Wall of Shame – Hosters edition

Posted on

Finding a new hosting company for your site is challenging. I mostly use DigitalOcean, therefore I have to take care of my own security. But when third parties ask for a good hosting for their e.g. PHP/Drupal/Wordpress site, I choke. I have to compare pricing, packages, performance and when I tangled all that, I have to check if they are secure. (I don’t want their database on the street or a defaced website).

On my last hunt to find a decent hosting provider, I got fed up. There are so many providers and when checking their software, you sometimes see that their front page has outdated PHP, as in 5.3 old. EOL for 11 months. That really bothers me. How can I rely on their security when their frontpage isn’t even up-to-date.

To warn future customers, I compiled a shame list including all hosting providers having 2 or more outdated software. Outdated, in this case, means being on an unsupported branch. I didn’t count software that are on a supported branch but are not the newest release.

Edit: To clarify, when I say outdated PHP 5.3, I only mean the standalone PHP version. When an Ubuntu version was detected, it was correctly marked as maintained.

The infamy list

Name # Issues Extra information
CoolHandle 4 Outdated WordPress and PHP version. Vulnerable for Freak and Logjam attacks.
Got Web Host 3 Unsupported WordPress version, vulnerable for Logjam and Freak attacks.
Verio 3 Outdated Apache version. Vulnerable for Logjam and Freak attacks.
Webhosting Buzz 2 Outdated PHP and WordPress version.
Crucial Paradigm 2 Outdated Apache version. Vulnerable for Logjam attack.
City Network 2 Outdated Nginx version. Vulnerable for Logjam attack.
FutureQuest 2 Outdated Nginx and PHP version.
InMotion Hosting 2 Outdated PHP version and vulnerable for the Logjam attack.
Lunarpages 2 Outdated PHP version and vulnerable for the Logjam attack.
Mister 2 Outdated PHP and OpenSSH version.
UK2 2 Outdated PHP version. Vulnerable for the Logjam attack.
Vodahost 2 Outdated OpenSSH and PHP version.
A2 Hosting 1 Outdated PHP version.
AN Hosting 1 Outdated PHP version.
BlueFish Web Hosting 1 Outdated Operating system (all packages).
Eleven2 1 Outdated PHP version.
Hostgator 1 Outdated PHP version.
Midphase 1 Outdated PHP version.
Westhost 1 Outdated PHP version.

Check here for the full list of servers (~100) I scanned.

If you are one of the hosting companies above. Contact us when solved to remove you from the list..

  • Antonio

    Hi, thanks for this post. It really helps. I usually strugle when my clients come to me with their own hosters of choice (which basically means, the cheapest companies they find). How did you look for these secutity issues? What did you use to scan them?

    • matvp91

      Hey, glad you like it! We used our own scanner (http://patrolserver.com). Feel free to check it out, we are in free open beta. 😉