damn hackers – a response to the Network Solutions server hack
Tags: even big companies get it wrong, problem response, using NSNA
Why don’t you guys provide FTP access like all the other hosting companies? Why is your hosting more expensive than…?
We get asked these question and ones like it all the time. And the simple fact is that hosting appears to be a commodity until you have a problem. Recently one of the Industry giants was attacked by a virus infecting thousands of WordPress Blogs. Then re-attacked infecting several other open source applications like Joomla and simple HTML sites. According to Eddie Schwartz, chief security officer with NetWitness, hacks like that of [Network Solutions] are all too common. “We see these sorts of attacks – they are basically a very common occurrence. The fact is that there’s a vibrant community of people downloading COTS [commercial off-the-shelf] versions of Zeus and other malware kits, looking for legitimate Websites where they can install iFrame exploits.”
Whether the first and second attacks are related is not clear and information from Network Solutions is not forthcoming for fear of helping the perpetrators. And attacks like these can also cause issues with hosted email system due to “irregular network traffic” according to Network Solutions Twitter feed. Read more about server hacks on Network Solutions.
At Net Solutions North America, LLC we made the decision 6 years ago to build our own proprietary closed system application rather than build websites using one of the many open source applications. Open source means that anyone can get the entire source code of the application for free. Having access to the line by line code of an application is like gold to a hacker wishing to infect a large quantity of sites. WordPress blog is one of the most popular open source applications being commonly used today. In fact, we recommend it to our clients who need and want a blog application.
But we do something that few hosting companies do. We restrict access whenever possible. We place similar products on different servers so that we can identify problems and isolate issues faster. We use both Linux and Windows servers and have various functions and required applications segregated to help insulate a single site attack from infecting others on the same server. We operate our database application for our products on different servers from the applications. We separate our mail server from our applications servers. We have separate servers for our email marketing applications. All this means a significant increase in infrastructure costs and in management costs and systems to manage and maintain all of these servers. But what it also means is a much more secure hosting environment and lower likelihood that a successful attack of one server will spread to other servers.
Because we have had sites that have been successfully attacked in the past, and because we know that our sites are under constant attack we have implemented a number of security functions that some of our users do not like – i.e. locking admin functions after a number of wrong attempts. We will continue to do whatever is feasible to protect our client’s information and the security of their site. Rest assured we understand that there is a fine line between being annoying and providing the security our customers need.
So if you read that Net Solutions sites have been hacked or our systems and applications have been compromised, please make sure that you understand that they are not likely referring to us, but our much larger similar namesake hosting providers using open source applications and advertising low price hosting. But when it comes to hosting, it is hard to tell the difference until your site has been hacked and you are desperate to retrieve your data and minimize disruption to your website, blogs, and email.
