Seized Servers

On the seized servers was the DigitalOne homepage, popular real estate blog Cubed and restaurant blog Eater in addition to many other smaller sites. These were all affected by the outage and are currently inaccessible. Another popular bookmarking site, Pinboard, was also affected but managed to transfer several pages to the backup sever and is still available.

Statement from Pinboard

Pinboard released a status update stating that their web hosting provider was raided by the FBI who seized several racks and other equipment. The company was unsure as to whether their server was confiscated or whether the equipment had just gone down. Pinboard further noted that they were running on a backup server with limited capabilities but all bookmarks remained in tact.

FBI’s Contact with DigitalOne

A representative from DigitalOne noted too many online sources that the FBI was interested in perusing the files of one specific client. DigitalOne is not happy that the bureau seized the servers of many clients. Instead they should have pinpointed the specific client and confiscated that server.

The CEO of DigitalOne provided the FBI with all necessary details as to how to find servers in their data center linked to the specific IP address they were tracking. Unfortunately, the agents also confiscated many other unrelated pieces of equipment. The identity of the actual DigitalOne target has not yet been released to the media.

Response from DigitalOne Representatives

DigitalOne believes the FBI’s work was extremely unprofessional and has resulted in the company being unable to restart many of their own servers hence the reason their website is down and the customer support is unavailable. Apparently the bureau was hot on the trail of LulzSec, an international hacking group that was said to be hosted by DigitalOne. Shortly after the equipment was seized, one man was taken into custody in Essex, United Kingdom.

LulzSec Information

Emerging in early May 2011, the group instituted a rampage of network intrusions and DDoS attacks on corporate and governmental targets such as the CIA and Serious Organized Crime Agency. The Twitter account, LulzSec, noted that the arrested party was only mildly associated with the group, at best.

Related posts:

• April 4, 2011 – WordPress Recovering from DDoS Attack
• June 28, 2010 – Shared Hosting and Site Downtime
• June 16, 2010 – Protecting Your Site from DDoS Attacks
• June 2, 2010 – How to Protect an Apache Web Server from DDoS
• January 15, 2010 – Website Security: Avoiding Downtime That Results in Loss of Profit
• December 15, 2009 – The Top 3 Web Hosting Security Issues
• January 23, 2009 – The Dangers of Insecure Web Applications
• December 30, 2008 – The Benefits of VPS Hosting

The Largest DDoS in Company History

Another web hosting source, TechCrunch, released further information stating that WordPress founder Matt Mullenweg claimed this DDoS attack was by far the largest he had seen. He believes this strike was politically motivated against one or many of the non-English speaking blogs. However, there is no evidence to the reason. This assault was so large; it affected all three of the company’s data centers in Dallas, San Antonio and Chicago.

The Size was Incredible

According to Sara Rosso, a representative for WordPress, the company is being targeted by large-scaled DDoS attacks affecting the connectivity to many blogs and websites. The sheer size of the harassment was multiple Gigabytes per second and tens of millions of packets per second. This is definitely in the record books of being one of the largest DDoS attacks ever on a content management system.

Quick Turnaround Time

According to Lloyd Budd, the WordPress.com VIP hosting services lead, Rosso released this statement to the public at 3:30 PM on Thursday with the site being 100 percent functional with no connectivity issues by 7:30 PM the same day. That is an extremely quick turnaround following such a major assault.

VIP Sites to have Priority

The upstream service providers have been working on preventing these types of attacks in the future. The company also announced they will be giving their VIP sites priority following the recovery from an attack such as this.

10 Percent of the World’s Websites

The WordPress platform currently services over 30 million publishers making them responsible for almost 10 percent of all websites in the world! WordPress.com boasts over 300 million unique visits each month. Therefore, when a disaster such as the aforementioned occurs, the results can be devastating.

DDoS attacks can have a major impact on the site or network they are attacking. Since this type of assault freezes or shuts down the server due to overload, it is difficult to defend against and impossible to predict. The best defense is being able to switch web accounts to a different server as soon as this occurs thus minimizing downtime and continuing to uphold performance.

Related posts:

• September 15, 2011 – Alternative’s to WordPress – Other Content Management Systems do Exist
• September 2, 2011 – When to Transition to a Content Management System
• June 15, 2011 – Drupal 7 to Further Simplify Website Management
• May 6, 2011 – New Content Management System Released by TYPO 3
• January 17, 2011 – Understanding the Benefits of CMS
• January 4, 2011 – Content Management Systems in Major Corporations
• December 31, 2010 – Why a CMS is Essential for Doing Online Business in the 21st Century
• October 12, 2010 – Content Management Systems for Multi-User Blogs
• October 8, 2010 – The Advantages of WordPress 3.0
• September 23, 2010 – Introducing MODx CMS – The Ultimate in Flexibility and Compatibility

DDoS Attacks

Hacking attacks are prevalent in the hosting community, so it is important to pick a hosting plan that takes adequate security precautions. While most shared hosting accounts are hosted by companies which are generally reliable, there are a lot of independent resellers that are selling hosting accounts that are less than secure.

Since shared hosting accounts are the cheapest, they are more likely to be vulnerable. A DDoS attack is a simple yet effective attack that is capable of bringing down a server in a few minutes. The problem with shared hosting accounts is that a single site could be attacked, and as a result the entire server could go down, affecting all of the other unrelated sites on that server.

Server Maintenance

Shared web servers also require more maintenance, since there are many web sites hosted on the same server. In fact, in many cases the servers can be reset as much as three or four times per month. When the server is being reset the site goes down for about 30 minutes to a half an hour. This can create a very bad impression for site visitors that arrive during this time period. Using a VPS or dedicated server would minimize if not completely eliminate site down time, because the server is not being used by more than one person at a time.

Server Limitations

Aside from the above problems, shared web servers also have significant limitations due to the limited resources and diversified server usage. With so many sites using the same server it can be impossible to predict the reliability of the server. A traffic surge could occur at any time of the day, and that could result in a server crash that could debilitate all sites on the server in just a few seconds. These limitations are not a factor with hosting types such as VPS and dedicated hosting. Any serious site owner may want to consider another option with less limitations and more reliability when investigating prospective web hosting service providers. If you do decide to purchase a shared hosting account, then it is best to purchase from a reputable company.

Conclusion

Shared hosting accounts are perfect for novice webmasters with minimal needs, however they are not recommended for online business owners. If you want to keep your site visitors coming back then you need a reliable site that is online every 24 hours of the day.

Related posts:

• January 6, 2010 – Considerations for Personal Web Hosting
• December 30, 2008 – The Benefits of VPS Hosting
• January 18, 2012 – InMotion Hosting In-Depth Analysis
• December 30, 2011 – Comparison of Popular Web Hosting Methods
• September 27, 2011 – Why Your Site Would Be Better With a Virtual Server
• September 25, 2011 – What To Remember When Moving To A New Control Panel
• September 7, 2011 – Pros and Cons of Shared Hosting
• September 1, 2011 – Budget Web Hosting: Is It Worth the Buck?
• July 7, 2011 – Web Hosting Servers Seized by the FBI
• May 11, 2011 – When to Use Cheap VPS Hosting Plans

Hackers employ tools that are just as complex, if not more complex than the web hosting companies themselves, so it can be almost impossible to be completely immune from a highly skilled hacker. Nonetheless, the risks that are posed by security breeches are extremely serious, especially in the world of eCommerce. A compromised website could mean the loss of thousands of dollars, and several unnecessary lawsuits against the site owner. In fact, some people have even lost their online businesses due to hackers! When it comes to hacking exploits, there is one that does not appear to be going away any time soon.

What is a DDoS Attack?

A DDoS attack is a Distributed Denial of Service attack. These attacks have been known to take down entire corporations, and even entire web hosting companies in some instances. They work because they mimic realistic traffic habits to a certain extent, so there is no way to spot them until it is too late. When a hacker employs a DDoS attack they send a massive influx of artificial traffic to a site or to a web server, so rapidly that the server simply cannot handle the load and shuts itself down. The result is near instant downtime, and the loss of revenue for anyone that is hosting their site on that server. The reason why it is called Distributed Denial of Service is because the hacker is distributing a server load that causes automatic denial of services on behalf of the web server.

Who Gets Hit With DDoS Attacks?

The sad fact is, anyone can get hit with a DDoS attack, and even more alarming is that this attack is usually the direct result of the nefarious actions of a competitor. In other words, if you have a powerful competitor, then you are already at risk for a DDoS attack. Perhaps even more startling is the fact that these attacks happen all the time on sites that are not even business oriented. Hackers use smaller sites with less security to practice their skills, and send out DDoS attacks to these sites in an attempt to perfect their DDoS skills. If you are not properly protected, then you are at risk for a DDoS attack.

How to Protect Yourself form a DDoS Attack

Perhaps the best way to protect yourself from a DDoS attack is to use a web hosting company that emphasizes their ability to counteract such attacks. Some web hosting companies will offer a good price, however their security is lax. In the web hosting industry there is no room for error, especially if you own and operate a thriving online business. One mistake could result in the loss of thousands of dollars, so it is important that you seek out the most qualified web hosting companies.

Related posts:

• April 4, 2011 – WordPress Recovering from DDoS Attack
• June 2, 2010 – How to Protect an Apache Web Server from DDoS
• May 5, 2010 – Healthy Website Security Practices
• January 15, 2010 – Website Security: Avoiding Downtime That Results in Loss of Profit
• December 15, 2009 – The Top 3 Web Hosting Security Issues
• May 26, 2009 – Web Hosting Security at Risk: Are you?
• May 7, 2009 – Protect Your Site From Maliciously Activities
• January 23, 2009 – The Dangers of Insecure Web Applications
• September 13, 2011 – How to Keep Your Server Safe From Common Security Problems
• September 9, 2011 – Several Security Risks and How to Avoid Them

What is a DDoS Attack?

A Denial of Service or DDoS attack is an attempt by a malicious user to make system resources unavailable. This is accomplished by sending a mass number of packets to the server causing it to overload and lock up. Hackers generally target sites like banks, root name servers and credit card payment gateways.

A frequent attack method occurs when the perpetrator externally attacks the server so that regular traffic is left with little or no response making it unavailable. This results in the computer or server being reset or the communication between users and the equipment fails.

Preventative Measures

Luckily there are a few methods to stop these attacks. Many web hosting providers utilize a Proxy Shield that can handle a DDoS attack up to 4GB per second. This is one of the most effective security measures available to date. It is also one of the most expensive so only large corporations can afford them.

To handle smaller DDoS incidents, hardware and software firewalls will generally do the trick. These stop the DDoS attack in the initial stage so little information is lost and the equipment can function normally.

Preventative Measures for an Apache Web Server

There is a specific method to stopping a DDoS attack on an Apache Web Server called mod-evasive. This is a module configured specifically for the Apache web server that can stop even the hardest hitting DDoS attacks, can be used for traffic detection, work with firewalls and send abuse reports.

This measure creates an internal table of IP addresses that will deny any single IP that’s blacklisted, that’s attempting to access a page numerous times or that’s launching more than 50 simultaneous connections per second from the same line. This technique eliminates attacks from a single-server attacker to a highly distributed attacker.

Mod_evasion has a built-in scaling capability with a cleanup procedure. Due to the design, only scripted attacks are recognized and blocked so that legitimate requests remain in tact and functional. A user can even click the reload button numerous times in a row and the system will identify that it isn’t a threat.

Security has been an issue in the computing industry for years. With hackers becoming more insightful with workarounds, combating their methods is proving to be more difficult. This security measure adds an extra level of protection to those utilizing an Apache server.

Related posts:

• February 25, 2010 – An Introduction to Linux Web Hosting – Linux Vs. Windows Web Hosting
• September 14, 2011 – Linux Web Hosting – What Makes it Click?
• January 25, 2011 – 4 Crucial Aspects to Consider When Choosing a Web Hosting Plan
• December 10, 2010 – Linux Hosting – From Corporation to Consumer
• August 28, 2009 – Five Reasons to Choose Unix Hosting
• August 10, 2009 – SaasS Content Management with Clickability
• April 23, 2009 – Choosing a Hosting Platform for Your Business
• March 11, 2009 – Meet the Web Server
• December 16, 2008 – Web Hosting with PHP-Nuke
• September 9, 2011 – Several Security Risks and How to Avoid Them

Serious Firewalls

Even though most web hosting providers employ firewalls by default, a lot of these firewalls are not properly configured and the restrictions can easily be circumvented by a knowledgeable hacker. If you want to ensure the security of your website(s), then you should inquire about he strength of the firewalls and it is important to have the capability to adjust firewalls to your specifications. If your web hosting company does not allow you to make changes to your site’s firewall, then you need to consider another service.

A good example of the need for firewall administration abilities, would be when a hacker is sending malicious traffic to your site form a certain IP. In this instance, it would be crucial to block this IP, and as a domain owner with a hosting account, you should have the right to do so.  The safest web hosting services offer IDS (Intrusion Detection Systems). Any breaches to your firewall can cause downtime and loss of business, therefore it is crucial to have the serious firewalls protecting your website a all times.

Protection from Distributed Denial of Service Attacks (DDoS)

Although a DDoS attack is a very basic and commonly used attack, it is also extremely difficult to prevent and treat. This simple yet effective attack can cause downtime in many websites by affecting the server functionality. This means that even users who are unrelated to the attack will suffer.  Therefore it is important to inquire about an Anti-DDoS feature before purchasing a web hosting plan.

Proper Data Encryption

If you plan on selling your services or products online, then data encryption is essential. All web hosting plans should include SSL encryption. SSL encryption will transform sensitive date from plain text into special code that make interception by a hacker very difficult. While most web hosting companies offer this feature by difficult. You may want find one that will give you the option to purchase a private certificate for added security benefits.

Related posts:

• May 5, 2010 – Healthy Website Security Practices
• February 8, 2010 – Website Security – 4 Ways to Secure Your Website
• December 20, 2010 – The Eternal Battle – Beware of the Attackers!
• June 16, 2010 – Protecting Your Site from DDoS Attacks
• January 20, 2010 – Maintaining Website Security for Customer Satisfaction
• December 15, 2009 – The Top 3 Web Hosting Security Issues
• October 16, 2009 – Major Threats to Business Website Security
• August 19, 2009 – Three Simple Tips for Protecting Your Site
• January 23, 2009 – The Dangers of Insecure Web Applications
• November 28, 2011 – Bit-Defender Internet Security Review

Credit Card Fraud

The internet is a massive virtual marketplace, swarming with merchants, customers, and people who would like to take advantage of both the merchant and the consumer. The people looking to exploit any security fault they can are commonly referred to as “hackers.” Hackers see the web as an opportunity to  prey on the weaknesses of other individuals and companies. A vulnerable website makes an ideal target for these hackers, especially if the website is engaged in daily e-commerce. Many of them have access to highly advanced applications that are capable of telling them if there any “loopholes” they can exploit. Any online store they can find with a single security lapse will become a feeding ground for them, resulting in thousands of dollars stolen form your customer’s credit cards. Once the hacker has the credit card details of your customer’s, the situation becomes progressively worse. Of course, the customer is going to be inclined to believe that you are the thief, and they will not want to accept the fact that you are actually the victim. This kind of situation can result in lawsuits, and even the loss of your online business!

Bot Rings

Then there is the possibility of a horrid “DDoS attack.” A DDoS attack is a security exploit that is normally employed by criminals that are members of or have control of  “botnets.”  DDos stands for “Distributed Denial of Service.” A bot ring is a group of hackers, or programmed computer’s that are set up to carry out a specific task. A DDoS attack is executed by a botnet that continually floods the network with DDoS requests. As the network is flooded with requests, it slows down until ultimately traffic screeches to a halt. Even though the DDoS attack is one of the oldest online security exploits, it is still extremely difficult to prevent because of it’s organic and seemingly genuine nature. Once the server’s traffic has been affected the hacker then takes control of the server, using it as a puppet to find   other vulnerable servers. Once the hacker has gained control over several servers, they then begin their attack on the target of their choice.  To prevent your business from being a victim of one of these attacks, make sure you discuss this threat with any prospective web hosts, to be sure they are aware of this threat.

Malicious Software

Then there are the threats that pose a virtual risk to the web hosting providers. Hackers may attempt to attack a web hosts server or network with a malicious application designed to retrieve crucial information.  This malicious software is called “malware” ( a combination of the two words).  While server’s generally have more stringent security measures in place, they are still susceptible to the same threats that a personal computer may be faced with.  You can avoid these kind of security lapses by  ensuring that your prospective host takes the proper precautions to defend against all forms of malware. Do not be afraid to ask questions about the security measures they have in place, before hand.  It is important to remember that once the web host’s server is compromised to malware, every bit of information on the server can be accessed, including your web site’s financial data.

Related posts:

• February 26, 2010 – PHP and Common Web Hosting Security Issues
• January 23, 2009 – The Dangers of Insecure Web Applications
• June 16, 2010 – Protecting Your Site from DDoS Attacks
• January 20, 2010 – Maintaining Website Security for Customer Satisfaction
• January 15, 2010 – Website Security: Avoiding Downtime That Results in Loss of Profit
• May 7, 2009 – Protect Your Site From Maliciously Activities
• January 13, 2009 – How to Find Secure Shared Hosting
• December 14, 2011 – Avira Antivirus Features
• November 17, 2011 – Clickjacking: What is it and How You Can Protect Yourself?
• September 9, 2011 – Several Security Risks and How to Avoid Them

What makes executable programs even worse is that many of them accept parameters such as a user name or email address, making them more vulnerable to exploitation.  Needless to say, the web was a lot safer some five to eight years ago when the internet phenomenon wasn’t as huge.  Today, hackers are highly skilled and more determined than ever.  They will do whatever it takes to break into home-based PCs, network servers, and even the applications on your website.  If your scripts are not probably secured, you stand the risk of losing essential data that can stir up all sorts of trouble.

Here are just a few examples of what can happen when your scripts are not properly secured:

Hijacking of your mail server: You may ask, “what’s the point?”.  The answer all boils down to legality.  Although you couldn’t tell on the surface, spam is illegal in most countries and if the authorities catch you doing it, you could find yourself in big trouble.  By hijacking the mail server, a spammer can use your domain to distribute mass mailings of spam.  When the authorities find out, it all leads back to you.

Hijacking of your website: Ever run across a family-friendly site and wondered why is was littered with pornographic images?  This my friend is website hijacking, more commonly known as defacing.  A poorly configured script can invite an intruder into your site, give them enough time to setup their own credentials and leave you out in the cold.

Attacks on other machines: Leave the door open for a hacker and they just might force you to participate in a strike against other machines.  Known as a DDoS attack, the hacker slips through your insecure script and installs a rootkit which opens a backdoor that gives them complete control over the server.  This could eventually cause problems for both you and your web host.

With the responsibility of administering the server, it is up to your web host to provide a secure environment.  As a webmaster however, it is up to you to make sure your web applications are properly scripted and secure.  Software can add instantly functionality to your site but if you’re not careful, it can also be your worst nightmare.

Related posts:

• December 15, 2009 – The Top 3 Web Hosting Security Issues
• June 16, 2010 – Protecting Your Site from DDoS Attacks
• January 15, 2010 – Website Security: Avoiding Downtime That Results in Loss of Profit
• January 13, 2009 – How to Find Secure Shared Hosting
• September 30, 2011 – What the New User can Learn from the GoDaddy Account Hack
• September 23, 2011 – Keep Your Site Safe – Learn What Not to Do
• September 23, 2011 – A Look at Various Anti-Spam Packages
• September 21, 2011 – How To Deal With A Possible Intruder On Your Server
• September 9, 2011 – Several Security Risks and How to Avoid Them
• September 6, 2011 – Performing IP Filtering Through cPanel – A Brief Tutorial

Here are some of the benefits that come along with VPS hosting:

Stability: Unlike shared hosting, the traffic and activities of other VPS customers will not adversely affect your operation.

Performance - Having your own allotment of resources allows you and your visitors to enjoy faster load times.

Dedicated Resources - VPS hosting provides you with more disk space, CPU and RAM.

Flexibility - You have the freedom to choose the operating system and software you want to install on the server.

VPS Features

The features and services of VPS hosting vary depending on the provider.  Although the ones you will need all depends on personal requirements, here are a few you may want to look out for:

Root Access: Root access will grant you with complete control over your VPS account from configurations to software installations.  All of the actions can be handled from the interface of your control panel application.

Management and Support: Similar to a dedicated hosting account, VPS hosting calls for you to manage your own server .  However, there are many companies that provide support and management services to assist with administrative tasks.  This feature is invaluable if you lack technical savvy.

Server Monitoring: A good VPS provider will actively monitor its network and hardware your account relies on.  This ensures the physical security of the server and also helps defend against virtual threats such as hackers, malicious software and DDoS attacks.

Multiple Domain Hosting: Although shared hosts offer multiple domain hosting, most of them do not provide enough resources for you to do so and still enjoy a smooth performance.   Many VPS providers offer plans that allow you to host multiple websites without suffering performance issues.  In most cases, you can set up separate email accounts and allocate specific resources for each individual site.

Managed Data Backups: As with any hosting solution, a VPS plan should offer a way to backup your data.  Because anything could occur within the provider’s network, it is recommended that you choose a service that allows you to manually backup your own data to assure that it can be restored at any time.

VPS hosting offers an inexpensive way to get many of the features, resources, control and flexibility of a more costly and complex dedicated server.  With the technology increasing in popular, prices are dropping rapidly, assuring that you can find a reliable VPS solution that meets your hosting needs.

Related posts:

• December 23, 2010 – Shared Hosting vs. VPS
• September 30, 2010 – An Overview VPS Hosting Restrictions
• August 25, 2010 – Cheap VPS Web Hosting vs. Cheap Shared Web Hosting
• February 3, 2009 – Benefitting From VPS Hosting
• January 16, 2009 – The Many Faces of Web Hosting
• January 18, 2012 – InMotion Hosting In-Depth Analysis
• September 25, 2011 – What To Remember When Moving To A New Control Panel
• September 20, 2011 – Cheap VPS hosting – Considering the Top 5 Options
• September 7, 2011 – Pros and Cons of Shared Hosting
• June 21, 2011 – Five Reasons to Choose VPS