Hello Spiral,
[quote name=‘Spiral’]
Does this answer your question?[/QUOTE]
Yes it does.
You really come from an other planet…
Where’s my bicycle?
I hope you take part in open source project.
Lee Li Pop
Spiral,
An interesting post - thank you.
Could you elaborate on where a traditional VPS has security problems and how serious are they? Also I thought that with a reliable host you do get all your promised resources - is this a myth in your view?
Also with cloud accounts is it possible to have your own SSL certificate as well as all the access to your account that a traditional account has?
I ask because a Rackspace staff person explained cloud accounts as having limitations to me recently. I may very well have misunderstood him…
Very interesting post, thanks for providing this Spiral!
It truly does appear that Cloud server hosting is the latest & greatest, and it makes perfect sense why so.
We are currently on a Dreamhost VPS for what it is worth, and I have noticed fluctuations in our site performance at times when we did not have peak activity, so the myth of dedicated resources in a traditional VPS now makes sense to me, as it never performed as if we had dedicated resources. 
I just took a look at VPS.net and they look good on the outside, would you recommend them?
Rackspace appears too pricey to me, as they always have, & Cyber LNC doesn’t have much posted information on this yet.
Thanks!
[quote name=‘Struck’]
Rackspace appears too pricey to me, as they always have, & Cyber LNC doesn’t have much posted information on this yet.
Thanks![/quote]
I’ve got a dedicated server (Not VPS) and can say it’s definetly worth the money. Cloud VPS I’ve heard much about so far (Think Brandonvd is using it?)
I’m still on shared personally however I don’t use my domain for anything more than email these days (http://www.knoxit.com.au)
Thanks All,
I definitely cannot resist looking into the Cloud Server approach further! 
Jesse is right, I am using the VPS Cloud option with CyberLNC. So far I have been very happy.
Unfortunately I am a poor example to go off of though. While I am very happy with the VPS features and the speed of my site, I don’t have a lot to compare it to. Also, unfortunately I don’t have a ton of business so I don’t have the heavy server loads that the system is capable of so I can’t say how it is under heavy server loads.
I do know that now that I have been on a VPS Cloud I have no plans on moving back to a shared host. And if I am going to be using VPS technology than I think the VPS Cloud server is the way to go.
Brandon
Hey Brandon,
Thanks for the input!
I think you have some high levels of turbulance occurring in them clouds at the moment cause your site was about twice as fast last time I visited a couple weeks ago! 
Your site is looking pretty good these days, nice job!
"In fact, on that point, I think most people would be better off downgrading to regular shared web hosting than going with a VPS server if they are unable to afford a dedicated server though now there is thankfully other options. 
"
Spiral,
Your comments on traditional VPS servers as always are interesting - I am wondering if perhaps they are a bit excessive perhaps?
Other than the commonsense drawbacks such as a single server set up for VPS accounts may be doing overtime duty which could lead to a failure, or a poorly configured server could have problems I have not seen much in the way of drawbacks to traditional VPS servers commented on the internet. Not to say that there isn’t some info out there but it is not so easy to find quickly… And I am talking about a VPS server from an experienced host that knows what they are doing. Not a small operation with only a couple of people with limited computer experience.
Could you perhaps give us some examples of real life case histories? With the names changed to protect the innocent of course…
And perhaps some links to other who agree with you?
Thank you!
Hello Spiral,
I agree with Traveler… Especialy when I read VPS.net FAQ’s:
[quote]you will be responsible for maintaining your server[/quote]
Source: [url]http://www.vps.net/vps-hosting-faqs#question-4[/url]
[QUOTE]If you break your system, you can quickly get it running again[/QUOTE]
Source: [url]http://www.vps.net/vps-hosting-faqs#question-9[/url]
[QUOTE]We recommend configuring iptables on all VPSs, as well as keeping up-to-date with patches to keep your systems secure.[/QUOTE]
Source: [url]http://www.vps.net/vps-hosting-faqs#question-14[/url]
OK, there is an optional Managed Services plan:
[QUOTE]VPS.NET does offer an optional Managed Services plan for a monthly fee of $99 with a $45 setup fee[/QUOTE]
Source: [url]http://www.vps.net/vps-hosting-faqs#question-5[/url]
But $99 + Cloud computing hosting, the monthly bill is approximatively same as a basic dedicated server with full service at a reliable company…
With no “maintaining, firewall, up-to-date, patches, OS breaking, security, and more…” worries.
Everyone remembers your last “Security Race” here… And we are far of your knowledge level…
Lee Li Pop
[quote name=‘Spiral’]Excessive? Not in the slightest! :?
While the vast majority of both network administrators and many server owners are fully aware of the common performance pitfalls associated with VPS servers, very few are fully aware of (and perhaps even a bit ignorant of) the real security dangers.
If you knew what I know about VPS servers, you would be very scared of running any site off a normal single server based VPS server account.
Again, I am not talking about how the server is configured or managed …
My comments are directed to a fatal flaw in the design of the technology itselfwhen placed on normal PC processors from Intel and AMD respectively.
I have to be very careful here as it is quite difficult to warn people about the specific dangers without giving all the hackers of the world the very information they need to figure out the problem and exploit it –
– which incidentally, I have successfully done many, many times!
My recommendation to everyone is to bypass traditional VPS servers and if you must get something with root access or a bit more performance than you would find in normal shared or reseller hosting then I would recommend cloud hosting or rather a VPS server that is based on cloud technology and not the other and if you are unsure of which is which then skip it all and just go straight to dedicated![/QUOTE]
Spiral,
As you know you are in the minority here and perhaps the only one who holds this view.
There are certainly many experienced and reliable webhosts who do not agree with you. Many publish their real names and backgrounds which of course gives them greater creditability.
You would be doing us a great service if you could prove your point. Without proof you are not helping us at all, and you leave us to assume that your VPS suggestions are not valid.
I am very much looking foward to your reply and if any of it goes “whoosh” over my head I will email it to someone with formal training in computer science.
Spiral,
I think that you are a friendly person but I am not comparing you to known webhosts because to those on this forum you are simply a poster who enjoys posting and as far as we know you are not a special expert for us to blindly follow as you have not told us your name, degrees in computer science, books and articles published and so on.
While I am not a computer expert I am a trained tax accountant with a masters degree in taxation and we are trained to verify sources of information as are most business people.
I am very clear about the questions that I am asking they are not rocket science I am not clear at all about your answer:
You have made allegations that webhosts with traditional VPS accounts are selling a dangerous product. This is a very strong allegation and you are not backing it up with anything
Please go ahead and clearly post what the problems are.
As for my very limited exoerience I have a traditional VPS account at Wiredtree with no problems and no one I know of has the problems you mention. Granted that my universe is not a large statistical sampling.
At Wiredtree the 3 owners have lots of experience post their names publicly and backup their VPSs with great service with no mystery problems.
Against which a mystery poster with unknown experience makes claims that nobody else seems to agree with.
“…Though if you would like to know more about some of the specifics of some of these underlying issues I am referring but not the instructions how to exploit them, I’d be happy to discuss with you more on those topics privately…”
Please feel free to send me verifiable information
"The only thing that is truly debatable and the real core issue at hand is the topic of whether or not you should avoid getting a VPS server because of this warning of lessor known security problems as well as the many other problems associated and attributed to VPS servers but that is your own choice and risk. "
Again I have a VPS account with an experienced webhost without problems and I know no one that has the problems that you allude to.
Also I am not aware of problems with Traditional VPS accounts other than commonsense practical ones such as wear and tear and possible bottlenecks.
I am not saying that these problems do not exist only that I have no knowledge of them and they must not be very common if they are not widely known.
So again very softly and politely I ask you to tell clearly what the problem is so that we can research and verify it like all good business people do.
Otherwise you simply sound like a conspiracy theorist and we will not take you seriously.
Looking forward to a clear explanation in public preferred or in private as you wish…
Damn Spiral,
A little harsh I think.
As you know I host with CyberLNC and Spiral has been a huge help in getting me set up on the VPS Cloud system. He has explained this stuff to me, but unfortunately I am only a sewer worker and I have no formal computer training so most of what he explained went way over my head. I honestly really can’t add anything to this discussion, so sorry.
What I wanted to comment on was the debate between Traveler and Spiral.
The biggest thing I see is that I read right along with Traveler and got about the same point of view. I don’t think Traveler is really out of line.
I know that Spiral has told me some information about himself, except his name. I too agree that the way this discussion has gone, it does sound a lot like a conspiracy theory.
By all means, I’m not saying Spiral is wrong. Being a sewer worker and not knowing what he is talking about makes it easy for me to play dumb.
But, seriously Spiral, the way you go about telling us these things does make it kind of hard to “believe”. Maybe you could let everyone know on the forums the stuff you have told me and they might feel better about believing you?
I’m not trying to step on anyone’s toes, but like I said above, I don’t think Traveler is really out of line. Since Traveler is a Tax person than obviously servers and hosting isn’t his area of expertise and he has a tougher time understanding the stuff Spiral is talking about. Which like I said above is right along with me.
Brandon
Spiral,
First, thank you for your last couple of posts I have enjoyed reading them - smiling.
“I’m a human encyclopedia where computer security and technical matters are concerned and not much I can do about that. Incidentally I already told you plenty about me in other posts including the questions you just asked if you were paying attention any at all but maybe perhaps you missed that.”
Good to hear that you are a human encyclopedia. I most have missed where you posted your real name and any books and published articles that you have written. Although I did see your cpanel forum post on basic permission issues.
In the business world that I operate in names and reputations are important and people with good educations and career backgrounds are not afraid or shy to use their real names - I am very sorry but I do not buy into your reasons for not using your real name.
Although I believe you are honest and that you actually believe what you post about the impact of your name…
“Well, feel free to start a discussion on taxes and you will clearly rule the topic!”
Off topic - but interesting is that in the world of taxation we are not trained to memorize or know that much about taxes. Instead we learn - how to identify an issue and then research the answer. Sadly I am not active in the area of taxation any more so I would not be of much use in a thread on that subject.
I bring up the issue of research because the points that you hint about in terms of CPUs are of little value when they are out of context. at least to myself. Perhaps your friends and peers might intuitively know exactly what you are talking about?
“Regarding your question on this issue, like I told you already twice now, I would be glad to make an attempt to fill you in privately. I am just concerned about how much information I say publicly on this issue because it could be the “A-HA!” information that hackers need which is precisely what I would want to avoid.”
As I have patiently and politely requested send the information since you have not sent the information I assume logically that it does not exist. I am not being rude this is simply how serious business people think.
“One of the major problems of having an enormously high genius level IQ is being able to communicate clearly and you would probably be surprised how often that is more of a curse than a blessing. Since I do not think the same way as any of you, I often don’t know how much or how little to say and many times when I think I am speaking very clear and simple, I’m way over everyone’s head entirely and, at other times I’ll try to simplify things too much just trying to communicate and everyone thinks I am trying to insult their intelligence.”
As I am not a genius I cannot share your frustrations but I wish you good luck in dealing with the challenge.
One interesting point that you may wish to ponder is that true genius often does a wonderful job of expressing themselves. Cases in point artists, writers, philosophers and so on. In technical areas such as law, accounting and medicine again true genius often do very well at getting their message across.
“If not, I will do my best to try to explain it to you to answer your question but
please lets take that private because of the dangers that information poses.”
Over and over again I repeat - welcome…
“Is their an imminent danger to being hacked? NO, not presently”
Good news so for the moment we can relax and enjoy the Christmas season.
“In addition to all of that, VPS server have much lower performance against their dedicated counterparts so you do take a substantial hit in how well your server operates when going with a VPS server verses dedicated and this yet another
point to consider when deciding between VPS and Dedicated or newer options such as Clustered or Cloud.”
The above is simple clear and very easy to understand. Of course when you pay for “X” performance you either get it in which case all is well or you do not in which case you can raise the issue with your webhost or move on.
At Wiredtree the 3 owners have lots of experience, post their names publicly and backup their VPSs with great service, with no mystery problems.
“They are “hosting owners” so what exactly would be the point of discretion?”
Perhaps you are not trained in the world of business but honesty and reliability are central points to doing well in the business world. and if a web host thought that your observations about traditional VPS accounts were true they would have a moral obligation to talk about it at the least and in my view they should proactively resolve it or retire their VPS accounts. But then again in my training communication and transparency are very important.
“I am however discussing a potential security problem that exists in all VPS servers of which there is currently no means available to close the problem or stop the threat. The one and only thing going for it is that very few people know about it but apparently you want to change that because you are deliberately drawing unnecessary attention to it”
Actually you brought up an explosive subject and if you think that shopping cart users who rely on a stream of revenue are going to simply nod their heads and accept verbatim your comments without clarification in detail then we are very different indeed.
“I was originally only mentioning it in passing as the basis for why I don’t recommend VPS servers but now the whole planet is aware there there a major problem and will probably be looking for it ---- Thanks!”
Again I appreciate your humor - wouldn’t it be nice if the CS cart forum was so popular that the whole world followed it?
[I]
- I am not a “mystery” poster (you apparently don’t read much I see)[/I]
Again without your name you are a mystery poster. When I post in fields related to my career I always use my real name as do my peers. Anyone can post what you have claimed…
“I hope you realize that the last person who said that to me on this topic
lost his server because I used this very problem to gain root access just
to illustrate the point though I was nice enough to help him rebuild things.”
I had no idea. Sounds like you had his permission or I hope so…
Then the only words from you should be “THANK YOU” as the reason you are enjoying “not having problems” is likely because of me!
“Forgot entirely that you are separated from hardware access …
(Try resetting the system clock on a VPS server)
I could still making you a list longer than any of these posts detailing all the problems and issues associated with VPS servers in general.”
Again clear communication which is very welcome. Although as a practical matter they certainly sound like issues for a web host that knows their job. Which means that they are not the concern of a user. Again a good web host has somewhere between zero and very few issues as I am sure that you know given your interests.
“No, the issue you have have been arguing me down on isn’t commonly known
though it has been “long known” for quite some time but the knowledge of it
is presently limited to a very few people and I’m one of them”.
So you say over and over again…
"It’s not hot active in the wild presently but it does pose enough of a potential threat to reconsider using traditional VPS servers."
I was going to do my best to explain things to you further more detailed in simpler terms and try to give you lessons and show you how to break into your own server so you could see what I mean first hand.
I even told the owner of CyberLNC exactly what was wrong with VPS server in technical details in the hopes he might be able to later translate it to you in a form that you might be able to understand better.
In the business world talk is cheap -Convince me and I will donate $100 to the United Nations Childrens fund as appropriate at this time of year. I will of course be very thankful which I publicly state in advance. It goes without saying that I will switch to a dedicated server.
Speaking of which in the spirit of the holiday season I will wish you all the best for you and your family!
This is not moderation in effect but an independant group requesting specific material that is considered “too hot” to handle. Spirals posts have been removed form public viewing and quoted elements have since been removed.
My apologies for those concerned however I stand by my decision as it effects everyone on VPS servers at this persent moment.
Hello All,
I have not been here since yesterday, so I can’t read Spiral’s posts. It’s a pity for me.
I think that Spiral and Traveler are two brilliants brains. They’re absolutely experts in their fields.
Merry Christmas to you! 
Lee Li Pop
[quote name=‘JesseLeeStringer’]This is not moderation in effect but an independant group requesting specific material that is considered “too hot” to handle. Spirals posts have been removed form public viewing and quoted elements have since been removed.
My apologies for those concerned however I stand by my decision as it effects everyone on VPS servers at this persent moment.[/QUOTE]
That is probably for the better as anyone with the proper background could possibly get enough information just from the bits and pieces in my posts alone to figure out how to make use of and exploit this particular vulnerability.
You are correct, it is probably best to censor the sensitive information …
[quote name=‘Traveler’]… and if a web host thought that your observations about traditional VPS accounts were true they would have a moral obligation to talk about it at the least and in my view they should proactively resolve it or retire their VPS accounts. But then again in my training communication and transparency are very important.[/QUOTE]
You can be assured that the hosts out there know what they need to know when it is appropriate and there is an actual “need to know”. It is not unusual or uncommon for those more deeply embedded in the security industry to be aware of upcoming potential security threats well in advance of the public knowing or these issues becoming a problem and what I am doing here is giving you a tiny view into that world in this thread and giving you a “heads up” as it relates to VPS Servers.
I work closely with many, many hosting providers and data centers advising and helping them on security matters first and foremost who often pick my brain on other side server and network related issues as well.
My point is, should this threat level on this particular item be escalated (IE: hackers actually start breaking into sites with it), you can be assured that your host would be notified and brought up to speed.
There are literally hundreds if not thousands of these types of problem each and every year that you don’t know about and probably won’t ever know about, that even your hosting owners and administrators actually don’t know about themselves but they are all fully protected (most of the time) because guys like me are working behind the scenes developing new technologies, software patches, and updates to protect them or actually going into their systems and re-working things to make them protected from new threats coming down the line.
Regarding your questions, I am not exactly being secretive. In fact, I am actually going out of my way to answer your questions and curiosities but at the same time, as Jesse’s post vividly illustrates above, some information simply needs to be handled very delicately for what should be obvious reasons.
Hello Spiral,
[quote name=‘Spiral’]
[…] because guys like me are working behind the scenes developing new technologies, software patches, and updates to protect them or actually going into their systems and re-working things to make them protected from new threats coming down the line.[/QUOTE]
This is the definition of open source, isn’t it?
Thousands are working on it.
Millions, as me, use it and enjoy your hard work every day
Lee Li Pop