Monday January 14, 2019

Bugs With Big Hosting Providers Made Websites Vulnerable

Security researcher Paulos Yibelo has reportedly discovered bugs in Bluehost, Dreamhost, HostGator, OVH, and iPage that could compromise hosted websites with a single click, which allows for "account takeover when the victim clicks a link or visits a malicious website." Yibelo documented the numerous exploits on the websiteplanet.com blog, but he says he received responses from 4 of the 5 hosts claiming they they fixed the security vulnerability. TechCrunch, who spotted the blog post, received similar responses from the companies, though the company behind Bluehost, Hostgator, and iPage didn't specifically comment on the exploitation of customer accounts or data when asked. Yibelo posted several videos of the exploits, and you can watch one of the more severe ones below:

Out of the five web hosts we tested, we found that all can be easily hacked. This means that no matter which hosting service you use, you should always be sure to take additional measures to enhance your website's security.

Discussion