Archive for the 'Security Issues' Category

htaccess for Password Protection - cPanel Tutorial Ch.9

Hypertext Access or htaccess was originally created as a default name of the Apache server directory configuration file.  Its purpose is to provide the power to customize directories of a server’s primary configuration file.  These directives are all required to be in .htaccess context and can only be used with the correct command lines.  The .htaccess file controls not only the directories it was created in, but all subdirectories within it as well.

As one of the most effective configuration files, htaccess is rather critical to your website.  Keep in mind that the most minimal syntax error, such as an omitted space, can result in the malfunction of your server.  It is very critical to use MySQL or PHPMyAdmin to backup your website, this includes any original .htaccess files.  Any changes that need to be made to .htaccess can easily be made within your cPanel.  We will get to that a little later.

When it comes to using the .htaccess file, options within your web hosting server seem unlimited.  With great power also comes great responsibility and risks.  By making one small mistake with the .htaccess file you run the chance of making your whole site dysfunctional.  The best way to manage your .htaccess files is certainly through the cPanel.  Your advanced administrative area will write the files out for you and is typically a safer method opposed to editing them on your own.

Many benefits come along with the .htaccess file, but protection is perhaps its most famed area.  
Password protecting your directories and website can be done several ways yet is easily managed by way of the cPanel. Here is a perfect example:

- First log into your cPanel
- You will then find the htacess/htpassword creator tool on the page.  From there you will create a username and password you would like to use for the designated directory.  
- Click on the “create file” tab
- You will then create two files, .htaccess and htpasswd

The first box on the tool page will then read something like this:

AuthName “Password Protected Directory”
AuthType Basic
AuthUserFile /your/server/path/.htpasswd
require valid-user

The AuthName field is something that may be changed as this will translate a prompt that asks for a user’s credentials.  You may wish to type in “You Must Be Logged In To Do That” or “Password Protected Area”.  You must change the AuthUserFile path and assure that the modified location is placed above the documentroot.  Refer to the example below.  

/home/username/www/secure/ - secure folder
/http://www.domain.com/secure/ - accessing domain
/home/username/www/ - where all files are served from
/htpassword: /home/username/passwords/ - the storing of our password

This is how our .htaccess file would now translate:

AuthName “Password Protected Directory”
AuthType Basic
AuthUserFile /home/username/passwords/.htpasswd
require valid-user

From the second box of the page you will copy then paste this code into the new htpasswd file.  This normally takes no longer than two to three minutes to complete after the first trial, a fairly simple process that adds great protection for your website.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5 out of 5)
Loading ... Loading ...

Apr 10, 2008 : Security Issues cPanel Tutorials No responses yet

htaccess Blocking - cPanel Tutorial Ch.10

Apache web hosting servers have designed a number of configuration tools to assist the user in administrating their site.  Few of them have more purpose and functions than the little file by the name of .htaccess.  This file is powerfull when changes are made within it, giving users the freedom to override default functions of their web hosting server.

As a mere ASCII text file htaccess can be evolved to perform many operations.  We previously learned that this file can password protect the directories of your website.  It also has the ability to redirect users to a different location or block IP’s or certain domains.  

WHY BLOCK WITH .HTACCESS?

There is an endless amount of sites hosting blogs and member forums on the net.  These websites are frequently targeted by an equal amount of computer hackers and spammers.  Coming up with a solution to this never ending problem has been ongoing since the internet’s introduction. .Htaccess is great tool that limits this activity and gives you a bit more privacy.

You may have observed the fact there is no prefix for this file; it simply starts with a period and is then followed by the letters htaccess.  This means that it will typically be stored as a hidden system file.  Hidden system files can easily be unveiled via the manager page of your cPanel.  Since not all web hosting servers will allow the use of .htaccess, it is certainly best to check company regulations before proceeding.

HTACCESS vs THE CPANEL

While .htaccess files can be activated in via your cPanel there has been a debate on whether you should use them or not.  Being that .htaccess is such a sensitive file that could inadvertently shutdown a website it should only be used when absolutely required.  The IP Deny Manager feature of cPanel was one designed to work similar to .htaccess.   

Just like .htaccess the IP Deny Manager allows users to block IP addresses and domains from entering your website.  If there is an IP address or domain you wish to block from your website it can simply done within the cPanel:

- First log into the cPanel account
- Find the “site management” tab and click “IP Deny Manager”
- Locate “Add IP Deny” then type in the address you have chosen to block
- Click the “Add” button

From there your IP Deny Manager has been set.  The online hecklers you have singled out will never have access to your site again unless you choose to lift the ban.  Your htaccess file helps in the removal process, or you can simply select the IP from a drop down page in the IP Deny Manager and manually lift the ban.   
One of the main reasons you may want to block an IP is due to the content of your site being stolen.  While the .htaccess file is a great way to prevent this activity, the cPanel also has a reliable feature that works on its own in the IP Deny Manager.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Apr 10, 2008 : Security Issues cPanel Tutorials No responses yet

Web Hosting Security

By now you should realize that selecting a web host for your site is a thorough process. First you need to become familiar with the basics of web hosting. Then you must select a platform such as Linux, Windows or another brand. From there you need to closely examine the features and understand how they are controlled. The last area we will cover is certainly one that should concern you the most - security issues.

Surfing the web can be a rather fulfilling experience for the online enthusiast. Playing exciting video games with users from all over the world, access research for a huge projects or even operate a fully functioning business. As much power as the internet has, the risk of intrusion will always exist. When participating in any online activity, security is a measure that should be exercised by all users, especially if the activities are business related.

The sad truth of the matter is that most people do not think they can fall victim to problems such as computer crashes. Many of us simply do not believe that our machines can be hacked. The standard securities first applied when installing your operating system are not enough. You probably are not aware of it, but there are millions of hackers attempting to penetrate millions of servers right now. 

Malicious viruses and hackers are a common part of internet life. They both pose a tremendous threat to operating systems, personal identities and in some cases, assets. Choosing to build a website on a reliable server is the best way to not only protect yourself but your business as well.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5 out of 5)
Loading ... Loading ...

Apr 10, 2008 : Security Issues No responses yet

What You Need To Remember About Web Hosting Security

A quality web host running on capable servers is what it takes to keep your website thriving on the internet. You want the platform to be one that provides you with a user friendly interface, a responsive support team and solid reliability.

Web hosting ranges in prices from $5 to $500 per month. Finding a web server to host the site is not often the problem; the following areas are:

  • Anyone with a credit or debit card can gain access to a server and get onboard with a website for a very affordable price. This includes professionals, internet enthusiasts, college students and hackers - you are exposed to all of them.
  • When running your site on a shared server, one simple mistake or security mishap from another user has the power to disrupt every other user on the server
  • Updates to the operating system’s central server are rare. This is because different situations apply to the hundreds and thousands of individuals based on the server. This causes the server to miss out on important updates that relate to speed, stability and security features
  • Several web hosts will not take the full liberty to protect the server from potentially hazardous users; many of them being developers with access to open-source codes.

Conclusion on Web Hosting Security

There is one truth about web hosting you must recognize and accept - solid security will always be an ongoing process. Even the host that seems to have the most impenetrable servers are all susceptible to security issues. Many of them may have security defects in applications such as a shopping cart, control panel or just a web page in general. These type of holes make it easy for hackers to attain critical information that allows them access many restricted areas of the server. While this is one of the worst experiences to endure with your website, it is a reality that you as a web hosting user should be aware of.

Shielding your personal information and the content on your website is never a sure thing. This is mainly because end level users really do not know much about issues until it is too late. The only individuals truly aware of these problems are the hackers behind them and the security personnel from the web host working diligently to correct them. This is why you should always carefully review a good number of hosts and make sure they do not have an extensive history of security problems. There are actually a few lists that you can find on the web composed by hackers that will expose those insecure servers. This will save you the frustrating headache that comes along with losing the content you worked so tirelessly to build and the money you spent on the service. 

While there is no surefire way to provide your website with full proof protection from hackers, there are a few security measures that you can take to reduce the risk: 

  • Store all of your sessions and other sensitive information into the database
  • Make sure the database is secured with a password
  • Check for current vulnerabilities in any application being used by the web host; this may include your control panel, PHP or ASP scripts, spam filters and etc.
  • Always make yourself aware of popular viruses and how they may effect you or your website
  • Frequently check the DNS query log within the web host’s server
  • Inquire within the web host about their backup procedures
  • Check for any applications that are not needed. If a certain component doesn’t play a significant role in your website, you may wish to disable it in order eliminate that security threat
  • Make yourself familiar with the intrusion detection tools included in the web hosting package
  • Frequently check the performance of your operating system
  • Frequently check the status of system memory
  • Frequently check for upgrades in the operating system the web hosting server is based on and make yourself familiar with the vulnerabilities

We have now covered all of the required essentials for choosing a reliable web hosting service. Equipping yourself with this knowledge should certainly make the process a bit easier. When a web host has been selected, be aware that you must also play a large role in keeping the site functional and secure.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Apr 10, 2008 : Security Issues No responses yet

The Downside of Open-source Applications

The beauty of open-source programs is one talked about all over the web. Even though many of these applications and web components are free, several companies have been able to turn profits by re-selling them to other vendors and clients. Open-source programs receive contributions from thousands of web developers all over the world. This is because the source code of the application is freely available and has the ability to be expanded upon.

Free software is music to the ears of any web programmer. This could spell trouble for the innocent individual who is merely looking for a capable web host. Open-source programs are a hacker’s heaven. In a sense, they too are developers, which gives them easy access to source codes as well. They can quickly learn how the program works then develop strategies to break it down. As hackers remain busy, upgrades are constantly introduced into web hosting platforms to strengthen security. This only gives a hacker something else to strive for - it is a never ending cycle.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Apr 10, 2008 : Security Issues No responses yet

Next »