Top Rated Hosting

Five Things to Look for in Good E-Commerce Hosting

Web hosting security is an ongoing struggle. No matter how well-prepared you think you are for security issues, there is always something more you can do. One of the biggest security vulnerabilities that system administrators and individual users alike often face is password inadequacy.

A weak password is almost like leaving the door to a house unlocked. It makes it much easier for attackers to get in. The following are four password generators that can help you make stronger passwords for your accounts.

1. PCTools Secure Password Generator – It supports lengths from 4 to 64 characters, mixed letters and numbers, mixed case, and bulk generation of up to 50 passwords.

2. Automated Password Generator (APG) – If you use Linux on your server or desktop and have access to APG, you can easily create secure passwords from the command line. It supports both pronounceable (not real words) and unpronounceable passwords.

3. Whatsmyip password generator – Similar to the PCTools password generator, this generator supports mixed characters and case, symbols, and up to 12 characters. One disadvantage is the page is not encrypted.

4. GRC Ultra High Security Passwords – This generator makes the others look like children’s toys. When you need an ultra-difficult password for high security, you can use this generator to make a 64-character random hexadecimal password or 63-character ASCII or alpha-numeric passwords. Each time the page loads, it creates a unique, secure set.

If you are worried about users not being able to remember their passwords, pronounceable ones from APG or the mnemonic devices used by PCTools may be helpful. Otherwise, any of these password generators will give you more secure passwords than the typical, easily-guessed user passwords.

Password Generators for Hosting Security

(The Hosting News) – Everyday consumers hear about the increasing amount of security threats plaguing e-commerce sites. This causes a feeling of apprehension and lack of confidence when shopping online. A disclosure report in 2009 admitted by major credit card companies showed that an estimated forty million credit cards may have been compromised. The threat is real and it is imperative for a business owner of an e-commerce or m-commerce to take the threat seriously. If the consumer has no confidence in the security on your site, they are not going to take the chance to buy from you online.

It is more essential than ever before to take the safeguards necessary to secure your storefront and customer information. As a m-commerce or e-commerce site owner, one of the best ways to take the necessary precautions is to secure any data transmitted through your site with an SSL, or secure sockets layer.

The secure socket layer protocol ensures communication between the client and server is safe and secure by preventing data forgery, eavesdropping and any tampering. SSL protects digital transactions, mobile transactions using credit card processing, network access, and online communications by forging a secure channel between the servers and your consumers.

You can tell when you have entered a secure web server by the domain address in the URL bar. If it begins with https instead of http, you know it is secured with an SSL. When a customer enters a secure website, a digital certificate is presented through the server’s authentication. SSL works because of encryption software; it encrypts any personal data including credit card numbers or mobile money accounts in order to rend it unreadable to hackers.

The SSL certificate is of the greatest important to an m-commerce or e-commerce site builders. The SSL certificate is utilized for the main purpose of encrypting any data it encounters as it sits on its own secured server. It also helps in identifying the website, so the consumer gains the confidence needed to shop at your online store. The SSL certificate identifies the site belongs to those it should, the original domain name assigned to a particular web address and which Certificate Authority issues the SSL certificate. It will also identify the country from where it was issued.

Credit card processing is an essential part of any online store, especially one that accepts mobile payments as well. SSL is one of the best and most responsible ways an online site owner can secure his customer’s data.

Install Security for Your Online Store with SSL

If you had an unlimited supply of money, you would not need to consider backup options for your websites. Every site would have its own dedicated server, and every dedicated server would have second or even third backup servers with identical, redundant backups.

Unfortunately, we live in the real world, and you may have nothing more than a $9.95-per-month web hosting budget. Whether you have a single hosting account or a number of dedicated servers, your backup options are still limited. The following backup solutions are all possible options, but they also have limitations.

1. The home computer – Perhaps the most common backup device that new web hosting users employ is the home computer. Whether a desktop or a laptop, you can always backup your website files and databases and save them to your hard drive.  The limitations are that you consume your own home’s bandwidth and your backups are only as safe as the computer. If you get a virus, accidentally wipe your hard drive, or watch helplessly as your child spills apple juice on the computer, your backups are gone.

2. Backup Drive or Local Device- Some hosting companies may encourage you to install a second hard drive on your server for backup. If something happens to the primary hard drive, the secondary backup drive is already in the server and ready to go. This may sound appealing, but it will do nothing to protect your data from disasters. If a fire, tornado, or earthquake destroys your server, the backups will be destroyed too.

3. Remote Storage – In this scenario, your backups are uploaded to a remote storage device. It could be at a second data center or somewhere on a cloud storage service’s server. Either way, your backup data is safely separate from your server. The only real limitation is that your data will only be secure if the facility where it is stored is secure. Therefore, you should do your homework.

Ultimately, the remote storage option is the most logical choice, but it would not hurt if you combined two of the three options. Having a local device backup as well as remote storage ensures that your data is protected even if one of the backup options fails.

3 Backup Options and Their Limitations

Many people manage their websites with a concept called “out of sight, out of mind”. The premise of this concept supposes that if you cannot easily identify a vulnerability in your system, it is as if it does not exist. Therefore, there is no need to worry about it. The problem with this concept is that it fails to account for the possibility that one of those vulnerabilities may have already been exploited.

Just because a security problem with your website is not apparent does not mean that someone has not already found it and started exploiting it. Moreover, it is possible for them to use your site to attack other servers, send spam, or commit other cyber criminal acts without you even knowing.

One way to deal with these types of hidden threats is to use a file integrity checker. Essentially, a file integrity checker finds files that have been compromised by checking their pre-computed checksum against the database it has of each file on your system. When attacking a system, it is very difficult for hackers to not leave traces of their work by altering files. Think of these traces as fingerprints. When a file has been altered in an unusual way, the file integrity checker should detect it.

The key to making a file integrity checker work for you is making sure you understand your file system. When the system performs updates, some files may get altered, creating the possibility for false positives. This requires you to stay ahead of the process and update the database of the file integrity checker regularly. You should also make sure your system is clean before you begin so that compromised files are not added into the database from the start.

Secure Your Websites with a File Integrity Checker

Security through obscurity rarely works as well as one would hope. Instead, you run the risk of being hit by an anonymous hacker who found you through a random vulnerability scan. In the old days FTP was the best option for transferring files from your computer to your website. Those days are long over, but many still use FTP, thinking it is the only option. But for real security, you should take a look at SFTP or SCP.

Both transfer methods, SFTP and SCP, use public key encryption to ensure that your data stays safe from prying eyes during transfer. With FTP, your login information is sent in plain text, making it easy for a third party to intercept it. In both alternatives, the “S” stands for “secure”, and that is exactly what you need when you are transferring data.

SFTP (SSH File Transfer Protocol) is run over a secure channel (i.e. SSH – Secure Shell). That means that the login information and data stream are encrypted with whatever technology your server uses (usually OpenSSH).

Limitations and Concerns

Because it uses SSH, you will need an SSH login to use it. Some web hosts are reluctant to give shared hosting users shell access, but they may give you a secure login with the shell disabled. Good hosts will usually give users some type of SSH access upon request. If you have a VPS or dedicated server, you should already have access.

Another possible limitation is that you will need to use an FTP client that supports SFTP. Fortunately, most modern clients do. For example, FileZilla is a cross-platform, free and open source client that supports SFTP and many other protocols.

For more information about SFTP, see this documentation. For SCP information, visit this site.

Want Security? Abandon FTP for SFTP

MySQL is an open source relational database management system that is among the most popular on the web. Typically, web hosting users access MySQL through their web-based control panel or through a free web application, such as phpMyAdmin. More advanced users may also manage MySQL from the command line via SSH.

A third option for MySQL management is remote administration. With this method, you can access MySQL from software on a remote computer. Some web development tools include an option for remote MySQL administration, and MySQL WorkBench also provides this functionality. Another reason to allow remote hosts to access MySQL is when you have a web server on a different IP address than your database server.

By default, no remote machines are allowed to access MySQL. This is a security measure. If a computer that is not on localhost attempts to access it, that computer will be denied. Fortunately, cPanel makes it easy to add trusted hosts to the list of accepted MySQL administrators. Just follow these instructions:

1. Login to cPanel and scroll down to the section labeled “Databases”
2. Click the button labeled “Remote MySQL”
3. Enter the IP address or domain name you want to give access
4. Click “Add host”

In addition to a full IP address, you can also use a wildcard. For example: 192.68.0.%. Any IP addresses that fits that wildcard will be allowed, so be careful with it. Also, if you are trying to access from home and have a dynamic IP address, you will need to change this setting whenever your IP address changes. Moreover, if you are accessing the database from a website on a shared hosting account, it may share its IP address with other sites. In that case, use the domain name.

How to Setup Remote MySQL in cPanel

When a firewall works, few notice it or even remember that it is there. When someone fails to have an adequate firewall or does not have one at all, it gets a lot of attention, once the inevitable attacks occur. A firewall can save your home computer or your server from a myriad of network attacks, but it does have its limitations. The key is knowing when to rely on it and when to take other security measures.

Many attackers scan for vulnerabilities in servers and look for possible points of entry. Those entry points are usually unsecured network ports. The more ports you have open, the more exposed your server is to possible attacks. Good firewalls also include other network security features that can help against denial of service (DoS) attacks and other major threats.

Some server ports must stay open. Ports for services like a web server (port 80) and an SSH server (port 22) are usually open on most servers. In such a case, a firewall may do little to prevent an attacker from exploiting other weaknesses. Therefore, even if the server hosting your website has a firewall, that will not protect a site with a weak password, outdated web application, or poorly-written scripts.

A data center typically has firewalls enabled on its network routers, and those routers will protect the servers from common external attacks. Nevertheless, it is a good idea to also have a software firewall installed on the server itself. Even then, a good server administrator will install an application firewall to catch some attack methods that seek out server-side scripting vulnerabilities. And even with all of those precautions in place, you can still harden the security on each individual website to prevent even the most resourceful hacker from doing serious damage.

The proper way to view a firewall is like the first line of defense in a battle. You expect it to hold up against most attacks, but it is not enough to withstand every attack. For that, you need more defenses and the proper safety measures to ensure your data stays safe.

The Benefits and Limitations of Firewalls

When it comes to your personal computer, you probably constantly get reminders about updates. Some proprietary and open source web applications will also remind you when it is time to update, but website still suffer from attacks that stem from the failure to consistently keep their apps updated.

In most situations, a software vendor or developer will release an update to either fix a bug or to patch a security hole. If it is for the latter, any website that continues to use that software without updating is vulnerable to attacks, especially after those vulnerabilities have been discovered and made public.

Therefore, the short answer to the question in the title is that web applications updates are very important. Whether you are running a small script or a robust content management system (CMS), making sure you have the latest and most secure version could save your website from disaster.

Some web apps, such as WordPress, are very easy to update, while others may require reinstallation. If you know ahead of time that keeping your scripts updated will be too much for you to handle, you should consider using a web hosting provider that offers free script installation technology. These services are usually integrated into the host’s web-based control panel.

There is a chance that no one will ever exploit old security holes in your web applications, but failing to keep them updated is a risky move, one that you should not be willing to take with the security of your website in jeopardy. Taking the extra time to update all of your web software could be one of the most important things you do as a web administrator.

How Important are Web Application Updates?