Shared Hosts Share More Than You Think...

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Shared Hosts Share More Than You Think...

Post by McGruff »

Just spent an enjoyable hour hacking away at a UK hosting company.

Before you call the cops I should say that a site I work on got defaced recently and we're exploring how it might have happened. The host chief exec no less assured us that everything is locked down at their end.

Apparently not. I'm not going to say how exactly but I could, for example, read .htaccess files at will from any site which they host.

The moral of the story? You probably don't want a dynamic web site on a shared server. It is possible to set these up securely - but how many do?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

but how many do?
I can probably count them on my fingers, maybe toes too. :)
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

ah well, over here there is a box that is pretty safe...
but, as the webmaster was showing off how cool it was to have the website in cvs etc... i discovered that he left the cvsroot world-readable and it wasn't hard to find the database credentials etc... :P

think it's time everybody starts asking for usermode linux :)
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

think it's time everybody starts asking for usermode linux
that would be the day...
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Shared Hosts Share More Than You Think...

Post by onion2k »

McGruff wrote:Just spent an enjoyable hour hacking away at a UK hosting company.
Which one?
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

They deserve some appropriate publicity for sure but it wouldn't be fair to the rest of the customers. Hackers can quickly obtain full ftp access, db access, etc for any account on the host. Scary ain't it?
User avatar
Trenchant
Forum Contributor
Posts: 291
Joined: Mon Nov 29, 2004 6:04 pm
Location: Web Dummy IS

Post by Trenchant »

That scary to know that your paying them for that...

I could possibly see that on a free webhost because a free hosting is a "side order" for most hosting companies out there. Coming from a paid host it really makes you wonder about your hosting company.

I think most fear can be subsided by if you have trust in the company you work with though. I personally like smaller companies that dont have 2.5 million customers because hey I live in a small city. I'm not use to large organizations or anything like that. Its also easyer to relate to smaller companies. Such as if you call for support and you get someone on the other line that hasn't talked to 150 people already today.
Post Reply