Major security problem with shared hosting!

[JoeCooper]

I have found a major problem in the security of your servers. It is very possible for anyone to get the mysql databases of all the sites, veiw files, edit, delete ETC.

What would I get in exchange for telling you?

[Rachael]

Hello Joe,

I have checked your account details. The problem you are talking about can occur in the situations mentioned below:

• Trojan on your local PC and therefore your FTP password is stolen thereby your website can be accessed to change code or put virus
• Weak password (FTP or root)
• Weak permissions (permissions like 777)
• Using weak code in your script
• Using older version of software/application

Moreover anyone can access your account only if you have shared the password.

[CarlHawkins]

What would I get in exchange for telling you?

Hi JoeCooper.
I don’t tend to spend much time here on the forums, actually its a great place for information every now and then, i was curious to see your post though, your implying that a shared server (One that hosts many peoples websites) has a security issue and that you have found it, however your not going to tell the support team what it is unless you get something for it?

Or did i misunderstand?

Kind Regards
Carl

[JoeCooper]

I know of the problems with my account thanks . But that is not the issue.

I would like something in return for telling them. I do think its worth it.

Also this is not the only company that has these problems.

[Rachael]

Hello Joe,

We offer the best quality hosting servers comprising of the latest technology and industry leading features. The problem in security that you mentioned can only take place in the situations I have mentioned above.

[Harry]

I know of the problems with my account thanks . But that is not the issue.
I would like something in return for telling them. I do think its worth it.
Also this is not the only company that has these problems.

Hello Joe,
Thanks for your concern. Well, if it's really serious and should be handled on priority then please PM me the information you have. I'll ask our senior system admin to check about it. Don't worry, you will be rewarded if your suggestion is worthy.

[JoeCooper]

Right, i see im going to have to prove this to get your attention.

Please understand that the information I am going to share with you was found out by myself, with no intent to cause problems for anyone. I did it since we had our own problems with our website and so i wanted to see what could of been causing this problems.

Yes i know my account isnt exactly secure right now, but neither are your servers.

Before I explain, I want to know that your not going to try and get me into trouble, that my account will not be frozen or suspended. And perhaps I deserve a little something like a semi dedicated for my find . (Sorry to the guy who is actually to blame for this).

Also, If you have any London locations, im an IT professional looking for a job.

[Harry]

Hello Joe,

Thanks for your PM.
Well, If you can provide me some more detailed information about the server security breach you had experience i will forward it to our management and certainly you won't be disappointed for your innovation
I assure you that you won't be facing any trouble for helping us. Just PM me the logs and the detailed information.
You can also ping me on Skype/MSN for further discussion.

[JoeCooper]

I cannot seem to PM this, so is there an email address I send to instead? I think you would agree its best not to post it here.

[Harry]

I cannot seem to PM this, so is there an email address I send to instead? I think you would agree its best not to post it here.

Yes, i have PMed you my email address. Eagerly awaiting your response.

[JoeCooper]

Im not sure why you dont think this is a big issue.

"This isn't a vulnerability - poor configuration and setup will leave holes open / information disclosure."

[AlexP]

Hello,
This is not a big issue, We already have very good security implemented on our shared hosting servers and it won't be possible to hack it easily.

[JoeCooper]

Hello,
This is not a big issue, We already have very good security implemented on our shared hosting servers and it won't be possible to hack it easily.

Before you fixed it, it was very possible to deface every website on the server. how is not a big issue?

I already have proof that it was possible previously and others have said its poor configuration.

You guys seem to be trying to cover this up now and trying to brush it aside.

[Harry]

Joe, I had already replied your email in detalied. Please check the technical aspect which was discribed very clearly. There's nothing to hide and we always keep our customer aware of any such issue.