I believe it depends on how well the server is managed and secured. Most people get hacked due to vulnerabilities in outdated scripts and software running on their websites and webpages.
Very true, It does not just happen via Dedicated Servers or Resellers it happens commonly on Shared Servers the same.
As Jonathon stated, It does come down to the vulnerabilities in scripts that clients place on the server. Lets not say it is primarily the clients but sometimes webhosts themselves.
In the better part, Webhost do keep their systems updated to keep customers protected. However, It does not always turn out to be the case, Sometimes it does not matter how good your servers are protected some hacker is bound to find a way in if they want it!
██ l Dedigeeks (Twitter) • Shared • Reseller • Cloud VPS • Since 2010
██ l Leading AU Hosting Provider • Multiple locations - around the globe!
██ l cPanel/WHM • R1Soft Backups • 24/7/365 Support • 99.9% Uptime Guarantee
██ l www.yourcompanynamehere.com • Customer Service Rep. • Superior Service Guarantee
The mass defacing were almost always as a result of a privilege escalation exploit in the kernel that was not patched by the host. Some cases it's been 0 day attacks at large hosts using a privilege escalation exploit. As far as any others it's permission issues here and there on some hosts. For the most part with suPHP or fastcgi suexec for PHP and perl the same thing it's much more difficult to do damage. Even if you exploit one site getting at others is very difficult unless the all the users chmod every file to 777 and there is also no directory restrictions in say the PHP (openbase_dir)
█ Tony B. - Chief Executive Officer
█ Hawk Host Inc. Proudly serving websites since 2004
█ Quality Shared and VPS Hosting
█ PHP 5.3.x & PHP 5.4.x & PHP 5.5.X & PHP 5.6.X & PHP 7.0.X Support!
I suppose you need to check your web applications and make sure if they are updated to the last versions. I know and that is not rare but web hosting accounts are being hacked due to this not because of web hosting company
It's bound to happen from time to time as exploits are discovered and taken advantage of before they can can be patched or before the people involved in patching the systems are even aware of the issue. While this is rare it's still going to happen from time to time.
Larger companies are going to likely be the targets of such attacks as more damage can be done in less time where as with a smaller company it would likely be done out of a grudge/vendetta as apposed to just an attempt to do as much damage as possible.
As stated account "jumping" hacks are more rare, IF a host is properly secured...but who knows what some bad guy will find a hole in tomorrow? It's a constant battle for security and it involves the customer as well as the host. So as a member of the security firm we use told me, all the security procedures out there are like locks on doors. They do a good job of keeping honest people honest.
But with today's bot-nets of over a million computers being common and with the "black hats" being faster than lightning to let their fellow hackers know of a new exploit they found you can have millions of computers hitting a zero-day exploit before whatever it is had been discovered by whoever needs to patch what and then the patch coded and issued.
So I would never say "it's over".
Although today a prime target is VPS. Here you have inexperienced people who are basically aministrating their own mini-server and may leave settings or permissions wide open to common exploits because they just signed up for a VPS not realizing that unlike a reseller they would have control of whether say suPHP is enabled or not or being familiar with setting up accounts and giving them permissions.
Because a VPS provides a far bigger & more powerful connection the the net they make for a far more valuable part of a bot net and the level of basic "hardening" done for VPS varies from provider to provider (as do things like automatic OS updates etc.) -but even hardened the VPS "owner" could still turn something off not knowing what they are doing.
And it will only get worse, the bad guys aren't some kid at his desk "playing hacker" after school (although I'm sure some still are)
There are actual companies with over 5,000 paid employees doing nothing but building better viruses, Trojans, Rootkits, etc. for their bot nets and looking for exploits so they can then spam, or phish, or whatever they want to do.... So just be sure YOUR host is not somebody who just got their first VPS to "get rich quick hosting web sites" and then as said ALWAYS keep your own backup on your PC just in case of the worst.
New Idea HostingNO Overselling-Business-Grade, Shared Only! New-In House Design Team. High Speed & Uptime; , DIY Pro-Site Builder-Daily Backups-Custom Plans, All Dual Xeon Quad Intel servers w/ ECC DDR3 RAM SCSI RAID minimums. We Concentrate on Shared Hosting ...doing one thing and doing it VERY well