Fair enough, with R250K profit they have no excuse not to hold their client's hands, even when they surf. But, how much profit do they make from the R50pm subscription? They still need to pay rent, purchase new equipment (you want better technology in the future, right?), phones, water & lights, insurance, etc.
Marq, I didn't say that, but instead I'm trying to imply that it's a 2-way street. The client needs to take responsibility as well.
IF your website is really that important (let's take a bank's website, for example), then surely you (as owner) should do your part to make sure everything on your side is fine. The banks, in this example, spend a few million a month on security (staff / their own servers / own data centre space / developers who code very well / etc) IF their site get's hacked, who's fault is it? Theirs, or the ISP's? - this is an example, but I don't know if it came through properly.
let's bring it to our level. If one of our reseller's accounts gets hacked, who's fault is it? Ours? Our client (as reseller), or his client? Let's say the 3rd party developer (so we're 4 levels down now, us -> reseller - his client -> 3rd party developer) doesn't follow secure coding standards, and a hacker discover an XSS flaw, and then get's the client's control panel password and hacks into the control panel. This hacker is then a bit more patient in leaving his marks. He then leaves some "worms" on the client's account to get other info from the client. Any username & password combination can be used to possibly hack other accounts the client has. BUT, since he has access to the client's account, he has access to the client's email as well, and could silently capture all emails the client get (like new password request from this forum, or even the bank, or whatever). This goes on for a month or 2, if he's really clever, he'll lay low for about 6 months (long enough for his "stealth worm" to have infiltrated the backups and the logs in such a way that an admin won't see it as abnormal activity), and then he strikes and causes havoc. IF, this account was a forum, then he would have thousands of email addresses & password combinations - even if the passwords are MD5 encrypted, he could probably have enough PC power to decrypt those passwords. My guess is, about 70% of those passwords are easy to pronounce, and could thus be cracked against a dictionary - which is quick on a multi-Core XEON.
This IMO leads me to believe they either don't know, or don't want to dig deeper to find the problem. OR, they screwed up somewhere like you suspected.
Do they not have an option where you could restore your website yourself?
And do you have access to any raw logs on the server? This could sometimes indicate where / how the hacker got it.
Can you pronounce your password? Is so, then you need to change it ASAP.
It's not as simple as running a script against the date of the script. The main problem is, there's probably 50 billion scripts on the internet, and a date check alone won't be accurate enough.
For example, a client uploads a static web page in 2003, with some basic HTML content and nothing more. The monitor script will then go berserk on this account due to the date. There's no need to update the site as the static content is invulnerable. Do you think this client would enjoy being spammed by the server every day / week / month - whenever the script runs to say his 7 year old HTML page is a hazard? I can see how this is going to peev off some clients already.
Similarly, if you decide to upload a script, like say Joomla, which has 7,968 scripts (new install - no mods or anything yet) , and there's say 100 client's (there's normally more) on this particular server - that would be 796,800 script for a single Joomla installation per account alone. What if every client has a forum & blog installed as well. Now, this figure goes up to say 2,788,800 scripts.
So, a simple date checker script will need to loop through 2,788,800 scripts, every day to see if the date is older than say 6 months (to be a realistic number)?
In theory, your suggest is a valid one, but not practical, by a million miles. Is it really so hard to take responsibility of your own website? Does your website mean so little to you that you refuse to take care of it and insist that the ISP do it? And if they absolutely need to take care of it, are you prepared to pay extra for it?
I'm asking this, as a matter of research
How much of the R50 (this is purely the example) you pay do you think the ISP's actually pocket as mark-up? Sure, I would love to assign a dedicated tech to every client I have, but my business will go down in flames on day1.
And while the thought it probably very true, I can assure you that it's not 100% so. That R50 (with your calculations on 20,000 clients is R1.25mil) needs to pay for servers, switches, firewalls, server room (either rent or maintenance on own equipment) software licenses, staff, office, water & light, insurance, bandwidth (chances are R30 is for bandwidth only, so they don't even see that money), and the list goes on. The responsibility is in fact far greater than you think. If, for example, they didn't pend R25K on a new server recently, they couldn't accommodate your website. OR, that new R400K firewall makes a huge difference on DDOS, QOS, VLAN, etc control making everyone's life easier. And, the new software licenses probably cost them in the region of say R700K this year, but they need to pay it to keep up with the demand.
i.e they provide you with all the tools you need to make sure you website is up and running, 24/7/365, with security (physical & electronical), with all the software that you need ( server OS, control panel, mail server, database server, site builders, etc, etc). You just need to maintain your own website. Is this not responsible enough?
Do you want them to run your website as well? And take care of the CEO while their at it? And how about managing your company?
All of these are possible (whether WA offers it or not,I don't know), but will cost you extra money. Did you pay the extra money? Then you get the service. If not, then you can't expect it.
agreed. but again, I can't vouch for any other ISP. I just get a bit worked up when the ISP industry is always to blame for everything, even though 70%+ of the problems are user-related.
Did you like this article? Share it with your favourite social network.