web hosting

Tips to Apply to Free Hosting

If you have been considering a free web hosting service for your website needs, you may want to think twice and prepare yourself to deal with pop-ups, pop-unders, third-party banner advertisements and other annoying elements.  You also have to keep in mind that common features such as PHP programming, MySQL databases, CGI scripts and FTP access may not be available.

You can embark upon a mission to look for a quality free web hosting service with no advertisements and useful features, but you will likely return disappointed once your search has concluded.  While you can never really expect any guarantees when it comes to free hosting, knowing what to expect will better assure that you do not end up with a terrible service.

Understand How Free Hosting Works

There are more than enough free web hosting providers to go around.  Unfortunately, most of them force you to place advertisements on your site or only provide you with the free service for a limited time.  Some do set you up with a quality service in exchange for carrying banners while others leave you to run your site on slow and insufficient servers.  In some cases, these servers fail to respond at all, leaving you with a website that is essentially useless.  So, if the service is impractical, how do free hosting companies make enough money to survive?

More and more, we are seeing free web hosts keeping themselves afloat by persuading their customers to sign up for paid hosting plans.  If they can provide a good service, this actually turns out to be a fair deal.  Premium hosting services are very affordable these days so purchasing service with a company you trust could prove to be worth your while.   The major downside is that even when upgrading to a paid service, your package could still end up lacking features that are commonly found on the professional hosting market.  For example, you just might have to pay extra for items such as FrontPage extensions and FTP support.  So even when you purchase service from a free web host, you still have to make sure you are getting your money’s worth.

Secure Your Web Presence

Should you find yourself in a situation where you must rely on a free web hosting service because of financial restrictions, there are a few things you can do to protect your website and identity.  First, you can register yourself a domain name with a reputable company such as GoDaddy or Yahoo.  Domain names are pretty cheap these days and only cost about $10 to $12 per year.  Before registering the name, look out for domain features such as a control panel and URL forwarding.  This will provide you with the ability to redirect your domain and change the destination to where ever you prefer.  So if your free web host folds and goes out of business or things simply are not working out, you can point the name somewhere else and move your website right along with it.

Hack-Proofing Your Dedicated Server

Having a dedicated server is one of the true signs that you have made it as a small to medium sized business owner.  Unfortunately, it also makes you a likely target of hacking and other security threats.  Securing any machine equipped with a web or application server is a huge challenge, one you may not be able to overcome alone.  You need to worry about everything from your email and FTP communications to OS and kernel patches.  And let’s not forget about those web technologies that can bring you so much functionality along with a lot of grief when not properly secured.  This web-based world we live in can be very hazardous to any business so if you want to protect your server, we suggest paying close attention to the contents of this article.

Must-Have Defenses

Securing a dedicated server begins with creating a two-layer bullet proof vest to deflect the attempts of the enemy.  Two of the most effective weapons to carry into battle: firewall and intrusion protection technology.  With a firewall, your server will be able to fight off common exploits such as DDoS (distributed denial of service) and brute force attacks.  Usually originating from multiple unsecured, enslaved machines, the dreaded DDoS attack will slam your dedicated server with awful amounts of insignificant traffic, overwhelming critical resources and rendering the hardware inaccessible to legitimate users.  A quality firewall with good configurations will enforce rules that filters access and blocks malicious traffic while allowing legitimate traffic to pass.  This is all done in a way that reduces latency and slow moving processes, so it all appears transparent to the end-user.

Though similar in a nature, intrusion detection and prevention takes a more advanced approach towards server security.  This technology blocks malicious traffic right at the source, locking compromised hosts in a quarantine area all while routing genuine user traffic in a quick and efficient manner.  If a firewall represents your first line of defense, then intrusion protection serves as your behind enemy lines mechanism.  This powerful combination allows you to shift security measures from a reactive to proactive aspect.

Don’t Stop There

While the implementation of firewalls and intrusion protection make good first steps, one should keep in might that this isn’t the set it and forget it type of deal.  In order to stay ahead of the hackers, malware coders and corporate saboteurs you must consistently employ vigilance as well as frequent updates of your patches, blacklists, filters and other vital elements.  Purchasing and installing a few security devices and applications can be viewed as the easy part.  Managing them with efficiency is an entirely different story.

Because properly securing a dedicated server is cost prohibitive for most small and medium sized organizations, you may want to consider a managed service to help keep the intruders away.   Managed hosting is the often overlooked aspect of a dedicated server that could spell the difference between running a successful business, or going down because of a major security breach.  If you are not sure where you stand on server security, consult your IT team or speak with a professional firm for guidance.

Protect Your Site From Maliciously Activities

Thousands of vulnerable websites are exploited everyday.  In many cases, your site can be victimized without you having the slightest clue.  Unfortunately, there are also instances in which your site can be used in malicious ploys without being directly compromised   In the best interests of both you and your visitors, it is imperative that you take the appropriate measures to ensure that your site is a safe place to visit.  In this article we will talk some of the more unusual ways hackers and malware writers plant their harmful seeds.

Malicious Banner Ads

Although most attacks involve taking advantage of vulnerable web applications, attackers have several other weapons that can be used to maliciously exploit your site.  One popular method is through the use of banner ads.  The person you think you’re networking with could be using your site as a medium to propagate their malicious code.  As soon one of your visitors clicks on the compromised banner, they are redirected to a malware hosted site or directly infected depending on the nature of the code.  If you insert third-party advertisements on your website, it is imperative to make sure they do not put you or your visitors in danger.  The best way to do this is knowing how to properly access obfuscated banner code for signs of malicious values.  You could also do some checking to find out if the advertiser you’re working with has a reputation for participating in such activities.

Sneaky Uploads and Downloads

Most website attacks focus on HTML code but it is also possible for malicious items to be uploaded to an improperly secured site.  If you allow users to upload content to your site, they can easily sneak in executables such as Javascript, .exe, .bat and. cmd files.  Attackers have also been known to bundle their harmful programs with applications given away as free downloads.  You will become unpopular if every time someone downloads your free software, they end up with a nasty infection on their PC.  You can learn if your site or applications are being used to distribute malware by downloading the source code from the live site onto a virtual machine and scanning it with a reliable anti-malware tool.

A Few Security Tips

It’s a jungle out there in cyberspace, filled with more hazardous creepy crawlers than you could imagine.  Following these simple tips should help make your website a much safe place to hang out.

Transfer Data Securely – If you allow users to upload to your site or require root access, be sure to utilize SSH and SFTP rather than Telnet or FTP.  These protocols have both been considered insecure because of their tendency to transmit data in plain text.  When using FTP or Telnet, sensitive information such as user names and passwords can be easily read by anyone eavesdropping on the network.  SSH and SFTP are encryption-based protocols that scramble data so it appears in the form of unreadable characters.

Scan Your Website – There are a number of scanning technologies that will comb your site for vulnerabilities.  A good one will not only help you detect insecure applications, but also software packages that require immediate patches.

Secure Hosting - You can take all the preventive measures you want, but if the server you’re hosting on isn’t secure, all those efforts will prove futile.  Make sure your web host is taking the necessary steps to keep you protected behind the scenes.  If they are not making use of features such as firewalls, anti-malware and DDoS protective software, you need pack up your website files and head elsewhere.

Introduction to Webmin

The number of control panels on the market keeps expanding into an even greater variety.  Almost everyone is familiar with cPanel along with rivals such as Plesk and H-Sphere.  One control panel you may not be familiar with is Webmin, a super-functional application that certainly warrants a closer look.

What is Webmin?

Webmin is a software tool designed to simply the process of managing Unix and Linux platforms.  The program is compatible with virtually any web browser, permitting various administrative tasks through a cleanly designed, user-friendly interface.  Webmin provides the ability to manage various aspects of the web hosting environment from setting up a web server and creating accounts to maintaining FTP and mail servers.

Webmin Features and Capabilities

The Webmin control panel allows you to do the following:

• Use NFS protocol to exports files and directories to other systems
• Set up quotas to control how much disk space is allocated to users
• Install, manage and delete software packages in formats such as RPM
• Modify the systems’ DNS settings, IP address and routing configuration
• Set up firewalls for added security or to provide LAN access to the internet
• Create and configure virtual servers on Apache
• Manage databases, tables and fields on MySQL or PostgreSQL database servers

These are just some of the capabilities offered by the Webmin software.  Because it is accessed via a browser, you can login from any system connected to your own through a network.  There is no difference between running Webmin locally or remotely.  The software is built on a modular design, meaning each of its functions are contained in a module that can be installed or uninstalled independent of the rest of the application.  This structure alone makes Webmin very distinctive of your average control panel.

Although Webmin is primarily used on the Linux platform, it also integrates with Unix flavors such as FreeBSD, HP/UX and Solaris.  One of its greatest strengths is the ability to adjust its behavior and interface in accordance to the underlying platform.  For example, Webmin can conceal the obvious differences between Linux and other Unix variants by presenting an interface that is either identical or quite similar regardless of what system you are using.

Webmin Disadvantages

Webmin offers many advantages but is not very useful on its own accord.  This is because unlike cPanel which acts as a server, Webmin is merely a configuration tool and therefore, it depends on other applications to perform.  For instance, in order to user the Apache module, the actual Apache web server application must be installed on the system.  The good thing is that all of these servers and services it relies on are included standard with Unix-like distributions or can be freely downloaded and implemented.

Who Needs Webmin?

The Webmin control panel is designed for users with a familiarity of Linux commands but are not all that familiar with the intricacies of server administration.  This software assumes that the user is familiar with basic networking concepts such as DNS servers, IP addresses and hostnames as well as the layout of the Unix file system.   Those who possess these capabilities can enjoy everything from the power to set up FTP accounts and simple website management to root privileges and custom software installations.

Practicing FTP Security

One of the most highly sought after features on the web hosting market is FTP.   Short for File Transfer Protocol, FTP provides a means for transferring data from your computer to the web host’s server.  While the protocol is quite useful, FTP also presents many security risks and making yourself aware of them is crucial.

Beware of FTP Attacks

FTP is ideal for transferring files to a remote location.  However, you should know that in its purest form, this protocol is far from secure.  FTP transmits your data over a network in plain text.  If the transmission is intercepted, the contents of those files can be viewed by unauthorized parties.  Furthermore, a knowledgeable hacker can use the FTP server as an entrance into your website.  This is done by repeatedly trying to logon with an incorrect user password.  In most cases, the profile is disabled after reaching the maximum threshold of three sign in attempts, thus giving the hacker all the ammunition they need to launch the attack.

The most effective way to protect yourself from an FTP password attack is through the use of an FTP server logon exit program.  This mechanism can provide security in the following ways:

Rejecting logon requests by any user profiles that you have not granted FTP access to.  With the use of an FTP server logon exit program, the logon attempts from the profiles you decide to block are not counted towards the maximum sign in count.

Limiting the number of clients from which a user profile is able to access the FTP server.  For instance, if someone from accounting is granted access, you can make configurations where only users with an IP address from the accounting department have FTP access.

Recording the credentials and IP addresses of all FTP logon attempts.  This allows you to regularly view the activity of each FTP logon attempt.  If a profile is ever disabled for reaching the maximum count, you can use their IP address, identify the perpetrator and handle the matter accordingly.

FTP Security Recommendations

Because FTP is naturally insecure, you may want to strongly consider backing it up with a reliable security mechanism.  The most highly recommended is Secure Sockets Layer, or simply SSL.  SSL is an encryption protocol that enables secure communications between the FTP server and client.  It ensures that transmissions are encrypted, maintaining confidentiality and integrity for all data that passes through.  This includes files as well as usernames and passwords.  Most FTP severs support SSL through the use of a digital certificate which also provides additional security with client authentication.

Though some recommend the use of anonymous FTP for the sharing of non-confidential data, this can be an even greater security risk.  With anonymous FTP, anyone can upload to your server without a username or password.   They could be transferring pirated software or malicious files.  Before taking such a gamble, be sure to weigh all the risks and take the appropriate measures to ensure that your FTP communications are secure.