Blog Header Banner

Archive for the ‘website security’ tag

Simple Steps to Secure Your Website   no comments

Posted at Feb 21, 2017 @ 9:53am Web hosting

Secure Website

If you run a personal or business website then it’s vital you take steps to secure your website and protect it from hackers. Criminals have many reasons for wanting to gain unauthorized access to your content, and all of them will impact you and your business in a negative way. By following the steps below, you will not only keep your website and data safe, but also your business.

 

Renaming Directories

When hackers want to take control of your website and to cause damage, they will search for your administration directories. If they can locate them, then the hackers can steal your login details or give themselves access. Many programs are available that will scan websites to find administrative credentials, and you can protect yourself by renaming your directories.

Although this step might seem small, don’t get tempted to overlook it because you must do everything that you can to stay safe. The name that you give your directories is not important as long as you know how to access them when you need to make changes.

 

Complex Passwords

Hackers will sometimes use brute force software to access your administration panel, and they can do anything they want from there. The brute force software works by repeatedly entering different numbers and letters into the username and password fields until it finds the correct combination. You can protect yourself from such attacks by using strong passwords that contain letters, numbers and special characters.

Although it’s still possible for hackers to use brute force software to break into your website, they are not likely to succeed. A complex password can resist a brute force attack for several thousand years before the correct combination is discovered. Unless your website contains extremely sensitive data, the hackers will likely move on to an easier target.

 

Encrypt Your Important Files

Many people store files on their website as plain text, and that makes it easy for hackers to steal and read the information. The problem becomes that much worse when the data contains the credit card numbers of your customers. You can add an extra layer of safety by encrypting your files so that they become all but impossible to read.

An encryption program works by scrambling a file until it’s unreadable, and only the person with the correct decryption key can reverse the process. If your important files are encrypted, hackers will not be able to see them even if they gain access to your website.

 

Update

One of the ways that hackers gain access to a website is by looking for software vulnerabilities. They will reverse engineer software and scripts to find methods to take control of your content and to view your files. To combat that problem, software developers consistently release updates for their programs, which address known weaknesses.

But some webmasters are still reluctant to update their sites because they don’t want to experience any downtime. When you choose not to install recent updates, you are inviting criminals to exploit you and your users. Ensure that you are always using the latest scripts when your goal is to safeguard your website.

 

Backup

When protecting your website data is your No. 1 goal, utilizing a backup solution is a must. However, If all of your files and backups are stored on the same server, you risk losing everything if that server gets destroyed or compromised. The good news is that you can combat this problem by utilizing a Cloud Backup solution. This option involves uploading the data that you want to protect to ‘The Cloud’ – a cluster of servers located in a remote, secure datacenter.

 

Running a business can be very demanding and it may not leave you with enough spare time to regularly maintain your website’s security. If this scenario sounds familiar, your best bet may be to switch to a Managed web hosting solution. TurnKey Internet offers a complete all-inclusive fully managed service that lets you focus on your customers while running your business – leave the infrastructure, software updates, security, backups, and uptime to us. We provide a turnkey solution that employs a unique combination of Application and Network Engineers, deep-level performance monitoring and on-going guidance to maintain and optimize your cloud-based hosted infrastructure. You get all-access to our Support and network Engineers – far more cost-efficient than hiring, onboarding, and building your own team of tech gurus. As technology changes daily, we’ll keep your systems secure and up-to-date, while you focus on your business

 

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by David Maurer on February 21st, 2017

Tagged with , , ,

4 Easy Ways to Protect Your Website from Hackers   no comments

Posted at Oct 4, 2016 @ 8:56am internet security

website-hacker

Running and managing a website is a lot of work, and most people don’t even consider the possibility of being compromised. When they ignore the risk, webmasters are putting themselves at an even greater risk. If you run a personal or business website then it’s vital you take steps to protect your website from hackers. Criminals have many reasons for wanting to gain unauthorized access to your content, and all of them will impact you in a negative way.

The hacker might be interested in performing a prank, or they could try to redirect your traffic to another link. If a business website gets compromised, your customers’ personal data could be exposed, and that would ruin your reputation. The following information will help you keep yourself safe.

 

1. Stay Updated

One of the ways that hackers gain access to a website is by looking for software vulnerabilities. They will reverse engineer software and scripts to find methods to take control of your content and to view your files. To combat that problem, software developers consistently release updates for their programs, which address known weaknesses.

But some webmasters are still reluctant to update their sites because they don’t want to experience any downtime. When you choose not to install recent updates, you are inviting criminals to exploit you and your users. Ensure that you are always using the latest scripts when your goal is to safeguard your website.

 

2. Strong Passwords

Hackers will sometimes use brute force software to access your administration panel, and they can do anything they want from there. The brute force software works by repeatedly entering different numbers and letters into the username and password fields until it finds the correct combination. You can protect yourself from such attacks by using strong passwords that contain letters, numbers and special characters.

Although it’s still possible for hackers to use brute force software to break into your website, they are not likely to succeed. A complex password can resist a brute force attack for several thousand years before the correct combination is discovered. Unless your website contains extremely sensitive data, the hackers will likely move on to an easier target.

 

3. File Encryption

Many people store files on their website as plain text, and that makes it easy for hackers to steal and read the information. The problem becomes that much worse when the data contains the credit card numbers of your customers. You can add an extra layer of safety by encrypting your files so that they become all but impossible to read.

An encryption program works by scrambling a file until it’s unreadable, and only the person with the correct decryption key can reverse the process. If your important files are encrypted, hackers will not be able to see them even if they gain access to your website.

 

4. Rename Your Directories

When hackers want to take control of your website and to cause damage, they will search for your administration directories. If they can locate them, then the hackers can steal your login details or give themselves access. Many programs are available that will scan websites to find administrative credentials, and you can protect yourself by renaming your directories.

Although this step might seem small, don’t get tempted to overlook it because you must do everything that you can to stay safe. The name that you give your directories is not important as long as you know how to access them when you need to make changes.

 

If a business website gets compromised by criminals, then the entire business could fail. Whether you run a private blog or corporate site, it’s vital to be proactive when it comes to securing your content if you don’t want to encounter problems. Some people feel as though hackers would not want to target them, but their false sense of security could cause them to lose everything.

Safeguarding yourself does not need to be a hard or time-consuming process, and a little effort can work wonders to prevent a disaster from occurring. You never know when a security breach will take place, so you need to take action while you still have the opportunity.

 

Running a business can be very demanding and it may not leave you with enough spare time to regularly maintain your website’s security. If this scenario sounds familiar, your best bet may be to switch to a Managed web hosting solution. TurnKey Internet offers a complete all-inclusive fully managed service that lets you focus on your customers while running your business – leave the infrastructure, software updates, security, backups, and uptime to us. We provide a turnkey solution that employs a unique combination of Application and Network Engineers, deep-level performance monitoring and on-going guidance to maintain and optimize your cloud-based hosted infrastructure. You get all-access to our Support and network Engineers – far more cost-efficient than hiring, onboarding, and building your own team of tech gurus. As technology changes daily, we’ll keep your systems secure and up-to-date, while you focus on your business.

 

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by David Maurer on October 4th, 2016

Tagged with , , ,

SSL: Protecting Your Website and Customers   1 comment

Posted at Sep 6, 2016 @ 8:47am Web hosting

SSLHero

SSL certificates are crucial for websites that offer anything for sale as they provide a level of privacy and security that is necessary to ensure that customers are comfortable shopping there. In fact, many people will simply leave their full shopping cart in your virtual aisle and refuse to purchase anything from your website if they realize that it does not have an SSL certificate.

Secure Sockets Layer (SSL) is used to transmit private information online in a manner that keeps it private. Customers will know that any information that they provide you is being kept safe from prying eyes if https:// precedes your website address, and a lock icon is located to the left of it. Banks and other major financial institutions have used SSL certificates, which were initially developed by Netscape in 1994, for some time.

 

How Does It Work?

The data that is being sent is immediately encrypted, causing somebody attempting to hack into it to not be able to read it as all they will see is an undecipherable list of letters and numbers. The information will then arrive on the recipient’s end after being unencrypted into its original form so that it can be read and utilized as was originally intended.

Data being sent without the use of SSL certificates could either be hijacked by a hacker and then used for their usually nefarious purposes or it could even be altered en route to its destination without the sender or the recipient realizing that any changes had been made to it.

These digital certificates also ensure that the personal and private data is being sent to the secure site it’s supposed to go to and not being diverted to one that could be malicious.

 

It Works Both Ways

Any information that those running a website send to interested parties is also encrypted when using SSL certificates. These can include newsletters, promotional codes and vouchers as well as any information that you send during the purchasing process that you want to ensure is not intercepted and stolen or altered en route.

 

Indirect Benefits

Using SSL certificates is a wonderful way to increase your website’s search engine optimization (SEO). In 2014, Google announced that it will be giving rankings boosts to websites using this layer of protection. Although having this level of trust in your website is not going to impact the search engine results as much as the quality of your content, it will give you a leg up as far as search engine results go when competing against otherwise similar websites. Google may also increase its importance down the line.

 

Differences

Single certificates cover one domain name. Wildcard certificates are valid for one domain name and any subdomains underneath it. Multi-domain certificates are good for multiple domain names.

Domain validation certificates offer the most basic level of protection; they cover basic encryption and verify that the person whose name or email address is associated with the website has control over it. However, they do not verify exactly who this individual or company is or how much control he or she has over the website’s content or where information sent through it actually goes.

Organization validation certificates provide a more thorough validation process by checking on the applicant’s credentials and doing things like making sure the individual or company’s physical address matches up with the application and that they have a legal right to own and run that website. Businesses should at the very least use this certificate as domain validation certificates just do not provide the safety and trust that is usually necessary.

Extended validation certificates are the ones that offer the most security as a thorough examination is conducted before it is provided, assuring visitors that the individual or company being represented is accurate and that the entity possesses the rights necessary to operate that website. These certificates should be used by any websites that ask customers to provide especially sensitive information such as credit card numbers.

 

Which Certificate to Get?

Websites that garner a low level of traffic and do not ask visitors for information more personal than usernames and passwords can use domain validation certificates. A couple of the main benefits of going this route is that these certificates are more affordable and issued much more quickly.

However, if you are or will be receiving a decent amount of traffic or asking your visitors for any financial information or other sensitive date such as addresses, telephone numbers or social security numbers, you should at least get an organization validation certificate.

The extended validation certificates do provide the most protection and trust, but they are also the most expensive and take the longest to receive. Medium to large organizations tend to be the ones most apt to purchase these, but you should definitely consider it if you are or plan to be in one of those categories.

At TurnKey Internet we offer SSL certificates on all of our hosting plans as well as include a free SSL with every Reseller and SEO package. If you have any questions regarding which SSL solution is right for you or how to get started, feel free to email our support team (helpdesk@turnkeyinternet.net)

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by David Maurer on September 6th, 2016

Tagged with , , ,

No not Pokemon, teenage bugs are attacking your website server   no comments

Posted at Jul 26, 2016 @ 9:36am Web hosting

httpoxyblogimagepokemon

Unfortunately, despite the trend, the bugs I’m referring to are not Pokemon.

Instead, they’re easily exploitable security bugs, discovered 15 years ago, that have reemerged, leaving your website or server potentially open to hijackers.

It’s being called the “httpoxy flaw” and it exists in a variety of server software, including PHP, Go, Apache HTTP server, Apache TomCat, and Python. If exploited, it can potentially be used to seize control of your website and access sensitive data.

Httpoxy is a set of vulnerabilities that affect applications running in CGI, or CGI-like environments. Essentially it comes down to a simple namespace conflict. This, in turn, can be exploited to configure outgoing proxies, allowing attackers to remotely execute malicious code.

Red Hat, Microsoft, The Apache Software Foundation, Ngnix, CloudFlare and others have released security advisories in an attempt to warn users of the httpoxy flaw.

Based on the affected software, specific CVE (Common Vulnerabilities and Exposures) numbers have been assigned: CVE-2016-5385 in PHP; CVE-2016-5386 in Go; CVE-2016-5387 in Apache HTTP server; CVE-2016-5388 in Apache TomCat; CVE-2016-1000109 in PHP-engine HHVM; and CVE-2016-1000110 in Python. Researches expect more CVEs coming for httpoxy as less common software is inspected.

Luckily if your website is hosted on TurnKey Internet’s cloud hosting platform (https://turnkeyinternet.net/linux-cpanel-web-hosting/) you are already protected. If you have any questions or additional concerns, feel free to email our support team (helpdesk@turnkeyinternet.net) and we would be more than happy to assist you.

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by David Maurer on July 26th, 2016

Tagged with , , , , ,