Portal Home > Knowledgebase > Articles Database > Can my blog be hacked on shared hosting if my neighbour is hacked?
Can my blog be hacked on shared hosting if my neighbour is hacked?
| Posted by zobe, 03-06-2011, 04:37 PM |
| If I have a Wordpress blog on shared hosting and another user with a different account but sharing the same server is hacked can they bring down or deface my blog too?
Thank you
|
| Posted by greecejoe, 03-06-2011, 04:44 PM |
| Depends on the hosting solution/technology/implementation/management.
|
| Posted by CoderJosh, 03-08-2011, 08:18 AM |
| Do you happen to know how your shared hosting provider runs PHP?
|
| Posted by Patrick, 03-08-2011, 09:19 AM |
| It's very possible. If they are not using FastCGI or suPHP and all the files are owned by nobody, then they could in theory access your files and make malicious changes under the right circumstances. Another option is that if another user gets compromised and the attackers use a local root (admin) level exploit then they can obviously change anything on the server regardless of how well their PHP was setup.
In a shared hosting environment these things unfortunately happen from time to time unless the company is on top of security and really puts an effort into keeping everything up to date and secure.
|
| Posted by zobe, 03-08-2011, 09:42 AM |
| I haven't got a clue about how they run PHP, I am running a Wordpress blog and I am with HostGator.
Recently my Wordpress blog got hacked and I am still puzzled about how they exactly did it because everything was up-to-date and I had no old plugins or software running, all that HostGator tech support was able to tell me is that "we have found malicious scripts running in your account" and "we have now added extended logging", basically they don't know how it was done because the logs where gone even though I reported everything 48 hours after the hacking.
I am looking out of the box about what went wrong to stop this from happening again, it is very frustrating to have your blog hacked when you always make sure everything is updated and don't do stupid stuff, using the default options which are normally safe.
Last edited by zobe; 03-08-2011 at 09:49 AM.
|
| Posted by Patrick, 03-08-2011, 09:44 AM |
| What version of WordPress were you using?
I'm inclined to think that HostGator would have FastCGI or suPHP setup, so it's somewhat unlikely that another user on the server caused your website to be compromised. I know of a few people who worked at HostGator and their admins know their stuff.
|
| Posted by zobe, 03-08-2011, 09:59 AM |
| The latest Wordpress version, that is 3.1 I think, I always update my blog within 48 hours of a new version coming out.
I had two empty blogs running on the same account with the previous Wordpress version, 3.0.5 I think it was, not a very old version just like 0.1 behind, but none of those blogs got hacked just the one running the latest up-to-date version, which is the one I care about obviously.
|
| Posted by Hillockhosting, 03-08-2011, 10:41 AM |
| yes it quite possible using script which create symbolic links .
Recently we also have found such scripts
|
| Posted by zobe, 03-08-2011, 10:44 AM |
| What is quite possible Hillockhosting?
That an up-to-date Wordpress blog can be hacked the way you say or that a hacked site hosted on a shared hosting account can affect others in different accounts that way? I did not get what you mean, sorry.
|
| Posted by Hillockhosting, 03-08-2011, 10:46 AM |
| In shared server if one account is hacked other can quite be hacked unless you have a strong mod_security rule.
Even new wordpress can be hacked
|
| Posted by linux7802, 03-08-2011, 12:41 PM |
| Yes, if hacking script uploaded on your domain hosted server then your account will be get hacked. Its always better to implement security check for your blog every week and make sure that wordpress plugin and theme are up to date. Largly mod security disabled for wordpress sites which actually causing injections. so its always better to ask your hosting provider to disable specific mod security rule which causing to run your wordpress site , do not disable whole mod security rule ....
|
| Posted by BrentOfHG, 03-09-2011, 03:24 AM |
| The PHP implementation we use at HostGator is a modified/customized version of PHP4/5 executing via suPHP.
The security advantage of using suPHP or suExec is that any CGI or PHP executed from within a users account will execute AS that user and not the web server. This keeps a compromised cPanel account "contained" to within the user that was originally compromised. Obviously all domains owned by that certain user would be affected but other users on the server would be safe.
|
| Posted by zobe, 03-09-2011, 05:16 AM |
| Thank you for clearing that out HG, could you or anyone else explain how is it possible that one of my plain 100% HTML websites (consisting of 5 HTML pages) got hacked too?
I don't understand how they can do that, if they exploited some unknown PHP vulnerability on my Wordpress blog that is fair enough but how can that affect a different website/domain in the same account that has no scripts and no database, and it was all built using HTML mark up language?
(My sig would be one example of such HTML only website that got defaced/hacked)
Last edited by zobe; 03-09-2011 at 05:21 AM.
|
| Posted by BrentOfHG, 03-09-2011, 05:28 AM |
| If it's the same account one site being exploitable means they all would be.
If you have a reseller account and create separate accounts for each site then only the accounts with exploitable files would be hackable, rather then entire reseller account.
Please pm me your ticket number and I'll be happy to take a look to see if I can give any more specifics. It really sounds like they got through one of your outdated wordpress scripts.
|
| Posted by zobe, 03-09-2011, 05:56 AM |
| It has now been some weeks and that issue was already reported and looked into a second time by a HG supervisor after I posted a message at HostGator forums (I agreed to have that thread deleted and solve the issue via PM/email).
There is no point in doubling up your workload when it has already been done by someone else, thank you for your interest and explanation HG.
Last edited by zobe; 03-09-2011 at 06:00 AM.
|
| Posted by RackAlley, 03-09-2011, 06:09 AM |
| many plain html sites get hacked if the server (mainly apache) is old and not updated as well as PHP of course.
|
| Posted by foobic, 03-10-2011, 01:15 AM |
| If one of your Wordpress sites is exploited, and the server is running suPHP, the attacker will get full access to your account - other websites, email, everything. suPHP means PHP is running as your user, so PHP (or anyone with access to run scripts using it) can do anything you can do.
OTOH the advantage of suPHP is that it helps protect you from other users, or attackers to their insecure PHP scripts. When a website is exploited the attacker should be contained within the one account.
|
| Posted by CoderJosh, 03-10-2011, 04:09 AM |
| What others have written already is true, whenever there's a vulnerable site in your account, this site getting hacked can affect all the other sites under the same account. Also, if the server gets compromised due to outdated software, this can affect all the sites hosted on this server.
Besides these server-side threats, it also happens that FTP credentials are compromised, typically by malware on your local machine. This would allow an intruder to upload malicious files to the server even if the server itself is secure. It's therefor important to also make sure that your FTP (and Control Panel) credentials are secure. If in doubt, it's a good idea to change passwords (after ensuring that the local computer is clean) after an intrusion has happened, especially if it looks like the server is secure.
|
Add to Favourites 
Print this Article
Also Read
