Hackers targeting shared web hosting services

Tuesday 7 May 2013


A new report by the Anti-Phishing Work Group (APWG) suggests that nearly half of all the phishing attacks in 2012 involved shared web hosting services.

The most common form of attack sees hackers break into a shared hosting server and reconfigure the programming so they display pages from a subdirectory of all the websites that are hosted on the server.  With each shared server being potentially capable of hosting thousands of websites, it is a rich source of traffic for the phishing sites.

The technique is not a new one, but it has been on the rise in recent years and APWG reported that 14,000 phishing attacks were detected sitting on 61 different servers during August alone.

In total they detected at least 123,486 unique phishing attacks during the second half of 2012 from 83,913 different domain names.  Almost all of these attacks resulted from compromised web hosting services.

APWG said: “Of the 89,748 phishing domains, we identified 5,835 domain names that we believe were registered maliciously, by phishers.  The other 83,913 domains were almost all hacked or compromised on vulnerable Web hosting.  These attacks highlight the vulnerability of hosting providers and software, exploit weak password management, and provide plenty of reason to worry.”

Phishing is not the only kind of security threat to a web hosting service.  One example of other threats is Distributed Denial of Service Attacks.  During the later part of 2012 a group emerged that has been specifically compromising websites purely to launch DDoS attacks that specifically target United States financial institutions.

Another mass attack, called Darkleech, allowed attackers to gain access to thousands of Apache Web Servers.  They then installed backdoors in them through the SSH systems.  Experts still don’t know how the hackers managed to obtain the initial access to the servers.  It has been suggested that a weakness in a major service provider such as WordPress, Plesk, cpanel or webmin may be at fault for providing possible entry points.

Whatever the access point in the Darkleech attack, it is clear that businesses should be looking to ensure they have secure web hosting services.

If you are in any doubts about your web hosting, you are looking at getting a dedicated server or you are considering cloud hosting for your business, then you should contact CWCS, who have been at the leading edge of hosting services for over 15 years.

Return to blog page

Put Your Servers In Safe Hands With Our Supreme Cloud Hosting

View our services to see which of our hosting options best suits your needs.

ISO 27001 Certified

Compliant to ISO 9001:2015 & ISO 27001:2013, CWCS is independently audited for your assurance that you will receive the highest level of quality, and will ensure your information secure, intact, and only available to those authorised to access it.

G-Cloud Supplier

The UK Government G-Cloud is an initiative targeted at easing procurement by public-sector bodies in departments of the UK Government of commodity information technology services using cloud computing.

Cyber Essentials

Cyber Essentials certifiication demonstrates our commitment to cyber security. Government and industry have worked together to produce a set of standards which helps organisations safeguard against the most common cyber threats.

Call us on 0800 1 777 000 or email us at sales@cwcs.co.uk