HOSTILICA

Menu

Client Area

Security

Security, VPS, Web Hosting

How To Secure Your VPS Hosting

/

 Web hosting security as a topic seems to be everywhere these days, and it’s not only discussed by big companies but also by small businesses and almost all of the individuals who have an online presence; all of this is because of stolen information and data loss, so the security topic shouldn’t be taken lightly.  In this article, we’ll learn more about hosting security in general, but we’ll talk more specifically about VPS security, and the best ways to keep your VPS secure, so let’s get started.   Change Your VPS Default SSH Login Most VPS users use Secure Shell or SSH to log into their VPS server as a method for a remote computer connection; the risk with SSH is to be a victim of a brute-force attack. This attack means that someone tries to log into your SSH by trying a variety of common passwords. So, if you use SSH as a method to log into your VPS server, then we recommend you to change the default SSH Port and login password to a strong customized password in order to secure your VPS. As you probably know, a strong password consists of a combination of lower and upper-case characters, numbers, and symbols. This way you will secure your SSH and protect yourself from “brute-force attacks”.   Keep Your Software Up-to-Date Most of you probably know that software updates contain security patches most of the time, so it’s necessary to keep your VPS software up-to-date, and luckily for you, all it takes is a few clicks to run an update for your VPS operating system. We recommend you to automate this process. It depends on your operating system, but you can automate this process by using cron jobs, which is a Linux-based utility for scheduling commands and scripts on your VPS server to run automatically on a specific date and time for a specific number of times, so it’s an easy thing to do but one of the most important tips for securing your VPS. The last thing to be mentioned here, if you use any (CMS) Content Management System like WordPress, Joomla, and so on, don’t forget to monitor for its updates and install them as soon as they’re available, too, besides all of your server-side updates.   Always Monitor Your VPS Server Logs Monitoring your VPS server logs keeps you informed if anything happened with your VPS server, so when you track your VPS system logs and software, you will be better prepared for any issues that could happen. Monitor all of the server events, resources, traffic levels, users’ activities, software-generated errors, and warnings; this attitude helps you to be prepared all the time for any issues that could happen in the future. We recommend you set up email notifications for any server errors and warnings to have real-time monitoring of your VPS server.   Don’t Forget to Set Up Your Firewall We don’t want unwanted traffic, and that’s why firewalls matter. Most Linux-based operating systems have pre-installed firewalls. In addition to that, consider installing the free Config-Server Firewall. This firewall provides you with better security for your VPS server and gives you an advanced control interface for managing the firewall settings.   Perform Backups Regularly   This point goes for all types of hosting. It would be best if you make automatic backups. Note that backups should be performed outside your VPS server because if anything goes wrong with your VPS server, you should be prepared for this situation.   Set Up SSL Certificates For your Domains SSL Certificate creates an encrypted channel between the server and the client browser to ensure privacy; so, to keep your sensitive data such as credit card information, users’ data, passwords, and so on, you must set up an SSL Certificate to encrypt all of your website data.   To conclude No matter what your hosting type is, whether it’s shared hosting, VPS Hosting, or Dedicated Hosting, you should always be aware of your hosting security. With a VPS server especially, you’ll have more freedom but also more responsibility.

DDoS attack
Security, Web Hosting

What is a DDOS Attack?

/

In computer networking, a distributed denial-of-service attack (DDoS) is an attack in which the attacker seeks to render a specific system or network resource temporarily or permanently unavailable to its victims. Distributed denial of service attacks are performed by attackers that control multiple victim systems. Unlike traditional types of Internet attacks, where an IP address identifies a single system or computer, the underlying principle of DDoS is that an Internet user can bring down or damage several systems simultaneously from different computers that have different IPs. This makes it impossible for a system to relay information during such an attack accurately.   Distributed denial-of-service is one of the most formidable forms of cyberattacks, and it can wreak havoc on your business. If you have a server used for your company’s online operation, then a distributed attack against it can bring down many of its important services. With a single DDoS attack, you can get pretty much anything on the Internet to go down.  How does it work? A DDOS attack is carried out by a network of devices that can range from PCs to IoT devices that have been infected by a malware that allows the attacker to control them. The attacker then orders these devices to send many requests, causing a server to be overwhelmed by the number of requests. Of course, there are many variations of this attack, but they all share the basic concept of overwhelming a web server.   How to identify a DDOS attack? The most obvious indicator is a site or a service slowing down or shutting down completely. However, many reasons can cause these issues, such as legitimate traffic spikes, so you should do some extra investigation. Here are some of the signs you should look for while investigating: A big amount of traffic originating from a single IP or a range of IP addresses A lot of traffic from users with the same behaviour Unexplained requests for a single page Spike patterns at odd times.   How To Deal With DDOS Attacks? As we mentioned above, always try to locate the IP addresses responsible for the attack and block them; however, this won’t be possible in some situations, so here are some steps you can take to mitigate the damage. software packages in your web server such as mod_reqtimeout that ships with apache can help to defend against DDOS attacks Increase server power Use Load balancers to balance the DDOS load on multiple servers Setup a firewall application Consider hiring a DDOS mitigation service such as Cloudflare. If you want to learn more about security threats and how to protect your website against them check out these articles

What is a Brute Force Attack
Linux, Security

What is a Brute Force Attack?

/

You may have heard the term “brute force” when looking for information on hacking, but you may not understand what it means. It’s a common term that is often used in the security world. Basically, the attacker submits many passwords either through a dictionary(password list) or auto-generated passphrases until the computer guesses the correct combination, like trying out all the possible combinations on a safe. This attack requires minimal effort on the attacker’s part since modern computers can crack an eight-alphanumeric complex password in less than two hours. It can even take less time if your password is found in a recycled dictionary (credentials got from another breach). The most known password dictionary is rockyou which contains 14,341,564 passwords to date. Brute Force attacks can be very problematic because once an attacker is in, it is tough to catch them, so most people try to protect their websites before the attack happens or detect and neutralize the attacker while the attack is happening. How to protect yourself? Protecting your website and credentials against Brute Force attacks isn’t hard. You just need to know the best practices:   Use Complex Passwords: Using complex passwords makes it much harder for a computer to crack your password. Always make sure to include special characters such @,_ and !. You can always use cPanel included password generator to generate strong and complex passwords for you.   Increase Password Length: Just using a complex password won’t completely protect you. As we mentioned above, a modern computer can crack eight-alphanumeric complex passwords in about two hours, so make sure to increase the length of your password.   Limit Login Attempts: Limiting login attempts on your website will make it almost impossible for your password to be cracked, so if you can enable it on your website dashboard, you should.   Use Two-Factor Authentication: Two-factor authentication adds a second security layer to your credentials by sending an OTP (one time) passcode to your phone number or email so that even if your password is compromised, the attacker won’t be able to access the app unless they get the OTP code.   Implementing Captcha: Implementing captcha on your website is a great way to make sure that whoever is trying to access your website is a human, not a bot.   Conclusion Brute force attacks can cause massive problems since they are very hard to notice if they are successful; however, preventing them is relatively easy if you follow the practices above. Never take your website or credentials security lightly, and always make sure that your website is secure as possible.

What is website defacement
Security, Web Hosting

What Is Website Defacement and How to Avoid It

/

Have you ever wondered what website defacement is and how to prevent it? If not, then it is high time that you do some research for yourself. Defacing a web page is to change its appearance (when viewed by the user) by removing, adding, or altering files in the webserver, which is generally done by defacers. Defacers are hackers who hijack your website and replace the hosted website with their own. A defacing attack is considered as an electronic form of graffiti and vandalism. Defacing attacks are generally executed via one of five ways: 1-Unauthorized access: This one is relatively simple. A hacker has somehow gotten the credentials to access your web hosting and changed the website files directly. This can be done by various methods, such as phishing, brute force or a vulnerability in your CMS. 2-SQL injection: Also known as SQLI is a common attack in which the attacker tries to guess how your database works and how it is structured and sends malicious queries to display data that is not intended to be displayed; this includes but not limited to sensitive company data and user lists. After gaining some information, the hacker can then gain administrative rights to your database and manipulate the site as he sees fit. 3-Cross site scripting (XSS): The difference between cross site scripting (XSS) and other similar types of attacks (e.g. SQL injection) is that it targets the users of a web application not the web application itself. The way it works is that hackers scan for vulnerabilities in your web application and injects malicious code into the web application. The malicious code can be a trojan horse that modifies your content. 4- DNS hijacking: DNS hijacking is also known as DNS redirection. It’s a type of attack in which DNS queries are incorrectly resolved in order to direct users to malicious sites. DNS hijacking is executed by installing malware on users’ computers, hacking their routers or hijacking DNS servers. How to protect your website from these attacks You can protect your website from website defacement attacks by following security best practices below: Following the principle of least privilege The principle of least privilege (PoLP) is a concept in information security. All users are given the minimum level of access or permission to do their jobs. By limiting access and permissions to your website, you decrease the risk of a compromised account doing damage. Never use the default admin or email When setting up a server or cms, always change the default user, password, and directory because hackers know them all too well and try to use them to gain access to your website. Limit the use of addons and plugins The more plugins or addons you add to platforms such as Joomla and WordPress, the more likely you are to have vulnerabilities in your website because some of these plugins don’t follow best code practices and are not well updated. Needless to say, you should constantly update your cms and plugins. Use SSL/TLS Always use SSL on your websites because this encrypts all communications between the user and your website, preventing Man In the Middle attacks (MITM), which can be used to deface your website for a specific user. Scan for vulnerabilities Regularly check your website for vulnerabilities and take the time to remove them completely. This can be time-consuming and may even break some of your website’s functions, but this is the best way to make sure your website is secure and reduces the chance of your website getting hacked. All plans of Hostilica comes with sitelock lite to help you scan for malwares Conclusion Making sure your website is secure is not an easy feat. Still, you should always take your security seriously and never ignore the risk of getting hacked, and it will have serious consequences that you may not be able to recover from. Always make sure that you follow security best practices when creating and maintaining a website.

Security, Web Hosting

What is SSL Certificate?

/

When you launch your first website, you probably have heard the term “SSL Certificate” a lot, and you probably know that the SSL Certificate is for website security. Still, it would help if you learned more about the SSL Certificate, its benefits, why to set it up, and how, so let’s figure out all about the SSL Certificate in this article.   What is an SSL Certificate? First of all, SSL stands for Secure Sockets Layer, this technology helps to secure the internet connection and protect the transferred data between the browser and the web server; it encrypts and secures the data that passes through the connection between the server and browser to help prevent any data breach, and if any data were stolen from this connection it’d be impossible to decrypt.   HTTPS and SSL HTTPS stands for Hypertext Transfer Protocol and the last ‘S’ is for secure. You’ll see the HTTPS part at the start of the domain in your browser; if the website is secured and have an SSL Certificate, you’ll see HTTPS, if not you’ll see HTTP which means that the website isn’t secure.   The Importance of the SSL and the Online Security On the internet, trust is the most important factor for your reputation, and websites that can prove that it takes security as a must can attract more visitors. So, SSL is always good even if the website was for a nonprofit, small business, blog, and any other website type. The most important reason the website must use SSL is to protect the information that’s sent between browsers and servers, so if the information is sensitive like credit card information, passwords, personal information, and so on, if there is no SSL all of this information can be stolen, but with SSL Certificate all of your information is encrypted and unreadable to anyone who tries to hack it. So, with an SSL certificate, your customers will feel safe when they are doing business with you.   Do I Need an SSL Certificate? As we mentioned above, SSL Certificate protects your sensitive information, but it also: Keep the transferred data between servers secured. Increase Google rankings for your website Build trust between your website and customers/visitors. Improve Conversion rates on any business website   Where can you buy an SSL Certificate? SSL Certificates are issued by Certificate Authorities (CAs). You can buy the SSL Certificate from any web hosting provider. Hostilica now is offering Free SSL from Here

Scroll to Top