Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - Ask Slashdot: What to do when finding a Security Breach on Shared Hosting 1

Submitted by Anonymous Coward
An anonymous reader writes "A few months ago i stumbled across an interesting security hole with my webhost, where I was able access any file on the server, including other users. When I called the company they immediately contacted the server team and stated that they will fix the problem that day. Since all you need when calling them is your username, and I was able to list out all 500 usernames of the server, this was rather a large security breach. Which to there credit they did patch the server, not 100% of the way but close enough where moving to a new web host was moved down the 'list' a little.

Jump a head to this week, they experienced server issue, and we requested being moved to a different server. First thing I did was run my test script, and I was able to list out everyone's files again. They only applied the patch to old server. We are now moving off from this web host all together. However I do fear for the thousands of customers that have no clue about this security issue, along with about 10 mins of coding someone could search for the sql connection string and grab the username/password required to access their hosting account.

Whats the best way to handle this type of situation?"
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Ask Slashdot: What to do when finding a Security Breach on Shared Hosting

Comments Filter:

Have you ever noticed that the people who are always trying to tell you `there's a time for work and a time for play' never find the time for play?