Displaying items by tag: server security
Over the years I've continually stressed the importance of web security to our clients. To the point that some of you think that I'm paranoid.
But in this instance it's a case where the perceived paranoia should be interpreted as actually being in possession of the full facts. And of course, I have the relevant data to support those facts.
Remember that you don't see what I see on a daily basis. You're disconnected from it because I handle the process completely - so you don't need to think about it. But just because none of our clients have ever been hacked doesn't mean people aren't trying. They are! And it's my job to stop them!
But what am I up against? This image below is a screenshot of the security firewall in one of our client's sites. Those statistics represent the hacking attempts made on that particular site within specific timeframes. And every one of those hacking attempts was blocked and the IP blacklisted.
So let's be absolutely clear that these threats are very real, and they need to be taken seriously. I take them very seriously indeed.........do you?
Because throughout recent years the security threats to web sites and personal information have increased in sophistication, magnitude, intensity, volume, and velocity. In fact, 87 percent of IT security specialists worldwide believe that we're now in the middle of a global Cyber War!
This elite level of expertise, which was previously directed mainly at governmental and international corporate entities, is now spreading across into the mainstream of security threats that we have to face every minute of every day. The script kiddies and amateur hackers of yesteryear have now been been usurped by a much more sophisticated and knowledgeable network of potential intruders. And they're packing a lot more firepower in their arsenal.
Faced with this additional level of threat we had two choices: Stick with the current system that has served us well for so many years and hope for the best. Or raise the bar to reflect the change in the status quo. As you would expect from us, we've raised the bar. A lot! So in addition to our normal (and very extensive) security processes, we've now deployed an industry-leading commercial security system.
Obviously I can't go into any detail on this openly, but it does introduce advanced intrusion prevention and Bruteforce protection to mitigate against the new threat levels that we face.
From now on, all the individual security elements which were previously working independently are contained within a controlled and integrated server security environment and the processes interact together should the threat change or evolve. Plus, it brings a lot of additional elements of protection to our servers, one of which is it has the ability to automatically send any infected files to a cloud based analysis engine. The file is then automatically cleaned and sent back down to the server when the threat has been removed.
Obviously we hope we never have to use this aspect as our mission is to stop any threats before they reach that point. But it's still good to have processes in reserve......just in case.
So we have now created an environment where detection, protection, and reporting of security threats happen simultaneously and collaboratively. The system protects your web applications and personal data effectively against malwares, botnets and hacker attacks at all times. And after speaking to the developers, it appears that we are the first provider in Spain to implement this system.
But we can only go so far, because you have a responsibility as well. Do not run outdated software and deprecated PHP versions on your accounts......you're just asking for trouble. And if you are running vulnerable software then all the security systems in the world are not going to help you because the application will just let the attacker in without triggering security. Essentially you've given them the key to the door.
We've always notified clients of this situation before their sites reach this stage. And if they choose not to update their software then that's their choice. However, we are then unable to provide hosting services for them any longer - as they're a risk to themselves and everybody else. We would of course find them an alternative host. Be assured that there's plenty of "Web Hosts" out there who don't care what their clients put on their web space......as long as the money comes in.
It comes down to this: Would you prefer your data to be within a secure gated compound......or a crack house? It's a no-brainer as far as I'm concerned!
Technology keeps on moving forward at a rapid pace both in hardware and software. You either stay with it or you try and struggle by with the technology of yesteryear. That's not a good way to do business......and eventually you won't have a business! So this month our old Dedicated Server in London (circa 2014) was finally retired and replaced with a powerhouse system to keep us at the forefront of the industry.
So what's changed?
Our new server is an Intel(R) Xeon(R) CPU E5-2450 0 @ 2.10GHz with 32 CPUs and 20 MB SmartCache. Among it's capabilities are Intel® Turbo Boost Technology, Intel® Hyper-Threading Technology, and Intel® Virtualization Technology (VT-x).
As per our previous server, we have 32GB RAM.....but of a much later generation for faster speeds.
This is the biggest game-changer of the lot because our old 1TB SATA drive has been replaced by 6 x 480GB Solid State Drives (SSD).
SSD Drives use flash memory to deliver vastly superior performance and durability over traditional SATA hard drives. Because without moving parts to slow your computer down, SSD's offer instant-load performance, and faster application loading times. Plus, they're more durable! With traditional hard drives, the continuous motion generated by small moving parts creates heat, which is a leading factor in hard drive failure. SSD is what you actually have in your mobile phone, and you know how much quicker that is compared to your nomal desktop PC.
The reason you don't have SSD drives in your home computer is price. They are very expensive.....and we've got SIX of them.
RAID 6 Array
The 6 SSD drives are set up in a RAID 6 configuration. This means that the system can continue to run after two disks fail, and lost data can be automatically reconstructed by the IOA after a disk failure. Also, two failed disk units can be replaced without stopping the system. I certainly don't want to test this aspect, but it's nice to have the peace of mind that goes with it.
To summarise, we want to offer the best hosting experience possible. This massive technology upgrade ensures that we can continue to provide high spec servers populated with a very low number of clients, delivering maximum CPU and memory allocation. This is the critical factor NOT diskspace! So don't be misled by ridiculous marketing ploys about unlimited webhosting which doesn't actually exist.
Don't think for one minute that you will get the same experience on some hosting reseller offering resources that they don't actually have, while simultaneously quoting prices that are financially unsustainable. Not all web hosting is the same.
Please note that these hosting services are only available to our web design clients on sites that we have built. We do not accept outside hosting clients as we will not introduce any risky, outdated, or vulnerable software onto our servers. Yes......we turn hosting clients away on a weekly basis! Crazy business logic so I've been told......but we're not compromising our standards.
Our goal is to give our clients the best experience possible, and we try our very best to achieve that. Hence the major upgrade of our hosting infrastructure to reflect the ongoing advancements in technology. In this industry, if you're not moving forward, then you're actually going backwards.....and we've always chosen to lead from the front!
Worried about Dirty COW? You should be, because last week a serious vulnerability was discovered in the Linux kernel which runs the majority of the world's servers. It was so critical that it can lead to a privilege escalation, denial of service, or information leaks. And it's called Dirty COW! Why the name Dirty COW? It gets its name from the Linux sub-system, called Copy-On-Write or COW, in which it appears.
You may well have seen reports in national dailies about it, and now it's spread to Android Phones as well. Basically, if you've got a website then you are potentially at serious risk because it could take weeks before web hosts get round to patching the kernel on their servers. Then the server will need to be rebooted resulting in downtime.
Unless of course you're a WebSpain client! Because when we switched to Cloud Linux earlier this year we also purchased Kernel Care as part of the package. KernelCare keeps Linux servers secure with all the latest kernel patches available immediately, and they're automatically applied without needing to reboot the server. So no security issues and no downtime!
It keeps running permanently and checks for any kernel security updates every 4 hours. If there's an update available, it just applies it without any human intervention or downtime. Our kernel was patched on 21st October......literally as the news broke.
If you're not a WebSpain client then you just have to cross your fingers that somebody is going to take action at some point to protect your business interests. Timescale is impossible to estimate......but I can guarantee that the less you paid for your hosting then the longer it will take. If it's even patched at all! But that's what happens when your main priority is cheap!
It just demonstrates, once again, how proactive we've always been in this area, and how not all web hosting is created equal.
If you're serious about your business then you need a serious provider. If you're not serious about your business, or perhaps you just don't care......then there's plenty of providers out there that would be a perfect fit for you. But we're not one of them!
We've always attempted to keep our clients safe from the undesirable elements and the grief that go along with doing business on the Internet. In effect we keep you within a protective shield so you don't see these things. Therefore you don't get grief. It just works! You don't even need to think about it!
I'm sure you're all familiar with the phrase "you get what you pay for", and this has never been more true than in the case of internet services. Particularly web hosting! Over a year ago, we published an article "Not all web hosting is created equal" where we detailed exactly what we bring to the table in terms of web hosting services. But things have changed since then......we've advanced even further with the addition of Cloud Linux on the servers.
We believe that no other web designer providing hosting services offers the allround quality of service that we deliver.....day after day.
And this is not just at server level......it's also at site level, which no other web host will manage for you. With a normal web host, your site is your responsibility.....not theirs. But in our case, we handle it all to give you total peace of mind.
Obviously I would say that....wouldn't I? But what about the experience of a former client who went elsewhere, and actually discovered for herself what life is like on the Dark Side?
"The saying "You do not know what you have until it's gone" has never been so true for my husband and I.
Having been with WebSpain for around 9 years, WebSpain not only built our two business websites we were a hosting client too. During this whole time we had no issues whatsoever with our sites or hosting.
However as time went on our sites were considered "old " in the techno world and we didn't really have time to get round to upgrading them. This meant that as our sites were old, Webspain could not really support them any longer on their servers, as they are exceptionally up to the minute with hosting etc. Therefore we had to move. We changed to another hosting company and have had nothing but problems since. These varied from no e-mails, lost emails, and site down time, all of which is a nightmare when running a web based business. In the end we could not even get our e-mails.
So in desperation, we went to Pete for help and he ended up logging onto their server and rectifying the issue that the other hosting company were unable to do. The standard of service and professionalism of WebSpain can really not be compared to the many other companies out there. Believe me, we know and it has cost us dearly".
And that is the reality of the situation! I know the hosting company that she's with, and overall they have a good reputation. But we deliver a total allround package that far exceeds what any pure web host offers......and once you get accustomed to that as being the norm then anything else is going to fall short.
We haven't published this to blow our own trumpet, we've published this to make you aware of the reality here. And the reality is that you cannot compare the service that a basic web host provides against the totally rounded and all encompassing range of services that we deliver. They are totally different things.
In some cases you could save yourself a few Euros by switching to someone who just provides web hosting.....or you could even pay more. But in both cases you are still not going to get the allround level of service that we deliver.
All you will do is introduce a different element into the equation. And that element is grief! And going from my experience, the less you pay, the more the grief is going to increase! Just remember that not all web hosting is created equal, and Life on the Dark Side may not be what you expect.
We all know that over the last decade the technology that we use has advanced beyond anything we ever imagined!
But along with this increased sophistication comes increased danger. I'm talking about cyber crime!
Now before you dismiss this as another paranoid rant about something that's not relevant to you, just take a look at this......because what you see there is happening right now: Live Cyber Attack Monitoring Service.
I've seen attacks in excess of 5 million per day taking place, it's literally a battlefield......and you're in the middle of it. Every day!
What can we do to protect ourselves? Firstly you need to understand that we can never be 100% impervious to cyber attacks, because if governments and giant multinational corporations can be taken down, then what hope do we have?
But realistically the elite level operators who commit acts of that magnitude are not interested in you and I......they want the big fish! And invariably they get them......as nearly 300 million records were leaked and over $1 billion were stolen in 2015.
The lower levels of hackers would certainly be interested in us though. To some it's just a game (and there are online games going on where they score points for defacing sites)......or to some it's personally motivated. By that I mean people with a grudge, or competitors who would like nothing better than to take you out of the game.
What makes it more dangerous is that the entry level for attackers has now been lowered considerably. You don't need to have any skills or knowledge whatsoever, you just pay for access to one of these online cyber attack service portals and you simply click a few buttons. The cost is minimal for basic services, but the more you pay then potentially the more mayhem you can create. Yes.....we now live in a world where you can go online and order whatever services you want in order to commit internet crime.
All we can do is take the necessary precautions......and take security seriously! The server software is always kept current, and whatever security measures we can deploy are always in place for your protection. But that counts for very little if your site software has become end of line and has had no security updates for some time. Because someone could potentially get access without raising any alarms, and the first you'll know about it is if your site gets defaced or thousands of e-mails get sent out supposedly coming from you. Obviously the content contained in those e-mails is not going to be pleasant, and will no doubt result in your domain name getting blacklisted right across the internet.
I would strongly recommend that you don't go down this path of outdated site software.....it's not going to end well. It will result in complete disruption, loss of business, and a degree of diminished client confidence.
As far as our clients are concerned, we always make people aware if they're in that situation, as we believe in complete transparency and keeping people informed. But ultimately what they choose to do is up to them.
I would suggest you now go back and check the Live Cyber Attack Monitoring Service and see how the daily figure has risen since you started reading this article. And if you're knowingly running outdated site software, then go and check your site to make sure that you haven't become Just Another Victim!
It's a fact of life that whether we like it or not, time moves on for all of us! Particularly within the IT industry, with so many new innovations occurring on a regular basis!
As a consequence of this ever changing environment, a question that I sometimes get asked is "How long should a website last?"
Unfortunately there's no simple answer to this one, because there are many contributing factors that can influence longevity.....most of which are beyond our control. I'm referring to factors such as discontinued software applications for sites, and vulnerable server software being withdrawn. Then there's new technologies that emerge......a typical example of that being mobile responsive websites.
However, I'm going to give you the main reasons for upgrading your website software, and hopefully give you an approximate timescale for when I'd consider it necessary.
The main reason for upgrading, and by a very wide margin, is security!
Cyber crime is rampant! But it's not just cyber criminals that an online business needs to worry about.....it's vandals! In fact, these are your biggest threat. Just the same as if they broke your shop window or daubed graffiti on your walls, they'd love nothing better than to trash your website. It's a game to them!
Did you know that there are sites out there that actually organise competitions for members whereby they score points by defacing sites? And they always leave a calling card on your site (sometimes not very pleasant) in order to identify themselves so they can rack up points in the game.
Eventually, vulnerabilities that initially could only be accessed by the elite few will be accessible to even the novices. Very often via user-friendly interfaces, and even guided by online tutorials! It's one of the reasons why software keeps moving on in terms of older, vulnerable applications being withdrawn and newer versions being introduced to replace them. While no application can be guaranteed free of security flaws forever, newer systems are all coded with the knowledge of past vulnerabilities in mind, and patched accordingly.
We've always taken security on the servers very seriously, and the trigger for it to activate is very slight. But if a vulnerability exists in an application that allows a third party to infiltrate your site by simply walking in without raising the alarm, then none of these measures are going to take effect. Given a long enough timeframe, intrusion is guaranteed. So security must always be paramount in your planning.
Of course there are other reasons for upgrading your website. These would include embracing new technology. A typical example would be mobile responsive websites, which has been the most significant technical advancement in the past 10 years. This is the one that's changed the game totally.
Or maybe your competitors have recently taken a major initiative in revamping their web presence, and you're now looking like the poor relation? If that's the case, then it could be the time to consider upgrading.
Has your business switched direction? Or have you changed your marketing strategy? If so, then it may be time to change your website to match the new focus!
Perception! As the years pass, your site will look more and more outdated. And so will potential clients' perception of you. Essentially, you will not be giving them the confidence to use your services.
All of these are valid reasons to consider upgrading......but the security aspect is by far the most important!
As for the life of a site.....in principle it could run forever if you can find a webhost that will run obsolete server software indefinitely! Plus you'd need to be totally invisible to potential hackers of course.
In reality, neither of those scenarios are going to be very likely, so I'd say around 3 to 4 years before you'd need to think about replacing your existing site. If not for functionality and appearance, then most definitely for security reasons because you may well be vulnerable by that time.
But whatever your reason for considering an upgrade, you'll still get the benefits of all of the aspects! Plus you'll have the peace of mind of knowing that your site is looking modern and attractive to potential clients, while being as safe and secure as possible.