|
Related Topics:
| Are you looking for cheap domain and hosting plans? - To me, is the best. I've used bad), and WORST with no customer support for the past 4 years but many of these servers were
Exquisihost Web Hosting Grand Opening (Plans Starting at $.. - Hi, has 2 special offers going on right now. The first special is $10/Year This is but with a enough space to host a small or website. Here are the specs for this plan 50 MB of WebSpace 1..
Dedicated or Shared hosting - Hi, I have a shared Linux account on Dellhost and am running Miva for a store. Although my client will probably never exceed the limits on this account, he's concerned about uptime, speed, etc. I think Dellhost is..
Advice on shared windows hosting - Hi, My site is currently hosted by They have just moved (wthout really informing me they were going to do so) and my site has been down (even from DNS!) for over a day now. I'm looking at ..
How to find/use a shared hosting service - As I've stated we're primarily a graphic arts studio and are finding ourselves with more and more clients needing web with one point of contact for all projects. This is not a problem as the money spends just as well
|
|
|
Next: Webmaster: Site for Dedicated Host Reviews?
|
| Author |
Message |
External
Since: Aug 31, 2006
Posts: 4
|
(Msg. 1) Posted: Thu Aug 31, 2006 4:25 pm
Post subject: Any Security issues with Shared Hosting Plans?
Archived from groups: alt>www>webmaster (more info?)
|
|
|
|
|
| Back to top |
|
 | |
External
Since: Dec 18, 2005
Posts: 17
|
(Msg. 2) Posted: Thu Aug 31, 2006 4:25 pm
Post subject: Re: Any Security issues with Shared Hosting Plans? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
|
|
| Back to top |
|
| |
External
Since: Jul 14, 2003
Posts: 1507
|
(Msg. 3) Posted: Thu Aug 31, 2006 5:45 pm
Post subject: Re: Any Security issues with Shared Hosting Plans? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
David wrote:
> Anyone know of Security issues with Shared Hosting Plans? I know that
> they are not as contained as dedicated servers or virtual servers, but
> do the site admins. do a good job of keeping the other users of the
> machine out of your area?
>
>
>
> Thanks
They can't. Everyone's running under the same Apache server, so
everyone's running the same userid. As a result, any other website on
that server can access your files, also. All they need is the path,
which isn't that hard to determine.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex.TakeThisOut@attglobal.net
================== >> Stay informed about: Any Security issues with Shared Hosting Plans? |
|
| Back to top |
|
| |
External
Since: Jun 30, 2006
Posts: 43
|
(Msg. 4) Posted: Thu Aug 31, 2006 10:10 pm
Post subject: Re: Any Security issues with Shared Hosting Plans? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Thu, 31 Aug 2006 16:25:21 -0500, David wrote:
> Anyone know of Security issues with Shared Hosting Plans? I know that
> they are not as contained as dedicated servers or virtual servers, but
> do the site admins. do a good job of keeping the other users of the
> machine out of your area?
Uploading your files can expose you because most
shared hosting uses FTP, which has security problems. Sniffers have
been used to compromise passwords. >> Stay informed about: Any Security issues with Shared Hosting Plans? |
|
| Back to top |
|
| |
External
Since: Aug 31, 2006
Posts: 4
|
(Msg. 5) Posted: Thu Aug 31, 2006 10:33 pm
Post subject: Re: Any Security issues with Shared Hosting Plans? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Are you serious?
That's scary.....................................!
>> They can't. Everyone's running under the same Apache server, so
>> everyone's running the same userid. As a result, any other website on
>> that server can access your files, also. All they need is the path,
>> which isn't that hard to determine. >> Stay informed about: Any Security issues with Shared Hosting Plans? |
|
| Back to top |
|
| |
External
Since: Sep 27, 2003
Posts: 155
|
(Msg. 6) Posted: Thu Aug 31, 2006 11:01 pm
Post subject: Re: Any Security issues with Shared Hosting Plans? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
David <dm_fw.RemoveThis@sbcglobal.net> writes:
> Anyone know of Security issues with Shared Hosting Plans?
Oh yes. If they root the box, nothing keeps em from taking you
completely out.
> I know that they are not as contained as dedicated servers or
> virtual servers, but do the site admins. do a good job of keeping
> the other users of the machine out of your area?
Generally yes as far as I can tell. I've never been defaced on any of
my shared hosting sites in oh... I dunno 7 years now knock on wood.
The main annoyance I've experienced frequently in shared hosting
however is someone else's domain on the same server getting attacked
dos'd or otherwise doing something stupid that brings the server and
hence my sites down. For the price, I can live with it but I'm
getting interested in virtual hosting...
--
Todd H.
http://www.toddh.net/ >> Stay informed about: Any Security issues with Shared Hosting Plans? |
|
| Back to top |
|
| |
External
Since: Sep 19, 2003
Posts: 3499
|
(Msg. 7) Posted: Thu Aug 31, 2006 11:22 pm
Post subject: Re: Any Security issues with Shared Hosting Plans? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Fleeing from the madness of the jungle
Jerry Stuckle <jstucklex RemoveThis @attglobal.net> stumbled into
news:alt.www.webmaster
and said:
> David wrote:
>> Anyone know of Security issues with Shared Hosting Plans? I know that
>> they are not as contained as dedicated servers or virtual servers, but
>> do the site admins. do a good job of keeping the other users of the
>> machine out of your area?
>> Thanks
>
> They can't. Everyone's running under the same Apache server, so
> everyone's running the same userid. As a result, any other website on
> that server can access your files, also. All they need is the path,
> which isn't that hard to determine.
IIS has the same issue by default but it's fairly trivial to configure
things so that internal separation is maintained.
I'd be real interested in seeing a trivial linux/apache config that makes
Jerry a liar (no offence mate).
--
William Tasso
http://williamtasso.com/words/what-is-usenet.asp >> Stay informed about: Any Security issues with Shared Hosting Plans? |
|
| Back to top |
|
| |
External
Since: Jun 30, 2006
Posts: 43
|
(Msg. 8) Posted: Thu Aug 31, 2006 11:22 pm
Post subject: Re: Any Security issues with Shared Hosting Plans? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
|
|
| Back to top |
|
| |
External
Since: Jun 29, 2006
Posts: 39
|
(Msg. 9) Posted: Thu Aug 31, 2006 11:46 pm
Post subject: Re: Any Security issues with Shared Hosting Plans? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Fri, 01 Sep 2006 00:26:38 +0100, "William Tasso"
<SpamBlocked.TakeThisOut@tbdata.com> opined:
> Fleeing from the madness of the EarthLink Inc. --
> http://www.EarthLink.net jungle
> mbstevens <NOXwebmasterX.TakeThisOut@XmbstevensX.com> stumbled into
> news:alt.www.webmaster
> and said:
>
> > On Thu, 31 Aug 2006 23:22:02 +0100, William Tasso wrote:
> >
> >> IIS has the same issue by default but it's fairly trivial to
> >> configure things so that internal separation is maintained.
> >>
> >> I'd be real interested in seeing a trivial linux/apache config
> >> that makes
> >> Jerry a liar (no offence mate).
> >
> > My Apache book calls them virtual sites, if you're waxing googly
> > this afternoon. Here's one of the first hits I found:
> >
> > http://www.apptools.com/phptools/virtualhost.php
>
> Apache VirtualHosts/sites yes, yes of course  but we're
> discussing internal security between sites on a linux box.
>
> I suspect there is a trivial solution - just hasn't made itself
> known to me yet.
>
There is. Each user has their own group. Their home directory is
their web space. The user's web space is permissioned to User:apache.
Since the user does not belong to the Apache group, they can only
transit their own space.
--
"Black Hole": The economic effect of administering a DNSBL
Our DNSBL - Eliminate Spam at the Source: http://www.TQMcube.com
Don't Subsidize Criminals: http://boulderpledge.org >> Stay informed about: Any Security issues with Shared Hosting Plans? |
|
| Back to top |
|
| |
External
Since: Jul 14, 2003
Posts: 1507
|
(Msg. 10) Posted: Thu Aug 31, 2006 11:46 pm
Post subject: Re: Any Security issues with Shared Hosting Plans? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
David Cary Hart wrote:
> On Fri, 01 Sep 2006 00:26:38 +0100, "William Tasso"
> <SpamBlocked.DeleteThis@tbdata.com> opined:
>
>>Fleeing from the madness of the EarthLink Inc. --
>>http://www.EarthLink.net jungle
>>mbstevens <NOXwebmasterX.DeleteThis@XmbstevensX.com> stumbled into
>>news:alt.www.webmaster
>>and said:
>>
>>
>>>On Thu, 31 Aug 2006 23:22:02 +0100, William Tasso wrote:
>>>
>>>
>>>>IIS has the same issue by default but it's fairly trivial to
>>>>configure things so that internal separation is maintained.
>>>>
>>>>I'd be real interested in seeing a trivial linux/apache config
>>>>that makes
>>>>Jerry a liar (no offence mate).
>>>
>>>My Apache book calls them virtual sites, if you're waxing googly
>>>this afternoon. Here's one of the first hits I found:
>>>
>>>http://www.apptools.com/phptools/virtualhost.php
>>
>>Apache VirtualHosts/sites yes, yes of course but we're
>>discussing internal security between sites on a linux box.
>>
>>I suspect there is a trivial solution - just hasn't made itself
>>known to me yet.
>>
>
> There is. Each user has their own group. Their home directory is
> their web space. The user's web space is permissioned to User:apache.
> Since the user does not belong to the Apache group, they can only
> transit their own space.
>
That stops the users from ftping in and cd'ing to another users directory.
But it does not stop a Perl or PHP program, for instance, running on one
virtual host from accessing the files on another virtual host.
All virtual host run as the same user - the Apache user. So any script
running under Apache can access any file in any virtual host (as long as
that file is available to the specific virtual host, of course).
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex.DeleteThis@attglobal.net
================== >> Stay informed about: Any Security issues with Shared Hosting Plans? |
|
| Back to top |
|
| |
External
Since: Sep 19, 2003
Posts: 3499
|
(Msg. 11) Posted: Fri Sep 01, 2006 12:26 am
Post subject: Re: Any Security issues with Shared Hosting Plans? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Fleeing from the madness of the EarthLink Inc. -- http://www.EarthLink.net
jungle
mbstevens <NOXwebmasterX RemoveThis @XmbstevensX.com> stumbled into
news:alt.www.webmaster
and said:
> On Thu, 31 Aug 2006 23:22:02 +0100, William Tasso wrote:
>
>> IIS has the same issue by default but it's fairly trivial to configure
>> things so that internal separation is maintained.
>>
>> I'd be real interested in seeing a trivial linux/apache config that
>> makes
>> Jerry a liar (no offence mate).
>
> My Apache book calls them virtual sites, if you're waxing googly
> this afternoon. Here's one of the first hits I found:
>
> http://www.apptools.com/phptools/virtualhost.php
Apache VirtualHosts/sites yes, yes of course but we're discussing
internal security between sites on a linux box.
I suspect there is a trivial solution - just hasn't made itself known to
me yet.
--
William Tasso
http://williamtasso.com/words/what-is-usenet.asp >> Stay informed about: Any Security issues with Shared Hosting Plans? |
|
| Back to top |
|
| |
External
Since: Sep 19, 2003
Posts: 3499
|
(Msg. 12) Posted: Fri Sep 01, 2006 1:30 am
Post subject: Re: Any Security issues with Shared Hosting Plans? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Fleeing from the madness of the http://BoulderPledge.org jungle
David Cary Hart <Dr_Deming RemoveThis @BoulderPledge.org> stumbled into
news:alt.www.webmaster
and said:
> On Fri, 01 Sep 2006 00:26:38 +0100, "William Tasso"
> <SpamBlocked RemoveThis @tbdata.com> opined:
>> Fleeing from the madness of the EarthLink Inc. --
>> http://www.EarthLink.net jungle
>> mbstevens <NOXwebmasterX RemoveThis @XmbstevensX.com> stumbled into
>> news:alt.www.webmaster
>> and said:
>>
>> > On Thu, 31 Aug 2006 23:22:02 +0100, William Tasso wrote:
>> >
>> >> IIS has the same issue by default but it's fairly trivial to
>> >> configure things so that internal separation is maintained.
>> >>
>> >> I'd be real interested in seeing a trivial linux/apache config
>> >> that makes
>> >> Jerry a liar (no offence mate).
>> >
>> > My Apache book calls them virtual sites, if you're waxing googly
>> > this afternoon. Here's one of the first hits I found:
>> >
>> > http://www.apptools.com/phptools/virtualhost.php
>>
>> Apache VirtualHosts/sites yes, yes of course but we're
>> discussing internal security between sites on a linux box.
>>
>> I suspect there is a trivial solution - just hasn't made itself
>> known to me yet.
>>
> There is. Each user has their own group.
ok
> Their home directory is
> their web space.
ok
> The user's web space is permissioned to User:apache.
Can you expand on this? (probably just terminology I don't get)
> Since the user does not belong to the Apache group, they can only
> transit their own space.
Sounds just the jobbie.
--
William Tasso
http://williamtasso.com/words/what-is-usenet.asp >> Stay informed about: Any Security issues with Shared Hosting Plans? |
|
| Back to top |
|
| |
External
Since: Aug 30, 2006
Posts: 2
|
(Msg. 13) Posted: Fri Sep 01, 2006 1:32 am
Post subject: Re: Any Security issues with Shared Hosting Plans? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
"Anyone know of Security issues with Shared Hosting Plans? I know that
> they are not as contained as dedicated servers or virtual servers, but
> do the site admins. do a good job of keeping the other users of the
> machine out of your area?"
Security is as competent as the individuals designing your hosting
service network. Lots of hosting companies simply farm out servers in
a highly-secured colocation facility anyway, so as long as they have
their software configured properly, there aren't many risks for shared
hosts. The sites that present attractive targets on high-dollar
dedicated hosts, anyway. Or so I would think...
Luke
http://www.userdesigngroup.com >> Stay informed about: Any Security issues with Shared Hosting Plans? |
|
| Back to top |
|
| |
External
Since: Jun 30, 2006
Posts: 43
|
(Msg. 14) Posted: Fri Sep 01, 2006 3:13 am
Post subject: Re: Any Security issues with Shared Hosting Plans? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Thu, 31 Aug 2006 22:04:50 -0400, Jerry Stuckle wrote:
> But it does not stop a Perl or PHP program, for instance, running on one
> virtual host from accessing the files on another virtual host.
>
> All virtual host run as the same user - the Apache user. So any script
> running under Apache can access any file in any virtual host (as long as
> that file is available to the specific virtual host, of course).
Wrappers lower that risk.
The machine's administrator can use suEXEC to set up each virtual host so
that that host executes its CGI programs via a user chosen by the
administrator. Any nastiness of a CGI is limited to that user's
privileges. (The server must be built with suEXEC enabled.) >> Stay informed about: Any Security issues with Shared Hosting Plans? |
|
| Back to top |
|
| |
External
Since: Jul 14, 2003
Posts: 1507
|
(Msg. 15) Posted: Fri Sep 01, 2006 3:13 am
Post subject: Re: Any Security issues with Shared Hosting Plans? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
mbstevens wrote:
> On Thu, 31 Aug 2006 22:04:50 -0400, Jerry Stuckle wrote:
>
>
>>But it does not stop a Perl or PHP program, for instance, running on one
>>virtual host from accessing the files on another virtual host.
>>
>>All virtual host run as the same user - the Apache user. So any script
>>running under Apache can access any file in any virtual host (as long as
>>that file is available to the specific virtual host, of course).
>
>
> Wrappers lower that risk.
> The machine's administrator can use suEXEC to set up each virtual host so
> that that host executes its CGI programs via a user chosen by the
> administrator. Any nastiness of a CGI is limited to that user's
> privileges. (The server must be built with suEXEC enabled.)
>
>
>
That's true - if you're running SuSE, and if you're running as CGI.
But most sites, for instance, run PHP as an apache extension, not CGI,
for performance reasons. And a most of them don't run SuSE.
However, I will grant you that if they really understand what they're
doing, they will run SuSE and CGI - and just not as many sites on the
server (running as a CGI has more overhead than as an Apache extension).
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex.TakeThisOut@attglobal.net
================== >> Stay informed about: Any Security issues with Shared Hosting Plans? |
|
| Back to top |
|
| |
|
FAQ
Search
Profile
Private Messages
Log in/Register/Password
