web hosting

How to Find Secure Shared Hosting

If you are looking to save money on building and managing a website, shared hosting may be the way to go.  Shared hosting is incredibly affordable these days, so much that you can have a personal or business website for just a couple of dollars a month.   What makes this arrangement so affordable?  With shared hosting, you are literally sharing disk space and various resources with other customers.  This allows the web hosting provider to rake in guaranteed profits while keeping expenses to a minimum.  Shared hosting is very economical but there are some drawbacks to this type of arrangement, mainly security.

The major issue with shared hosting has always been the same – the availability of security and the fact that this platform can only be so secure.  Without adequate protection, the web host’s server is vulnerable to a wide range of threats including DDoS attacks, malware infection and network intrusion.  You could also be exposed to attacks such as SQL injection, cross site scripting and even the malicious actions of your neighbors on the server.  When your hosting environment isn’t properly secured, you stand the risk of losing the most sensitive of information.

Security is definitely an issue in the shared hosting environment, one that could make the low cost an uneven trade.  The good thing is that several web hosting providers are aware of these vulnerabilities and they are taking the necessary approaches to deliver a secure service.  When looking for a company to host your site, we recommend keeping the following security considerations in mind.

Protection from Thy Neighbor

When assessing the security of a particular web host, you must not only analyze the protection offered against outside threats, but security that keeps you protected against other website owners on the server.  You never know who you’re sharing the server with, as they could be into dealing porn, distributing spam or malicious software.  A few of your next door neighbors just might be prolific computer hackers.  To keep yourself protected in this regard, you should make sure the provider doesn’t allow any unsolicited code to be executed or access to your directories.

Clean Code

One of the biggest threats to your website lies in the code used to build your applications.  When they are not properly scripted, intruders can use them as an entrance to your data and reap major havoc.  You can minimize the possibility of common website exploits by ensuring that the web hosting company offers the latest in development tools whether its PHP and MySQL or ASP and MS Access.  Most importantly, it is up to you to make sure you are coding your applications and web pages in a secure manner.

Security Features

There are also a number of features that will give you an idea of how secure a particular web hosting platform is.  This includes protection for the actual server such as software that defends against DDoS attacks and viruses as well firewalls and network intrusion systems to fend off hackers.  If your site is to involve online business transactions, you will also require SSL support to protect your customers’ credit card information.  When making sure all the vital security issues are addressed, you can better your chances of enjoying a smooth run in the shared hosting environment.

Domain Keys in the Fight Against Phishing

Anybody with an email address is likely to have countless amounts of phishing messages in their inbox, and they may not even realize it.  This type of threat usually doesn’t come at you with the attention-grabbing headlines of advertising spam or the unbelievable plots attached to the fraudulent messages carrying Nigerian scams.  In many cases, a phishing message doesn’t look much like spam at all, even though it is a well crafted plan to steal your money.  Believe it or not, a large number of people have fallen victim to this clever scam so it is important that you know how to recognize and avoid it.

What is Phishing?

Phishing is a sophisticated scam based on social networking.  Unlike other attacks where intruders rely on vulnerabilities in a server or website application, these scam artists would prefer that the system remain intact.   Instead, they look for vulnerabilities in the actual person themselves, hoping they can find someone who is trusting enough to believe the alarming message in their inbox and respond or follow the provided link.

There are essentially two types of phishing.  One approach involves a scam artist sending you an email and purporting as a representative of an institution you do business with.  This could be any type of company from a bank to someone pretending to be affiliated with PayPal or eBay.  They will inform you that there is problem with your existing account and that your login credentials are needed to fix it.

The second approach is similar yet distinct from the method above.  A phony representative attempts to alarm you by stating that there is a problem with your account.  However, they don’t ask for you to respond with your login credentials, but simply follow the provided link so they can either verify your personal information or correct the problem.  After clicking the link, you are not redirected to an official online banking or PayPal website, yet a rogue site that looks strikingly similar, so much that distinguishing it from the real deal might be difficult.  Upon entering the requested information, you are essentially handing over the keys to your valuable assets and possibly your identity.

So, what role will DomainKeys play in the fight against phishing?  As a product owned by Yahoo and integrated into its web-based mail system, the technology will help to protect you against email scams in the following ways:

Website owners register their Domain Name Servers with the DomainKeys system from which emails are required to be transmitted from a registered server.

DomainKeys incorporates an additional header to message, identifying the sender’s domain name server to verify where the message originated.

The message is then verified by the web-based mail system which analyzes the header to ensure that it originates from where it claims.  If the header isn’t validated, the message is automatically sent to a spam folder.

Yahoo has been working to push DomainKeys as a standard for web-based anti-phishing for sometime now.  With Gmail recently picking up the technology, it’s very likely that it will become standardized in the very near future.  Unfortunately, internet criminals are quite persistent and seem to find a way around the most efficient security mechanisms.  Whether you use a free web-based mail system by Yahoo, Gmail or through your own website, the best advice is to never respond to a suspicious email or click on any links.  If a message appears legitimate, contact the company personally and speak with an official representative.  This will determine if someone was trying to bait you with a phishing scam.