Web Hosting Providers With Security Issues

Updated: May 6, 2015

We have begun to compile a list of host that we have found to follow bad security practices or have been exploited due to those types of practices. While these practices are not guaranteed to lead to your website being hacked in the future, these are things that should not exist. While we recommend you avoid these hosts, if you considering using one of the these hosts we would at least suggest you discuss the issue(s) with them before choosing them.

For any hosting provider we would recommend asking them a series of questions to find out about their security practices. Ask them if they store user's passwords in a non-hashed format on their systems, they shouldn't. Ask them if they have access controls in place to prevent other users from accessing your websites files (no matter the files permissions), they should. Ask them if they keep the software on their servers updated, they should. Ask them what their policy is on updating outdated software.

Bluehost

April 28, 2015

Bluehost is running phpMyAdmin 3.5.8.2, which hasn't been supported for over a year.

CloudAccess.net

May 6, 2015

CloudAccess.net stores FTP/SFTP/SSH passwords in non-hashed form.

Dreamhost

Updated: April 9, 2015

Dreamhost is running MySQL 5.1.39, which is over five years out of date and contains a number of security vulnerabilities.

Dreamhost is running phpMyAdmin 3.3.10.4, which is over four years out of date and contains a number of security vulnerabilities.

Fatcow

Updated: April 27, 2015

Fatcow is running phpMyAdmin 2.8.0.1, which is over nine years out of date and contains a number of security vulnerabilities.

Go Daddy

Updated: October 30, 2013

Go Daddy's is running PHP 5.2.17, which has not been supported for over two and half years. They are also running MySQL 5.0.96, which has not been supported for over year.

HostGator

Updated: February 14, 2014

HostGator is running phpMyAdmin 3.5.5, which is over a year out of date and contains a number of security vulnerabilities.

HostGator stores user's passwords in non-hashed form.

HostMonster

Updated: April 28, 2015

HostMonster is running phpMyAdmin 3.5.8.2, which hasn't been supported for over a year.

iPower

December 18, 2013

iPower is running phpMyAdmin 2.8.0.1, which is over seven years out of date and contains a number of security vulnerabilities.

Media Temple

Updated: February 14, 2014

Media Temple is running Apache 2.2.22, which is over a year out of date and contains a number of security vulnerabilities. They are also running phpMyAdmin 3.5.2, which is over a year and half out of date and contains a number of security vulnerabilities.

Melbourne IT

March 26, 2015

Melbourne IT is running MySQL 5.1.73, which hasn't been supported since December 2013.

Netfirms

Updated: October 13, 2014

Netfirms is running PHP 5.3.13, which is over two years out of date and contains a number of security vulnerabilities. They are also running phpMyAdmin 2.8.0.1, which is over eight years out of date and contains a number of security vulnerabilities.

Nexcess

February 21, 2014

Nexcess is running phpMyAdmin 3.5.4, which is over a year out of date and contains a number of security vulnerabilities.

Rackspace

Updated: March 27, 2015

Rackspace is running phpMyAdmin 3.4.9, which is over three years out of date and contains a number of security vulnerabilities.

Web Hosting Hub

April 9, 2015

Web Hosting Hub is running phpMyAdmin 4.1.8, which is over a year out of date and contains a number of security vulnerabilities.

Related:

Service

Resource