The real question should be:  Is your website secure from hackers?

Take Steps

The answer to the question above is probably “yes, but only for the moment!”  It is the eternal battle of good vs. evil.  As the anti-virus movement gets more secure, the hacker nation gets smarter.  A lot of times the thief teaches the cops a thing or two.  It goes without saying you should be as prepared as possible.  One of the first steps you can take is to identify the most vulnerable areas of your website.  For example, if your operating system’s default parameters were not changed by the system administrator upon installation this may be an open invitation to an attack.  Take steps to ensure that proper password etiquette is always used among the many users involved in your enterprise.  You can use a password generator that produces completely random letters and numbers for passwords and have a scheduled password change every 45 days or so.

Email etiquette is just as important.  Emails that request information should be scrutinized.  The best way to identify a fake email that is asking for a password (one that mimics every aspect of a real email) is to look at and recognize the URL of your web hosting login page before replying.  Most web hosts provide a firewall for protection, be sure your web hosting company offers you some type of access or authority to configure this firewall.

Information

If the captain of a ship hears on the radio that there may be pirates in the area he most likely will alter course promptly.  This is very valuable information.  Software patches and updates are very valuable information.  Not only do you need to know what updates and patches are needed to keep your web site protected you need to when they are available.  In the digital security market there are information services whose primary function is to track the latest software vulnerabilities and provide you with the latest information on updates and patches for these vulnerabilities.  These services also provide key statistics such as the severity of the virus or hole, the potential impact, the programs it affects, protection guidelines, and any archived news about the particular virus or breach.

As your business continues to move forward there are always ways to improve and grow your ability to fend off computer hackers.   Pick and choose the ones that fit your budget and your business and you just might find smooth sailing ahead.

Related posts:

• May 5, 2010 – Healthy Website Security Practices
• February 8, 2010 – Website Security – 4 Ways to Secure Your Website
• January 15, 2010 – Website Security: Avoiding Downtime That Results in Loss of Profit
• November 28, 2011 – Bit-Defender Internet Security Review
• September 30, 2011 – What the New User can Learn from the GoDaddy Account Hack
• September 23, 2011 – Keep Your Site Safe – Learn What Not to Do
• September 21, 2011 – How To Deal With A Possible Intruder On Your Server
• September 9, 2011 – Several Security Risks and How to Avoid Them
• September 6, 2011 – Performing IP Filtering Through cPanel – A Brief Tutorial
• July 29, 2011 – Is SSL Essential for eCommerce Sites?

Considering that most hackers spend hours every day trying to find new exploits, hacking into sites and looking for opportunities to steal cash form hard working business owners, you need to put forth the same effort to protect your website. Since most do not have the time to work around the clock in keeping their website secure, you need a web hosting company that offers state-of-the-art server security. There are however some things that you can do to protect your website from  hacking attacks.

Firewalls

Many people overlook the importance of securing their operating system when dealing with their website’s security. Having a strong firewall is very important to the security of your operating system, and your website. When you upload information from your hard drive to your website, it can be intercepted if you do not have a solid firewall protecting you from the outside world. There are many firewalls available, and your web host will often have one setup on your server by default. However, it is best to have a high quality firewall set up on your server and your operating system for maximum security.

Securing Your Login Credentials

When security experts talk about keeping your website protected, they are actually referring to securing the control interface of your website, as this is the area that can be used to hijack or destroy your website if accessed. When a hacker gains access to your administrative interface they are capable of executing any task that you as an administrator could do. This means they can upload content, delete content, and even steal your entire domain by transferring it another host! Thus, the first line of defense is having a strong password. Make sure your password is at least 8 characters long, with two special symbols and two upper case letters. The best way to create a secure password is to use a password generating software. You can find these online for free, and they generate highly secure passwords at the click of a button.

Strong Antivirus Software

Having a solid password and firewall will do you no good if your system is vulnerable to viruses. Viruses like keyloggers can infiltrate your system and collect personal information, such as your passwords Even if your password is 20 characters long, it can still be hacked if your computer is infected with spyware and keyloggers. Keyloggers actually log everything that you type into your computer, which means that every time you enter your passwords, the info is sent to the hacker. To prevent something like this from happening, you’ll need a strong antivirus working to protect your computer at all times. Some antivirus suites come with a firewall and a password generator, so it is possible to handle all of the above precautions with a single powerful antivirus suite.

Related posts:

• February 8, 2010 – Website Security – 4 Ways to Secure Your Website
• January 15, 2010 – Website Security: Avoiding Downtime That Results in Loss of Profit
• May 26, 2009 – Web Hosting Security at Risk: Are you?
• May 12, 2011 – Essential Shopping Cart Attributes
• March 18, 2011 – Securing Windows for Web Hosting Safety
• December 24, 2010 – The Overlooked Connection Between Computer Viruses and Site Security
• December 20, 2010 – The Eternal Battle – Beware of the Attackers!
• August 20, 2010 – Using Ecommerce Web Hosting to Build Online Shops
• August 19, 2010 – Web Hosting For Online Businesses – Dedicated vs. eCommerce
• June 16, 2010 – Protecting Your Site from DDoS Attacks

Protect Your Website to Protect your Business

With all of the work that goes into building a comprehensive website over time, it may actually be more devastating to lose a website than to lose a PC or even an operating system. When a website is brought down by a virus, it cannot be quickly replaced like an operating system or  PC. In fact, the damage that is done can take months to repair, especially when you consider how many negative events can transpire as the result of a worm attack. The most obvious effect will be the loss of traffic that will be seen soon after the worm has infected your website.

Losing Traffic Due to Site Viruses

Website viruses are different than operating system viruses, as they are actually responsible for many of the local infections that end users experience. In other words, if you have a virus on your computer, it was most likely downloaded from a website that was carrying the virus. Most people don’t realize that many of these websites are not intending to give their visitors a virus, as they are a victim of the virus themselves. The virus attaches itself to the sites server and then uploads itself to all of the visitors’ computers. When this happens the visitors are quick to assume the site is unsafe, and thus will hesitate to return to the website. This can result in the loss of visitors in therefore business for a website owner.

Protecting Your Site From Viruses

To prevent the aforementioned issues, you should take the proper precautions to ensure the full safety of their website. One way you can do this is to use only secure web applications. Web applications often contain loopholes that lets hackers infiltrate the websites administrative interface and plant a virus. Another way to protect your site is to password protect all of your pages. You can do this in your hosting control panel. If you are having trouble with ensuring the safety of your website, it may be wise to consult with your web hosting provider for more info. Simply give them a call and ask them what kind of measures are in place to protect your website form worms, and ask thenm what you can do on your end to ensure maximum protection.

Related posts:

• May 5, 2010 – Healthy Website Security Practices
• March 18, 2011 – Securing Windows for Web Hosting Safety
• February 23, 2011 – Understanding Website Viruses
• December 24, 2010 – The Overlooked Connection Between Computer Viruses and Site Security
• December 20, 2010 – The Eternal Battle – Beware of the Attackers!
• February 8, 2010 – Website Security – 4 Ways to Secure Your Website
• January 20, 2010 – Maintaining Website Security for Customer Satisfaction
• January 15, 2010 – Website Security: Avoiding Downtime That Results in Loss of Profit
• December 15, 2009 – The Top 3 Web Hosting Security Issues
• October 16, 2009 – Major Threats to Business Website Security

Strong Administrative Passwords

Protecting your website means protecting the administrative interface. Once a hacker gains access to your site’s administrative interface, they can gain control of your entire online business in a few short steps. Once they’ve access the administrative control panel, hackers can do anything from defacing your website, to committing identity theft or fraud in the name of your business. To prevent hackers from easily gaining access to your website, you’ll want to use strong passwords that are mix of letters and numbers. These alphanumeric password should be at least 10 characters in length. Try to avoid using any commonly used words or names. Also try not to use dates that are significant in your life, as a hacker may be able to access this information.

Firewalls

Firewalls filter information that is transferred to and from your website. By configuring a secure firewall, you’ll be preventing all unauthorized access to your website. Setting an industry standard firewall at the highest possible security preference is one of the best ways you can deter hackers with ease. Remember that simply having a firewall is not enough to keep you site safe. The firewall must be configured properly.

Antivirus

Make sure you use only the best antivirus programs. If your computer contracts a virus, the hacker that distributed this virus could gain access to sensitive information on your computer. Some viruses will install hacking utilities known as KeyLoggers, which record the data inputted from your computer’s keyboard. This means that everything you type is recorded and then sent to the hacker, including your system and website passwords.   It is imperative that you ensure that your antivirus program is regularly updated to the latest definitions. This will help you to protect your computer from hackers who attack your system in efforts of gaining control or information. Simply having an antivirus program installed is not enough. New viruses are created everyday, so it is important to keep your Antivirus program updated regularly.

Security Testing

Once you have all of the above security measures in place, you’ll want to test the security of your website routinely. Try to use a security analyzing tool regularly. These tools will usually find any existing security lapses and assist you in correcting them. Remember that in order to have good website security, these security measures must be practiced regularly.

Related posts:

• May 5, 2010 – Healthy Website Security Practices
• January 15, 2010 – Website Security: Avoiding Downtime That Results in Loss of Profit
• April 14, 2009 – Is Your Business Website Secure?
• December 20, 2010 – The Eternal Battle – Beware of the Attackers!
• February 26, 2010 – PHP and Common Web Hosting Security Issues
• January 20, 2010 – Maintaining Website Security for Customer Satisfaction
• October 16, 2009 – Major Threats to Business Website Security
• September 22, 2009 – Server Options for E-commerce Hosting
• August 19, 2009 – Three Simple Tips for Protecting Your Site
• May 29, 2009 – The Need for PCI Compliant Hosting

How do Hacker’s Deface Websites?

Hackers employ a number of tools and methods to gain control of a website’s content. In most instances they will gain access to the server via a security lapse in the operating system, unsafe web site applications, or another flaw in the server’s security. If the hacker cannot access the server through a basic loophole, they may execute browser based attacks with remote code. Regardless of how the hacker gains access to your site, you should be prepared and secured against such an attack.

Preventing Defacement With Website Security

To prevent defacement, you will need to make sure your data is secured on both your server and your computer.  Website security should be a top priority any time you are looking for a web hosting provider. Make sure you ask about protection against website defacement when you are inquiring with the companies customer service rep. If you host a private server then you will want to make sure the server is in a safe place. Co-location hosting is an option for people who are looking or top-notch security without having their own warehouse or storage facility.

Preventing Defacement with Server Security

Having your server stored in a secure place will keep your hardware secure, but it will not fully secure the data stored on the hardware. In fact, most hackers don’t even consider stealing your hardware, they would rather access it remotely through a security lapse in an application stored on the server.  Keeping your operating system updated with the latest patches will make the hacker’s job much more difficult.  It is also a good idea to keep your web applications and any other software associated with your server updated and secure. Even after you have acquired all of the updates needed, it is still necessary to encrypt any data stored on, or sent through the server.

Preventing Defacement with Secure Applications

Quite often, hackers gain access to the server through a web application with weak security. In fact, most web applications have faults that can be easily exploited. For this reason you should only use web applications that you know are secure. If you have the resources, you may want to have your web applications designed by a personal team of developers who are aware of your security needs. If you cannot have this done then it is prudent to minimally research the possible security flaws that exist within the applications you are currently using.

Related posts:

• May 5, 2010 – Healthy Website Security Practices
• February 26, 2010 – PHP and Common Web Hosting Security Issues
• February 8, 2010 – Website Security – 4 Ways to Secure Your Website
• January 15, 2010 – Website Security: Avoiding Downtime That Results in Loss of Profit
• December 15, 2009 – The Top 3 Web Hosting Security Issues
• October 16, 2009 – Major Threats to Business Website Security
• August 19, 2009 – Three Simple Tips for Protecting Your Site
• April 25, 2011 – Bux4Real Attacked by Hackers
• April 13, 2011 – Using Captcha Scripts to Prevent Spam
• April 1, 2011 – Three Reasons Why Colocation Hosting Is More Expensive

Serious Firewalls

Even though most web hosting providers employ firewalls by default, a lot of these firewalls are not properly configured and the restrictions can easily be circumvented by a knowledgeable hacker. If you want to ensure the security of your website(s), then you should inquire about he strength of the firewalls and it is important to have the capability to adjust firewalls to your specifications. If your web hosting company does not allow you to make changes to your site’s firewall, then you need to consider another service.

A good example of the need for firewall administration abilities, would be when a hacker is sending malicious traffic to your site form a certain IP. In this instance, it would be crucial to block this IP, and as a domain owner with a hosting account, you should have the right to do so.  The safest web hosting services offer IDS (Intrusion Detection Systems). Any breaches to your firewall can cause downtime and loss of business, therefore it is crucial to have the serious firewalls protecting your website a all times.

Protection from Distributed Denial of Service Attacks (DDoS)

Although a DDoS attack is a very basic and commonly used attack, it is also extremely difficult to prevent and treat. This simple yet effective attack can cause downtime in many websites by affecting the server functionality. This means that even users who are unrelated to the attack will suffer.  Therefore it is important to inquire about an Anti-DDoS feature before purchasing a web hosting plan.

Proper Data Encryption

If you plan on selling your services or products online, then data encryption is essential. All web hosting plans should include SSL encryption. SSL encryption will transform sensitive date from plain text into special code that make interception by a hacker very difficult. While most web hosting companies offer this feature by difficult. You may want find one that will give you the option to purchase a private certificate for added security benefits.

Related posts:

• May 5, 2010 – Healthy Website Security Practices
• February 8, 2010 – Website Security – 4 Ways to Secure Your Website
• December 20, 2010 – The Eternal Battle – Beware of the Attackers!
• June 16, 2010 – Protecting Your Site from DDoS Attacks
• January 20, 2010 – Maintaining Website Security for Customer Satisfaction
• December 15, 2009 – The Top 3 Web Hosting Security Issues
• October 16, 2009 – Major Threats to Business Website Security
• August 19, 2009 – Three Simple Tips for Protecting Your Site
• January 23, 2009 – The Dangers of Insecure Web Applications
• November 28, 2011 – Bit-Defender Internet Security Review

In May 2007, more than 90,000 sites were compromised by hackers, a large scale exploit designed to illegally install malicious code on the computers of visitors who clicked on seemingly harmless search results.  A StopBadware study showed that an estimated 10% of those compromised sites were maintained by one hosting firm in particular, which accounted for 250,000 infectious websites.  This is just one of many examples that prove no website is ever as safe as we might think.

Common Threats to Business Websites

Hackers employ several methods and tricks to exploit websites.  Below we will focus on three that are most commonly used to attack business sites: SQL injection, cross site scripting and CRLF injection.

SQL Injection

SQL injection is by far one of the most popular website attacks employed today.  This technique primarily works by sending false or malicious requests to a back-end database to manipulate the information it contains.  By doing so, the attacker can view whatever information is stored in the database, change it, or erase it completely.  Most websites would not exist without the presence of databases but unfortunately, any site that features shopping carts, search fields, and any type of web form is susceptible to SQL injection.  The fields that require interaction from your visitors and customers could open up the door a hacker needs to thieve sensitive data and destroy your company.

Cross Site Scripting

Cross site scripting is another common attack that exploits holes in dynamic websites.  Dynamic pages can allow an attacker to insert malicious code and trick an end-user into running a harmful script on their computer.  If the user executes the code, the hacker could gain access to all of the sensitive information on their local machine.  Cross site scripting takes advantage of numerous programming technologies including Active X, Flash, Javascript and VBScript.

CLRF Injection

Unlike most exploits, CLRF injection does not take advantage of security vulnerabilities in the operating system or web software.  Instead, it exploits the manner in which the application was scripted.  For instance, an attacker can insert a statement into a web form along with code from CR (Carriage Return) and LF (Line Feed) characters.  The chance for exploit arises when the application mistakes this injection for a CLRF used in the initial development stage.  This attack is very dangerous as it has the power to disable an entire website.

This article is not aimed to make you a website security expert, but make you aware that security for your business site should be equally important as your local machines.  To assume that your business will never be exploited only exposes you to unnecessary risks that could put you out of commission effective immediately.

Related posts:

• January 13, 2009 – How to Find Secure Shared Hosting
• May 5, 2010 – Healthy Website Security Practices
• February 8, 2010 – Website Security – 4 Ways to Secure Your Website
• January 20, 2010 – Maintaining Website Security for Customer Satisfaction
• January 15, 2010 – Website Security: Avoiding Downtime That Results in Loss of Profit
• November 26, 2009 – Authentication Hacking: Is Your Site Vulnerable?
• August 19, 2009 – Three Simple Tips for Protecting Your Site
• December 29, 2008 – Browsers Aiding in Website Attacks
• April 25, 2011 – Bux4Real Attacked by Hackers
• December 20, 2010 – The Eternal Battle – Beware of the Attackers!

1.) Update Your Applications and Scripts

Running outdated web applications and code on your site is liking giving hackers an open invite.  So if you have older versions of WordPress or Joomla installed, it is advisable that you immediately check for and perform the necessary updates.  This goes for any application or programming languages used for your site.  For a knowledgeable hacker, compromising Joomla 1.0 is as easy as uploading a shell script to an insecure form.  If successful, they could end up with complete control of your account.

2.) Create Strong Passwords

A password can be a simple but effective security mechanism.  However, this is only the case when following a strict set of rules.  When securing login sessions and other areas of your site, never apply a password that can be easily guessed by others or is used for other accounts.  If someone knows just one of your passwords, they can keep trying it for each of your accounts until they are successful.  This could not only lead them to the control panel login of your hosting account, but also the financial institution you do your online banking with.

3.) Mask Your Folders

It is always wise to cloak your website files and folders that are stored on the server.  Many security experts suggest keeping a blank index.html file in each of the folders stored in your public directory.  Doing this will ensure that the contents cannot easily be viewed by internet users.  This process is made simple with the cPanel control panel and its Index Manager function.  You can take this one step further by password protecting the administrator folder that contains the scripts you are running.  This is highly recommended as it provides an added layer of security that will make an intruder have to work that much harder.

What If I Still Get Hacked?

As we eluded to earlier, there is a possibility that even after adhering to all of these tips and more, your website can still be compromised by a hacker.  Should your site be successfully exploited, there are a couple of things you should do right away to minimize the damage.  The first step that needs to be taken involves changing all of the passwords associated with your website.  This goes from your control panel and administrative areas to everything else in between.  Next, go through your hosting account to find and update all old applications and plugins as they could easily be the culprits that led to exposure.  Any website can be compromised and if it happens to you, your sensitive information can be used for criminal gain in one way or another.  Prevention is the key so employ all the measures you can to ensure you are protected against the existing and emerging threats.

Related posts:

• May 5, 2010 – Healthy Website Security Practices
• February 8, 2010 – Website Security – 4 Ways to Secure Your Website
• January 20, 2010 – Maintaining Website Security for Customer Satisfaction
• January 15, 2010 – Website Security: Avoiding Downtime That Results in Loss of Profit
• October 16, 2009 – Major Threats to Business Website Security
• April 25, 2011 – Bux4Real Attacked by Hackers
• January 27, 2011 – Little Known Truths about Domain Privacy
• January 20, 2011 – Locking Your Online Business Using Website Encryption
• December 24, 2010 – The Overlooked Connection Between Computer Viruses and Site Security
• December 20, 2010 – The Eternal Battle – Beware of the Attackers!