OT: Dealing with a hosting company with it's head up it's rear end

Jon Radel jon at radel.com
Thu Aug 13 20:39:51 UTC 2020

On 8/13/20 16:12, Aryeh Friedman wrote:
> On Thu, Aug 13, 2020 at 3:59 PM André Boon <freebsd at andreboon.nl> wrote:
>> On Thursday, August 13, 2020, Aryeh Friedman wrote:
>>> On Thu, Aug 13, 2020 at 3:04 PM Jack L. <xxjack12xx at gmail.com> wrote:
>>>> Just change the ssh/rdp ports?
>>> All ports except 80 and 25 are firewalled
>> Are you sure port 443 isn't open as well? I would expect so if port 80 is
>> available. That would allow port 80 to be used for SSH if you're OK with
>> only providing HTTPS.
> They have a whacko firewall config that will eat 443/decrypt it/forward it
> on as plain http via a proxy on the firewall
Well, the availability of TLS off-load is arguably a feature, but to
require the use of it...  Apparently they acquired a security consultant
with a rather limited, and limiting, view of how the world works.  Or
even worse, they don't have a security expert involved and are making it
up as they go.

Much as it pains me to say this, it's probably time to involve the
lawyers and figure out whether the contract has been explicitly or
implicitly breached and see if you can shed the vendor without too big
an expense.   This probably comes down to the extent this project was
discussed as part of the sales process and what representations about
suitability the provider might have made.

And then move to an IaaS provider that gives you direct control over
most of these matters and leave this wacky little PaaS provider to the
market they appear to be aiming for--presumably WordPress sites and the

--Jon Radel
jon at radel.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4177 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20200813/6108621e/attachment.bin>

More information about the freebsd-questions mailing list