| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by currysausage 3810 days ago
	At least a few years ago, shared hosting with Hetzner used to be a complete security mess. By default, every user could access many other users' www directories via SFTP, including loads of PHP config files with MySQL access data inside. No SFTP jails in place, no automated process to prevent 775 (or 777!) permissions. (Yes, you could delete other users' whole www directories.) Real names of all users on the same server world-readable in /etc/passwd. Didn't exactly increase my trust in their products.