PDA

View Full Version : Could FH routinely monitor my server?


Humandesigner
12-20-2006, 12:16 PM
Next year, I will probably need to have someone regularily make sure that my VPS is 99% safe from hacking.

Ideally, once or twice a month, a tech would look very closely at my VPS and then fix all the things that need to be fixed.

How much would FH charge for such a service?

Can you propose different options with their respective pricings ?

Thanks :)

Humandesigner
12-21-2006, 06:04 AM
Hello ? ....................

theOG
12-21-2006, 07:32 AM
lol... another thread that should have been emailed to support....

My guess is this service would cost a lot of money... but I'm sure FH team is looking into it since so many people seem to want this service.

Would like to see the uptake once prices are introduced.

Humandesigner
12-21-2006, 07:47 AM
lol... another thread that should have been emailed to support....


Already did two days ago.



My guess is this service would cost a lot of money... but I'm sure FH team is looking into it since so many people seem to want this service.

Would like to see the uptake once prices are introduced.

You might be right.
Maybe they are currently thinking very hard on how much to charge ... thus explaining the slow response ;)

Well, expensive or not, I want to know! :)

Humandesigner
12-21-2006, 08:08 AM
BTW, that's good to hear that this service is highly demanded.
I was starting to think that I was an exception.

There are server management companies who offer this kind of service but I'm quite reluctant to deal with one more entity. And no one else can be more trustable than your own host in terms of administration, don't you think?

And, I agree that constant monitoring can be very pricey.
But in my case, one or two hours a month dedicated to the security on my own server would be just enough.

I also bet that FH has a hard time to define a pro-active management plan because they already do so much support with no additional charge.

But the problem is that this kind of support isn't pro-active.

ono-neko
12-21-2006, 12:07 PM
Hi,

At this time, as you know, our VPS is semi-manage solution, so we do not do pro-active monitoring to our customers's VPSes.

If you want, you can request for security check and advise. We can help you set up firewall and give suggestions on what can be done to tighten your VPS's security.

Contact us at support[at]fluidhosting[dot]com about this, and we will help you tighten your security.

Humandesigner
12-21-2006, 04:16 PM
Hary, thanks for clarifying that FH intends to remain solely a semi-managed host.

But, in my opinion, there is a problem with the "semi-managed" word.
Where is the frontier between what's managed and what's not?

Everytime I had problems, you, John, Aleksic and even Dave always offered to help from security tightening to PHP compilation. And paradoxically, this makes me always feel bad because I never know if I'm requesting something you're not supposed to do. You know, I'm not the kind of person who likes to take advantage of a person/situation.

It sounds obvious that the installation/configuration of open source web applications like forums, blogs, etc. is my duty as an advanced user.
But what about PHP itself? It's open source but at the same time, it's already present on the server on purchase.

I've chosen a VPS over shared plans because I hate limitations. For example, I want to be able to use as many databases as I want and I aslo want to have the possibility to have PHP configured with as many modules as I might need in some uncertain future.

But this doesn't make me a real administrator, far from it.
I bet there are countless of people who, like me, need a flexible system but who have other things to do than learning all the things about Unix-like systems.

As for the security tightening you mentioned, it's great but I bet that, pardon me if I'm wrong, efficient security must necessarily be monitored frequently.

So, since I don't plan to leave FH and depending on whether or not the "semi-managed" word is clearly defined, I might opt for the use of a server management company.

Well, I feel kind of weird to be the only one who has an issue with the "semi-managed" thing.

FH-John
12-21-2006, 05:16 PM
As you know, we are happy to assist customers in maintaining security of their VPS. If it involves applications that are included with the VPS itself, we will update them upon request, and provide some basic tuning as well.

If you would like a more complete security check, you could opt to pre-purchase administration time. Then whenever you'd like to have us do an audit, etc. you'd just have to ask.

Humandesigner
12-22-2006, 07:16 AM
John,

What do you mean exactly by "a more complete security check"?
What are the tasks you would undertake and how many pre-purchased hours would be required for that?

Also, if I order, let's say, 1 or 2 hours of maintenance every month, what are the tasks you would undertake in terms of security?

As you already know, I know little about security.
So, it's almost impossible for me to request something specific.
You see what I mean?

Thanks :)

FH-John
12-22-2006, 12:23 PM
Excellent questions. :)

A more complete check would involve performing several checks, which i'll outline:

*verify system file integrity using RPM, and perform check using rkhunter
*check system password files to ensure that system level users can't login, and no unauthorized users have root access
*check temp directories for executables, and other abnormal activity
*inspect running process list for anything that is out of the ordinary
*check open/listening sockets for anything that is out the ordinary
*check system log files for unusual activity, such as users logging in from odd locations, and abnormal errors

For most people, the security check can be completed in under an houre.

Humandesigner
12-24-2006, 05:56 AM
Thanks a lot John,

I will definitively order pre-purchased administration time in the near future. Now, it would be very handy if the order could be recursively automated so that the security checks are performed even if I am away. And, it would be quite a hassle to order the same thing every month you know. It's not that I'm lazy ... ;)

So, can the billing interface handle recursive orders of pre-purchased administration hours?

Thanks again.

theOG
12-24-2006, 02:37 PM
Thanks a lot John,

I will definitively order pre-purchased administration time in the near future. Now, it would be very handy if the order could be recursively automated so that the security checks are performed even if I am away. And, it would be quite a hassle to order the same thing every month you know. It's not that I'm lazy ... ;)

So, can the billing interface handle recursive orders of pre-purchased administration hours?

Thanks again.

Sounds almost like you want an "Official package" that FH could put together and sell... good idea HD... FH could do that as a precursor to offering a fully managed solution…

FH-John
12-30-2006, 09:04 PM
So, can the billing interface handle recursive orders of pre-purchased administration hours?

I do believe we can handle recursive purchases for administration time.