Hackers have many different ways to break in to your website. In this week’s article, we discuss some basic server security issues and how they may or may not affect your website depending on your hosting configuration.

Website Hosting

There are 3 main hosting options available to website owners: shared, virtual dedicated and dedicated. We will touch on all 3 from a security point of view.

Shared Hosting
This is the most common hosting option for small and medium sized website owners. The idea is that you share a server with several other website owners. You share hard disk space, RAM, processor time and bandwidth into and out of  the server. It’s the most economical approach with monthly costs sometimes under $5. Providers like Go-Daddy, Network Solutions and the like set up servers and typically provide an interface for the site owner to upload files, manage databases, email and more. As a customer, you have very limited access to the server itself. The hosting provider assumes responsibility for the server security. Bigger names like Go Daddy and Network Solutions and most reputable hosting providers put a lot of time and resource into ensuring that their servers are secure.

The issue with Shared Hosting server security is that if a hacker can get access to the server through another website on your server, your site and data could be compromised.  This is one of the inherent risks of shared hosting – your only defense is to make sure your data is backed up on a regular basis. In particular, if your site is database driven (any CMS uses a database), you must ensure that the database gets backed up. Don’t assume the hosting provider does database backups for you – it’s not always the case.

Virtual Dedicated Hosting
Virtual Dedicated Hosting is cross between shared and dedicated hosting. Your share a server wit other customers, but the server is configured to dedicate resources to your account. For example, you get a certain amount of RAM – if you don’t use it, it doesn’t get used.

Virtual Dedicated Hosting has some of the same risks as shared hosting in that another hacked website on the server could spell trouble for your site. What’s more is that the customers have more access to some server functions which could lead to more vulnerabilities. A rigorous backup policy is once again the way to go.

Dedicated Hosting
Dedicated Hosting comes in a couple of different flavors – you have the standalone server and cloud computing. From a users point of view, it all looks the same. The standalone server is just that – a server sitting in a rack somewhere  with your name on it. Lose power and you’re down. Cloud computing provides the same functionality, but uses resources from different servers. Lose power on one server and you just use resources from the others.

Dedicated hosting leaves server management up to the customer. If you know what you’re doing, you can set up your server to be very secure and you don’t run the risk of some other website compromising your security.

The trick is to understand the applications that your are using and what the vulnerabilities are. Also, you want to get very familiar with the log files that the server generates. This gives you some insight into who is accessing your server and what they are trying to do. If you chooses to use a dedicated server, server security becomes your problem and it must be taken seriously. If you are not comfortable with this role, you want to find a server administrator who is.

Next Week: Securing Applications

Most of us like to think of our website as a place that good honest users visit to find the latest information, product or service we are offering. Usually, the biggest questions on our minds are:

• How can I get a better Google ranking?
• How can I make the site more informative and friendly for visitors?
• How can I generate more sales?

These are all perfectly valid questions for a website owner. But there is one more that all website owners should consider:

Is my website secure?

We all know hackers are out there, but many people don’t understand the technology that allows them to flourish. In many ways, hackers have the upper hand – they have more time, resources and technical knowledge as to how the internet works and how to exploit it.

Hackers

Hackers come in many forms – ranging from bored kids on a home computer to purveyors of spam and corporate espionage (really). Some hackers simply leave a calling card on your site indicating they have successfully hacked your site. This is like a kid tagging a street sign – annoying, but not much harm. Others are there to ransack your site – destroy databases and delete important documents. Still others don’t want you to know they are there at all – they use your website server for attacks on other servers or sending spam email.

And they are out there -1000s of them. From all over the world.  A recent study suggested a new website is visited by a hacker on average within 17 minutes of going live. Another suggests hackers visit a site every few minutes! If the thought frightens you – good! Hacking incidents are always on the rise and you must protect yourself.

Still, there is hope. In the next series of articles, I will address various aspects of website security. Knowing what to ask your host and/or developer is a good start in protecting your website assets.

Next week: Server Security