In the world of web hosting, it is important to ensure the security of our sites. One of the most important decisions we have to make is whether to opt for multi-domain hosting with shared directories or to have separate directories. In this blog, we will explore why it is insecure to have a multi-domain hosting with shared directories and the advantages of having separate directories in terms of security.
In a multi-domain hosting with shared directories, multiple domains share the same directory structure on the server. This means that all files and folders from different websites are stored in a common location. At first glance, this may seem like a convenient and economical option, but it can create serious security problems.
The main risk of shared directories is the lack of isolation between the different sites. If one of the sites is compromised or infected with malware, there is a chance that the others will be compromised as well. This means that even if we have a secure site, we could suffer the consequences of illegal practices. A good example is using the include function in PHP to include files from other directories. With this, it is possible to intentionally access variables defined in other websites hosted on the same server. This could lead to sensitive or confidential data being read from the other sites on the same path, which is a serious security vulnerability.
In addition, by having shared directories, any error or misconfiguration on one of the sites can affect all the others. This can lead to site downtime and significant data loss.
Here is a practical and not too difficult example that could get us into trouble if we have a multi-hosting where the directories are shared:
First, we will show you the layout of the web directories. As we can see, we have two separate websites, but they belong to the same root directory. We might think that this way they are safe and isolated. Big mistake, we are wrong:
info We have reproduced this simple vulnerability in: Hostinger, Raiola Networks, GoDaddy, Hostgator and cdmon.
As an example, we can see that you have the file wp-config.php, existing file in WordPress installations. In charge of storing the configuration of WordPress installed on our site.
One of the many variables defined in this file is, for example, the password:
Now let's see how we can extract sensitive and confidential information from Web 1 from a single PHP file, even though it seems to be isolated and secure. We will create a PHP file in which we will include the wp-config.php file of site 1, and we will display its credentials on the screen:
If we look, we will include the file wp-config.php and we will see the variable "DB_PASSWORD" that we will see in the previous image, and that is the one in charge of storing the access password to the database of our Wordpress.
Now we just have to load the file we just created to break into the website from our browser:
Wow, our site has been compromised!
At this point, how can we avoid these serious consequences and what alternatives do we have? Having separate directories in a hosting like the one we provide at SW Hosting gives us an extra layer of security. Each site has its own isolated space on the server, which means that any problem or attack on one site will not affect the others. This allows us to maintain the integrity and security of our own and our clients' files and data. In addition, each service will have its own isolated user, so we can allow different versions of PHP, for example, to customize our sites without affecting each other, or without having to use the same version for all of our sites.
Separate directories also give us more control over the configuration and permissions of each site. We can set stricter access rules and tailor security to the specific needs of each site. This gives us greater protection against possible attacks or attempted security breaches.
In conclusion, if we want to guarantee the security of our websites, it is advisable to choose a hosting service with separate directories instead of a multi-domain service with shared directories. Separating the directories gives us a higher level of isolation and control over the security of our sites, thus reducing all these unnecessary risks.
If you want to go further, you can also place your hosting services on our cloud servers. This is a safe bet because by having an exclusive cloud server, you are not sharing resources with other users, which reduces the risk of disruptions or security attacks. In addition, by having a dedicated IP, you do not share the IP address with other users, which improves privacy and reduces the possibility of being blocked by online services. In addition, you will have SWPanel as a management panel to make the administration of your services in the easiest and most intuitive way.
Do not compromise on the security of your website, choose the option that gives you the most peace of mind and protection.