Tag Archives: Host Department Security

One day, on a fine morning you woke up and want to see your website and suddenly you see a danger signal alarming that your website has been compromised. For a webmaster it will be the worst nightmare, do you have any such experiences? if so, who do you blame for this?. Security becomes one of the most essential part of the website management these days, as there are plenty of ways your website can get affected with any type of hacking, spamming or hijacking attacks. As a Host Department customer, you may be well protected over servers and network side, but are you really protected from your insides? That is the real question here.. how to secure your website internally?.

You may use the strongest locker in the world to protect your wealth, but what is the use if you left the doors open?. The same thing applies to your website too, we host thousands of websites and rarely receive few of such comprised website complaints. What do we do in such cases?, first we try to understand where is the loop hole and let me tell you something here, it is most of the time an application with an outdated version or some files which have full permissions (777) (read, write, execute), that means you are giving an open invitation to the hackers to compromise your website.We often try to warn our customers to update their CMSs or their blog applications such as WordPress, Joomla, Drupal etc but they ignore it and which ultimately results in to this kind of hacking attacks. Recently in a press release Joomla announced that they deprecated all the 1.x.x versions of Joomla. See this below note from their website..

Joomla! 1.0.x, 1.5.x, 1.7.x – these versions have been deprecated for a very long time and is no longer supported in any way, but there are still websites using it (shame on you!).  Generally denoted by a red stripe across the top of the page, you will find the version number at the bottom of the page.

But still there are lot of Joomla users who are using the same old versions, then how to rock solid your website security?, please read this below instructions to tighten your website security.

10 Ways to Secure your Website:

Step #1: Secure your Directory and File Permissions:

This is one of the most common cause for easily getting compromised, in lot of cases CMS type applications needs 777 permissions to execute few tasks. There is nothing wrong if you want to give full access temporarily but if you leave that file or folder with full permissions for a long time, that means that directory or file can be accessible and writable world wide by anyone. In such cases it is very easy for hackers to compromise and infect your pages. So, what is the solution?. What are the recommended file and folder permissions..?

777 permissions indicates Owner, Group and Public permissions respectively.

Directory Permissions

Recommended Folder and File Permissions:

Recommended directory permissions: 755 (rwx,rx,rx)

Recommended file permissions: 644 (rw,r,r).

Make sure that you always have these permissions assigned to the folders and files in your website, this is one of the important step to protect your website from malicious attacks.

Step #2: Use Strong FTP Passwords:

This is one of the most common blunder of the webmasters, they always use simple passwords for their FTP login, this is one of the worst mistake which can lead to some big problems. To avoid this always use secure passwords.

Secure Passwords

A strong password does NOT, in any way, use your personal information, such as name, phone number, Social Security number, birth date, address or names of anyone you know. You can make use of some great online tools to generate strong passwords, like Random password generator etc. You can also check the strengths of your present passwords using some tools like Microsoft password strength checker or password meter etc.

Also please make sure that you change your password in every week or at least in a month.

Step #3: Keep your Applications up to date:

Open source applications occupied a major part on the websites designing and development, these days a lot of people are hosting the open source CMS applications. We too encourage you to host them, but if you don’t keep them up to date, that means definitely you are in trouble. Several times we try to warn you guys on this, but most of the time webmasters ignore this.

We often try to send you email alerts about these security issues of using the old version of applications, but in mots of the cases customers ignore. We request you to keep your application up to date, there are thousands of people working on the open source projects to keep them up to date and make them secure, then why don’t you benefit out of those free and secure updates?.

Step #4: Secure your pages with SSL Certificate:

Do you have any eCommerce type website?, then do you know that having an SSL certificate for your SSL store is one of the most important thing to protect your customers valuable data and your reputation as well. Even if you have just a page which provide logins for your customers or members, then it is recommended to have an SSL certificate. This will ensure that all the information on your pages over the internet will be encrypted and almost impossible to read by any hackers.

Do you know that Host Department provides cheap SSL certificates?, our certificates starts from $11.95/month.

Cheap SSL Certificates

Step #5: Protect your .htaccess file:

.htaccess file is one of the most important yet most powerful file, which can control the behavior of your website and posses the power to even redirect your entire website to a different one. This type of attacks becomes more popular these days, in this attack a malicious hacker will inject a redirection code to a malicious website. Then, how to protect your htaccess file?, it is simple, as I said earlier do not assign full permissions to your htaccess file or you can write this below piece of code in your htaccess file which do not let any others access your htaccess file.

<Files ~ “^.*.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</Files>

The above code will protect your htaccess file from being accessed by others and will not let hackers inject any malicious code.

Step #6: Keep your home or office PC Secure:

You may ask that how keeping your system safe will protect your web pages?, in a recent survey it is disclosed that 30 to 40% of the malicious files are uploaded by the webmasters themselves, even our experience teaches the same. If your system is infected with the virus then obviously the next job of that virus to make sure that it will inject the malicious code in your web pages while you are trying to upload them or send your login credentials to the remote hacker so he can take care of the rest.

So always keep your PC clean and scan it daily with an updated antivirus program. Check for any unusual behavior before uploading yous files.

Step #7: Use Secure Passwords for your Emails IDs:

Email IDs getting compromised because of the weak passwords is one of the fastest raising issues in the hacking and spamming era. Once a hacker can manage to guess your password using the brute-force attack, he will simply start sending bulk mails to the various emails in the same server or even outsiders. Ultimately your mail server IP get black listed and you couldn’t able to send and receive emails, again you need to request for the delisting from the blacklist.

Emails

To avoid this kind of issues, it is recommended to use secure and strong passwords for your emails IDs. In our personal experience we have seen plenty of such cases, we often used send alerts on your email about the weak password usage, please do not ignore that and change your password to a secure one.

Step #8: Secure your Private and Admin areas with IP restrictions:

It is always recommended to secure your private areas with IP restrictions or at least with an SSL encryption. IP restriction is a bit way advanced yet effective method to stop the unauthorized personnel to access a particular area of your website. If you have a static IP at your home or office PC, it is recommend to set IP restrictions with .htaccess rule, so only your home or office PC can only access that particular area.

Here is an example htaccess code to IP restrict the access to a particular location.

# ALLOW USER BY IP
<Limit GET POST>
order deny,allow
deny from all
allow from 1.2.3.4
</Limit>

The above code restrict all other users from accessing a particular area except that allowed IP (ex: 1.2.3.4). You can replace that IP address with yours and place that htaccess in the folder which you want to restrict from public access.

Step #9: Change your database table prefix:

If you have a dynamic website with back-end database support, then it is recommended to use a different table prefix than a default one comes with your application. Also if you have a raw tables without any prefixes then it is important to add a prefix which hard to guess, this will ensure that no one can able to guess what is your database username, so there is no point of hacking the password.

Database Tables

We also recommend you to please use strong passwords for your database users, do not use same password for all the users. Make sure that each of your password is unique and absolutely strong.

Step #10: Try to have your own virtual private server:

Having your own virtual private server (VPS) is always an added advantage, you can define your own rules and you will have your own server with the choice of your own OS like Windows VPS and Linux VPS. This will enable additional layer of security and make all your data placed in your own server. This may not be a security measure, but worth trying. Because you will get a lot of advantages like writing your own rules installing all type of security applications etc.

Do you know that Host Department offer cheapest VPS hosting with free Plesk panel?, so you can manage most of your tasks using a powerful panel.

I hope you learned few important tips about your website security today, please do drop your comments, questions and suggestions in the comments section below, also if you like this post please consider sharing it with others.

There are many aspects of website security. One such aspect is password which is overlooked by many of us. Internet security is based on weakest link principle and that weakest link could be your password which hackers may use to hack your site. If you have secure password then you need not worry about hackers.

Host Department LLC. suggests you to keep your password as strong as possible, don’t reveal it to any one, change your password regularly, always log out in case you use a shared system.

There are a number of dos and don’ts when creating and managing your passwords, but there are some basics guidelines you can follow.

  • Use both upper- and lower-case letters
  • Incorporate numbers or punctuation marks
  • Use at least one of these special characters: ! @ # $ % * ( ) – + = , < > : : “ ‘
  • Make it at least 8 characters long.
  • A strong password does NOT, in any way, use your personal information, such as name, phone number, Social Security number, birth date, address or names of anyone you know.
  • Come up with something you can remember easily, but would be virtually impossible for anyone else to guess.