Results 1 to 9 of 9
  1. Shared Hosting Hackers thing of the past?

    In the bad old days if one shared web site got hacked the hacker could traverse and hack other customers in the same server.

    Is this still the case today?

    Or has this kind of vulnerability been solved?

  2. #2
    Join Date
    Mar 2009
    Location
    Toronto, Canada
    Posts
    2,570
    I believe it depends on how well the server is managed and secured. Most people get hacked due to vulnerabilities in outdated scripts and software running on their websites and webpages.

  3. #3
    Join Date
    May 2008
    Location
    Melbourne, Australia
    Posts
    10,629
    I believe it depends on how well the server is managed and secured. Most people get hacked due to vulnerabilities in outdated scripts and software running on their websites and webpages.
    Very true, It does not just happen via Dedicated Servers or Resellers it happens commonly on Shared Servers the same.

    As Jonathon stated, It does come down to the vulnerabilities in scripts that clients place on the server. Lets not say it is primarily the clients but sometimes webhosts themselves.

    In the better part, Webhost do keep their systems updated to keep customers protected. However, It does not always turn out to be the case, Sometimes it does not matter how good your servers are protected some hacker is bound to find a way in if they want it!
    l Dedigeeks Shared Wordpress Dedicated Established 2006
    l Leading AUSTRALIAN Hosting Provider Sydney & Melbourne Datacentres
    l cPanel/WHM R1Soft Backups 24/7/365 Support SMS Hosting Alerts*
    l www.dedigeeks.com Managing Director Service Superstars

  4. #4
    Join Date
    Aug 2004
    Location
    Canada
    Posts
    3,785
    The mass defacing were almost always as a result of a privilege escalation exploit in the kernel that was not patched by the host. Some cases it's been 0 day attacks at large hosts using a privilege escalation exploit. As far as any others it's permission issues here and there on some hosts. For the most part with suPHP or fastcgi suexec for PHP and perl the same thing it's much more difficult to do damage. Even if you exploit one site getting at others is very difficult unless the all the users chmod every file to 777 and there is also no directory restrictions in say the PHP (openbase_dir)
    Tony B. - Chief Executive Officer
    Hawk Host Inc. Proudly serving websites since 2004
    Quality Shared and Cloud Hosting
    PHP 5.2.x - PHP 8.1.X Support!

  5. #5
    I suppose you need to check your web applications and make sure if they are updated to the last versions. I know and that is not rare but web hosting accounts are being hacked due to this not because of web hosting company

  6. #6
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,196
    It's bound to happen from time to time as exploits are discovered and taken advantage of before they can can be patched or before the people involved in patching the systems are even aware of the issue. While this is rare it's still going to happen from time to time.

    Larger companies are going to likely be the targets of such attacks as more damage can be done in less time where as with a smaller company it would likely be done out of a grudge/vendetta as apposed to just an attempt to do as much damage as possible.

    Maintain your own backups just in case
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  7. #7
    Maintain your own backups just in case
    And have them in another place then your web hosting company

  8. #8
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,196
    Quote Originally Posted by SiberForum View Post
    And have them in another place then your web hosting company
    Yeah, off-server and off-site is best for a contingency backup
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  9. #9
    Join Date
    Jan 2003
    Location
    Texas, where else?
    Posts
    1,571

    Cool

    As stated account "jumping" hacks are more rare, IF a host is properly secured...but who knows what some bad guy will find a hole in tomorrow? It's a constant battle for security and it involves the customer as well as the host. So as a member of the security firm we use told me, all the security procedures out there are like locks on doors. They do a good job of keeping honest people honest.
    But with today's bot-nets of over a million computers being common and with the "black hats" being faster than lightning to let their fellow hackers know of a new exploit they found you can have millions of computers hitting a zero-day exploit before whatever it is had been discovered by whoever needs to patch what and then the patch coded and issued.
    So I would never say "it's over".

    Although today a prime target is VPS. Here you have inexperienced people who are basically aministrating their own mini-server and may leave settings or permissions wide open to common exploits because they just signed up for a VPS not realizing that unlike a reseller they would have control of whether say suPHP is enabled or not or being familiar with setting up accounts and giving them permissions.
    Because a VPS provides a far bigger & more powerful connection the the net they make for a far more valuable part of a bot net and the level of basic "hardening" done for VPS varies from provider to provider (as do things like automatic OS updates etc.) -but even hardened the VPS "owner" could still turn something off not knowing what they are doing.

    And it will only get worse, the bad guys aren't some kid at his desk "playing hacker" after school (although I'm sure some still are)
    There are actual companies with over 5,000 paid employees doing nothing but building better viruses, Trojans, Rootkits, etc. for their bot nets and looking for exploits so they can then spam, or phish, or whatever they want to do.... So just be sure YOUR host is not somebody who just got their first VPS to "get rich quick hosting web sites" and then as said ALWAYS keep your own backup on your PC just in case of the worst.
    New Idea Hosting NO Overselling-Business-Grade, Shared Only! New-In House Design Team.
    High Speed & Uptime; , DIY Pro-Site Builder-Daily Backups-Custom Plans, All Dual Xeon Quad Intel servers w/ ECC DDR3 RAM SCSI RAID minimums.
    We Concentrate on Shared Hosting ...doing one thing and doing it VERY well

Similar Threads

  1. Is snatching domains a thing of the past?
    By Red Squirrel in forum Domain Names
    Replies: 8
    Last Post: 12-22-2008, 04:23 AM
  2. Fireworks, A thing of the past?
    By WildWest in forum Web Design and Content
    Replies: 12
    Last Post: 12-24-2004, 02:51 AM
  3. Red Hat 7.3 a thing of the past?
    By donk3 in forum Web Hosting
    Replies: 8
    Last Post: 01-29-2004, 08:24 AM
  4. Replies: 16
    Last Post: 07-17-2003, 11:11 PM
  5. Package discrimination - a thing of the past.
    By Thomas.N11 in forum Shared Hosting Offers
    Replies: 0
    Last Post: 01-20-2002, 07:25 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •