The Byte Stops Here

Pretty interesting stuff. Read more @ http://blog.facebook.com/blog.php?post=262655797130.

The Open Web Application Security Project has updated its list of Top 10 Risks.

Read this article at Information Week for more details.

I've been reading my logs more thoroughly for the past few data and I see a lot of bad traffic. Couple that with CFFormProtect, which tends to block SPAM posts dozens of times per day. Most of the traffic is coming from China unfortunately.

Now looking at my Google Analytics, I do think there is some legitimate traffic from China. For my work, on the other hand, we blocked ALL traffic from China, since we don't do business there and see no need for traffic from there.

However, as a blogger, what do I do? What can I do to conserve server resources without kicking out what may be legitimate readers? What have you done? Any thoughts or advice would be appreciated.

GSI Hosting was really aggresive from the get go about talking on the phone. Once I did, I knew I was talking with guys who knew their stuff, and were in a completely different league. Not only are they experts in the security area for a while, but they've gotten PCI down, and can ask all the tough questions, and answer them right back. They were quick to bring all the necessary experts in the room.

As you can tell, I felt very comfortable with them. Plus, two key points really helped them, one they are among a few certified by Visa as a model for others (and from what I can remember, they even host some of their servers). Second, the company itself started out with CF (in the Allaire days).

It became quickly apparent, these guys had their technical and business chops. They talked about the competition, and how their ROI was different because you would achieve the highest level of PCI Compliance, because they didn't offer toolkits, but their whole environment from the ground up met or beat PCI Standards. What this meant was no unforseen costs, you host, you're compliant under their certification by Trustwave.

They also offered tons of flexibilty. Needless to say I was impressed.

Unfortunately, their cost structure put them at par with Rackspace. But, as you can tell, their was a world of difference between them and Rackspace. We tried really hard to get the cost down, as GSI ended up being my top choice, however they still ended up high, and with the economy, management could not support an increase in spending at this time.

There is so much more to say about these guys. So how do I rank them. Most definitely Tier 4! I would highly recommend them if PCI Compliant Managed Hosting means a lot to you and want premium support and services.

First off, a lot of people like Rackspace. Their website looks very credible, they are publicly traded, and the seems to know what they are doing.

However, my dealings with Rackspace, over the past several years, has shown them to be the opposite. Case in point: PCI Compliant Hosting.

Rackspace offers a "PCI Toolbox." You can tell right away this is not going to be good. At the bottom of the page is a contact our sales team link, and you have to basically fill out a form, which is what I did.

When I originally did this, I did not hear from them at all. Looks like they were too busy for me. 10 days later, I filled it out again, asking if they wanted my business, and they got back to me in 24 hours. I told them about my needs for PCI Compliant Managed Hosting, and they transferred me to someone, who was supposed to know what I was talking about. That person never responded. Days later, I emailed again, and got a generic response. I told them what I needed a quote on, and was told to wait a couple days. I waited.

And waited. Next I emailed again, and this time got a response from a 3rd person, that my quote was being worked on. I asked about how they met PCI Standards, and got generic responses. Basically, they provide you the tools, but your responsible for self-certification, and they'll work with you on any changes. It meant, they'll charge you later if you need more security... yet they sit on the PCI Council.

When I got my quote, it needed revisioning. As you can tell, things moved slowly. I was promised diagrams, which tooks weeks to deliver. In the end, it was an arduous journey.

The cost? They are HIGH. Let's just say, they are 2.5x what we ended up deciding on with our new host. All with little to medium knowledge, potential long term costs, and a poor sales process. How was I to make a case for their "Fanatical Support" after that?

I may attach some of the quotes, documentation and answers for you to see. Still deciding on that. But let's just say, my impression of Rackspace hasn't changed in the past 5 years.

So what Tier would I rank them. Let's make them a Tier 2.

Let me know if you have any comments or questions.