procedures to sue web host for security breach

  • varunbihani
  • Novice
  • Novice
  • varunbihani
  • Posts: 21
  • Loc: India

Post 3+ Months Ago

Hi,
I would like to know isnt it the responsiblity of the Hosting Companies to provide protection against DDoS/DoS attacks.

Our Server was reported to be the source of a DOS (outbound UDP) attack as informed by our host (Hostcentric) with no details/any clue as to its explanation. For the last 10 days, they have kept on unplugging our machine every now and then without being bothered about helping us in knowing the cause and solutions to curb the attacks.. This is the worst support, I have seen from any hosting company.

I would like to know if there are some legal provisions listing the minimum Security Requirements for any hosting company to get into business of hosting.
When we were discussing before taking the Server our host hostcentric promised us to provide very good network security protection.We went for a dedicated Server .
We shifted from dialtone.com to host centric to a upgraded Server.Currently both these companies are owned by Interland.

Now after one year they totally wash their hands of the security Issue and have the nerve to shut our server down without caring to either inform us or find out as to exactly where the security breach occured. They are non responsive to our mails and only discuss charges and payments.
The only mail that we get from them is to aurothise the charge and they want to bill us for some thing which we are not sure comes under their negligence.
Can you please let us know if we have some legal provisions governing the web hosting business and as clients how can we protect ourself from such high handed lopsided action with no communication other than asking for Authorisation for payments.

AS customers what are our rights in case of a wrong shut down of server by Hosting company.

Can we sue the hosting company for loss of business and reputation??
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

If you're only leasing a server, it's YOUR responsibility to keep your box secure. If anything, they should be able to sue you for compromising their network with an insecure box.

Do you guys have root access to the system? If so, it's your responsibility. If you don't, contact an attorney to go over their TOS & AUP that you agreed to when you handed over your hard earned cash :)
  • jmweb
  • Student
  • Student
  • jmweb
  • Posts: 71
  • Loc: 127.0.0.1

Post 3+ Months Ago

Quote:
We went for a dedicated Server .



Now if you paid Hostcentric for monthly server administration then yes you might have a case here. But if you didn't, you don't as they are obligated to their other customers to pull down your server if it is compromised.
  • Uncensored-Hosting
  • Proficient
  • Proficient
  • User avatar
  • Posts: 383
  • Loc: Los Angeles

Post 3+ Months Ago

I have to agree with previous posters. There is nothing published under thier detailed management services that suggests they will assist you in defending any DDos or DOS attacks. The closet they get to this would be Intrustion Detection Systems (IDS) and firewalls.

Unfortunately combating Ddos and Dos attacks require skill, patience, specialized software and hardware. None of which are offered or discussed on their website. Additonally what little management services they offer are optional. Did you pay anything extra for any of their security/managment services?
  • Daemonguy
  • Moderator
  • Web Master
  • User avatar
  • Posts: 2700
  • Loc: Somewhere outside the box in Sarasota, FL.

Post 3+ Months Ago

I not only agree with the above, but would also add that YOUR company is liable for any perceived damages by those that were the recipients of the attack(s).

Your host, due in large part to your own inability to properly manage your own hardware, was merely covering their own assets by taking any and all actions that they deemed appropriate -- or appropriate in the eyes of the various and sundry legal departments, government regulatory agencies, etc. et al.
  • placid psychosis
  • Proficient
  • Proficient
  • User avatar
  • Posts: 284
  • Loc: Warsaw, IN

Post 3+ Months Ago

As a former admin at a large data center, I second (third, fourth... whatever) the above. Any data center tech is trained to pull a server immediatly if it appears to be compromised. Why? Because a compromised server in a datacenter can be used to further compromise the network. Think about it. The server sits on a VPN or segmented LAN. That server gets taken from the outside, that box has TRUSTED access to the rest of that VPN or segment, and can further compromise to escalate datacenter access. Left unchecked, the routers could be taken and DNS caches poisoned (or much, much worse)... AAAAAHHHHHHHHH!!!!

So, to avoid that, the walk by and pull the plug. They don't HAVE to tell you. I'm willing to bet it's in thier TOS/AUP, under Network Security.

Post Information

  • Total Posts in this topic: 6 posts
  • Users browsing this forum: No registered users and 25 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.