Shared hosting is often the most economical form of website hosting as multiple websites reside on a single web server and so the server costs are spread amongst lots of people. However this economization and common usage of a single web server also means that untrusted and unknown account holders have access to the server that is hosting your web site. This leads to potential security weaknesses which ultimately will detract from your website security.
Although all operating systems allow for each user to protect their files using file permissions, they also allow for the use of user groups. On a web server the user group is often common as all the hosting account are bundled together which allows a server component, such as the HTTP server, to access the files (to serve web pages) of the whole group. However this convenience is also a point of weakness and can potentially allow other account holders to access files of other users. Also it is all too easy to misconfigure file permissions and grant access to other account holders by mistake.
Another drawback in using shared web hosting is that each of the server components are shared among all the account holders. This means that if a hacker manages to breach the security of one user’s web site, the common components, like the database server and the email server, are now exposed for all sites hosted on that machine. By exploiting a weakness in one site the hacker can now potentially access all the sites on the server. This means that your website security, in many ways, lays in the hands of a complete stranger who is running a web site on the same server as you.
Any web site that wants to protect the user login process with SSL and HTTPS, or any web site that provides eCommerce needs an SSL certificate. Some shared web hosting providers offer a “common” SSL certificate for all the websites that run on one of their server, however there are negative points to using them. Firstly it is still possible for another account holder, using the same server as you, to spoof your website and trick users into connecting to their web site instead of yours. This rogue web site could then convince users to enter personal information, including financial information. As well as doing harm to your customers, it does harm to your brand. Secondly the SSL certificate details will be that of the hosting provider and not your business / website. Users (and their browsers) will be naturally cautious of the validity of the certificate. To improve your website security with SSL a dedicated server is preferred.
An unfortunately all too common method of attack used by cyber criminals and hackers is the “denial of service” attack. Here the hacker launches an attack on the server designed to overwhelm the server and so deny its users access to the website. When using a shared server a denial of service attacked launched against one web site will affect all the web sites on that server. Although the targeted site has no link or affiliation with your site, all the sites on the server suffer. The shared nature of the hosting can lead to a degradation in services and a drop in the overall level of your website security.
© 2011 – ArtSec Group LLC