Why Shared Hosting Can Be Bad For The Health Of Your Business

Discussion in 'Web Hosting' started by hackrepair, May 28, 2012.

?

Shared Hosting Security

  1. Shared website hosting may not be the best choice for a web designer with multiple websites.

    33.3%
  2. Shared website hosting is very secure and I don't believe my websites can be mass hacked.

    66.7%
  1. #1
    I receive quite a few calls every day from people whose websites have been hacked and in most cases the situation is exacerbated by the shared hosting plan they've chosen to host their website or websites.

    Analogy wise, a shared web hosting plan is akin to an open bay college dorm room, or an office building where all of the internal office doors share the same key. 2012-05-28_0947.jpg

    "If someone is going to steal your roommates stuff there's nothing stopping that person from stealing your stuff in the shared space as well."

    So, while convenient, "dorm room style hosting" trades security for convenience.

    There may also be legal liability issues relating to reselling shared web hosting in this way. If, for example, you host 20 client websites in a shared account, and you give any one of your 20 clients FTP access you will have effectively given that person access to the contents and databases of all of your 20 websites.

    Your first thought may be, "Dude, what the heck are you smoking! When I give FTP access out to my clients they only have access to their own directory space…"

    Well, here's the rub. If I'm an enterprising hacker, and I somehow get FTP access to any one of your shared domains, or you install a compromisable plugin on any one of your websites, all I have to do is use that to install a back door script, like FilesMan, and I'll have total access to everything within your account, from files, to images, as well as read and write access to all of your clients databases.

    Business ethics?
    Have you notified all of your clients that if one of your other websites is hacked it's likely their websites will be hacked as well?


    What is the solution?
    Well, while shared hosting of the "dorm room" variety is fine for a single business, shared website hosting plans can be quite risky for a web design business.

    "It takes less than 3 minutes for a hacker to hack or delete the contents of every website sharing the same shared hosting account files space."

    If this is not the risk you wish to take with your business then a reseller type hosting plan is your more secure option. A reseller hosting plan is one in which you may set up separate FTP username and passwords for each client, such that no accounts share the same files space. cPanel WHM (Web Hosting Manager) is currently the best and easiest to use reseller control panel. To locate a secure cPanel WHM web host type this into Google:
    "cpanel whm with daily malware scanning"

    Hopefully I've shed some light on the security ramifications of using shared hosting plans. If you have any questions please feel free to contact me.

    "Friends Don't' Let Friends Get Hacked"
     
    Last edited: May 28, 2012
    hackrepair, May 28, 2012 IP
  2. private_html

    private_html Member

    Messages:
    61
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    28
    #2
    or a web designer, a reseller hosting plan is quite possibly better?

    this way you can put each client/template on its own domain if you plan to host your customers, but if your just a designer and not a hoster, im sure a shared hosting plan will be just fine!
     
    private_html, May 28, 2012 IP
  3. Dj.c

    Dj.c Peon

    Messages:
    118
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Thank your for kind information and sharing.
    Your point of view do make sense but not completely correct, if shared hosting is not that good and dangerous then why most of the big boy in web hosting industry is offering this kind of services. As long as you have a secure and strong backend then the story is different or even how strong is your firewall, anti virus, anti-dos attack yet you are still getting hack by others people.

    Take a look on WHMCS issues - http://blog.whmcs.com/ (21-May), the entire backend databases is hacked by just a group of engineer. Comment me if i was wrong :)
     
    Dj.c, May 28, 2012 IP
  4. private_html

    private_html Member

    Messages:
    61
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    28
    #4
    Hi, im sorry, this makes no sense what so ever...

    I read english, but i cant work out what this means...
    also no only that, what does it have to do with the OP post?

    What does the WHMCS bit have to do with the OP post? he/she didnt even ask about whmcs, or anything like you have mentioned...

    If your just trying to spam your link, well thats not good, because to me, your website is only half finished, with alot of grammar mistakes in it :D
     
    private_html, May 28, 2012 IP
  5. Dj.c

    Dj.c Peon

    Messages:
    118
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #5

    I am sure you did not absorb fully what OP try to deliver besides that, you just make me laugh over my tummy that my site is half finish yet we are serving client since year of 2001. Did you ever play with Google search engine, insert the link that you have mention it is not complete. I am comfortable with my grammar and I am sorry for you but you need to get over with it :)
     
    Dj.c, May 28, 2012 IP
  6. private_html

    private_html Member

    Messages:
    61
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    28
    #6
    I am sorry, firstly,
    "I am comfortable with my grammar and I am sorry for you but you need to get over with it :)"
    should be: "I am comfortable with my grammar, and I am sorry, but you need to get over it :)" <--- in english :)

    I looked again the site seems fine, but it didnt load properly atall last night, must have been slow on the server?
     
    private_html, May 29, 2012 IP
  7. hackrepair

    hackrepair Member

    Messages:
    47
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    40
    #7
    Hi folks,
    Seems a few of you missed the point of the article. The body of my article has little relation to where you host your website or even server security.

    My hope was to point out that the "hosting plan" you choose may be dangerous for your web design business.
    Many hosts offer $5 buck hosting in hopes of drawing in naive customers with promises of unlimited yada yada, but they don't point out the security ramifications of doing so. And when your 10 websites are all hacked simultaneously their usual reply is, "sorry, we cant' help you...".

    Reality check is that many have chosen these so called unlimited plans without having foreknowledge that they are taking a huge risk in hosting multiple websites within the same public_html or www directory file structure.

    Hackers love these types of unlimited accounts, target them directly, and specifically target those hosts who promote them due to the mass hacking or defacing opportunities they offer.

    If you were a hacker, why hack a Wordpress blog on dedicated server account hosting a single website, when you can hack a web designer's website with 10+ websites, all nicely listed in the same directory; all with separate search engine advantage…. Bingo!
     
    hackrepair, May 30, 2012 IP
  8. humtuma

    humtuma Notable Member

    Messages:
    1,225
    Likes Received:
    24
    Best Answers:
    3
    Trophy Points:
    250
    #8
    You can not stop hacker in any way. The answer may be in 0 or 1 . Either you use the antivirus certificate for your business. When it is not possible in dedicated server , how it shared hosting. Risk is every where.
     
    humtuma, May 30, 2012 IP
  9. Dj.c

    Dj.c Peon

    Messages:
    118
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #9
    Yes you are right but some dudes at here is trying to over their reaction. As per mention in my previous post that WHMCS was hacked, would be a good sample for everyone. They do have a strong server to store all the DB but still getting attack. Meanwhile, private_html you may have open conversation with me at here; no need to send private message to me such like looking for a fight with me? How old are you actually?
     
    Dj.c, Jun 1, 2012 IP
  10. JFSG

    JFSG Active Member

    Messages:
    55
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    90
    #10
    The security really depends on the host or your management, not so much on shared, VPS, dedicated, cloud or anything else you can come up with.
     
    JFSG, Jun 3, 2012 IP