web hosting

The Top 3 Web Hosting Security Issues

Security is by far one of the most important factors to consider when choosing a web host. With so  many possible threats online, it is not as hard as on might think for a security lapse to occur. Security is not something that should be taken lightly by the consumer or the web host, as there are several threats that could result in serious financial turmoil. The following are three threats in particular that are becoming increasingly common, and that are responsible for a large portion of the security issues involved with web hosting.

Credit Card Fraud

The internet is a massive virtual marketplace, swarming with merchants, customers, and people who would like to take advantage of both the merchant and the consumer. The people looking to exploit any security fault they can are commonly referred to as “hackers.” Hackers see the web as an opportunity to  prey on the weaknesses of other individuals and companies. A vulnerable website makes an ideal target for these hackers, especially if the website is engaged in daily e-commerce. Many of them have access to highly advanced applications that are capable of telling them if there any “loopholes” they can exploit. Any online store they can find with a single security lapse will become a feeding ground for them, resulting in thousands of dollars stolen form your customer’s credit cards. Once the hacker has the credit card details of your customer’s, the situation becomes progressively worse. Of course, the customer is going to be inclined to believe that you are the thief, and they will not want to accept the fact that you are actually the victim. This kind of situation can result in lawsuits, and even the loss of your online business!

Bot Rings

Then there is the possibility of a horrid “DDoS attack.” A DDoS attack is a security exploit that is normally employed by criminals that are members of or have control of  “botnets.”  DDos stands for “Distributed Denial of Service.” A bot ring is a group of hackers, or programmed computer’s that are set up to carry out a specific task. A DDoS attack is executed by a botnet that continually floods the network with DDoS requests. As the network is flooded with requests, it slows down until ultimately traffic screeches to a halt. Even though the DDoS attack is one of the oldest online security exploits, it is still extremely difficult to prevent because of it’s organic and seemingly genuine nature. Once the server’s traffic has been affected the hacker then takes control of the server, using it as a puppet to find   other vulnerable servers. Once the hacker has gained control over several servers, they then begin their attack on the target of their choice.  To prevent your business from being a victim of one of these attacks, make sure you discuss this threat with any prospective web hosts, to be sure they are aware of this threat.

Malicious Software

Then there are the threats that pose a virtual risk to the web hosting providers. Hackers may attempt to attack a web hosts server or network with a malicious application designed to retrieve crucial information.  This malicious software is called “malware” ( a combination of the two words).  While server’s generally have more stringent security measures in place, they are still susceptible to the same threats that a personal computer may be faced with.  You can avoid these kind of security lapses by  ensuring that your prospective host takes the proper precautions to defend against all forms of malware. Do not be afraid to ask questions about the security measures they have in place, before hand.  It is important to remember that once the web host’s server is compromised to malware, every bit of information on the server can be accessed, including your web site’s financial data.

Bursting Five Managed Hosting Misconceptions

More small and medium sized companies are thriving due to the benefits of managed hosting.   However, with the popularity has come various myths about this service that have done nothing but confuse interested customers.  To keep you in line with the facts, this article will debunk five of the most common misconceptions about managed hosting.

1.) Managed Hosting is a Completely Outsourced Solution

The way some describe it, managed hosting is a type of service that completely alleviates you from server administration and daily management tasks, a fully outsourced service that does not require you to lift a finger.  In most cases, this isn’t true.  While you typically get far more automated assistance than offered by a dedicated hosting provider, the level of managed services all depends on the price, package and host you select.  Even when signing on for a fully managed contact, you will still be responsible for design, promotion and the basic administration of your site.

2.) Only Inexperienced Users Need Managed Services

Many have the misconception that managed hosting is strictly designed for businesses and individuals who lack the abilities needed to maintain a web server.  This comes from the fact that managing a dedicated server requires a certain level of technical skills, which is the reason that several choose to outsource these tasks to another company.  Be that as it may, managed hosting can benefit all types of customers, even those who are well versed in administration and know their way around a web server.

3.) Managed Hosting is More Reliable

Almost all companies will promise you a respectable uptime and reliable service.  The same holds true for managed hosting providers.  Although you have your own server, there are still many incidents that could possibly result in service interruptions and downtime.  The reliability you get from a managed hosting solution all depends on the company you choose.  If they have taken the time to build a stable infrastructure with redundant systems, downtime should be a very rare occurrence.

4.) Managed Hosting is More Secure

One of the biggest misconceptions you can fall into is automatically assuming that a managed hosting provider will keep your server secure.  Most companies take the necessary steps to detect and prevent common threats such as malware, intrusion, DDoS attacks and other exploits.  What you should know is that no server or web hosting system is ever 100% protected.  Different strains of malicious software are released on a frequent basis and hackers grow more sophisticated everyday.  This is why it is so important for both you and your managed hosting provider to make security a priority.

5.) Managed Hosting is Cost Prohibitive

In general, managed hosting is more expensive that your typical dedicated server plan.  However, it can also result in tremendous cost savings for your business.  These savings are obtained by the fact that you don’t have to make any costly upfront investment on hardware, software or infrastructure.  You can also spare yourself from having to hire a professional IT team.  At the very least, you can keep staffing expenses to a minimum.  Over the long run, managed hosting can be far more cost effective than leasing a dedicated server.

When IFrames Go Bad

The World Wide Web is one of the greatest inventions ever and right about now, the army of malware writers would probably agree.  There is a relatively new technique circulating throughout the community of internet criminals and the IFrame acts as the facilitator.  This concept represents one of the latest tools used to trick web surfers into unknowingly downloading malicious items onto their computers from an infected website.  How serious is the threat?  Well since popular sites like USA Today and Wal-Mart have already been victimized, we’d say it is one that definitely warrants your attention.

IFrame Malware Defined

Not to be confused with the newest Apple product, IFrame is an acronym for inline frame, which is simply a way of inserting one web page inside of another, typically from another web server.  IFrames are useful for building web applications and serving content from other sources to your visitors.  However, malware writers and hackers have other intentions, planting IFrames in stealth fashion where you don’t even known they are there.  A knowledgeable attacker can manipulate JavaScript in a way where the code is designed to look confusing or benign rather than obviously malicious.

When the concept first started, hackers exploited IFrames by attacking servers directly or adding malicious code to banner advertisements.  More recently however, it has been increasingly used to aid in the poisoning of search engine results.  Large websites often cache the results of search queries and then forward them to a search engine like Google which generates them directly for the benefit of web surfers.  Malware writers are able to exploit the system by inserting the IFrame’s text and code within the legitimate query.  If the terms are not properly scanned and analyzed for obfuscated code, the malicious data is then stored and passed onto the search engine.  Thus, when a user searches for that term, the attack is directly initiated upon clicking on the search result.  This provides hackers with a way to bypass traditional security mechanisms and use a website’s search engine popularity to unknowingly infect its own users.

Defending Against Malicious IFrames

IFrame malware attacks are occurring at a rapid rate, mainly because far too many internet users are not aware of the problem.  Effectively fighting this security threat calls for dedicated efforts on the part of many.  Server operators need to devise more efficient ways to detect malicious code and website administrators must improve the input checking procedures for their sites.  At the same time, popular searches engines must do a better job of detecting these exploits and warning users of the sites that may harm their computer.  For the mean time, website owners are advised to properly secure their applications while end users should keep their systems updated with the latest versions of Microsoft products like Windows and Internet Explorer.  As of this article, the most vulnerable systems are those running Windows XP Service Pack 1 and IE browsers older than version 7.0.   These are tips you may want to pass along to your visitors.

Protect Your Site From Maliciously Activities

Thousands of vulnerable websites are exploited everyday.  In many cases, your site can be victimized without you having the slightest clue.  Unfortunately, there are also instances in which your site can be used in malicious ploys without being directly compromised   In the best interests of both you and your visitors, it is imperative that you take the appropriate measures to ensure that your site is a safe place to visit.  In this article we will talk some of the more unusual ways hackers and malware writers plant their harmful seeds.

Malicious Banner Ads

Although most attacks involve taking advantage of vulnerable web applications, attackers have several other weapons that can be used to maliciously exploit your site.  One popular method is through the use of banner ads.  The person you think you’re networking with could be using your site as a medium to propagate their malicious code.  As soon one of your visitors clicks on the compromised banner, they are redirected to a malware hosted site or directly infected depending on the nature of the code.  If you insert third-party advertisements on your website, it is imperative to make sure they do not put you or your visitors in danger.  The best way to do this is knowing how to properly access obfuscated banner code for signs of malicious values.  You could also do some checking to find out if the advertiser you’re working with has a reputation for participating in such activities.

Sneaky Uploads and Downloads

Most website attacks focus on HTML code but it is also possible for malicious items to be uploaded to an improperly secured site.  If you allow users to upload content to your site, they can easily sneak in executables such as Javascript, .exe, .bat and. cmd files.  Attackers have also been known to bundle their harmful programs with applications given away as free downloads.  You will become unpopular if every time someone downloads your free software, they end up with a nasty infection on their PC.  You can learn if your site or applications are being used to distribute malware by downloading the source code from the live site onto a virtual machine and scanning it with a reliable anti-malware tool.

A Few Security Tips

It’s a jungle out there in cyberspace, filled with more hazardous creepy crawlers than you could imagine.  Following these simple tips should help make your website a much safe place to hang out.

Transfer Data Securely – If you allow users to upload to your site or require root access, be sure to utilize SSH and SFTP rather than Telnet or FTP.  These protocols have both been considered insecure because of their tendency to transmit data in plain text.  When using FTP or Telnet, sensitive information such as user names and passwords can be easily read by anyone eavesdropping on the network.  SSH and SFTP are encryption-based protocols that scramble data so it appears in the form of unreadable characters.

Scan Your Website – There are a number of scanning technologies that will comb your site for vulnerabilities.  A good one will not only help you detect insecure applications, but also software packages that require immediate patches.

Secure Hosting - You can take all the preventive measures you want, but if the server you’re hosting on isn’t secure, all those efforts will prove futile.  Make sure your web host is taking the necessary steps to keep you protected behind the scenes.  If they are not making use of features such as firewalls, anti-malware and DDoS protective software, you need pack up your website files and head elsewhere.

Malware Attacks on the Rise

When signing up for a web hosting account, most feel confident that the provider takes all the preventive measures to make sure their personal information is safe.  While most companies do try to secure their hosting platforms, one should never assume that these security measures are 100% reliable.  Hackers are determined and very skilled at their craft.  They will employ various techniques and use numerous tools to break into your website.  One of the most effective weapons in their arsenal of tricks is malware.

Appalling Numbers

In 2008, web security firm ScanSafe, released a report that raised a lot of concern in the hosting industry.  The report revealed figures from research conducted between May 2007 to May 2008, showing that 68% of legitimate websites studied were unknowingly hosting malware.  Researchers at ScanSafe say that crafty intruders were able to compromise websites of various sizes from well known entities to small businesses.

Nature.com is one site that was victimized.  According to Quantcast, this site receives more than 700,000 unique visitors each month, making it one of the top 500 most trafficked sites on the web.  ScanSafe’s study found that malicious code was embedded into web pages on Nature.com.  Thankfully, the administrators detected and rectified the issue very quickly.  Although the website was only compromised for a single day, an estimated 30,000 users could have been at the risk of malware infection.

A Double Threat

So, how do intruders sneak these malicious scripts into an innocent website?  They use a wide range of methods and one of them is an attack called SQL (Structured Query Language) injection.  Numerous security reports show that risk of exposure to website hacking has increased by more 400% since 2008.  It has been reported that backdoor installing and password thieving malware accounts for the fastest growing attacks, threats that increased by over 800%.

The ScanSafe report shows that SQL injection is one exploit that aids the most in malware attacks.  With this type of attack, a hacker inserts SQL code into a simple form on a web page, any application that interacts with a backend database.  They can then send requests to steal information from the database or communicate with it in malicious ways to compromise other visitors that may interact with the site.  SQL injections are such a huge problem because so many webmasters do not take the proper security measures when developing applications and administering databases.  Most simply rely on simple authentication based on a username and password.  By using an SQL select query, a hacker can take those values, compare them to the information in the database, find a match and get the access they need.  With all the advanced hacking tools available, this process can be done very quickly.

Keeping Your Website Safe

Malware is a very dangerous security threat with the power to bring down a single website or an entire server.  It comes in various forms and can go undetected for quite sometime.  When the victim finds out, it is usually too late.  You can keep your site protected against spyware, Trojans, viruses and other malware by making sure you web applications are completely secure.  If you are not quite sure, get yourself a vulnerability scanner to scan your site for security holes.  It is a small investment that can spare you a lot of heartache.