Posted on December 20th, 2010Web hosting security can be a real nightmare, especially if you don’t know what you’re doing. Hackers are constantly trying to find new ways into your server and are becoming more clever and successful each day. How can you stop security breaches on your server? We uncover some essential ways within this article.
Services/Ports/Extras
A lot of first time web masters tend to take a machine gun approach to solving problems on their server. This means that instead of enabling one port at a time until something works, they enable everything and leave it that way. This is very dangerous. Leaving a lot of ports and services running on your computer opens it up to attack. It’s crucial that you only enable what you need on your web server. Instead of enabling everything, why not try a quick Google search to find what you’re looking for. The internet is full of information and sometimes can save you from taking the dreaded machine gun approach to problem solving.
Outsource It
Most hosting companies offer a web security package. This may be a good idea for young webmasters as it tends to cut out the burden of staying up to date in the latest security breaches. This option is not cheap, but it can be well worth the price in the end.
Passwords
Change the default passwords on everything. Under no circumstance should you ever leave the passwords as the default for your web server. Hosting companies create the accounts that way because it’s easier for their automation wizards. But, for a hacker, leaving the default password just makes their life easy. Try and make it a habit to change all of your passwords every two weeks. The general rule of thumb is 14 characters with at least 2 numbers and 2 special characters. This makes it difficult for a hacker to take a “dictionary attack” on your passwords.
FTP
Consider shutting the FTP servers down completely when you don’t need them. It is unnecessary protocol to leave the servers open. In most cases you don’t need it open 24 hours a day after the site is developed. Shutting down the FTP server, except for when needed, is another example of limiting the services running to what is critical for the machine.
This list is not composed of every option you can take to make your web server safer. There are a ton of things you can do to strengthen your security, but these tips do serve as a good starting block. Be sure to constantly check the internet for tips and tricks, updating and improving your web server security.