8 Dec
2012
8 Dec
'12
9:36 p.m.
On Fri, Dec 07, 2012 at 02:19:42AM +0000, Andy Smith wrote:
Hello,
From time to time BitFolk customer VPSes occasionally become subject
to various kinds of compromise. Frustratingly, the kinds of
compromise encountered are generally the result of run of the mill,
completely preventable and unremarkable root causes.
As someone who worked in the web hosting industry for 5 years, I feel
your pain, sir.
I would like to find a way to raise awareness of these
very simple
security concerns amongst the customer base, in order to hopefully
cut down on how often they happen.
I was thinking that if customers saw how often these things happen
to people very much like themselves then it might help remove some
of the "yeah I've heard of that but it will never happen to me"
mindset that we all regrettably can fall into.
So I was contemplating posting an email thread to this ("users")
list every time we become aware of a customer compromise, and I was
wondering what you thought of that idea.
I would say not so much every time there's a compromise, but maybe every
time there's a compromise and you or the customer was able to do a full
root cause analysis.
Just seeing "this box got rooted and sent out tons of spam" isn't all
that useful, as we're all aware (or, should be, maybe I'm arguing
against myself here) that machines get exploited all the time and do Bad
Things, but seeing WHY, and maybe even some of the process for tracing
down the root cause would be handy.
At any rate, I'm a mailing list whore, so I would read every post
anyways, bring it on :)
Additionally, I must say that I'm very happy I chose bitfolk for my vps
provider. Things like this (and even the discussion itself) make me feel
very good about the people running things behind the scenes.
Also, it's always fun to find a fellow mutt user in the wild ;)
-Jeremy