I’ve always been a strong believer that good behaviour and a clean internet would lead to a better experience for everyone.
There is a lot of nasty stuff out there and we’ve always tried to do what we can to stop it from affecting our clients.
Unfortunately “network abuse” is not “sexy” or exciting and a lot of hosting providers have weak or non-existent policies. Running an abuse desk isn’t exciting and won’t directly help boost sales, though I would argue that it does actually bring you benefits if you adopt a broader approach. (If you’re bored you can peruse my slides from the RIPE meeting in Rome last year)
Our technical team have developed a range of tools and internal policies to deal with issues when they occur on our network and we’ve been subscribed to Google’s Safe Browsing Alerts since last year.
I’ve also been keeping a close eye on what was going on with StopBadWare (the name says it all) who had been working on developing a set of best practices for hosting providers.
When they announce the launch of “We Stop Badware” we had to signup and our currently one of only 6 companies worldwide that have signed up.
So now we can display the nice little logo:
Is this going to change anything in how we treat network abuse?
Not really, though it does help strengthen our current policies and processes.
As someone who has had several off their sites hit by malware in the past few months I have had to learn about security pretty fast.
Correct me if I am wrong but I asked support and they said they have no services that are actively scanning your hosted sites for malware.
Why not support anti malware services like:
I now use http://sucuri.net/ to monitor all my sites for malware, they have web host services to why not check them out?
We are subscribed to the Google notices as I mentioned.
While services like Sucuri etc., might be economically viable for someone with only one or two websites it would cost us thousands to use them for a network of our size and wouldn’t be of much benefit, as we already get reports via Google coupled with the other abuse reports we handle.
What about cloudflare support?
RE: Sucuri. I know services like this add to your costs by could you not offer it to users as an optional extra? Could it not make you money?
I am paying Sucuri $600 a year for monitoring. Expensive but when you have clients screaming that there site is hit you soon pull out the credit card.
I suppose my main point is that some users are happy to pay extra for increased monitoring and security.