I’m curious about the state of web hosting security and its outlook for a year 2012 that indeed faces emerging significant challenges. I question from experience, as I’ve just recently been a victim on multiple occasions of my various web hosts’ sufferings of ‘dedicated denial of service’ (DDoS), ‘SQL injection’, and possibly other attacks.
For references indicating ‘dedicated denial of service’ (DDoS) attacks are increasing in frequency, see:
Early Friday night last week I was getting progress ahead of myself by placing some new ad spots on one of my websites. To insert the ad spots I opened one of the template files only to discover some foreign code littered and echoed throughout the file.
I believe I fairly instantly realized I was hacked, as the foreign code was too legible, was not machine binary misplaced .. it was ‘base64_decode’ followed by long hashed-out strings, and placed in periodic scattering throughout the document as if quite literally ‘injected’: sql injection.
I checked some of the other template files and it was there too, and throughout the other core files of the website software, which in this case had been WordPress.
I checked the domains hosted under over a dozen different users at the same host and thankfully all of them are clean and not affected; the infected user being my primary user account that I first created when registering with the host and under which I built a handful of eight or a dozen of my personal websites before questioning whether it might be beneficial to create each new website under its own user, for security purposes or in the unfortunate event of some breakdown or accident down the road (after deciding that would be wise I still added domains to the user on occasion by accident when hurriedly and carelessly constructing new domains).
I had to take those websites offline, and I have rebuilt most of them. I read of others who have found the same code in their domain folders in the comments on the host’s support blog. [http://www.dreamhoststatus.com/2012/01/20/changing-ftpshell-passwords-due-to-security-issue/] I wonder how rampant the invasion spread?
As I’m looking and trying to recall, I do recall a seperate incident from only days before:
Last night we detected some unauthorized activity within one of our databases. While we don’t have evidence that customer passwords were taken at this time, we’re forcing a change out of caution. [http://www.dreamhoststatus.com/2012/01/20/changing-ftpshell-passwords-due-to-security-issue/]
That was a pain to me in that I had to change all kinds of passwords for the users in my dozens of websites hosted there. Also there is the deeper threat of stolen passwords and personal information alleged to have been perhaps improperly stored in this company’s databases.[http://blog.dreamhost.com/2012/01/21/security-update/]
Since then that same host has gone almost entirely offline (save for a few lucky VPS nodes perhaps) for several hours when it was hit by a ‘dedicated denial of service’ (DDoS) attack. This is a very popular shared hosting and VPS hosting provider with a good reputation (despite obligatory detractors who’ve had the bad luck of bad experience) and decently clean uptime and security history, so while I understand that it might be a big target for such an attack, I must say I’m left feeling a little uncomfortable that it seems to happen so seemingly nonchalantly.
We’ve investigated the cause of the network outage and determined that a distributed denial of service (DDOS) attack severely impaired a network link between our border and core routers. We have DDOS mitigation systems in place, but given the increase in activity in 2012, we’d already been testing new more powerful systems to implement within the next month. We’ll be accelerating this implementation. [http://www.dreamhoststatus.com/2012/01/30/connectivity-issues-in-one-datacenter/#comments]
With all of that it’s no wonder I’m questioning the state of web hosting security. In the same week and still today another host with whom I do business is woefully offline — this one a shared cloud hosting platform, and while the verdict is still out on what has occurred, I have begun looking around and questioning where I might go to be safe from these unreliable hosting environments.
To be fair, I hope I can stay with these web hosting companies. I promote them in the ads on my site and I sometimes even make money when I refer new business to them. Not only that but I promote them because despite the recent difficulties I believe they are a good place to host my websites and those of the people and businesses with whom I work. I know these are difficult outside threats and perhaps malfunctioning or mismanagement of machines or procedures, and that lessons learned are valuable in building strength for better, more secure environments.
But in the middle of the day it’s often the business owner, and not the web contractor, who makes the call to make a change to another provider.