Web Hosting Providers With Security Issues
Updated: May 6, 2015
We have begun to compile a list of host that we have found to follow bad security practices or have been exploited due to those types of practices. While these practices are not guaranteed to lead to your website being hacked in the future, these are things that should not exist. While we recommend you avoid these hosts, if you considering using one of the these hosts we would at least suggest you discuss the issue(s) with them before choosing them.
For any hosting provider we would recommend asking them a series of questions to find out about their security practices. Ask them if they store user's passwords in a non-hashed format on their systems, they shouldn't. Ask them if they have access controls in place to prevent other users from accessing your websites files (no matter the files permissions), they should. Ask them if they keep the software on their servers updated, they should. Ask them what their policy is on updating outdated software.
Bluehost
April 28, 2015
Bluehost is running phpMyAdmin 3.5.8.2, which hasn't been supported for over a year.
CloudAccess.net
May 6, 2015
CloudAccess.net stores FTP/SFTP/SSH passwords in non-hashed form.
Dreamhost
Updated: April 9, 2015
Dreamhost is running MySQL 5.1.39, which is over five years out of date and contains a number of security vulnerabilities.
Dreamhost is running phpMyAdmin 3.3.10.4, which is over four years out of date and contains a number of security vulnerabilities.
Fatcow
Updated: April 27, 2015
Fatcow is running phpMyAdmin 2.8.0.1, which is over nine years out of date and contains a number of security vulnerabilities.
Go Daddy
Updated: October 30, 2013
Go Daddy's is running PHP 5.2.17, which has not been supported for over two and half years. They are also running MySQL 5.0.96, which has not been supported for over year.
HostGator
Updated: February 14, 2014
HostGator is running phpMyAdmin 3.5.5, which is over a year out of date and contains a number of security vulnerabilities.
HostGator stores user's passwords in non-hashed form.
HostMonster
Updated: April 28, 2015
HostMonster is running phpMyAdmin 3.5.8.2, which hasn't been supported for over a year.
iPower
December 18, 2013
iPower is running phpMyAdmin 2.8.0.1, which is over seven years out of date and contains a number of security vulnerabilities.
Media Temple
Updated: February 14, 2014
Media Temple is running Apache 2.2.22, which is over a year out of date and contains a number of security vulnerabilities. They are also running phpMyAdmin 3.5.2, which is over a year and half out of date and contains a number of security vulnerabilities.
Melbourne IT
March 26, 2015
Melbourne IT is running MySQL 5.1.73, which hasn't been supported since December 2013.
Netfirms
Updated: October 13, 2014
Netfirms is running PHP 5.3.13, which is over two years out of date and contains a number of security vulnerabilities. They are also running phpMyAdmin 2.8.0.1, which is over eight years out of date and contains a number of security vulnerabilities.
Nexcess
February 21, 2014
Nexcess is running phpMyAdmin 3.5.4, which is over a year out of date and contains a number of security vulnerabilities.
Rackspace
Updated: March 27, 2015
Rackspace is running phpMyAdmin 3.4.9, which is over three years out of date and contains a number of security vulnerabilities.
Web Hosting Hub
April 9, 2015
Web Hosting Hub is running phpMyAdmin 4.1.8, which is over a year out of date and contains a number of security vulnerabilities.