Security is of utmost importance to SharkSpace and we have taken every step
to ensure the integrity of your data. However, the fact is that web servers
cannot be completely secured, particularly since it is always connected to
the Internet. The world of internet security is an evolving landscape, and
perfect security is nothing more than a pipe dream. There is always a “weak
link” in a networked system and it needs to be protected. The weakest link
in a web server is usually outdated scripts which have vulnerabilities or
files which have incorrect permissions/ownership that are uploaded by an end
user. Hence we wish to make you aware of the importance of keeping your
scripts updated through this blog!
In a typical shared hosting environment, there are numerous attack vectors.
SharkSpace has deployed the best known softwares to keep the web server and
various services running in the server secure from outside attacks. This
includes firewalls, mod_security rules, disabling of potentially dangerous
PHP functions, etc. which can limit compromises that can happen through an
user’s script/file.
Be selective about the script You install:
Do not just install any script that you find on the internet, especially
those scripts that are not often updated. Such old scripts might have been
dumped by its developer and he/she might not be developing or releasing
patches in the future. Many of them are not maintained, and may have potential
security holes that won’t be fixed. When choosing which scripts to install
in your account, look for applications that appear to be actively developed
or supported by the vendor. No script will be perfectly secure, but some may
be designed to minimize the potential for security problems. If you’re not
sure about a script, don’t install it. Of course, if you have the capability
and know-how, you can always look it over yourself.
Keep your scripts updated:
This is the most important tip and it is imperative that you follow it as
soon as possible. When a vulnerability is discovered, most reliable script
developers will patch the vulnerability and an update will be released.
These script developers usually maintain mailing lists that announce when a
new version of the script is available. Make sure that you watch for those
announcements and update the script immediately. You can also try removing
the version number of the script that you’re using from the footer file, as
this is one method attackers can use to identify vulnerable sites by using
search engines.
Maintain the correct permissions:
It is not a wise idea to assign full write permission for your scripts or
folders, unless the script developer has a purpose and requires you to set
that permission, like an uploads folder. Incorrect setting of permissions
can allow a potential attacker to execute vulnerable coding and exploit your
script.
Backups:
Backup is the only fool proof method to be completely secure against
compromises. SharkSpace uses innovative backup technology to protect your
data in the event of a compromise. Even though we
provide the best backup services, we always recommend the client to maintain
backups of the data at their side too. You can utilize the Backup feature in
cPanel to take complete website backups of your account settings, files, emails,
databases, etc. Please make sure that you do not store your backup files
inside “public_html” or any directories that are accessible from outside.
These backup files can be downloaded by a hacker giving him/her access to
your login details stored in it.
Nobody wants their hard work to be damaged or destroyed, so upgrade that
script today! You never know when a potential attacker might come along, and
you may as well make his task as difficult as it can be!