My reply inline. Michele Neylon :: Blacknight wrote:
On 29 Apr 2009, at 11:36, Derek Smythe wrote:
And maybe real banks do use shared hosting along with 560 other websites and the regulators allow it.
Do financial regulators take into account hosting in their checks and balances? I somehow doubt it
We host a number of banks and financial institutions on shared hosting for the simple reason that they are not transacting online
Agreed. The example I chose deliberately showed the online transacting portion as well. These also do not reside on free shared accounts. I have been instrumental in many bank audits.
It does not take a brain surgeon to recognize a scam, just some experience in the understanding of the scam.
Well maybe if the people reporting the scams were to send abuse reports in English instead of techno-babble it might help
May I challenge you and give you five domains to process by your methods? You decide if they are legitimate, how to process them etc?
Talk is cheap, but the victims to these are real.
And I think you are conveniently missing the point entirely
If takedown notices etc., are not done properly innocent bystanders can be impacted. If company X's CMS is on a machine with 500 websites and the cms is cracked / attacked / defaced which allows a phisher to put up a paypal / Bank of whatever scam site, how would you like to see it handled?
That would depend on the potential harm. Sadly most people do not understand the difference between a 419 scam bank and a phishing site. Key is careful investigation. If we talk phishing, most of these are hacks with a few exceptions. The immediate step is disabling access to the phish while preserving evidence. Most web servers allow that. That definitely does not mean the the whole website or server has to go. You may have to disable a feature or two to secure the server and prtect your other clients, also their potentially private data. I am sure you would agree.
I suspect you'd want the site offline as quickly as possible...
The compromised site normally not, the phish yes - see above. Of course a follow up of how the breach occurred is important to avoid a repeat.
Reality check - the hosting provider can't just pull the plug
No, however if the provider is happy he has sufficient evidence of the scam, he has his ToS/AUP to disable the scam site or contents. If he fails to enforce that, we can expect the one scam to become two, four eight ...
Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/at-large_atlarge-lists.icann...
At-Large Official Site: http://atlarge.icann.org