If you have been around the web hosting industry for any length of time at all you have surely had a forum or other open source application hacked. This is an aggravation to say the least, not to mention what it can do to your reputation. I mean most of your site regulars are going to know that you aren’t behind the graphic image of poor taste that’s plastered on the forum but it is going to make them wonder how secure their login credentials and other shared information is if your site could be hacked this easily.
Being hacked by a script kiddie is just a bad situation all the way around. My partners and I did battle a few times last year with Muslim Extremist Turkish Hackers who were probably teenagers just looking to rack up points on zone-h.org.
Several times we audited our servers to ensure that we were protected but it wasn’t until we installed and really got our minds around mod-security that we were able to rest assured that we were no longer open to this type of activity.
In his blog on WHIR.com Derek Vaughn of Techpad Agency (I met him last year in Chicago at HostingCon) posted some good suggestions that I thought I would share on here as well for prospective web hosting clients to consider when acquiring hosting for their forums or open source applications.
1. Make sure you have local backups. Locally backup your data to a disk and keep it up to date. When you make any significant changes to your website, update the backup file.
2. Make sure your web host has backups. Check the plan that you are on and determine how often your site gets backed up. It’s not unusual for a quality business hosting plan to offer daily backups.
3. Keep up to date with software versions and patches. This was my problem with vBulletin. A totally simple flaw was identified and circulated around the Internet during that time. vBulletin offered a simple patch for the problem, or I could have easily updated my version to a more robust state. Don’t make this mistake, take a few minutes to read, understand and act on any security information sent out by your software companies.
4. Use robust usernames and passwords. Examine your logins and make certain that they contain non-standard characters – like these: $, @, ! and that you have enough characters to make them hard to break. Guess what the most popular password is? PASSWORD. Duh. Don’t do that.
5. Select a web hosting company that has proven security in place. This means both physcial security and virtual security. Look for a good description of the security procedures on the hosting company website. A truly aware web hosting company can often prevent malicious activity before it happens – saving you valuable time and money.
Web Host Industry Review | theWHIR Blogs : Derek Vaughan’s Web Hosting Blog
Questions or Comments?