Results 1 to 9 of 9
-
09-03-2009, 10:28 PM #1Newbie
- Join Date
- Jul 2005
- Posts
- 9
Shared Hosting Hackers thing of the past?
In the bad old days if one shared web site got hacked the hacker could traverse and hack other customers in the same server.
Is this still the case today?
Or has this kind of vulnerability been solved?
-
09-04-2009, 01:20 AM #2Disabled
- Join Date
- Mar 2009
- Location
- Toronto, Canada
- Posts
- 2,570
I believe it depends on how well the server is managed and secured. Most people get hacked due to vulnerabilities in outdated scripts and software running on their websites and webpages.
-
09-04-2009, 01:31 AM #3Web Hosting Master
- Join Date
- May 2008
- Location
- Melbourne, Australia
- Posts
- 10,629
I believe it depends on how well the server is managed and secured. Most people get hacked due to vulnerabilities in outdated scripts and software running on their websites and webpages.
As Jonathon stated, It does come down to the vulnerabilities in scripts that clients place on the server. Lets not say it is primarily the clients but sometimes webhosts themselves.
In the better part, Webhost do keep their systems updated to keep customers protected. However, It does not always turn out to be the case, Sometimes it does not matter how good your servers are protected some hacker is bound to find a way in if they want it!██ l Dedigeeks • Shared • Wordpress • Dedicated • Established 2006
██ l Leading AUSTRALIAN Hosting Provider • Sydney & Melbourne Datacentres
██ l cPanel/WHM • R1Soft Backups • 24/7/365 Support • SMS Hosting Alerts*
██ l www.dedigeeks.com • Managing Director • Service Superstars
-
09-04-2009, 01:48 AM #4Web Hosting Master
- Join Date
- Aug 2004
- Location
- Canada
- Posts
- 3,785
The mass defacing were almost always as a result of a privilege escalation exploit in the kernel that was not patched by the host. Some cases it's been 0 day attacks at large hosts using a privilege escalation exploit. As far as any others it's permission issues here and there on some hosts. For the most part with suPHP or fastcgi suexec for PHP and perl the same thing it's much more difficult to do damage. Even if you exploit one site getting at others is very difficult unless the all the users chmod every file to 777 and there is also no directory restrictions in say the PHP (openbase_dir)
█ Tony B. - Chief Executive Officer
█ Hawk Host Inc. Proudly serving websites since 2004
█ Quality Shared and Cloud Hosting
█ PHP 5.2.x - PHP 8.1.X Support!
-
09-04-2009, 02:54 AM #5Disabled
- Join Date
- Dec 2007
- Posts
- 3,597
I suppose you need to check your web applications and make sure if they are updated to the last versions. I know and that is not rare but web hosting accounts are being hacked due to this not because of web hosting company
-
09-04-2009, 03:14 AM #6Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
It's bound to happen from time to time as exploits are discovered and taken advantage of before they can can be patched or before the people involved in patching the systems are even aware of the issue. While this is rare it's still going to happen from time to time.
Larger companies are going to likely be the targets of such attacks as more damage can be done in less time where as with a smaller company it would likely be done out of a grudge/vendetta as apposed to just an attempt to do as much damage as possible.
Maintain your own backups just in case█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
09-04-2009, 03:16 AM #7Disabled
- Join Date
- Dec 2007
- Posts
- 3,597
Maintain your own backups just in case
-
09-04-2009, 03:26 AM #8Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
09-04-2009, 10:48 AM #9Web Hosting Master
- Join Date
- Jan 2003
- Location
- Texas, where else?
- Posts
- 1,571
As stated account "jumping" hacks are more rare, IF a host is properly secured...but who knows what some bad guy will find a hole in tomorrow? It's a constant battle for security and it involves the customer as well as the host. So as a member of the security firm we use told me, all the security procedures out there are like locks on doors. They do a good job of keeping honest people honest.
But with today's bot-nets of over a million computers being common and with the "black hats" being faster than lightning to let their fellow hackers know of a new exploit they found you can have millions of computers hitting a zero-day exploit before whatever it is had been discovered by whoever needs to patch what and then the patch coded and issued.
So I would never say "it's over".
Although today a prime target is VPS. Here you have inexperienced people who are basically aministrating their own mini-server and may leave settings or permissions wide open to common exploits because they just signed up for a VPS not realizing that unlike a reseller they would have control of whether say suPHP is enabled or not or being familiar with setting up accounts and giving them permissions.
Because a VPS provides a far bigger & more powerful connection the the net they make for a far more valuable part of a bot net and the level of basic "hardening" done for VPS varies from provider to provider (as do things like automatic OS updates etc.) -but even hardened the VPS "owner" could still turn something off not knowing what they are doing.
And it will only get worse, the bad guys aren't some kid at his desk "playing hacker" after school (although I'm sure some still are)
There are actual companies with over 5,000 paid employees doing nothing but building better viruses, Trojans, Rootkits, etc. for their bot nets and looking for exploits so they can then spam, or phish, or whatever they want to do.... So just be sure YOUR host is not somebody who just got their first VPS to "get rich quick hosting web sites" and then as said ALWAYS keep your own backup on your PC just in case of the worst.New Idea Hosting NO Overselling-Business-Grade, Shared Only! New-In House Design Team.
High Speed & Uptime; , DIY Pro-Site Builder-Daily Backups-Custom Plans, All Dual Xeon Quad Intel servers w/ ECC DDR3 RAM SCSI RAID minimums.
We Concentrate on Shared Hosting ...doing one thing and doing it VERY well
Similar Threads
-
Is snatching domains a thing of the past?
By Red Squirrel in forum Domain NamesReplies: 8Last Post: 12-22-2008, 04:23 AM -
Fireworks, A thing of the past?
By WildWest in forum Web Design and ContentReplies: 12Last Post: 12-24-2004, 02:51 AM -
Red Hat 7.3 a thing of the past?
By donk3 in forum Web HostingReplies: 8Last Post: 01-29-2004, 08:24 AM -
Is there anyway to get past the 60 days no transfer thing?
By StarGhost in forum Domain NamesReplies: 16Last Post: 07-17-2003, 11:11 PM -
Package discrimination - a thing of the past.
By Thomas.N11 in forum Shared Hosting OffersReplies: 0Last Post: 01-20-2002, 07:25 PM