Today my jaw dropped when I saw an article on Computerworld come across the wires that detailed how a UK based budget hosting company had been hacked and that 100,000 sites on the affected server were deleted. Of course being nice and cheap meant that there were no backups and the owners of these sites have been left high and dry.
There are many providers out there who use the hosting provider of the supermarket's "stack 'em high and sell 'em cheap", and given the large numbers of subscribers this is an effective strategy. One can only hope that of these 100,000 sites that they are the throw-away who-cares type of websites and not of any criticality. I do wonder how many are powered with their OSCommerce's and Magento's as either through ignorance or desire everything is done on the cheap with not a thought of consequences.
Software is not infallible and the more people who are allowed access to a machine the higher the chance that a flaw can be found and exploited. Security patches have to be applied, firewalls maintained correctly and most importantly backups should be performed at least once a day. The sad thing is that hosting plans from reputable hosting companies that have such features cost only maybe $10 - $20 a month more. In my opinion this is a small price to pay for a company website or online store who doesn't want to go through the pain and agony that these 100,000 site owners will be going through right now.
To add insult to injury it appears that the hosting company had their database of credit card details on the same server too. So these site owners will need to check and cancel their cards as they have probably been sold off to criminals who like to buy things with other people's money!
In the current economy the temptation is to cut costs without necessary regard to the consequences. I'm sure these 100,000 site owners would have chosen differently if they knew what was to befall them.
If you are concerned about your site security and related aspects give me a call and we can discuss. We have helped many clients protect themselves and their web investments, both infrastructurally and programatically; i.e. how well can the hardward and firewall defences protect your site, as well as any coding of the website itself and whether this can be tightened up.
June 10th, 2008