Results 1 to 7 of 7
  1. #1
    Join Date
    Jun 2006
    Posts
    77

    Web Hosting Security

    Hi Guys,

    I am conducting some research into potential risks that web hosts have to deal with on a daily basis. What potential security risks are there for web hosts ? And how do they overcome these issues ?

    Thanks.

  2. #2
    Join Date
    Feb 2007
    Posts
    265
    thinks like ddos attacks, so you would need to use ddos protection, brute force attacks,, so anti brute force activities and many more, i could be typing for hours till i have finished
    Master Reseller Accounts
    Shared Hosting
    VPS hosting
    ToastHosts.com support{at}toasthosts.com

  3. #3
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    Quote Originally Posted by ShaolinFinest View Post
    Hi Guys,

    I am conducting some research into potential risks that web hosts have to deal with on a daily basis. What potential security risks are there for web hosts ? And how do they overcome these issues ?

    Thanks.
    What you should do here is harden the server. It will take care of common issues. Then monitor the server if there is any specific attack and take measures to reduce them.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  4. #4
    The largest security risk is your customers. You'd ideally have a script continuously searching for shells etc. It's much harder to find somebody out if they're taking you down from the inside.

  5. #5
    Falls under customer caused.

    Unsecure PHP, such as forums, image galleries, portals and so on. These are exploited using SQL Injections, Remote File Inclusion and Cross Site Scripting. Really had to step up the filtering and monitoring of PHP in the last 4-5 years, as these have grown more popular.

  6. #6
    Join Date
    Aug 2007
    Location
    Greece
    Posts
    390
    Customer caused:
    • Outdated (exploitable) scripts that can cause really a lot of damage (sending spam,downloading/uploading torrents,trying local root exploits,hosting exploits or mp3s etv)
    • Compromized customers computer by a trojan that steals ftp passwords and causes the same problems as the above.
    • *Bad* customers/hackers wannabes who try to exploit local vulnerabilities.
    Some things that fall at the "white noise" of the internet such as:
    • port scans
    • brute force attacks at any service (ssh,ftp,email)
    all the "white noise" can be easily taken down by a good firewall and some password policies (you cant let a user have his password 123 or aaa)

    There are also some things that you have to deal as you grow big or you host certain content (such as IRC).
    The known fear of Ddos that can be anything between a simple udp flood from a C class and a sophisticated multiple location Ddos.If you are under heavy attack you would better contact someone who has his speciality in Ddos protection.

    Of course i am talking only for the digital attacks risk.I believe a hosting company has a lot of risks in bussines plan etc but that is something that i don't (and not willing to ) know.
    NOT a webhost!helping here just for the fun of it!
    G(r)eek inside.

  7. #7
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,686
    What 'security risks' are there for webhosts? The owner, themselves, are most often the highest security risk for any webhost imaginable. Why?

    Your average webhost owner has pretty basic OS skills, if at all. They don't know how to track security issues, or fix them, they don't know how to patch things to make them more secure. They don't know how to update their OS. If they didn't have a control panel behind them, they'd be absolutely lost.

    The average individual doesn't recognize the power they have behind them when leasing a server. If they DO, they use this knowledge to other's detriment. What should be required is for individuals to pass some sort of basic security and knowledge test in order to lease a server. Unfortunately, that will never happen , and that is just sad. Not only would it weed out the industry of the useless garbage, but it'd make it just that much more secure.

    Web hosting "security" isn't about one time applications, it's about knowing who's doing what with your server, being able to patch applications on the fly if needed, and being able to resolve issues , tracking them down to the core of them. There's a very select list of individuals and datacenters that can do that kind of work.

    When owners of hosts and servers take responsibility for their inability to properly maintain, manage, and secure their servers, then the risks will suddenly dwindle down to next to nothing. Of course, for that to happen, you've got to stop offering hosting for $5 to anyone who wants it
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •