Page 1 of 1

Shared Hosts Share More Than You Think...

Posted: Wed Jan 05, 2005 3:11 pm
by McGruff
Just spent an enjoyable hour hacking away at a UK hosting company.

Before you call the cops I should say that a site I work on got defaced recently and we're exploring how it might have happened. The host chief exec no less assured us that everything is locked down at their end.

Apparently not. I'm not going to say how exactly but I could, for example, read .htaccess files at will from any site which they host.

The moral of the story? You probably don't want a dynamic web site on a shared server. It is possible to set these up securely - but how many do?

Posted: Wed Jan 05, 2005 3:38 pm
by feyd
but how many do?
I can probably count them on my fingers, maybe toes too. :)

Posted: Wed Jan 05, 2005 6:42 pm
by timvw
ah well, over here there is a box that is pretty safe...
but, as the webmaster was showing off how cool it was to have the website in cvs etc... i discovered that he left the cvsroot world-readable and it wasn't hard to find the database credentials etc... :P

think it's time everybody starts asking for usermode linux :)

Posted: Wed Jan 05, 2005 7:06 pm
by John Cartwright
think it's time everybody starts asking for usermode linux
that would be the day...

Re: Shared Hosts Share More Than You Think...

Posted: Thu Jan 06, 2005 3:35 am
by onion2k
McGruff wrote:Just spent an enjoyable hour hacking away at a UK hosting company.
Which one?

Posted: Thu Jan 06, 2005 7:03 am
by McGruff
They deserve some appropriate publicity for sure but it wouldn't be fair to the rest of the customers. Hackers can quickly obtain full ftp access, db access, etc for any account on the host. Scary ain't it?

Posted: Fri Jan 07, 2005 12:00 am
by Trenchant
That scary to know that your paying them for that...

I could possibly see that on a free webhost because a free hosting is a "side order" for most hosting companies out there. Coming from a paid host it really makes you wonder about your hosting company.

I think most fear can be subsided by if you have trust in the company you work with though. I personally like smaller companies that dont have 2.5 million customers because hey I live in a small city. I'm not use to large organizations or anything like that. Its also easyer to relate to smaller companies. Such as if you call for support and you get someone on the other line that hasn't talked to 150 people already today.