Web Hosting Box

Security is perhaps one of the most important aspects of a web hosting plan, especially for webmasters that conduct a significant volume of e-commerce on a daily basis. A single security lapse could lead to widespread data loss, site downtime, slow loading pages, and a reduction in daily traffic levels. However, one security issue that is often overlooked and underestimated is spam, which is defined as any excessive and/or forceful communication with or use of a Web server or online system. Although web hosting providers offer integrated modules that are specifically designed to help webmasters maximize spam prevention, there are certain measures that website owners can take to completely eliminate site spam.

Why Should Spam Be Prevented?

Spam is a threat not only to the security but also to the productivity of every online business. Most websites become successful because of their continually updated content, which is of a high quality that visitors gain interest in. However, if your site becomes heavily populated with unmoderated spam comments and low-quality content, it is possible to experience a significant reduction in daily traffic levels and search engine rankings. In fact, it is even possible to be completely de-indexed from some search engines because of a large volume of spam on your site. Spam can also be seen in the form of automated e-mails that are submitted through contact forms on your website. E-mail spam can cause webmasters to waste a lot of time in cleaning up their inbox, reducing productivity and ultimately lowering the value and responsiveness of their customer service.

What Is a Captcha Script?

A captcha script is basically a script that is installed on your website which displays a unique image containing a random combination of characters (including letters, numbers, and sometimes symbols), which visitors must input into a form box to verify that they are not automated robots. Since captcha scripts actually create unique images spontaneously, bots are not able to read or decode them as they would be able to do with regular text. As computer programs are not able to actually view and interpret images, it is extremely unlikely that a bot will be created in the future that can decipher captcha images. Thus, captcha scripts are an effective long-term way to prevent automated spam and ensure that all of your site commenters and anyone sending you an e-mail is actually a human being.

How to Use Captcha Scripts

To use a captcha script you simply need to paste the code snippet into the coding of any form or input field. This will cause the script to randomly generate a captcha image any time the form is loaded on a webpage, making it so no information can be successfully entered into the form without the visitor first solving the associated captcha. Captcha codes can be generated in various programming languages, including PHP, ASP, and NET, making it a flexible and highly compatible spam prevention tool that can be utilized on any web site.

Security Company WebSense (www.websense.com) found out about an attack in the preceding week where malware authors used website defects to introduce nasty writings into millions of websites.

The attack appeared in the form of a virus domain called LizaMoon, which according to WebSense is a branch of a bigger attack that sends users to a website that tricks them into downloading fake anti-virus software known as Windows Stability Center.

WebSense states that LizaMoon utilizes SQL injection to upload nasty writing to conciliated websites.

A lot of domains have since pursued LizaMoon in these injection virus attacks, and WebSense has placed a complete record of these URLs on its website.

On the 28^th of March, WebSecurity primarily found 28,000 URLs had been negotiated with. Nonetheless, the security company soon found overall 226,000 compromised URLs, several of which were iTunes URLs. Given the situation, Apple has liberate itself of such URLs of the malevolent nature.

When this article was being pasted, a Google Search confirmed that there were more than 1.5 million infected URLs.

Nevertheless, this figure probably isn’t completely precise, as WebSense states that a Google Search is not a precise system as it gives distinctive URLs and not distinctive hosts.

While the attack persists to go around across the Internet, WebSense is forewarning users not to install anything web-based anti-virus software that asserts your computer is filled with viruses.

In an additional attack reported last week, the Oracle-owned MySQL.com website was negotiated by two hackers from Romania, who distributed usernames and passwords of some users of the website.

Every day web hosting providers spend countless hours trying to secure the transactions and communications of their customers in order to maintain a reputable business reputation online. Likewise, every day thousands of hackers try their hardest to find new exploit so that they can intercept and decode encrypted data, and gain access to the administrative interface of innocent webmasters’ web hosting accounts. Thus, security is not something that should be overlooked when selecting a web host, especially if you plan on conducting e-commerce with your website. The following are three of the most dangerous web hosting security problems that web hosting providers and webmasters have to be aware of on a regular basis.

Financial Fraud

The first and foremost security concern of a hosting company is the protection of financial data that is transferred and stored on their Web servers. The Internet is a gigantic cyber marketplace that has millions of online stores and hundreds of millions of customers shopping at any given point in time. Hackers thrive in such an environment by exploiting any possible loopholes as much as possible. A single security flaw can result in hundreds of thousands or even millions of dollars lost in a single day, especially if the integrity of a web server used to facilitate high volumes of e-commerce is compromised. Thus, hosting companies provide state-of-the-art encryption technology to their customers to ensure that their checkout pages are completely secure. Keeping the credit card and payment details of your customers safe at all times should be your primary concern as an online business owner.

System Overloads

One of the oldest, yet most common and troublesome security concerns in web hosting is the dreaded DDoS (distributed denial of service) attack. This attack bares its name because the hacker is actually distributing a denial of service by overloading a web server with massive amounts of traffic or requests within a certain period of time. This causes the web server to temporarily shut down in response to restrictions and limitations put in place by the web hosting provider, in order to ensure that each customer has access to an adequate amount server resources at all times. In other words, if one website or a single web server is using too many server resources at once, it can be shut down. Thus, hackers attempt to send large amounts of requests to specific Web servers in an attempt to cause server downtime, affect the performance of the hosting service, and possibly gain administrative access to the Web servers in the process.

Malicious Scripts

Another serious security problem that web hosting providers have to face on a regular basis is malicious scripting, which has the potential to gather an immense amount of data for hackers and cyber criminals in a short period of time. Usually these scripts are attached to web applications that are used by webmasters to increase productivity and enhance certain website management capabilities. These scripts utilize popular programming languages and platforms such as PHP to send and receive data from webmasters’ websites. Viruses can also be spread on Web servers in a similar fashion, jumping from website to website until a solution is found. When a web server is infected with a virus, many of the websites on the server will attempt to inject a virus onto visitors’ computers, thereby affecting the reputation of the sites. Thus, malicious scripts need to be proactively combated in order to ensure a high quality of service and the safety of web hosting customers.

Business owners and website administrators spend countless hours trying to perfect their website and sales pages in order to maximize conversion rates and create a profitable online presence. Sadly, every year hundreds of webmasters go through the terrible experience of losing site data and having to start all over from scratch. There are a plethora of reasons that data loss can occur, including but not limited to – your hosting provider going out of business, a hacker stealing or erasing data from the server, and even hardware damage. Luckily, every web hosting plan offers a free backup utility within the control panel that can be used to completely secure all of the data that powers your websites.

The Importance of Creating Backups

While most web hosting providers create routine backups of all of their web servers, it is important to store your own backup copies, in case the hosting provider goes out of business or physical damage is done to their data center. By having access to your own server backups you can also easily transfer your website to another hosting provider, and ensure the continuity of your sites in the event that the hosting plan expires. The following paragraphs outline the overall process of creating backups within the web hosting control panel.

How to Create and Store a Full Server Backup

Since most webmasters have or will eventually own multiple websites, hosting providers make it possible to backup the entire server, thereby securing the data of all websites simultaneously. To create and store a full server backup simply locate the backup utility module within your control panel, click generate backup, and then select the location on your computer that you would like to store the file to. Alternatively, you can store the file on external media such as an external hard drive, a DVD, a blank CD, or even a USB flash drive. Experts recommend keeping a copy of the backup on your local hard drive, and having several backup copies located on external media for maximum redundancy.

Other Backup Options

In addition to backing up all of the data on your web server, you can also backup a single website or even a portion of a website by clicking the partial backups module within the backup utility of your control panel. If you would like to download a backup copy of your server to be transferred via FTP so that it can be used within a new hosting account, you can also save the backup to a directory on your web server and then transfer it via an FTP client to the new hosting plan. Using this method will also allow you to store data remotely, thereby facilitating the process of working “within the cloud” (not having to rely on your computer’s local hard drive constantly). Traveling businessmen often utilize this method of backups so that they can access the backup from anywhere in the world. In addition, you can store the generated backup file hosting website for greater accessibility.

A Web Hacking Incident Database semiannual report was released by information security and compliance solutions provider Trustwave (www.trustwave.com) this week. It was learnt from the report that there has been an upsurge in DDoS attacks and it also depicts “a lack of properly implemented anti-automation defenses to ensure application availability”, and this is the reason why these attacks occur.

A new PenTest Manager online portal for the management of penetration tests in real-time was also released by the organization in the current week.

The report said that on number one position of attack vector in the second half of 2010 stood the DDoS attacks. This figure is an upsurge of 22 percent from the first half of 2010.

The chairman and CEO of Trustwave stated, “The WHID helps businesses better understand the potential business and technological impact of an attack. Such research enables informed and accurate decisions to protect and secure online commerce.”

According to Trustwave, the results of the report show that “website downtime is far from the traditional intended outcome of an attack.” The envisioned result is typically to hack for return.

It was learnt from the study that many enterprises have an incorrect assumption that a DDoS attack can be prevented from network hardware. However, according to Trustwave, organizations should examine the limitations of a website in order to understand the response of applications to attacks.

According to Trustwave, “26 percent of attacks are accounted against government agencies and a monetary loss of 64 percent was experienced by the finance sector”. “A 27 percent credit card leakage affected the retail to the most.”

The senior vice president and head of SpiderLabs, Nicholas J. Percoco said “Cybercriminals never stop trying to exploit Web applications. By aggregating the information in the WHID, we’re educating businesses with the latest trends regarding online threats to businesses.”