web hosting

Major Threats to Business Website Security

Any organization would find it irresponsible and downright silly to not have anti-virus software installed on their office systems.  Most would also have solutions in place to compensate for data restoration should their be a hardware failure or disaster caused by some sort of natural disaster.  Surprisingly enough, far two many business owners are unaware that their websites are vulnerable to the same type of attacks as their local machines.  This is especially the case in shared and virtual environments where a multitude of sites are running on the same server.

In May 2007, more than 90,000 sites were compromised by hackers, a large scale exploit designed to illegally install malicious code on the computers of visitors who clicked on seemingly harmless search results.  A StopBadware study showed that an estimated 10% of those compromised sites were maintained by one hosting firm in particular, which accounted for 250,000 infectious websites.  This is just one of many examples that prove no website is ever as safe as we might think.

Common Threats to Business Websites

Hackers employ several methods and tricks to exploit websites.  Below we will focus on three that are most commonly used to attack business sites: SQL injection, cross site scripting and CRLF injection.

SQL Injection

SQL injection is by far one of the most popular website attacks employed today.  This technique primarily works by sending false or malicious requests to a back-end database to manipulate the information it contains.  By doing so, the attacker can view whatever information is stored in the database, change it, or erase it completely.  Most websites would not exist without the presence of databases but unfortunately, any site that features shopping carts, search fields, and any type of web form is susceptible to SQL injection.  The fields that require interaction from your visitors and customers could open up the door a hacker needs to thieve sensitive data and destroy your company.

Cross Site Scripting

Cross site scripting is another common attack that exploits holes in dynamic websites.  Dynamic pages can allow an attacker to insert malicious code and trick an end-user into running a harmful script on their computer.  If the user executes the code, the hacker could gain access to all of the sensitive information on their local machine.  Cross site scripting takes advantage of numerous programming technologies including Active X, Flash, Javascript and VBScript.

CLRF Injection

Unlike most exploits, CLRF injection does not take advantage of security vulnerabilities in the operating system or web software.  Instead, it exploits the manner in which the application was scripted.  For instance, an attacker can insert a statement into a web form along with code from CR (Carriage Return) and LF (Line Feed) characters.  The chance for exploit arises when the application mistakes this injection for a CLRF used in the initial development stage.  This attack is very dangerous as it has the power to disable an entire website.

This article is not aimed to make you a website security expert, but make you aware that security for your business site should be equally important as your local machines.  To assume that your business will never be exploited only exposes you to unnecessary risks that could put you out of commission effective immediately.

Server Options for E-commerce Hosting

There is a lot that must be taken into account when evaluating e-commerce web hosting solutions for your small business.  Among several key factors, reliability needs to be considered as well as security to make sure you web transactions and customer data are protected from hackers and criminals looking to commit identify theft.  It is important to know that there are many options available to you in regard to the type of service.  Two of the most common approaches involve running your small business on a shared or dedicated server.  Each method has its advantages and disadvantages, which we will discuss in this article.

Reasons to Opt for Shared Hosting

Shared hosting offers numerous benefits and several of them extend into the e-commerce sector.  For one, it is very affordable as you can easily find a feature-loaded plan for under $10 per month.  In addition to that, you typically receive all the tools and services you need to get your online storefront up and running.  This includes shopping cart programs, web analytic tools and support for SSL certificates to secure your business transactions.  However, while shared hosting can provide you with a relatively secure platform, it can never assure the level of protection and reliability that can be obtained from a dedicated server.

The Dedicated Advantage

Though an advanced and often more complex hosting solution, a dedicated server is not exclusively geared towards larger companies.  In fact, it can deliver the same benefits to small businesses and entrepreneurs looking to establish and grow their presence on the web.  Leasing a dedicated server will cost you more than a shared hosting plan, but it can also guarantee you better overall security and reliability, both of which are vital for anyone who wants to be make sure there business is always available.  For many companies, their website serves as the revenue generator that keeps the business going.  If these are your plans, you need to make it a priority to invest in a solution that ensures your site can be accessed at all times and provides the secure environment your customers need to feel safe.

Capacity and Complexity

When leasing a dedicated server for your small business, you are assured a guaranteed allotment of essential resources such as disk space, RAM and bandwidth.  These features alone can give you a website that performs exceptionally better than it would in the shared hosting environment.  However, you should keep in mind that dedicated hosting is one of the most complex types of web hosting you can sign on for.  Unless you opt for a managed service, you will be responsible ensuring and monitoring security, performing configurations and backups, installing software and general maintenance of the server.

There are quite a few small businesses that can thrive with a shared hosting platform and several others that cannot.  Making a choice is difficult and the final decision will depend on various factors, including your budget, level of expertise and the requirements of your business.  Most importantly, it will boil down to the overall quality of the host providing you with service.

Three Simple Tips for Protecting Your Site

These days, it is more important than ever to keep your website current with the latest security measures.  Why so much emphasis on security?  Because hackers are always looking for ways to penetrate servers and websites to thieve sensitive information.  There are is a lot you can do to ensure better website security and the tips in this article should taken very seriously.

1.) Update Your Applications and Scripts

Running outdated web applications and code on your site is liking giving hackers an open invite.  So if you have older versions of WordPress or Joomla installed, it is advisable that you immediately check for and perform the necessary updates.  This goes for any application or programming languages used for your site.  For a knowledgeable hacker, compromising Joomla 1.0 is as easy as uploading a shell script to an insecure form.  If successful, they could end up with complete control of your account.

2.) Create Strong Passwords

A password can be a simple but effective security mechanism.  However, this is only the case when following a strict set of rules.  When securing login sessions and other areas of your site, never apply a password that can be easily guessed by others or is used for other accounts.  If someone knows just one of your passwords, they can keep trying it for each of your accounts until they are successful.  This could not only lead them to the control panel login of your hosting account, but also the financial institution you do your online banking with.

3.) Mask Your Folders

It is always wise to cloak your website files and folders that are stored on the server.  Many security experts suggest keeping a blank index.html file in each of the folders stored in your public directory.  Doing this will ensure that the contents cannot easily be viewed by internet users.  This process is made simple with the cPanel control panel and its Index Manager function.  You can take this one step further by password protecting the administrator folder that contains the scripts you are running.  This is highly recommended as it provides an added layer of security that will make an intruder have to work that much harder.

What If I Still Get Hacked?

As we eluded to earlier, there is a possibility that even after adhering to all of these tips and more, your website can still be compromised by a hacker.  Should your site be successfully exploited, there are a couple of things you should do right away to minimize the damage.  The first step that needs to be taken involves changing all of the passwords associated with your website.  This goes from your control panel and administrative areas to everything else in between.  Next, go through your hosting account to find and update all old applications and plugins as they could easily be the culprits that led to exposure.  Any website can be compromised and if it happens to you, your sensitive information can be used for criminal gain in one way or another.  Prevention is the key so employ all the measures you can to ensure you are protected against the existing and emerging threats.

Securing Your Business Website in Three Easy Steps

Whether it’s the local shopping market, airport or online, thieves are lurking and just waiting for you to make a critical mistake.  In fact, much of the internet community is in a state of panic as data theft is at an all-time high.  Credit card numbers, bank account information and identities are being stolen from companies who don’t know how to properly secure their website and transactions.  Assuming you don’t want to be the next victim, we have provided three simple tips to keep you one step ahead of the attackers.

1.) Make Use of Encryption

In order to protect the monetary transactions occurring on your site, you at least need to have an SSL certificate with no less than 128-bit encryption.  This security tool can be installed and managed by a third-party vendor such as VeriSign or you can choose to handle the configuration yourself.  What SSL does is scramble the data being sent over the internet in a code that is unreadable to hackers.  Thus, when sales on your website are made, the financial details of your customers is encrypted, securely transmitted and then decrypted by your payment processor.  By placing an SSL certificate seal on your website, you can calm the nerves of consumers and encourage them to shop your store in confidence.

2.) Check Your Buyers

Although you don’t want to look as if you are suspicious of everyone, the prevalence of credit card payments increases the probability of a customer using someone’s financial information without their knowledge or approval.  To minimize situations like this, you should check the identity of your customers.  This can be done by not only obtaining their name and credit card number, but also their home address, telephone numbers and the security code located on the back of the actual credit card.  By doing so, you can better assure that the financial details submitted actually belong to the individual making the purchase.  If the card comes back as stolen, you could end up playing a role in helping authorities track down the criminal.

3.) Research Your Merchant

To ensure that financial information will not be stolen following the transaction, it is imperative that you run a thorough check of the merchant account provider processing your credit card payments.  You can start by reading reviews to learn if they have a history of fraud or security issues.  Don’t hesitate to speak to the company directly about the security measures they employ and most importantly, to make sure you are completely confident in their services.  If you have any doubts about the provider, follow your instinct and move on to the next option.

Security is a hot topic in seemingly every industry these days.  If you are using the internet as a medium for your business, these certainly are not times when you can just sit back and simply hope for the best.  Hackers and their attacking mechanisms grow more advanced everyday, so it is critical that you take the appropriate actions to keep both you and your customers out of harm’s way.

Web Hosting Security at Risk: Are you?

It seems as if new web hosting companies are emerging on the scene everyday and almost all of them are trying to ease the rising fears of security breaches.  The efforts and reassurance are warranted when considering that any website is vulnerable to an attack.  Intruders are constantly on the prowl in search of sensitive information such as account numbers, invoice records, personally identifiable details and other confidential data.  The best way to ensure the protection of this information is a combination of proven security mechanisms and routine security practices employed by both the hosting provider and end-user.

Why Web Hosting?

You may wonder why the web hosting industry is such a big target of hackers?  The simple answer is that the market is tremendous, consisting of thousands of companies that power millions of websites throughout the world.  There are billions of dollars tied up in the business and hackers are willing to use every trick in the book to get a share of it.  If your site runs mission-critical operations, acts as the central source of information for your niche or enables you to make a living, it is imperative that you make security a priority.  Because your web host is in a better position to ensure reliable protection than yourself, you need to put security on the top of your list when sizing up potential hosting providers.

The Expanding Threat Model

A hacker’s arsenal is made up of numerous tools and techniques.  They typically combine various methods to compromise websites and turn the unsuspecting into victims.  Some blend into social networking sites, playing nice in hopes of enticing community users to visit an infected site and unknowingly execute malicious code on their system.  They trick users into downloading items that appear to be something desirable like a multimedia application or game but is only a deceptive Trojan horse in disguise.  Some utilize more destructive weapons that could result in the theft of one’s assets and identity.  The malicious keylogger is a prime example, a menacing program with the ability to capture every single character you type into your keyboard.  These threats and more, are the very reasons why web hosting providers across the world are increasing their efforts to deliver better security to their customers.

Put Security First

You don’t have to be a security expert in the IT field to keep yourself protected from hacking exploits.  However, your web host should be.  After all, if they are taking money from you and making a commitment to serve your pages over the internet, shouldn’t they also be on top of the security mechanisms and procedures needed to ensure the safety of your website and personal information?   Security is a must in the web hosting arena so you should take no excuses and never settle for less.  With that said, if you feel that your current hosting provider isn’t taking the necessary measures to keep you protected, don’t stand for it – move your files to a responsible server.