Wednesday, December 18, 2013

Unused or unfamiliar shared hosting capacities could present a security trap for webmasters

Here’s another word to the wise, for webmasters who may use a variety of hosting companies and arrangements. 
Some hosting companies, including shared hosting, will offer a wide variety of services, such as a large number of potential email addresses, or blogging platforms or MySQL facilities.  It’s possible that a webmaster who simply wants to self-publish won’t learn how to use these, and that they could become vulnerable to hackers, who conceivably could hijack some unused features of a domain for illegal purposes.  The webmaster will be unaware because what he or she uses still works normally. It’s possible that he finds out from the proverbial police knock on the door in the middle of the night.  In practice, self-defense might not be easy.
I see that this issue was discussed on Dec. 11 here, after a Webroot Threat Blog post.  

It’s important to pick webhosts who are proficient in the technologies offered.  For example, I’ve noticed that one host offers only “admin” as a username for a Wordpress logon, and that doesn’t sound like a good idea for security.  It’s a good idea to pay attention to using longer and more complex passwords.  Hosting companies should probably start consider offering two-step logons, even though they may not seem as attractive as do Google or Yahoo accounts.  

It's possible that Section 230 immunity might protect amateur webamsters from some downstream liability for unknown misuse of their domains by hackers.  That sounds like a good question.  When does the possibility of attracting trouble make a domain a potential "nuisance"?  I've wondered that. So far, policy has stayed away from this view, of holding people responsible for what others could be tempted to do.  But public pressure from many parents, especially, can change that. 
Blogs on shared hosts often do attract a lot of spam comments, although most of it is silly and harmless (a lot of it is in Chinese).  Always turn comment moderation on, and bulk moderate as necessary. 

No comments: