The Dangers of Shared Hosting: - The HP Security Laboratory Blog -
The HP Security Laboratory Blog » The Dangers of Shared Hosting:
The Dangers of Shared Hosting:
When you pay someone to host your website, chances are your site isn’t running on a single box all by itself. Hosting companies like GoDaddy or Rackspace use shared hosting, which means your website is stored on a computer with multiple other websites to conserve resources and raise profits. This leaves your data on a system that is making all of its users share the same resources assuming that none of the users will run vulnerable software. This means that if one of those users is compromised, then all the users are compromised. Are you prepared to put your site’s security in other people’s hands?

We touched on the issue of default scripts in a previous post where GoDaddy servers were compromised. Hosting services may provide default web pages, scripts, or CGI gateways for sending mail, uploading files, posting to forum, etc. These are dangerous for two reasons. First, they are open source so that anyone who uses that hosting provider can see the source code and find vulnerabilities. The trick is only customers of the hosting provider can examine the source so the scripts don’t get the same number of eyeballs finding problems as traditional open source applications get. The second reason default scripts are dangerous is due to the further reaching consequences. This means that if an attacker finds an issue in a default script and can properly exploit it, then all the accounts on that server could be compromised. Exploitation like that could be far reaching to thousands of domains with thousands of users all running off of a single server. This high payout for a single vulnerability means that shared hosting environments are targeted more and more by attackers.
Posted 07-14-2006 2:52 PM by erik.peterson

Comments

A very satisfied rackspace customer wrote re: The Dangers of Shared Hosting:
on 01-04-2007 12:00 PM
Rackspace provides manage hosting. They should not be compared to GoDaddy.
John wrote re: The Dangers of Shared Hosting:
on 07-28-2007 2:47 PM

I've been a shared hosting customer with GoDaddy for over a half dozen years and over the past 2 years I've had the index pages on my only hosted site hacked on at least 4 occasions.  I've had to go back and remove and replace the index pages.  GoDaddy reps have steadily told me that it's my FTP password.  The passwords I've used are long and complex, and my computer is secure (scanned for viruses, spyware, adware etc daily), so I have been baffled as to why I've been hit.  Then, very recently, I heard from 3 friends who also have GoDaddy shared hosting, and they've said that their index pages were hacked.  That is when I decided to Google search for other possigle answers.

PART DEUX:  Over the past 2 years, when I've checked to see if a page I have made for someone would come up in a Goodle search, I have (on several occasions) seen the page appear in a Google search result ... but with a warning saying something like, "WARNING: This page can harm your computer!".   The entity that causes that Google "warning" is StopBadware.org  .....   So, now I have two problems, one is my site got hacked and secondly, I now have to deal with StopBadware.org to have that warning removed from the Google search results.  StopBadware probably provides a good and needed service, but they're arrogant and smart-assed.  After submitting "requests" to their web forms, they send back an email saying (paraphrasing here), "We see your site is okay now and we'll tell Google to remove that nasty warning, BUT if you should do this again, we ain't gonna be in no hurry to help remove that warning."  In other words, they threaten you.  

I just got off the phone with another GoDaddy tech support person who told me that if someone can get into a server of shared hosting accounts ... ore into one shared hosting account, they still cannot get into my account or change my index pages.   Is that true?

Thanks!!

glen finch wrote re: The Dangers of Shared Hosting:
on 10-29-2007 11:09 AM
You need to correct your post. Rackspace do not offer shared hosting in any shape or form and never have. Rackspace specialize in Managed Dedicated Hosting. Its a dedicated server - your are not stored on the same server as other sites - you are not sharing resources (server resources) no shared servers, no VPS, etc. has been the keystone of Rackspace's business since its inception.
erik.peterson wrote re: The Dangers of Shared Hosting:
on 10-29-2007 11:16 AM

Corrected, thanks Glen.

dre wrote re: The Dangers of Shared Hosting:
on 10-31-2007 3:09 PM
Lesson: don't use shared hosting providers, especially GoDaddy - although there is worse. If the hosting provider spent 5 minutes per server installing SpyBye, implemented DNS forwarding to OpenDNS, prevented outbound SYN, and replaced SSH and FTP with Ajaxterm over SSL using 2FA and OTP's or REST (while only allowing 80 and 443 in) then they would have less of these problems. Of course, they'd then have to work on their software security... which is basically an unsolvable problem at that scale.
Web Radio wrote Web Radio
on 12-24-2008 1:13 PM

Andere haben Werbebanner in gratis Web Spaces vorgesehen.

Add a Comment

(required)  
(optional)
(required)  
Remember Me?

Type the numbers and letters above:
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems