(apologies for the length)

Russ,

I can tell by your comments that you either have dealt with a lot of hosts
or have worked or owned one. Well said.

Having worked in the Hosting space for more than 10 years now, I can safely
say there is absolutely no 100% way to prevent these exploits on any
platform.

That is not to say there are not more secure options than shared hosting,
but even at that you may need the above average skill set. I can make an
argument that shared CF hosting is probably more secure for half the people
using Coldfusion out there.

How and why?

Well most probably have no one actively monitoring their servers. Not only
do we have ourselves and tools looking at the servers, but our customers
who make us instantly aware of an issue.

Even a subpar host probably has a better lock down on CF than many non host
managed CF users.

How many can say they don't have root kits (or even know what that is)
running on their server? Probably a lot on this list, but the average vps,
cloud or dedicated user out there, ummm probably not.

Example, there was a recent issue we had with hidden elements being
injected to files on a shared server. This was actually a customer running
Wordpress. How many out there would have found that and how quickly, say on
a dedicated server with a site that only gets updated once a month.

The best you can do is be vigilant, do your patching and homework and when
the next compromise comes, take it on the cheek, mitigate, and take what
you learned and try to improve for the next go around.

And if you are a hosting customer, it's up to you to be aware and educated
on what a host should and shouldn't be doing (aka this list). And then
decide if it's time to move on or acceptable to you.

Of course I'm speaking in general terms, as this is the case with not only
CF, but all platforms. How many times a week do we hear about a drupal or
Wordpress issue, just about as often as CF, but if not more.

Quick fact, we have more dedicated, vps, cloud (vms) revenue effected by
compromises than our shared customers.

But let's not all forget the real problem here. It's not cf users, the host
or Adobe's fault. It's the dirt bags out there who make escalations happen
that result in the 3 am phone calls.

Byron Mann
Lead Engineer & Architect
HostMySite.com


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354470
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Reply via email to