What is Cross-Site Contamination?
Cross-site contamination happens when a hacked site infects other sites on a shared server. Think of it as your kid in daycare catching the flu, next thing you know, everybody in the family has it as well. The same happens with websites. A site can be negatively affected by neighboring sites that are on the same server.
One of the main causes of cross-site contamination is poor isolation on the server or weak account configuration.
Analyzing a Hosting File Structure
Let’s look at a hosting file structure in a non-technical way. Some people believe that inside a host, each file has its own place, like a chest of drawers, but that is not accurate.
A hosting file structure resembles a drawer in a kitchen. Everything is thrown into it: spoons, knives, even a bottle opener. At a file-manager level, there are different types of folders, including the public_HTML folder. That’s where most of the websites are located.
You can think of a host as a house with different rooms.
Each site would be a different room in that house.
When there is malware in any of the websites, the malicious code acts like bugs. Imagine there are bugs in your kitchen and they tend to crawl throughout the entire house. They don’t just stay in the kitchen, they move from room to room.
Imagine your main business site is your bedroom. You clean it every day, so the website is up to date. There are security programs installed on this website, the plugins are well-maintained. However, you don’t pay as much attention to your basement. In this metaphor, the basement could be a website you created years ago and simply forgot about. Maybe there are other rooms in your house in which you don’t enter as often. Cleaning them might seem like a nightmare.
What happens is that old sites that you don’t even remember being on there are out of date. Hackers love the low-hanging fruit. These websites are easy targets. However, your main website is also on the same server as the old ones. Imagine what happens when an old site is infected? Right, bugs will crawl all over the place.
My Main Website is Hacked
Now, your main priority seems to be cleaning the main website and you can think about the other websites later. It might look like a good website security approach at first, but it is not. Even if malware is successfully removed from your main website, the other infected websites are still a threat.
How long do you think it takes until the bugs just crawl right back over?
Most of the time, it’s just a few minutes.
So what can you do about this?
If your website is already infected, get all of the websites cleaned up. In this case, the entire environment needs to be disinfected–not only the business site. You could delete the other sites if they are no longer important or you could move the business site onto its own server and clean just that site.
Be careful when hosting many sites on the same server. It may sound like it’s a good idea, but it is really bad for your website’s security.
You can isolate each website under its own virtual machine, or its own hosting. The only drawback is that it can become expensive.
There is actually another option…
Activate a website firewall to each website. It may be more cost-effective to have four firewalls around four different sites than to pay for four hosting accounts. If you only protect three of your websites, it can be like putting a fence around your house then digging a hole underneath. The fence would not really be protecting everything.
The concept of functional isolation that we covered today in a non-technical way is not new but can be very hard to implement. The main idea behind it is that each environment should be used for its own purpose. The rule of thumb here is that using an environment for more than one purpose is bad practice.
We have hosted a webinar on How to Prevent Cross-Site Contamination that you can watch anytime.