Ipower Virtual Servers Pwned
Cool security digest of what can happen when your information security is not on your priority list. The Google security blog has started a small research effort in helping identify the hosting companies who have the responsibility of keeping their servers safe, and are picking on Ipower this week.
Security Fix examined nine of IPOWER’s virtual servers. They are identified in the chart to the left by the names assigned to them by IPOWER — “CPanel1″ through “CPanel8″ and “Host16″. These servers are home to at least 8,192 active Web sites, most of which appear to belong to individuals and small businesses. According to a Security Fix analysis, more than 2,650 of those sites — or an average of 33 percent of all sites on each server — included computer code designed to silently retrieve malicious software from a variety of online locations. Source: Washington Post
Cheap hosting is just that, razor thin margins on hardware and personnel so keeping it cheap helps out a lot. The problem comes along when the basic infrastructure does not get updated with patches, and people start owning the server service. What is funny is when you get into the metrics from StopBadware.org in the system, that Ipower has the highest incidence of sites that feed malware to people via drive by downloads.
You can bet that the next targets are going to be the others on the list, but Ipower has a malware delivery system 4 times more than the other hosting providers do on the list.
When looking for hosting, this might be a list you want to consult before purchasing hosting outside the company, mostly because you do not want to find yourself associated with a poor hosting company that is serving malware. The other note on this is that most of the sites that had malware were years abandoned or not maintained by the owners.
The problem of abandoned web sites or sites with slow or no activity are something that in the electronic detritus of the internet make money for the hosting company, but really serve no other purpose. It might be time to archive off those old web sites, and shut them down rather than keep them perking along with nothing happening on them.
Things to think about as the web has its substructure of old, abandoned or disused web sites, do they really have a value?
I just want to say thank you for taking the time & effort for put this web page together! Visit my sites, please: