

Reviewing host companies - Which one is more secure? - j_lagof
http://fseek.me/2010/09/reviewing-host-companies-which-one-is-more-secure/

======
j_lagof
Hint: Rackspace lost badly (21% of the sites they hosted got blacklisted in
the last 90 days). Netsol won with only 1% of sites blacklisted...

~~~
thaumaturgy
The vast majority of websites that are inadvertently serving malware have been
compromised through the website itself, which can happen totally independently
of the web server software or the host.

About the best the host can do is have a reasonable IP blacklist, but even
that doesn't stop nearly enough attackers. (My little mail server, hosting
only around a dozen accounts, is currently averaging 14 new SSH bans per day
for example.)

The only thing that a "secure" host guarantees is that a compromised website
can not lead to a compromised server; attempting to measure that by checking
the number of malware-hosting websites at a service provider is the wrong way
to go about it.

All that said, if you want a "secure" host without spending a lot of money,
your best compromise would be an OpenBSD VPS, and then either spend a lot of
time learning how to set it up correctly (and maintain it), or have someone do
it for you.

Having NetSol and GoDaddy on a list of potentially "secure" hosts is
hilarious.

edit: I'd recommend checking the Sucuri Blog (<http://blog.sucuri.net/>) for
an idea of who's been compromised and how they've responded. Sucuri's pretty
good at keeping track of all this stuff.

~~~
sucuri2
I kinda agree with you, but when you see 21% at Rackspace, it shows that
something odd is going on there (taking out hosting-specific attacks, the %
should be the same everywhere).

~~~
thaumaturgy
Heh! I just added a link to your blog as a recommendation, before seeing your
reply.

My guess is that more of the stuff at Rackspace is being admin'd by customers
who don't know what they're doing, versus the managed shared hosting at other
places.

