Hacker News new | past | comments | ask | show | jobs | submit login

both ChicagoVPS (for the second time in a year) and Ramnode were hacked a little over a month ago - tons of servers deleted, customer db's dumped online.

I think "sketchy" is a good characterization when a pick of the "best" hosts have severe problems.




CVPS is as sketchy as they come, they have a fan-following of past-users who makes fun of their offering. They got hacked more than once and each time they botched their response to customers.

As someone who have used quite a few servers from LEB over the years, there is no way I am going to put anything serious in most of their offering. There are some exceptions, like Ramnode, BuyVM, but DO pretty much made the choice easy for me. Why bother taking a risk?

1) Cheap price and good offering and service.

2) Now I know they are going to stick around for a while.


> 2) Now I know they are going to stick around for a while.

Remember Slicehost? They might stick around but not in the form that you like especially given that DO are playing the startup game rather than growing organically, building a solid business, and then taking money at a later stage for targeted expansion, like Atlassian and Github.


And Digital Ocean's predecessor Reality Check Network was hacked and all servers wiped. I think Linode was hacked a few months back too.


So, a vulnerability in the control panel used in probably >90% of all lowendbox providers, combined with a specific person applying the exploit to Ramnode, makes them sketchy now? Man, Apple must be the sketchiest company out there now, you know, with the week long downtime for the Dev Center.


I've audited both WHMCS and Solus. I found a half-dozen bugs in minutes of looking at each codebase. I can't express how horrible this software is that 90% of these hosts are running on - they are both an absolute trainwreck. More hacks are only a matter of time, especially when neither company responds to emails or security incidents well.


How much real engineering are these providers doing? How well do they understand their stack? If they're all running the same underlying software, it suggests that setting up such an operation doesn't require much skill and it's heading to "script kiddy" territory. Sketchy? Certainly suspect and needing a lot of due diligence which my gut tells me that (a) they won't fare so well; and (b) they are so low-margin that they would be unwilling to participate.

If Apple got hacked because their dev center was powered by a $10 control panel script then yeah... they'd be extremely sketchy too.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: