Security Archives - Host Town USA

Keeping Your Website Safe

Host Town USA — Mon, 09 Oct 2017 19:19:56 +0000

I like to play, make jokes, and say silly things in an attempt to keep this blog relatively light. However, I think for this post, we need to buckle down and get serious for a second. Do not run off! I am not going to bore you, I just think we need to take a second and talk about site security.

Working at a hosting company, we deal with hacked accounts on a daily basis. Hackers are sophisticated individuals with expert knowledge in the internet and computers, something not all site owners have. Hacks and Denial of Service Attacks happen all over the world, every day, taking down sites, servers, even entire networks with shocking efficiency. In headlines this month, we see huge websites like the New York Times, Twitter, The Washington Post, and The Financial Times becoming victims of hackers.

So, how do you protect your site? Like any security measure, there is no absolute guaranteed way to keep your website safe, but I have a few suggestions that will tighten up the security on your hosting account. It is important to understand that the security of your website and hosting account is in your hands. Like any hosting provider, we offer a high level of security on the network and server, but in regards to your account, you have the most power to prevent unwanted access.

1. Keep everything on your server up to date.

It does not matter if you are not using that software or theme currently, if you have it on your server, you need to keep it updated because even inactive subscriptions could open up vulnerabilities to your account. The most common reason for updates is to install security patches to current versions of software, so take advantage of that.

If you are not using something, uninstall it. This will prevent the risk of someone accessing your account through something you do not actively monitor. The bonus to this is that you will be able to reduce your overall resource needs by ridding your account of extraneous software. If you are using it, or plan to use it in the future, be sure to update it regularly.

2. Use and rotate complex passwords.

Remembering passwords can be annoying, but it is necessary. For the security of your account, you need to use complex and unique passwords and rotate them regularly.

To make your password memorable, but complex, try using a phrase you can easily recall. For example, I will use, “It is a far, far better thing that I do, than I have ever done…” because I can always remember the last line of A Tale of Two Cities by Charles Dickens, but you can use whatever phrase you like. Take that phrase, and abbreviate it with the first letter of each word:

iiaffbttidtihed

Then capitalize some letters in a way that you will remember:

IiaffbTTIdtIhed

Now, add some numbers and symbols:

I!a55bTTIdtIhed

BOOM. Secure password with a pneumatic built in.

If you cannot remember your passwords, do not store them in an unprotected document on your computer. If someone hacks your computer, they will find your passwords. If you want to store your passwords so you don’t have to remember them, try an application like KeePass (http://keepass.info/) which will store all your passwords in an encrypted file. The only password you will have to remember will be the master password. Just make sure you aren’t using a simple password as your master password!

Also, don’t use the same password for everything. Keep a variety of passwords. That’s where tools like KeePass will be really helpful in keeping you organized.

3. Consider an upgrade.

Please don’t take that to mean that shared hosting is not secure, because all servers at Host Town USA are secured to the same high standards. However, VPS or Dedicated hosting packages will offer you more separation from other accounts and more control over the server itself.

That can be a double edged sword, because it means that your access level could compromise the site, so if you are not confident, or are not working with an experienced developer, make sure you don’t make too many changes to anything server-side.

4. Check your code.

Checking your code means more than just updating your HTML for site changes. It also means testing any changes you make prior to making them live. You want to ensure that there are no holes written into any custom coding.

While you are reviewing new code, take the time to review old code as well. If you see any unfamiliar code, it is possible someone has hacked your account and is using it without your permission. By keeping up with your website’s code you can ensure that you know when changes are being made to your files.

In addition to the coding, check your access logs to ensure that the only IP address attempting to log into your server is your own. If you notice something askew, update your passwords and block that IP address.

5. Check your file permissions.

When you create a file, it will at times open the access to the world. Yep, the entire world. Ok, that’s a bit of an exaggeration, but if your permissions are set to 777, that means that anyone can access and change your file permissions.

This is just enough of a crack to let a hacker through, so make sure that you have everything set properly. Ideally, you want your permissions set to 755 (or 644 depending on the purpose of the file) which means that you can access and change the file, but others can just see and use it.

If you’d like some more details on file permissions, our Support Center has a basic explanation of them as well as some details on changing them.

The above suggestions are just to get you started in securing your site. There is a lot of information out there, and diligence is required to keep your hosting account secure.

While you may not have the resources to have someone monitoring your account 24/7 like our Systems Team monitors our servers and network, it’s not a bad idea to get in the habit of checking in on your account daily, even when you aren’t updating any of its information.

The post Keeping Your Website Safe appeared first on Host Town USA.

How Secure Is My Website?

Host Town USA — Thu, 21 Sep 2017 13:21:45 +0000

Picture this: You’ve registered the perfect domain name for your website. Your product list is coming together and your website looks great. Then, bam. A new contact from the local chamber of commerce wants to hire your company to provide breakfast finger foods. He also wants to know if your small business website will be secured with an SSL Certificate to make the payment. You are stuck asking yourself, what is an SSL Certificate? And does my website need one?

These days, we do most of our stuff online. We pay our bills online, we bank online, meet our friends online, shop online, etc. It is easier, faster and more practical. It’s also more interactive and real-time. But did you know that there is a certain credential behind this secure technology? It’s called the SSL Certificate.

What is an SSL Certificate?

SSL (Secure Socket Layer) Certificate is a standard security technology for establishing an encrypted link between a server and a client—typically a website and a browser, or a mail server and a mail client. SSL Certificates allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server, they can see and use that information. Starting mid-2014, Google announced that having an SSL Certificate installed on your website will increase your ranking position, which is another great reason to use an SSL Certificate.

Why Do I Need an SSL Certificate?

Data transferred in plain-text form or in non-encrypted format can be intercepted, eavesdropped, compromised and stolen. Transactions performed online may involve submitting personal information such as credit card information, social security numbers, usernames and passwords. Cyber criminals who intercept unencrypted communications will gain full access to this data and can use it for fraudulent purchases and activities. Trust and security are what make people confident enough to provide private, sensitive information online. SSL certificates are what make a website trusted. Organizations must use an SSL certificate to secure their site if they wish to take online payments or expect their visitors to submit confidential information. Apart from building essential trust and security into your website, SSL certificates also help with SEO efforts now that Google is providing a ranking boost for pages that are served over https. One of the most important components of online business is creating a trusted environment where potential customers feel confident in making purchases. Browsers give visual cues, such as a lock icon or a green bar, to help visitors know when their connection is secured.

I’m not sure if I have an SSL certificate installed, how do I check?

This SSL Checker via SSL Shopper will help you diagnose problems with your SSL certificate installation. You can verify the SSL certificate on your web server to make sure it is correctly installed, valid, trusted and doesn’t give any errors to any of your users. To use the SSL Checker, simply enter your server’s hostname (must be public) in the box below and click the Check SSL button.In almost all cases, if you want to quickly identify if you are using a secure website, there would be a lock icon next to the domain. Also, the domain would start off as https:// vs http://.

Do I really need an SSL certificate for my website?

Before quickly dismissing your site as too small to be a target, keep in mind that most interceptions are done electronically without a human deciding who is attacked. A web creepy crawly doesn’t care how big you are or what you do for a living. They have one goal, and that is to find vulnerabilities. Once discovered, its dirty work begins. No site is too small to get hacked.

If you sell products? Probably. If you’re taking credit card payments directly on your website, you definitely need SSL in place to encrypt your customers’ credit card information. However, that doesn’t necessarily mean you need it on your entire site; you might decide to use SSL only on store or checkout pages, for instance. If you use PayPal exclusively to accept payments, you don’t need SSL since customers aren’t paying you directly.

If you offer memberships? Maybe. If you run a membership site, free or paid, SSL might be a good idea. After all, your members are giving you their email addresses, names, and passwords, all of which they likely use on other sites. Do you really want to risk being responsible for a security breach that results in your members’ information being spread across the whole internet?

If your visitors submit sensitive information via forms? Maybe. If your site’s visitors are submitting any personal information, documents, photos, etc. via forms on the site, you might consider SSL to keep that information safe. I won’t even talk about HIPAA compliance as that’s a whole separate issue, but you might be surprised how much information you collect about your visitors even if you don’t sell products or offer.

Which company should I go with?

The thing with SSL certificate providers is that it is usually a matter of who’s popular. For example, if you have a customer who does not know what Verisign or Comodo is then chances are he would not care about this. However, to a cautious customer, having his pages authenticated and verified by these companies will go a long way in assuring him that his site is safe.

Who are the best SSL certificate providers? This depends on your needs, the features that you want, how popular and trusted these providers are, as well as the prices for the things that you need. Be sure that you are getting real security by choosing a SSL certificate provider that really works hard to protect and secure the sites under their care.

In a nutshell, Secure Sockets Layer Certificate is used to secure the data transmitted over the internet between your computer and the destination servers. This could be the password you used to log into Facebook or your credit card information when you are purchasing something online, basically any important information you wouldn’t want others to know.

Cyber security poses a major challenge to online business, as hackers are becoming more numerous and daring in compromising websites, particularly commercial sites where sensitive financial information is exchanged. A breach can create huge liability costs and shake customer confidence in a business. That’s why all ecommerce sites and any company that processes information should use secure sockets layer (SSL) protection.

The post How Secure Is My Website? appeared first on Host Town USA.