Page 2 of 4 FirstFirst 1234 LastLast
Results 26 to 50 of 77
  1. #26
    Originally posted by Vline
    Seems like a day to jump on the other host so lets just leave it here. As I said before those you want the service no where to get it.

    Regards

    Tom

    www.--------------.net
    If you come here offering a service, claiming people can "know they are secure" from having their servers compromised by a "hacker" (media word), then you should expect people will question this service for the price.

    I don't personally have any issue with the price, albeit I admit I am skeptical. People usually charge low rates like this, because they aren't skilled enough to get a real job doing it. That's not to say that's the case for you.

    That's also not to say that you providing them _some_ service isn't better than nothing, even if it's $25/mo. However, the problem is, with me anyway, that you offer this and make these claims, when your own server is running Ensim. This means your server can not be as secure as one without it. It's built to tie into the operation so much, that it does not allow you to secure it without breaking the program and functions of the web server.

    No one in their right (security minded) mind, would use Ensim. Your packages and programs are out of date and you can't upgrade them without it breaking Ensim. The fact you are running Ensim means you do not have the ability to have custom, secure solutions on your own servers and I would have to question how you can be qualified to provide others with a real solution -- especially in the way of claiming they can know they are safe just by hiring out your services.

    It's also been pointed out, that what you claim and how effective it is, is far from the facts, seeing it doesn't actually seem to provide much in the way of security after all. Yes, upgrading often or keeping up to date with security patches is better than nothing, but it's hardly everything. I am 100% convinced that someone that posses the skills you confidently claim to have, would never run Ensim, because this alone limits their abilities to secure their own servers.

    If you don't know what I'm talking about, that says a lot. If you do, then why didn't you go for a white box from rackshack instead of a crappy Ensim install? If you had and had your services up to date and truly customized (which you need to do), you would not be hearing me complain or question this thread.

    I realize that your boxes are not your client boxes, but this does tend to reflect on your choices of what you personally run on your own business, when you make poor choices. It makes people question why you'd not go with a better solution, since you should know better.

    I'm not sure what to say, but price isn't the factor here, as much as the reflection of your choices, which provide some insight into your alleged skills. This makes me wonder, and for those reasons. Those and reasons others in this thread have mentioned. It's nothing personal, but who of us should stand by and say nothing for fear of looking like we are "attacking the competition" or something, because we feel it's a risk to these people. It is our duty to say something. Again, it's nothing personal.
    Robert McGregor
    URL: http://www.2host.com
    Email: robertm@(nospam)2host.com
      0 Not allowed!

  2. #27
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    Usually, I don't get involved in threads like this one, because I AM the competition, but let's clear a few things up here.

    Any sort of security audit for $25 will NOT tell you you've never been hacked before. It's physically impossible to detect previous hack attempts without getting deep into system data (logs, users, queries, more logs, more queries, etc). All this for $25? Riiiiiiiiiiiiight.

    Monitoring for $25 a month? Possible, but doubtful. I know what I'm talking about here, because I DO monitor all activity on my clients servers, and go through it with a fine toothed comb. what is involved in monitoring? Certainly more than looking at a minor portion of the logs every few days. Try looking at them at LEAST once every half hour. This adds up, and evenif you hve 3 people working on it, it's gonna take at least minutes (per half hou) per client.. Before you say 'logs are automatically looked at', I'll say again 'I don't think so'. Unless your logs are parsed and sent to you every half hour for YOUR looking at, you, that's far from secure.

    I would agree wholeheartedly with 2host re: ensim. If your own servers aren't updated and secure, how can you assure your customers that THEIRS are? Ensim is outdated as can be, and relies on antequated, outdated software. I believe redhat 7.2 was released what, in what, 2001?? It's been too long for me to recall. So, you'e looking at a 2 year old Operating System, not to mention the kernel that they recommend and support being out of date.

    One of the most important features in security is keeping yourself honest and having your clients be able to rely and depend upon you. This is WhY I don't advertise my services as "security specialist", even though I DO perform security enhancements on client's servers, and I DO go through their logs (manually, mind you, as any good sysadmin should) every half hour (well, the new entries that are mailed to me anyways).

    I DO think security should be made affordable to everyone, and that's one of the very things I do for my clients, but $25 is too good to be true. There's no physical way that you can ensure your clients safety, not for that mere amount of money.

    I find it amusing that individuals actually try to sell services like this for $25 a month. Affordable is one thing (and my services again, border on that, I realize), but this has every smell of fraud.

    Just as a side note:
    Has anyone actually purchased this offer, what kind of reports were mailed back? I'd love to see the outputs of some of this.. Chances are it's just someone who's picked up Grsecurity ( a freely available tool) and is running with it.
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons
      0 Not allowed!

  3. #28
    Join Date
    Feb 2002
    Location
    Australia
    Posts
    24,027
    I'll jump in here too. dynamicnet, Tom can offer the service and charge whatever he likes. You're comparing his offerring to what else is out there. How do you know that what you're using as a comparison isn't wrong in the first place?? What is right and wrong? How can these 2 parameters be defined?? You define the first parameter based on your experiences and understanding. That is not "reality". The laws of supply and demand come into play here folks.

    If Tom wants to offer a cheap affordable and very basic security service for $25/mth, then that's ok. If your claim is that it is impossible for Tom to offer this service, then that's a valid claim/opinion.
    WLVPN.com NetProtect owned White Label VPN provider
    Increase your hosting profits by adding VPN to your product line up
      0 Not allowed!

  4. #29
    Greetings:

    "Tom can offer the service and charge whatever he likes."

    Correct.

    "You're comparing his offerring to what else is out there."

    Correct.

    "How do you know that what you're using as a comparison isn't wrong in the first place?"

    It is called, doing your home work :-)

    "What is right and wrong?"

    Well, trained, armed, highly skilled, highly certified, agents on a plane compared to a wanna-be person with a paint ball gun who has no experience with a real gun, no permit, looses most paint ball gun matches...

    You tell me.

    Security has always been important. Since September 11th it has increased in importance.

    So much so that there is a gigantic difference between offerings that are the equivalent of the untrained, paint ball gun wielder who has no permit to carry a real gun let alone ever used one and an armed, trained, highly skilled professional.

    Oh... only need the paint ball gun user? Then know what you are getting.

    Based on the responses to date, here are the known facts:

    1. No service level agreement (if there was wone, it would have been noted, expressed, etc.).

    2. No errors and ommissions insurance.

    3. No EDS, general liability, or other forms of insurance.

    4. No bonding.

    5. No managed firewall.

    6. No managed intrusion detection system (IDS).

    7. The site offering the security services had its domain name registered in May of this year.

    8. The monitoring consists of reading emails generated from PSAD.

    9. PSAD is known to generate a large quantity of email per server; and, can generate hundreds of messages per day (sometimes per hour).

    10. The read the emails from PSAD to determine if there is a security problem.

    11. PSAD is known to generate emails that have no meaning or relevance.

    12. Bastille for Linux (which includes) PSAD is free.

    13. Instructions for installation of Bastille are available in a variety of sources.

    14. Certified security personnel's salary (not including the dollar value of benefits) start at $75,000 per year.

    15. They've already answered questions dealing with their experience -- never been hacked question -- that show they don't know what they are doing.

    16. Some one not knowing what they are doing reading several hundred (or more) PSAD emails per server per day is going to be able to add what benefits for the customer?

    Thank you.
      0 Not allowed!

  5. #30
    Join Date
    Feb 2002
    Location
    Australia
    Posts
    24,027
    Tom can offer his service for $25.00/mth. What is provided for that is questionable. You get what you pay for.

    BTW dynamicnet, how about replying to posts properly with quotes and not just " ". It's not the proper netiquite.
    WLVPN.com NetProtect owned White Label VPN provider
    Increase your hosting profits by adding VPN to your product line up
      0 Not allowed!

  6. #31
    Join Date
    Oct 2002
    Location
    Dublin
    Posts
    17

    Red face

    Ok this is turning into a waste of time. The post has pushed sales for this service btw as there have been 4 signups today (what sort of marketing would you call that) But really guys you are bad mouthing ensim saying it cant be secure and a load of other rubbish..
    its a cheap service yes
    its worth the money to hosting companys new to the industry who dont know much about unix or security yes.

    Now lets drop it.

    IF YOU DONT WONT IT DONT GET IT!

    with a bit of luck this topic will be locked



    btw there was a lot of talk about certs I have just for the record
    I have my mcsa , ccna and rhce , I have worked for Iomega as a Linux consultant and am currently also working in I.T in consulting earning 32 000 a year for a 3 day week.

    Regards

    Tom

    www.theboxnetwork.net
    hosting from $3.95 200mb 1000mb bandwith with ENSIM!
    hosting from $4.95 500mb 3000mb bandwith with ENSIM!
      0 Not allowed!

  7. #32
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    Originally posted by Aussie Bob
    What is provided for that is questionable. You get what you pay for.
    In some cases, that is true, but not in all.
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons
      0 Not allowed!

  8. #33
    I have to let you all know that I personally know one of theboxnetwork admins and there very genuine guys with enough knowledge.
    You are definetly getting your $25 per month with this package.

    Personally we deal with our own security. But for some new comers this would be the perfect package.

    As for the comments about ensim being un-secure, and "unable to update" critical components, that is a load of rubbish.

    We have the latest and most up to date version of everything, it just takes a bit of knowledge and sense to install them.

    "oh no rpm -Uvh might break ensim".

    Learn how to install packages correctly, and you can install them with ensim on the server.

    Good luck Vline, your providing a service worth a lot more than $25.
    I have actually seen people asking in the region of $100-$300 to install Bastille & PSAD - and that doesnt include monitoring it.
    http://www.STX-Hosting.com
    .:: Professional Web-Hosting ::.
    .:: Top Dedicated Support !!! ::.
    .:: MSN@STX-Hosting.com ::.
      0 Not allowed!

  9. #34
    Originally posted by Vline
    Ok this is turning into a waste of time.
    If you can't respond to the points made, why waste people's time going on about irrelevant things?

    The post has pushed sales for this service btw as there have been 4 signups today ;)
    Who, oh why, do people always respond with how many people signed up because of their crappy ad? So? Want to know how many people would buy a bridge? Put a post up about it.

    (what sort of marketing would you call that)
    What can you do.

    But really guys you are bad mouthing ensim saying it cant be secure and a load of other rubbish..
    You have absolutely no idea what you're doing.

    its a cheap service yes
    Yes, if you'd qualify it as a service.

    Am I being too blunt? I was being nice in my comments and they were valid points, and you respond acting like everyone with a valid point is the person that lacks a clue. Hmm, ironic.

    its worth the money to hosting companys new to the industry who dont know much about unix or security yes.
    If someone was so poor at the task of doing hosting to think this is of any value or need help on such a level, they have no business calling themselves a web host (my opinion).

    Now lets drop it.
    Sure. We don't dare converse on a web forum.

    IF YOU DONT WONT IT DONT GET IT!
    Yes, that is a valid point. Yet, another valid point is to make clear what is going on, so no one that is ignorant about this doesn't fall into this 'service' and regret it later. You claiming this so-called service will remove their worries and make them secure.

    with a bit of luck this topic will be locked
    Perhaps.

    btw there was a lot of talk about certs I have just for the record
    I didn't notice and I don't care.

    I have my mcsa , ccna and rhce ,
    I know of a guy that has all these and doesn't know a thing. It just shows how non valuable these certifications are. I know of a guy that's "one of the leading security experts in the world", runs a high profile security consulting service and probably doesn't know what a shell prompt is. I know a 45 year old woman that doesn't know much beyond how to use her email and mouse, and she works at Intel as a support rep and security analyst, and has certifications too. What's your point?

    I have worked for Iomega as a Linux consultant and am currently also working in I.T in consulting earning 32 000 a year for a 3 day week.
    And that's why you're excited to earn a whopping $25, totaling $100/mo, from 4 people you allegedly got business from due to this thread, right? Besides, that's not great pay. Besides, what in the heck do you think "working in IT" means anyway? This could mean anything. "I change the TP roll in the office bathroom at Quest each week, I work in IT!".


    Regards

    Tom

    www.theboxnetwork.net
    hosting from $3.95 200mb 1000mb bandwith with ENSIM!
    hosting from $4.95 500mb 3000mb bandwith with ENSIM!
    Don't be so proud of using Ensim. Learn to use a real sig, IT boy. Learn to not put anchored URL tags in your sig. Learn how to respond to the points that are brought up. yes, Ensim is insecure, it is bad, it limits you and it says a lot about your alleged knowledge. Perhaps I was a little blunt and not so polite, but oh well. Like you said, your choice. If people are interested, they'll contact you. Good luck.
    Robert McGregor
    URL: http://www.2host.com
    Email: robertm@(nospam)2host.com
      0 Not allowed!

  10. #35
    Originally posted by STX-Hosting

    ...

    As for the comments about ensim being un-secure, and "unable to update" critical components, that is a load of rubbish.
    Uh huh. Okay, I'll give you 20 hours with an account on my server, for 2 minutes with an account on your server. We can test each other's security. Sound fair?

    We have the latest and most up to date version of everything, it just takes a bit of knowledge and sense to install them.

    "oh no rpm -Uvh might break ensim".
    If you rely on RPM's to do everything for you, you might not be so well off.

    Learn how to install packages correctly, and you can install them with ensim on the server.
    If you say so. I'm sorry you would rather just support someone that makes poor choices and defend them so aggressively given the facts, and I'm sorry you believe that an Ensim system can be secure, without actually uninstalling Ensim itself. However, that's none of my business. Contact me if you'd like for me to example some of the reasons I made my comments in this thread about, and we can offer each other access. Really.
    Robert McGregor
    URL: http://www.2host.com
    Email: robertm@(nospam)2host.com
      0 Not allowed!

  11. #36
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    Originally posted by Vline
    But really guys you are bad mouthing ensim saying it cant be secure and a load of other rubbish..
    [/B]
    Take a look at the software required by ensim.. Redhat 7.2... We've been here, the software is antiquated, the kernel is old, there's MORE bugs in Ensim than I can pull out my tail (not to mention the fact it's based on years old software).
    Originally posted by Vline
    its a cheap service yes
    [/B]
    Too cheap for what you're offering, entirely too cheap. Take it from someone with experience in the field, you can NOT do a correct audit on a server for such a low price.. In addition, more than one of your lies has been pointed out (You'll know for SuRe if you've been hacked or not.. imposible).

    Originally posted by Vline
    its worth the money to hosting companys new to the industry who dont know much about unix or security yes.
    [/B]
    No, it's not worth a new company getting ripped off, which is EXACTLY what your offer reeks of.
    Originally posted by Vline
    I have just for the record I have my mcsa , ccna and rhce , I have worked for Iomega as a Linux consultant and am currently also working in I.T in consulting earning 32 000 a year for a 3 day week.
    [/B]
    PROVE IT
    << edited to remove someone else's sig.. oops>>
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons
      0 Not allowed!

  12. #37
    Join Date
    Oct 2002
    Location
    Dublin
    Posts
    17
    Uh huh. Okay, I'll give you 20 hours with an account on my server, for 2 minutes with an account on your server. We can test each other's security. Sound fair?



    Is that offer open to us all? Sure locally is no fun how about remotely ?
      0 Not allowed!

  13. #38
    Uh huh. Okay, I'll give you 20 hours with an account on my server, for 2 minutes with an account on your server. We can test each other's security. Sound fair?
    sorry we dont open our servers up to just anyone.


    If you rely on RPM's to do everything for you, you might not be so well off.
    That was my point, hence the "" and the sarcasm.


    If you say so. I'm sorry you would rather just support someone that makes poor choices and defend them so aggressively given the facts
    I wasnt defending him, i was stating that they provide a good deal for $25 for new comers.

    and I'm sorry you believe that an Ensim system can be secure, without actually uninstalling Ensim itself.
    Ensim is simply an addon, providing you have the correct implementation of the latest packages you can be about as secure as any other linux box with a web based control panel.

    I do agree ensim is anything but secure when it is first installed though.
    http://www.STX-Hosting.com
    .:: Professional Web-Hosting ::.
    .:: Top Dedicated Support !!! ::.
    .:: MSN@STX-Hosting.com ::.
      0 Not allowed!

  14. #39
    [QUOTE]Originally posted by Vline
    [B]
    Originally posted by 2host.com


    Uh huh. Okay, I'll give you 20 hours with an account on my server, for 2 minutes with an account on your server. We can test each other's security. Sound fair?



    will you give me that offer ?
    Yes, definitely. Email me. I'll give you a FAX number and you give me one in return. I'm not joking about this and I don't want to be sued or be accused of something, so we'll put it in writing with permission for the set duration. Surely if you are into security you realize this protocol. I await your contact information.
    Robert McGregor
    URL: http://www.2host.com
    Email: robertm@(nospam)2host.com
      0 Not allowed!

  15. #40
    I wouldnt mind seeing the outcome of this little trade... results could be bad for both sides of this deal.
    http://www.STX-Hosting.com
    .:: Professional Web-Hosting ::.
    .:: Top Dedicated Support !!! ::.
    .:: MSN@STX-Hosting.com ::.
      0 Not allowed!

  16. #41
    Originally posted by STX-Hosting
    sorry we dont open our servers up to just anyone.
    But, but, but I'm not just anyone. :-)


    That was my point, hence the "" and the sarcasm.
    Right, I got it. But you were indicating that it's just a simple matter of upgrading RPM's.

    I wasnt defending him, i was stating that they provide a good deal for $25 for new comers.
    Okay, fair enough. It just seemed to me that you came into say that "yes, Ensim is secure, as long as you know what you're doing". Well, I do, and I know it's not. As for the value for the money, $25 isn't much, so it's difficult to say that near any service would not be worth it.

    I don't find any value in it, but if someone doesn't know the most basic things, it might be worth something. Yet at the same time, they shouldn't be calling themselves a host and have no business running a host if they truly know that little, in my opinion. Regardless, this individual is claiming people will be secure from this service, which is grossly inaccurate and untrue.

    Ensim is simply an addon, providing you have the correct implementation of the latest packages you can be about as secure as any other linux box with a web based control panel.
    I don't agree with that. There are more secure alternatives and Ensim is more than an add-on, since it limits you and the only way to get around the limits to properly secure the system is to uninstall it. Otherwise you can not configure and upgrade things to have a properly configured system, as Ensim will break. So it's either Enism and insecure or it's removing it. Using is means just that, it's not secure (as as secure as it can be). This was my point, it is a fact.

    I do agree ensim is anything but secure when it is first installed though.
    And until it's removed, it remains insecure.

    PS: Is there a reason why you type almost exactly the same as Vline? (No accusations, just curious).
    Robert McGregor
    URL: http://www.2host.com
    Email: robertm@(nospam)2host.com
      0 Not allowed!

  17. #42
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    yeah,but it's easy to rig somethin like that, quite so. not on 2host's part,but on the other person's.
    "Quick, eeryone go in and make sure his site is secure, secure it so we look good".
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons
      0 Not allowed!

  18. #43
    Originally posted by STX-Hosting
    I wouldnt mind seeing the outcome of this little trade... results could be bad for both sides of this deal.
    Sure, anything's possible. However, let's just say that I'm not worried at all about it. (No arrogance intended).
    Robert McGregor
    URL: http://www.2host.com
    Email: robertm@(nospam)2host.com
      0 Not allowed!

  19. #44
    "PS: Is there a reason why you type almost exactly the same as Vline? (No accusations, just curious)."

    LOL. I can tell you now we're not the same person.
    I didnt even know that Vline was one of theboxnetwork admins until I read this thread.

    Although I am also from Ireland so perhaps its the way we are taught to type over here ?
    http://www.STX-Hosting.com
    .:: Professional Web-Hosting ::.
    .:: Top Dedicated Support !!! ::.
    .:: MSN@STX-Hosting.com ::.
      0 Not allowed!

  20. #45
    Originally posted by STX-Hosting
    "PS: Is there a reason why you type almost exactly the same as Vline? (No accusations, just curious)."

    LOL. I can tell you now we're not the same person.
    I didnt even know that Vline was one of theboxnetwork admins until I read this thread.

    Although I am also from Ireland so perhaps its the way we are taught to type over here ? :eek:
    Yeah, I noticed that you are both from the same place. Perhaps that's it. Again, it wasn't mean to accuse you of anything, I just should have worded it better.
    Robert McGregor
    URL: http://www.2host.com
    Email: robertm@(nospam)2host.com
      0 Not allowed!

  21. #46
    Join Date
    Oct 2002
    Location
    Maryland
    Posts
    89
    Originally posted by Vline
    Uh huh. Okay, I'll give you 20 hours with an account on my server, for 2 minutes with an account on your server. We can test each other's security. Sound fair?



    Is that offer open to us all? Sure locally is no fun how about remotely ?
    I will go for that, let me set up a server and you set up a server.

    Now be sure to setup the server with what you would give me for $25 a month, also let me know what OS, etc you are setting up I will do the exact same install except possibly a different firewall depending on what you are using. I dont use garbage firewalls...

    BTW in your earlier post you mentioned making $32k a year for a short work week.. man no wonder you charge $25 a hour or you live in a really cheap part of the country.
      0 Not allowed!

  22. #47
    Originally posted by Just_Kp


    I will go for that, let me set up a server and you set up a server.

    Now be sure to setup the server with what you would give me for $25 a month, also let me know what OS, etc you are setting up I will do the exact same install except possibly a different firewall depending on what you are using. I dont use garbage firewalls...
    No, no. No setting up servers. My deal with him anyway, would be to get my dirty paws on his server he runs his business from. Something he should have and claims is secure. There shouldn't need to be any protective or special set ups. As it is now, I test. The same for him on my server. I don't do anything special or different. We take 'em as we get 'em. It's the only accurate way to test and example the problems or not.
    Robert McGregor
    URL: http://www.2host.com
    Email: robertm@(nospam)2host.com
      0 Not allowed!

  23. #48
    Greetings:

    "You are definetly getting your $25 per month with this package."

    That states a lot ;-)

    The same could be true for hiring the paint ball gun person for $25 per month to hold off terrorists. You are definately getting your $25 per month for that service ;-)

    Thank you.
      0 Not allowed!

  24. #49
    Join Date
    Jan 2002
    Location
    SoCal
    Posts
    71
    Vline,

    The problem people are having is that your offering services and making promises which are not possible. If you want to provide entry level security for new hosts and charge an entry level fee ($25), go for it. There are a lot of people here who could use that. BUT, don't oversell yourself with something you can't deliver. You'll get the same response the "unlimited" webhost providers get.
      0 Not allowed!

  25. #50
    agreed. we dont object to your service, we object to the false and uneducated claims you have made and felt obligated to point them so the potential clients would know exactly what they are (and are not) getting.

    ive done some security work and ill tell you this: i have never ever guaranteed anyone that their server has not been previously compromised unless i just did a clean OS install from trusted media. in security there are no guarantees, only probabilities. granted, under certain conditions the probabilities are such that you can guarantee certain things without taking too much risk, but nothing that you advertised gets the probabilties anywhere near that.

    with that said, your service is needed and with a proper/accurate description of it, you should be rather successful.

    good luck,
    paul
    * Rusko Enterprises LLC - Upgrade to 100% uptime today!
    * Premium NYC collocation and custom dedicated servers
    call 1-877-MY-RUSKO or paul [at] rusko.us

    dedicated servers, collocation, load balanced and high availability clusters
      0 Not allowed!

Page 2 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •