IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [shared-hosting]

A web hosting service where multiple independent websites are served by the same machine.

Shared hosting refers to a web hosting service where multiple independent websites are served by the same machine.

76 questions
3
votes
1 answer

Will disabling "symlink" in PHP.ini prevent attackers from attacking other websites?

I have a small shared server where couple of websites are hosted, so I'm not sure if this kind of protection will be enough to prevent attackers from executing symlink attack. I've added symlink to disabled PHP functions and of course others like…
user134969
  • 1,298
  • 4
  • 15
  • 24
3
votes
0 answers

Which level of permission and type of encryption could be used on a NAS to be secure but usable?

I need to use a NAS to stock data (from personal git and other type of service). 7777 is very permissive but it seems that the 0640 actually in use is not enough to works correctly with the services. Also, I would like to know if this NAS could be…
aurelien
  • 253
  • 2
  • 13
2
votes
1 answer

Folder Access restriction in Shared Hosting

In a shared hosting I use (where I don't have access to httpd.conf files) I want PHP files in "MyTargetFolder" to not have ability to access anything in upper directories. It needs some configuration like OPEN_BASEDIR, SAFE_MODE,…
T.Todua
  • 2,677
  • 4
  • 19
  • 28
2
votes
1 answer

Looking for advice on storing sensitive information - Rails, Postgres, https, pg_crypto, Digital Ocean

A potential contract requires the following sensitive information to be persisted in a postgres database: Bank Account type (Uk/Int) Bank Account Number Bank Sort Code Passport Number Passport Issuing Country Driving License Number Driving License…
Ross Kinsella
  • 21
  • 4
2
votes
2 answers

Is there any security concern to host Wordpress on the main web server?

We have been hosting our Wordpress blog on a Linux virtual box, and our main web application on an IIS server. Our website is www.mainsite.com and the wordpress is on www.blog.mainsite.com. Now there is a requirement that the blog appears as…
Goli E
  • 895
  • 1
  • 11
  • 20
2
votes
3 answers

MySQL database access prevention

I am doing a PHP website for a client who deals with third party financial information, and he is concerned about the developmers (me) having access to all the information, which is obviously a valid concern. I am currently hosting on a shared…
Kobus Myburgh
  • 179
  • 1
  • 1
  • 8
2
votes
4 answers

FOUO on hosted sharepoint

I and few of my fellow employees were asking if it was okay to put FOUO (NSA issued) documents on SharePoint. The main justification was that its password protected (which is correct). But its a hosted site so we don't have ultimate control over the…
Crash893
  • 351
  • 1
  • 10
2
votes
1 answer

Employ fscrypt to securely protect, from data-at-rest exposure, all files+data installed after an initial Linux system build?

Our team's goal We want to protect our sensitive data from being potentially data-at-rest exposed after we relinquish a Linux VPS (see below) provided by a hosting service. We're exploring simple(r) fscrypt usage to potentially solve this…
Johnny Utahh
  • 131
  • 6
2
votes
3 answers

Multiple wp-login.php attack on shared hosting

I am hosting more than 20 WordPress website on a single server. The server has other cms based websites too. For better security, I have used CloudLinux CageFS which encapsulates each customer. Even if one WordPress site gets hacked then there is no…
Prakash
  • 332
  • 2
  • 14
2
votes
1 answer

Paypal and PCI Compliance

I currently manage a few of my client's websites on a couple shared hosting providers "A2Hosting" and "Interserver". My client wants to make a simple webstore and accept payments from said webstore. I was going to implement this by passing off the…
JJWillMC
  • 23
  • 3
2
votes
0 answers

Digital Ocean WordPress droplet security precautions

I'm a front-end and WordPress developer. A week ago a number of my sites got hacked on shared hosting. The sites were built to a high standard, from scratch, using Underscores. I only use a small number of reputable plugins (ACF, Gravity Forms and…
Sam
  • 186
  • 7
2
votes
2 answers

Can the `system` function pose severe security threats on a shared hosting server?

I recently bought an account from a shared hosting company and I needed the php system function to be enabled for one of my projects. So I created a ticket and asked them to enable it. This is what they responded: Enabling the system function poses…
2hamed
  • 123
  • 4
2
votes
1 answer

Can /etc/passwd file be accessed on a cpanel shared hosting account?

Given standard server hardening was performed, can the /etc/passwd be accessed by a shared hosting account by using PHP or Perl scripts which is executed from the public_html of the shared account?
IMB
  • 2,888
  • 6
  • 28
  • 42
2
votes
5 answers

Am I a Hosting service provider in a sense of PCI-DSS SAQ D Appendix A?

My company provides web applications to third parties. We develop, host and manage the applications ourselves. All access that third parties get is the application itself and a separate management/configuration application which is also a web…
Aleksandar Ivanisevic
  • 233
  • 1
  • 3
  • 6
2
votes
1 answer

Is letting users run lslogins on a shared host a security risk?

I have an account on a shared host from which I run several websites, and I noticed that lslogins is working: I get a list of the other users on the machine, their UIDs, GIDs, time of last login, GECOS fields, last IP address from which login…
user88034
  • 21
  • 1
1 2
3
4 5 6