How to Determine if your Sensitive Data is Safe in Shared Hosting

How to Determine if your Sensitive Data is Safe in Shared Hosting

Computer Security News

RELATED NEWS

How To Track Profile Views On Facebook?

Ahmadinejad to auction his car for charity

EU-U.S. Summit Joint Statement

All-party meet fails to break logjam, opposition firm on JPC (Second Lead)

Statements by European Foreign Ministers in Support of the New START Treaty

Fact Sheet on the United States' Relationship with the European Union: An Enduring Partnership

2G spectrum probe: CBI tells apex court charge-sheet in March

Integrity rule also for judicial posts, government tells court (Second Lead)

Afghan handicrafts, dry fruits lure retailers at Delhi IITF

Organic farming meet to be held in Gujarat

By Angsuman Chakraborty, Gaea News Network
Friday, August 26, 2005

One of the strong security concerns in shared hosting environments is whether your sensitive data like MySQL server login/password or other login/password is actually safe from other users sharing the same web hosting machine.

Few shared hosting providers do not provide telnet/ssh. They are normally more secure. However I would not recommend them for two reasons.
First and foremost it is extremely lame to actually pay for hosting and yet not have ssh/telnet access. It is very useful for any decent site.

Secondly if the web host provides php or cgi-bin access then security is nevertheless as weak (or strong) as an account with ssh/telnet access with one possible exception.
When you are logged in with ssh/telnet you are logged in as yourself with the permissions as assigned to your login. However when you are accessing the file system from a cgi script your permissions are that of the cgi script. When you are accessing through PHP, your permissions are the same as that of Apache server. If a single instance of Apache server is serving all the users then it is likely that the server and the php script has access to user directories.

Lets assume you have ssh/telnet access. To do a basic security check login as yourself and run the following commands:

cd ~/
ls ..

If you can see any users directory then note one of them. Say it is john. Now run the following:

ls -l ../john

If the directory listing is shown then you already have a problem. Now try to cat (display) any file in the directory. If you are successful then you have a serious problem. Others can similarly view your files. You need to contact your shared hosting provider ASAP.

If you do not see any users after the first step then try to guess some user name and perform the remaining steps. Sometimes the base directory is not listable and yet individual user directories are.

For users with php/perl/python access the process of testing is essentially the same. Just go to ~/../ and try to list the user direcrtories. Follow steps as above.

If your shared hosting provider is not protecting your data from other users in the network then it is time to start looking for new web hosting provider. It is simply not safe to stick with him.

NAME :	(REQUIRED)
MAIL :	(REQUIRED) will not be displayed
WEBSITE :	(OPTIONAL)

YOUR COMMENT :
	Submit Notify me of followup comments via e-mail

Older News