Now, this post is more rambling and observations. There’s a new trend I’ve been noticing. I use LowEndBox from time to time because well, the offers are the site suggests are low end and I don’t need a 32-cores server as much as I’d love to have that power at my disposal.
This trend is about the new hosting service providers that have been spawning out from LowEndBox. How they buy, rebrand, and offer the same servers when things go down. It’s business, right? A crappy service provider will give you subpar services. With LowEndBox, it’s usually a person, or two, or three running the hosting business.
Then it hit me… who doesn’t like getting 16 cores (mind you, not dedicated cores, but vcores running at a really low gigahertz) tremendously cheap? It’s perfect… perhaps too good. You sell cheap services… people buy in, they get fed up after six months and leave. Now, what happens to the data? How do you know they haven’t been taking snapshots of your virtual machine? Even if you were to delete your data how are you trusting your data with in the first place?
At the very core a client leaves, and a normal hosting service will just wipe out the data. But, most of those who promotes themselves over LowEndBox are not your standard businesses. They probably create the business overnight, and say they have been in the business since 2011 but in truth they just acquired the domain in 2018 and Archive.org shows proof that between 2011 to 2017 there wasn’t anything in there.
So, what I’m suggesting. Or just, simply rambling about because like I said. This is rambling. I am not accusing anyone or any entity. Most of these new hosting providers, behind them, are Chinese, or Koreans. Simply put, they are unreachable to face any real consequence if things go south.
Now, imagine all the data waiting to be harvested. It’s just sitting there, waiting to be harvested. It’s the real deal here, because if you go with the wrong hosting services I can think of a thing or two that could go down.
- Client area logging password when you log-in, you don’t know what’s under the hood of a login area, usually nobody but the creators do. Password re-use becoming a real threat to users who participate in this activity.
- Risking all your users data and be held liable for choosing a hosting service that incurs in this practice of harvesting your data.
- All users could become targets in brute forcing, credential stuffing, have their mailing address and phone exposed.
- Some service providers ask for driver licenses. I would say under no circumstance you should consider ever handing your social security number if asked.
In conclusion, it’s really scary when you sit and think about choosing a hosting service provider. You don’t know what’s behind each company. I don’t think many people ever sit down and think about this stuff, at least not big businesses or medium companies. But small business owners or entrepreneurs who don’t want to spend much and need that exposure for their service fast.
As for me, I live on the edge on this one. You can see me promoting some cheap services like ArubaCloud. I don’t have anything of importance nor do I have client data so to be honest all I have is this blog. But, were I to load data from a client, it wouldn’t be service offers from LowEndBox or ArubaCloud. It would be with a reputable hosting service provider. The problem is, how do we identify a hosting provider with integrity? You simply cannot. You are paying someone to rent those servers because you don’t want to deal with all the administration behind it. These days you can simply save a snapshot of a virtual machine, redeploy, and call it a day.
I don’t think anyone in the industry would ever be ready to accept major players like Amazon, Microsoft, Google scanning and perhaps mining the data being stored in their servers.