New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
It's up to you if you don't feel that your users' data is important. I can remedy any concerns I have about that by not doing business with you. Quit pointing at bad policies of other people and using them to justify your own. Facebook didn't support https logins until not that long ago, and they still don't require them. They're a multi-billion dollar corporation. I, and a lot of other technically savvy people, still think they're wrong.
Some one else is also fighting over SSL on wht
http://www.webhostingtalk.com/showthread.php?t=1179978
Lord have mercy!
Wow
@24khost - you've shown you don't understand the technical reasons (man in the middle attacks etc) nor business reasons (potential customers here have told you they won't do business with you without SSL) that any internet site exchanging any data that's not 100% public has to use SSL.
How many major internet sites can you find that don't do sign in over SSL?
If you want to sell services on 'the internets' you really need to have a better handle on both the technical and business aspects. Save yourself a lot of time and money, go back to whatever you were doing before trying to sell VPS - nobody here is going to have enough faith to hand over even $1/year to you after your spectacular display of ignorance.
@tehdan
HE is not the only
WHT ruined internet with noobs calling em pros :P
Noticed the link I have posted? There are provider (Supposedly doing hosting since 2001??) who doesn't understand SSL as well. Jesus!
@NinjaHawk - if I knew where he lived I'd drive by, steal some passwords from his presumably unsecured home wifi and post them up here. Something tells me he'd say the admin logins for his WHCMS weren't secret because his credit card details aren't in there.
So..if an attacker successfully sniffing the client username and password transferred without encryption...the consequences is bad....
the attacker can use it to terminate any/all active services,or ordering many services and end up having many pending invoices,of if it is WHMCMS,surely the attacker can look at previous email sent on server information...
IP address,password,ssh info,etc....and what if they use this info to do something illegal using the server...DDOS,taking down the server,distributing malware,etc...
And what if the attacker manage to get other info,name,address,phone,email,etc...the other account on other services will be in danger...
Back to topic. @24khost offering cloud architecture in lowendbox communtiy can be a bit tricky. Our little budget plans for little works don't require High Availability /Self Healing/ Etc... technology and as most people here look at every dollar you will easier sell standard 2$ product than no matter how great, stable, modern... and of course worth of price 5$ product unless you include more resources in this plan.
People here see "numbers" -> price & resources and while it's not bad to have stable 1GB memory HA/self healing/SAN/bla bla... "cloud" vps for some serious production work for most of us this don't make difference in 128/256mb budget hosting segment where we don't use out little VPSs for critical important things.
What I am trying to say is that most people here aren't willing to pay "more" for 256mb memory plan no matter how great redundant architecture is behind. Our relatively stable and cheaper low end VPSs give us exactly what we need. Whoever need VPS to host mission critical stuff will usually need bigger and more expensive plan out of "low end box" budget scope.
I apologize this got brought up. My belief and the belief of many other larger hosts. Is that if your not storing private data ( ie. credit card data ) this is not needed. If you not interested in doing business with us cause of our view on ssl, we understand that. We would just encourage you to do more research.
99% of sites that are hacked, are not hacked with sniffing. Most are hacked through one of 3 ways. 1. Brute force, this is done with dictionary attacks and such on passwords that are not very strong. 2. Fishing attacks, this one is harder for them to use to hack. Most administrator account won't be accessed by clicking on links from your email.
3. Social Engineering, this involves inpersinating another individual to recieve information that gets you admin access.
None of these 3 ways of hacking are stopped by SSL. The less than 1 percent that are hacked by packet sniffing are usually done from and unprotected wifi network. We don't use wifi when connecting to our whmcs, only hardwire. Are business machines do not get used to visit any other website than our whmcs install and to ssh to our servers. This is what allows us to be certain of ourselves that we will not have issues with being hacked. All passwords we use our random generated.
We have reloaded our SSL cert. But again as we stated earlier this does nothing except give you woobie (child saftey blanket), real security only happens when you understand the real way big companies get hacked.
The thing is, you are not a big company. And if you say SSL isn't "real security" and "does nothing" i doubt you will ever be.
By the way you seem pretty sure about the safety of your hoster, are people allowed to pentest it? :P
I am sure about our security as we have spent time securing our networks. We have spent several years in this business, and have learned more than can be experienced by reading. We have through the use of multiple softwares such as apf, bfd, not dictionary based passwords, monthly password changes, network security audits, and again only hard wirded connections to our servers to protect against 99.9% of hacking. Nothing is ever 100% fool proof.
This year we have already seen
http://www.pcworld.com/businesscenter/article/258973/cyberoam_fixes_ssl_snooping_hole_in_network_security_appliances.html
http://www.computerworld.com/s/article/9223936/VeriSign_admits_multiple_hacks_in_2010_keeps_details_under_wraps
http://www.thewhir.com/web-hosting-news/report-finds-dutch-government-was-ill-prepared-to-handle-2011-ssl-hack
they had ssl and still got hacked -http://nakedsecurity.sophos.com/2012/07/11/formspring-hacked-28-million-users-told-to-change-their-passwords/
I still don't think you understand what SSL is good for:
I'd rather pay the $18 a year for SSL and have more customers, than argue my personal emotions with potential customers on a forum and scare them away.
I am not trying to argue with potential customers, but trying to give them more information. I want people to understand the truth.
You are actually showing that you are uneducated and don't understand what you are talking about.
Btw what happened to Socheaphost.net?
People don't get hacked by mitm password theft because most people are smart enough to use SSL. By that logic I shouldn't have a door on my house because most burglars break a window round the back.
That was over 2 years ago back when we were young in the business but we gifted that to it's new owner Saleh Amhed
@ tehdan you do realize that ssl doesn't protect against brute force attacks correct? The most used hack to get access.
@24khost people resort to bruteforce (and other attacks) because they can't just steal your password that's encrypted with SSL.
Like I said - a burglar breaks a window at the back of your house because you have a locked front door - no door and they'll walk right in
Stop talking about the stupid credit cards.
I am SENDING to YOU my personal info, and I need SSL because that.
You are an idiot.
you do realize that your name, address and phone number are not private information? Most of these can be found with a simple goog search, phone book or multiple different places.
Go ahead and find mine. And i think its ridicolous that you don't think emails and passwords are private data.
only you credit card numbers, financial information and health information
Interestingly, a 'simple goog search' on my name in an incognito window didn't turn up my address or phone number in the first 10 pages of results.
There are several points to consider:
-I have a unique name; I am the ONLY person on google with my name. Everything returned is me.
-Oldest stuff that Google has indexed for me is from 1998, or 14 years of data.
You'd think with both of these points would make it very easy to find my information. It's actually really interesting, as i'm not of the tin-foil-hat crowd, and am somewhat free with my contact information, as people on LET can attest, yet no address information turns up.
To quote Wikipedia:
@gsrdgrdghd Thanks
FFS this guy
Me no comprande SSL. (My Spanish is bad)
By sniffing, I can send tons of targeted spams. Period.
Hope you are aware that Internet traffic gets routed everywhere before reaching your server.
Yes I do. Remember that whmcs had a ssl cert yet they were hacked and thousands of cc, names addresses and phone numbers got released. What did ssl do in that situation?
Again your not grasping the concept of security.
Dude you so ridicolous.