|
You're right but... IMO, anybody that decides to venture into hosting should behave as though they've just walked into a warzone with a huge red bullseye on their back, and take precautions accordingly. Yes, there are certain things that just aren't immediately feasible before you launch, but the goal should be to get basic redundancies online quickly while you're operating. By the time you have 4,000 customers, if you don't have backups for your backups, you're being negligent. And I say that without any malice whatsoever ... my experience with a lot of hosting companies, both big and small, is that Distribute wasn't doing anything out of the ordinary. The thing is, targeting backups isn't new at all. It's been done before, and made the news before; at this point, it's not something that should surprise a sysadmin. i.e., the thought process immediately after setting up your backups should be, "OK, now what happens if a hacker tries to hit them too?" So, yes, this is armchair quarterbacking, and yes, this is common behavior in the industry. But that still doesn't make it excusable in the least. EDIT: Just to expound a little more on this, the reason I have such a hard-line stance on this is that, as a hosting provider, you are effectively taking responsibility for your customers' data and, in some cases, their livelihood. Yes, ideally, every customer would have their own backups and could move themselves to another host within an hour, but the reality is that it doesn't happen that way. Customers often have websites whose only copy is on your systems, email that's stored only on your systems (because they habitually use webmail, a service that you provide which makes that problem possible). Having "not our responsibility" in your TOS is very much not enough; you must be taking every reasonable precaution to safeguard your users' data, and in this case, Distribute -- along with many, many other hosting providers -- was not, because they did not have secured backups. |