If you follow tech news at all, you have by now probably heard about the “Shellshock” vulnerability affecting Bash across all Linux, BSD, and Unix variants that use the shell program. For dedicated server users, the solution is quite simple, install the latest patched version of Bash. The question that remains, however, is what, if anything hosting users who do not have their own servers can do to prevent falling prey to exploits of Shellshock?
VPS users will typically be able to update their virtual private servers just as dedicated server users would. That means, they can log into their servers via SSH, check for the vulnerability and install the patch. Shared hosting users do not have that luxury and are pretty much at the mercy of their web hosting providers.
What you can do
The first thing you need to do is check your web hosting provider’s news and social media feeds to see if they have published any information about fixing the vulnerability. If you are not familiar with your host’s server architecture, now might be a good time to find out. For all you know, they might not even use Bash at all.
If you do not find any information, it is perfectly reasonable to contact your host for clarification. They will likely provide you with a yes or no. If they are not aware of the problem, your notification should convince them to fix it.
Finally, it will not serve you well to become too obsessed with something that is ultimately out of your hands, but as a customer, it should definitely serve as a test of your provider’s level of communication with users and concern about security. If they are quick to fix it and notify users, you probably have a very good host.