Death by Assocation

By Larry Seltzer  |  Posted 2004-04-12 Print this article Print

Mail servers arent immune to "death by association." I once had a shared hosting account and woke one day to find that my mail from that domain was blocked by one of the major RBLs (Realtime Blackhole Lists), such as Mail Abuse Prevention System. Some digging revealed that this RBL blocked mail servers by IP address, and I was on a shared mail server. In all likelihood, some other domain on the same server had been spamming, but I paid the price all the same.

Security issues for hosted domains havent been covered enough by the media. I began to touch on them and how they are more common than is generally thought in a recent column on DDoS (distributed-denial-of-service) attacks.
But the implications for the industry are significant. I agree with Peter Pathos, president of The Planet Internet Services Inc. of Dallas. In a recent interview, Pathos said security issues would be the death of the "mom-and-pop" hosting industry and that "only those larger hosting companies focused on security will succeed."

Pathos went on to describe some of the products and practices his company uses to secure its customer sites. Its all good, but most of it protects the inside from whats outside. Once something comes into a server, say by a trusted customer, theres only so far that operating-system hardening can take you.

And not every hosting service spends all of the money on security that The Planet does. As a general matter, you should consider your own site, even one on a dedicated server, more vulnerable to attacks from other sites in the same data center than from outside. You know how in the movies the bank robbers rent the basement next door and break in at night? If you want to attack an Internet site, maybe even an Internet bank, rent a logically nearby server.

But nothings more nearby than another site on a shared server. If security is really important, you really ought to get yourself a dedicated server. If youre scared off by the money it costs, security probably isnt as important to you as you think.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms Security Center at for security news, views and analysis. Be sure to add our security news feed to your RSS newsreader or My Yahoo page:   More from Larry Seltzer

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel