19 Aug

Important security tips to keep your website secure!

Security is of utmost importance to TetraHost and we have taken every step to ensure the integrity of your data. However, the fact is that web servers cannot be completely secured, particularly since it is always connected to the Internet. The world of internet security is an evolving landscape, and perfect security is nothing more than a pipe dream. There is always a “weak link” in a networked system and it needs to be protected. The weakest link in a web server is usually outdated scripts which have vulnerabilities or files which have incorrect permissions/ownership that are uploaded by an end user. Hence we wish to make you aware of the importance of keeping your scripts updated through this blog!

In a typical shared hosting environment, there are numerous attack vectors. TetraHost has deployed the best known softwares to keep the web server and various services running in the server secure from outside attacks. This includes firewalls, mod_security rules, disabling of potentially dangerous PHP functions, etc. which can limit compromises that can happen through an user’s script/file.

Be selective about the script You install:

Do not just install any script that you find on the internet, especially those scripts that are not often updated. Such old scripts might have been dumped by its developer and he/she might not be developing or releasing patches in the future. Many of them are not maintained, and may have potential security holes that won’t be fixed. When choosing which scripts to install in your account, look for applications that appear to be actively developed or supported by the vendor. No script will be perfectly secure, but some may be designed to minimize the potential for security problems. If you’re not sure about a script, don’t install it. Of course, if you have the capability and know-how, you can always look it over yourself.

Keep your scripts updated:

This is the most important tip and it is imperative that you follow it as soon as possible. When a vulnerability is discovered, most reliable script developers will patch the vulnerability and an update will be released. These script developers usually maintain mailing lists that announce when a new version of the script is available. Make sure that you watch for those announcements and update the script immediately. You can also try removing the version number of the script that you’re using from the footer file, as this is one method attackers can use to identify vulnerable sites by using search engines.

Maintain the correct permissions:

It is not a wise idea to assign full write permission for your scripts or folders, unless the script developer has a purpose and requires you to set that permission, like an uploads folder. Incorrect setting of permissions can allow a potential attacker to execute vulnerable coding and exploit your script.

Backups:

Backup is the only fool proof method to be completely secure against compromises. TetraHost uses innovative backup technology to protect your data in the event of a compromise. Even though we provide the best backup services, we always recommend the client to maintain backups of the data at their side too. You can utilize the Backup feature in cPanel to take complete website backups of your account settings, files, emails, databases, etc. Please make sure that you do not store your backup files inside “public_html” or any directories that are accessible from outside. These backup files can be downloaded by a hacker giving him/her access to your login details stored in it.

Nobody wants their hard work to be damaged or destroyed, so upgrade that script today! You never know when a potential attacker might come along, and you may as well make his task as difficult as it can be!