web hosting

Practicing FTP Security

One of the most highly sought after features on the web hosting market is FTP.   Short for File Transfer Protocol, FTP provides a means for transferring data from your computer to the web host’s server.  While the protocol is quite useful, FTP also presents many security risks and making yourself aware of them is crucial.

Beware of FTP Attacks

FTP is ideal for transferring files to a remote location.  However, you should know that in its purest form, this protocol is far from secure.  FTP transmits your data over a network in plain text.  If the transmission is intercepted, the contents of those files can be viewed by unauthorized parties.  Furthermore, a knowledgeable hacker can use the FTP server as an entrance into your website.  This is done by repeatedly trying to logon with an incorrect user password.  In most cases, the profile is disabled after reaching the maximum threshold of three sign in attempts, thus giving the hacker all the ammunition they need to launch the attack.

The most effective way to protect yourself from an FTP password attack is through the use of an FTP server logon exit program.  This mechanism can provide security in the following ways:

Rejecting logon requests by any user profiles that you have not granted FTP access to.  With the use of an FTP server logon exit program, the logon attempts from the profiles you decide to block are not counted towards the maximum sign in count.

Limiting the number of clients from which a user profile is able to access the FTP server.  For instance, if someone from accounting is granted access, you can make configurations where only users with an IP address from the accounting department have FTP access.

Recording the credentials and IP addresses of all FTP logon attempts.  This allows you to regularly view the activity of each FTP logon attempt.  If a profile is ever disabled for reaching the maximum count, you can use their IP address, identify the perpetrator and handle the matter accordingly.

FTP Security Recommendations

Because FTP is naturally insecure, you may want to strongly consider backing it up with a reliable security mechanism.  The most highly recommended is Secure Sockets Layer, or simply SSL.  SSL is an encryption protocol that enables secure communications between the FTP server and client.  It ensures that transmissions are encrypted, maintaining confidentiality and integrity for all data that passes through.  This includes files as well as usernames and passwords.  Most FTP severs support SSL through the use of a digital certificate which also provides additional security with client authentication.

Though some recommend the use of anonymous FTP for the sharing of non-confidential data, this can be an even greater security risk.  With anonymous FTP, anyone can upload to your server without a username or password.   They could be transferring pirated software or malicious files.  Before taking such a gamble, be sure to weigh all the risks and take the appropriate measures to ensure that your FTP communications are secure.

SSL For Your E-commerce Site

With credit card fraud and identify theft on the rise, consumers are more cautious than ever about shopping online.  If you are running a store online, this means that potential customers are more reluctant to buy products and services from your site.  In order to boost consumer confidence and make them feel safe, you need a reliable security mechanism that keeps their personal information secure.  What you need is an SSL certificate.

What is an SSL Certificate?

Secure Sockets Layer or SSL, is a security protocol that enables encrypted communications between the customer’s web browser and the server your store is hosted on.  This is accomplished by what is known as a handshake, a process where the server’s identity is confirmed and a secure connection created.  SSL typically offers 128-bit encryption, formulated by an algorithm which generates a key that is virtually impossible to crack.  An SSL certificate shows that your site is secure and safe for shopping.

How to Get a Certificate

SSL certificates are offered by entities known as Certificate Authorities, with the most popular being GoeTrust, Thawte and Verisign.  For the most part, these authorities provide certificates that give you the same level of security.  A single certificate can encrypt the data traveling between the server and each of your customers’ web browsers.  The average online storefront can get adequate protection from a basic SSL certificate.  You also have the option to purchase additional services to strengthen the level of security.

Installing the Certificate

Although many web hosting providers offer SSL certificates as add-on products, you typically have the freedom to incorporate one purchased from a third-party vendor as well.  In most cases, you can learn how your SSL certificate is to be installed via the instructions in the control panel software or by contacting the host’s technical support department.  Some of the most advanced control panels even allow you to incorporate an SSL certificate directly from the interface.  Once installed, the certificate is automatically enabled.  You will know it is activated when noticing “HTTPS” in front your URL rather than “HTTP”.

Designing for SSL

The design of your site is very important when implementing an SSL certificate.  In order for your web pages to be viewed as secure, all scripts, graphics and media elements must be deemed secure as well.  You have probably visited web sites where a warning displays stating that some of the elements of a particular page are not secure.  These messages are prompted when external elements of a web page are not called using the HTTPS protocol.  In many cases, the certificate is valid and secure but the page isn’t designed properly for SSL.  All the external elements of your page must be called using links that include the full URL.  One simple graphic that doesn’t use HTTPS will generate a “not secure” error.

Conscious online shoppers are increasingly looking for SSL certificates and if you don’t have one, you are missing out on a lot of business.  You can have some of the most beneficial products online but if no one feels safe buying them, they will hesitate to proceed with the transaction.

Fighting Back Against Website Attacks

Despite all the advancements that have been made in information security, hacking attacks continue to be a major problem, inflicting damage on some of the biggest companies.  Every year, it seems as if we hear a story where some major company has been hacked and thieved of invaluable information. Although large corporations make better targets, small businesses are not exempt from such attacks.   You may feel that the data on your website is not all that confidential or mission-critical, but an ambitious hacker might think otherwise.

What Motivates a Hacker?

Hackers hack websites for a number of reasons.  Some are after personal information while others merely do it for the thrill and gaining stripes in the hacker community.  While every hacker has their own motivation, a successful attack boils down to one factor – the webmaster’s lack of knowledge.  Even an intermediate hacker can break into your website, change your home page and steal sensitive information all by downloading readily available tools from the internet.  Whether you are a beginner or seasoned webmaster, the best way to protect yourself against website hacking is knowing how a hacker operates.

A Two-step Approach

The first step a hacker will take is to scan your web applications for any known vulnerabilities.  This can be done with a penetrating test process that is performed either manually are automated by certain programs or scripts.  Finding an insecure application is the most crucial step in any website attack and translates to holes you can’t afford to leave open.

The next step in website hacking is coming up with an exploit able to take advantage of the vulnerabilities.  There are many exploits but all share the similar goal of allowing an intruder to penetrate your website.  Here is where you need to be aggressive and take steps to prevent an exploit rather than trying to bounce back after the attack.  If you scripted your own applications, you need to go back carefully and look them over to process any modifications that may be needed to the source codes to close the gaps.  When done correctly, you can dramatically reduce the probability of a website attack.

Practicing Website Security

Properly securing your applications is something that can be accomplished even if you are not an expert in the security field or simply do not have the money required to hire a thorough, experienced web developer.  In fact, security knowledge comes at an inexpensive price and is worth looking into when considering that it can keep your website safe.  Basic knowledge can be obtained by keeping yourself informed on the web applications you are using along with all known vulnerabilities that relate to them.  Additionally, you can minimize vulnerabilities by applying the latest updates and patches to your applications and using the best security practices.

Aside from practicing website security, it also a good idea to have a basic understanding of common techniques attackers employ to hack websites.  Some of the most popular methods include SQL injection and cross site scripting to name a few.  The best way to deter the attempts of a savvy hacker is to defeat them with your own knowledge.

Why Hackers Hack Websites

Security experts and various studies reveal that website hacking is definitely on the rise.  Today’s hackers are more advanced than ever before, often working together in close-knit communities trading tips and tools with one another.  These twisted individuals take their business serious, having countless online forums where updates are posted daily to help each other get around the latest security mechanism and increase the number of victims.  What makes website hacking so detrimental is that there are so many types of attacks.  In addition, different hackers have different goals in mind.

Hacking for Sensitive Information

Any who frequents the web can see that almost every website consists of numerous applications.  This goes from simple email forms and login pages to shopping carts and more dynamic creations.  These applications all share the common goal of allowing web surfers to submit and retrieve a given level of personal or sensitive information stored in an underlying database.  When such applications are not secured, you are essentially opening the gate leading to your most confidential data.  Just think if you’re involved in e-commerce – those databases probably contain credit card numbers and details regarding your customers.  If a hacker is able to inflict damage, your business could be in great peril.

Hacking to Steal Bandwidth

Bandwidth is one of the most vital internet resources and plays a major role in the functioning of your website.  Coupled with the expense, the opportunity to conduct illegal business is enough motivation to provoke a website hacking.  A knowledgeable hacker could penetrate a web-based application, leach off a large amount of bandwidth and go on with their illicit activities.  When this occurs, the web hosting provider’s server is being used to help carry out illegal business without them even realizing it.

Hacking to Distribute Illegal Content

One of the most common reasons website attacks occur is to accommodate hackers looking to distribute illegal content while leaving no trace of themselves.  This is often done to trade pirated software or even something as disturbing as child pornography.  When these activities are traced by the authorities, the trail only leads back to the website owner who could likely face legal implications, the loss of credibility or worse.

Hacking for Search Engine Rankings

It is a proven fact that search engines are one of the most effective ways to generate qualified visitors.  Hackers are aware of this as well and will do whatever it takes to get ahead.  Some are so advanced that they have the ability to inject hidden keywords into the websites of unsuspecting owners.  Search engines like Google frown down on such activities and will often penalize anyone caught spamming its database.  In this case, it’s the victimized website owner.  This is something that could really impact the ability to effectively promote your business.

Protect Your Website

The importance of application security just can’t be stressed enough.  These are just a few of several factors that motivate hacking and if your website isn’t secure, you could be the next victim.

Benefitting From VPS Hosting

Virtual Private Server or VPS, refers to a type of hosting where different customers host their sites a single physical server. They share the same internet connection and even the hardware itself. Sounds pretty much like shared hosting, right? Yes it does, but there are significant differences. A VPS is established by virtualization software which partitions and creates multiple servers within a single server. This process allows you to enjoy benefits similar to that of a dedicated server. For example, you typically get your own operating system, file system and root access to the server. Control is another aspect that is increasingly attracting webmasters to virtualization solutions. VPS allows you to perform administrative tasks such as making configurations to the server, installing software applications and hosting multiple sites without enduring performance issues. You also have the power to actually reboot the server.

Benefits of VPS Hosting

The major benefit of VPS hosting is enhanced performance as well as tighter security at a price significantly cheaper than a dedicated server.

If you plan to move from shared hosting yet can’t afford the high-end price tag of a dedicated server, VPS hosting is the solution you are looking for. Virtualization is becoming more popular, resulting in a price drop on VPS hosting packages. This type of arrangement can serve benefits to a wide range of users. With your platform and operating system isolated from other customers, you will enjoy guaranteed resources in terms of CPU, RAM and disk space.

Who Needs VPS Hosting?

Virtualization is quickly become the preferred option amongst entrepreneurs involved in reseller hosting. VPS provides you with a greater level of control on the services you can offer your customers, resulting in a edge over competitors still utilizing traditional shared servers. The power it provides is well suited for developers looking to a create highly functional blog or demanding social networking site. VPS is also an ideal platform for the webmaster that is already proficient at managing a shared hosting account and wants to upgrade their server administrative skills without fully being exposed to dedicated hosting. All users will have the freedom to install custom applications and change modules on the server. When considering the added privacy, extra layer of security, guaranteed resources and a higher level of performance, it’s no wonder that VPS hosting has become so incredibly popular.

Conclusion

Both shared and dedicated hosting will always serve their purpose but the Virtual Private Server is here to stay. This arrangement makes the perfect solution for anyone who requires more control over their hosting environment yet do not have the resources to invest in an entire server. With VPS, you get a cost not too far removed from shared hosting with a level of control and flexibility similar to a dedicated server, an ideal compromise that allows you to enjoy the best of both worlds.