Security Hole in Cloud Hosting Control Panels - Article: Vladimir vs Hosting Industry
-
Hi everyone, I came across this article that might be of interest.
Teaser: Vladimir vs Hosting Industry
This is what I gathered from the article, and I am no expert:
Vladimir Smitka, a security researcher/hobbyist from the Czech Republic has found that one weak or compromised site on a server can be used to control / manipulate and gain access to other sites on the same server.
That is, many run multiple wordpress sites on a single server - some of these sites are just test or hobby sites that are not secured very well.
These sites, if compromised, can be used to launch attacks on other sites on the same server even if the installations are isolated dockers.Seems like most famous web panel providers like Cloudways, RunCloud, etc have failed the test and more importantly have not taken any steps to address the issue and patch the vulnerabilities.
Providers I tested:
Serveravatar – didn’t found the way how to break site isolation (but was able to bypass some default security measures and you have to be very careful with some of the features)
Enhance.com -fixed instantly
InstaWP – fixed
Xcloud.host – fixed
GridPane – fixed most issues pretty quick
Ploi – investigating for 2 months, will be fixed soon
Cloudways – not fixed after 3 months
RunCloud – investigating few weeks, not fixed yet
FlyWP – investigating more than month, not fixed yet
Cloudpanel – will be fixed in distant future
SpinupWP – feature not a bug
Forge – don’t careConclusion: Docker doesn’t automatically guarantee security.
Should we be worried?
What measures are you currently taking to secure your WP sites.
And what are some good practices that we must adopt? -
My first reaction on reading about cloudways was to smirk at them and feel smug about my decision to abandon that sinking ship of a platform (constant upsells for almost everything), but it hit me - I mustn't be so cocky.
Let me check with our friendly community.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login