The real question should be:  Is your website secure from hackers?

Take Steps

The answer to the question above is probably “yes, but only for the moment!”  It is the eternal battle of good vs. evil.  As the anti-virus movement gets more secure, the hacker nation gets smarter.  A lot of times the thief teaches the cops a thing or two.  It goes without saying you should be as prepared as possible.  One of the first steps you can take is to identify the most vulnerable areas of your website.  For example, if your operating system’s default parameters were not changed by the system administrator upon installation this may be an open invitation to an attack.  Take steps to ensure that proper password etiquette is always used among the many users involved in your enterprise.  You can use a password generator that produces completely random letters and numbers for passwords and have a scheduled password change every 45 days or so.

Email etiquette is just as important.  Emails that request information should be scrutinized.  The best way to identify a fake email that is asking for a password (one that mimics every aspect of a real email) is to look at and recognize the URL of your web hosting login page before replying.  Most web hosts provide a firewall for protection, be sure your web hosting company offers you some type of access or authority to configure this firewall.

Information

If the captain of a ship hears on the radio that there may be pirates in the area he most likely will alter course promptly.  This is very valuable information.  Software patches and updates are very valuable information.  Not only do you need to know what updates and patches are needed to keep your web site protected you need to when they are available.  In the digital security market there are information services whose primary function is to track the latest software vulnerabilities and provide you with the latest information on updates and patches for these vulnerabilities.  These services also provide key statistics such as the severity of the virus or hole, the potential impact, the programs it affects, protection guidelines, and any archived news about the particular virus or breach.

As your business continues to move forward there are always ways to improve and grow your ability to fend off computer hackers.   Pick and choose the ones that fit your budget and your business and you just might find smooth sailing ahead.

Related posts:

• Healthy Website Security Practices
• Website Security – 4 Ways to Secure Your Website
• Website Security: Avoiding Downtime That Results in Loss of Profit
• Major Threats to Business Website Security
• Securing Windows for Web Hosting Safety
• Understanding Website Viruses
• The Overlooked Connection Between Computer Viruses and Site Security
• Website Viruses – The Importance of Secure Web Pages
• Maintaining Website Security for Customer Satisfaction
• Authentication Hacking: Is Your Site Vulnerable?

Considering that most hackers spend hours every day trying to find new exploits, hacking into sites and looking for opportunities to steal cash form hard working business owners, you need to put forth the same effort to protect your website. Since most do not have the time to work around the clock in keeping their website secure, you need a web hosting company that offers state-of-the-art server security. There are however some things that you can do to protect your website from  hacking attacks.

Firewalls

Many people overlook the importance of securing their operating system when dealing with their website’s security. Having a strong firewall is very important to the security of your operating system, and your website. When you upload information from your hard drive to your website, it can be intercepted if you do not have a solid firewall protecting you from the outside world. There are many firewalls available, and your web host will often have one setup on your server by default. However, it is best to have a high quality firewall set up on your server and your operating system for maximum security.

Securing Your Login Credentials

When security experts talk about keeping your website protected, they are actually referring to securing the control interface of your website, as this is the area that can be used to hijack or destroy your website if accessed. When a hacker gains access to your administrative interface they are capable of executing any task that you as an administrator could do. This means they can upload content, delete content, and even steal your entire domain by transferring it another host! Thus, the first line of defense is having a strong password. Make sure your password is at least 8 characters long, with two special symbols and two upper case letters. The best way to create a secure password is to use a password generating software. You can find these online for free, and they generate highly secure passwords at the click of a button.

Strong Antivirus Software

Having a solid password and firewall will do you no good if your system is vulnerable to viruses. Viruses like keyloggers can infiltrate your system and collect personal information, such as your passwords Even if your password is 20 characters long, it can still be hacked if your computer is infected with spyware and keyloggers. Keyloggers actually log everything that you type into your computer, which means that every time you enter your passwords, the info is sent to the hacker. To prevent something like this from happening, you’ll need a strong antivirus working to protect your computer at all times. Some antivirus suites come with a firewall and a password generator, so it is possible to handle all of the above precautions with a single powerful antivirus suite.

Related posts:

• Securing Windows for Web Hosting Safety
• The Eternal Battle – Beware of the Attackers!
• Website Security – 4 Ways to Secure Your Website
• Website Security: Avoiding Downtime That Results in Loss of Profit
• The Overlooked Connection Between Computer Viruses and Site Security
• Web Hosting For Online Businesses – Dedicated vs. eCommerce
• Selecting a Suitable eCommerce Plan – Key Features
• Maintaining Website Security for Customer Satisfaction
• Authentication Hacking: Is Your Site Vulnerable?
• Major Threats to Business Website Security

Protect Your Website to Protect your Business

With all of the work that goes into building a comprehensive website over time, it may actually be more devastating to lose a website than to lose a PC or even an operating system. When a website is brought down by a virus, it cannot be quickly replaced like an operating system or  PC. In fact, the damage that is done can take months to repair, especially when you consider how many negative events can transpire as the result of a worm attack. The most obvious effect will be the loss of traffic that will be seen soon after the worm has infected your website.

Losing Traffic Due to Site Viruses

Website viruses are different than operating system viruses, as they are actually responsible for many of the local infections that end users experience. In other words, if you have a virus on your computer, it was most likely downloaded from a website that was carrying the virus. Most people don’t realize that many of these websites are not intending to give their visitors a virus, as they are a victim of the virus themselves. The virus attaches itself to the sites server and then uploads itself to all of the visitors’ computers. When this happens the visitors are quick to assume the site is unsafe, and thus will hesitate to return to the website. This can result in the loss of visitors in therefore business for a website owner.

Protecting Your Site From Viruses

To prevent the aforementioned issues, you should take the proper precautions to ensure the full safety of their website. One way you can do this is to use only secure web applications. Web applications often contain loopholes that lets hackers infiltrate the websites administrative interface and plant a virus. Another way to protect your site is to password protect all of your pages. You can do this in your hosting control panel. If you are having trouble with ensuring the safety of your website, it may be wise to consult with your web hosting provider for more info. Simply give them a call and ask them what kind of measures are in place to protect your website form worms, and ask thenm what you can do on your end to ensure maximum protection.

Related posts:

• Avira Antivirus Features
• Understanding Website Viruses
• The Eternal Battle – Beware of the Attackers!
• Healthy Website Security Practices
• Website Security – 4 Ways to Secure Your Website
• Major Threats to Business Website Security
• The Need for PCI Compliant Hosting
• Is Your Business Website Secure?
• Surviving Website Downtime
• Keeping Your Website Free of Malicious Scripts

Email Privacy

Perhaps the most common form of spam is email spam, which reduces your productivity by populating your inbox with unwanted spam posts. To avoid the aggravation associated with email spam, you should consider keeping your email private at any expense. That means you should not post your email address on forums, chat rooms, blogs, websites, or any other venues that can be publicly viewed by spammers. If you absolutely must to display your email address publicly online, then consider writing it without the @ symbol. For example – nospamexampleemailaddress at exampleemail dot com. The reasoning behind this is actually quite simple; spammers usually use programs that automatically search the web and scrape lists of email addresses by searching for @ symbols. Writing your email address in the above format is a great way to prevent spammers form finding your email address automatically.

Preventing Contact Form Attacks

Another way spammers can access your business email is through the “Contact Us” form on your website. If you have a contact form enabled on your website, you’ll need to make sure you have security measures in place to prevent spammers from using bots to repeatedly send emails through your contact form. Spammers love using this method to exploit business inboxes, because most contact forms only require a few simple fields to be filled out, such as name, email address, and subject. To prevent spam attacks from automated bots through your contact form, you’ll need to require the use of a Captcha form, which only a valid human could fill out.

Captcha

The Captcha test is is an entry field that is used to prevent hackers from exploiting sites with automated programs. If you have ever created an email account, then you have probably seen a Captcha form before. Captcha basically generates an image complete with a variety of letters and characters, and then requires the user to input the information on the screen. In the early days o Captcha, the images generated were simple, and as hackers adjusted to these Captcha images, the developers had to increase the difficulty of these images. The modern versions of the Captcha system consist of two to three words and are very difficult to circumvent.

Conclusion

Although spam is a common problem and is not going to disappear any time soon, there are measures that can be taken to keep spammers from targeting your email. The first step in preventing spam would be following the recommendations above and using common sense when it comes to distributing your business email address. If you’re still having trouble with spam attacks from more determined individuals like your competitors, then you may want to employ the services of a spam blocking program.

Related posts:

• Using Captcha Scripts to Prevent Spam
• 3 Tips for Preventing Excessive Hosting Spam
• Use Captcha To Keep Spammers At Bay
• Domain Keys in the Fight Against Phishing
• A Look at Various Anti-Spam Packages
• Spam Assassin – Your Savior From Spam
• Domain Names – Do You Still Need One
• How to Conduct a Background Check for Web Hosting Providers
• The Release of the February 2011 Email Security Report
• Why Reliable Web Hosting?

Strong Administrative Passwords

Protecting your website means protecting the administrative interface. Once a hacker gains access to your site’s administrative interface, they can gain control of your entire online business in a few short steps. Once they’ve access the administrative control panel, hackers can do anything from defacing your website, to committing identity theft or fraud in the name of your business. To prevent hackers from easily gaining access to your website, you’ll want to use strong passwords that are mix of letters and numbers. These alphanumeric password should be at least 10 characters in length. Try to avoid using any commonly used words or names. Also try not to use dates that are significant in your life, as a hacker may be able to access this information.

Firewalls

Firewalls filter information that is transferred to and from your website. By configuring a secure firewall, you’ll be preventing all unauthorized access to your website. Setting an industry standard firewall at the highest possible security preference is one of the best ways you can deter hackers with ease. Remember that simply having a firewall is not enough to keep you site safe. The firewall must be configured properly.

Antivirus

Make sure you use only the best antivirus programs. If your computer contracts a virus, the hacker that distributed this virus could gain access to sensitive information on your computer. Some viruses will install hacking utilities known as KeyLoggers, which record the data inputted from your computer’s keyboard. This means that everything you type is recorded and then sent to the hacker, including your system and website passwords.   It is imperative that you ensure that your antivirus program is regularly updated to the latest definitions. This will help you to protect your computer from hackers who attack your system in efforts of gaining control or information. Simply having an antivirus program installed is not enough. New viruses are created everyday, so it is important to keep your Antivirus program updated regularly.

Security Testing

Once you have all of the above security measures in place, you’ll want to test the security of your website routinely. Try to use a security analyzing tool regularly. These tools will usually find any existing security lapses and assist you in correcting them. Remember that in order to have good website security, these security measures must be practiced regularly.

Related posts:

• Website Security: Avoiding Downtime That Results in Loss of Profit
• Healthy Website Security Practices
• The Need for PCI Compliant Hosting
• Securing Windows for Web Hosting Safety
• The Overlooked Connection Between Computer Viruses and Site Security
• The Eternal Battle – Beware of the Attackers!
• PHP and Common Web Hosting Security Issues
• The Most Prevalent PHP-Related Security Risks
• Maintaining Website Security for Customer Satisfaction
• Authentication Hacking: Is Your Site Vulnerable?

How do Hacker’s Deface Websites?

Hackers employ a number of tools and methods to gain control of a website’s content. In most instances they will gain access to the server via a security lapse in the operating system, unsafe web site applications, or another flaw in the server’s security. If the hacker cannot access the server through a basic loophole, they may execute browser based attacks with remote code. Regardless of how the hacker gains access to your site, you should be prepared and secured against such an attack.

Preventing Defacement With Website Security

To prevent defacement, you will need to make sure your data is secured on both your server and your computer.  Website security should be a top priority any time you are looking for a web hosting provider. Make sure you ask about protection against website defacement when you are inquiring with the companies customer service rep. If you host a private server then you will want to make sure the server is in a safe place. Co-location hosting is an option for people who are looking or top-notch security without having their own warehouse or storage facility.

Preventing Defacement with Server Security

Having your server stored in a secure place will keep your hardware secure, but it will not fully secure the data stored on the hardware. In fact, most hackers don’t even consider stealing your hardware, they would rather access it remotely through a security lapse in an application stored on the server.  Keeping your operating system updated with the latest patches will make the hacker’s job much more difficult.  It is also a good idea to keep your web applications and any other software associated with your server updated and secure. Even after you have acquired all of the updates needed, it is still necessary to encrypt any data stored on, or sent through the server.

Preventing Defacement with Secure Applications

Quite often, hackers gain access to the server through a web application with weak security. In fact, most web applications have faults that can be easily exploited. For this reason you should only use web applications that you know are secure. If you have the resources, you may want to have your web applications designed by a personal team of developers who are aware of your security needs. If you cannot have this done then it is prudent to minimally research the possible security flaws that exist within the applications you are currently using.

Related posts:

• How To Deal With A Possible Intruder On Your Server
• Colocation Hosting – Security over Savings
• Healthy Website Security Practices
• Website Security – 4 Ways to Secure Your Website
• Website Security: Avoiding Downtime That Results in Loss of Profit
• Five Simple Website Safety Tips
• Authentication Hacking: Is Your Site Vulnerable?
• Three Simple Tips for Protecting Your Site
• Hosting Considerations for E-commerce
• Data Backup and Recovery Solutions

Serious Firewalls

Even though most web hosting providers employ firewalls by default, a lot of these firewalls are not properly configured and the restrictions can easily be circumvented by a knowledgeable hacker. If you want to ensure the security of your website(s), then you should inquire about he strength of the firewalls and it is important to have the capability to adjust firewalls to your specifications. If your web hosting company does not allow you to make changes to your site’s firewall, then you need to consider another service.

A good example of the need for firewall administration abilities, would be when a hacker is sending malicious traffic to your site form a certain IP. In this instance, it would be crucial to block this IP, and as a domain owner with a hosting account, you should have the right to do so.  The safest web hosting services offer IDS (Intrusion Detection Systems). Any breaches to your firewall can cause downtime and loss of business, therefore it is crucial to have the serious firewalls protecting your website a all times.

Protection from Distributed Denial of Service Attacks (DDoS)

Although a DDoS attack is a very basic and commonly used attack, it is also extremely difficult to prevent and treat. This simple yet effective attack can cause downtime in many websites by affecting the server functionality. This means that even users who are unrelated to the attack will suffer.  Therefore it is important to inquire about an Anti-DDoS feature before purchasing a web hosting plan.

Proper Data Encryption

If you plan on selling your services or products online, then data encryption is essential. All web hosting plans should include SSL encryption. SSL encryption will transform sensitive date from plain text into special code that make interception by a hacker very difficult. While most web hosting companies offer this feature by difficult. You may want find one that will give you the option to purchase a private certificate for added security benefits.

Related posts:

• Website Security – 4 Ways to Secure Your Website
• Is SSL Essential for eCommerce Sites?
• Healthy Website Security Practices
• Practicing FTP Security
• Performing IP Filtering Through cPanel – A Brief Tutorial
• Using Captcha Scripts to Prevent Spam
• Three Ways Web Hosting Providers Secure E-Commerce Transactions
• The Eternal Battle – Beware of the Attackers!
• e-Commerce Hosting: What You Need, What You Don’t
• Web Hosting Security – Difference Between SSL, TLS and SSH

By successfully hacking the authentication session, an attacker can log into the system as a known and valid user, which provides them with whatever privileges the victimized user has been assigned by the administrator.  This means that the intruder could only have access to certain information, or global access across the entire system, the latter of which could possibly give them control of the application or website itself.  At this point, the attacker can stir up a lot of trouble.

Tools of the Trade

Most attackers attempt to gain access via the application’s login screen that requests a username and password to enter the system.  This calls for them to match the correct login credentials that application recognizes as valid and hopefully has the highest level of privileges in the system.  While this is not the most sophisticated attack, password cracking can prove to be one of the most effective methods a hacker uses to cripple an authentication scheme.  This common technique can be executed manually or automatically with special software, which makes guessing the password much easier.

If the attacker has no success at password guessing, their next step usually involves automated tools such as Brutus and WebCracker, which unfortunately, are widely available on the web.  These custom applications are designed to defeat authentication and penetrate the target system using a list of predefined usernames and passwords.  However, they are best known for employing dictionary attacks and brute force.  Hence the name, a dictionary attack utilizes a pre-formulated list of common words in a dictionary to compromise web applications, trying thousands of combinations to determine the correct username and password.  Brute force is a technique used to break a cryptographic scheme by consistently trying a large number and  sometimes all, possible keys to decrypt an encrypted password.  Both have proven to be very effective at guessing weak passwords and bypassing authentication.

Prevention and Protection

Stopping an authentication attack can be very difficult.  Especially when factoring in all the sophisticated hacking techniques and tools on the black market.  Fortunately, there is a way to test the strength and overall effectiveness of your authentication methods.  One of the most reliable is authentication testing, a feature commonly found in web vulnerability scanners.  These applications are generally easy to use and configure for automatically testing all the applications within your site that require authentication.  Furthermore, most also scan for other common exploits such as SQL injection, cross site scripting and cross site forgery.

Related posts:

• Major Threats to Business Website Security
• How to Find Secure Shared Hosting
• Securing Windows for Web Hosting Safety
• Healthy Website Security Practices
• Website Security – 4 Ways to Secure Your Website
• Maintaining Website Security for Customer Satisfaction
• Website Security: Avoiding Downtime That Results in Loss of Profit
• Three Simple Tips for Protecting Your Site
• Malware Attacks on the Rise
• Browsers Aiding in Website Attacks

In May 2007, more than 90,000 sites were compromised by hackers, a large scale exploit designed to illegally install malicious code on the computers of visitors who clicked on seemingly harmless search results.  A StopBadware study showed that an estimated 10% of those compromised sites were maintained by one hosting firm in particular, which accounted for 250,000 infectious websites.  This is just one of many examples that prove no website is ever as safe as we might think.

Common Threats to Business Websites

Hackers employ several methods and tricks to exploit websites.  Below we will focus on three that are most commonly used to attack business sites: SQL injection, cross site scripting and CRLF injection.

SQL Injection

SQL injection is by far one of the most popular website attacks employed today.  This technique primarily works by sending false or malicious requests to a back-end database to manipulate the information it contains.  By doing so, the attacker can view whatever information is stored in the database, change it, or erase it completely.  Most websites would not exist without the presence of databases but unfortunately, any site that features shopping carts, search fields, and any type of web form is susceptible to SQL injection.  The fields that require interaction from your visitors and customers could open up the door a hacker needs to thieve sensitive data and destroy your company.

Cross Site Scripting

Cross site scripting is another common attack that exploits holes in dynamic websites.  Dynamic pages can allow an attacker to insert malicious code and trick an end-user into running a harmful script on their computer.  If the user executes the code, the hacker could gain access to all of the sensitive information on their local machine.  Cross site scripting takes advantage of numerous programming technologies including Active X, Flash, Javascript and VBScript.

CLRF Injection

Unlike most exploits, CLRF injection does not take advantage of security vulnerabilities in the operating system or web software.  Instead, it exploits the manner in which the application was scripted.  For instance, an attacker can insert a statement into a web form along with code from CR (Carriage Return) and LF (Line Feed) characters.  The chance for exploit arises when the application mistakes this injection for a CLRF used in the initial development stage.  This attack is very dangerous as it has the power to disable an entire website.

This article is not aimed to make you a website security expert, but make you aware that security for your business site should be equally important as your local machines.  To assume that your business will never be exploited only exposes you to unnecessary risks that could put you out of commission effective immediately.

Related posts:

• Authentication Hacking: Is Your Site Vulnerable?
• Securing Windows for Web Hosting Safety
• The Eternal Battle – Beware of the Attackers!
• Healthy Website Security Practices
• How to Find Secure Shared Hosting
• Browsers Aiding in Website Attacks
• Understanding Website Viruses
• The Overlooked Connection Between Computer Viruses and Site Security
• Protecting Your Site from DDoS Attacks
• Website Viruses – The Importance of Secure Web Pages

1.) Update Your Applications and Scripts

Running outdated web applications and code on your site is liking giving hackers an open invite.  So if you have older versions of WordPress or Joomla installed, it is advisable that you immediately check for and perform the necessary updates.  This goes for any application or programming languages used for your site.  For a knowledgeable hacker, compromising Joomla 1.0 is as easy as uploading a shell script to an insecure form.  If successful, they could end up with complete control of your account.

2.) Create Strong Passwords

A password can be a simple but effective security mechanism.  However, this is only the case when following a strict set of rules.  When securing login sessions and other areas of your site, never apply a password that can be easily guessed by others or is used for other accounts.  If someone knows just one of your passwords, they can keep trying it for each of your accounts until they are successful.  This could not only lead them to the control panel login of your hosting account, but also the financial institution you do your online banking with.

3.) Mask Your Folders

It is always wise to cloak your website files and folders that are stored on the server.  Many security experts suggest keeping a blank index.html file in each of the folders stored in your public directory.  Doing this will ensure that the contents cannot easily be viewed by internet users.  This process is made simple with the cPanel control panel and its Index Manager function.  You can take this one step further by password protecting the administrator folder that contains the scripts you are running.  This is highly recommended as it provides an added layer of security that will make an intruder have to work that much harder.

What If I Still Get Hacked?

As we eluded to earlier, there is a possibility that even after adhering to all of these tips and more, your website can still be compromised by a hacker.  Should your site be successfully exploited, there are a couple of things you should do right away to minimize the damage.  The first step that needs to be taken involves changing all of the passwords associated with your website.  This goes from your control panel and administrative areas to everything else in between.  Next, go through your hosting account to find and update all old applications and plugins as they could easily be the culprits that led to exposure.  Any website can be compromised and if it happens to you, your sensitive information can be used for criminal gain in one way or another.  Prevention is the key so employ all the measures you can to ensure you are protected against the existing and emerging threats.

Related posts:

• Website Security – 4 Ways to Secure Your Website
• Maintaining Website Security for Customer Satisfaction
• Website Security: Avoiding Downtime That Results in Loss of Profit
• Authentication Hacking: Is Your Site Vulnerable?
• Keep Your Site Safe – Learn What Not to Do
• How To Deal With A Possible Intruder On Your Server
• How to Keep Your Server Safe From Common Security Problems
• Several Security Risks and How to Avoid Them
• Performing IP Filtering Through cPanel – A Brief Tutorial
• Is SSL Essential for eCommerce Sites?