• Home
  • Domains
  • Internet & Tech
  • Security & Privacy
  • Google & Search
  • Editorial Praise
  • Contact

Strategic Revenue - Domain and Internet News

Internet news authored by John Colascione

Register Domain Names

  • Isn’t Print Dead?
  • Killer Acquisition
  • New gTLD Death
  • Online Censorship
  • Semantic Indexing
  • You’re A Loser
You are here: Home / Domain Names / It’s Only A Matter of Time Until You Need to Be Licensed to Operate A Web Server

It’s Only A Matter of Time Until You Need to Be Licensed to Operate A Web Server

May 5, 2020 By John Colascione 6 Comments

*** Here Is A List Of Some Of The Best Domain Name Resources Available ***

Register Domain Names

PALM BEACH, FL – I have been thinking about this off and on for a few years now, but I have never really posted or written about it. That is because it is an awful prediction that I hate the idea of, but I think it is going to eventually happen. Here it goes….

I predict that to operate a web server sometime in the near future, you will be required to have a license, or have passed a basic course in IT security or Cybersecurity intrusion mitigation. Not at the single site consumer level, but at the dedicated or semi-dedicated level.

Yea, it sort-of sucks, but I think its going to happen eventually. Believe me, the last thing I want is more bureaucratic hoops to jump through, in order to do my job, but I believe it is going to be necessary for consumer safety.

Big companies like GoDaddy, HostGator, Rackspace, will themselves be licensed and will be able to assign customers a single web hosting account for a single domain without issue, but a customer who is able to sub-lease space and then assign that space to various different domains or customers without any oversight whatever, those persons will need to be licensed, registered or have passed exams, with some sort of governing body that has provided them the permission as well as assigned a level of responsibility for those sub-leased accounts, so that when that authorized party does so, irresponsibly, that license or permission can be stripped or revoked. Such a move will create more accountability for all web space.

Hacking, phishing, and virtual theft is just about everywhere nowadays.

Just moments ago, I was alerted by WordPress Security service WordFence.com, that 28,000 GoDaddy hosting accounts were compromised – last year – via an SSH vulnerability. We are finally finding out about it now, that those 28,000 accounts were vulnerable to intrusion.

SSH (Secure Shell) is a server connection method which can give an attacker full control of a web hosting account to pretty much do as they wish, and is often used, when maliciously, to either A) take over a web server and put up a fake misleading website, or B) to gain control of the mail server and send spam (usually to send people to a fake site).

To hackers, a fresh previously uncompromised machine, or even single website hosting account is extremely valuable because it can be used to fool people while hiding the perpetrator as well as by-pass spam filters as the IP address assigned to the hosting account is likely clean and can be used until it is banned, especially if the machine has multiple IP addresses assigned to different sites and can be reconfigured to send spam from different IPs. Clean sites also show up in search engines and can harvest search traffic to redirect users to nefarious places.

I remember years ago, probably about 12 years ago, before the frequency of hacking we see today, I was hacked and taken advantage of, but quickly caught on to the scam and shut it down. I was, at the time, using HostGator, and someone had compromised a single site on my server and created a sub-folder section of the site (which I had no idea existed) and put up a fake bank site. They then compromised someone else’s server and used their server to abuse their mail system, sending users to the fake bank site on my hosting account attempting to get them to login and capture their username and password.

I was tipped off by the hosting company that suspicious traffic was hitting one of my sites and that the hosting account would be shut down if I did not mitigate the situation. I immediately reviewed the fake site, and disabled access to it, but I wanted to see what it was that these scammers were trying to accomplish, so I downloaded all of the HTML code and when reviewing the sites code, I was able to ascertain that the login form on the homepage of the fake bank site, was designed only to refresh the screen and send users to the real bank site, which was The Bank of India, and immediately send the users login credentials to the scammer via a very simple PHP email form (consumers would just assume they mistyped the credentials and try again). What a clever scam, and I felt violated as being a part of it.

At the end of the day, who was accountable for my vulnerability?

No one.

That experience taught me that part of my job for each and every hosting account I manage is security mitigation and hacking prevention, because ultimately I am responsible for my web space and I don’t want to have to migrate all over the place for violating ‘acceptable use policies’ or ‘terms of service’ agreements through irresponsibility.

But if I do, what stops me from just moving to a different server provider?

Nothing.

There needs to be more accountability for those who provide web space to third parties.

Again, if an irresponsible web server operator gets shut down at one hosting company, what prevents them from just moving on to a different hosting company and doing the same thing, even if just carelessly at fault?

Nothing at all.

We have already seen merchant account owner requirements when it comes to PCI compliance (Payment Card Industry Data Security Standard), something all merchant account holders are responsible for. In the State of New York, and likely other states, they have begun to place some sort of accountability through the Division of Financial Service (DFS) with their “Certification of Compliance pursuant to 23 NYCRR 500” or “Cybersecurity Regulation”. This new regulation requires companies who have been licensed in financial services areas to have a dedicated responsible party or “Chief Information Security Officer” which addresses data vulnerabilities and risks. These officers are also responsible for third parties or ‘affiliates’ they share information with. If and when there are issues companies risk loosing their license.

But what risk is there for the provider of web-space?

Nothing.

It is just not rational for today’s growing importance of the Internet, as well as today’s growing need of privacy and security to have “Nothing” in place, to hold accountable the provider of the venue used for compromise, so do not expect the Wild West to last, especially the cheap virtual server accounts to anyone with $20 and a credit card that works.

John Colascione
John Colascione

About The Author: John Colascione is Chief Executive Officer of Internet Marketing Services Inc. He specializes in Website Monetization, is a Google AdWords Certified Professional, authored a ‘how to’ book called ”Mastering Your Website‘, and is a key player in several Internet related businesses through his search engine strategy brand Searchen Networks®

Filed Under: Domain Names, Privacy Issues, Security Issues Tagged With: Accountability, Attackers, Bureaucratic, Compromise, Compromised, Consumer, Consumer Interest, Consumers, Credentials, Cyber-security, Cybersecurity, Data Security, Dedicated, Domain, Domain Name, Domain Names, Domain Redirects, Domains, Email, Email Phishing, Email Scams, Email Threats, Fake, Fake Website, Fake Websites, GoDaddy, Godaddy.com, Hacking, HosGator, Host, Hosted, Hostgator, HostGator.com, Hosting, Hosting Account, Hosting Accounts, Hosting Network, Hosting Space, Identity Theft, Illegal Scam, Internet Security, Intrusion, IP Address, IP addresses, IT Governance, Login Credentials, Malicious, Mitigate, Mitigation, Nefarious, Oversight, Phishing, Phishing Scam, Phishing Scams, Phishing Sites, Rackspace, Redirect, Redirect Traffic, Redirected, Redirecting Domain Names, Redirecting Domains, Redirecting Traffic, Redirects, Root Server, Root Servers, Safety, Scam, Scammers, Scams, Search Traffic, Security, Security Analysis, Security Breach, Security Vulnerabilities, Semi-Dedicated, Server, Servers, Spam, Spam Filters, SSH, Sub-Lease, Theft, Vulnerabilities, Vulnerability, Vulnerable, Web Hosting, Web Hosting Company, Web Hosting Service, Web Server, Web Space, Website, Website Address, Website Hosting, Websites, WordFence, WordPress, WordPress Plugin, WordPress Plugins

*** Here Is A List Of Some Of The Best Domain Name Resources Available ***

Register Domain Names

Comments

  1. RaTHeaD says

    May 5, 2020 at 10:36 pm

    i am a very competent prognosticator because i only make predictions about the past. predicting the future can be quite tricky.

    Reply
  2. lifesavings.online says

    May 5, 2020 at 11:01 pm

    I agree site security is important. I wrote my own SEO article and included site security. It’s that important. I even venture to believe google may (if not already) give a little extra credit to sites help themselves.

    Google bot is coded to only crawl so fast. If you can figure that out, then step 1 of website management: throttling requests. If your webpages have 20 requests, no one needs 500 requests per minute. If they’re doing that, they’re a bad actor.

    That’s asking a lot though…lol *Most sites* don’t even hide their wp-admin / admin.php…Like wow. Someone is trying to crack their site right now…and they are complacent. Draining their server resources and they don’t even know it.

    So many times, someone has their site hacked one way or another. Once it happens, surely your rankings will take a hit. Whats more, in many cases, they don’t even know it’s happening lol!

    Reply
    • John Colascione says

      May 5, 2020 at 11:12 pm

      That’s actually a good topic, hiding the login area. Many probably don’t do it while it is very easy and stops all brute force login attempts. I use WPS Hide Login. I also by default block WordPress xmlrpc.php requests and use WordFence. That is a good and helpful topic which I will considering covering soon.

      Reply
      • lifesavings.online says

        May 5, 2020 at 11:28 pm

        Yes, the xmlrpc! I tried writing about this @ namepros and got laughed at.

        I explained (what I do) is ban any IP that gets 2-3 404 requests within 2 minutes. They teamed up to call me an idiot.

        I was really trying to teach them

        1) your site shouldn’t have ANY broken links, so 404 via internal link isn’t an issue.

        2) your site should have ‘smart urls’, that is when someone makes a reasonable typo, the page they *meant* to go on still loads. If you view a page on my site, and type just some of the URL, or misspell it, you’ll see – you still get the real page. Again – non-issue, no 404 result..

        3) if they are getting a 404 via an external link, that’s just x1 404. If they are legit, they’re not going to hit another inside my site.

        So. What;s the point? I send known hacker attempts (xmlrpc / author looks ups etc) to that 404.

        The bot gets 2 chances, then it’s adios

        Yes. They ridicule this kind of talk on forums. Domaining…not very welcoming to the industry in which they are tied to the hip.

        The industry is full of themselves. I do not recommend domaining forums for web development chat. They’ll hate you for it – my experince.

        Reply
  3. lifesavings.online says

    May 6, 2020 at 12:10 am

    Check out https://clearfy.pro

    Best $ you’ll ever spend. It does what it says and more. It will replace 10+ other plugins. It will help you in ways you don’t even know exist.

    There’s also their titan firewall (30 day free premium trial)…It’s newer and I haven’t tested it much, but I expect it to be better than wordfence.

    Yea, it’s a lot of work to explore – damn extensive…I mean it, the hide login, there’s image compression / automatic .webp serving (the robinhood module). you’ll spend 2 days just looking at all that it can do.

    Obviously backup your site first.

    Reply
  4. Dewlance says

    May 8, 2020 at 1:42 am

    hmm, means customer is not responsible for security of their website?

    – Do not use nulled plugin.
    – Do not download theme from any site unless you trust them.
    – Update your plugin/theme time-to-time.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search This Site

by: John Colascione

John Colascione

Logo
John Colascione is Chief Executive of Internet Marketing Services Inc. He specializes in Website Monetization, authored a book called Mastering Your Website, and is a key player in several Internet businesses through his brand SEARCHEN®

The Published Reporter

The Published Reporter

Fellow Me

Twitter

In The News

  • DNJournal: New Book From Veteran Domainer
  • From Brandable to Exact-Match Geo Domain
  • InnovateLI: Two Deals, One Very Interesting Digital
  • Internet Commerce Association: John Colascione
  • NamesCon: Featured Attendee: John Colascione
  • Long Island Media Inc, SmartCEO, Future 50
  • Speakers, Name Summit, John Colascione
  • Speakers, Real Estate Summit, John Colascione
  • 24 Leading Domain Experts Analyze 2017

Popular Stories

New gTLD? Not So Fast; History Suggests New ‘Right of the Dots’ Could = Total Failure

Could Domain Investing Industry End with Legal Provision for Domain “Hoarding”

Does the Domain Industry Suffer From Own Versions of Trumpted “Fake News” Stories?

Websites and Domain Names to Become Insignificant within 20 Years or Less

List of 300+ Cryptocurrency Domain Name Sales and Sale Prices [All Time] (NameBio)

Quotes to Follow

quote icon The domain name is equivalent to Gold. It is the only packaged item which is globally tax-free, portable, with value that is universal across different cultures. quote icon – Frank Schilling

quote icon Domains have and will continue to go up in value faster than any other commodity ever known to man. quote icon – Rick Schwartz

quote icon  Google knows you, your friends, your likes, what entertains you, where you are in the world at any given time. Google will soon predict your next action, your next thought, based on a collaboration of thoughts past. quote icon – John Colascione

Like These Headlines?

Enter your email address:

Delivered by FeedBurner

T.L.D. Brokerage

Domain Brokers

Domain Reseller

Leaving Cash On The Table? Join The Best Domain Reseller Program (discounts + revenue)

Recent SEDO Weekly Sales List Includes “LLL.org” Domain Name Sale for $35,000

PALM BEACH, FL – According to the latest SEDO.com weekly domain sales report, the three letter “LLL” web address "FTP.org" just sold for $35,000.00. Other recent sales of “LLL.org” … [Read More...]

GOOG To Follow FB With Restrictions On Housing, Employment, and Credit Ads

WEST PALM BEACH, FL - Usually Google is a leader in all things advertising, however, a recent update to policy by GOOG (NASDAQ) will have it following Facebook (FB) where the ad giant will implement … [Read More...]

Data Breach: Unauthorized Party Accessed DoorDash Customer Information

SAN FRANCISCO, CA - According to recent reports, a new data security incident has surfaced. DoorDash, a popular food delivery app, detected suspicious activity from the computer network of a … [Read More...]

Domaining blog recommended by Domaining.com
Copyright © 2010-2021 StrategicRevenue.com - Property of Internet Marketing Services Inc.   FeedBurner: RSS   RSS
By using this site you agree to our Terms of Service and Privacy Policy. If you do not agree, please exit the service.