Home » Hosting Industry » What does Cross-Site Contamination mean and How to Prevent it?

What does Cross-Site Contamination mean and How to Prevent it?

If you experience multiple reinfections and your website is one among several in an account, there is a strong possibility that you are facing cross-site contamination.

Cross-Site Contamination

Cross-site contamination refers to the negative impact on a website caused by neighboring sites on the same server due to inadequate isolation or configuration of the server or account. This issue plays a significant role in the ongoing debate about the security of VPS, Dedicated, or Shared hosting.

Cross-site contamination is primarily caused by what I refer to as soup-kitchen servers. These servers are filled with multiple installations and configurations, ranging from various platforms like Drupal, Joomla, WordPress, and more. It doesn’t matter how many there are. Additionally, they may host sites in different phases, such as development, staging, and production.

The main culprits behind these configurations are agencies, freelance developers, and aspiring hosts, who contribute the most to cross-site contamination.

An Introduction to Functional Isolation

The idea of functional isolation is not new but can be difficult to implement. It suggests that each environment should serve only one specific purpose. For example, it is not advisable to use a web server for handling emails or vice versa. The general practice is to have separate environments for different purposes. However, the theory and practical application can have their differences.

Most organizations or individuals find it impractical to have a dedicated server for each site. Therefore, I recommend approaching this by considering three factors: technology, function, and stage.

It’s important to understand the concept of cross-site contamination, which can occur if different functions or stages are mixed within the same environment. This can lead to various issues and complications. By breaking down the environment based on technology, function, and stage, we can minimize the risk of cross-site contamination and improve the overall efficiency and effectiveness of our systems.

  • Technology: It is advisable to avoid mixing different technologies whenever possible. For example, it is not recommended to deploy Drupal sites alongside WordPress sites or any other combination. Each platform has its own unique characteristics, and it is much easier to secure an environment that is consistent rather than trying to remember the intricacies of a mixed environment.
  • Function: It is important to strictly adhere to server functions. If a server is designated for email purposes, it should not be used as a file server or web server, and so on. It is best to utilize each environment for its intended purpose, ensuring optimal performance and efficiency.
  • Stage: It is crucial to maintain separation between different stages of a website’s life cycle. This refers to whether a site is in the development, testing, or production stage. Ideally, there should be at least two environments – one for development and one for production. While it is highly beneficial to also have a separate testing environment, it may not always be practical or feasible for everyone due to cost constraints.

By following these guidelines and avoiding cross-site contamination, you can create a more secure and efficient environment for your technological endeavors.

Next, let’s discuss another important aspect – accounts.

Shared hosting providers have often been criticized for their weak security, but this reputation is not entirely fair. While there were indeed security challenges in the past, specifically around 2010/2011, the current issues with shared hosting are not caused by the hosting itself. Instead, they arise from the one-to-many relationship that website owners have with their accounts and sites.

For instance, imagine one account managing 100 different websites.

In such cases, the attacks we observe are not typically those that spread between accounts on the shared host. Instead, they occur within the same account, moving laterally within it.

It is crucial to configure your account properly by assigning unique users to each site and ensuring that the permissions are set up in such a way that a user cannot move between different users within the same account.

The focus here is on preventing cross-site contamination within a shared hosting environment.

Website Firewalls and Cross-Site Contamination

As a website owner, it can be incredibly frustrating when you’ve implemented all the necessary security measures and your site continues to get infected. This is a common issue that we often come across, even with customers who have deployed our Firewall and other security controls.

In most cases, reinfections occur due to internal attacks rather than external ones. This means that the attackers are exploiting vulnerabilities within the website’s own environment to carry out malicious activities, such as cross-site contamination. It’s a challenge to deal with these internal attacks because they require investigation and education.

Internal attacks involve bad actors exploiting weaknesses within the website’s environment, allowing them to move laterally throughout the system and cause harm. On the other hand, external attacks occur when attackers exploit vulnerabilities remotely to gain access to the site and carry out malicious acts, like exploiting software vulnerabilities through SQLi.

It’s important to note that just because you see an infection on your site, it doesn’t necessarily mean that your site itself is being exploited. If you continue to experience multiple reinfections, it’s advisable to assess your entire environment and check if any of the aforementioned conditions are contributing to the problem.

Based on our reinfection investigations, we have found that the biggest contributing factors are forgotten or misconfigured websites on the same account and websites that haven’t been properly secured. If you’re a website owner concerned about this issue, it’s best to have a conversation with your developer or host. Ask them about their approach to managing multiple websites on the same server and account, and seek assurances that your site is adequately isolated from other neighboring sites. If you’re still facing issues, there may be a misconfiguration that needs to be addressed.

How to Prevent Cross-Site Contamination

The approach I am suggesting here is simple, cost-effective, and it is the first step towards improving your overall security. By implementing this approach, you will be able to reduce the risks associated with cross-site contamination while also streamlining your maintenance tasks.

Functional isolation is a well-known concept in the security field, just like Least Privileged or Defense in Depth. However, it is often overlooked and less talked about. I would like to emphasize the importance of not only implementing Functional Isolation but also considering Account Isolation. By combining these two practices, you can significantly minimize the threat of cross-site contamination.

Here are a few additional thoughts to keep in mind:

– If you choose to use a firewall solution like Sucuri Firewall, ensure that it is installed on all sites within the same account, and follow the necessary steps to restrict direct server access.
– If you only prioritize the security of one particular site and neglect the other 99, it is advisable to move that specific site to its own separate environment.
– If you currently rely on a single server to handle all tasks, it is recommended to rethink your approach. Instead, leverage multiple servers and separate accounts based on the recommendations I have provided.
– If you are a website owner, take an active role in the security process by asking questions and becoming involved. Remember, security is not only the responsibility of your designers or hosts but also yours.

Leave a Reply

Your email address will not be published. Required fields are marked *