Currently set to No Index

Several Security Risks and How to Avoid Them

Avoid Security Risks

Yes, you’ve made sure that you’ve chosen a password that you can remember, that no one else can guess, and that has in it at least one number and one punctuation mark.  You know, though, that there is more to securing your web site than that, but you don’t know where to start looking for the most common methods of weakness exploitation, and how to make them not so weak.

Though they may sound hopelessly technical at first, the basic types of security issues are easy to understand, and once understood, easy (enough) to prevent.

Denial-of-service attack

One of the oldest tricks in the book is still one of the most commonly used.  The Denial-Of-Service attack (DDOS) consists of nothing more than flooding a web site with more requests than it can handle, effectively paralyzing the site so that it cannot be used by legitimate web surfers.

RELATED:   WordPress Recovering from DDoS Attack

The reason that this type of attack still exists today is that it is surprisingly hard to deflect.  Done right, a single request from a DDOS doesn’t look noticeably different from a legitimate request.  It’s only in the volume of requests that the problem becomes apparent.  Furthermore once an attack is recognized the only way to shut it down without shutting out “real” traffic is to find a unique fingerprint on the requests and filter only that.  While this means that a lazy attacker can be stopped by simply blocking his IP address, a sophisticated attacker (or worse, dedicated group of hackers) can create a deluge of requests that is very difficult to differentiate.

The only real solution to this is to have a web host that is willing to stay with you and keep the barbarians from the gates.  A good host will.

RELATED:   Are Secure Servers, Applications Really at Risk from GnuTLS "Hello" Vulnerability?

Hacking by URL and buffer overflow

A web page’s URL is a common place to send the information to a web server that it needs to form new pages.  The problem is that this information often goes to a script which has privileges that, if hijacked by URL, could be used against the server itself.

A subset of this problem is the buffer overflow.  This is when a URL is sent that is too long for the web server to handle.  What often happens, depending on the server specifications, is that the remainder of the URL is sent to the server as a command, often run as “root” (the user set by default to have universal privileges).

RELATED:   How to Install ModSecurity in CentOS

What you need to do about this depends on what the operating system of your server is, but usually comes down to both making sure that your scripts are secured against this weakness and making sure that they are setup in such a way that, even if they are compromised, they don’t have the security permissions necessary to do anything nefarious.

Check with your web host

A security problem for a single user is potentially a security problem for all users, meaning that your web host doesn’t want it any more than you do.  Check their help documentation, and by all means, ask about anything that confuses you.  Their livelihood is on the line right along with yours, so they will always be glad to help you both feel more secure in your site.

How to Find a Successful Name For Your New Blog?
How to Find a Successful Name For Your New Blog?

One of the most important decisions you can make to ensure your blog is among the best is to select a name. While there are more than 500 million blogs available...

How-to Start a Blog – Review of the Best 10 Blogging Platforms
How-to Start a Blog – Review of the Best 10 Blogging Platforms

If you want to start a blog as fast as possible, then you need to consider choosing a blogging platform. Thankfully, there are some excellent free and paid blogging platforms...

How Referral Marketing Can Benefit Web Hosts
How Referral Marketing Can Benefit Web Hosts

Even if the niche of web hosts are fully loaded with a lot of companies they are still one of the easiest to promote because you could write your own...

Broken Links: How to Find, Fix, and Benefit from Broken Links
Broken Links: How to Find, Fix, and Benefit from Broken Links

Links are what holds the web together. Essentially, the web is named as such because of the ability for pages and sites to link to other sources and relevant information....

Brand Value & the Most Powerful Brands (with Infographic)
Brand Value & the Most Powerful Brands (with Infographic)

Brand value – everyone wants it, however, only few are able to achieve it. The subject of “brand value” holds a significant position amongst marketers, executives, and entrepreneurs. Let’s discuss...

Reasons why your business should shift to Cloud hosting
Reasons why your business should shift to Cloud hosting

Cloud hosting has been on the rise since its inception. The improvement to your website performance and business efficiency that comes with Cloud hosting is almost tangible.

Why We Love the IT Support Career?
Why We Love the IT Support Career?

In almost all of my posts I was talking about the stressful side of the IT – the long hours, end user issues, migrations, midnight calls and the like. But...

IT Manager: Ways To Show Your Appreciation To Your Team
IT Manager: Ways To Show Your Appreciation To Your Team

Surely your team struggled hard and made things happen. You cannot say “this is what you get paid for” and just leave – you cannot keep your IT staff that...

Leave a Reply

Your email address will not be published. Required fields are marked *