Moonchild wrote: ↑2019-07-20, 11:14
What is childish is the blown out of proportion responses as if I was some bumbling fool that shouldn't be let near a server (including your response here).
Well, i admit some people might be a bit harsh but you have to understand the part that gets you the backlash is where you blame the provider. It's a huge accusation backed with pretty much nothing. Do you really think you can 100% rule out external intrusion? That kind of overconfidence and blame shifting sets off red flags all over the place and causes people to question your abilities.
Moonchild wrote: ↑2019-07-20, 11:14
Perhaps I was too complacent in trusting the environment to the level I did, which would be my fault in retrospect, but that doesn't make my administration of the server poor per se. There's only so much you can be paranoid about in your administration.
I disagree. You can and should be paranoid about EVERYTHING. If everything is to much to keep track of chances are you have to large of an attack surface and you should minimize it. Sure, oversights happen. Zero days happen. Even negligence happens. Been there, done that. Believe me, just taking responsibility would have made you look so much better.
Moonchild wrote: ↑2019-07-20, 11:14
The point is, I assume that if I pay for a virtual server, that that virtual server is properly secured
Unless you buy managed services securing the VPS is your responsibility. Always been like that and always will be.
Moonchild wrote: ↑2019-07-20, 11:14
and separated as an environment at the node side, which doesn't seem to have been the case.
And this is where it gets really interesting. How do you come to that conclusion? Given we are talking about a virtualized instance of windows here full virtualization and thereby separation can be assumed by default. Are you pointing towards internal networking? I am genuinely curious. Please clarify.
Moonchild wrote: ↑2019-07-20, 11:14
And yes, they clearly don't care, because they provide insecure services for some of the operating systems they offer
Care to give some examples? As is that says pretty much nothing at all as "Insecure" is a pretty broad term. Again i am genuinely curious what you mean.
Moonchild wrote: ↑2019-07-20, 11:14
For all I know it was targeted sabotage by the provider itself which honestly can't be avoided by any security setup you may have.
Sure they could do that but for what reason? Is there anything to gain for them? No. A repuation to lose? Yes. You are not talking about some kiddy bedroom hoster here, mind you.
Moonchild wrote: ↑2019-07-20, 11:14
If there was any doubt about the setup not being remotely secure, I would have owned up to it, but I know for a fact that it was -- all reasonable steps were taken to prevent unauthorized desktop/session access to the Windows server, including a specific IDS for all services running on it that would grant remote access.
Jeez... Resonable secure? Sure why not. Unbreakable? Give me a break. You can't be serious. It's such statements that make people doubt your abilities.
TL;DR: Please add some technical details to your claims so it's possible to evaluate how you came to these conclusions. Who knows, maybe you have a point but as is it sounds like hot air, sorry.
Btw, what's the reasoning for using windows on a file server?