IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [web-hosting]

A type of service that allows a website to be made accessible via the internet. Web hosting can consist of storage space plus access to a website running a variety of technologies all the way up to fully dedicated servers provided by a third party.

Web hosting is a type of service that allows a website to be made accessible via the internet. Web hosting can consist of storage space plus access to a website running a variety of technologies all the way up to fully dedicated servers provided by a third party.

Related reading

116 questions
133
votes
3 answers

Is HostGator storing my password in plaintext?

I want to bring this up to HostGator, but want to verify my suspicions before making a big fuss. I asked a customer care representative to help me add an SSL certificate to a site I host with them. When he was done, I received this e-mail with all…
Marquizzo
  • 1,907
  • 4
  • 9
  • 13
97
votes
10 answers

If a provider sees the last 4 characters of my password, can they see it in full?

I have some domains/websites as well as emails with Bluehost. Every time I need support, they need the last 4 characters of my main password for the account. They cannot tell me how they store the password, so I am intrigued in how they could…
rhymsy
  • 1,212
  • 1
  • 10
  • 15
33
votes
4 answers

Why are SSL certificates an annual expense?

I understand SSL certificates cost money because of reputation: most/all web browsers have a limited list of companies that demonstrated they are trusted sources of SSL certificates and therefore don't present users with a Back To Safety! screen for…
user1717828
  • 2,392
  • 13
  • 19
28
votes
3 answers

Pentesting against own web service hosted on 3rd party platform

I want to pentest websites and services programmed by our company, which is fine as long as we test it on our own infrastructure. What are the (legal) implications when pentesting our services once they have been deployed to other platforms like…
knipp
  • 589
  • 5
  • 14
21
votes
4 answers

How to keep a shared web hosting server secure?

What are the ways of keeping a shared LAMP server secure, assuming SSH access is available for every user? Edit: I am mainly thinking of securing the server from the users themselves and between themselves.
Olivier Lalonde
  • 5,039
  • 8
  • 31
  • 35
18
votes
6 answers

Is showing your IP address in the URL a bad practice?

Someone told me that showing your IP address in a URL (like http://192.0.2.34/default.html) is easier to hack. Is that true? I could trace any domain name and get its IP number as well.
Delmonte
  • 423
  • 1
  • 4
  • 7
15
votes
3 answers

VPS security best practice

I've just signed up for a linux VPS to host a website I've been creating and I need some advice on the best approach to secure it. I've previously been hosting it off a VM in the house, but I want to get rid of that. So security has been handled by…
Martin
  • 303
  • 3
  • 8
13
votes
4 answers

Accessing multiple sites via HTTPS produces different, unrelated content (Peugeot club via HTTPS)

I've come across a random website Moodoo.cz. The interesting thing is that if you access it via the HTTPS: Moodoo.cz, the content completely changes. It is not that unusual - I guess server can serve different content for different protocols. But…
Jeyekomon
  • 240
  • 2
  • 7
10
votes
3 answers

What risks are involved in exposing our home computers over the public internet?

I'm currently running a webserver from home accessible on the public internet via a static IP. What kind of risks are there in doing so? From what I understand, the setup will not allow connections besides port 80 and thus my network and computers…
Pacerier
  • 3,253
  • 6
  • 34
  • 61
7
votes
2 answers

Manage SSL certificates for a multi-tenant website

We have given customers the option to allow custom domains which ultimately point to our server by changing the CNAME. Some of our customers would like to have SSL enabled to their domain but I am wondering how to manage certificates for them. I am…
Chandra Paudel
  • 71
  • 3
7
votes
3 answers

Should I store my intellectual property / code online?

As a hosting company we have gathered a busload of information over the years that are pretty much confidential. This information includes code, graphics, ERD diagrams, SEO strategies and so much more. As our company expanded, we have now reached a…
rockstardev
  • 173
  • 4
6
votes
3 answers

My sites have been hacked by cpamatik.com , it passes all security checks with Google and Sucuri, but still redirects, any idea?

Almost all my sites got hacked by cpamatik.com virus All CMS were up to date, plugins, modules etc..(Drupal and Wordpress) , some sites I have logged in to work on, but some sites I haven't touched in months, so the hack wasn't inadvertendly…
Bruno Vincent
  • 193
  • 1
  • 5
6
votes
1 answer

Find Security Flaws in My Payment Page

I've done some extensive research about how to secure your website from card fraud. iFrames do a pretty good job of this, however, It can still be worked around from certain exploits. Many payment providers have now moved away from 'Hosted Payment…
Matt The Ninja
  • 69
  • 3
6
votes
2 answers

Securely decommissioning a dedicated server

One of my dedicated hosting CentOS servers hit 12 years. I received an end-of-life notice on it, and I started receiving SMART errors as well. I guess it's time to let it go. But before I do, I'd like to try and securely erase any left-over…
Milen
  • 1,148
  • 6
  • 12
6
votes
2 answers

How can bulletproof hosting be feasible?

Bulletproof Hosting Providers (BPHS) allow servers containing illegal porn, malware, organized (cyber)crime, major spam and all this on the WWW? If Spamhaus can block the entire subnet of such a BPHS why can't the government? i.e. How can a BPHS…
Manumit
  • 579
  • 1
  • 5
  • 19
1
2 3 4 5 6 7 8