Hello all. I don't know about you, but my interest and knowledge is within software and web development. I am also an independent web worker. I don't have any specific knowledge about web server security or ISS configuration best practices. Actually, I really don't like hardware at all! Yet, it's completely up to me to secure my own web site. Obviously, this opens for errors and mistakes. To make this rant as short as possible - I wish DiscountASP could do the server configuration for me in the form of a default secure setup. This is not how it works today, but this is how it should work. At least you should offer your customers an easy to understand step by step instruction in how to configure IIS. A checklist for web server Dummies maybe. Have you ever considered moving your services into this direction? I'm sure it would be highly appreciated by most of your customers.
Hi @TerjeH. The default account setup is secure. In fact it's 100% secure, mainly because it's 100% empty. Securing the server and securing your website are two very different things. The server is as secure as a public-facing server can be. Sites typically become vulnerable over time and through general use. What I mean by that is we've recently been doing a lot of compromised site investigations, and in 9 out of 10 cases, we're finding that sites are compromised through third party applications. Meaning the user uploaded an application that allowed compromise. Either through a poorly coded app, or because the user failed to update the application for a long period of time. Sometimes people forgot they even uploaded an application, but that old, unused application is like honey to the bots that search for exploitable sites. What are you looking for from us, specifically? If you need security work done on your site, we recently started providing hourly consulting/cleaning services on a limited, invitation-only basis. We're offering it to people who have repeated incidents of site compromise and aren't able to determine the cause or fix the problem themselves. But it doesn't sound like that's what you're after...
