Value: Reputation or Dollar?

What is your priority? I mean - really? Do you have a set of ethics, a statement, core values... or are they just something that you have on your website for people to see and because your share holders need something.

Shifting direction - lets talk about attacks, hostility, spam. If you where to ask me to name a provider that causes you the most grief - I mean "the most" - I would say - without a doubt - OVH.

To the extent there have been times where we have actually blocked the majority of services from the OVH ranges.

They have great internal procedures, are efficient, make beaucoup dollar - however their reputation is toilet.

What do you value?

Hell - when you talk about companies and value - what is your term of reference? Are you thinking in share value - or value, values, quality, what they actually do? If it's not the latter - then I guess I am talking to you.

A colleague forwarded me an article from SC Magazine on UK spammers.

Now the link might seem tenuous - but it is not from my experiences.

Two routes are the bane or the shared hosting environment:

  •  An hokey account is set up with false details and stolen card, OR,
  •  An existing kosher account is compromised. Account compromises take the form of a non patched / secured site allowing for content to be uploaded / or password bruting for admin user or FTP details.

In both cases you will see a tool-kit deployed that will allow the user to deliver content - possibly a fraction of a site compounded from many compromised hosts (to keep the bandwidth under the radar), a spamming tool - which usually will see lists of users posted to it over HTTP, and more common of late - further brute forcing tools - that will then chip away at other CMS platforms, and FTP users. Winning. In the latter option above, you will also commonly see a priority being a back-door - so they can get back in again once the user has "deleted the files" in the assumption that this makes it all okay again (it does not).

The shared hosting environment is RIFE with this. Mostly as they offer great viable target rich environments with people with no experience delivering content, and learning - and the "all developers are not created equally". Entry level web developers are rarely aware of the risks and environment they are operating in - really they should be (or find an Sys Admin or Network Engineer to have a chat with some time and WAKE UP). Regretfully there is little to no driver for change. Customers are more fussed about their mails bouncing or being bounced, or their site slow - than they are about their domain sending out 300,000 mails an hour selling something questionable - or the fact that they have a directory selling 'top quality Oakrey sunglass, last you long time, low dollar' that their customers don’t see but Google is all over.

I will put this rant back in the box - and for very good reason. These people don’t know any better, it is an education matter, a social awareness. They are a cause - however they are not the thorn in my side, they are not actively making a choice to defend this activity.

Say for example there was a third bane. Lets just say. Say you hosted customers that you knew where occasionally sources for vast amounts of spam / attacks / so on - BUT they bought in the money. Big money - for very little resource. Maybe they don’t share a language with the people raising the abuse@ tickets over in engineering. Maybe they are not motivated to resolve these issues - that have usually stopped by the time that the triggers are reached. Lets just take that as a hypothetical example.

I can see how that would work also. Sales and accounts suddenly at odds with engineers from systems and networks who are calling out certain clients. They dont want the reputation and engineering issues, and the sales team and management are worried about numbers, meetings, shareholders and their perceived 'value'. Back to OVH - who rumour has it apparently have very shiny deployment and networks incidentally, their methods, monitoring and procedures all very slick .... however.... here we are.

Where do you stand on this, does your value have a pound sign next to it, or is it a value in terms of saying "do that again and you are off"... in line with doing a better job?

I am just saying.

So - here we have the Cloudmark stats for the UK's biggest spammers, and the biggest spammers globally for comparison. I do not think its okay to blame the shared environments. I think its fairer to blame the drivers. One provider here has FOURTEEN PERCENT OF THE UK'S SPAM.




Time to change your terms of reference. Ethic. Value. Priority.

Leave a Reply

Your email address will not be published. Required fields are marked *