What Can Shared Hosting and VPS Users Do About Shellshock?
If you follow tech news at all, you have by now probably heard about the “Shellshock” vulnerability affecting Bash across all Linux, BSD, and Unix variants that use the shell program. For dedicated server users, the solution is quite simple, install the latest patched version of Bash. The question that remains, however, is what, if anything hosting users who do not have their own servers can do to prevent falling prey to exploits of Shellshock?
VPS users will typically be able to update their virtual private servers just as dedicated server users would. That means, they can log into their servers via SSH, check for the vulnerability and install the patch. Shared hosting users do not have that luxury and are pretty much at the mercy of their web hosting providers.
What you can do
The first thing you need to do is check your web hosting provider’s news and social media feeds to see if they have published any information about fixing the vulnerability. If you are not familiar with your host’s server architecture, now might be a good time to find out. For all you know, they might not even use Bash at all.
If you do not find any information, it is perfectly reasonable to contact your host for clarification. They will likely provide you with a yes or no. If they are not aware of the problem, your notification should convince them to fix it.