Public transportation allows people who can’t afford cars to get where they need to be, and it means you can sit down and read rather than having to focus on the road. In other words, it’s cheap and easy. Those are positive aspects of a vehicle that is structured to fit many people. However, that doesn’t mean it’s a wise idea to put your business website on the bus.
What’s the “bus ride” for web hosting? The similarly cheap and easy solution is shared hosting. While shared hosting is the most affordable and accessible type of hosting, it suffers in the same way a trip on public transportation can: security and speed. Let’s look at those two issues in detail.
Sharing a Ride Makes You Vulnerable
Security is kind of a boring topic to many people, so it’s critical to know why this issue generally deserves greater attention. Even back in 2013, the National Cyber Security Alliance found that:
- – 20% of small businesses get hacked or digitally assaulted every year; and
- – Of firms that do get targeted, 3 in 5 are bankrupt half a year later.
Those statistics are disturbing certainly, but how relevant are they to your situation? Some small businesses are more likely to be attacked than others. Bear this in mind, though: attackers will sometimes go after certain industries, but the key factor in why companies get hacked is not related to industry or value; rather, it’s simply the presence of vulnerability.
“Most small business owners still don’t get security, don’t think it’s an issue, and are pretty defenseless,” explained Think Security First consultant Neal O’Farrell. Owners and managers of SMBs often think that a hacker would have to select their company out of tens of millions of others, he said, “not realizing that the attacks are automated and focused on discovering vulnerabilities.”
What are the biggest security concerns related to taking the “information superhighway bus” that is shared hosting? As the numerous visitors and internal users of sites share the resources of one server, it makes sense that would be an environment in which there would be greater security risks, both from outside the server and within it. Think about it this way: the server itself is under greater threat based on the number of sites running on it.
“No matter how you try to institute security measures with a shared hosting environment,” noted Web Hosting Provider List, “the fact is that, it is plainly not possible to ensure a 100 percent airtight protection.”
The sites on a shared server are positioned on different domains and obviously have disparate login credentials, but they are using the same operating system as other users and typically even share an IP address. Sharing resources cuts the costs of these hosting plans, so they look attractive to startups, nonprofits, and others on shoestring budgets. However, the sharing of resources in this manner means a greater likelihood that your data or services will be compromised. Major security issues with shared hosting include:
- – An attacker can use reverse IP lookup to get a list of all the sites on a shared hosting server. This method is fast and simple, actually: you can find the information through free services (example tool), the Dig command on Linux (Dig –x <ip address> +short), a search engine (Search Query: ip: <IP Address>), or using a script to automate it.
- – The behavior of other users that share your IP will impact your online reputation and the continuing strength of your domain. If another site sharing the IP gets blacklisted for spam, your site will get blocked as well.
- – A hacker can enumerate the CMS installations on the shared server. This tactic is often used because CMS software like WordPress includes the name and version information in the HTML. A vulnerability scanner such as WPScan can be used to gather data on the site, including a list of its plugins, themes, TimThumbs, and usernames. “An example attack would be to bruteforce the admin account of WordPress using a list of commonly used passwords,” explained a report by c0d3inj3cT for the InfoSec Institute. If you don’t have a captcha set up on your admin login page, it could actually be compromised by WPScan using brute force.
- – Using a shared server puts you at greater risk of malware attacks. Malicious script can be uploaded to other sites, which in turn means that your site can be quickly compromised. The malware may occur because one of the other sites is vulnerable. It provides a channel through which the intruder can steal data.
- – Customers may have PHP, Perl or shell accounts that make it possible to hit the other sites on the server with a distributed denial of service (DDoS) attack.
- – Distributed denial of service (DDoS) attacks may target another site that shares your IP address. In this case, you are hit with a DDoS attack essentially as collateral damage of an effort to hit someone else.
- -DDoS malware could be loaded onto the server, which could put the hacker in control of the entire server for launching attacks.
You Can’t Step on the Gas
Taking the bus of shared hosting isn’t just a security concern. It can also significantly slow down your site and dampen the growth of your business. When other riders on the bus have needs, the driver meets them. Just consider the stop-request cord: in this manner, every rider on the bus has a democratic ability to grind it to a halt. You see the same ability of individuals to slow down the ride on shared hosting – with resources handed out “first come, first serve” to all sites, which can lead to slow loading on your site when another site peaks.
Security is an issue on shared servers because, basically, there are too many accounts without enough isolated designation of resources; and the same is true of the slow speed that can occur in these environments.
Speed is one of the primary arguments many experts mention when they advocate for VPS over shared hosting. Speed and other benefits of the virtual private server are all related in some way to the isolation and pre-allocation of resources that VPS plans allow – versus the “first come, first serve” nature of shared hosting.
On a VPS, it doesn’t matter what another customer might be doing on the server; your speed is guaranteed. If you have two CPUs dedicated for your use, then those CPUs will always be there for you to use. The allotment of RAM for which you pay within a VPS are always set aside for you, no matter what other tasks might be running on the physical hardware.
Ajeet Khurana of The Balance noted that on shared hosting plans, the performance of a website will fluctuate throughout the day based on how much activity is shared by all the businesses using it. “This never happens on VPS services,” he said. “Your resources are dedicated to your… website.”
Getting into the Fast Lane with Managed VPS
Do you want to improve the security and speed of your website without having to worry about managing the server yourself? At KnownHost, we offer ultra-high VPS performance with unparalleled support by professionals. See our fully managed VPS plans.