Web Hosting Reviews & Ratings

December 09, 2008

Shared Security Risks

If you are like many newcomers emerging online, you are working with a modest budget and looking for an affordable web hosting plan.  In this scenario, a shared host would be the most cost-effective option as you can easily find a plan for under $10 a month.  If this is the path you choose, be warned of all the potential security issues that will be shared.

How Shared Hosting Works

A company that offers a shared hosting service runs numerous websites on a single server.  This allows the provider to enjoy convenience and savings as the hosting customers are paying the costs of the server.  The problem with this situation is the flexibility today's shared host offers its customers, freedoms that open up numerous security holes.  With the ability to code with dynamic scripting languages such as ASP, PHP or Perl, domain owners can make critical mistakes that have an adverse impact on the entire server.  They could also launch attacks on other users hosting on the machine.

Many pre-installed software solutions typically require you to permit the server to read, write and execute your files, leaving them vulnerable other users on a shared server.  Although software developers have come up with a several safeguards, there is no surefire way to protect data in a sharing hosting environment.  Some applications attempt to make files only available to the domain owner.  However, because there needs to be write access, many of these programs make it possible for other domain owners to write files to a particular domain.  The same functions that grants a user flexibility opens up the door for potential abuse on a shared server.

If a web host permits the use of sensitive functions such as EXE. (execution), you should be very cautious about incorporating add-on programs, including those useful applications that come included in the Fantastico script installer.  To be on the safe side, you should first contact a provider and ask if the server grants other users with access to functions that enable files to be written to your directory.  If the host permits the use of the execution function, you may want to consider moving to a different hosting environment, especially if you are storing sensitive data on your website.

Conclusion

One of the most secure solutions for hosting your website is a dedicated server as you have the entire machine to yourself and are not exposed to potential threats posed by shared users.  When you are looking to save money, this may not be practical.  If shared hosting is your only option, do a little research on the provider to ensure that you are getting a secure and reliable service.  Always make sure that other domain owners cannot access commands that allow them to write files to your domain.  You should also remain cautious when installing open-source applications and working with scripting languages.  These technologies should be kept up to date to ensure the best functionality and security.  While you can't ensure 100% protection on a shared server, there are ways to limit your vulnerability.

Tags: dedicated server,  ASP,  affordable web hosting plan,  security,  php,  Perl,  fantastico,  dynamic scripting languages,  shared server,  security risks