Unsecure PHP, such as forums, image galleries, portals and so on. These are exploited using SQL Injections, Remote File Inclusion and Cross Site Scripting. Really had to step up the filtering and monitoring of PHP in the last 4-5 years, as these have grown more popular.
Outdated (exploitable) scripts that can cause really a lot of damage (sending spam,downloading/uploading torrents,trying local root exploits,hosting exploits or mp3s etv)
Compromized customers computer by a trojan that steals ftp passwords and causes the same problems as the above.
*Bad* customers/hackers wannabes who try to exploit local vulnerabilities.
Some things that fall at the "white noise" of the internet such as:
brute force attacks at any service (ssh,ftp,email)
all the "white noise" can be easily taken down by a good firewall and some password policies (you cant let a user have his password 123 or aaa)
There are also some things that you have to deal as you grow big or you host certain content (such as IRC).
The known fear of Ddos that can be anything between a simple udp flood from a C class and a sophisticated multiple location Ddos.If you are under heavy attack you would better contact someone who has his speciality in Ddos protection.
Of course i am talking only for the digital attacks risk.I believe a hosting company has a lot of risks in bussines plan etc but that is something that i don't (and not willing to ) know.
NOT a webhost!helping here just for the fun of it!
What 'security risks' are there for webhosts? The owner, themselves, are most often the highest security risk for any webhost imaginable. Why?
Your average webhost owner has pretty basic OS skills, if at all. They don't know how to track security issues, or fix them, they don't know how to patch things to make them more secure. They don't know how to update their OS. If they didn't have a control panel behind them, they'd be absolutely lost.
The average individual doesn't recognize the power they have behind them when leasing a server. If they DO, they use this knowledge to other's detriment. What should be required is for individuals to pass some sort of basic security and knowledge test in order to lease a server. Unfortunately, that will never happen , and that is just sad. Not only would it weed out the industry of the useless garbage, but it'd make it just that much more secure.
Web hosting "security" isn't about one time applications, it's about knowing who's doing what with your server, being able to patch applications on the fly if needed, and being able to resolve issues , tracking them down to the core of them. There's a very select list of individuals and datacenters that can do that kind of work.
When owners of hosts and servers take responsibility for their inability to properly maintain, manage, and secure their servers, then the risks will suddenly dwindle down to next to nothing. Of course, for that to happen, you've got to stop offering hosting for $5 to anyone who wants it
WHMCS Guru - WHMCS addons, management, support and more. WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
Always looking for Linux, WHMCS, Support Desk work. PM for details