DirectAdmin domains isolation on shared hosting. Tell me please more info about your security if one website will be hacked

D

dester

New member
Joined
Jul 8, 2021
Messages
3
Hi. I would know some information about DirectAdmin structure and receive several answers to my questions below.

Let's imagine some popular cases:
1. Web hoster with DirectAdmin and shared hosting
2. A DirectAdmin user with many websites (for example WordPress)
3. These many domains and websites are hosted under 1 shared hosting but in different directories.
4. One of the websites got hacked, and infected by a hacker, or got a targeted attack against some website.


Questions:
1. Will a hacker get access to ALL domains files on the shared hosting if he will hack only one shared hosting website (for example WordPress).
2. Are there any restrictions/isolation PER domain/website public_html folder in DirectAdmin?
3. I would know almost everything about how to secure multiple websites hosted on the same shared hosting under the same user.
4. How about chroots per domain on shared hosting?
5. How to host many websites on the same shared hosting secure (please don't tell about website management and preventing infection, I just want to know how far a hacker can go with DirectAdmin account (shared hosting)).
6. How about open_basedir var per domain? Is it enabled by default? Can a user set this option per domain?

Simple questions, very common, but I hope I will get decent answers because this is very important to me.
Thank you for your time.
 
Last edited:
1. Will a hacker get access to ALL domains files on the shared hosting if he will hack only one shared hosting website (for example WordPress).

The permissions are based on the system user owner of the account, so is all the site are part of the same sharedhosting account, the attacker will have access to the file of all domains under de account.

2. Are there any restrictions/isolation PER domain/website public_html folder in DirectAdmin?

Same answer, the permissions are based on the system user owner of the account and not per domain.

3. I would know almost everything about how to secure multiple websites hosted on the same shared hosting under the same user.

I think the best way to isolate multiples websites is use multiples hosting accounts.

4. How about chroots per domain on shared hosting?

Same answer of 1 and 2, the permissions are based on the system user owner of the account, so if you enable chroot jail, will be for the hosting user and all the resources(domains) part of the account, and not per domain in the same account.

5. How to host many websites on the same shared hosting secure (please don't tell about website management and preventing infection, I just want to know how far a hacker can go with DirectAdmin account (shared hosting)).

If the account is jailed, the attack will be limited to that account not the entire system.

6. How about open_basedir var per domain? Is it enabled by default? Can a user set this option per domain?

The php config is user based not domain based, so, the open_basedir directive grant access to the entire home folder.
 
dester said:
6. How about open_basedir var per domain? Is it enabled by default? Can a user set this option per domain?
Click to expand...
As far as I know, open basedir is enabled by default, admin can set this on/off for everybody or can disable or enable it per domain.
Well.... in fact it's per account, but in the php configuration (admin panel) domain names are shown.
 
You must log in or register to reply here.
Back
Top