Tag Archives: Security

Installing a WordPress is very easy it is just done by one click installation. You can have a look at this documentation CLICK HERE

Once you have installed WordPress there are some more steps you need to follow. To give your customers a better experience with your blog you need to install few plugins. Let us have a look at some of “Must be” plugins.

SEO Plugins :

Support for SEO on Custom Post Types, Advanced Canonical URLs, Fine tune Page Navigational Links, XML site maps, Automatically optimizes your titles for Google and other search engines, Generates META tags automatically and Avoids the typical duplicate content found on WordPress blogs. These are the tasks done by SEO plugins.

Some of the plugins for these features are WordPress SEO by Yoast, All in One SEO Pack, Google XML Sitemaps .

Avoid Spams :

akismet-logo

 

Akismet is the best and only plugin that filters spam.

For Back Ups :

Wordpressbackup-logo

 

There are many plugins that provide back ups for the wordpress. Each plugin has its own features other than just maintaining a back up. Back Up WordPress is one of them.

Analytics :

google-analytics-logo

Adds extra search engines which tracks the downloading IP, monitors number of views. Google Analytics for WordPress , WordPress.com Stats.

Cache :Wordpress-cache

 

This helps in improving the speed of the wordpress, it increases its performance. W3 Total Cache, WP Super Cache are most popular caches used.

Contact Form :

Contact form is one of the important aspect and it is a must. Contact From 7, cform, WP Contact Form, Gravity Form are the most popular contact forms used with additional features..

Gallery :nextgen-wordpress

For effective and amazing photos you can use gallery plugins like NextGen Gallery, Simple Photo Gallery . These are the most popular plugins used.

Comments :Disqus-LOGO

Let your viewers share their opinion on your product or an article by installing plugins like Disqus, Commentluv etc.

Security :security

Security is a very important for any site. There are plugins available for providing security to the wordpress and they are All In One WP Security & Firewall, BulletProof Security, Captcha etc.

Social Media :

Social Media is the best to reach people, you can install plugins like Sociable, Share This, Fat Free WordPress Social Share Buttons Plugin, WordPress Social Sharing Optimization etc

DDOS is nothing but distributed denial of service , this attack is very well trained and uses internet to get into a system and attack the network . Many computers using internet can also be used to attack other systems. If a denial of service attacks a computer or network then the user will not be able to access emails or the internet, These attacks can be directed towards an operating system (OS) or a network.

How did DDOS attacks start?

shared hosting from host department

DDOS attacks started in late 90’s, initially the attackers used to make full use of victim’s bandwidth and not letting others to get the service. To make these attacks more damageable many attackers should manually synchronize. This type of attack has become public in the year 1997, when a DDoS attack tool called as “Trinoo” was released and was available publicly.

Types of DoS attacks:

Dos attacks are classified into three different types based on the method of attacks. They are:

1.Bandwidth/Throughput Attacks:

These type of attacks are again classified into different types:

Ping Flood Attack: This is a kind of attack by which an attacker attacks on the bandwidth connection so that a network is saturated with an ICMP echo request packets so as to slow or stop the traffic which is going through the network.

Distributed SYN Flood: The attack focuses on the bandwidth of many machines and by doing so, it
is possible to use more number of weakly distributed computers and a big flood attack is created.

UDP Flood Attacks: In UDP protocol it is very easy to use interface to produce large quantity of packets . Hence it is very easy for an attacker to produce large packets with little effort and this is how a victim’s network is flooded with UDP packets and is attacked.

2. Protocol Attacks:

These type of attacks are divided into two types:

Smurf Attack: Here a spoof IP packet with ICMP echo -request with an address of victim’s system and a destination address are sent to an intermediate network. By sending an ICMP echo request to destination address , it triggers all the host that are included in the network and thus leading to production of large number of packets that are routed to that spoof IP address.

DNS name server Attack: his is one of the most common method for attacks, mainly by sending a high number of UDP based DNS requests to a nameserver using a spoof IP address, now any nameserver response is sent back to the destination i.e., to the spoofed IP address and here this IP address is the victim of the DoS attack. So, it is difficult for a nameserver or the victim to determine the true source of the attack.

3. Software Vulnerability Attacks:

These attacks are again divided into 3 types:

Land Attack: This kind of attack uses TCP/IP, here attacker sends a TCP SYN packets with source and destination address same i.e., same as the victim’s host address. The TCP/IP stack implements those kind of packets which leads to victim’s host to crush or hang. You can reduce the possibilities of your network being used as an initiate forged packets by filtering the out going packets that are having different source address from your internal network.

Ping of Death Attack: This is a method by which an attacker tries to crash , hang or reboot a system by sending illegal ICMP packet to the victim who is going to he attacked. Generally a TCP/IP allows a maximum packet size till 65536 octets, if the packets encountered are greater in size then victim’s host may crash. Usually the ICMP uses packets of header size of 8 octets by allows the user to specify even larger sizes. Here in Ping Death of attack ICMP packets are sent in the form of small parts of messages , when these are reorganized it turns out to be large packet size.

Teardrop Attack: In this type of attack first a packet of small size is sent. Then another packet said to be the part of the first packet sent. The second packet sent is very small to pick it from the first packet, this causes an error is assembling and the system may crash or hang. Generally fragmentation is very necessary if the message size is large , at the receiving end all the fragmented packets are reassembled to complete it, teardrop attacks concentrate here and sends unrelated fragment packets, which leads to system crash or hang when trying to assemble them.

Effects of DDoS:

1254522_76829873

1. An DDoS attack on a site not only affects that site but also other site which relate to the same network and the server.

2.The bandwidth that is provided is attacked it not only affects the victim host but also the bandwidth provider and others who share bandwidth with the service provider.

3. When DoS attack it already increases the traffic to the site that the whole system crashes , in addition to that customers logging add more traffic to the site, this definitely leads to site crash .

4. Due to highly increased bandwidth by the attack you need pay extra to that highly increased bandwidth.

How to Handle DoS attacks:

VPS Hosting From Host Department

1. Initially before they attack you need to take preventions like separate client and server addresses, using path based client addresses strictly avoids spoof addressing, RPF checking of server addresses and also by using midwalls.

2. Detection is very important, as early you detect it you can lessen the damage. By using automated intrusion detecting system you can detect the attacks at an early stage and take necessary action.

3. What we do after the attack is very important, based on the attack try to follow the procedures and taking back up so as to avoid huge loss. Try to maintain the traffic and also for a while blocking the traffic and filtering is also important.

Conclusion:
It is always better to take precautionary steps to avoid DDoS attack as it causes a lot of damage not only to the victim host but also to the entire network that is connected to that host.

Secured VPS Hosting Plans with free Plesk control Panel for life. (All VPS plans are Secured from DOS and DDoS Attacks )

Recently we published a wonderful article about the website security as “Top 10 best ways to Secure your website“. We received a lot of appreciations on that and a lot of people asked us to make it in to a single image like an infographic and here we go. We made an infographic on how to secure your website today, you can even embed this Inforgraphic in your websites or share with others..

Find the Embed code below..

Secure Your Website:

Secure your Website

Embed Code:

<a href="http://www.hostdepartment.com/blog/2013/06/06/top-10-ways-to-secure-your-website/" ><img src="http://www.hostdepartment.com/blog/wp-content/uploads/2013/06/securewebsite.png" alt="How to Secure your Website" width="800" /></a></br><a href="http://www.hostdepartment.com/blog/wp-content/uploads/2013/06/securewebsite.png" >How to Secure your Website</a> via <a href="http://www.hostdepartment.com" >Host Department</a>

Do not try modifying the image or any other link texts, it is a copyrighted material of Host Department. You should publish the code as it is.. Let us know if you have any questions in the comments section below.

One day, on a fine morning you woke up and want to see your website and suddenly you see a danger signal alarming that your website has been compromised. For a webmaster it will be the worst nightmare, do you have any such experiences? if so, who do you blame for this?. Security becomes one of the most essential part of the website management these days, as there are plenty of ways your website can get affected with any type of hacking, spamming or hijacking attacks. As a Host Department customer, you may be well protected over servers and network side, but are you really protected from your insides? That is the real question here.. how to secure your website internally?.

You may use the strongest locker in the world to protect your wealth, but what is the use if you left the doors open?. The same thing applies to your website too, we host thousands of websites and rarely receive few of such comprised website complaints. What do we do in such cases?, first we try to understand where is the loop hole and let me tell you something here, it is most of the time an application with an outdated version or some files which have full permissions (777) (read, write, execute), that means you are giving an open invitation to the hackers to compromise your website.We often try to warn our customers to update their CMSs or their blog applications such as WordPress, Joomla, Drupal etc but they ignore it and which ultimately results in to this kind of hacking attacks. Recently in a press release Joomla announced that they deprecated all the 1.x.x versions of Joomla. See this below note from their website..

Joomla! 1.0.x, 1.5.x, 1.7.x – these versions have been deprecated for a very long time and is no longer supported in any way, but there are still websites using it (shame on you!).  Generally denoted by a red stripe across the top of the page, you will find the version number at the bottom of the page.

But still there are lot of Joomla users who are using the same old versions, then how to rock solid your website security?, please read this below instructions to tighten your website security.

10 Ways to Secure your Website:

Step #1: Secure your Directory and File Permissions:

This is one of the most common cause for easily getting compromised, in lot of cases CMS type applications needs 777 permissions to execute few tasks. There is nothing wrong if you want to give full access temporarily but if you leave that file or folder with full permissions for a long time, that means that directory or file can be accessible and writable world wide by anyone. In such cases it is very easy for hackers to compromise and infect your pages. So, what is the solution?. What are the recommended file and folder permissions..?

777 permissions indicates Owner, Group and Public permissions respectively.

Directory Permissions

Recommended Folder and File Permissions:

Recommended directory permissions: 755 (rwx,rx,rx)

Recommended file permissions: 644 (rw,r,r).

Make sure that you always have these permissions assigned to the folders and files in your website, this is one of the important step to protect your website from malicious attacks.

Step #2: Use Strong FTP Passwords:

This is one of the most common blunder of the webmasters, they always use simple passwords for their FTP login, this is one of the worst mistake which can lead to some big problems. To avoid this always use secure passwords.

Secure Passwords

A strong password does NOT, in any way, use your personal information, such as name, phone number, Social Security number, birth date, address or names of anyone you know. You can make use of some great online tools to generate strong passwords, like Random password generator etc. You can also check the strengths of your present passwords using some tools like Microsoft password strength checker or password meter etc.

Also please make sure that you change your password in every week or at least in a month.

Step #3: Keep your Applications up to date:

Open source applications occupied a major part on the websites designing and development, these days a lot of people are hosting the open source CMS applications. We too encourage you to host them, but if you don’t keep them up to date, that means definitely you are in trouble. Several times we try to warn you guys on this, but most of the time webmasters ignore this.

We often try to send you email alerts about these security issues of using the old version of applications, but in mots of the cases customers ignore. We request you to keep your application up to date, there are thousands of people working on the open source projects to keep them up to date and make them secure, then why don’t you benefit out of those free and secure updates?.

Step #4: Secure your pages with SSL Certificate:

Do you have any eCommerce type website?, then do you know that having an SSL certificate for your SSL store is one of the most important thing to protect your customers valuable data and your reputation as well. Even if you have just a page which provide logins for your customers or members, then it is recommended to have an SSL certificate. This will ensure that all the information on your pages over the internet will be encrypted and almost impossible to read by any hackers.

Do you know that Host Department provides cheap SSL certificates?, our certificates starts from $11.95/month.

Cheap SSL Certificates

Step #5: Protect your .htaccess file:

.htaccess file is one of the most important yet most powerful file, which can control the behavior of your website and posses the power to even redirect your entire website to a different one. This type of attacks becomes more popular these days, in this attack a malicious hacker will inject a redirection code to a malicious website. Then, how to protect your htaccess file?, it is simple, as I said earlier do not assign full permissions to your htaccess file or you can write this below piece of code in your htaccess file which do not let any others access your htaccess file.

<Files ~ “^.*.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</Files>

The above code will protect your htaccess file from being accessed by others and will not let hackers inject any malicious code.

Step #6: Keep your home or office PC Secure:

You may ask that how keeping your system safe will protect your web pages?, in a recent survey it is disclosed that 30 to 40% of the malicious files are uploaded by the webmasters themselves, even our experience teaches the same. If your system is infected with the virus then obviously the next job of that virus to make sure that it will inject the malicious code in your web pages while you are trying to upload them or send your login credentials to the remote hacker so he can take care of the rest.

So always keep your PC clean and scan it daily with an updated antivirus program. Check for any unusual behavior before uploading yous files.

Step #7: Use Secure Passwords for your Emails IDs:

Email IDs getting compromised because of the weak passwords is one of the fastest raising issues in the hacking and spamming era. Once a hacker can manage to guess your password using the brute-force attack, he will simply start sending bulk mails to the various emails in the same server or even outsiders. Ultimately your mail server IP get black listed and you couldn’t able to send and receive emails, again you need to request for the delisting from the blacklist.

Emails

To avoid this kind of issues, it is recommended to use secure and strong passwords for your emails IDs. In our personal experience we have seen plenty of such cases, we often used send alerts on your email about the weak password usage, please do not ignore that and change your password to a secure one.

Step #8: Secure your Private and Admin areas with IP restrictions:

It is always recommended to secure your private areas with IP restrictions or at least with an SSL encryption. IP restriction is a bit way advanced yet effective method to stop the unauthorized personnel to access a particular area of your website. If you have a static IP at your home or office PC, it is recommend to set IP restrictions with .htaccess rule, so only your home or office PC can only access that particular area.

Here is an example htaccess code to IP restrict the access to a particular location.

# ALLOW USER BY IP
<Limit GET POST>
order deny,allow
deny from all
allow from 1.2.3.4
</Limit>

The above code restrict all other users from accessing a particular area except that allowed IP (ex: 1.2.3.4). You can replace that IP address with yours and place that htaccess in the folder which you want to restrict from public access.

Step #9: Change your database table prefix:

If you have a dynamic website with back-end database support, then it is recommended to use a different table prefix than a default one comes with your application. Also if you have a raw tables without any prefixes then it is important to add a prefix which hard to guess, this will ensure that no one can able to guess what is your database username, so there is no point of hacking the password.

Database Tables

We also recommend you to please use strong passwords for your database users, do not use same password for all the users. Make sure that each of your password is unique and absolutely strong.

Step #10: Try to have your own virtual private server:

Having your own virtual private server (VPS) is always an added advantage, you can define your own rules and you will have your own server with the choice of your own OS like Windows VPS and Linux VPS. This will enable additional layer of security and make all your data placed in your own server. This may not be a security measure, but worth trying. Because you will get a lot of advantages like writing your own rules installing all type of security applications etc.

Do you know that Host Department offer cheapest VPS hosting with free Plesk panel?, so you can manage most of your tasks using a powerful panel.

I hope you learned few important tips about your website security today, please do drop your comments, questions and suggestions in the comments section below, also if you like this post please consider sharing it with others.

There are many aspects of website security. One such aspect is password which is overlooked by many of us. Internet security is based on weakest link principle and that weakest link could be your password which hackers may use to hack your site. If you have secure password then you need not worry about hackers.

Host Department LLC. suggests you to keep your password as strong as possible, don’t reveal it to any one, change your password regularly, always log out in case you use a shared system.

There are a number of dos and don’ts when creating and managing your passwords, but there are some basics guidelines you can follow.

  • Use both upper- and lower-case letters
  • Incorporate numbers or punctuation marks
  • Use at least one of these special characters: ! @ # $ % * ( ) – + = , < > : : “ ‘
  • Make it at least 8 characters long.
  • A strong password does NOT, in any way, use your personal information, such as name, phone number, Social Security number, birth date, address or names of anyone you know.
  • Come up with something you can remember easily, but would be virtually impossible for anyone else to guess.