Tag Archive 'shared server'

Shared Security Risks

If you are like many newcomers emerging online, you are working with a modest budget and looking for an affordable web hosting plan.  In this scenario, a shared host would be the most cost-effective option as you can easily find a plan for under $10 a month.  If this is the path you choose, be warned of all the potential security issues that will be shared.

How Shared Hosting Works

A company that offers a shared hosting service runs numerous websites on a single server.  This allows the provider to enjoy convenience and savings as the hosting customers are paying the costs of the server.  The problem with this situation is the flexibility today’s shared host offers its customers, freedoms that open up numerous security holes.  With the ability to code with dynamic scripting languages such as ASP, PHP or Perl, domain owners can make critical mistakes that have an adverse impact on the entire server.  They could also launch attacks on other users hosting on the machine.

Many pre-installed software solutions typically require you to permit the server to read, write and execute your files, leaving them vulnerable other users on a shared server.  Although software developers have come up with a several safeguards, there is no surefire way to protect data in a sharing hosting environment.  Some applications attempt to make files only available to the domain owner.  However, because there needs to be write access, many of these programs make it possible for other domain owners to write files to a particular domain.  The same functions that grants a user flexibility opens up the door for potential abuse on a shared server.

If a web host permits the use of sensitive functions such as EXE. (execution), you should be very cautious about incorporating add-on programs, including those useful applications that come included in the Fantastico script installer.  To be on the safe side, you should first contact a provider and ask if the server grants other users with access to functions that enable files to be written to your directory.  If the host permits the use of the execution function, you may want to consider moving to a different hosting environment, especially if you are storing sensitive data on your website.

Conclusion

One of the most secure solutions for hosting your website is a dedicated server as you have the entire machine to yourself and are not exposed to potential threats posed by shared users.  When you are looking to save money, this may not be practical.  If shared hosting is your only option, do a little research on the provider to ensure that you are getting a secure and reliable service.  Always make sure that other domain owners cannot access commands that allow them to write files to your domain.  You should also remain cautious when installing open-source applications and working with scripting languages.  These technologies should be kept up to date to ensure the best functionality and security.  While you can’t ensure 100% protection on a shared server, there are ways to limit your vulnerability.

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5 out of 5)
Loading ... Loading ...

Dec 09, 2008 : Shared Hosting No responses yet

The Two Sides of Shared Hosting

Shared hosting is the most cost effective way to get a website of your own, thus the main reason why it is so popular among personal users and small to medium sized businesses.  So why is shared hosting so affordable?  It’s rather simple.  Multiple users are hosting their sites on the web server and essentially sharing the costs.  Despite the convenience and cost-efficiency, shared hosting often gets a bad rap.  In this article we will share some of the concerns and cover the advantages and disadvantages that come along with the shared server.

The Good Side

Not only is shared hosting more affordable, it also enables the easy management of your website.  Unlike a dedicated hosting environment, you don’t have to worry about the technical challenges associated with maintaining the server which generally includes updating the operating system, installing software and other tasks.  This is all handled by the web hosting company who basically gives you a pre-installed platform already configured for client-side management.

The Bad Side

The factor that makes shared hosting so great is the very thing that presents drawbacks.  The nature of this environment can result in problems to every site hosted on the server.  Even if one site on the machine experiences a sudden burst in traffic or makes a critical scripting error, the available resources of every other user could be impacted to a point where their sites become incredibly slow or completely inaccessible. While this is very inconvenient for someone trying to run a successful business, reliable hosts constantly monitor the performance of their web servers for such problems.  This gives them the ability to quickly address issues by temporarily shutting down the machine and performing the required maintenance.

Another disadvantage of shared hosting relates to the limitations you are forced to endure.  What you get is what you get, which is generally a certain amount of bandwidth and disk space, databases, scripting languages and a couple of pre-installed software applications.  So what happens when you want to utilize a particular script or program that is not available on the server?  Nothing.  You simply miss out.   This can present numerous problems as the average shared host simply cannot structure their service to benefit a single user.  When coupling the fact that so many providers are overselling their service with unlimited this and unlimited that, you have a situation that may not be worth the incredibly low price after all.

The Determining Factor

In the end, a reputable shared hosting company is really all that matters.  When doing business with a company that has established a proven track record, you can host your site in confidence and cater to thousands of visitors everyday.  In order to ensure a smooth performance, we suggest looking into a provider and finding out about how many sites they a running on a single server.  Additionally, you should look for signs of reliability in the form of a respectable uptime and customer support in case something does go wrong.  If everything is intact, you can enjoy all the benefits of an economical web hosting service without much worry about performance and security issues.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5 out of 5)
Loading ... Loading ...

Oct 29, 2008 : Shared Hosting No responses yet

The Benefits of Dedicated Server Hosting

Hosting your site on a dedicated server is more expensive than the shared hosting environment. However, dedicated server hosting proves far more advantageous in the end.  Despite the claims of a shared web host, the servers they use can never be 100% stable, simply because they are maintaining hundreds to thousands of sites.  Their servers are prone to a number of variables such as overloading, poor scripting by shared users and so forth.  The dedicated server allows the webmaster to avoid these common issues as the only site you have to worry about is your own.

The very nature of a dedicated hosting account reduces your dependency on a traditional provider, allowing you to bypass probable expenses and time delays.  This environment gives you tremendous flexibility to offer a hosting service of your own, something that it is not possible with a shared host.  A dedicated server will enable you to provide the same type of fast, reliable service you look for in a web host.  This is critical in a business where word of mouth can work against you or in your favor as an effective promotional tool.

While a dedicated server isn’t for everyone, it is simply invaluable for website and graphic designers who demand a powerful hosting solution.  This approach makes it easier to generate revenue with a solid performance and stable platform that significantly reduces downtime.  With full access to your server on a 24/7 basis, you can easily adjust, edit and update the sites of your clients in minutes.  This reduces labor expenses for the end-user and creates more profits for you when your clients are satisfied with the overall quality of service.

Do You Need a Dedicated Server?

How do you know if you need a dedicated server?  The answer usually lies in performance  and statistics.  By using your web analytics tool you can view how many visitors you’re losing out on because the site takes too long to load or because it just wasn’t up and available to access.  This can be very deterring when you start to wonder how many of those visitors could have been regular paying clients.  If this is something you have experienced with a shared host, it is definitely time to make a much needed upgrade to dedicated server hosting.

High performance is essential to any business whether they’re receiving a high volume of traffic or just starting out with an online venture.  A website that loads quickly with fast and easy downloads gives the visitor indication that your service is equally reliable, increasing your chance of making that conversion.  Quality performance also enhances the image of your company as it will likely encourage existing clients to refer others to the service.  This equals less promotional efforts and possibly more sales.

The benefits of dedicated server hosting are endless.  Although the shared server environment is suitable for a range of hosting needs, there is only so much you can do with.  If you are truly serious about your web presence, getting a dedicated server is one of the best moves you can make.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 4 out of 5)
Loading ... Loading ...

Oct 16, 2008 : Dedicated Servers No responses yet

The Most Popular Myths Pertaining to Colocation

For most small and medium sized businesses, colocation hosting is unchartered waters, a vast ocean filled with uncertainty.  Along with the fact that this solution offers a totally different environment, the vast amount of misconceptions also attribute to a clouded decision making process.  In this article we will detail some of the most widely spread colocation myths and debunk them accordingly.

Colocation is just another name for managed hosting: This is far from the truth.  In a conventional managed arrangement, your site’s programming language resides on someone else’s server which is also owned by the web hosting company.  In the colocation environment, you own the hardware and software components and physically locate them on the grounds of another company.  Instead of sharing server space with hundreds to thousands of users, your website has it’s own server and associated components.  This setup prevents you from competing for critical resources such as bandwidth, storage and CPU.

Colocation makes it difficult to manage your systems: The overall convenience of colocation all depends on the host you choose and where their data center is located.  When upgrades and maintenance needs to be handled, members of your IT staff can make the trip and take care of them.  For most daily operations, an offsite data center isn’t any more convenient than having your equipment stored in-house.  However, a colocation facility is likely to provide more space with better organization and security than the small area you designated as a server room.

Colocation isn’t as secure as onsite hosting: While this depends on the security implementations of one’s in-house environment, colocation hosting tends to be much more secure.  These data centers house your equipment separately from the hardware of other clients, keeping it secure in monitored cages.  The facilities are equipped with a wide range of security technologies from firewalls and intrusion detection systems to solid physical security.  They often provide a level of security that most small businesses can’t afford. 

Colocation is not reliable: Here is another off-based misconception.  Most colocation centers employ redundant backups, internet connections and power sources.  Some of them run at minimal capacities so competition for resources isn’t an issue.  A reputable company will keep trained IT professionals on-site day in and day out to handle outages and other technical problems that arise.

Colocation is less flexible than managed hosting: Although some offer servers and associated components, for the most part, all you are leasing with colocation is physical space for your equipment and internet connectivity.  All the hardware and software is owned by your company, giving you complete control of what runs on your servers and how powerful they can actually be.  In a managed environment, server speed and available software is only as efficient as what the company offers. 

Colocation provides limited support: Contrary to some beliefs, most colocation services provide their clients with exceptional support in the way of physical and network security, data recovery, cooling and power systems and much more.  Best of all, they typically offer customer service in the form of email and phone support where professionals can be reached to address all of your concerns.  In regard to assistance with your systems, colocation support is only limited by what you’re willing to pay.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5 out of 5)
Loading ... Loading ...

Sep 26, 2008 : Colocation Hosting No responses yet

Shared Hosting And Security Vulnerability

As web developers, many come to learn programming code via shared hosting.  Perhaps it is a service provided by an ISP or a separate entity.  While handling scripts in this type of environment is fairly easy, there are also a number of security issues that may arise.  Making yourself familiar with these challenges will help you to implement better security for your site and actually understand how a shared web server functions.

Basis of a Shared Server

Shared servers offer some of the most affordable hosting available.  This is primarily due to the fact that several clients are hosting sites on a single server, thus sharing the cost of it as well.  Usually, each website owner on the machine has a user account which gives them access to the server.  They have the ability to log in and upload text files, images and other content required to build their website.  While server space and resources are being shared, this type of hosting normally provides a reliable service with quality features.

The Problem with Apache

The average shared server has at least one Apache web server running on it.  It also contains the PHP programming language or executable CGI scripts.  That copy of Apache maintains all incoming HTTP requests for each site functioning on the server.  In order to serve your website to the world, Apache must be able to interpret your HTML and CSS files, PHP scripts, images and so forth.  Web-based applications such as blogging software and content management systems also require write access to the directories of your website.

Read and write access is typically granted by configuring group permissions on a specific file or directory.  Each user account and the Apache server are essentially members of the same group.  An FTP daemon is often set up by default to ensure the group’s ability to read access to all files uploaded to the server, enabling Apache to the serve the websites.

The copy of Apache runs as a single user regardless of what site is being served.  As a single user, it has the ability to read access to each site on the shared server.  More than likely, it will also have write access to most, if not all of these sites as well.  Because of this vulnerable structure, an intruder only has to break into a single site on the server, which will in turn give it access to every other site hosted on the machine.

Here is the most intriguing part of all.  The intruder doesn’t necessarily have to break into the server.  All they have to do is sign up as a web hosting client, purchase a legitimate account and upload scripts that give them access to other sites on the server.  One with enough smarts can easily steal any data they want while going undetected.  How is this possible?  The answer is simple - the uploaded content is executed by Apache which has access to all files for every site host on the server.  This includes all PHP scripts that contain usernames and passwords for sensitive MySQL databases.

Final Thoughts

The purpose of this article is not to deter you away from shared hosting, only to inform.  There are a number of companies providing shared hosting who have gone great lengths to provide reliable service.  Nevertheless, the vulnerabilities are real and continue to exist.  For this reason, it is imperative that you inquire within a particular host about what measures they have taken towards the preventing exploitation of PHP and Apache.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Aug 13, 2008 : Security Issues No responses yet

Next »