Computers, Science, Technology, Xen Virtualization, Hosting, Photography, The Internet, Geekdom And More

Its Almost Always The Code, Not The Server

Posted on | December 8, 2009 | No Comments

I can’t tell you how many times I’ve had to deal with people who had their web site compromised who named their hosting server as the weakest link. 99.99% of the time, if your site is defaced or found to link to on-line Viagra vendors, its your fault, not the hosting provider.

Usually, this kind of thing happens because … 

  • You failed to escape a database query
  • You use GET or POST data without checking any kind of sanity
  • You don’t protect sensitive configuration files from being loaded by a browser
  • You hack some application and refuse to merge in updates because its ‘too hard’ to merge
  • You secretly abandon ethics, sell text links to on-line pharmacies then yell at your hosting company when Google de-lists you (some people even try to sue!)
  • You can’t keep your big mouth shut about how ‘great’ you are and blame someone else for your inevitable mistakes.

This is one of the biggest reasons why I do not offer hosting to the public. I can’t tell you how tiring it is to defend yourself against an overnight meme expert' on public forums that influence your volume of business. I'll name thisAcquired Icarus Syndrome.’

Sure, there are instances when kernel CVEs creep in (the vmsplice bug was a nasty one for those who go out of tree) .. which is why I say 99.99% :)

If you screw up, admit it to yourself and learn something from it.  Don’t defame others as incompetent when neither you, or they were actually incompetent. Things happen, deal with it like a grown up :)

If you stop learning after being pronounced (by your self or others) as an expert', you'll be anexpert’ for a day.


Leave a Reply

  • Monkey Plus Typewriter
  • Stack Overflow

  • Me According To Ohloh

  • Meta