IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [shared-hosting]

A web hosting service where multiple independent websites are served by the same machine.

Shared hosting refers to a web hosting service where multiple independent websites are served by the same machine.

76 questions
143
votes
9 answers

Hosting company advised us to avoid PHP for security reasons. Are they right?

I'm doing a redesign for a client who's understandably concerned about security after having been hacked in the past. I had initially suggested using a simple PHP include for header and footer templates and a contact form they wanted. They are…
Yumecosmos
  • 1,373
  • 2
  • 9
  • 8
46
votes
15 answers

Should we protect web application source code from being stolen by web hosts through obfuscation?

Is it worth to obfuscate a java web app source code so that the web host cannot make wrong use of the code or even steal your business? If so, how should this be dealt with? How should we obfuscate? We are a new start up launching a product in…
Rajat Gupta
  • 741
  • 1
  • 6
  • 8
46
votes
3 answers

How do hosting providers prevent the compromise of one website from causing the compromise of another one?

Could one create a vulnerable website on purpose to attack a server of a hosting provider? So in the question above which I recently asked we came to the conclusion that preventing one vulnerable website opening the doors to all other websites on…
Just van der Veeken
  • 593
  • 4
  • 10
28
votes
3 answers

Pentesting against own web service hosted on 3rd party platform

I want to pentest websites and services programmed by our company, which is fine as long as we test it on our own infrastructure. What are the (legal) implications when pentesting our services once they have been deployed to other platforms like…
knipp
  • 589
  • 5
  • 14
21
votes
4 answers

How to keep a shared web hosting server secure?

What are the ways of keeping a shared LAMP server secure, assuming SSH access is available for every user? Edit: I am mainly thinking of securing the server from the users themselves and between themselves.
Olivier Lalonde
  • 5,039
  • 8
  • 31
  • 35
18
votes
3 answers

Will my hosting provider be able to see my SSL private keys?

I'm trying to learn the best way to implement a secure web and e-mail server. Getting SSL certificates is a must, but what happens with the private keys? I've seen that you have to store them on the server but does it imply that my hosting provider…
Aquiles Carattino
  • 431
  • 4
  • 8
16
votes
2 answers

Is it really secure to store API keys in environment variables?

This site says it is best to keep API keys in environment variable out of the code. And here Storing Credentials Securely You should take great care to ensure your credentials are stored securely. If someone obtains your api_key or an access_token…
Chloe
  • 1,668
  • 3
  • 15
  • 30
16
votes
2 answers

Dealing with spam scripts as a shared hosting operator, with users who host mail externally

Assume the following setup; A shared hosting server, sharing a single IP with many small websites. A subset of the set of websites is sending e-mails. Some of those e-mails may be to their own domain. Another subset of the set of websites is…
aphid
  • 273
  • 1
  • 6
15
votes
4 answers

Server for School Coding Assignments

An introductory C++ course is offered every year in our university. In order for students to code in C++ and submit their assignments, we give them shell access to a Linux server. They use ssh to log in to the server with their accounts, do the…
Soban
  • 289
  • 1
  • 5
13
votes
4 answers

Accessing multiple sites via HTTPS produces different, unrelated content (Peugeot club via HTTPS)

I've come across a random website Moodoo.cz. The interesting thing is that if you access it via the HTTPS: Moodoo.cz, the content completely changes. It is not that unusual - I guess server can serve different content for different protocols. But…
Jeyekomon
  • 240
  • 2
  • 7
12
votes
4 answers

Is it possible for a vulnerability in one application to be exploited to attack another application on the same server?

If for example I have Magento-eCommerce and WordPress installed on the same server. Both have a database each with a different database username/password and both have different login details to the admins. If there was a serious vulnerability in a…
user90185
9
votes
2 answers

Can other customers on shared hosting see requests from/to my site?

I installed a wiki on my shared webhosting (using Apache) account. This wiki is set to private (no read/edit/create rights for unauthorized users) and I'm the only one with an account. The wiki inserts the wiki page title in the URL path, e.g. a…
unor
  • 1,769
  • 1
  • 19
  • 38
9
votes
5 answers

How can a PHP file be added over and over to my hacked site?

I'm on a shared hosting plan (I know, I know) on GoDaddy and all the files in it have been hacked. There are multiple sites in the plan, each of them has a folder. The folders and sub-folders of each site are full of hacked files, and so are the…
Victoria Ruiz
  • 191
  • 1
  • 3
8
votes
3 answers

How private is RAM from other users on a VPS?

Can I safely assume that my RAM never can be accessed by another user on e.g. EC2 or Digital Ocean, if we suppose that I trust my provider and we don't consider possible bugs (such as Heartbleed) in my environment.
anonymous
  • 81
  • 2
7
votes
1 answer

SQL Server of my hosting provider allows me to see all databases. How secure is my mine?

My hosting provider allows access to its SQL Server. When I connected to it by SQL Management Studio, all hosted databases were visible. I can't get the details on these databases, I get this error: "The database x is not accessible.(Object…
user73983
  • 71
  • 1
1
2 3 4 5 6