Cross Site Contamination

Unless something is seen to be a problem we do not focus our thinking attention upon it. As developers, we usually place many little side projects on a single VPS. Agencies place many websites on a single VPS. But one outdated website can make all your other websites vulnerable. This is the Cross Site Contamination.

To make matters worse, a reverse IP lookup will tell an attacker the exact number of websites hosted on a single server in seconds. It's time to fix it.

Security by Isolation

You can protect from Cross Site Contamination using isolation. Isolation is always a good solution in security. Split a system into smaller pieces and make sure that each piece is separated from the other ones. If it gets compromised, it cannot affect the other entities in the system.

We should isolate technologies, functionalities, stages of development and permissions.

The first thing we should avoid is mixing technologies. If you have many Ghost istances, you could place them in a single VPS. Call it the 'Ghost VPS'. Do not place PHP applications there. This will help you to keep things in order. And it's easier to maintain.

Secondly, we should not mix functionalities in a single VPS. Do not place a file server, a mail server, a web server and a streaming server in the same VPS. Again, it's easier to maintain and you are giving less attacking vectors for malicious users.

Then we should have at least two stages of the website we are working on. Development and production. Do not mix them in the same VPS.

Last but not least, we should configure a unique account for each application. We should ensure that the permissions are such that a user can’t move between users on the same account.

If you really care about one project, isolate it.


Conclusions

Whatever is being done can probably be done in a better way. This is actually the basis of the Japanese "quality circles". Small groups of workers meet from time to time to see how what they are doing can be done in a better way. That's exactly what we should do as developers every day. Little things that make things simpler and safer.

Have a great day and keep coding,
Nicola