5 Common Website Security Mistakes

People often make fundamental mistakes with their websites and servers. These mistakes can ultimately cost a lot. This happens to not just new website owners but to seasoned ones as well. In fact, you could be making some of the mistakes below essentially harming your business. Fortunately, this guide explains some of the common mistakes every website owner should avoid in order to gain the most from your online presence.

Mistake 1 – Not Monitoring Your Backups
Backups are the forgotten website security pillar. Most website owners do not understand how backups fit into their web security strategy. Backups are your safety net. With a backup, you can quickly restore a part of, or your entire website when bad something happens.

A lot of bad things can happen to your website:

Hackers can compromise your site
A careless key stroke can overwrite important files
Web hosting equipment might fail

These and other scenarios will give you sleepless nights if you do not monitor your backups to make sure they are properly running and completing successfully.

The importance of monitoring your backups cannot be overstated. Just think how effectively you could recover from a complete website crash. Here are some important ideas on monitoring your backups:

Ask your hosting provider how often they backup your data, and the number of copies they keep.
Get a copy of your website files, including photos, artworks and any other unique fonts used to create header graphics, logos, etc. from your web developer.
Back up your site’s database from your control panel. If you need help to complete the backup, contact the support team of your web hosting provider.
Back up 3rd party applications such as your blog, newsletter subscription list, etc. so that in case something happens with your providers, you have a backup solution.
Consider 3rd party backup tools and services which keep the backups in a safe and remote location.

Mistake 2 – Not Changing Default Settings and Usernames
A lot of website applications, (think of something like WordPress), include a default set of usernames, passwords, and settings to provide a consistent installation experience. After the installation has been completed it is critical to change those default usernames, passwords, and configurations. Keeping with the WordPress example, the WordPress installation creates an account with the username ‘admin’. A default location for managing your WordPress site is created at http:///wp-admin.

Hackers will test your site to see if those default values are in place. If they are found, they will begin to run software targeting your website to figure out your password. There are also a number of installation files that should be removed once you have completed your installation. These scenarios are not unique to WordPress, we just used them as an example. It is a good idea to search for a ‘How to Secure X Application’ guide for each of the applications you are using.

Mistake 3 – Ignoring Software Patches
Many website owners wonder why they should apply a software patch when things are working fine. However, by ignoring software patches or updates, you are leaving the door wide open for malware and other attacks. This exposes anyone who depends on your website to unwanted risk.

Software patches and updates are packages of software that are released by software vendors to address security vulnerabilities in existing products. Hackers exploit software vulnerabilities to deliver malware and other threats. Sometimes, software patches contain product enhancements and bug fixes. The patches are installed over the existing installation and therefore do not need un-installation or re-installation of the current software in question. Your only role is to accept the software update and the updater does its thing. Just make sure you have a good backup first.

You should never ignore those software updates. Besides enhancing your site’s performance and user experience, they provide protection against malicious threats and cyber-attacks. Moreover, you should understand all the implications of a software patch. When in doubt, consult your web developer or the customer service team at your hosting provider.

Mistake 4 – Not Monitoring for New Security Updates
Security updates are a constant feature just like the software updates. In fact, security updates are sometimes rolled into software patches. Security updates usually come out in point releases and are often clear on what they are intended to address. Security updates do not normally introduce new features and are instead focused on preventing vulnerabilities.

Some security updates can be managed automatically while others need manual effort. Whatever the option, you should not forsake monitoring the release of security updates of the applications being used to run your website. These updates, as previously mentioned, are released to address specific security issues and failure to apply those updates compromises the security of your website. It is important to install security updates in a timely manner. You can also go the extra mile and look for plugins which have extra layers of security and install any updates for those as well.

The other kind of security update does not involve anything to install but rather deals with database management and hosting. This involves things such as setting a strong password, locking down file permissions, checking the sites you link to, using SFTP for file transfers, and looking beyond shared hosting plans. These tactics add an extra layer of security to your website and should never be ignored.

Mistake 5 – Failure to Monitor for New Server Exploits
A server is exploited when it is no longer under your total control. Another party is using your server for their individual purposes. Common examples of server exploits include someone using your server to send spam emails, launching attacks on other servers with your clean IP being used as the attacking source, installing a phishing site on your server, or installing programs which try to steal passwords and other log in details when a person visits your website. Server exploits negatively affects your online reputation. It is therefore important to always remain alert for any signs of server exploits.

Although your hosting provider will report suspicious activity from your server, it is normally too late at that point. The best thing you can do is to constantly check for lapses in your web security and immediately address them. For example, servers mainly get exploited when an authorized person guesses a password and logs in as a user or when a security hole in the web application has been exploited. It therefore goes without saying that every user must have a strong password and you should remain up to date on the security of any webapp you have installed in your site. With these tips, you will stay on top of server exploits.

Bonus Tip! – Not Monitoring Uptime
Server uptime is critical to a business. Databases and file services, web and email servers are indispensable to most business processes. Downtimes negatively affect productivity, sales, customer and employee satisfaction. Downtime hurts. You must find a means to monitor server uptime at all times.

With the right service, monitoring servers and websites becomes easy. You will be the first one to know when your site is down, and you will easily monitor the performance of your site. It is important to get a service that is thorough in server and website uptime monitoring to prevent unnecessary disturbance.
Server uptime monitoring helps you provide better user experience to customers and other people who visit your site. It also gives you useful information on the reliability of your hosting provider. If you are getting a raw deal, you will realize it.

Conclusion
Your website is your gateway to the global online marketplace. It is important to check these 5 common mistakes so to get protect your presence on the Internet and get the most value as possible out of your website.

Microsoft To End Support For Windows 2003 Servers

Microsoft has announced that they will end support for Windows Server 2003 in July of 2015.

All software products have a lifecycle. End of support refers to the date when Microsoft will no longer provide automatic fixes, updates, or online technical assistance.[2] (link is external) As of July 2014, there were 12 million physical servers worldwide still running Windows Server 2003.

Computers running the Windows Server 2003 operating system will continue to work after support ends. However, using unsupported software may increase the risks of viruses and other security threats. Negative consequences could include loss of confidentiality, integrity, and or availability of data, system resources and business assets.

Users have the option to upgrade to a currently supported operating system or other cloud-based services. There are software vendors and service providers in the marketplace who offer assistance in migrating from Windows Server 2003 to a currently supported operating system or SaaS (software as a service) / IaaS (infrastructure as a service) products and services.

Read the US-CERT alert at https://www.us-cert.gov/ncas/alerts/TA14-310A

Congratulations To Brian Matthews!

Brian Matthews, one of Hostirian’s founders and a current board member, was one of 5 St. Louisans nominated for the inaugural Upstart 100, a list of the most creative and disruptive people in business put together by Upstart, a publication of American City Business Journals that focuses on innovation and entrepreneurship.
matthewsbrian1262013
The goal of the initiative is to identify 100 people who are reshaping the business world and staking claims as tomorrow’s giants.

Hundreds have been nominated nationally. To find out more you can read the original article here: http://www.bizjournals.com/stlouis/blog/biznext/2014/11/5-st-louisans-nominated-to-most-innovative-list.html

We’ve Completed Phase 1 Of Our Network Upgrades

Our Internet connections are 10 times larger than before! We recently completed Phase 1 of our planned Network upgrades and we now have 10Gbps dedicated fiber connections from Verizon and Century Link (Savvis). The Phase 1 upgrades provide faster connections, increased capacity, and will help us battle the growing threat of DDoS attacks.

Phase 2 involves upgrading all connectivity between our data centers. Our data centers are interconnected to provide multiple, redundant paths to the Internet. This phase will provide increased options for your custom disaster recovery plans, remote backup solutions, and other projects where multiple hosting locations is one of your requirements. Phase 2 is targeted for early 2015.

We appreciate your business and value your feedback. If you have any questions or suggestions, please let us know. You can email us at support@hostirian.com or give us a call 800-615-9349.

PHP 5.5.0 Released!

PHP 5.5 has been released! Quite exciting stuff, and pretty great to see the pace of new releases. Props to the dev team!

Hopefully distros pick this version up quickly as well, so we can start making use of these fancy new features.

The highlights:

  • Generators
  • Immutable DateTime object
  • Lists in foreach
  • Finally keyword
  • Class name resolution
  • Opcode cache is now integrated and enabled by defalit in PHP
  • Constant dereferencing

Here’s the announcement as posted on php.net.
http://php.net/releases/5_5_0.php

Subnet Cheat Sheet

IPv4 Subnet Mask Cheat Sheet


Addresses Netmask Amount of a Class C
/31 2 255.255.255.254 1/128
/30 4 255.255.255.252 1/64
/29 8 255.255.255.248 1/32
/28 16 255.255.255.240 1/16
/27 32 255.255.255.224 1/8
/26 64 255.255.255.192 1/4
/25 128 255.255.255.128 1/2
/24 256 255.255.255.0 1
/23 512 255.255.254.0 2
/22 1024 255.255.252.0 4
/21 2048 255.255.248.0 8
/20 4096 255.255.240.0 16
/19 8192 255.255.224.0 32
/18 16384 255.255.192.0 64
/17 32768 255.255.128.0 128
/16 65536 255.255.0.0 256
/15 131072 255.254.0.0 512
/14 262144 255.252.0.0 1024
/13 524288 255.248.0.0 2048
/12 1048576 255.240.0.0 4096
/11 2097152 255.224.0.0 8192
/10 4194304 255.192.0.0 16384
/9 8388608 255.128.0.0 32768
/8 16777216 255.0.0.0 65536

Guide to IPv4 subnets

/25 — 2 Subnets — 126 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.126 .127
.128 .129-.254 .255

/30 — 64 Subnets — 2 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.2 .3
.4 .5-.6 .7
.8 .9-.10 .11
.12 .13-.14 .15
.16 .17-.18 .19
.20 .21-.22 .23
.24 .25-.26 .27
.28 .29-.30 .31
.32 .33-.34 .35
.36 .37-.38 .39
.40 .41-.42 .43
.44 .45-.46 .47
.48 .49-.50 .51
.52 .53-.54 .55
.56 .57-.58 .59
.60 .61-.62 .63
.64 .65-.66 .67
.68 .69-.70 .71
.72 .73-.74 .75
.76 .77-.78 .79
.80 .81-.82 .83
.84 .85-.86 .87
.88 .89-.90 .91
.92 .93-.94 .95
.96 .97-.98 .99
.100 .101-.102 .103
.104 .105-.106 .107
.108 .109-.110 .111
.112 .113-.114 .115
.116 .117-.118 .119
.120 .121-.122 .123
.124 .125-.126 .127
.128 .129-.130 .131
.132 .133-.134 .135
.136 .137-.138 .139
.140 .141-.142 .143
.144 .145-.146 .147
.148 .149-.150 .151
.152 .153-.154 .155
.156 .157-.158 .159
.160 .161-.162 .163
.164 .165-.166 .167
.168 .169-.170 .171
.172 .173-.174 .175
.176 .177-.178 .179
.180 .181-.182 .183
.184 .185-.186 .187
.188 .189-.190 .191
.192 .193-.194 .195
.196 .197-.198 .199
.200 .201-.202 .203
.204 .205-.206 .207
.208 .209-.210 .211
.212 .213-.214 .215
.216 .217-.218 .219
.220 .221-.222 .223
.224 .225-.226 .227
.228 .229-.230 .231
.232 .233-.234 .235
.236 .237-.238 .239
.240 .241-.242 .243
.244 .245-.246 .247
.248 .249-.250 .251
.252 .253-.254 .255

/26 — 4 Subnets — 62 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.62 .63
.64 .65-.126 .127
.128 .129-.190 .191
.192 .193-.254 .255

/27 — 8 Subnets — 30 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.30 .31
.32 .33-.62 .63
.64 .65-.94 .95
.96 .97-.126 .127
.128 .129-.158 .159
.160 .161-.190 .191
.192 .193-.222 .223
.224 .225-.254 .255

/28 — 16 Subnets — 14 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.14 .15
.16 .17-.30 .31
.32 .33-.46 .47
.48 .49-.62 .63
.64 .65-.78 .79
.80 .81-.94 .95
.96 .97-.110 .111
.112 .113-.126 .127
.128 .129-.142 .143
.144 .145-.158 .159
.160 .161-.174 .175
.176 .177-.190 .191
.192 .193-.206 .207
.208 .209-.222 .223
.224 .225-.238 .239
.240 .241-.254 .255

/29 — 32 Subnets — 6 Hosts/Subnet

Network # IP Range Broadcast
.0 .1-.6 .7
.8 .9-.14 .15
.16 .17-.22 .23
.24 .25-.30 .31
.32 .33-.38 .39
.40 .41-.46 .47
.48 .49-.54 .55
.56 .57-.62 .63
.64 .65-.70 .71
.72 .73-.78 .79
.80 .81-.86 .87
.88 .89-.94 .95
.96 .97-.102 .103
.104 .105-.110 .111
.112 .113-.118 .119
.120 .121-.126 .127
.128 .129-.134 .135
.136 .137-.142 .143
.144 .145-.150 .151
.152 .153-.158 .159
.160 .161-.166 .167
.168 .169-.174 .175
.176 .177-.182 .183
.184 .185-.190 .191
.192 .193-.198 .199
.200 .201-.206 .207
.208 .209-.214 .215
.216 .217-.222 .223
.224 .225-.230 .231
.232 .233-.238 .239
.240 .241-.246 .247
.248 .249-.254 .255


IPv6 Subnet Cheat Sheet

IPv6 is a complete and different animal as far as subnetting goes. Please note the yellow rows as
each has special common use or notes. If there is nothing in the “Amount of a /64” column that means
it is to miniscule or to massive to justify calculation. Not much is the same with IPv6 compared to IPv4.
Route aggregation and purpose drive subnetting is something which every enterprise IPv6 deployment will make
use of, or it will fail miserably.


Subnet Addresses Amount of a /64
/128 1
/127 2
/126 4
/125 8
/124 16
/123 32
/122 64
/121 128
/120 256
/119 512
/118 1,024
/117 2,048
/116 4,096
/115 8,192
/114 16,384
/113 32,768
/112 65,536
/111 131,072
/110 262,144
/109 524,288
/108 1,048,576
/107 2,097,152
/106 4,194,304
/105 8,388,608
/104 16,777,216
/103 33,554,432
/102 67,108,864
/101 134,217,728
/100 268,435,456
/99 536,870,912
/98 1,073,741,824
/97 2,147,483,648
/96 4,294,967,296 This is equivalent to an IPv4 Internet or IPv4 /8
/95 8,589,934,592
/94 17,179,869,184
/93 34,359,738,368
/92 68,719,476,736
/91 137,438,953,472
/90 274,877,906,944
/89 549,755,813,888
/88 1,099,511,627,776
/87 2,199,023,255,552 1/8,388,608
/86 4,398,046,511,104 1/4,194,304
/85 8,796,093,022,208 1/2,097,152
/84 17,592,186,044,416 1/1,048,576
/83 35,184,372,088,832 1/524,288
/82 70,368,744,177,664 1/262,144
/81 140,737,488,355,328 1/131,072
/80 281,474,976,710,656 1/65,536
/79 562,949,953,421,312 1/32,768
/78 1,125,899,906,842,620 1/16,384
/77 2,251,799,813,685,240 1/8,192
/76 4,503,599,627,370,490 1/4,096
/75 9,007,199,254,740,990 1/2,048
/74 18,014,398,509,481,900 1/1,024
/73 36,028,797,018,963,900 1/512
/72 72,057,594,037,927,900 1/256
/71 144,115,188,075,855,000 1/128
/70 288,230,376,151,711,000 1/64
/69 576,460,752,303,423,000 1/32
/68 1,152,921,504,606,840,000 1/16
/67 2,305,843,009,213,690,000 1/8
/66 4,611,686,018,427,380,000 1/4
/65 9,223,372,036,854,770,000 1/2
/64 18,446,744,073,709,500,000 This is the standard end user allocation
/63 36,893,488,147,419,100,000 2
/62 73,786,976,294,838,200,000 4
/61 147,573,952,589,676,000,000 8
/60 295,147,905,179,352,000,000 16
/59 590,295,810,358,705,000,000 32
/58 1,180,591,620,717,410,000,000 64
/57 2,361,183,241,434,820,000,000 128
/56 4,722,366,482,869,640,000,000 256
/55 9,444,732,965,739,290,000,000 512
/54 18,889,465,931,478,500,000,000 1,024
/53 37,778,931,862,957,100,000,000 2,048
/52 75,557,863,725,914,300,000,000 4,096
/51 151,115,727,451,828,000,000,000 8,192
/50 302,231,454,903,657,000,000,000 16,384
/49 604,462,909,807,314,000,000,000 32,768
/48 1,208,925,819,614,620,000,000,000 65,536 This is the standard business allocation
/47 2,417,851,639,229,250,000,000,000 131,072
/46 4,835,703,278,458,510,000,000,000 262,144
/45 9,671,406,556,917,030,000,000,000 524,288
/44 19,342,813,113,834,000,000,000,000 1,048,576
/43 38,685,626,227,668,100,000,000,000 2,097,152
/42 77,371,252,455,336,200,000,000,000 4,194,304
/41 154,742,504,910,672,000,000,000,000 8,388,608
/40 309,485,009,821,345,000,000,000,000 16,777,216
/39 618,970,019,642,690,000,000,000,000 33,554,432
/38 1,237,940,039,285,380,000,000,000,000 67,108,864
/37 2,475,880,078,570,760,000,000,000,000 134,217,728
/36 4,951,760,157,141,520,000,000,000,000 268,435,456
/35 9,903,520,314,283,040,000,000,000,000 536,870,912
/34 19,807,040,628,566,000,000,000,000,000 1,073,741,824
/33 39,614,081,257,132,100,000,000,000,000 2,147,483,648
/32 79,228,162,514,264,300,000,000,000,000 4,294,967,296 This is the standard ISP Allocation
/31 158,456,325,028,528,000,000,000,000,000 8,589,934,592
/30 316,912,650,057,057,000,000,000,000,000 17,179,869,184
/29 633,825,300,114,114,000,000,000,000,000 34,359,738,368
/28 1,267,650,600,228,220,000,000,000,000,000 68,719,476,736
/27 2,535,301,200,456,450,000,000,000,000,000
/26 5,070,602,400,912,910,000,000,000,000,000
/25 10,141,204,801,825,800,000,000,000,000,000
/24 20,282,409,603,651,600,000,000,000,000,000
/23 40,564,819,207,303,300,000,000,000,000,000
/22 81,129,638,414,606,600,000,000,000,000,000
/21 162,259,276,829,213,000,000,000,000,000,000
/20 324,518,553,658,426,000,000,000,000,000,000
/19 649,037,107,316,853,000,000,000,000,000,000
/18 1,298,074,214,633,700,000,000,000,000,000,000
/17 2,596,148,429,267,410,000,000,000,000,000,000
/16 5,192,296,858,534,820,000,000,000,000,000,000
/15 10,384,593,717,069,600,000,000,000,000,000,000
/14 20,769,187,434,139,300,000,000,000,000,000,000
/13 41,538,374,868,278,600,000,000,000,000,000,000
/12 83,076,749,736,557,200,000,000,000,000,000,000
/11 166,153,499,473,114,000,000,000,000,000,000,000
/10 332,306,998,946,228,000,000,000,000,000,000,000
/9 664,613,997,892,457,000,000,000,000,000,000,000
/8 1,329,227,995,784,910,000,000,000,000,000,000,000

What’s The Difference Between VPS And Dedicated Servers?

When it comes down to VPS vs Dedicated Hosting, theres more to your application than placing a site online.

For an individual, or small to medium sized business, who has either outgrown the rigid confines of a Shared hosting plan, or who knows from the outset they want more power and control over their online presence, two options to consider are Virtual Private Server (VPS) vs Dedicated Server hosting.