Unlimited Web Hosting Plans

If you are like 90 percent of the other web hosting account holders out there, then you probably have an “unlimited” hosting account. I am sure you were promised unlimited bandwidth and disk space, and a variety of other features that are unlimited. While the features such as unlimited email accounts and FTP accounts may hold to be true, the facts is that no hosting company offers a hosting plan with truly unlimited server resources, unless you’re using a pay-as-you-go plan which bills you depending on the amount of server resources you use. Since every server has it’s limits, every hosting account also must have limits.

Traffic Limits

While there are no specific limits placed on the amount of visitors your site can have in a specific period of time, there are limits to how much bandwidth you can use. Each time a visitors comes to your site, bandwidth is being used by the server in order to display your site in the visitors web browser. When a visitor clicks a link on your site or visits a new page, your web server has to upload that information into the temporary internet files of the visitor’s computer. This bandwidth usage directly impacts your web server, and when there are many users at your website at the same time it can take a toll on your server resources. To prevent server crashes and unreliable service, you hosting company may temporarily suspend your service and send you a warning email before reactivating your website on the server.

How to Avoid Server Limiting

The aforementioned situation usually occurs when a user has a sudden spike in traffic. While this situation can happens with all server types, it usually is most common in a shared hosting environment, since many websites will be sharing the same web server. When it does happen to a dedicated server the hosting company will still temporarily suspend service and reset the web server. The more web server resources you have, the more you traffic you will be able to bring in during a short time period. However it should be noted that traffic limitations can be caused by a hacker attack known as a DDoS attack (Distributed Denial of Service). These attacks send a lot of artificial traffic to your website using high powered bots, which cause the server to automatically shut down for security purposes.

Conclusion

To prevent limitations causes by sudden surges in traffic, whether it be artificial traffic or genuine traffic, you will need take certain precautions. The first precaution is adequate security, and the second precaution should be having access to adequate web server resources.

The most common type of security threat to both servers and websites is malicious code that infiltrates the system. Some code isn’t powerful enough to cause any damage or is caught by an anti-virus program. Other malicious software has shut down major websites causing massive disruptions.

The three most pertinent malicious software categories include the following:

Malware

There are numerous variations of software code that pose a threat to web hosting software, websites, servers as well as home computers. Malware is one of the most dangerous risks threatening the Internet community. Malware is a combination of the terms malicious and software and can impose serious damage to both hardware and software. In most cases, malware effects individual computers but has been known to destroy servers.

Trojans and Keyloggers

Other vicious pieces of code are Trojans and keyloggers. Trojans are especially harmful as they send information to the creator from a computer after they’re installed. This allows the creator to make subtle changes to the computer through the registry information. Many take this a step further and attach keyloggers which record every keystroke made on the keyboard exposing all passwords.

Bot Rings and Denial of Service Attacks

Another major issue effecting web hosts are bot rings. Bot rings are software that causes the dreaded DoS attacks which can shut down servers. A denial of service floods a network with requests. This significantly slows down the network until traffic cannot access anything. These attacks are common and unfortunately one of the most difficult to prevent.

To successfully accomplish a DoS attack, a hacker encompasses a single server making it into a master slave unit. The hacker instructs the mechanism to seek out vulnerable servers, comprising them to partake in the launch of a single computer. This causes so many requests stemming from so many hosts that the network cannot accept regular traffic and consequently goes down.

Malicious software can major damage to both vulnerable and secure networks. This can cause a major loss of customers and users alike. Vital information can be exposed depending on the maliciousness of the attack. When searching for a host, it’s always important to inquire about the security settings an

Secure Sockets Layer (SSL)

SSL is an encryption protocol that keeps all of your website’s communications, both incoming and outgoing, secure from intruders. The incoming information ( credit card numbers, addresses, emails) is the most sensitive information and can be used by hackers to commit fraud with your customers’ information. For this reason SSL is one of the most important security features, and most online shoppers will not buy products or services form you if you do not have an SSL certificate posted on your website.

File Transfer Protocol (FTP)

FTP is a network security protocol that facilitates file transfer on both internal and external networks.  FTP is an important security feature because it gives the webmaster the ability to manage site accessibility and send files securely.

Secure File Transfer Protocol (SFTP)

SFTP is a stronger version of FTP, offering more of a guarantee than standard FTP by using a secure shell to transfer data over the internet and between networked computers. Serious business owners will want to make sure their web host offers this as part of their security package.

Firewall

Nearly every web host is protected by a firewall of some sort, however not all web hosts give the end-user access to the administrative functions of the firewall. If you are serious about the security of your website, then you will choose a host that grants customer access to the configuration of their site’s firewall.

Spam Filter

You may think spam is just a nuisance, however there are many hackers that use spam to plant nasty viruses on your computer. Among the bad things that can happen because of simple spam is phishing (password stealing), and even data loss caused by malicious software. Spam not only threatens the security of your website and the safety of your computer, it also consumes plenty of bandwidth and it clutters your inbox with unwanted messages. A spam filter will solve nearly all of the potential problems that are caused by spam.

Distributed Denial-of-Service (DDoS) Protection

A DDoS attack is very well know yet common attack executed by a hacker with access to multiple compromised computers. This attack is particularly dangerous because it can comprise an entire network of computers in short period of time.  Every website on the server, including yours will be affected detrimentally. In fact it is more than likely that the end-users will be affected the most by this type of attack. It is vital that you make sure your web hosting service has protection measures in place to prevent this kind of attack.

What Makes Web Hosting Such a Big Target?

Several reports reveal that the web hosting industry is among the biggest targets of internet hackers.  Why?  The answer is quite simple – the potential of a substantial payday.  The market is compromised of thousands of companies that provide services to millions of customers.  The hosting industry is at the forefront of e-commerce with monetary transactions being made everyday.  The robust networks and high-powered web servers used to enable internet access handle massive amounts of sensitive financial and personal information.  Naturally, these infrastructures are a prime target of criminals looking to thieve riches off the efforts of someone else.  If your website deals in mission-critical functions, meaning it is the way you survive and make a living, then security should be of paramount importance.  And while there are several measures you can take to keep your site protected, investing in a secure hosting solution is imperative as the host is in much better position to ensure security.

In recent times, a large number of companies have ramped up their efforts to help keep the hosting business protected from malware, DDoS attacks, SQL injection and other methods hackers use to perform their malicious deeds.  Numerous vendors who distribute the open-source Linux operating system are working in conjunction with other software and hardware companies to ensure their OS is protected against security threats.  Likewise, Microsoft, Apple and companies who distribute proprietary solutions are working diligently to support similar efforts.

Even though the number of security solutions providers seems to be increasing as well, hosting providers need to be aware that not all of these vendors can be trusted.  More and more, we are seeing rogue companies run by hackers and internet criminals who claim to have the solution for a great price, but are doing nothing but contributing to the problem.  Because of this, new hosts must be overly cautious in regard to what vendors are actually supplying.

Obtaining a Comfortably Secure Environment

Some website owners have many specialities but for most, security is not one of them.  While this is understandable, there is absolutely no excuse for a professional web hosting provider, new or established, to slack off in security to the point where all parties involved are left vulnerable.  Your hosting provider should indeed be an expert in this field, equipped with the knowledge and manpower needed to stay on top of security procedures and ensure the protection of your data.  If you have concerns regarding your current hosting arrangement, it might be time to consider a more secure solution.

Choose a Secure Web Hosting Solution

One of the most effective ways to ensure the security of your website is to purchase service from a reliable hosting company.  If the provider’s servers are compromised, then so is your website.  Therefore, you need to keep your eyes peeled for a specific set of security features that protect your site against the arsenal of roaming threats.  Some to look out for include:

- Anti-virus protection

- Spam filtering

- SSH (Secure Sockets Layer)

- Firewalls

- Intrusion detection

- DDoS protection

Get Your Coding Together

If your site utilizes scripts that process global variables such as POST and GET data forms or predefined variables like HTTP_USER_AGENT or HTTP_REFERER, you are at the risk of being compromised via exploits that inject malicious codes through these variables.  Validation methods are only as secure or insecure as you make them.  However, even if you apply secure validation of any server-side programming language to incoming data, the parser can still be exploited by a low-level language or binary code.  To reduce the probability of such instances, take the following factors in mind when coding your site:

- Only use clean, well supported commercial or open-source technologies for server-side scripting

- Stay current with all the industry recommended data validation functions and techniques

- Avoid the use of unnecessary global variables

- Never assume that your visitors will not try to submit malicious data to your site

- Assign unique login credentials to individual users when appropriate

- Organize your site into multiple directories and access levels

- Don’t provide users with no more access than they need

If Your Site is Compromised

The simple fact that your site can be accessed on the World Wide Web makes it vulnerable to security threats.  If you only run a small website, there is a great chance that you will never cross paths with a hacker or anyone else looking to initiate your downfall.  On the other hand, if your site is very popular, the chance of meeting up with cyber villains goes up considerably.  For this reason, you should have an action plan in place, something you can rely on should your website security be breached.  Doing so will allow you to respond quicker in the time of a crisis, take care of the exploited issues and ultimately reduce the likelihood of suffering the same ill fate.

Conclusion

The minute your site goes live on the web, it instantly becomes the target of hackers, malicious software writers, con artists and identity thieves.  Knowing that powerful corporations have been compromised should give you all the motivation to take proactive measures with your website.  This can be done by investing in a secure hosting solution, making use of the available security mechanisms and arming yourself with knowledge about the latest security threats.

]]> http://www.webhostingfan.com/2009/06/tips-for-keeping-your-website-safe/feed/ 2