Web hosting servers are a target rich environment, plagued with routinely unsafe software like control panels, security software, applications installers, blog hosting platforms, and countless others. This can make life interesting, if not difficult at times, for a server administrator. Hosting accounts are frequently broken into and used to send spam, run web proxies and IRC bouncers, conduct DoS attacks, and steal credentials. The #1 reason for hacked hosting accounts is, in my experience, bad code (terrible passwords being #2).

From 2005-2009, I ran a web hosting company where I maintained 6 shared hosting servers, 10 VPS nodes with an average of about 15 guests each (some managed), 3 SMTP servers, 2 DNS servers, and a handful of managed dedicated server customers (along with handling sales, customer support, and employee training). Hosting tens of thousands of websites means exposing many millions of lines of code to the Internet and, as a result, exposing bugs. Doing my part to keep our network clean, I audited software used in our environment, wrote custom utilities to monitor for and defend against attacks, and routinely monitored abuse reports regarding our address space. Hacked accounts were inevitable. One of my top priorities was knowing when and how customers were hacked, and preventing further damage.

From 2010-2014 I wore several hats at cPanel, Inc. as a Tier III Support Analyst and Migrations Specialist, where I continued to independently find security flaws in the cPanel software (which I cannot discuss for obvious reasons). Around this time I also found vulnerabilities in OSSEC (used by Atomic Secured Linux and AlienVault OSSIM), Juniper's Network Connect VPN client, CloudLinux, and other software.

In the world of web hosting, the most successful administrators know how to be proactive and reactive. It is my hope that, from a security standpoint, there is something useful or interesting here for enthusiasts, developers, and the server administrators who fight to maintain control over their systems every day.