We’re not a computer repair company. But there are many daily tasks that blur the line between your IT helpdesk, or tech savvy friend, and our 24/7 web hosting technical support. Think about how much of what you do daily relates to web hosting. You interact with email, websites, and mobile applications every day. When you have issues regarding any of these, we’re able to at least give you guidance on how to get the right answer if we can’t resolve the issue.
When working on your website or web application, any issues you encounter could originate from multiple places. The most common choke-points – your computer, your local network, or a web server.
Branding today requires a lot of social activities and openness. But there are proprietary and private elements to your brand as well. You want in-depth data on your proprietary products, personally identifiable information (PII), and trademarks to remain secure. The easiest example is domain privacy which sanitizes contact information.
Reevaluate your workflow for better security often. Security has one major thing in common with customer service. It’s everyone’s job. Technology cannot negate user error. But while we can’t prevent all malicious events, we can make it harder by adding defense in depth to our lives. This requires increasing user awareness and training.
We don’t just want to help secure your website on our server. We want you to better secure your private information and data.
Below are ways to secure your web activity during system administration tasks and popular options as of 2019.
Note: None of these technical controls will completely prevent malicious activity. User awareness and training is required to mitigate risks.
1. Password Manager
Password managers do more than store passwords.
- Having one means you don’t have to remember as many passwords
- Therefore, you’re encouraged to create complex passwords
- Storing passwords in a dedicated app is safer than a browser which is vulnerable to various browser and website-related attacks
- Log into websites faster with an auto-type feature (if available) which pastes your username and password at once
Password managers can encrypt your passwords file so, if your computer is stolen, there’s still some protection against malicious activity.
Popular options: Dashlane, LastPass, KeePass
2. Virtual Private Network (VPN)
A virtual private network, or VPN, creates an encrypted tunnel for your web activity. This helps protect your web traffic in-transit against man-in-the-middle attacks. It also prevents internet service provider (ISPs) from logging and selling your network activity. Take time to research VPN providers as some quietly sell your activity as well, negating its usefulness in some cases. Providers in different countries may follow different laws regarding your privacy.
After you set one up, configure the most secure settings possible for your network. By the way, if you can’t send email with your VPN enabled, you may need to request your VPN provider whitelist your email configuration. Its a small price to pay for your privacy.
Popular: NordVPN, TunnelBear, Private Internet Access
This is an advanced but worthy addition if you put the time into configuration. It’s primary function regarding this article is to accept, limit, deny (block), or reject incoming and outgoing traffic to network ports. Note that reject notifies the requester of the rejection while deny (block) simply discards the request to save network resources.
Blocking unneeded ports helps protects network resources on your server, network, and local workstation from malicious activity including reconnaissance port scans and denial of service attacks. Think of a lower amount of open ports as a smaller attack surface which is easier to monitor for anomalies.
To properly configure a firewall, you need to understand the port numbers and services you need. You may already have one in your home network. A firewall can be implemented as an additional router feature, software installed on your computer, and/or stand-alone hardware.
We won’t go too deep, but these are some commonly used ports in web hosting:
|21||File Transfer Protocol (FTP)|
|22||Secure Shell (SSH)|
|25 / 587||SMTP Authentication / Alternative|
|53||Domain Name System (DNS)|
|80 / 443||HTTP / Secure|
|465||SMTP Authentication Secure|
|110 / 995||POP3 / Secure|
|143 / 993||IMAP / Secure|
|2082 / 2083||cPanel / Secure|
|2086 / 2087||WebHost Manager (WHM) / Secure|
|2095 / 2096||Webmail / Secure|
Your required ports increase as you install services like Nginx caching used for our high-performance WordPress Hosting.
For example, when you upload files, do you use FTP (port 21) or SSH (port 22)? If you only use the cPanel File Manager, consider blocking these ports on your computer and router. Do you manage online MySQL (port 3306) or PostgreSQL (5432) databases from a desktop application? No? Block the ports.
Did you know our VPS and Dedicated Hosting customers can use ConfigServer & Firewall (CSF) to block ports on their web server?
Popular: Firewalld (Linux), ZoneAlarm (Windows), Firewall (Mac pre-installed), Cisco ASA 5500-X (Hardware / Included with our Dedicated Hosting)
Need a break from reading? Check out this infographic comparing our three major types of web hosting.
Backups are a valuable last line of defense. When cleaning malicious code, changing passwords, and enhancing security implementations don’t help recover from website hacks, the best option may be to restore your last known good backup from an external location. There are multiple backup types, but you should have at least two up-to-date verified backups stored in at least two locations.
cPanel backups include all website, email, and database data in one compressed tar.gz file. This is the best option and easy to create in cPanel.
VPS and Dedicated server administrators can schedule and forward cPanel backups in WHM to external locations including Amazon S3 and Google Drive.
Database backups (MySQL, PostgreSQL, etc.) are great for systems where database data is modified often compared to the web application or the only data needed for a particular web application.
Website backup options differ between content management systems (CMSs) and frameworks. Some CMSs have native backup features – e.g. OpenCart and Grav. WordPress, MatomoAnalytics, and others will require a third party plugin. Note that website backups don’t store emails.
Backups should be downloaded from the server and stored on at least one other location. That’s two external locations if you backup your computer regularly.
Store a SHA512 checksum of verified backup files to ensure they’re not corrupt.
Popular: Fab’s AutoBackup (Windows), Time Machine (Mac pre-installed), rsync (Linux), Updraft (WordPress)
Update early and often. Check changelogs for your software or operating system (OS), and you’ll notice many updates fix security vulnerabilities. Whether those issues were reported in GitHub Issues, support forums, or the National Vulnerability Database (NVD), someone is trying to exploit it in unpatched systems.
How does this relate to web hosting? Easy. The most common reason for a successful attack is outdated software. Your email client, FTP program, browser, and CMS are popular attack vectors. Popular software are the most popular targets.
This is the easiest entry on the list. Everything is stored in a file – passwords, backups, VPN and firewall settings included. Create backups before major updates in case something goes wrong afterwards. But ensure applications check for stable updates often and notify you immediately.
Popular: Auto-update options
6. Trusted Wi-Fi
Configure your home network with WPA2 (or stronger) and a complex admin password (updated every 30-90 days) for better security. Many security professionals recommend disabling WiFi Protected Setup (WPS) on home routers as it’s convenience negates network security. The goal here is to prevent hackers from sessionjacking your server login credentials.
Ensure your firewall and VPN are enabled with the strictest settings possible whenever you work on your website on public Wi-Fi networks such as restaurants and public transportation. Also, be sure to connect to the correct network instead of a rogue wireless access point, or “evil twin,” created for malicious activity.
Popular: Mobile phone tethering if possible
Read more about website security, server security, or securing your web hosting with Sucuri. Want to help us help others. Join our Technical Support team.