Just spent an enjoyable hour hacking away at a UK hosting company.
Before you call the cops I should say that a site I work on got defaced recently and we're exploring how it might have happened. The host chief exec no less assured us that everything is locked down at their end.
Apparently not. I'm not going to say how exactly but I could, for example, read .htaccess files at will from any site which they host.
The moral of the story? You probably don't want a dynamic web site on a shared server. It is possible to set these up securely - but how many do?
Shared Hosts Share More Than You Think...
Moderator: General Moderators
ah well, over here there is a box that is pretty safe...
but, as the webmaster was showing off how cool it was to have the website in cvs etc... i discovered that he left the cvsroot world-readable and it wasn't hard to find the database credentials etc...
think it's time everybody starts asking for usermode linux
but, as the webmaster was showing off how cool it was to have the website in cvs etc... i discovered that he left the cvsroot world-readable and it wasn't hard to find the database credentials etc...
think it's time everybody starts asking for usermode linux
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: Shared Hosts Share More Than You Think...
Which one?McGruff wrote:Just spent an enjoyable hour hacking away at a UK hosting company.
That scary to know that your paying them for that...
I could possibly see that on a free webhost because a free hosting is a "side order" for most hosting companies out there. Coming from a paid host it really makes you wonder about your hosting company.
I think most fear can be subsided by if you have trust in the company you work with though. I personally like smaller companies that dont have 2.5 million customers because hey I live in a small city. I'm not use to large organizations or anything like that. Its also easyer to relate to smaller companies. Such as if you call for support and you get someone on the other line that hasn't talked to 150 people already today.
I could possibly see that on a free webhost because a free hosting is a "side order" for most hosting companies out there. Coming from a paid host it really makes you wonder about your hosting company.
I think most fear can be subsided by if you have trust in the company you work with though. I personally like smaller companies that dont have 2.5 million customers because hey I live in a small city. I'm not use to large organizations or anything like that. Its also easyer to relate to smaller companies. Such as if you call for support and you get someone on the other line that hasn't talked to 150 people already today.