priyadi
02-14-2002, 03:27 PM
Greetings...
Recently I'm becoming very interested in security and privacy in shared hosting environment as it seems not every other hosting business are aware of this particular issue. I run our local web hosting business for more than 4 years, and since the beginning I paid very serious attention to this issue. I also write our own control panel, and I did a complete rewrite once and a major overhaul once because of this issue. I think this issue is very serious as it practically can't be easily detected.
Now I decide to offer fellow web hosting business my experience to this issue. Here are what I will try to do:
- ensuring a user will not be able to view other user's files
- ensuring a user will not be able to get a list of other domain on the same server
- ensuring a user will not be able to consume more than a specified resource limit
- in a limited way, I will try to find anything in your control panel that can reduce the server security
I will NOT do the following things however:
- package upgrading and verifying
- firewalls and IDS
- and other security problems
In short, I'm only interested in solving problems related to shared hosting environment. And I'll only accept Linux or BSD system. No Windows, as I'm totally inexperienced in Windows.
The audit will be done as follows:
- you create two shared hosting account in a single server, you give me the username and password of one of them, no root access on my part required.
- then I will use the account to do my audit
- at the end of it, you will receive my detailed report and recommendation
- sometimes, I will be able to fix the problem found on the audit if you provide me with your root password, but this is not necessary for the audit itself.
If you are interested please drop me a PM.
PS. I'm also interested in exchange deal, where I audit yours and you audit mine, but of course this requires that you are a qualified person yourself :)
Recently I'm becoming very interested in security and privacy in shared hosting environment as it seems not every other hosting business are aware of this particular issue. I run our local web hosting business for more than 4 years, and since the beginning I paid very serious attention to this issue. I also write our own control panel, and I did a complete rewrite once and a major overhaul once because of this issue. I think this issue is very serious as it practically can't be easily detected.
Now I decide to offer fellow web hosting business my experience to this issue. Here are what I will try to do:
- ensuring a user will not be able to view other user's files
- ensuring a user will not be able to get a list of other domain on the same server
- ensuring a user will not be able to consume more than a specified resource limit
- in a limited way, I will try to find anything in your control panel that can reduce the server security
I will NOT do the following things however:
- package upgrading and verifying
- firewalls and IDS
- and other security problems
In short, I'm only interested in solving problems related to shared hosting environment. And I'll only accept Linux or BSD system. No Windows, as I'm totally inexperienced in Windows.
The audit will be done as follows:
- you create two shared hosting account in a single server, you give me the username and password of one of them, no root access on my part required.
- then I will use the account to do my audit
- at the end of it, you will receive my detailed report and recommendation
- sometimes, I will be able to fix the problem found on the audit if you provide me with your root password, but this is not necessary for the audit itself.
If you are interested please drop me a PM.
PS. I'm also interested in exchange deal, where I audit yours and you audit mine, but of course this requires that you are a qualified person yourself :)