Most people never go through the experience of dealing with a cyber attack, so they assume that it is not something they should worry about when setting up their online business. If you’ve been operating a personal computer, then this is probably the reason why you’ve never been targeted. Hackers tend to attack networks and computers that are of value to them, so don’t be surprised if your “longstanding immunity” to attacks suddenly diminished after your online business begins to thrive. One attack in particular that you should be aware of is the infamous inference attack. In an inference attack, also known as a SQL injection, the perpetrator inserts an SQL code into a form to gain access to crucial information that is stored in on of your website’s databases. While this may sound like something that only happens to small business owners, it actually happens to large corporations as well. In fact, in recent years this kind of attack has resulted din millions of dollar in fraud. To protect yourself from an inference attack, heed the following tips.

Encrypt All of Your Site’s Data

If your website frequently exchanges sensitive date such as credit card numbers or bank information, then you’ll want to make sure all of your website’s data is encrypted with SSL or TSL. Keeping your data encrypted ensures that in the event of a security breach, the intruder will not be able to use the encrypted information to their advantage.

Use Secure Web Applications and Forms

Although there are many useful web applications available, many of these tools represent the biggest security risks for companies.  This is because hackers use these applications to gain access to the back-end of your website. Therefore, you should be very cautious about which web applications you use in the administration of your website. Make sure all applications and forms used are designed with secure code.  You should also make sure your website’s users do not have the capability of sending SQL queries, as this is how most hackers execute inference attacks. Avoiding malicious code input from hackers is the first line of defense in preventing an inference attack. You should also avoid using dynamic queries. Dynamic queries allow hackers to send and receive SQL information over the internet in plain text, therefore these queries present a substantial security risk. Many experts recommend avoiding the use of dynamic queries altogether.

Execute Updates Regularly

Keeping your operating system and website updated is an important part in maintaining the security of your online business. Many people don’t realize that maintaining the security of their website is a full time job that needs to be tended to daily. For this reason most security companies update their software as soon as a vulnerability is recognized.  To avoid an inference attack, or any other attack, you should keep you website and operating system updated, and make sure you are ware of any new developments.

The search for a good web hosting company can be very confusing, especially with the ever increasing selection. Each company promises they are the best, so who do you believe? Before you can make your decision, you should know that all features are irrelevant unless the web hosting service offers top notch security. Before deciding on a web host you’ll want to make sure they are capable of keeping your website secure. The following terms will help you make your decision by letting you know what you should be looking for.

Secure Sockets Layer (SSL)

SSL is an encryption protocol that keeps all of your website’s communications, both incoming and outgoing, secure from intruders. The incoming information ( credit card numbers, addresses, emails) is the most sensitive information and can be used by hackers to commit fraud with your customers’ information. For this reason SSL is one of the most important security features, and most online shoppers will not buy products or services form you if you do not have an SSL certificate posted on your website.

File Transfer Protocol (FTP)

FTP is a network security protocol that facilitates file transfer on both internal and external networks.  FTP is an important security feature because it gives the webmaster the ability to manage site accessibility and send files securely.

Secure File Transfer Protocol (SFTP)

SFTP is a stronger version of FTP, offering more of a guarantee than standard FTP by using a secure shell to transfer data over the internet and between networked computers. Serious business owners will want to make sure their web host offers this as part of their security package.

Firewall

Nearly every web host is protected by a firewall of some sort, however not all web hosts give the end-user access to the administrative functions of the firewall. If you are serious about the security of your website, then you will choose a host that grants customer access to the configuration of their site’s firewall.

Spam Filter

You may think spam is just a nuisance, however there are many hackers that use spam to plant nasty viruses on your computer. Among the bad things that can happen because of simple spam is phishing (password stealing), and even data loss caused by malicious software. Spam not only threatens the security of your website and the safety of your computer, it also consumes plenty of bandwidth and it clutters your inbox with unwanted messages. A spam filter will solve nearly all of the potential problems that are caused by spam.

Distributed Denial-of-Service (DDoS) Protection

A DDoS attack is very well know yet common attack executed by a hacker with access to multiple compromised computers. This attack is particularly dangerous because it can comprise an entire network of computers in short period of time.  Every website on the server, including yours will be affected detrimentally. In fact it is more than likely that the end-users will be affected the most by this type of attack. It is vital that you make sure your web hosting service has protection measures in place to prevent this kind of attack.

A quick Google search online for e-commerce solutions will garner a huge number of software solutions available for free or commercial use.  Among the free solutions available, and slowly losing its initial popularity, is osCommerce.  osCommerce is an extensive and quite possibly one of the most thorough out-of-the-box pieces of software you can find.  However, as all-encompassing as it may be, it is in severe need of a major overhaul to place it at the same level as its peers.

How it all began

osCommerce got its start in March of 2000.  Created by Harald Ponce de Leon and originally called “The Exchange Project”, osCommerce quickly began to grow in both initial popularity and capabilities.  The software is created with PHP and uses MySQL for its database core.  It can be installed on any server that utilizes these two pieces of programming.  For the past nine years, the program has been in the development stage.  Officially, as of March 2009, osCommerce released its production ready alpha product.  This release, Merchant V 3.0, includes a template system, an object-oriented backend and the ability to define the administration user name and password upon installation.  To date, the osCommerce site claims over 12,000 online stores currently using their product.

The current problems

While it is a very good and all-encompassing shopping cart program, osCommerce is not without its issues.  Installation of the program by a novice may prove to be a daunting task as a basic knowledge of MySQL as well as other web server technologies should be at the ready.  The default SSL option is initially and automatically set to “no” which is practically an open door to nefarious entities trying to gather secure information on customers.  Adding new shopping cart products is no simple task either – there are several options and features that need to be dealt with before adding in a new product, quite possibly the quickest way to creating a lot of confusion.  When you do have the program installed and your cart up and running with all of its products, adding any additional modules or templating takes quite a bit of work and may end up breaking the core of the program.  Not to mention the creators of the software do explicitly state that additions to the core are not always endorsed.

One of the best ways to avoid a lot of this hassle is to either have a seasoned osCommerce professional install the program for you or, if your web host has this option, have it installed by your hosting company.

Conclusion

If you are in need of a shopping cart program that is capable of being search engine optimized, fully featured and very robust, osCommerce is a good choice.  However, it still needs quite a bit of work in as far as installation and add-on capabilities before it can be considered a simple ecommerce program of choice.  OsCommerce is ideal for the knowledgeable and seasoned web developer, not for the novice nor the faint of heart.

Determining the best hosting solution for your business can seem rather overwhelming when faced with the seemingly never-ending choices available on the web.  If you already have a hosted site, this can make the task a bit simpler.  But what if you are just now getting your business out there for all to see?  Going over exactly what your business site needs are can help make this less of a chore.

Space

The first thing to consider is how much web space your business will need.  Think about what you want to convey to the general surfing audience about your business.

If you plan on merely putting out an informational styled web site, you can figure about five pages in total – a home page, an about page, a news page, a contact page and possibly one miscellaneous page.  In this case, your space requirements will be minimal and you can choose a hosting company that offers around one to two megabytes minimum in web space storage.

However, if you will be needing a site that covers several aspects of your business, offers product information and purchasing options, will be disseminating a lot of information to the public, or will grow and expand over time, your best option is to choose a web hosting company that offers unlimited amounts of web space.

Bandwidth

The next thing to consider is how much bandwidth your business web site will need.  Bandwidth, or data transfer, is the amount of data that is transferred from your web site.  This encompasses page views, images, videos, documents and files.

If your biggest concern will be consumers visiting your web site to gather more information about your business, then you can easily work with a hosting company that imposes monthly transfer limits.  However, if you plan on allowing customers the ability to download files or documents or your business site will involve a lot of video embedding, check out the hosting companies that offer unlimited amounts of bandwidth.

E-commerce

If you plan on selling products, e-commerce is a big concern when determining which web host to choose.  Almost every hosting company on the web will offer some form of shopping cart and secured server access (SSL).  Be certain to choose one that includes this within the monthly price and that the e-commerce solution offered is simple to use.  Nothing can cause a headache quicker than when having to deal with the actual manual setup of shopping carts and connections to SSL.  Another item to watch for is hosting companies that allow you to choose from several different shopping carts.  Not every cart program is going to be suited to the type or amount of products your business offers.

Support

When looking at the hosting companies on the web, one important aspect of their services to keep in mind is their support.  Look for companies that have a “one-stop” type of support section.  This should be one easy to find link on their main page that leads you to a section that offers (at a minimum) contact options (e-mail and phone), FAQs, a knowledge base and some form of tutorials.  An even better setup would include a ticket support system, a live chat option and 24 hours a day, seven days a week support.  Even if you’re an old hand at web hosting, knowing you can access support easily and have an array of options to choose from will give you peace of mind.

Extras

Extras to check out would include the types and number of add-on programs available – bulletin boards, social media plug-ins, and blogging software to name a few.  If your web pages are going to be built with PHP, Perl or Ruby on Rails, be certain the hosting company you choose has their sites already equipped with the proper scripting language.  One very popular extra and beneficial to businesses on the web is advertising credits.  Many web hosting companies offer this within their packages.  Decide which places you would be most likely to need advertising (Google, Yahoo, etc.) and choose your hosting company accordingly.

Wrap up

While there are a few things to consider when looking for the perfect web hosting company, it doesn’t have to be a daunting task.  Simply write down your requirements as far as space, transfers, e-commerce, support and extras and you are quickly on your way to finding the hosting company that will fit your business needs beautifully.

Automation is everything in the web hosting arena.  Without it, many of the same tasks that have become simple would revert to being tedious.  Even the most skilled administrators dread dealing with the raw aspects of a web server and operating system.  These are some of the factors that have led to the advent of administrative tools like Plesk.   The Plesk software makes a popular control panel choice for web hosting providers and end-users in shared, virtual or dedicated server environments.  Compatible with both Windows and Linux platforms, it provides all the tools needed to control a complicated web server or simple website.  It is also highly regarded as the most stable and reliable control panel on the market.  This article will give you an introduction on Plesk and overview some of its capabilities.

Plesk Features

The Plesk control panel aims to the simplify various administrative processes.  It lets you create and manage domains, install SSL certificates and even access the built-in site builder for putting your website together.  You can perform a number of simple tasks such as setting up email accounts, webmail and autoresponders as well as more advanced functions like billing customers and blocking spam with greylisting.  In addition, Plesk gives you the ability to manage files through a web-based file manager or by means of a FrontPage administrative panel.  Whether its viewing a website’s bandwidth usage or managing customer accounts, it can all be done within the confinement of this extremely capable control panel.  Plesk offers tremendous power, able to reduce operating costs and resource usage by automating a variety of tasks.

Control Levels

Plesk offers four levels of login, each with their own responsibilities and privileges.  These levels include:

Administrator – The highest level, this login allows the administrator control virtually every component of the system.  Once logged in at this level, you can centrally manage multiple servers be it an HTTP web server like Apache or a database server like MySQL.

Client – The client level login allows resellers to obtain creation rights from the system administrator.

Domain – The third level login is designed for the website owner or end user.  These permissions are what provides a user the ability to manage their hosting account.

Mail User – The fourth level login is designated for individual mail accounts.  Here, users can login and maintain their email accounts, change passwords, configure spam filters, change virus settings and more.

Plesk is One of the Best

Though it extends benefits to the end-user, the Plesk control panel was designed with professional web hosting providers and experienced system administrators in mind.  It enables companies to be very successful by providing the ability to maintain thousands of accounts per server with a high level of performance and better security than most competing control panels.  The software comes bundled with a variety of tools and even includes an application installer that allows end-users to incorporate blogs, bulletin boards and other types of program.  Plesk delivers the seamless automation needed to enrich and simplify the technically challenging hosting operation.

You don’t have to be all that familiar with the internet to be aware of online credit card fraud and identity theft.  Just like you, consumers grow more weary with each publicized security breach. This added consciousness results in more shoppers who are reluctant to provide their credit card details online.  Unfortunately, this reality also has a direct impact on any business with an online storefront.  Consumer confidence is declining rapidly but you can help maintain it by incorporating SSL into your site.

What is SSL?

SSL (Security Sockets Layer) is a security protocol used to enable secure communications online.  With an SSL certificate, you get the benefit of a proven method that creates an encrypted tunnel between the customer’s web browser on the client side, and your website on the server side.  Therefore, instead of traveling over the insecure internet in vulnerable plain-text, credit card numbers are encrypted and scrambled so they can’t be read by intruders.  Right now, 128-bit encryption is the standard for SSL certificates as previous versions have been rendered insecure.  The algorithm used to form this security level of security is virtually impossible to break, ensuring that the communications between you and your customers are safe.

Where to Get a Certificate

In order to get an SSL certificate, you must go through a company known as a CA or Certificate Authority.  Verisign is the most popular and trusted authority with GeoTrust and Thawte making up the next reputable options.  At the basic level, all SSL certificates provide the same type of security.  A 128-bit certificate from GeoTrust will encrypt the communications between the server and client just as one from VeriSign would.  This is good news for smaller needs as basic certificates are more affordable and provide adequate security.  You will find that the price soars when adding on additional services that you may or may not need.  Because some authorities will try to sell you whatever they can, it is important to do some investing before you go spending beyond your requirements.

Installing Your Certificate

In most cases, installing an SSL certificate is relatively easy regardless of your technical abilities.  Most hosting providers offer certificates as add-on products and generally provide guidance for installing it.  This process is usually a simple one that can be performed through an advanced control panel interface on your own.  If not, a good host will be more than happy to install the certificate for you.  Once installed, the certificate is immediately activated and starts protecting your website transactions right way.  Do yourself a favor by finding a provider that allows you to incorporate your own certificate should you choose not to purchase it from them.

Keep the Internet Criminals at Bay

There are some features your e-commerce site can do without but an SSL certificate isn’t one of them.  Consumers grow more conscious about shopping online everyday as internet fraud is at a record high.   Gather some information about the most reliable certificate authorities and choose one that can provide the best level of security for your site.   Remember this: your inventory will collect a lot of dust if no one feels safe purchasing it.