Keeping hackers at bay – A shared host’s check list to securing hosted websites
All Webhosts go through a lot of trouble securing their servers. Monitoring the server, setting up a firewall, creating multiple backups etc. Unfortunately, all this hard word can be undone by a vulnerability in a site hosted on this server. If its a shared hosting server, the chances of getting hacked go up dramatically. So part of your server’s security policy should be keeping your customers aware of the types of attacks and methods to combat them. Here are a few simple steps they can take to secure their sites.
Update all 3rd party software
With control panel addons like
SimpleScripts, Fantastico, Softaculous etc installing various 3rd party programs like
Joomla, WordPress etc has become as simple as clicking a few buttons. The disadvantage of this is that many customers test these installations and then forget about them. Leaving them un-configured and probably in a vulnerable state. If the installed version has a known vulnerability, it will not be closed till the customer updates the software. This is the point of origin for a majority of the hacks happening today. Many of these programs have plugins/addons that are provided by other programs. Unless these plugins/addons are secured/updated, they too can be taken advantage of.
- These control panel addons usually have the option to check and notify customers of outdated software. Make sure these notifications are enabled.
- Make sure customers uninstall any unwanted software installed on their site.
- Make sure customers keep all software up to date. If they are installed via one of the control panel add-ons, they can be upgraded via the add-on itself.
- Make sure all plugins/addons to these software are also kept up to date.
The importance of using strong passwords should never be underestimated. What is frequently forgotten is that using a strong password will protect the account from a brute force attack, but unless that password is encrypted when used to login, it can easily be stolen by someone who knows how. This is why it is important to make sure that your customers use secure logins wherever possible. Most control panels use secured login pages, or offer both.
- Use strong passwords.
- Use secure login(use services with SSL:
http, SMTP over SSL, FTPSetc).
This it not something your customers can do, so you will have to set this up on the server. If the account details are stolen, it is most likely going to be used to upload malicious files to the server. So it is important that you have a system in place that scans all files being uploaded to the server and block or notify you if malicious files are identified. There are many scripts available out there to help you with this.
This simple steps should help protect your servers from a majority of the type of attacks that have been occurring recently. So make sure you force your customers to follow these policies.
About the Author:
Hamish works as a Senior Software Engineer in Bobcares. He joined Bobcares in July 2004, and is an expert in Control panels and Operating systems used in the Web Hosting industry. He is highly passionate about Linux and is a great evangelist of open-source. When he is not on his xbox, he is an avid movie lover and critic.