SFTP

SFTP (Secure File Transfer Protocol) is an updated secure variation of FTP(File Transfer Protocol). Basic FTP is not fully secure, in that the files being transferred could possibly be intercepted by an outsider. In fact, the perpetrator can even change the data within the files, and view the files discreetly without disrupting their path. With SFTP you’ll have an extra layer of security since the files will be encrypted using government standard 128-bit encryption.

SSL

SSL (Secure Sockets Layer) is extremely crucial for any ecommerce site. With SSL all private information such as credit card/bank account information, phone numbers, addresses, and email addresses are kept private. Without this kind of security measure in place, you and you’re customers are being left susceptible to credit card fraud and identity theft. In many cases the credit card information can be stolen instantly, and online purchases can be made before the cardholder even knows what hit them. Aside from the lack of security that is associated with not having SSL enabled on your server, you’re also going to lose business. Every site with SSL enabled receives an SSL certificate which is then placed on the checkout page. Many customers look for this when shopping online, and will refuse to shop with you if you do not have this certificate.

Data Backups

Many people realize the importance of backing up their personal computer, however the importance of backing up your websites files is often overlooked. A lot of work is put into building a website, as I am sure you are probably aware of, and you may find it shocking to learn that all of this information can be wiped out and lost forever in just one hour. If you do not backup your data, this data loss would be permanent, and you would literally have to start back at square one! If you want to keep this from happening then you will need to make sure you choose a web hosting plan that automatically conducts routine server backups.

Overall Network Security

When choosing a web hosting plan, the above factors are definitely of great importance. However, there are many more important aspects to consider in regards to overall server and network security. To ensure the safety of your website and your online business, you’ll need to choose a web hosting solution that is reputable and known for having top notch security.

Protect Your Website to Protect your Business

With all of the work that goes into building a comprehensive website over time, it may actually be more devastating to lose a website than to lose a PC or even an operating system. When a website is brought down by a virus, it cannot be quickly replaced like an operating system or  PC. In fact, the damage that is done can take months to repair, especially when you consider how many negative events can transpire as the result of a worm attack. The most obvious effect will be the loss of traffic that will be seen soon after the worm has infected your website.

Losing Traffic Due to Site Viruses

Website viruses are different than operating system viruses, as they are actually responsible for many of the local infections that end users experience. In other words, if you have a virus on your computer, it was most likely downloaded from a website that was carrying the virus. Most people don’t realize that many of these websites are not intending to give their visitors a virus, as they are a victim of the virus themselves. The virus attaches itself to the sites server and then uploads itself to all of the visitors’ computers. When this happens the visitors are quick to assume the site is unsafe, and thus will hesitate to return to the website. This can result in the loss of visitors in therefore business for a website owner.

Protecting Your Site From Viruses

To prevent the aforementioned issues, you should take the proper precautions to ensure the full safety of their website. One way you can do this is to use only secure web applications. Web applications often contain loopholes that lets hackers infiltrate the websites administrative interface and plant a virus. Another way to protect your site is to password protect all of your pages. You can do this in your hosting control panel. If you are having trouble with ensuring the safety of your website, it may be wise to consult with your web hosting provider for more info. Simply give them a call and ask them what kind of measures are in place to protect your website form worms, and ask thenm what you can do on your end to ensure maximum protection.

PHP

One particular programming language that is becoming increasingly popular amongst newer developers is PHP. PHP is perhaps the easiest programming language to use, and therefore often the most erroneously misused by inexperienced web programmers. PHP’s ease of use and minimal learning curve make it an optimal opportunity for any novice web developer to create software that is potentially insecure.

Insecure Web Applications

In the past hackers would infiltrate a network using any means possible, including using phishing techniques, identity theft, and any other method to compromise the security of a server or operating system. Now, the main focus has shifted to infiltrating the administrative interface of a website to gain access to online databases and server files.

The easiest way for most hackers to do this is to find a way in through one of many loopholes that exists in the site’s web applications. Web applications make the webmasters job easier and more convenient, however like many other tools that increase convenience, web applications come at a price.

Hiring Your Own Programmers

Since web applications have direct access to your site’s administrative functions, these web applications can be taken advantage of for nefarious purposes, and used to access your website’s control panel. This could prove to be disastrous, especially if you run an online business. For this reason it is best to avoid any new web applications that are built by unreliable sources. If you are planning on using a web application with a busy business website, you may want to hire a personal qualified developer to assist you in creating some custom web applications.

Email Privacy

Perhaps the most common form of spam is email spam, which reduces your productivity by populating your inbox with unwanted spam posts. To avoid the aggravation associated with email spam, you should consider keeping your email private at any expense. That means you should not post your email address on forums, chat rooms, blogs, websites, or any other venues that can be publicly viewed by spammers. If you absolutely must to display your email address publicly online, then consider writing it without the @ symbol. For example – nospamexampleemailaddress at exampleemail dot com. The reasoning behind this is actually quite simple; spammers usually use programs that automatically search the web and scrape lists of email addresses by searching for @ symbols. Writing your email address in the above format is a great way to prevent spammers form finding your email address automatically.

Preventing Contact Form Attacks

Another way spammers can access your business email is through the “Contact Us” form on your website. If you have a contact form enabled on your website, you’ll need to make sure you have security measures in place to prevent spammers from using bots to repeatedly send emails through your contact form. Spammers love using this method to exploit business inboxes, because most contact forms only require a few simple fields to be filled out, such as name, email address, and subject. To prevent spam attacks from automated bots through your contact form, you’ll need to require the use of a Captcha form, which only a valid human could fill out.

Captcha

The Captcha test is is an entry field that is used to prevent hackers from exploiting sites with automated programs. If you have ever created an email account, then you have probably seen a Captcha form before. Captcha basically generates an image complete with a variety of letters and characters, and then requires the user to input the information on the screen. In the early days o Captcha, the images generated were simple, and as hackers adjusted to these Captcha images, the developers had to increase the difficulty of these images. The modern versions of the Captcha system consist of two to three words and are very difficult to circumvent.

Conclusion

Although spam is a common problem and is not going to disappear any time soon, there are measures that can be taken to keep spammers from targeting your email. The first step in preventing spam would be following the recommendations above and using common sense when it comes to distributing your business email address. If you’re still having trouble with spam attacks from more determined individuals like your competitors, then you may want to employ the services of a spam blocking program.

Strong Administrative Passwords

Protecting your website means protecting the administrative interface. Once a hacker gains access to your site’s administrative interface, they can gain control of your entire online business in a few short steps. Once they’ve access the administrative control panel, hackers can do anything from defacing your website, to committing identity theft or fraud in the name of your business. To prevent hackers from easily gaining access to your website, you’ll want to use strong passwords that are mix of letters and numbers. These alphanumeric password should be at least 10 characters in length. Try to avoid using any commonly used words or names. Also try not to use dates that are significant in your life, as a hacker may be able to access this information.

Firewalls

Firewalls filter information that is transferred to and from your website. By configuring a secure firewall, you’ll be preventing all unauthorized access to your website. Setting an industry standard firewall at the highest possible security preference is one of the best ways you can deter hackers with ease. Remember that simply having a firewall is not enough to keep you site safe. The firewall must be configured properly.

Antivirus

Make sure you use only the best antivirus programs. If your computer contracts a virus, the hacker that distributed this virus could gain access to sensitive information on your computer. Some viruses will install hacking utilities known as KeyLoggers, which record the data inputted from your computer’s keyboard. This means that everything you type is recorded and then sent to the hacker, including your system and website passwords.   It is imperative that you ensure that your antivirus program is regularly updated to the latest definitions. This will help you to protect your computer from hackers who attack your system in efforts of gaining control or information. Simply having an antivirus program installed is not enough. New viruses are created everyday, so it is important to keep your Antivirus program updated regularly.

Security Testing

Once you have all of the above security measures in place, you’ll want to test the security of your website routinely. Try to use a security analyzing tool regularly. These tools will usually find any existing security lapses and assist you in correcting them. Remember that in order to have good website security, these security measures must be practiced regularly.

What Can Happen

A hacker can use the authentication process to invade a member area by falsely convincing the authentication application that they are indeed a valid user. If the hacker only has the ability to  access  your website as a standard user, then the damage they can inflict will be minimal.  However, if the hacker can gain administrative access to your website, they can take complete control of the website and all of it’s stored data in a very short period of time, usually within an hour or two. Of course this could be a potentially fatal situation to your online business, especially if they gain access to critical financial information.

The Process of False User Authentication

Usually the process begins with the hacker finding the login screen where they can enter the necessary  information to complete authentication. Once they’ve found the location of the authentication login page, they can then enter the URL of the login page into a hacking software that will repeatedly enter random information into both fields until a working combination is found. Many times the hacker will simply try this process manually before resorting to using the automated software. For this reason it is important that you do not use a simple or default administrator username and password such as “admin” or “1234.”  When the hacker uses an automated program to bypass user authentication, it is known as a “brute force attack.”

Preventing and Combating False User Authentication

Hackers use tools that return error codes and other information from the web server to find out when their attacks are working, essentially repeating the process in a trial and error fashion until no error message is returned. One way to keep hackers from accomplishing this is to adjust the server configuration to generate an “HTTP 200 OK” response whenever an unexpected request is ordered. Effectively this will make it very hard for the hacker to understand which attempts work and which attempts were denied. Another effective way to prevent brute force attacks is to place random phrases that must be re-entered by the user requesting access. This is called a “De-captcha” and it can be downloaded as an application and used in conjunction with your control panel. De-captcha tools make the process of false user authentication very difficult to bypass for most hackers.

Code Exploits

Sometimes hackers can use certain lines of code to request and retrieve information from your website. For example, the “allow_url_fopen” option allows users to  request file functions such as “file_get_contents()”, which would in turn allow a perpetrator to retrieve sensitive data from your website via a remote FTP connection.  If you PHP is configured with default settings, then this this function is still enabled, and you will need to manually disable it to keep hackers from executing code exploits on your website. Disabling this function will not take away from the functionality of your website at all, as it is not commonly used. If you do need to use it personally in the future, you can simply enable it as you see fit.

Risky Functions

Just as in the above situation, every risky PHP function should be disabled to prevent a similar scenario. There are three functions in particular that pose especially dangerous threats, and those are the “EVAL” “shell_ exec” and the “passthru” functions.  Disabling these functions is simple, and can be done by making slight adjustments to the “disable_functions” values in the “php.ini” file. Disabling the EVAL function is actually vital, because it allows a user to request remote control of PHP coding on your website. If this is used in conjunction with another exploit, it can mean serious problems for you and your website. Before you disable these functions, it is a good idea to make sure they are not needed for any particular applications or plugins you are using on your website.

Unsafe Application Coding

The  flexibility of PHP is what usually makes it easy for a hacker to breach the security of a website or server. The problem is that the security gaps are most likely not your fault, but rather they lie within the content management system you are using. Many of the applications that people use to make their website management easier, also make it easier for hackers to infiltrate their administrative interface.    This is why it is important to make sure you are using only the most secure plugins and applications to manage your website. In all actuality, it is better to have less functionality than to have a severe security breach on your website. Try to keep the amount of plugins you use to a minimum, and make sure the plugins you use have very secure coding.

Responsible Programmers

Being a programmer is not a simple task, and there are many things to consider when creating an application.  The problem is, there is so much to know, and not every programmer is up to the task of making sure their applications are fool-proof. In fact most of them only want to make an application that will have enhanced functionality and will be popular in the e-community. However, if you are truly serious about maintaining the security of your website then you will use applications that are developed by responsible programmers. This is the primary reason why corporations hire their own private programmers.

How do Hacker’s Deface Websites?

Hackers employ a number of tools and methods to gain control of a website’s content. In most instances they will gain access to the server via a security lapse in the operating system, unsafe web site applications, or another flaw in the server’s security. If the hacker cannot access the server through a basic loophole, they may execute browser based attacks with remote code. Regardless of how the hacker gains access to your site, you should be prepared and secured against such an attack.

Preventing Defacement With Website Security

To prevent defacement, you will need to make sure your data is secured on both your server and your computer.  Website security should be a top priority any time you are looking for a web hosting provider. Make sure you ask about protection against website defacement when you are inquiring with the companies customer service rep. If you host a private server then you will want to make sure the server is in a safe place. Co-location hosting is an option for people who are looking or top-notch security without having their own warehouse or storage facility.

Preventing Defacement with Server Security

Having your server stored in a secure place will keep your hardware secure, but it will not fully secure the data stored on the hardware. In fact, most hackers don’t even consider stealing your hardware, they would rather access it remotely through a security lapse in an application stored on the server.  Keeping your operating system updated with the latest patches will make the hacker’s job much more difficult.  It is also a good idea to keep your web applications and any other software associated with your server updated and secure. Even after you have acquired all of the updates needed, it is still necessary to encrypt any data stored on, or sent through the server.

Preventing Defacement with Secure Applications

Quite often, hackers gain access to the server through a web application with weak security. In fact, most web applications have faults that can be easily exploited. For this reason you should only use web applications that you know are secure. If you have the resources, you may want to have your web applications designed by a personal team of developers who are aware of your security needs. If you cannot have this done then it is prudent to minimally research the possible security flaws that exist within the applications you are currently using.

Serious Firewalls

Even though most web hosting providers employ firewalls by default, a lot of these firewalls are not properly configured and the restrictions can easily be circumvented by a knowledgeable hacker. If you want to ensure the security of your website(s), then you should inquire about he strength of the firewalls and it is important to have the capability to adjust firewalls to your specifications. If your web hosting company does not allow you to make changes to your site’s firewall, then you need to consider another service.

A good example of the need for firewall administration abilities, would be when a hacker is sending malicious traffic to your site form a certain IP. In this instance, it would be crucial to block this IP, and as a domain owner with a hosting account, you should have the right to do so.  The safest web hosting services offer IDS (Intrusion Detection Systems). Any breaches to your firewall can cause downtime and loss of business, therefore it is crucial to have the serious firewalls protecting your website a all times.

Protection from Distributed Denial of Service Attacks (DDoS)

Although a DDoS attack is a very basic and commonly used attack, it is also extremely difficult to prevent and treat. This simple yet effective attack can cause downtime in many websites by affecting the server functionality. This means that even users who are unrelated to the attack will suffer.  Therefore it is important to inquire about an Anti-DDoS feature before purchasing a web hosting plan.

Proper Data Encryption

If you plan on selling your services or products online, then data encryption is essential. All web hosting plans should include SSL encryption. SSL encryption will transform sensitive date from plain text into special code that make interception by a hacker very difficult. While most web hosting companies offer this feature by difficult. You may want find one that will give you the option to purchase a private certificate for added security benefits.

A Little Common Sense Goes a Long

While many security software solutions exist, some of the best ways to defend yourself can be summed up to applying common sense.  Here are five simple tips to help keep your website safe and secure:

1.) Smart E-commerce – If you plan to sale goods or services through a shopping cart, make sure that the software used is properly figured and secured.  If you do not possess this knowledge, bring someone on board who does.

2.) Password Protection – Use secure passwords for all of your website applications that require a login.  This goes for everything from your control panel to CMS software.  A good rule of thumb is to use a combination of numbers, letters and symbols, in addition to never using something that others can associate with you for a password.

3.) Monitor Your Server Logs – By checking your server logs on a regular basis, you may be able to identify strange or unusual activity.  Because knowing what to look for can be difficult, many software solutions exist that will do the job for you.  These programs analyze your log files and automatically send alerts if strange behavior is detected.

4.) Update Your Web Applications - An outdated web application is one of the most vulnerable points of a website.  Hackers are constantly working on new ways to compromise security so if your applications are not up to date, you could be exploited.  Also keep in mind that most updates consist of critical upgrades that address known security issues.

5.) Backup Your Website – Because no website is ever 100% secure, it would be wise to frequently backup your site and all the files its contains.  Don’t overlook this.  Not only do hackers target websites, but entire web servers.  If the server your site resides on is compromised, you could possibly lose everything you worked so hard to build.  Regular backups give you the assurance that your website data can be restored should a disaster occur.  Be sure to keep a copy of your backup in a location other than your hard drive just in case ill fate happens to strike your computer.