Wimpy Web Hosts Hope Hackers Won't Scan

You may want to see how confident your Web Host is when it comes to survey scanning and vulnerability testing. According to Salvador Periot, Technology Strategist for LogiGuard LLC, there has been «an increase in the number of web host administrators who are terrified of port scans.» LogiGuard offers HackerGuard, a product developed and used for port scanning and testing for SANS top 25 vulnerabilities and other security holes that can be found within a website.

These wimpy web hosts are simply not living in the real world. They are terrified of port scans for a very good reason—these scans do work and they can find weaknesses that otherwise might remain hidden to all. If a weakness is found, they may actually have to beef up their server security which may take a little time and money away from the leisurely lifestyle of the web host. What they really can't accept is that if the 'good guys' aren't scanning your network and probing against vulnerabilities to help you make informed security decisions, you better believe the 'bad guys' are probing and scheming about how to exploit the vulnerabilities that they might find.

Used mainly on the enterprise level, the scanning process used by LogiGuard is quick and painless. However, Mr. Periot states that far too many web hosts come back and complain that they don't want to be scanned, using excuses that the testing process may tie up resources, or worse, complaining that it may «crash» their server. This thought pattern is the same as an automaker that won't crash test a car because it may show weaknesses in the car. Web hosts need to take responsibility for their server security and accept that some security changes may be needed. «Scanning is a way of web life and will only get more intense as resources expand and methods for scanning are improved and refined,» commented LogiGuard's Mr. Periot.

Not all web hosts play dead monkey with real security issues. We were happy to see welcomed responses from Host Color in a recent press release, offering guidelines on securing PHP and Perl applications. The hosting company security specialists also underline how important it is that all web applications are updated regularly. "Our company has always placed a strong emphasis on security. The main problem that we face however is that too many webmasters do not realize that they need to think about all security implications when they install any software on their accounts. A recent example of the type of problem that we face is that many of the 'Contact us' scripts that our customers install are vulnerable and can be used as open-relays by spammers. This causes serious problems for the servers since it can turn them into sources of spam. We have added detailed instructions on how this can be avoided. We have also give simple examples of what Code and SQL injection are and how those intrusions can be stopped as well," says Stoyan Marinov, Host Color's Security Specialist.

LogiGuard's Marketing Director Wendiann Trent adds, «Buck up web hosts! You may not always like the vulnerabilities exposed, but if they're in there, you need to take proactive measures to protect your customers against fraud and theft. Of course, you may find that you may well be hosting a hacker or two, who has been exploiting one of your weaknesses for months! Consider this a godsend and respond accordingly.»

As for poor customer service and a paranoid reaction to the scanning process, one large web hosting company threatened to have their customer removed if he did not discontinue the daily vulnerability scans. This is one of the more extreme examples of web host insecurity that has been displayed over recent months. If a bank officer is afraid of a mock bank robbery while the banking center under his own surveillance, the banking center probably has huge weaknesses which the bank office is either trying to hide, or too lazy to repair or both. Would you feel comfortable depositing your cash, especially anything over $100,000, into a bank with such anti-testing policies?

When searching for a web host, stay away from the web hosts that do not welcome vulnerability testing or have an anti-scan policy. Seek out web hosts who are concerned about server security and have open minds about how to maintain a high level of security for their customers. They do not have to agree with results or conclusions from the scan report, but they should carefully review the results, embrace the increased awareness in learning about the security of their server, and reaffirm to you that they are doing everything they can for you and your customer's on line security.

Related Internet Articles

• CW3 Web Hosting Develops an Email Script That Stops Form Mail Hijacking
  4 March 2006



• Orange Country Web Design Firm topLingo Auctions Off Christmas on eBay for Charity
  4 March 2006



• Real Introduces Rhapsody.com, the First Web Destination to Offer Free and Legal Access to a Deep Catalog of Full Length Songs From All Major Labels
  4 March 2006



• December 2005 Bandwidth Report With Internet Broadband Statistics by Web Site Optimization
  2 March 2006



• SurfControl Hosts International Directors' Forum on the Threats of Tomorrow
  27 February 2006



• Hot Banana Partners with PRWeb to Add Press Release Distribution to its Active Marketing Web Content Management Suite
  27 February 2006



• Web Hosting Company Provides Top Security
  26 February 2006



• Southwestern Energy Company Invites You to Join Its Fourth Quarter and Year End 2005 Earnings Conference Call on the Web
  24 February 2006



• Democracy Internet TV Launches 'TiVo for Web Video' System
  23 February 2006



• Circle R Media, Rassai Internet Solutions Jointly Creating Interactive, Video-Centric Client Web Sites
  23 February 2006

#1 - HostGator

Unlimited Domain Hosting Only $10 a Month Founded in 2002, Hostgator.com, LLC has quickly grown from its humble beginnings in Boca Raton, Florida into one of the most respected names in the web hosting industry. Renowned for exceptional customer support and unrivaled in terms of customer satisfaction, Host Gator is poised to take the lead in the highly competitive and densely populated world of web hosting providers. For more information! Click Here

#2 - 1&1 Internet Inc.

Got Root?! 1&1 Dedicated Servers starting at $99 mo. We guarantee the highest product quality, top security, and unshakeable reliability. 1&1’s advanced Data Centers have been built from the ground up using the most advanced technology available, giving our global network a strength that is beyond doubt. The power and stability of 1&1’s systems allows us to be first to market with web products that are innovative yet dependable. For more information! Click Here

#3 - ServerPronto

Get a full dedicated server starting at just $29.95! ServerPronto is a dedicated hosting subsidiary of Infolink, one of a few profitable Data Center Corporations in the world. From it's beginning in January 1999, Infolink served the "Value Orientated" segment of the Internet market. Not by offering a sub-standard product at a low price, but by offering a top-quality, feature rich product at an incredible price. Since the beginning Infolink has enjoyed dramatic growth while other's in the industry have suffered. We operate our own network in the USA and maintain redundant Fiber Optic Rings which allow us to directly peer with Tier 1 Internet Backbones. For more information! Click Here