You didn’t really think we were going to tell you that, did you?

Actually, some of you likely will have clicked on this thinking that’s exactly what we were going to do.

Security is one of the most challenging aspects of running a shared hosting company. After all, the existence of hosting that’s “shared” seemed like it shouldn’t exist at all - most networks are closed to everyone and open only to those that need them. By definition, a shared hosting network and server has to be open to everybody that’s needs access no matter where in the world they are, but closed to everyone that would harm the network no matter where in the world they are.

Because of the inherent oxymoron-ness of shared hosting, security on the servers is quite extensive and has to be fine-tuned nearly every day. We employ mod-security, a software firewall, blacklisting services, scanners, and a host of other things to catch problems as they come up. Despite our choice to not automate any set ups are installs, our security is automated and will kick in immediately when there are certain defined problems.

We get at least 2-5 people firewalling themselves per day. In response to being told they firewalled themselves, we get these frequent responses back.

1. Can you whitelist my IP?
2. Can you explain exactly what I did so I won’t do it again?
3. I don’t know what a port scan is so I could not have done it.
4. But I was using the right login!

None of these are the correct responses, and they won’t get you anywhere. Here’s why.

Can you whitelist my IP?

OK, so, a firewall is designed to spot things that people do against the servers. The means people outside our network, and believe it or not, those who we gave access to that maybe we shouldn’t have. What you are asking us to do is to tell our servers to ignore anything that you do wrong so that if you do something wrong, your access won’t be blocked and you can keep doing the wrong thing until you get it right (or so you can keep banging on the server until you email support).

When you see it explained like that, can you understand why, maybe, that’s not a good idea?

The firewall is there to protect the server as a whole, and you are not the only client on it. In addition, many clients that we have are not savvy enough to recognize when their computer has been unwittingly drafted into being a member of a botnet. Even if you are sure you didn’t do that portscan yourself, it doesn’t mean that your computer or another computer on your network didn’t.

Can you explain exactly what I did so I won’t do it again?

We can, in general, tell you how to do it right - what we can’t do is explain step by step what you did wrong. This is especially true for orders that are flagged and refused for install - and in that case, we won’t even take the time to explain to you fully how to do it right as we feel the order form is fairly self-explanatory.

While the slice of the server you have is “yours”, the machine is our responsibility to secure. One of the ways we do that is making sure that exactly what we do for security remains a tightly held secret.

We’ll tell you that we use mod-security, but you won’t get a copy of our rules. We’ll let you know the server firewalled you for performing a certain action too many times, but we won’t tell you exactly how many times it was that set it off. We’ll tell you that you were temporarily firewalled but we won’t tell you how long the ban will last before it expires. All that information can be used to piece together a picture of our practices that no one should have a picture of but us.

I don’t know what a port scan is so I could not have done it.

See the response to whitelisting - many clients that we have are not savvy enough to recognize when their computer has been unwittingly drafted into being a member of a botnet. Even if you are sure you didn’t do that portscan yourself, it doesn’t mean that your computer or another computer on your network didn’t.

If we are picking up scans that you know you didn’t or couldn’t have physically done, you need to look to other explanations. It could be as simple as your computer being infected, it could be as complex as your wife suspects you are talking to a mistress through email and is trying to hack into your mail account to get evidence. There are a lot of explanations for firewalling from the simple (I forgot my password and refuse to email support so I’ll just hack away until I get it) to the complex (someone wants to hack your account and they live under your roof).

But I was using the right login!

This one’s just thrown in here because we are like the omnipotent and unknowable deity within the metal confines of these boxes. We know what you typed in. We probably even know what you did last summer since we likely have it archived somewhere.

If we tell you we see that you typed in “groggy” to log in and your login is really “eueytgdfy”, just believe us. It saves time.

Tags: firewall, security

This entry was posted on Wednesday, July 2nd, 2008 at 10:22 pm and is filed under DrakNet Tips. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.