Title :
A Comprehensive Approach to Abusing Locality in Shared Web Hosting Servers
Author :
Mirheidari, Seyed Ali ; Arshad, Sana ; Khoshkdahan, Saeidreza ; Jalili, Rasool
Author_Institution :
Comput. Eng. Dept., Sharif Univ. of Technol., Kish Island, Iran
Abstract :
With the growing of network technology along with the need of human for social interaction, using websites nowadays becomes critically important which leads in the increasing number of websites and servers. One popular solution for managing these large numbers of websites is using shared web hosting servers in order to decrease the overall cost of server maintenance. Despite affordability, this solution is insecure and risky according to high amount of reported defaces and attacks during recent years. In this paper, we introduce top ten most common attacks in shared web hosting servers which can occur because of the nature and bad configuration in these servers. Moreover, we present several simple scenarios that are capable of penetrating these kinds of servers even with the existence of several securing mechanisms. Finally, we provide a comprehensive secure configuration for confronting these attacks.
Keywords :
Internet; Web sites; security of data; Web site management; comprehensive secure configuration; network technology; securing mechanisms; server maintenance; shared Web hosting servers; social interaction; Authentication; Force; Linux; Operating systems; Process control; Servers; CSRF Token Poisoning; Convenient Phishing; Data Confidentiality Violation; Data Integrity Violation; Fast Brute Force; Intensive LFI; Log Poisoning; Log Snooping; Session Poisoning; Session Snooping; Shared Web Hosting;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on
Conference_Location :
Melbourne, VIC
DOI :
10.1109/TrustCom.2013.200
