Keep your website secure, important security tips

Security is of utmost importance to SharkSpace and we have taken every step

to ensure the integrity of your data. However, the fact is that web servers

cannot be completely secured, particularly since it is always connected to

the Internet. The world of internet security is an evolving landscape, and

perfect security is nothing more than a pipe dream. There is always a “weak

link” in a networked system and it needs to be protected. The weakest link

in a web server is usually outdated scripts which have vulnerabilities or

files which have incorrect permissions/ownership that are uploaded by an end

user. Hence we wish to make you aware of the importance of keeping your

scripts updated through this blog!

In a typical shared hosting environment, there are numerous attack vectors.

SharkSpace has deployed the best known softwares to keep the web server and

various services running in the server secure from outside attacks. This

includes firewalls, mod_security rules, disabling of potentially dangerous

PHP functions, etc. which can limit compromises that can happen through an

user’s script/file.

Be selective about the script You install:

Do not just install any script that you find on the internet, especially

those scripts that are not often updated. Such old scripts might have been

dumped by its developer and he/she might not be developing or releasing

patches in the future. Many of them are not maintained, and may have potential

security holes that won’t be fixed. When choosing which scripts to install

in your account, look for applications that appear to be actively developed

or supported by the vendor. No script will be perfectly secure, but some may

be designed to minimize the potential for security problems. If you’re not

sure about a script, don’t install it. Of course, if you have the capability

and know-how, you can always look it over yourself.

Keep your scripts updated:


This is the most important tip and it is imperative that you follow it as
soon as possible. When a vulnerability is discovered, most reliable script
developers will patch the vulnerability and an update will be released.
These script developers usually maintain mailing lists that announce when a
new version of the script is available. Make sure that you watch for those
announcements and update the script immediately. You can also try removing
the version number of the script that you’re using from the footer file, as
this is one method attackers can use to identify vulnerable sites by using
search engines.

Maintain the correct permissions:


It is not a wise idea to assign full write permission for your scripts or
folders, unless the script developer has a purpose and requires you to set
that permission, like an uploads folder. Incorrect setting of permissions
can allow a potential attacker to execute vulnerable coding and exploit your
script.

Backups:


Backup is the only fool proof method to be completely secure against
compromises. SharkSpace uses innovative backup technology to protect your
data in the event of a compromise. Even though we
provide the best backup services, we always recommend the client to maintain
backups of the data at their side too. You can utilize the Backup feature in
cPanel to take complete website backups of your account settings, files, emails,
databases, etc. Please make sure that you do not store your backup files
inside “public_html” or any directories that are accessible from outside.
These backup files can be downloaded by a hacker giving him/her access to

your login details stored in it.

Nobody wants their hard work to be damaged or destroyed, so upgrade that
script today! You never know when a potential attacker might come along, and
you may as well make his task as difficult as it can be!

Facebook
Twitter
LinkedIn