Today, there are still people who belong to the world wide Internet, as a comprehensive encyclopedia of the world. However, there are fewer such people. And more and more those who rightly consider the Internet a means of making money . After all, he can attract a large number of new customers to yourbusiness, to notify everyone and everything about what you are and what invaluable services you provide for mere pennies. Not only that, the Internet can bring you money even when you do not have any offline business. You can earn money online.
All you need is to have your own site or several sites (as you wish). And of course, you can not do without buying a hosting . Choosing a hosting is a difficult and thorny way. To go through it without loss, you need to learn a lot, read a dozen useful articles .
Suppose you have overcome this path, successfully use hosting services, and now the time has come when you are reaping the benefits of your activities and making money. And then, like a bolt from the blue, one fine day you find that your site has been attacked . And in the worst case, your entire business is irretrievably lost. And why? Because when choosing a hosting, you ignored such an important and crucial parameter as hosting security . And this means that your hosting provider, to which you naively entrusted everything that you had, could not protect and preserve this.
Caution: First of all, you are responsible for security, how you store passwords, from which computers you log in, etc. And only then is the hosting provider.
By purchasing a hosting with a weak data protection system, you get luxury apartments with a large iron door, in which there is no lock. Well, if you still do not close the door, then wait for the guests …
Why do hackers hack sites, why do they need it?
The main reasons for hacking sites
It’s difficult to categorize all the reasons for hacking a site. But I will try. So, I think you have already guessed the main reason why all the most notorious crimes were and are being committed – it’s money!
There are several ways to earn crazy, easy money on your website:
- Use your site for your own mailing and spam
- Use your site to drain traffic and sell it
- Get all the rights to your site and sell it
- Place hidden links and malware on your site
- Using a special code, redirect your visitors (customers) to your site
As in real life, the same struggle for a place under the sun takes place in virtual life. The competition in the network is very developed and every businessman always monitors how his colleagues are doing in order to keep up and even be a cut above. But as it always happens, not every competition is fair. Sometimes a company “orders” a competitor to hackers and ensures that its sales soar.
Almost a good half of the atrocities in the network are due to ordinary hooliganism. The reason for this may be ordinary vanity (a person is proud that he was able to do this). Or, someone may be interested in the program code or some password that is on your site. That is, your site is just a tool to achieve a personal goal.
It also happens that by mistake of yours or provider, a visitor can hack your site accidentally.
There are so many ways to attack your site. I will not go into details, but I’m simply obliged to identify the main ones.
Password escape – an attacker infects your computer and the malware copies the passwords from the browser or ftp client and sends it to the hacker’s email. Thus, all your passwords stored in the browser can get into the villain’s database and therefore you can lose not only your sites, but also a good part of your information that is stored on the Internet.
DDoS attack leads the server to complete inactivity. The essence of such an attack is that a huge number of calls are made to your server in one second. This is done from many computers, which for the most part are infected with various viruses. If you protect your computer poorly, then you can also become a DDoS attack tool. Such an attack, though not prolonged, but effective. And if you have a large business, then even one day of downtime of your server can greatly affect your profit.
Malicious links and programs are hidden links and program codes that lead to disastrous consequences. Namely, your site may be blocked by the hosting provider for breaking the rules, you can be kicked out of all search programs, get negative reviews on various forums and sites. You may not even know this. And soon you will find out that traffic is lower and lower, transactions are less and less being done on the site, or you are completely denied hosting services. A similar thing happened with the heroine of our article.
XSS – attack is carried out by cybercriminals invisibly to the site and without bringing any visible problems. This is at first glance. But in fact, using a special script, the pest penetrates the memory of your site and steals links and gets access to user accounts. By changing the page code of your site, a hacker can redirect your visitors to your site.
SQL injection is an attack method in which an attacker gains the ability to read or write data, as well as execute any commands on the server. The attack works by injecting arbitrary SQL code into a SQL query. A very dangerous and fatal attack on the site, in which you can lose all your data.
In fact, there are a lot of types and subspecies of attacks, and you don’t need to know all of them. It is more important for you to know how to avoid them and to protect yourself from them. But first things first.
Weaknesses in your site
Password – a lot of novice webmasters do not attach much importance to this and it turns out to be in vain. All hackers have statistics on frequently used passwords, and they successfully use these data. And do not consider yourself too original if you enter your birth date or the like in the password. In order not to fool yourself and to invent an original and complex password every time, take advantage of the benefits of civilization – download a password generator like “KeePass” for yourself. And do not try to use the same password twice, or thrice. Do not facilitate the work of hackers.
Scripts are another weakness of your site. A lot of scripts have holes and loopholes for hackers, with the help of which they can easily penetrate the code of your site and get hold of the necessary information.
Site accounts that you create for the purpose of testing the operation of a resource or for any other purposes. Often they are simply forgotten, instead of being deleted. And such accounts are a tidbit for hackers, since you hardly managed to create a more or less decent password for it.
How to protect yourself
1. Use a strong password storage system
2. Update the software on the computer and server
3. Use only proven scripts (engines)
4. Scan the site for vulnerability (special scanners will help you with this)
5. Use reliable and high-quality hosting services
7. Constantly backup files and database sites.
8. Put the .htaccess file in the administrative folder of your site , in which write the permission to access only from your IP
9. Regularly scan your computer for viruses and trojans, a threat may come from here.
10. Try not to enter the admin panel of your site from unverified computers and forget about the Internet cafe (most often password readers are installed on keyboards there)
What to look for when buying a hosting
In order to secure your site from the server side on which it will be located, you need to choose a secure hosting. If for your part you are taking all preventive measures to protect your site from hacking, then on the server side you will have to completely trust your provider. Of course, you can take his word for it. But we are practical and incredulous people, so we select hosting for the following security parameters:
1. Place your site only on a server with enough resources. If the bandwidth of your server is limited, then perhaps it will not stand the DDoS attack. It is better if you have an independent channel to the server through which you can access your resource. That is, we select a provider with the ability to provide unlimited traffic . Of course, it is limited , but this means that it is big.
2. Choose a provider that guarantees you regular BackUp , that is, backing up all your data that will be very useful to you in case of anything.
3. Choose a provider that works only on the platform of modern software, updated to the latest version.
4. The hosting provider must support the latest versions of scripts and applications.
5. Make sure that the provider only works with proven engines and scripts and does not allow all users to upload unknown programs to the server. Otherwise, due to incompetence one of the server users, you may suffer.
6. It is better if the provider supports a secure connection to your account – SFTP or SSH , thanks to which passwords will not be stolen from you during file transfer via ftp-client.
What to do if you have been hacked?
1. Do not panic.
2. Check the index.php files (index.html, index.htm, defolt.html and the like, which are primarily accessed by the browser) and .htaccess in a text editor. If you find suspicious code in them, then simply replace them with the default ones (which come with the engine by default). Most often, the problem is solved at this step.
3. If the previous option did not help you, then deploy backup.
4. Be sure to put the last “uninfected” backup in a separate folder.
5. Update all plugins, modules, engines, if not updated.
6. Change all passwords.
7. Delete and no longer save passwords in the browser, especially access to your sites and wallets. Instead of using the ftp client, use programs like WinSCP, which do not save passwords and can create encrypted connections.
8. Update the antivirus or virus database on your computer.
9. If the problem recurs after a while, contact a professional for help.
10. If a professional says that the matter is in hosting, feel free to change the provider.
11. If you were hacked even after changing the provider, then it is definitely up to you.
Choosing a secure hosting is akin to choosing a life partner: you look at it, check for lice, find out the pedigree and the like. And only after that you make a decision. In order for your “union” with the provider to be lasting, and in grief and joy, and in illness and health, until death do you part, choose only a secure hosting. Otherwise, everything may already end in the engagement stage.