 |
|
|
|
Next: Getting domain name from a squatter
|
| Author |
Message |
External
Since: Aug 16, 2006
Posts: 7
|
(Msg. 16) Posted: Sat Aug 19, 2006 4:23 am
Post subject: Re: I don't trust my hosting company [Login to view extended thread Info.]
Archived from groups: alt>www>webmaster (more info?)
|
|
|
OK, I am guilty, I should have asked permission from Microsoft(R) first
before I included the KB articles on how to deal with Windows 98 SE
shutdown problem into our Construction Site Operation Menu. I did
mention Microsoft(R) in that four pages because that four pages are
screen capture of the website. Although I did not steal the credit, I
regret I didn't respect intellectual property right of Microsoft(R) and
I will rewrite the article using my own wording to replace that four KB
pages. Finally I will find a way (I am not a technical guy, I type
with two fingers and read For Dummy series) to remove those 4 pages
from the PDF and insert back my new article into the right place of it.
And I promise I will not infringe any copyright related stuff for the
rest of my life. OK?
Please get back to the problem:
We use the web space to host internal files. Beside that operation
menu, we upload our blue prints, customer contacts, building exterior
design, house interior design, meeting records, phone records and most
office document. So that employees at different construction sites can
access to those material when they need it. The site is not open to
the public, the homepage is a login page protected by a .htaccess file
no high tech intro, no welcome message, just user: and pw: two fields.
The operation menu only trigger me to realize that people from hosting
company search through you files so attentive even a password protected
PDF named Cons_Site_Menu.pdf look suspicious? If they have look into
that menu, I assume they have read through all our customer profile,
our current projects, our future projects. Those are not big secret,
but it is uneasy to imagine that a nightshift staff using Acdsee to
browse through our 2000 interior designs we made from the pass ten
years.
The TOS is a standard one that state no copyright stuff, porn, drug,
political.....etc. Other sites hosted by the same company have sexy
but not nude site, Bulletin sites with thousand of BT links or crack or
serial. I really don't think my four pages KB articles is their
concern. And I don't find any statement that give them the right to
look into my files.
So I still have a 12 months to go.
How can I protect my company data privacy from the hosting company and
at the same time can upload and access our files easily?
Is there any encrytion program that encryt file before upload and
decrypt file after download? In a transparent, auto, background way?
Once again, my question is:
/***How can I protect my company data's privacy from the hosting
company and at the same time can upload and access our files
easily?***/
Please do not ask me to change to a better hosting company, this one I
am using has the fastest transfer rate, ulimited storage and bandwidth.
And don't critcize my English because you feel like typing something
but don't have a suggestion to give.
PDF(R). is a registered trademark of Adobe Systems, Inc. Microsoft(R).
is a registered trademark of Microsoft Corporation. Google Group(TM).
is a registered trademark of Google(R), Inc. All other product names
mentioned herein are the trademarks of their respective owners. not
mine. |
|
| Back to top |
|
 | |
External
Since: Jan 18, 2006
Posts: 18
|
(Msg. 17) Posted: Sat Aug 19, 2006 8:19 am
Post subject: Re: I don't trust my hosting company [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Jerry Stuckle wrote:
> The bottom line is - don't store private/sensitive data on someone
> else's server. Get your own server, a fast internet connection and a
> locked room to keep it in (or a data center which allows you physical
> access to manage your server - and lock it down).
I would disagree that getting your own server is any more secure than a
shared environement. The reason is a shared environment is used by
hundreds of sites so admins are much more on their toes to keeping
things updated and secure. If you have yuor own server, chances are it
is not going to be given nearly the same priority as teh shared server
.. A shared server could generate thousands of dollars of month in
income for a web host compared so just $100 for a dedicated server.
Obviously they are going to do more to ensure the shared sytem is more
secure and patches up to date.
also on a shared environemtn, you get the advantage of security by
obscurity. nobody is going to snoop through the nearly 1000 domains on
each server to see if there is anything of value to hack.
I do agree that encryption is good, but even if the key is not stored
on your server, a hacker just needs to insert a few lines of code into
your scripts to print out what the key is when a user accesses it. |
|
| Back to top |
|
| |
External
Since: Jul 14, 2003
Posts: 1188
|
(Msg. 18) Posted: Sat Aug 19, 2006 9:09 am
Post subject: Re: I don't trust my hosting company [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
hkcat1 DeleteThis @gmail.com wrote:
> OK, I am guilty, I should have asked permission from Microsoft(R) first
> before I included the KB articles on how to deal with Windows 98 SE
> shutdown problem into our Construction Site Operation Menu. I did
> mention Microsoft(R) in that four pages because that four pages are
> screen capture of the website. Although I did not steal the credit, I
> regret I didn't respect intellectual property right of Microsoft(R) and
> I will rewrite the article using my own wording to replace that four KB
> pages. Finally I will find a way (I am not a technical guy, I type
> with two fingers and read For Dummy series) to remove those 4 pages
> from the PDF and insert back my new article into the right place of it.
> And I promise I will not infringe any copyright related stuff for the
> rest of my life. OK?
>
> Please get back to the problem:
>
> We use the web space to host internal files. Beside that operation
> menu, we upload our blue prints, customer contacts, building exterior
> design, house interior design, meeting records, phone records and most
> office document. So that employees at different construction sites can
> access to those material when they need it. The site is not open to
> the public, the homepage is a login page protected by a .htaccess file
> no high tech intro, no welcome message, just user: and pw: two fields.
>
> The operation menu only trigger me to realize that people from hosting
> company search through you files so attentive even a password protected
> PDF named Cons_Site_Menu.pdf look suspicious? If they have look into
> that menu, I assume they have read through all our customer profile,
> our current projects, our future projects. Those are not big secret,
> but it is uneasy to imagine that a nightshift staff using Acdsee to
> browse through our 2000 interior designs we made from the pass ten
> years.
>
> The TOS is a standard one that state no copyright stuff, porn, drug,
> political.....etc. Other sites hosted by the same company have sexy
> but not nude site, Bulletin sites with thousand of BT links or crack or
> serial. I really don't think my four pages KB articles is their
> concern. And I don't find any statement that give them the right to
> look into my files.
>
> So I still have a 12 months to go.
> How can I protect my company data privacy from the hosting company and
> at the same time can upload and access our files easily?
>
>
> Is there any encrytion program that encryt file before upload and
> decrypt file after download? In a transparent, auto, background way?
>
> Once again, my question is:
> /***How can I protect my company data's privacy from the hosting
> company and at the same time can upload and access our files
> easily?***/
>
> Please do not ask me to change to a better hosting company, this one I
> am using has the fastest transfer rate, ulimited storage and bandwidth.
>
> And don't critcize my English because you feel like typing something
> but don't have a suggestion to give.
>
>
> PDF(R). is a registered trademark of Adobe Systems, Inc. Microsoft(R).
> is a registered trademark of Microsoft Corporation. Google Group(TM).
> is a registered trademark of Google(R), Inc. All other product names
> mentioned herein are the trademarks of their respective owners. not
> mine.
>
The bottom line is - it is their system and they have whatever access
they want to it. Additionally, other sites on the server may be able to
access your information on a shared host.
The bottom line is - don't store private/sensitive data on someone
else's server. Get your own server, a fast internet connection and a
locked room to keep it in (or a data center which allows you physical
access to manage your server - and lock it down).
If you want to store private or sensitive information on someone else's
server, encrypt it and don't store the key on the server.
And no, there are no programs which will do your encryption/decryption
transparently, AFAIK.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex DeleteThis @attglobal.net
================== >> Stay informed about: I don't trust my hosting company |
|
| Back to top |
|
| |
External
Since: Jul 14, 2003
Posts: 1188
|
(Msg. 19) Posted: Sat Aug 19, 2006 1:52 pm
Post subject: Re: I don't trust my hosting company [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
veg_all.DeleteThis@yahoo.com wrote:
> Jerry Stuckle wrote:
>
>>The bottom line is - don't store private/sensitive data on someone
>>else's server. Get your own server, a fast internet connection and a
>>locked room to keep it in (or a data center which allows you physical
>>access to manage your server - and lock it down).
>
>
> I would disagree that getting your own server is any more secure than a
> shared environement. The reason is a shared environment is used by
> hundreds of sites so admins are much more on their toes to keeping
> things updated and secure. If you have yuor own server, chances are it
> is not going to be given nearly the same priority as teh shared server
> . A shared server could generate thousands of dollars of month in
> income for a web host compared so just $100 for a dedicated server.
> Obviously they are going to do more to ensure the shared sytem is more
> secure and patches up to date.
>
Definitely more secure. You can have total control over access to the
files on the computer. You can set it up so that no one other than you
can access the server.
On a shared server there are always admins who can access the server -
and every single file on the server.
And no, they are not going to manage the server. It is your server, and
you manage it. It's the only way you can be secure.
> also on a shared environemtn, you get the advantage of security by
> obscurity. nobody is going to snoop through the nearly 1000 domains on
> each server to see if there is anything of value to hack.
>
It wouldn't take much for me to access your web site, if we were on the
same server. And security by obscurity is none at all.
And I would NEVER host with someone who put 1,000 sites on the same server!
> I do agree that encryption is good, but even if the key is not stored
> on your server, a hacker just needs to insert a few lines of code into
> your scripts to print out what the key is when a user accesses it.
>
Not if he can't access your server, he can't.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex.DeleteThis@attglobal.net
================== >> Stay informed about: I don't trust my hosting company |
|
| Back to top |
|
| |
External
Since: Sep 19, 2003
Posts: 3499
|
(Msg. 20) Posted: Sat Aug 19, 2006 9:32 pm
Post subject: Re: I don't trust my hosting company [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Fleeing from the madness of the jungle
Jerry Stuckle <jstucklex.TakeThisOut@attglobal.net> stumbled into
news:alt.www.webmaster
and said:
>>
>
> It wouldn't take much for me to access your web site, if we were on the
> same server.
Not wishing to start a religious ding ding, but I think you'll find that
is more generally true in a *n*x environment than windows. Before anyone
feels the need to get up on their hind legs and paw the air, let me make
it clear that either type of o/s can be made insecure internally - just
apply the correct level of clueless admin, rinse & repeat.
>
> And I would NEVER host with someone who put 1,000 sites on the same
> server!
Why not? Of course, 1000 busy sites could be an issue, but a random
selection of 1000 domains is unlikely to stress even the most gutless box.
--
William Tasso
http://williamtasso.com/words/what-is-usenet.asp >> Stay informed about: I don't trust my hosting company |
|
| Back to top |
|
| |
External
Since: Jul 14, 2003
Posts: 1188
|
(Msg. 21) Posted: Sat Aug 19, 2006 10:19 pm
Post subject: Re: I don't trust my hosting company [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
William Tasso wrote:
> Fleeing from the madness of the jungle
> Jerry Stuckle <jstucklex.RemoveThis@attglobal.net> stumbled into
> news:alt.www.webmaster
> and said:
>
>>>
>>
>> It wouldn't take much for me to access your web site, if we were on
>> the same server.
>
>
> Not wishing to start a religious ding ding, but I think you'll find
> that is more generally true in a *n*x environment than windows. Before
> anyone feels the need to get up on their hind legs and paw the air, let
> me make it clear that either type of o/s can be made insecure
> internally - just apply the correct level of clueless admin, rinse &
> repeat.
>
The problem is, William, that there is one Apache server listening on
Port 80 of that particular IP address. It has one userid.
That means that if you and I were on the same server, both of us would
be running under the same Apache user id. So I can access any of your
files, because there is only one Apache. And it isn't hard for me to
list directories in PHP, for instance.
>>
>> And I would NEVER host with someone who put 1,000 sites on the same
>> server!
>
>
> Why not? Of course, 1000 busy sites could be an issue, but a random
> selection of 1000 domains is unlikely to stress even the most gutless box.
>
I wouldn't want to be within 50 Gb of a host who would put that many
sites on one server. Sure, Apache could handle that many mostly idle
sites. But how many websites can you predict will be low traffic? And
what happens if a couple of those had spikes in their traffic - say due
to an advertising pitch.
IMHO you're playing with customers to place that many on a single server.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex.RemoveThis@attglobal.net
================== >> Stay informed about: I don't trust my hosting company |
|
| Back to top |
|
| |
External
Since: Sep 19, 2003
Posts: 3499
|
(Msg. 22) Posted: Sun Aug 20, 2006 6:22 am
Post subject: Re: I don't trust my hosting company [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Fleeing from the madness of the jungle
Jerry Stuckle <jstucklex DeleteThis @attglobal.net> stumbled into
news:alt.www.webmaster
and said:
> William Tasso wrote:
>> Fleeing from the madness of the jungle
>> Jerry Stuckle <jstucklex DeleteThis @attglobal.net> stumbled into
>> news:alt.www.webmaster
>> and said:
>>
>>>>
>>>
>>> It wouldn't take much for me to access your web site, if we were on
>>> the same server.
>> Not wishing to start a religious ding ding, but I think you'll find
>> that is more generally true in a *n*x environment than windows.
>> Before anyone feels the need to get up on their hind legs and paw the
>> air, let me make it clear that either type of o/s can be made insecure
>> internally - just apply the correct level of clueless admin, rinse &
>> repeat.
>>
>
> The problem is, William, that there is one Apache server listening on
> Port 80 of that particular IP address. It has one userid.
I am familiar the issues and frankly astonished that a server which is so
easy to secure from the outside is so open on the inside.
> That means that if you and I were on the same server, both of us would
> be running under the same Apache user id. So I can access any of your
> files, because there is only one Apache. And it isn't hard for me to
> list directories in PHP, for instance.
Oh yes, I know. There's a directive in PHP which prevents that (if set)
but the hole is still open in other languages.
>>> And I would NEVER host with someone who put 1,000 sites on the same
>>> server!
>> Why not? Of course, 1000 busy sites could be an issue, but a random
>> selection of 1000 domains is unlikely to stress even the most gutless
>> box.
>
> I wouldn't want to be within 50 Gb of a host who would put that many
> sites on one server. Sure, Apache could handle that many mostly idle
> sites. But how many websites can you predict will be low traffic? And
> what happens if a couple of those had spikes in their traffic - say due
> to an advertising pitch.
Spikes in traffic potentially affect any other site on the same feed.
Moreover, internal process/traffic can have a similar effect. I've just
implemented a private network for one customer with six servers - their
inter-process (across servers) traffic was considerably greater than their
external traffic (poorly optimised db calls I suspect) and was affecting
all other customers sites on the same feed - increasing ping times to over
80ms (from here).
> IMHO you're playing with customers to place that many on a single server.
In practice I share your opinion, but I know[*] there are many servers
containing more sites than that.
[*] Well you can't actually /know/ - they could all be proxied from the
same apache (or similar).
--
William Tasso
http://williamtasso.com/words/what-is-usenet.asp >> Stay informed about: I don't trust my hosting company |
|
| Back to top |
|
| |
| Related Topics: | Web Hosting Company - Has anyone heard of this company before? Are they any good? Price looks really cheap. http://www.qualityhostonline.com/hosting.htm
Please help me help my web hosting company - I have problem with my email since July 12 and people in my hosting company are not helping me (a satisfied customer for over 2 years) at all. I used my GMail account to send an email to my account and got the following in my GMail inbox . Please let....
hosting company - I am posting this to sing praise to a hosting company ive recently singed up with through chicagolandhosting.com, Their customer service and proffessionalism was a breath of fresh air compared with my prior experiences with web hosting companies. I highl...
hosting company that do DNS properly? - Can anybody recommend a web hosting company that will look after DNS for us properly? We host our website with 1and1 in the UK and have just moved office, they are refusing to change the A record for our primary MX (mail.amtleasing.co.uk). They created....
Hosting Company Next Generation Hosting ...anybody? - Hi, I wanted to check if anybody has experience with the company New Generation Hosting? I thought try again since I have not yet had any reply on my previous post ( I know I am very impatient. :-). Any help appreciated Thanks Deidre |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Profile
Private Messages
Log in
