Tag Archive 'Security Issues'

htaccess for Password Protection - cPanel Tutorial Ch.9

Hypertext Access or htaccess was originally created as a default name of the Apache server directory configuration file.  Its purpose is to provide the power to customize directories of a server’s primary configuration file.  These directives are all required to be in .htaccess context and can only be used with the correct command lines.  The .htaccess file controls not only the directories it was created in, but all subdirectories within it as well.

As one of the most effective configuration files, htaccess is rather critical to your website.  Keep in mind that the most minimal syntax error, such as an omitted space, can result in the malfunction of your server.  It is very critical to use MySQL or PHPMyAdmin to backup your website, this includes any original .htaccess files.  Any changes that need to be made to .htaccess can easily be made within your cPanel.  We will get to that a little later.

When it comes to using the .htaccess file, options within your web hosting server seem unlimited.  With great power also comes great responsibility and risks.  By making one small mistake with the .htaccess file you run the chance of making your whole site dysfunctional.  The best way to manage your .htaccess files is certainly through the cPanel.  Your advanced administrative area will write the files out for you and is typically a safer method opposed to editing them on your own.

Many benefits come along with the .htaccess file, but protection is perhaps its most famed area.  
Password protecting your directories and website can be done several ways yet is easily managed by way of the cPanel. Here is a perfect example:

- First log into your cPanel
- You will then find the htacess/htpassword creator tool on the page.  From there you will create a username and password you would like to use for the designated directory.  
- Click on the “create file” tab
- You will then create two files, .htaccess and htpasswd

The first box on the tool page will then read something like this:

AuthName “Password Protected Directory”
AuthType Basic
AuthUserFile /your/server/path/.htpasswd
require valid-user

The AuthName field is something that may be changed as this will translate a prompt that asks for a user’s credentials.  You may wish to type in “You Must Be Logged In To Do That” or “Password Protected Area”.  You must change the AuthUserFile path and assure that the modified location is placed above the documentroot.  Refer to the example below.  

/home/username/www/secure/ - secure folder
/http://www.domain.com/secure/ - accessing domain
/home/username/www/ - where all files are served from
/htpassword: /home/username/passwords/ - the storing of our password

This is how our .htaccess file would now translate:

AuthName “Password Protected Directory”
AuthType Basic
AuthUserFile /home/username/passwords/.htpasswd
require valid-user

From the second box of the page you will copy then paste this code into the new htpasswd file.  This normally takes no longer than two to three minutes to complete after the first trial, a fairly simple process that adds great protection for your website.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5 out of 5)
Loading ... Loading ...

Apr 10, 2008 : Security Issues cPanel Tutorials No responses yet

Web Hosting Security

By now you should realize that selecting a web host for your site is a thorough process. First you need to become familiar with the basics of web hosting. Then you must select a platform such as Linux, Windows or another brand. From there you need to closely examine the features and understand how they are controlled. The last area we will cover is certainly one that should concern you the most - security issues.

Surfing the web can be a rather fulfilling experience for the online enthusiast. Playing exciting video games with users from all over the world, access research for a huge projects or even operate a fully functioning business. As much power as the internet has, the risk of intrusion will always exist. When participating in any online activity, security is a measure that should be exercised by all users, especially if the activities are business related.

The sad truth of the matter is that most people do not think they can fall victim to problems such as computer crashes. Many of us simply do not believe that our machines can be hacked. The standard securities first applied when installing your operating system are not enough. You probably are not aware of it, but there are millions of hackers attempting to penetrate millions of servers right now. 

Malicious viruses and hackers are a common part of internet life. They both pose a tremendous threat to operating systems, personal identities and in some cases, assets. Choosing to build a website on a reliable server is the best way to not only protect yourself but your business as well.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5 out of 5)
Loading ... Loading ...

Apr 10, 2008 : Security Issues No responses yet

What You Need To Remember About Web Hosting Security

A quality web host running on capable servers is what it takes to keep your website thriving on the internet. You want the platform to be one that provides you with a user friendly interface, a responsive support team and solid reliability.

Web hosting ranges in prices from $5 to $500 per month. Finding a web server to host the site is not often the problem; the following areas are:

  • Anyone with a credit or debit card can gain access to a server and get onboard with a website for a very affordable price. This includes professionals, internet enthusiasts, college students and hackers - you are exposed to all of them.
  • When running your site on a shared server, one simple mistake or security mishap from another user has the power to disrupt every other user on the server
  • Updates to the operating system’s central server are rare. This is because different situations apply to the hundreds and thousands of individuals based on the server. This causes the server to miss out on important updates that relate to speed, stability and security features
  • Several web hosts will not take the full liberty to protect the server from potentially hazardous users; many of them being developers with access to open-source codes.

Conclusion on Web Hosting Security

There is one truth about web hosting you must recognize and accept - solid security will always be an ongoing process. Even the host that seems to have the most impenetrable servers are all susceptible to security issues. Many of them may have security defects in applications such as a shopping cart, control panel or just a web page in general. These type of holes make it easy for hackers to attain critical information that allows them access many restricted areas of the server. While this is one of the worst experiences to endure with your website, it is a reality that you as a web hosting user should be aware of.

Shielding your personal information and the content on your website is never a sure thing. This is mainly because end level users really do not know much about issues until it is too late. The only individuals truly aware of these problems are the hackers behind them and the security personnel from the web host working diligently to correct them. This is why you should always carefully review a good number of hosts and make sure they do not have an extensive history of security problems. There are actually a few lists that you can find on the web composed by hackers that will expose those insecure servers. This will save you the frustrating headache that comes along with losing the content you worked so tirelessly to build and the money you spent on the service. 

While there is no surefire way to provide your website with full proof protection from hackers, there are a few security measures that you can take to reduce the risk: 

  • Store all of your sessions and other sensitive information into the database
  • Make sure the database is secured with a password
  • Check for current vulnerabilities in any application being used by the web host; this may include your control panel, PHP or ASP scripts, spam filters and etc.
  • Always make yourself aware of popular viruses and how they may effect you or your website
  • Frequently check the DNS query log within the web host’s server
  • Inquire within the web host about their backup procedures
  • Check for any applications that are not needed. If a certain component doesn’t play a significant role in your website, you may wish to disable it in order eliminate that security threat
  • Make yourself familiar with the intrusion detection tools included in the web hosting package
  • Frequently check the performance of your operating system
  • Frequently check the status of system memory
  • Frequently check for upgrades in the operating system the web hosting server is based on and make yourself familiar with the vulnerabilities

We have now covered all of the required essentials for choosing a reliable web hosting service. Equipping yourself with this knowledge should certainly make the process a bit easier. When a web host has been selected, be aware that you must also play a large role in keeping the site functional and secure.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Apr 10, 2008 : Security Issues No responses yet

The Downside of Open-source Applications

The beauty of open-source programs is one talked about all over the web. Even though many of these applications and web components are free, several companies have been able to turn profits by re-selling them to other vendors and clients. Open-source programs receive contributions from thousands of web developers all over the world. This is because the source code of the application is freely available and has the ability to be expanded upon.

Free software is music to the ears of any web programmer. This could spell trouble for the innocent individual who is merely looking for a capable web host. Open-source programs are a hacker’s heaven. In a sense, they too are developers, which gives them easy access to source codes as well. They can quickly learn how the program works then develop strategies to break it down. As hackers remain busy, upgrades are constantly introduced into web hosting platforms to strengthen security. This only gives a hacker something else to strive for - it is a never ending cycle.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Apr 10, 2008 : Security Issues No responses yet

Security Features to Look For

The essentials of your website will need to be secured by many different components. Each security feature has a designated role in protecting your content. Below we have compiled a list of security features that are the most crucial:

FTP - FTP (File Transfer Protocol) is defined as a method of transferring files over the web. Hosting servers that make use of FTP enable their clients to exchange robust files in large amounts from one computer to another in a protected manner. 

A web host offering this feature will allow users to create accounts for FTP. Each account can be assigned a username and password. This ensures that only an authorized user will have access to uploaded files. 

FTP is much more advanced with its method of security opposed HTTP (Hyper Text Transfer Protocol). While HTTP is a common way to transfer files, it is not secured and openly allows hackers and unauthorized users access to sensitive information. 

SSL - SSL (Secure Sockets Layer) is a very important part of security that should be included into a website that intends on selling products or services. This component strengthens the practice of File Transfer Protocol. The purpose of SSL is to keep the privacy and security in web orientated communication systems. Here are two of the basic security measures found in SSL protocol:

1.) SSL protocol encrypts data by using symmetric cryptography to maintain complete privacy during web orientated communication such as monetary transactions.

2.) SSL provides reliability by checking each message that is exchanged over the web. 

The cryptographic capability of SSL was designed to establish a secure connection between computers. Some web hosts will also allow the integration of other encryption servers such as SSH. This reduces the need of installing additional security applications and may eliminate the requirement of configuring new protocols. One of the most notable features of SSL is “optional session caching”. This optimizes the total number of network connections and activity to keep the communication process secure and efficient.

TLS - TLS (Transport Layer Security) is another solid security feature to look for in a web host. Similar to SSL protocol, TLS protects in two different ways: Record Protocol and Handshake Protocol. TLS uses symmetric cryptography to encrypt data while ensuring privacy throughout the process of web orientated communication. It patterns SSL by checking all messages that are exchanged over the internet when being exchanged from one computer to another. 

This form of security forbids unauthorized users to interact in the midst of the communication that takes place over the internet. Third-party individuals may only take part in the process after being detected and granted permission by the two authorized users. 

TLS is also very compatible as it allows users to implement other methods of encryption to the framework. Like SSL, TLS comes with the “optional session caching” feature. 

SSH - SSH (Secure Shell Host) is perhaps the most efficient security feature used to protect the communication process. A Secure Shell comes available with encrypted channels that enable users to access another computer over the web and execute commands from a remote location. SSH was specifically designed to protect digital content being transferred between computers, securing the information from probable hackers. 

SFTP - Several web hosts that support FTP or SFTP (Secure File Transfer Protocol) come with the capability of SSH. SFTP is a step above typical File Transfer Protocol as goes great length to protect the content. SFTP will prevent passwords and other pertinent data from being thieved during the transfer process. Being that the protocols are different, FTP and SFTP cannot be integrated to work with one another.

Firewall and IDS - Most networks have firewall installed though many of them lack efficiency. A faulty firewall application will allow remote access from third-parties, allow the disclosure of sensitive information and also allow frequent attacks from the network of the web server. A hosting platform that encourages security should give a user the power to directly or indirectly adjust rules for the firewall application. Here is an example: if the website happens to receive frequent visits from malicious surfers, the host should grant you the ability add the IP address of the attacker and add to an active list on the firewall. 

IDS translates to Intrusion Detection System in web hosting terms. This provides a greater level of security as it recognizes the number of an attacking vector and prevents it from gaining access to the targeted server. 

DDOS Prevention - The Denial of Service attack is one of the oldest threats to an operating system. Even though this problem has been around for sometime it is still difficult to prevent. These attacks will slow down a web server and falter every site running on it. In this case many users operating their site on a shared web host will become innocent victims. To correct this common problem, Anti-DDOS procedures are now readily available into firewall and router applications. A quality web host certainly will not overlook this essential security feature.

Spam Prevention - While many people may view spam as something that is not a direct security issue, it can pose a serious threat to the lifeline of your business. Free web hosting servers are prime targets for spam messages. Visit a few blogs or message forums and you are sure to notice a good share of it posted in comment sections. Aside from being a total annoyance, spam messages may carry viruses, worms, spyware and other forms of system infections. Spam can drastically affect the performance of a web hosting server depending on the number of emails they are able to handle. It also eats up tons of disk space and bandwidth. An anti-spam solution should certainly be a part of your web hosting package. Keep an eye out for this feature as many servers will not offer it. 

Hotlink Protection - This is one of the most common security issues you will endure with a website. Hot linking occurs when an individual from another website creates a direct link to one or more of your images or text links and then lists it on their page. Regardless of how pure their intentions may be, this constitutes as theft of your property. Aside from that, hotlinking will absorb a substantial amount of bandwidth over time. Capable administrative tools such as cPanel and Plesk come with features that easily prevent the act of hotlinking.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Apr 10, 2008 : Security Issues No responses yet

Next »