Author Topic: Hack-Proof Your Dedicated Server – The First Steps  (Read 721 times)

Administrator

  • Administrator
  • Green Belt
  • ***
  • Posts: 225
  • Karma: +0/-0
Hack-Proof Your Dedicated Server – The First Steps
« on: August 27, 2013, 08:24:13 PM »
One of the biggest problems on the Internet today, especially with high traffic/profit potential websites, is the ability to hack into a server’s resources. This can be catastrophic to any online business owner and requires that certain measures be taken to prevent it from being tampered with. Online thieves are as crafty as ever and it’s up to us as men and women of online commerce, to find the best ways to stop it before it happens.

To give you an idea of the severity of a successful hacking job, we’ll take you through a mock scenario. Customer A purchases a bargain Web hosting package from a no name Web hosting provider. She successfully uploads her Web store along with numerous files that contain financially sensitive data. A hacker, already alerted to the launching of the site, goes into predatory mode. After successfully hacking through the server’s weak security structure, the hacker proceeds to install a monitoring program that delivers all bank account numbers and credit card transactions to an anonymous email address. In a days time, all the hard work and effort that went into producing the site has completely destroyed the persons business. Nobody will ever trust the business again and the negative feedback is posted on the Internet for the world to see. How could the online business owner have prevented this from occurring? By making the server an impenetrable, hack-proof fortress of security!

Making your dedicated server hack proof requires that you have complete control over it. You must be able to tweak and adjust settings that only an acting administrator has access to. As soon as you have access to the controls, it’s time to engage in a plan of action.

One of the most notorious ways for thieves to gain access to sensitive data is through the standard contact forms that are available for use on the Internet. The problem is, many website owners assume the contact form is safe against hacking attempts. The exact opposite is true. Online Web forms are the most insecure forms of communication available on the Internet. Without a server that is protected by special software, these forms are an open invitation to receive countless amounts of spam. This spam can disrupt your business and set you back hours while you sift through it all. Thankfully, secure versions of online forms are available. The beginning versions of contact forms used pure HTML, which is insecure in itself. These new, highly secure forms use PHP as a scripting language and prevent automated input into the form. This means spammers don’t stand a chance. Secondly, if someone decides to use your contact form to send out spam, your IP address could land itself on a blacklist. This would be devastating to any online business, as blacklisted IP addresses are looked at in the realm of shady business practices.

Script updates are another way to make your server safe. When scripts are installed on a server, they are usually the most up to date version available. However, as time goes by these scripts become outdated. Why? Because hackers are always developing ways to exploit it! The scripts and applications are what make your servers internal dynamics function, so when an update for the script is released, it usually fixes security vulnerabilities or other important ways to protect your site.

Always use secure passwords for the administrative access features of your server. Simply choosing one of the thousands of common passwords used on the Internet today is a mistake. Hackers have files containing the most used passwords on the Internet today. The first thing they do is run a scan on your password protected pages to see if they can gain access using one of the few thousand password combinations. Passwords like dog, cat, your last name, your telephone number or your date of birth are not secure passwords. An example of a secure password is a randomly generated combination of upper and lower case letters, numbers and symbols.

This has been the software portion of making your server hack proof. There are many hardware developments that have been created to make the process more complex but they cost more than software based fixes. Making your entire website function using Secure Socket Layer technology is usually not a possibility. Most websites use HTML as the primary development language and secure socket layer technology is usually reserved for checkout pages and shopping carts. Some hardware servers are equipped with onboard secure socket layer technology in the firewalls they use. Using an IPS or Intrusion Protection Service will allow you to be proactive against intruders instead of defensive. A managed hosting provider will be able to properly take care of your Intrusion Protection Service so that you don’t have to delegate additional employee resources to its management. Good luck with making your server hack proof!