Results 26 to 50 of 77
-
11-01-2002, 04:14 AM #26Web Hosting Evangelist
- Join Date
- May 2002
- Posts
- 466
Originally posted by Vline
Seems like a day to jump on the other host so lets just leave it here. As I said before those you want the service no where to get it.
Regards
Tom
www.--------------.net
I don't personally have any issue with the price, albeit I admit I am skeptical. People usually charge low rates like this, because they aren't skilled enough to get a real job doing it. That's not to say that's the case for you.
That's also not to say that you providing them _some_ service isn't better than nothing, even if it's $25/mo. However, the problem is, with me anyway, that you offer this and make these claims, when your own server is running Ensim. This means your server can not be as secure as one without it. It's built to tie into the operation so much, that it does not allow you to secure it without breaking the program and functions of the web server.
No one in their right (security minded) mind, would use Ensim. Your packages and programs are out of date and you can't upgrade them without it breaking Ensim. The fact you are running Ensim means you do not have the ability to have custom, secure solutions on your own servers and I would have to question how you can be qualified to provide others with a real solution -- especially in the way of claiming they can know they are safe just by hiring out your services.
It's also been pointed out, that what you claim and how effective it is, is far from the facts, seeing it doesn't actually seem to provide much in the way of security after all. Yes, upgrading often or keeping up to date with security patches is better than nothing, but it's hardly everything. I am 100% convinced that someone that posses the skills you confidently claim to have, would never run Ensim, because this alone limits their abilities to secure their own servers.
If you don't know what I'm talking about, that says a lot. If you do, then why didn't you go for a white box from rackshack instead of a crappy Ensim install? If you had and had your services up to date and truly customized (which you need to do), you would not be hearing me complain or question this thread.
I realize that your boxes are not your client boxes, but this does tend to reflect on your choices of what you personally run on your own business, when you make poor choices. It makes people question why you'd not go with a better solution, since you should know better.
I'm not sure what to say, but price isn't the factor here, as much as the reflection of your choices, which provide some insight into your alleged skills. This makes me wonder, and for those reasons. Those and reasons others in this thread have mentioned. It's nothing personal, but who of us should stand by and say nothing for fear of looking like we are "attacking the competition" or something, because we feel it's a risk to these people. It is our duty to say something. Again, it's nothing personal.Robert McGregor
URL: http://www.2host.com
Email: robertm@(nospam)2host.com0
-
11-01-2002, 04:40 AM #27
Usually, I don't get involved in threads like this one, because I AM the competition, but let's clear a few things up here.
Any sort of security audit for $25 will NOT tell you you've never been hacked before. It's physically impossible to detect previous hack attempts without getting deep into system data (logs, users, queries, more logs, more queries, etc). All this for $25? Riiiiiiiiiiiiight.
Monitoring for $25 a month? Possible, but doubtful. I know what I'm talking about here, because I DO monitor all activity on my clients servers, and go through it with a fine toothed comb. what is involved in monitoring? Certainly more than looking at a minor portion of the logs every few days. Try looking at them at LEAST once every half hour. This adds up, and evenif you hve 3 people working on it, it's gonna take at least minutes (per half hou) per client.. Before you say 'logs are automatically looked at', I'll say again 'I don't think so'. Unless your logs are parsed and sent to you every half hour for YOUR looking at, you, that's far from secure.
I would agree wholeheartedly with 2host re: ensim. If your own servers aren't updated and secure, how can you assure your customers that THEIRS are? Ensim is outdated as can be, and relies on antequated, outdated software. I believe redhat 7.2 was released what, in what, 2001?? It's been too long for me to recall. So, you'e looking at a 2 year old Operating System, not to mention the kernel that they recommend and support being out of date.
One of the most important features in security is keeping yourself honest and having your clients be able to rely and depend upon you. This is WhY I don't advertise my services as "security specialist", even though I DO perform security enhancements on client's servers, and I DO go through their logs (manually, mind you, as any good sysadmin should) every half hour (well, the new entries that are mailed to me anyways).
I DO think security should be made affordable to everyone, and that's one of the very things I do for my clients, but $25 is too good to be true. There's no physical way that you can ensure your clients safety, not for that mere amount of money.
I find it amusing that individuals actually try to sell services like this for $25 a month. Affordable is one thing (and my services again, border on that, I realize), but this has every smell of fraud.
Just as a side note:
Has anyone actually purchased this offer, what kind of reports were mailed back? I'd love to see the outputs of some of this.. Chances are it's just someone who's picked up Grsecurity ( a freely available tool) and is running with it.Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons0
-
11-01-2002, 04:50 AM #28Web Hosting Master
- Join Date
- Feb 2002
- Location
- Australia
- Posts
- 24,027
I'll jump in here too. dynamicnet, Tom can offer the service and charge whatever he likes. You're comparing his offerring to what else is out there. How do you know that what you're using as a comparison isn't wrong in the first place?? What is right and wrong? How can these 2 parameters be defined?? You define the first parameter based on your experiences and understanding. That is not "reality". The laws of supply and demand come into play here folks.
If Tom wants to offer a cheap affordable and very basic security service for $25/mth, then that's ok. If your claim is that it is impossible for Tom to offer this service, then that's a valid claim/opinion.• WLVPN.com • NetProtect owned White Label VPN provider •
• Increase your hosting profits by adding VPN to your product line up •0
-
11-01-2002, 09:12 AM #29Web Hosting Master
- Join Date
- Dec 2001
- Posts
- 5,221
Greetings:
"Tom can offer the service and charge whatever he likes."
Correct.
"You're comparing his offerring to what else is out there."
Correct.
"How do you know that what you're using as a comparison isn't wrong in the first place?"
It is called, doing your home work :-)
"What is right and wrong?"
Well, trained, armed, highly skilled, highly certified, agents on a plane compared to a wanna-be person with a paint ball gun who has no experience with a real gun, no permit, looses most paint ball gun matches...
You tell me.
Security has always been important. Since September 11th it has increased in importance.
So much so that there is a gigantic difference between offerings that are the equivalent of the untrained, paint ball gun wielder who has no permit to carry a real gun let alone ever used one and an armed, trained, highly skilled professional.
Oh... only need the paint ball gun user? Then know what you are getting.
Based on the responses to date, here are the known facts:
1. No service level agreement (if there was wone, it would have been noted, expressed, etc.).
2. No errors and ommissions insurance.
3. No EDS, general liability, or other forms of insurance.
4. No bonding.
5. No managed firewall.
6. No managed intrusion detection system (IDS).
7. The site offering the security services had its domain name registered in May of this year.
8. The monitoring consists of reading emails generated from PSAD.
9. PSAD is known to generate a large quantity of email per server; and, can generate hundreds of messages per day (sometimes per hour).
10. The read the emails from PSAD to determine if there is a security problem.
11. PSAD is known to generate emails that have no meaning or relevance.
12. Bastille for Linux (which includes) PSAD is free.
13. Instructions for installation of Bastille are available in a variety of sources.
14. Certified security personnel's salary (not including the dollar value of benefits) start at $75,000 per year.
15. They've already answered questions dealing with their experience -- never been hacked question -- that show they don't know what they are doing.
16. Some one not knowing what they are doing reading several hundred (or more) PSAD emails per server per day is going to be able to add what benefits for the customer?
Thank you.0
-
11-01-2002, 09:22 AM #30Web Hosting Master
- Join Date
- Feb 2002
- Location
- Australia
- Posts
- 24,027
Tom can offer his service for $25.00/mth. What is provided for that is questionable. You get what you pay for.
BTW dynamicnet, how about replying to posts properly with quotes and not just " ". It's not the proper netiquite.• WLVPN.com • NetProtect owned White Label VPN provider •
• Increase your hosting profits by adding VPN to your product line up •0
-
11-01-2002, 09:26 AM #31Disabled
- Join Date
- Oct 2002
- Location
- Dublin
- Posts
- 17
Ok this is turning into a waste of time. The post has pushed sales for this service btw as there have been 4 signups today (what sort of marketing would you call that) But really guys you are bad mouthing ensim saying it cant be secure and a load of other rubbish..
its a cheap service yes
its worth the money to hosting companys new to the industry who dont know much about unix or security yes.
Now lets drop it.
IF YOU DONT WONT IT DONT GET IT!
with a bit of luck this topic will be locked
btw there was a lot of talk about certs I have just for the record
I have my mcsa , ccna and rhce , I have worked for Iomega as a Linux consultant and am currently also working in I.T in consulting earning 32 000 a year for a 3 day week.
Regards
Tom
www.theboxnetwork.net
hosting from $3.95 200mb 1000mb bandwith with ENSIM!
hosting from $4.95 500mb 3000mb bandwith with ENSIM!0
-
11-01-2002, 09:36 AM #32Originally posted by Aussie Bob
What is provided for that is questionable. You get what you pay for.
Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons0
-
11-01-2002, 09:37 AM #33Junior Guru Wannabe
- Join Date
- Oct 2002
- Posts
- 70
I have to let you all know that I personally know one of theboxnetwork admins and there very genuine guys with enough knowledge.
You are definetly getting your $25 per month with this package.
Personally we deal with our own security. But for some new comers this would be the perfect package.
As for the comments about ensim being un-secure, and "unable to update" critical components, that is a load of rubbish.
We have the latest and most up to date version of everything, it just takes a bit of knowledge and sense to install them.
"oh no rpm -Uvh might break ensim".
Learn how to install packages correctly, and you can install them with ensim on the server.
Good luck Vline, your providing a service worth a lot more than $25.
I have actually seen people asking in the region of $100-$300 to install Bastille & PSAD - and that doesnt include monitoring it.http://www.STX-Hosting.com
.:: Professional Web-Hosting ::.
.:: Top Dedicated Support !!! ::.
.:: MSN@STX-Hosting.com ::.0
-
11-01-2002, 09:40 AM #34Web Hosting Evangelist
- Join Date
- May 2002
- Posts
- 466
Originally posted by Vline
Ok this is turning into a waste of time.
The post has pushed sales for this service btw as there have been 4 signups today ;)
(what sort of marketing would you call that)
But really guys you are bad mouthing ensim saying it cant be secure and a load of other rubbish..
its a cheap service yes
Am I being too blunt? I was being nice in my comments and they were valid points, and you respond acting like everyone with a valid point is the person that lacks a clue. Hmm, ironic.
its worth the money to hosting companys new to the industry who dont know much about unix or security yes.
Now lets drop it.
IF YOU DONT WONT IT DONT GET IT!
with a bit of luck this topic will be locked
btw there was a lot of talk about certs I have just for the record
I have my mcsa , ccna and rhce ,
I have worked for Iomega as a Linux consultant and am currently also working in I.T in consulting earning 32 000 a year for a 3 day week.
Regards
Tom
www.theboxnetwork.net
hosting from $3.95 200mb 1000mb bandwith with ENSIM!
hosting from $4.95 500mb 3000mb bandwith with ENSIM!Robert McGregor
URL: http://www.2host.com
Email: robertm@(nospam)2host.com0
-
11-01-2002, 09:44 AM #35Web Hosting Evangelist
- Join Date
- May 2002
- Posts
- 466
Originally posted by STX-Hosting
...
As for the comments about ensim being un-secure, and "unable to update" critical components, that is a load of rubbish.
We have the latest and most up to date version of everything, it just takes a bit of knowledge and sense to install them.
"oh no rpm -Uvh might break ensim".
Learn how to install packages correctly, and you can install them with ensim on the server.Robert McGregor
URL: http://www.2host.com
Email: robertm@(nospam)2host.com0
-
11-01-2002, 09:44 AM #36Originally posted by Vline
But really guys you are bad mouthing ensim saying it cant be secure and a load of other rubbish..
[/B]
Originally posted by Vline
its a cheap service yes
[/B]
Originally posted by Vline
its worth the money to hosting companys new to the industry who dont know much about unix or security yes.
[/B]
Originally posted by Vline
I have just for the record I have my mcsa , ccna and rhce , I have worked for Iomega as a Linux consultant and am currently also working in I.T in consulting earning 32 000 a year for a 3 day week.
[/B]
<< edited to remove someone else's sig.. oops>>Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons0
-
11-01-2002, 09:48 AM #37Disabled
- Join Date
- Oct 2002
- Location
- Dublin
- Posts
- 17
Uh huh. Okay, I'll give you 20 hours with an account on my server, for 2 minutes with an account on your server. We can test each other's security. Sound fair?
Is that offer open to us all? Sure locally is no fun how about remotely ?0
-
11-01-2002, 09:51 AM #38Junior Guru Wannabe
- Join Date
- Oct 2002
- Posts
- 70
Uh huh. Okay, I'll give you 20 hours with an account on my server, for 2 minutes with an account on your server. We can test each other's security. Sound fair?
If you rely on RPM's to do everything for you, you might not be so well off.
If you say so. I'm sorry you would rather just support someone that makes poor choices and defend them so aggressively given the facts
and I'm sorry you believe that an Ensim system can be secure, without actually uninstalling Ensim itself.
I do agree ensim is anything but secure when it is first installed though.http://www.STX-Hosting.com
.:: Professional Web-Hosting ::.
.:: Top Dedicated Support !!! ::.
.:: MSN@STX-Hosting.com ::.0
-
11-01-2002, 09:52 AM #39Web Hosting Evangelist
- Join Date
- May 2002
- Posts
- 466
[QUOTE]Originally posted by Vline
[B]Originally posted by 2host.com
Uh huh. Okay, I'll give you 20 hours with an account on my server, for 2 minutes with an account on your server. We can test each other's security. Sound fair?
will you give me that offer ?Robert McGregor
URL: http://www.2host.com
Email: robertm@(nospam)2host.com0
-
11-01-2002, 09:55 AM #40Junior Guru Wannabe
- Join Date
- Oct 2002
- Posts
- 70
I wouldnt mind seeing the outcome of this little trade... results could be bad for both sides of this deal.
http://www.STX-Hosting.com
.:: Professional Web-Hosting ::.
.:: Top Dedicated Support !!! ::.
.:: MSN@STX-Hosting.com ::.0
-
11-01-2002, 09:58 AM #41Web Hosting Evangelist
- Join Date
- May 2002
- Posts
- 466
Originally posted by STX-Hosting
sorry we dont open our servers up to just anyone.
That was my point, hence the "" and the sarcasm.
I wasnt defending him, i was stating that they provide a good deal for $25 for new comers.
I don't find any value in it, but if someone doesn't know the most basic things, it might be worth something. Yet at the same time, they shouldn't be calling themselves a host and have no business running a host if they truly know that little, in my opinion. Regardless, this individual is claiming people will be secure from this service, which is grossly inaccurate and untrue.
Ensim is simply an addon, providing you have the correct implementation of the latest packages you can be about as secure as any other linux box with a web based control panel.
I do agree ensim is anything but secure when it is first installed though.
PS: Is there a reason why you type almost exactly the same as Vline? (No accusations, just curious).Robert McGregor
URL: http://www.2host.com
Email: robertm@(nospam)2host.com0
-
11-01-2002, 09:58 AM #42
yeah,but it's easy to rig somethin like that, quite so. not on 2host's part,but on the other person's.
"Quick, eeryone go in and make sure his site is secure, secure it so we look good".Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons0
-
11-01-2002, 09:59 AM #43Web Hosting Evangelist
- Join Date
- May 2002
- Posts
- 466
Originally posted by STX-Hosting
I wouldnt mind seeing the outcome of this little trade... results could be bad for both sides of this deal.Robert McGregor
URL: http://www.2host.com
Email: robertm@(nospam)2host.com0
-
11-01-2002, 10:02 AM #44Junior Guru Wannabe
- Join Date
- Oct 2002
- Posts
- 70
"PS: Is there a reason why you type almost exactly the same as Vline? (No accusations, just curious)."
LOL. I can tell you now we're not the same person.
I didnt even know that Vline was one of theboxnetwork admins until I read this thread.
Although I am also from Ireland so perhaps its the way we are taught to type over here ?http://www.STX-Hosting.com
.:: Professional Web-Hosting ::.
.:: Top Dedicated Support !!! ::.
.:: MSN@STX-Hosting.com ::.0
-
11-01-2002, 10:05 AM #45Web Hosting Evangelist
- Join Date
- May 2002
- Posts
- 466
Originally posted by STX-Hosting
"PS: Is there a reason why you type almost exactly the same as Vline? (No accusations, just curious)."
LOL. I can tell you now we're not the same person.
I didnt even know that Vline was one of theboxnetwork admins until I read this thread.
Although I am also from Ireland so perhaps its the way we are taught to type over here ? :eek:Robert McGregor
URL: http://www.2host.com
Email: robertm@(nospam)2host.com0
-
11-01-2002, 10:20 AM #46Junior Guru Wannabe
- Join Date
- Oct 2002
- Location
- Maryland
- Posts
- 89
Originally posted by Vline
Uh huh. Okay, I'll give you 20 hours with an account on my server, for 2 minutes with an account on your server. We can test each other's security. Sound fair?
Is that offer open to us all? Sure locally is no fun how about remotely ?
Now be sure to setup the server with what you would give me for $25 a month, also let me know what OS, etc you are setting up I will do the exact same install except possibly a different firewall depending on what you are using. I dont use garbage firewalls...
BTW in your earlier post you mentioned making $32k a year for a short work week.. man no wonder you charge $25 a hour or you live in a really cheap part of the country.0
-
11-01-2002, 10:24 AM #47Web Hosting Evangelist
- Join Date
- May 2002
- Posts
- 466
Originally posted by Just_Kp
I will go for that, let me set up a server and you set up a server.
Now be sure to setup the server with what you would give me for $25 a month, also let me know what OS, etc you are setting up I will do the exact same install except possibly a different firewall depending on what you are using. I dont use garbage firewalls...
Robert McGregor
URL: http://www.2host.com
Email: robertm@(nospam)2host.com0
-
11-01-2002, 10:35 AM #48Web Hosting Master
- Join Date
- Dec 2001
- Posts
- 5,221
Greetings:
"You are definetly getting your $25 per month with this package."
That states a lot ;-)
The same could be true for hiring the paint ball gun person for $25 per month to hold off terrorists. You are definately getting your $25 per month for that service ;-)
Thank you.0
-
11-01-2002, 10:41 AM #49Junior Guru Wannabe
- Join Date
- Jan 2002
- Location
- SoCal
- Posts
- 71
Vline,
The problem people are having is that your offering services and making promises which are not possible. If you want to provide entry level security for new hosts and charge an entry level fee ($25), go for it. There are a lot of people here who could use that. BUT, don't oversell yourself with something you can't deliver. You'll get the same response the "unlimited" webhost providers get.0
-
11-01-2002, 02:22 PM #50Web Hosting Master
- Join Date
- Sep 2002
- Posts
- 3,892
agreed. we dont object to your service, we object to the false and uneducated claims you have made and felt obligated to point them so the potential clients would know exactly what they are (and are not) getting.
ive done some security work and ill tell you this: i have never ever guaranteed anyone that their server has not been previously compromised unless i just did a clean OS install from trusted media. in security there are no guarantees, only probabilities. granted, under certain conditions the probabilities are such that you can guarantee certain things without taking too much risk, but nothing that you advertised gets the probabilties anywhere near that.
with that said, your service is needed and with a proper/accurate description of it, you should be rather successful.
good luck,
paul* Rusko Enterprises LLC - Upgrade to 100% uptime today!
* Premium NYC collocation and custom dedicated servers
call 1-877-MY-RUSKO or paul [at] rusko.us
dedicated servers, collocation, load balanced and high availability clusters0