a while (and it wasn't a brute force attack to log into a script you have on your site), then they could add some mod_security rules to catch it, but these sound like normal requests (just a lot of them) in essence and it would add a great amount of processing to try and catch too many normal accesses on a forum (which is expected to get a lot of requests in most cases), especially by access type, fields passed or by script name. Again, that should be done at the script level.

    I've installed/setup VB for clients tons of times and helped with issues they've had, but I've never used it myself to know if there's a configuration option to lock out IPs for brute force password cracking attempts. I'd look for that and I'd not blame the host in this case -- unless I'm misunderstanding your actual issue?

  6. #6
    Join Date
    Feb 2004
    Location
    New Zealand
    Posts
    1,202
    Really if the box was secure enough the administrator of the server should have been alerted of multiple mod_security rule breaches.

    No matter what, your site will not be " unhackable ". You can only do your best to secure and monitor your site & its logs.

    Good luck

    Regards,
    Logan
    DigitalGoods.info
    FREE Shared, Mega Resellers + Dedicated Servers

  7. #7
    Join Date
    Apr 2000
    Location
    California
    Posts
    3,051
    Alerted of mod_security rules that count the number of times an IP accesses a common script? I suppose it could be set to catch too many accesses from the same IP to common script names like admin.php, or /admin/index.php or /admin/ in the REQUEST_URI (maybe! -- and that's a lot of additional resources to keep track of that across the server for something that should be a limit at the script level), but I'm not sure I'd blame the host in this case, unless I'm misunderstanding the situation?

  8. #8
    I'm not blaming my host. I know they got so many sites to look for, it is not their job to check my site 24/7/356. But he is actually no host at all! Thats why I'm disappointed.

    I also know that there is no 100% hackers safe thing in the world. Across history defenders has always been the weak side. Strong castles were destroyed by catapults. Important WW2 sites were lost by few commandos.
    I know all I can is do my best then pray it will be safe.

    I don't know how my site was really hacked. But I know it took 9 hours. Thats not of big deal now. I should care for the future, your advice is so valued, I will start looking for my scripts, thank you all for your help. my deep thanks. may you have a wonderful day :-)

  9. #9
    Join Date
    Nov 2003
    Location
    Amidst several dimensions
    Posts
    4,321
    There is no such guarantee as hacker safe. Regardless of host size, proficiency and whatnot.

    one reseller might be buying space from a sufficiently hardened server, and they may be more solid.

    however one big boy may be still utilizing an exploitable server side service script and their whole server might go boom. (happened many times to many people with awstats 2-3 year ago. or earlier i dont remember now)

    mod_security is no guarantee either, it tries to prevent exploitation by using a known list. if an exploit is just discovered and goes into the wild before you can act, you can still get bombed even with modsec still on.

    what to do ? its actually straightforward ;

    first you gonna get an account with a proficient host that has hardened their servers.

    second, you gonna make sure your site gets backed up everyday.

    third, you gonna make sure that you are always using the latest version of your script.

    fourth, you gonna trust in whatever deity you believe in and be ready to tend to your site whenever it needs tending.

  10. #10
    Join Date
    Feb 2004
    Location
    New Zealand
    Posts
    1,202
    I could say that i provide " unhackable " servers - Due to the honeypot layer, however that doesn't stop a professional security enthusiast from going past the honeypot

    There are many aspects to keeping your site - non-hackable. Its just a number of procedures, policies and strict rules/security.

    The key is to knowing before the attacker hits - or during the attack you are notified and you can take action.
    DigitalGoods.info
    FREE Shared, Mega Resellers + Dedicated Servers

  11. #11
    Join Date
    Jul 2006
    Location
    Detroit, MI
    Posts
    1,955
    Quote Originally Posted by SarDira View Post
    I'm not blaming my host. I know they got so many sites to look for, it is not their job to check my site 24/7/356. But he is actually no host at all! Thats why I'm disappointed.

    I also know that there is no 100% hackers safe thing in the world. Across history defenders has always been the weak side. Strong castles were destroyed by catapults. Important WW2 sites were lost by few commandos.
    I know all I can is do my best then pray it will be safe.

    I don't know how my site was really hacked. But I know it took 9 hours. Thats not of big deal now. I should care for the future, your advice is so valued, I will start looking for my scripts, thank you all for your help. my deep thanks. may you have a wonderful day :-)
    What do you mean they are "no host at all"? Everyone is a reseller of someone, unless you're AT&T/Comcast/etc.

    It's not the host's responsibility to monitor your site's software for hacking attempts. The client[you] is responsible for audits, log monitoring, etc. in this respect. Unless of course you were paying for these extra services. Were you?



    Kind Regards,

  12. #12
    Join Date
    Dec 2006
    Location
    Netherlands
    Posts
    1,430
    Simple solution to your problem.

    RackSpace.com

    End of story, Id say. Your attackers won't even try doing anything when your with these guys. My personal experience says so.

  13. #13
    Join Date
    Apr 2000
    Location
    California
    Posts
    3,051
    I think the OP means they aren't a real host, because they are a reseller (meaning, they don't control the server and another company does). Reseller's obviously have less control and they have less knowledge of the server's configuration in most cases. Someone else (their actual provider that does control the servers) is usually a good thing, because they usually have a better idea of what they are doing and leave the re-selling aspect to someone else. In that regard, everyone is not a reseller of someone.

    As for Rackspace, that suggestion doesn't make a lot of sense. Any attacker that will attempt to attack your site and its scripts won't likely care what data center you're using. The OP clearly isn't qualified to just be running their own server and I don't think rackspace offers regular shared hosting plans. In this case, it's better to have someone else in control of the server. It happens, at least when you use vulnerable scripts or passwords.

    We all agree that the more secure the server is, in many various ways, the more secure the sites hosted on it will be, but there's only so much a web host can do to help a user with a script that's being attacked and I don't care what provider you use. If the provider is relatively secure and prevents the common attacks and does otherwise knowledgeable aspects to keep the server secure and up to date, and if you use strong passwords, store them safely, have a secure home or office system and use secure and up to date scripts, then it's incredibly unlikely your site will ever be compromised.

    There are few people in the world that could maybe compromise your site if your site and provider are just decently secure, and the one's that might be able to are not likely going to be interested in your site. It's not actually true that no server is secure. It's just a matter of is there a vulnerability in the service (and how its configured) running on the hosting provider's system (or their network/upstream and their network equipment).

    Sometimes there aren't any new exploits out and sometimes it's the configuration and/or restrictions the host implements. So, even the people that do create the root priv zero-day exploits don't have a way in, and there are very few people in the world that can find those exploits (if they even exist at that time) and those people won't ever be interested in your site or won't likely ever be interested in your host either.

    Of course, eventually, there will be zero day exploits and new exploits found in common services, but to be the zero-day target, is incredibly rare, so the host almost always has a good chance of knowing about it before or at the same time as the so called "script kiddies" that just re-use the exploits created by the one's with actual skills. In other words, services do become insecure after a while, and at some point -- it's the nature of the beast -- but if your host and your site practice even just relatively common and normal security practices, you really have very low to no chance of having your site exploited in the first place.

    I'm not saying this to be lax or say you should be content with generalized practices, and you should always take it as far as you can and have time for and learn new ways to help prevent it, but overall, it's not as dire as some people make it out to be. Indeed, some hosts are too lax and lazy or unqualified when it comes to security -- in fact, a lot of them are -- but it shouldn't be too difficult to locate a decent, relatively secure web host that implements a generalized security practice and policies.

  14. #14
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    965
    No server will EVER be hacker safe

  15. #15
    Join Date
    Apr 2000
    Location
    California
    Posts
    3,051
    I'll be honest, I find the media and now common term "hacker" to be annoying.

    Anyway, a server could technically be secure, but you'd have to pretty much do away with all of the existing services out there and create your own. If you were good enough and didn't make mistakes in the code, it could be possible.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •