Results 1 to 22 of 22
  1. #1
    Join Date
    Feb 2008
    Location
    Philippines
    Posts
    6

    Initial Security: LiquidWeb, WiredTree or Knownhost?

    I'm with LiquidWeb for more than a year now and all I can say is THUMBS UP for them.

    I'm currently looking for a new VPS and my choices are down to four: LiquidWeb, WiredTree, Knownhost and ServInt. Budget is $50/month and will be use only for my own sites.

    Considering that I don't know how to configure and manage my VPS and don't have the time to do it, those four fully-managed hosts are good for me but my other concerns are:

    • Initial Security Upon Purchase
      This is the most important to me since I don't know the INs and OUTs of a host.
      1. LiquidWeb has its ServerSecure but I think what's been outlined on their page were not implemented 100%. For example, it's stated there that: "Ensures all Operating system components are functional and up-to-date" however my current is Cent OS 4.7 and the latest is 5. I've change my root password, could it be the cause my OS haven't updated? Also stated is "Backup Configuration"but upon first logging in to WHM, it's blank so it took me some time on what to put there.
      2. WiredTree has it ServerShield plus the Advanced Firewall (CSF) plus PHP SuHosin - I think WiredTree is the winner for security if what's put on their ServerShield will be 100% implemented.
      3. KnownHost and ServInt - never find what security configs included during setup.
    • Support and Support and Support
      I hear good reviews for all of them, but for me the best is LiquidWeb, of course I'm with them now that's why I say so. Have recently read support problem at WiredTree.
    • Automatic cpanel/WHM/OS/Applications Updates
      1. LiquidWeb: I see updates on my cPanel/WHM but my current OS is Cent OS 4.7 while they already release version 5. Could it be that I've changed my root pass?
      2. WiredTree - have mentioned on their page to provide updates.
      3. KnownHost & ServInt - can't find where... ???
    • Proactive Monitoring
      1. LiquidWeb, WiredTree and ServInt has YES
      2. KnownHost - can't find where they mentioned it.

    I'm going toward WiredTree but the current "downhill thread" worries me a little. LiquidWeb is great as of my experienced but I think it's better to have another company for another VPS, isn't it?

    Your recommendations are greatly appreciated.

  2. #2
    Join Date
    Sep 2006
    Posts
    69
    Just want to put my two cents in here. I recently moved to wired tree and servint. I performed a PCI scan on both of them and Wiredtree server literally passed first scan with flying colors.

    To me that means they meet some high security standards.

    Servint had a few issues I am still working on.

  3. #3
    Join Date
    May 2004
    Location
    /bin/sh
    Posts
    815
    Centos 4 to 5 will need a reinstall. Sure, you can do it without a reinstall, but I dont think a hosting company would do that for you on a live vps.

    About your cpanel being up to date , cpanel runs it itself every night.. I suppose that how your cpanel is latest, but not your OS.

    There is more to security than just csf and susohin, every user and application is dealt with differently.

    Also I dont think a VPS can be PCI compliant not matter what you do...

  4. #4
    Join Date
    Mar 2009
    Location
    /usr/bin/perl
    Posts
    971
    Quote Originally Posted by linuxissues View Post
    Centos 4 to 5 will need a reinstall. Sure, you can do it without a reinstall, but I dont think a hosting company would do that for you on a live vps.
    Uh . . . Binary updates FTW?

  5. #5
    Join Date
    Sep 2006
    Posts
    69
    Quote Originally Posted by linuxissues View Post
    Also I dont think a VPS can be PCI compliant not matter what you do...
    Care to explain?

  6. #6
    Join Date
    Jun 2004
    Location
    Louisiana
    Posts
    8
    Getwebhost I was facing your issue about 10 months ago. I chose wiredtree due to a special they were running. I have had my share of tickets and most are handled within about 5-15 minutes. I submitted a low priority ticket yesterday and they were replying and asking me further questions within 30 minutes so must have been on it much sooner than that. I also had to use phone support a couple months ago due to be out of town and one of our sites being attacked. They were great. Handled the issue, kept me advised and even phoned me to let me know about it. If their service has gone down I can't even imagine how good it was before!

    As to upgrading the OS I think you just have to ask. Not everyone wants to upgrade so they probably won't do it without your asking.

  7. #7
    Join Date
    Feb 2008
    Location
    Philippines
    Posts
    6
    Thanks for the response guys.

    @bigdessert
    Good to know you mentioned it, though I don't know much about it, because I have also an eCommerce site.

    Btw, the "wiredtree thread" has no more updates now, maybe they have resolved it already?

    Also, maybe KnownHost and ServInt staff here could share their thoughts

  8. #8
    Join Date
    Jun 2009
    Location
    Arlington, VA
    Posts
    33
    My thoughts are that all of the above hosts are fantastic providers.

    We consider them friends and colleagues as well as competitors.

    Every individual will have different reasons for choosing a provider, whether it's support track record, data center location, or the myriad of other factors one has to take into consideration.

    That being said, I'm pretty confident we could own them all at Modern Warfare 2. ;-)

    ServInt's $0.02.
    Eric Morales
    Business Communications Manager
    ServInt | Like us on Facebook!
    Managed Hosting Made Better

  9. #9
    Join Date
    Jan 2006
    Posts
    1,922
    Quote Originally Posted by GetWebHost View Post
    Thanks for the response guys.

    @bigdessert
    Good to know you mentioned it, though I don't know much about it, because I have also an eCommerce site.

    Btw, the "wiredtree thread" has no more updates now, maybe they have resolved it already?

    Also, maybe KnownHost and ServInt staff here could share their thoughts
    We take a different approach and we secure the VPS per the customer's needs/requirements. We do various things by default you can discuss with our Sales team but we aren't going to force a customer and/or install by default things that may affect performance/resource usage unless the specific customer finds it necessary. We have many clients who we do PCI Compliancy work for and we have others who would be very unhappy if we forced such things on them. It all depends on the specific customer and what they want. We have some who ask for the things I listed below and of course we do that for them at no cost. Some want more and we do that too. So in short, we do what the customer wants as the needs of VPS's users differs for many.

    (1) install and enable rootkit hunter
    (2) chk root kit, please enable daily email report to my email account –
    (3) log watch, please enable daily email report to my email account -
    (4) mod_security
    (5) install and enable suphp
    (6) hardening /tmp and /var/tmp by remove execution bit, if not done yet
    (7) change ssh port to 31997
    (8) add a user ******, could you please assign a password and let me know
    (9) enable user ****** to execute "su to root"
    (10) disallow remote ssh login to root
    (11) disable telnet
    (12) restrict ssh to "ssh v2" only (i.e. disable "ssh v1", etc.)
    Last edited by KnownHost; 11-12-2009 at 01:48 PM.
    KnownHost Managed VPS Specialists
    Toll Free: (866)-332-9894
    Fully Managed VPS, Wordpress, Cloud Servers, and Dedicated Servers

  10. #10
    Join Date
    Jun 2009
    Location
    Arlington, VA
    Posts
    33
    Similar to Knownhost's policies, when you purchase one of our VPS Products, it is secure at the Base OS level.

    Because many of our clients simply do not require firewall software or other security hardening measures, they do not come preinstalled in our standard configurations.

    However, we will be happy to install software firewall options such as IP Tables, APF, and setup TCP_Wrappers (/etc/hosts.allow) for added security to specific services at no additional charge. Simply provide us with a link to download the software and any necessary licensing information and we will be happy to install almost any third-party software package. Users, however, are responsible for then configuring the software or firewall they choose to have installed.

    With all that being said, fundamentally, common sense is the best approach. Every single thing someone does to our VPS after it is turned up can do something to compromise security, that's why we have such good support.

    So, our VPSs are VERY secure; as long as the customer cares to keep it that way.
    Eric Morales
    Business Communications Manager
    ServInt | Like us on Facebook!
    Managed Hosting Made Better

  11. #11
    Join Date
    Feb 2008
    Location
    Philippines
    Posts
    6
    I wish a WiredTree staff will post in this thread too.

  12. #12
    Join Date
    Oct 2004
    Location
    Here @ WHT
    Posts
    1,354
    KnownHost have been good for me for over an year now. I hear ServInt are also great but I have no personal experience with them.
    One Ring to rule them all, One Ring to find them, One Ring to bring them all and in the darkness bind them

  13. #13
    Join Date
    Oct 2003
    Location
    Chicago, IL
    Posts
    657
    I suppose we take somewhat different of an approach. We look at our servers as a complete package - that package include the OS, cPanel, and the other utilities we package and provide pre-installed. Rather than just secure one layer of those, we choose to secure all of them. Sure, maybe not every client wants a firewall, but 99.9%+ do so we pre-install and pre-configure it to work well with cPanel. Sure, maybe not every client cares about PCI compliance, but the security tweaks we perform by default will help the ones that do at no disadvantage to the ones that don't. Maybe not every client needs the anti-spam tools and rules we set up, but most people are very happy with them, and it is easy for us to take them off if a client doesn't run mail on the server. We would rather provide a secure and robust environment out of the gate that works for our clients than a basic configuration which requires our clients (who may not know a great deal about security themselves) to tell us what to do. We have many years in the hosting industry so we have a pretty good idea of what clients request and what they need which enables us to deliver a secure environment. A large benefit of this experience is that we have configured the additional security to be transparent to the client in many ways. Of course, all configurations can always be adapted further to the client's needs so nothing is ever forced on the client it's just more secure by default.
    Zac Cogswell / CEI
    Formerly known as WiredTree Zac

  14. #14
    Join Date
    Feb 2004
    Location
    Sacramento CA
    Posts
    3,513
    Having used/using all of these providers I really haven't run into many security related issues (and yes some clients required PCI compliance). Having said that I think overall I prefer a more proactive approach to security so I generally like Wiredtree's approach better. While I understand both sides of this issue have valid points to make I think generally being safer is better then being sorry.

    Now I don't mean the VPS needs to pass PCI DSS/SOX/VISA/ETC standards but I think a basic level of default security that address the high value targets (Firewall, PHP, etc...) would be a great base.

    The only real issue I have with NOT taking at least SOME additional steps to secure a VPS is that many people just don't know what is out there, what the security risks are and what steps they can (request) to secure against these threats. Yes a good number of your clients will have that knowledge but a number won't and then you can have unsecured VPS's on your node that can have an indirect/direct impact on your secured VPS.

    I think a middle of the road approach is ideal (IHMO) where you have some basics (spam, firewall, php, etc...) which are customized to work with your VPS installs and then a SECURITY section in the user areas which clearly and simply outline the common security risks and the means to protect against them. Customers can then request (automated install?) what they think they need.

    Anyway just my two cents.

  15. #15
    Join Date
    Nov 2009
    Posts
    40
    Just to add my 2 cents, out of all the hosts I've been with over the years, I think WiredTree had the most custom security 'features' pre-configured for me out of the box without me asking for anything specific prior to placing my order. However, that's not to say their servers are perfect either. I personally had to make some other 'tweaks' to my VPS at WiredTree to make them more secure. Yeah, I'm anal as f*ck

    That being said, you shouldn't really take-points off of Servint, Knownhost, and any other provider that doesn't pre-configure their servers by default with a standard set of security features either. For one thing, having the same settings across ALL the vpses on your network can actually make a host more vulnerable to attacks. If a hacker finds a security flaw on one of their machines, he'll be able to use that on pretty much all the other servers on their network that comes with the cookie-cutter settings. Not good!

    Another thing to remember is that LiquidWeb, Servint, and Knownhost offer you a choice between CPanel, Plesk, or no control panel at all, while WiredTree only supports CPanel (at least for now). Typically, if your server doesn't come with a control panel, you won't need as many programs running in the background to mitigate security attacks in the first place. Likewise, if your site doesn't need to be secure, why waste resources scanning your server for threats when you can use your limited resources to run more apps instead? Ok, I admit most people will probably want to secure their server, but I'm sure there are cases where customers don't need it.

    Anyway, I hope this helps, and good luck with your decision!

  16. #16
    Join Date
    Feb 2008
    Location
    Philippines
    Posts
    6
    Quote Originally Posted by Nnyan View Post
    The only real issue I have with NOT taking at least SOME additional steps to secure a VPS is that many people just don't know what is out there, what the security risks are and what steps they can (request) to secure against these threats. Yes a good number of your clients will have that knowledge but a number won't and then you can have unsecured VPS's on your node that can have an indirect/direct impact on your secured VPS.
    I'm one of them, that's why I created this thread

    I think I'll be going with WiredTree.

  17. #17
    Join Date
    Feb 2004
    Location
    USA
    Posts
    1,572
    Quote Originally Posted by GetWebHost View Post
    I'm one of them, that's why I created this thread

    I think I'll be going with WiredTree.
    Great news, keep us updated and maybe do review in a few months

  18. #18
    Join Date
    Oct 2004
    Location
    Here @ WHT
    Posts
    1,354
    Quote Originally Posted by GetWebHost View Post
    I'm one of them, that's why I created this thread

    I think I'll be going with WiredTree.
    Good. Do post your experience here so that it can benefit ALL.
    One Ring to rule them all, One Ring to find them, One Ring to bring them all and in the darkness bind them

  19. #19
    There is no cookie cutter approach to security and end users often have no idea what they will get when asking for a hardened server. Often an end user will request the most secure server possible such as current CIS standards only to find out that their application won't work. Additionally, there are different methods of securing a server. Is it a web facing application or is it a database server sitting behind multiple firewalls, etc. If you look at the CIS standard, there are over 77 different steps that must be taken in one form or another to secure the server.

    The easiest out of the box configuration is to have only enough packages installed for a server to boot, ssh without root access and sudo access for a single user and a firewall that has only port 22 open. The only other item which could make the aforementioned install more secure is not having a publicly addressable IP address which is only accessible over a secure VPN.
    ZZ Servers - Business Hosting, HIPAA and PCI Compliant Hosting Solutions - http://www.zzservers.com
    Xen Virtual Private Servers | Dedicated Servers | Shared Hosting
    Custom configurations, firewall, VPN, load balancers, private networks and more.

  20. #20
    Join Date
    Oct 2004
    Location
    Here @ WHT
    Posts
    1,354
    Quote Originally Posted by sheba59 View Post
    +1 Knownhost. One of our accounts is PCI Compliant and was done by default upon request free of cost with no hiccups.

    TIA
    Who did the PCI Compliance Test - KnownHost?
    One Ring to rule them all, One Ring to find them, One Ring to bring them all and in the darkness bind them

  21. #21
    Quote Originally Posted by sheba59 View Post
    +1 Knownhost. One of our accounts is PCI Compliant and was done by default upon request free of cost with no hiccups.

    TIA
    How do you determine PCI compliance? If it is just the scan, you are not compliant. If you are a category 5 merchant, there are over 200 different items which are required to be PCI compliant. There are fun items such as penetration tests (>$3000), log monitoring, HIDS, IDS, etc, etc..... Are they performing your penetration testing, internal network scans, etc for you for free too? Who is doing the daily review of your system, application and firewall logs?

    If you are going off of a clean scan alone, you are not compliant and risk your business, livelyhood and millions of $$ should there be a breach. The fines alone from MC, Visa, AMEX add up to $1.5M and that is just a start.

    There are many hosts who have jumped on the PCI bandwagon and many "customers" who think they can go with them and be safe. Be careful of the "PCI for free" or PCI compliance for only $50 month deals. No matter how you put it, those deals are truly too good to be true.
    ZZ Servers - Business Hosting, HIPAA and PCI Compliant Hosting Solutions - http://www.zzservers.com
    Xen Virtual Private Servers | Dedicated Servers | Shared Hosting
    Custom configurations, firewall, VPN, load balancers, private networks and more.

  22. #22
    Join Date
    Oct 2009
    Posts
    138
    For Windows, I usually point my clients towards a product called "Shavlik Configure" when they're trying to achieve a level of compliance with various policies. There is probably something similar for Linux, but thus far no one has asked so I have not researched it.

Similar Threads

  1. need some help plz [wiredtree/liquidweb/servin/knownhost]
    By WhereAmIHelp in forum VPS Hosting
    Replies: 2
    Last Post: 05-15-2009, 10:26 AM
  2. Which is better WiredTree or KnownHost?
    By JoyceBabu in forum VPS Hosting
    Replies: 8
    Last Post: 10-06-2008, 06:14 PM
  3. Initial review of Knownhost and Cirtexhosting
    By leeg in forum Web Hosting
    Replies: 8
    Last Post: 02-09-2007, 01:54 AM
  4. Knownhost VPS - initial impressions
    By Badmovies in forum VPS Hosting
    Replies: 11
    Last Post: 12-03-2006, 12:59 PM
  5. KnownHost (Initial Setup)
    By Prodimysterio in forum VPS Hosting
    Replies: 2
    Last Post: 06-13-2006, 11:37 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •