Everyone wants a great deal. Getting as low a price as possible, within reason, is essential to power your business with a shoestring budget. It’s easy to have a feeling with a business that the cheap solution is necessarily the best – you’re treating the challenge pragmatically, with as little investment as possible. Plus, the most affordable option is often the most widely available, since everyone wants to control their costs.
When we need hosting, as with any other business service, we want to quickly get the plan without any hassle. In wanting to check “get hosting” off our list and keep moving forward, it’s easy to set aside the health of our site. It’s a similar challenge to driving along and needing a bite to eat. The highly processed choices of fast food chains are available immediately, right on the side of the road. We can get a meal quickly, and we know it won’t cost us much. However, we know the health benefits can be devastating.
Steve Woody of Online Mastery suggests that shared hosting is digital junk food for your online presence. He says he feels that many people are not being cautious when it comes to the infrastructure they use to back their sites. Understandably, people who used shared hosting for their businesses are “[t]rying to increase the bottom-line and reduce cash-flow,” he says, adding that “[i]t’s easy to play naive and deal with the consequences later.”
Here are four reasons why it’s a good idea to go another route than shared hosting:
Reason #1 – You are expendable.
Want to be treated like a king? Unfortunately, you won’t get VIP treatment as a fast food or shared hosting customer. Shared hosting companies make money off their volume of customers – so they could really care less about whether one account stays or goes.
With a shared account, “there is only so far a host will ‘bend over backwards’ for you,” explains Jonathan Bailey of Bloggingpro. “If you want a host that is willing to do more for you and work with you more, you need to consider spending more money.”
Reason #2 – The information is misleading.
Shared hosting may be sold as if it is designed for smart and healthy business growth. However, like fast food, the hosting companies that focus on shared hosting are simply trying to cut costs and sell as many of plans as they can. Does the burger you eat ever look like the one in the picture? Similarly, your shared plan might not live up to the way it’s sold. One example of unreasonable shared hosting expectations is the notion of unlimited resources, which is protected with “fair use” clauses in fine print.
Reason #3 – Performance.
A shared server cuts costs for all businesses by allowing numerous people to share the same resources. It would probably annoy you to be reliant on the same cellular data plan that is being used by all the other people on your block, but that is essentially the idea with shared hosting.
What if you suddenly need a huge amount of resources? Think about that issue of scalability. “If one website is taking up too many resources these servers have a failsafe and the website gets shut down to prevent others from being affected,” says Woody.
How is this like fast food? Well, fast food is intended, like other food, to provide you with energy. However, it may be likelier that a low-nutrition meal filled with additives will leave you with symptoms of anxiety and chronic fatigue syndrome. Don’t feed your site so many French fries and chalupas that it can’t get up off the couch.
Reason #4 – Security.
Security should really be viewed as a necessary priority in an era of increased hacking and open sourcing of DDoS botnet code. You may think you don’t need to worry about hacking until you grow more. However, it’s important to know how vulnerable a site of a small business is if it does get compromised: 3 in 5 small businesses are bankrupt six months following a hack.
A shared server does not have the kind of distinction, separation of data, that any business should really want. It’s not a particularly careful way to host sites. What if a malicious threat such as E. coli comes along and wants to enjoy your site? Don’t let your site get food poisoning from shared hosting.
Why Shared Hosting is Dangerous – Exploration of Attack Steps
My point in this article is of course not simply to draw this parallel with fast food. It’s to suggest that shared hosting is not the right choice just because it’s simple. Like the perils of eating the wrong types of food are best explained by looking at specific issues, as explored in Fast Food Nation or Super Size Me, it helps to look in a granular way at shared exploits to understand why these servers present a weak front.
The InfoSec Institute looks at the shared server from the perspective of the process through which someone might compromise a site. Here are the basic stages through which a hacker might go after your site:
Reverse IP lookup
Before a hacker actually goes after your site, they will perform what’s called reconnaissance. In this manner, you can see what domains are on the shared server.
To see all the sites that are running on your server, you can use various methods, including search engines, the Linux dig command, or a free service such as YouGetSignal.
Server CMS enumeration
The next step for an attacker is often to find sites with certain types of content management system (CMS), such as WordPress. A CMS is a standard point of entry for cybercrime.
To understand the typical path of an attack, you want a list of the sites that are using a certain CMS. You can get a list very easily – the platforms place their name and version information in the source code.
You (or a hacker) can actually just build the IP and CMS lookup into a script if you want.
Waging a CMS attack
Once you have a list of sites running a CMS, you can divide it up into ones that are running WordPress, Joomla, Drupal, etc.
You can use a vulnerability scanner to check for weakness on any CMS installation. Another place to get information is exploits that are on file at services such as Exploit Database.
The vulnerability scanner will quickly give you basic details that would be helpful in attacking the site. For instance, let’s look at the use of one for WordPress, WPScan. WPScan brings up the following information:
- Active plugins
- Active themes
- Any detected TimThumbs (a known security issue)
- List of usernames.
Note that one key way an admin panel is beaten is through brute force, leveraging the fact that many websites don’t use complex passwords. This method could use a list of the most popular passwords. You can even brute-force using WPScan if the login page doesn’t have a captcha in place.
“Based on the strength of your wordlist there is a high probability that the passwords of wordpress admin accounts will be cracked successfully,” notes the InfoSec Institute report.
The above issues with shared hosting are disconcerting – especially since it’s clear that the security protection is insufficient for businesses. Luckily a shared server is not the only option on the market.
Do you want to drive by the fast food options and get hosting that will instead improve the strength and vitality of your business? At KnownHost, our high-quality managed VPS hosting plans offer fast servers and a 99.9% uptime guarantee at great prices. Compare plans.