Shared Hosting And Security Vulnerability

As web developers, many come to learn programming code via shared hosting.  Perhaps it is a service provided by an ISP or a separate entity.  While handling scripts in this type of environment is fairly easy, there are also a number of security issues that may arise.  Making yourself familiar with these challenges will help you to implement better security for your site and actually understand how a shared web server functions.

Basis of a Shared Server

Shared servers offer some of the most affordable hosting available.  This is primarily due to the fact that several clients are hosting sites on a single server, thus sharing the cost of it as well.  Usually, each website owner on the machine has a user account which gives them access to the server.  They have the ability to log in and upload text files, images and other content required to build their website.  While server space and resources are being shared, this type of hosting normally provides a reliable service with quality features.

The Problem with Apache

The average shared server has at least one Apache web server running on it.  It also contains the PHP programming language or executable CGI scripts.  That copy of Apache maintains all incoming HTTP requests for each site functioning on the server.  In order to serve your website to the world, Apache must be able to interpret your HTML and CSS files, PHP scripts, images and so forth.  Web-based applications such as blogging software and content management systems also require write access to the directories of your website.

Read and write access is typically granted by configuring group permissions on a specific file or directory.  Each user account and the Apache server are essentially members of the same group.  An FTP daemon is often set up by default to ensure the group’s ability to read access to all files uploaded to the server, enabling Apache to the serve the websites.

The copy of Apache runs as a single user regardless of what site is being served.  As a single user, it has the ability to read access to each site on the shared server.  More than likely, it will also have write access to most, if not all of these sites as well.  Because of this vulnerable structure, an intruder only has to break into a single site on the server, which will in turn give it access to every other site hosted on the machine.

Here is the most intriguing part of all.  The intruder doesn’t necessarily have to break into the server.  All they have to do is sign up as a web hosting client, purchase a legitimate account and upload scripts that give them access to other sites on the server.  One with enough smarts can easily steal any data they want while going undetected.  How is this possible?  The answer is simple - the uploaded content is executed by Apache which has access to all files for every site host on the server.  This includes all PHP scripts that contain usernames and passwords for sensitive MySQL databases.

Final Thoughts

The purpose of this article is not to deter you away from shared hosting, only to inform.  There are a number of companies providing shared hosting who have gone great lengths to provide reliable service.  Nevertheless, the vulnerabilities are real and continue to exist.  For this reason, it is imperative that you inquire within a particular host about what measures they have taken towards the preventing exploitation of PHP and Apache.

Share this article:

(No Ratings Yet)

 Loading ...

Aug 13, 2008 : Security Issues No responses yet

The Importance of Scripting Languages

In order to make your website truly stand out with dynamic content, you must possess at least a basic knowledge of programming languages. There are many different scripts available, some which have been designed for server-specific environments. While most have the same basic features, some are more complex and advanced, giving them capabilities others do not.

When deciding what script you want to work with, you should first consider how easy is it to learn. For instance, it would be pointless to train yourself on ASP programming if your web host only supports PHP and CGI scripts. External factors that impact your ability to program with a certain script should also be taken into consideration. An example would be the MSSQL database management system which can be converted to support PHP but is more suited for Microsoft technologies such as ASP. Another factor that needs to be considered is the amount of support that is available for a particular language. This is critical to the new webmaster who requires a bit of guidance. The good thing is that open-source languages such as PHP and Perl have a large community of developers and users who contribute to the code and post self-help resources on the web.

Features

It is important to consider the features a particular script offers before deciding on whether or not to use it. Some languages have been designed with features that will keep them more current with the latest technologies. Microsoft uses an AJAX toolkit for it’s ASP.NET server side scripts to ensure that developers have the ability to keep their sites up to date. Scripting languages can be enhanced with add-on components which can be used to create blogs, chat rooms, message forums, shopping carts and much more. When looking for a website provider, be sure to learn what scripts they provide so you will know exactly what can be done with them.

If you are totally new to the world of web hosting and development, choosing an open-source programming language may be your best option. These type of scripts have far more useful resources available which will enable you to learn the language much faster. This will come in handy when your traffic grows and the site requires expansion.

If you do choose to code your website with a commercial scripting language like ASP, expect to pay a much higher cost for service. The costs for these scripts are generally higher, meaning the web hosts pass fees down to the consumer to compensate. Many of these languages also lack the support system found with open-source scripts which may be costly in regard to training.

Programming scripts are a very important element of web designing. They are very powerful tools and can be used to enhance the functionality of your site. Programming scripts determine how the site can be managed in the way of databases as well as the level of interactivity your visitors will have. Aside from creating a dynamic content for your own website, the knowledge of web-based scripts may land you a job in IT where the most skilled designers are paid quite handsomely.

Share this article:

(3 votes, average: 3.67 out of 5)

 Loading ...

Aug 04, 2008 : Scripting No responses yet

Fantastico - cPanel Tutorial Ch.5

Fantastico is known as a popular library for commercial scripts.  It is commonly used as a third party add-on that works with cPanel.  It was designed to automatically install applications into a website and eliminate the need to upload files through FTP.  These scripts are executed from the administrative area of your website.  Websites running Fantastico scripts are said to be installed by over 10, 000 servers.  With millions of users on a global scale it is easily the most used product of its kind.

Fantastico is generally used at the creation of a new website or when new applications are added.
These scripts are able to create tables within a database, install other software and modify the configuration files of the web server.  It also acts an installation program for scripts in a primary domain, add-on domain, subdomain or even a directory.  This provides users with the ability to install a variety of different scripts.  

Fantastico is an open source software that welcomes many different components.  Some of the most frequently used scripts available for installation are listed below:

- Blog Scripts: Wordpress, Nucleaus, b2evolution
- Content Management Systems: Drupal, Joomla, Mambo, PHP Nuke, Post Nuke Siteframe and more.
- Customer Support: PHP support tickets, Help Center Live, Support Logic Helpdesk, Support
 Service Manager.
- Discussion Boards: PHPBB2, SMF
- E-commmerce: Zen Cart, OS Commerce, CubeCart
- FAQ: FaqMasterFlex
- Guestbooks: Viper Guestbook
- Hosting Billing: PHP Coin, Account Lab Plus
- Image Galleries: 4images Gallery, Coppermine Photo Gallery
- Mailing List: - PHPlist
- Surveys and Polls: PHP Surveyor, Advanced Poll
- Project Management: PHP Projekt, dotProject
- Site Builders: Templates Express
- Wiki: TikiWike, PHP Wiki

MORE SCRIPTS

Moodle, Noah’s Classifieds, Open-Reality, PHP Auction, PHP Form Generator, PHPAds New and Web Calender.

Fantastico integrates smoothly with well over 50 web applications, enabling you to take full control of your website. 

INSTALLING FANTASTICO ON CPANEL 

The installation of Fantastico does not require the download of any files.  After opening your server type in the following command:

cd /usr/local/cpanel/whostmgr/docroot 
rm -Rf fantastico* 
wget -N http://netenberg.com/files/free/fantasticoinstaller.tgz 
tar xzpf fantasticoinstaller.tgz 
rm -f fantasticoinstaller.tgz 

After logging into the cPanel you should notice an icon for the latest version of Fantastico.  By clicking the icon you will be taken to a new page.  Find the install tab and click it.  You will then follow these installation steps:

- Select the version of Fantastico you wish to install onto the cPanel.
- Leave your theme area set to default unless you already have one in mind.
- Check all your scripts as active
- Keep the wget binary path unless you plan to make adjustments.  Leaving it this way is typically suitable for most users.
- Select the appropriate drive for disk space
- Make adjustments to CRON notifications.  You can leave them off unless you plan receive them in your email.
- Choose to receive automatic updates on Fantastico on a daily basis.

After these settings have been made you find the “install” tab and click it.  Installation may take a few minutes before all files are processed.  When installation is complete you will activate Fantastico via the “Features Manager” in cPanel.  After checking the box next to Fantastico you simply click “save” and the application is activated.

Share this article:

(No Ratings Yet)

 Loading ...

Apr 10, 2008 : cPanel Tutorials No responses yet