Tag Archive 'security measures'

Three Simple Tips for Protecting Your Site

These days, it is more important than ever to keep your website current with the latest security measures.  Why so much emphasis on security?  Because hackers are always looking for ways to penetrate servers and websites to thieve sensitive information.  There are is a lot you can do to ensure better website security and the tips in this article should taken very seriously.

1.) Update Your Applications and Scripts

Running outdated web applications and code on your site is liking giving hackers an open invite.  So if you have older versions of WordPress or Joomla installed, it is advisable that you immediately check for and perform the necessary updates.  This goes for any application or programming languages used for your site.  For a knowledgeable hacker, compromising Joomla 1.0 is as easy as uploading a shell script to an insecure form.  If successful, they could end up with complete control of your account.

2.) Create Strong Passwords

A password can be a simple but effective security mechanism.  However, this is only the case when following a strict set of rules.  When securing login sessions and other areas of your site, never apply a password that can be easily guessed by others or is used for other accounts.  If someone knows just one of your passwords, they can keep trying it for each of your accounts until they are successful.  This could not only lead them to the control panel login of your hosting account, but also the financial institution you do your online banking with.

3.) Mask Your Folders

It is always wise to cloak your website files and folders that are stored on the server.  Many security experts suggest keeping a blank index.html file in each of the folders stored in your public directory.  Doing this will ensure that the contents cannot easily be viewed by internet users.  This process is made simple with the cPanel control panel and its Index Manager function.  You can take this one step further by password protecting the administrator folder that contains the scripts you are running.  This is highly recommended as it provides an added layer of security that will make an intruder have to work that much harder.

What If I Still Get Hacked?

As we eluded to earlier, there is a possibility that even after adhering to all of these tips and more, your website can still be compromised by a hacker.  Should your site be successfully exploited, there are a couple of things you should do right away to minimize the damage.  The first step that needs to be taken involves changing all of the passwords associated with your website.  This goes from your control panel and administrative areas to everything else in between.  Next, go through your hosting account to find and update all old applications and plugins as they could easily be the culprits that led to exposure.  Any website can be compromised and if it happens to you, your sensitive information can be used for criminal gain in one way or another.  Prevention is the key so employ all the measures you can to ensure you are protected against the existing and emerging threats.

Category: Security Issues
Tags: , , , , , , ,
Posted on Wednesday, Aug 19, 2009
Trackback URI   Comments RSS

Malware Attacks on the Rise

When signing up for a web hosting account, most feel confident that the provider takes all the preventive measures to make sure their personal information is safe.  While most companies do try to secure their hosting platforms, one should never assume that these security measures are 100% reliable.  Hackers are determined and very skilled at their craft.  They will employ various techniques and use numerous tools to break into your website.  One of the most effective weapons in their arsenal of tricks is malware.

Appalling Numbers

In 2008, web security firm ScanSafe, released a report that raised a lot of concern in the hosting industry.  The report revealed figures from research conducted between May 2007 to May 2008, showing that 68% of legitimate websites studied were unknowingly hosting malware.  Researchers at ScanSafe say that crafty intruders were able to compromise websites of various sizes from well known entities to small businesses.

Nature.com is one site that was victimized.  According to Quantcast, this site receives more than 700,000 unique visitors each month, making it one of the top 500 most trafficked sites on the web.  ScanSafe’s study found that malicious code was embedded into web pages on Nature.com.  Thankfully, the administrators detected and rectified the issue very quickly.  Although the website was only compromised for a single day, an estimated 30,000 users could have been at the risk of malware infection.

A Double Threat

So, how do intruders sneak these malicious scripts into an innocent website?  They use a wide range of methods and one of them is an attack called SQL (Structured Query Language) injection.  Numerous security reports show that risk of exposure to website hacking has increased by more 400% since 2008.  It has been reported that backdoor installing and password thieving malware accounts for the fastest growing attacks, threats that increased by over 800%.

The ScanSafe report shows that SQL injection is one exploit that aids the most in malware attacks.  With this type of attack, a hacker inserts SQL code into a simple form on a web page, any application that interacts with a backend database.  They can then send requests to steal information from the database or communicate with it in malicious ways to compromise other visitors that may interact with the site.  SQL injections are such a huge problem because so many webmasters do not take the proper security measures when developing applications and administering databases.  Most simply rely on simple authentication based on a username and password.  By using an SQL select query, a hacker can take those values, compare them to the information in the database, find a match and get the access they need.  With all the advanced hacking tools available, this process can be done very quickly.

Keeping Your Website Safe

Malware is a very dangerous security threat with the power to bring down a single website or an entire server.  It comes in various forms and can go undetected for quite sometime.  When the victim finds out, it is usually too late.  You can keep your site protected against spyware, Trojans, viruses and other malware by making sure you web applications are completely secure.  If you are not quite sure, get yourself a vulnerability scanner to scan your site for security holes.  It is a small investment that can spare you a lot of heartache.

Category: Security Issues
Tags: , , , , , ,
Posted on Thursday, Mar 05, 2009
Trackback URI   Comments RSS

Sponsored Links