What is Secure Live?

Most add-ons and plugins in general are specific to a particular CMS.  This is not the case with a diverse security tool known as Secure Live.  Secure Live is a robust combination of a software tool and a real-time, live monitoring service that provides added security for content-rich websites.  Though primarily used to beef up the security of Joomla websites, it also offers modules for other open-source applications, including e107, Magento and WordPress.  Secure Live also supports most site based exclusively on the PHP programming language and plans to offer support for the Drupal CMS in the very near future.

Key Features

The biggest draw to Secure Live is that it provides critical security services such as blocking, alerting and even reporting when your website has been attacked.  It offers the ability to monitor an entire network of sites as a single unit, accurately and quickly updating each individual client as new attacks are identified.  Here are some of the ways Secure Live helps you respond to attacks on your CMS:

- Sends notification of attack to the serve administrator.

- Captures information that can help track down the attacker.  This includes geo-tracking, attack strings and other important details that could possibly be used to identify the perpetrator.

- Notifies Secure Live security staff about the attacks.  The staff then files a report and sends evidence of the exploit to the appropriate parties so they can take action against the attackers.

- Sends alerts to all Secure Live client applications to automatically modify security settings in case the attacker attempts to exploit other systems.

Conclusion

Secure Live isn’t necessarily cheap, but an adequate security system shouldn’t be.  All it takes is one pesky hacker to put you in a situation where you are forced to pay fines and suffer legal repercussions because your website was compromised.  Although Secure Live is not an all-in-solution that will put an end to your security concerns, it is a premium product that gives you what you paid for and then some.  It is a very sophisticated system that can help you act fast enough to shut the bad guys down and keep them out of CMS.  The best thing about Secure Live is that it can grow right along with your site as threats evolve and become more severe.

]]> http://webhostinggeeks.com/blog/2009/11/09/enhanced-cms-security-with-secure-live/feed/ 0 http://webhostinggeeks.com/blog/2009/11/06/use-captcha-to-keep-spammers-at-bay/ http://webhostinggeeks.com/blog/2009/11/06/use-captcha-to-keep-spammers-at-bay/#comments Fri, 06 Nov 2009 16:16:12 +0000 CommunicateBetter http://webhostinggeeks.com/blog/?p=607 One of the first and most annoying things that can happen to a new web site owner is being blasted with spam.  There is a dilemma presented when wanting to have potential customers or clients contact you or your company.  Either your email has to be publicly posted or you will need to enable a form to allow quick and easy contact.  When you do implement either choice, spammers will come and they will do as much damage as is possible.

Email link – bad idea

The first thing that should be done is to toss out the idea of publicly placing your email address in any form that can be clicked as a link.  Using a linked email address publicly is an open invitation to spammers.  Nothing can be more unpleasant than having to start off your business day wading through hundreds upon hundreds of spam content in your email in-box.  If you must use this route, simply place your email in text only – this will make it harder for a potential spammer as they will have to physically copy and paste your address into any email.  Inconvenience is the bane of the spammer.

Contact form – can be attacked

If you’ve decided to place a contact form anywhere within your web site, you’ll want to enable some type of security to ensure that an actual human is utilizing the form.  This sounds simple enough because, after all, the purpose of the form is to gather human information.  However, most email forms have a standard “name”, “email”,  “subject”, “content” style to them that is easily recognized and exploited by spammers.  Using this standard information, spammers use automated systems to attack a contact form – computer to computer.  What can stump them is requiring something that only a human can input or answer and that isn’t part of the standard email form.  This is where Captcha comes in.

Contact form with Captcha – better idea

Captcha is a type of test that is used to ensure human interaction.  The premise behind Captcha is that computers should not be able to solve something that requires human input.  The very early implementations of Captcha were simple generations of a word or series of letters with some small amount of warping.  However, spammers quickly adjusted to this warping and this initial Captcha implementation had to be abandoned.  Modern Captcha uses two to three regular words that are segmented and have lines through the words making it much more difficult to automatically guess via a computer system.

This all culminates into a small bit of either PHP or Javascript that is placed within your form before the submit button coding.  After filling out the rest of the form, a user must then enter the correct words generated within the Captcha coding.  You can set the form to lock out a user after a certain number of errors thus staving off the possible attack of spammers for yet another day.

Conclusion

Of course, the simplest way to avoid spammers at all is by not allowing any sort of email contact within your site.  But this is not a feasible option – after all, you have your web site online for the purpose of contacting new and old customers or clients.  So, before putting your email form online, use a bit of quick security and incorporate Captcha.

OS Hardening

The configuration for virtual machines and switches must be hardened just like your physical boxes and network switches. The underlying operating system must also be hardened through routine patches and updates, removal of unused components and maintaining secure settings. The EMC report suggests modeling virtual systems after the guidelines from the CIS (Center for Internet Security) and DISA (Defense Information Systems Agency) as they are viewed as well established security practices.

Configuration and Change Management

Since virtualization technology makes it simple to deploy new virtual machines and modify their set ups, it becomes very easy to fall into a chaotic state of configuration when it comes time to managing the environment. Even when systems are adequately hardened during installation, it is still important for organizations to stay on top of the environment to ensure a secure configuration. This means that when system settings are modified or new software applications are added, administrators are making sure the virtual system continues to meet what the EMA report calls the “gold standard” of configuration.

Access Control

Practical security polices such as least privilege and separation of duty should not be thrown to the wayside just because virtualization has come into the picture. Instead, such principles should become more essential than ever. The presence of virtualization results in increased density of all the systems and applications on your server. This is more convenient for your organization as well as the intruder who may be able to manipulate these systems if proper access control is not enforced and maintained. The report suggests that solution providers aid their staff and clients in understanding the importance of role-based access control both in and out of the virtual environment.

Network Security and Segmentation

Companies operating virtual servers lacking any sort of segmentation are far more vulnerable to exploit and exposure than organizations making use of virtual switches to incorporate those virtual machines into virtual local area networks like their physical counterparts. The security report explains that one of the most essential factors in compliance is ensuring that data is isolated and not mingled with or available to users on other virtual machines. Organizations that possess expertise in the network security field should put it to use in the virtualization environment. This can be done by obtaining virtual switches and other virtual security mechanisms such as firewalls and intrusion protection systems to protect network perimeters.

]]> http://webhostinggeeks.com/blog/2009/10/14/how-secure-is-virtualization-technology/feed/ 0 http://webhostinggeeks.com/blog/2009/06/02/windows-server-2003-still-getting-the-job-done/ http://webhostinggeeks.com/blog/2009/06/02/windows-server-2003-still-getting-the-job-done/#comments Tue, 02 Jun 2009 18:42:26 +0000 CommunicateBetter http://webhostinggeeks.com/blog/?p=358 Microsoft is behind a number of technologies that suit the needs of home and business users in both the desktop and server environment.  In general, Microsoft separates its server operating systems into four main categories: Applications, Collaboration, IT Operations and Security, essentially covering all the vital aspects required to running a highly efficient network.

The Windows Server operating system represents a line of fully integrated software tools developed by Microsoft.  While functionality varies among version releases, each aims to form the solid infrastructure needed for operating with various network components.  In addition, most of the company’s server solutions provide support for the Visual Studio software package, helping designers and IT developers in the process of creating and managing web environments by utilizing their own custom set of programming tools.  This article will introduce you to one of Microsoft’s most popular and successful server operating systems: Windows Server 2003.

Why it’s Still Prevalent

Even though Microsoft released Windows Server 2008 only a short time ago, Windows Server 2003 is still widely used in hosting and network environments.  Why?  The answer is simple – it continues to be one of the most reliable hosting platforms available.  This server operating system made its debut in April of 2003.  Since then, it has been highly regarded as a more secure and powerful solution than its predecessor, Windows 2000 Server.  Because of its efficiency in the network setting and seamlessly compatibility with Microsoft .Net technologies, Windows Server 2003 was referred to as “the .Net Server” for a considerable amount of time.

Windows Server 2003 offers many enhancements over previous versions, including the ability to improve identity and access administration while reducing storage management expense at the same time.  It includes a highly competitive web platform, offering cost-efficient server management for enterprises and small businesses alike.  The software incorporates features and technological characteristics of past releases into a single package, offering a tightly integrated suite of tools that aid in development, data management and security.  With the launch of Windows Server 2003, Microsoft greatly simplified the task of network management and improved security and efficiency across a broad range of network environments.

Enhanced Data Management

What makes Windows Server 2003 so powerful is its seamless compatibility with various Microsoft technologies, mainly the SQL Server.  Released in November of 2004, Microsoft SQL Server is an RDBMS (relational database management system) that utilizes Transact-SQL as its primary query language.  Whereas most of the prevision versions of SQL Server were mainly used for small to medium sized databases, the 2005 release brought forth capabilities that made it ideal for large databases as well, making it a reliable solution for small businesses or large enterprises.  SQL Server 2005 provides for the easy management of data, integrating efficient security tools and enhanced access to business data.   The server offers a robust, state of the art, fully integrated management system that is relied on by businesses and organizations across the world.

While you can argue that Microsoft technologies are expensive, there is no denying the power they deliver.  Dynamic platforms such as the SQL Server make Windows 2003 a highly extensible networking tool capable of handling the simplest to the most complex needs.

]]> http://webhostinggeeks.com/blog/2009/06/02/windows-server-2003-still-getting-the-job-done/feed/ 0 http://webhostinggeeks.com/blog/2009/05/26/web-hosting-security-at-risk-are-you/ http://webhostinggeeks.com/blog/2009/05/26/web-hosting-security-at-risk-are-you/#comments Tue, 26 May 2009 15:50:01 +0000 CommunicateBetter http://webhostinggeeks.com/blog/?p=348 It seems as if new web hosting companies are emerging on the scene everyday and almost all of them are trying to ease the rising fears of security breaches.  The efforts and reassurance are warranted when considering that any website is vulnerable to an attack.  Intruders are constantly on the prowl in search of sensitive information such as account numbers, invoice records, personally identifiable details and other confidential data.  The best way to ensure the protection of this information is a combination of proven security mechanisms and routine security practices employed by both the hosting provider and end-user.

Why Web Hosting?

You may wonder why the web hosting industry is such a big target of hackers?  The simple answer is that the market is tremendous, consisting of thousands of companies that power millions of websites throughout the world.  There are billions of dollars tied up in the business and hackers are willing to use every trick in the book to get a share of it.  If your site runs mission-critical operations, acts as the central source of information for your niche or enables you to make a living, it is imperative that you make security a priority.  Because your web host is in a better position to ensure reliable protection than yourself, you need to put security on the top of your list when sizing up potential hosting providers.

The Expanding Threat Model

A hacker’s arsenal is made up of numerous tools and techniques.  They typically combine various methods to compromise websites and turn the unsuspecting into victims.  Some blend into social networking sites, playing nice in hopes of enticing community users to visit an infected site and unknowingly execute malicious code on their system.  They trick users into downloading items that appear to be something desirable like a multimedia application or game but is only a deceptive Trojan horse in disguise.  Some utilize more destructive weapons that could result in the theft of one’s assets and identity.  The malicious keylogger is a prime example, a menacing program with the ability to capture every single character you type into your keyboard.  These threats and more, are the very reasons why web hosting providers across the world are increasing their efforts to deliver better security to their customers.

Put Security First

You don’t have to be a security expert in the IT field to keep yourself protected from hacking exploits.  However, your web host should be.  After all, if they are taking money from you and making a commitment to serve your pages over the internet, shouldn’t they also be on top of the security mechanisms and procedures needed to ensure the safety of your website and personal information?   Security is a must in the web hosting arena so you should take no excuses and never settle for less.  With that said, if you feel that your current hosting provider isn’t taking the necessary measures to keep you protected, don’t stand for it – move your files to a responsible server.

]]> http://webhostinggeeks.com/blog/2009/05/26/web-hosting-security-at-risk-are-you/feed/ 0 http://webhostinggeeks.com/blog/2009/05/13/intermedianet-unleashes-new-exchange-solutions/ http://webhostinggeeks.com/blog/2009/05/13/intermedianet-unleashes-new-exchange-solutions/#comments Wed, 13 May 2009 16:13:05 +0000 CommunicateBetter http://webhostinggeeks.com/blog/?p=329 Intermedia.NET has just launched a suite of new solutions designed to enable Microsoft Exchange deployments that provide higher availability and tighter security for its customers.  Although Exchanging hosting has become increasingly popular in recent times, many businesses still choose to maintain their server operations in-house.  Those who lack internal resources are vulnerable to numerous instances that pose a direct threat to critical business functions.

Intermedia CEO Serguei Sofinski explained that the company’s new offerings will help customers address two of the biggest problems faced by small to medium sized businesses today: excessive downtime and security issues.  Sofinski says the new solutions will allow its customers to effectively harvest the true value from their assets without the risk of loss productivity.

Here is a rundown on Intermedia’s new solutions:

Business Continuity

The Intermedia Business Continuity solution has been tailored to provide high availability by permitting customers with on-premise Exchange servers to use its servers to access their messages when the in-house servers go down.  Unlike standard dial-tone solutions, this offering is Exchange-based and allows complete access to user mailboxes.  This means that customers can enjoy 14 days of message history, contacts, calender appointments and more even if their server should fail.

ContentSync

A proprietary application developed by Intermedia, ContentSync is a software tool that synchronizes its Business Continuity Exchange servers with on-premise Exchange servers, providing customers with real-time access to their data in the event of a failure.  This solution doesn’t call for any software or hardware installations, configuration or management, making it possible for business customers to have the high availability that would normally be cost prohibitive at a more affordable price.

SpamStopper

SpamStopper is the second part of Intermedia’s Exchange solution.  This hosted service puts an emphasis on security with spam filtering, anti-virus and anti-phishing tools for small businesses with their own on-premise Exchange server.  Intermedia says that SpamStopper is able detect potentially harmful mail with an accuracy rating of greater than 99%.  The solution is also integrated with a feature called Zero-Hour Virus Outbreak Detection to protect networks from newly released strains of malware.  Thanks to SpamStopper, Intermedia customers can stay one step ahead of the unscrupulous coders writing infectious virus, worm and Trojan programs.

Price and Availability

Both of Intermedia’s new solutions have been made immediately available and can be easily incorporated into customers’ existing on-premise Exchange servers.  Business Continuity starts from $5 a month per user while the SpamStopper solution is available for $50.  The latter is a one-time fee for the first 50 users and an extra 50 cents a month for each additional user.

About Intermedia.NET

Intermedia.NET is a Microsoft Gold Certified partner that has been specializing in the hosting business for more than 10 years.  Its solutions are geared towards small to medium sized businesses looking for enterprise-class technology attached with low monthly fees, no up-front investment and industry-leading technical support.  Aside from Microsoft Exchange hosting, Intermedia provides a variety of traditional web hosting services designed for small and mid-sized companies.

Malicious Banner Ads

Although most attacks involve taking advantage of vulnerable web applications, attackers have several other weapons that can be used to maliciously exploit your site.  One popular method is through the use of banner ads.  The person you think you’re networking with could be using your site as a medium to propagate their malicious code.  As soon one of your visitors clicks on the compromised banner, they are redirected to a malware hosted site or directly infected depending on the nature of the code.  If you insert third-party advertisements on your website, it is imperative to make sure they do not put you or your visitors in danger.  The best way to do this is knowing how to properly access obfuscated banner code for signs of malicious values.  You could also do some checking to find out if the advertiser you’re working with has a reputation for participating in such activities.

Sneaky Uploads and Downloads

Most website attacks focus on HTML code but it is also possible for malicious items to be uploaded to an improperly secured site.  If you allow users to upload content to your site, they can easily sneak in executables such as Javascript, .exe, .bat and. cmd files.  Attackers have also been known to bundle their harmful programs with applications given away as free downloads.  You will become unpopular if every time someone downloads your free software, they end up with a nasty infection on their PC.  You can learn if your site or applications are being used to distribute malware by downloading the source code from the live site onto a virtual machine and scanning it with a reliable anti-malware tool.

A Few Security Tips

It’s a jungle out there in cyberspace, filled with more hazardous creepy crawlers than you could imagine.  Following these simple tips should help make your website a much safe place to hang out.

Transfer Data Securely – If you allow users to upload to your site or require root access, be sure to utilize SSH and SFTP rather than Telnet or FTP.  These protocols have both been considered insecure because of their tendency to transmit data in plain text.  When using FTP or Telnet, sensitive information such as user names and passwords can be easily read by anyone eavesdropping on the network.  SSH and SFTP are encryption-based protocols that scramble data so it appears in the form of unreadable characters.

Scan Your Website – There are a number of scanning technologies that will comb your site for vulnerabilities.  A good one will not only help you detect insecure applications, but also software packages that require immediate patches.

Secure Hosting - You can take all the preventive measures you want, but if the server you’re hosting on isn’t secure, all those efforts will prove futile.  Make sure your web host is taking the necessary steps to keep you protected behind the scenes.  If they are not making use of features such as firewalls, anti-malware and DDoS protective software, you need pack up your website files and head elsewhere.

]]> http://webhostinggeeks.com/blog/2009/05/07/protect-your-site-from-maliciously-activities/feed/ 0 http://webhostinggeeks.com/blog/2009/04/13/the-vulnerability-of-ajax-applications/ http://webhostinggeeks.com/blog/2009/04/13/the-vulnerability-of-ajax-applications/#comments Mon, 13 Apr 2009 14:30:27 +0000 CommunicateBetter http://webhostinggeeks.com/blog/?p=285 When it comes to emerging web technologies, AJAX is leading the charge as one of the most dynamic tool sets on the development market.  Short for Asynchronous Javascript and XML, AJAX is attracting the attention of developers and businesses around the world.  Unknown to some, AJAX isn’t a programming technology like HTML or PHP, yet a collection of technologies that provide a robust facility for developing powerful web-based applications.  The power of AJAX is seen in many applications today including Google Maps and Yahoo!  mail.

What Makes AJAX So Different?

The purpose AJAX is to enhance speed, interactivity and usability.  The combination of technologies provide a more feature-rich, user-friendly experience.  Instead of loading the requested page at the start of the session, an AJAX engine scripted in Javascript is loaded.  This engine acts a middlemen between the user and the web page, enabling communication between the client and server.  The end result of this interaction is noticed almost instantly.  When making a request to an AJAX page, you may see individual elements of the page update before your eyes (asynchronously) rather than waiting for the page to load completely.

The AJAX Disadvantage

AJAX is a very powerful weapon but one must be aware of the security vulnerabilities that exist.  Some developers have the misconception that AJAX applications offer tighter security because it is believed that the server-side script can’t be accessed without the rendered user interface, which is simply the AJAX-based page.  Unfortunately, this couldn’t be further from the truth.  The mere factor of increased interactivity within the application results in increased text, XML and HMTL network traffic.  This in turn, could lead to the exposure of back-end applications that may have not vulnerable otherwise.  Without adequate server-side protection, it could also give unauthenticated users the ability to manipulate privilege configurations.

Another AJAX vulnerability is associated with the process it utilizes to formulate server requests.  Its engine uses Javascript to capture user commands and convert them into function calls.  These function calls are transmitted to the server in plaintext, making them visible to savvy eavesdroppers.  This could allow an intruder to easily access database fields that contain user login credentials and other critical variables that can be manipulated for malicious gain.  With this information, a hacker can victimize AJAX functions all without directly creating specific HTTP requests to the server.  Coupled with the known vulnerabilities of Javascript, AJAX applications are susceptible to attacks like cross site scripting and similar threats that plague scripts created by other development technologies.

While the evolution of web technologies has enabled applications to enjoy more responsive, interactive, efficient functionality, they also increase the vulnerabilities developers and businesses face on a daily basis.  The growing prevalence of AJAX applications has considerably broadened the threat window, essentially giving hackers a greater opportunity to compromise sensitive data and thieve invaluable assets.  For this reason, developers must stop living under a false sense of security and take every measure possible to ensure that their AJAX applications are completely secure.

This article will go over the factors you must consider when looking for Cold Fusion hosting.

Available Version

When it comes to Cold Fusion hosting, it is always best to choose a web hosting provider that offers the most recent version of the language.  This will allow you to benefit from the latest features to create powerful, user-friendly web pages and applications.  It also makes it much easier to integrate the language with the database system you prefer to work with.

Possible Limitations

Choosing the right Cold Fusion solution is very important as some environments prevent you from getting its full potential.  For example, there are a few shared hosting providers that will limit the use of its tags because they are often viewed as security risks.  This is mainly due to the  mere structure of a shared server.  This is very understandable as the vulnerability of your site opens potential threats to everyone else hosting on the server.  You can get around these limitations by opting for dedicated server hosting.  Though it is considerably more expensive, dedicated hosting gives you complete control over which tags can or cannot be used on the server.

Cold Fusion Features

Cold Fusion is a powerful feature in its own right but there are some minimal requirements.  Most web hosting providers will set you up with everything required to get the maximum use out of this dynamic programming language.  All that is really needed to excel with Cold Fusion is a complimenting database to provide back-end in support for your web applications.  This shouldn’t be a problem as Cold Fusion integrates seamlessly with popular databases such as MySQL, Postgre SQL and MS SQL.

Cost Factor

Lastly, you need to consider the budget you have available to put towards a Cold Fusion hosting package.  Because it is one of the oldest languages around, you can find Cold Fusion offered in many low cost hosting packages.  However, some companies charge a pretty penny for all the advanced functionality it offers, especially when bundled with compatible Microsoft products.

In the end, it is mainly the complimenting features such as bandwidth and software add-ons that will impact the cost of Cold Fusion hosting solution.

While it goes without saying, Cold Fusion hosting is something you should only seek when having a specific need for the functionality it offers.  Though it may not be as popular as ASP or PHP, the language is widely available.  As with any hosting service, the most important aspects of this niche are reliability and quality technical support.  A stable platform will give you all the ammunition you need to thrive with a Cold Fusion website.

]]> http://webhostinggeeks.com/blog/2009/03/24/introducing-cold-fusion-hosting/feed/ 0 http://webhostinggeeks.com/blog/2009/03/18/hosting-considerations-for-e-commerce/ http://webhostinggeeks.com/blog/2009/03/18/hosting-considerations-for-e-commerce/#comments Wed, 18 Mar 2009 20:57:14 +0000 CommunicateBetter http://webhostinggeeks.com/blog/?p=248 When it comes to e-commerce, one must take several factors in consideration.  Apart from deciding what market you want to tackle and thinking of ways to promote the business, you must also factor your online presence into the mix.  Your business site will require a hosting solution and there are so many too choose from.  There is shared hosting, dedicated hosting, managing hosting and a wide variety of niche variations.  You also have the option of hosting your business in-house or going with a provider that specializes in colocation.  Making a choice can be difficult, but it is much easier when matching up a solution with the specific needs of your business.

In-house vs. Colocation

Hosting your e-commerce business in-house is a do-it-yourself solution that calls for you to purchase the hardware, software applications and lease an internet application.  It also means you need an expert staff to maintain these vital components.  You need to think about server administration, network monitoring, data backups, security and much more.  This is independent method is the most costly way to run your business online.

Colocation is the perfect alternative to hosting your business in-house.  This is the kind of arrangement where you store your server hardware in the provider’s data facility.  They supply you with you an internet connection and the power necessary to run the equipment.  The major benefit to colocation in comparison to an in-house solution is cost savings.  The key is finding a provider you can rely on to keep you online.

Shared vs. Dedicated Hosting

Shared hosting is the most affordable way to get your e-commerce business going, a situation where you share a web server with other users.  With this type of hosting, you are sharing the actual hardware along with the operating system and other critical resources.  Shared hosting is often the first choice of small businesses who don’t have demanding needs.  It also quite limited in terms of control and is prone to more stability and security issues when compared to having your own server.

With dedicated hosting, you sign up for a hosting plan and have the server all to yourself.  You have your own internet connection, operating system and all the other resources that are tied up in shared hosting.  The server can be enhanced with your own software applications, programming technologies and security mechanisms.  Because performing these tasks are more complex than a shared hosting solution, managed hosting exists to aid those with limited server administration skills.

Dedicated and managed hosting services are geared towards businesses that receive a high level of traffic and require maximum stability.  The major difference between these solutions and colocation is cost as you are paying a monthly or annual fee just to lease the server opposed to owning it.

Conclusion

As you can see, there is lot more that goes into e-commerce besides opening up a store and marketing your products.  Finding the right type of service is so critical because it forms the very backbone of your online business.  Ultimately, the solution for you depends on your expertise, manpower, budget and requirements.