Knowledgebase

Portal Home > Knowledgebase > Articles Database > Web Hosting Security


Web Hosting Security




Posted by ShaolinFinest, 04-08-2008, 11:06 AM
Hi Guys, I am conducting some research into potential risks that web hosts have to deal with on a daily basis. What potential security risks are there for web hosts ? And how do they overcome these issues ? Thanks.
Posted by Ben James, 04-08-2008, 11:08 AM
thinks like ddos attacks, so you would need to use ddos protection, brute force attacks,, so anti brute force activities and many more, i could be typing for hours till i have finished
Posted by david510, 04-08-2008, 11:11 AM
What you should do here is harden the server. It will take care of common issues. Then monitor the server if there is any specific attack and take measures to reduce them.
Posted by PWS-Adam, 04-08-2008, 11:16 AM
The largest security risk is your customers. You'd ideally have a script continuously searching for shells etc. It's much harder to find somebody out if they're taking you down from the inside.
Posted by ompp, 04-08-2008, 01:10 PM
Falls under customer caused. Unsecure PHP, such as forums, image galleries, portals and so on. These are exploited using SQL Injections, Remote File Inclusion and Cross Site Scripting. Really had to step up the filtering and monitoring of PHP in the last 4-5 years, as these have grown more popular.
Posted by tix3, 04-08-2008, 01:36 PM
Customer caused: Outdated (exploitable) scripts that can cause really a lot of damage (sending spam,downloading/uploading torrents,trying local root exploits,hosting exploits or mp3s etv)Compromized customers computer by a trojan that steals ftp passwords and causes the same problems as the above.*Bad* customers/hackers wannabes who try to exploit local vulnerabilities.Some things that fall at the "white noise" of the internet such as: port scansbrute force attacks at any service (ssh,ftp,email)all the "white noise" can be easily taken down by a good firewall and some password policies (you cant let a user have his password 123 or aaa) There are also some things that you have to deal as you grow big or you host particular content (such as IRC). The known fear of Ddos that can be anything between a simple udp flood from a C class and a sophisticated multiple location Ddos.If you are under heavy attack you would better contact someone who has his speciality in Ddos protection. Of course i am talking only for the digital attacks risk.I believe a hosting company has a lot of risks in bussines plan etc but that is something that i don't (and not willing to ) know.
Posted by whmcsguru, 04-08-2008, 07:44 PM
What 'security risks' are there for webhosts? The owner, themselves, are most often the highest security risk for any webhost imaginable. Why? Your average webhost owner has pretty basic OS skills, if at all. They don't know how to track security issues, or fix them, they don't know how to patch things to make them more secure. They don't know how to update their OS. If they didn't have a control panel behind them, they'd be absolutely lost. The average individual doesn't recognize the power they have behind them when leasing a server. If they DO, they use this knowledge to other's detriment. What should be required is for individuals to pass some sort of basic security and knowledge test in order to lease a server. Unfortunately, that will never happen , and that is just sad. Not only would it weed out the industry of the useless garbage, but it'd make it just that much more secure. Web hosting "security" isn't about one time applications, it's about knowing who's doing what with your server, being able to patch applications on the fly if needed, and being able to resolve issues , tracking them down to the core of them. There's a very select list of individuals and datacenters that can do that kind of work. When owners of hosts and servers take responsibility for their inability to properly maintain, manage, and secure their servers, then the risks will suddenly dwindle down to next to nothing. Of course, for that to happen, you've got to stop offering hosting for $5 to anyone who wants it


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
how to mod_rewrite (Views: 734)
Help Needed in executing sql query (Views: 692)
Rkhunter log, need help (Views: 647)
best promotion techniques--affiliate (Views: 654)
doesn't appear to be a valid Zend extension (Views: 6561)

Language: