Main Area and Open Discussion > Living Room
Is your Hosting Company Secure ... Really?
Stoic Joker:
From the Department of You Gotta be Kidding Me...
While working with a client's network trying to resolve some mail flow issues...I was required to contact their web hosting company. This can be "fun" to varying degrees depending on what type of verification is used to ascertain whether or not you should be allowed to be making change requests. This is frequently called Big Fun with Social Engineering when the client can't remember or find the account info. which nobody has seen for 8+ years.
Now imagine (if-you-will) my dismay at getting absolutely no challenge what so ever. None. Nothing. Notta. Straight to the red carpet from hello. This has now happened on two separate occasions, which were weeks apart. So it ain't like somebody was having a bad day, and let it slide... What were the changes I was requesting you ask?
1st Call:
I requested that all mailboxes be tripled in size to (and this was directly stated) allow for larger Emails (with 20+MB attachments)to be sent.
2nd Call:
I requested that all the existing MX records be removed (Um... Yeah), a new MX record be created, and that all the mail was now to be sent to an off-host IP address that I specified.
And at no time was I asked for anything (not even my name - which I didn't offer) other than what domain I would like to make changes to.
Now the web-based management interface requires, domain name, user name, and pass word ... ALL of which are case sensitive. So there seems to be some level of understanding in regard to security. It just doesn't extend (or pertain) to the folks at phone support. Try this with your hosting company sometime to see how well they fair ... You might just be mortified ... I was.
...I've advised the client to switch hosting companies ... and they are.
cranioscopical:
I've advised the client to switch hosting companies ... and they are.
-Stoic Joker (March 22, 2011, 05:41 PM)
--- End quote ---
And thanks for all that mail… some interesting reading, eh?
Stoic Joker:
I've advised the client to switch hosting companies ... and they are.
-Stoic Joker (March 22, 2011, 05:41 PM)
--- End quote ---
And thanks for all that mail… some interesting reading, eh?
-cranioscopical (March 22, 2011, 06:19 PM)
--- End quote ---
:huh: Ya know, I'm usually pretty good at this ... But I have no I dea what you mean by that. :huh:
Previously they had their Exchange server suspended between the hosting company (via POP Connector) and their ISP (via SmartHost forward), on a increasingly shakey DSL connection. Now their Exchange server is fully public on a fiber connection (one of yesterday's speed tests hit 35Mb - I wonder if the wife will let me get one...).
So the mail load (for them) hasn't really changed, it's just fast & reliable now.
Renegade:
Oh. My. God.
That's horrible.
I'm with The Planet and Softlayer, and they're good. I've called them before and they do check to make sure that I am who I say I am.
cthorpe:
I'm with a VPS. If you were to call or email them about something like MX records, they would point you at a website that tells you how to do it and tell you to do it yourself. I call it security through RTFM.
C
Navigation
[0] Message Index
[#] Next page
Go to full version