Displaying items by tag: web security
Over the years I've continually stressed the importance of web security to our clients. To the point that some of you think that I'm paranoid.
But in this instance it's a case where the perceived paranoia should be interpreted as actually being in possession of the full facts. And of course, I have the relevant data to support those facts.
Remember that you don't see what I see on a daily basis. You're disconnected from it because I handle the process completely - so you don't need to think about it. But just because none of our clients have ever been hacked doesn't mean people aren't trying. They are! And it's my job to stop them!
But what am I up against? This image below is a screenshot of the security firewall in one of our client's sites. Those statistics represent the hacking attempts made on that particular site within specific timeframes. And every one of those hacking attempts was blocked and the IP blacklisted.
So let's be absolutely clear that these threats are very real, and they need to be taken seriously. I take them very seriously indeed.........do you?
Because throughout recent years the security threats to web sites and personal information have increased in sophistication, magnitude, intensity, volume, and velocity. In fact, 87 percent of IT security specialists worldwide believe that we're now in the middle of a global Cyber War!
This elite level of expertise, which was previously directed mainly at governmental and international corporate entities, is now spreading across into the mainstream of security threats that we have to face every minute of every day. The script kiddies and amateur hackers of yesteryear have now been been usurped by a much more sophisticated and knowledgeable network of potential intruders. And they're packing a lot more firepower in their arsenal.
Faced with this additional level of threat we had two choices: Stick with the current system that has served us well for so many years and hope for the best. Or raise the bar to reflect the change in the status quo. As you would expect from us, we've raised the bar. A lot! So in addition to our normal (and very extensive) security processes, we've now deployed an industry-leading commercial security system.
Obviously I can't go into any detail on this openly, but it does introduce advanced intrusion prevention and Bruteforce protection to mitigate against the new threat levels that we face.
From now on, all the individual security elements which were previously working independently are contained within a controlled and integrated server security environment and the processes interact together should the threat change or evolve. Plus, it brings a lot of additional elements of protection to our servers, one of which is it has the ability to automatically send any infected files to a cloud based analysis engine. The file is then automatically cleaned and sent back down to the server when the threat has been removed.
Obviously we hope we never have to use this aspect as our mission is to stop any threats before they reach that point. But it's still good to have processes in reserve......just in case.
So we have now created an environment where detection, protection, and reporting of security threats happen simultaneously and collaboratively. The system protects your web applications and personal data effectively against malwares, botnets and hacker attacks at all times. And after speaking to the developers, it appears that we are the first provider in Spain to implement this system.
But we can only go so far, because you have a responsibility as well. Do not run outdated software and deprecated PHP versions on your accounts......you're just asking for trouble. And if you are running vulnerable software then all the security systems in the world are not going to help you because the application will just let the attacker in without triggering security. Essentially you've given them the key to the door.
We've always notified clients of this situation before their sites reach this stage. And if they choose not to update their software then that's their choice. However, we are then unable to provide hosting services for them any longer - as they're a risk to themselves and everybody else. We would of course find them an alternative host. Be assured that there's plenty of "Web Hosts" out there who don't care what their clients put on their web space......as long as the money comes in.
It comes down to this: Would you prefer your data to be within a secure gated compound......or a crack house? It's a no-brainer as far as I'm concerned!
As we get older, we tend to look back and think that life was better in the past! It was certainly simpler then that's for sure.
But time moves on for all of us and the only option that we have is to go with the flow! There's no pause button to lock our life into one moment in time!
And never is this more true than with technology.....it just keeps advancing. I know that some people tend to resent change in these areas.....but ask yourself, would you like to go back to the pre-mobile era of basic flip-up phones? Ten years ago we could never have dreamed that we'd be walking around with the internet, and in many cases our business, right in the palm of our hands. These sort of advancements require change, as older technologies and applications are gradually replaced by more efficient versions. You're getting the benefits of these developments every day....in everything you do.
The same principle applies to the software applications that power websites and servers. They all get better, quicker, more efficient, and more secure. And I want to touch on just one aspect of that.....PHP. PHP is a widely used scripting language for web applications that powers most of the sites that you visit every day. Including your own!
Those of you on older sites are aware of the upgrade to PHP 5.6 this month which could render some of these obsolete sites as unuseable. We are able to relocate these sites to alternative hosts that are still running older PHP versions, so the sites will still be able to run. But all you're doing is hitting the pause button and trying to lock yourself into a moment in time that's now gone. And it's not just the time that's gone......it's the security and efficiency as well. Security always has to be the predominant factor in the equation.
As we've touched on PHP, let's examine how it's improved over the years by looking at the graph below. This only relates to speed, but you'll get an idea of the groundbreaking improvements that have been made.
We originally started on the PHP 4 series, and then started moving incrementally through the PHP 5 versions.
By 2008 we were on PHP 5.2.....and due to the advancements it made, the time had dropped to 4.2 seconds.
In 2012 we upgraded onto PHP 5.3, and the time went down to 2.9 seconds.
In 2014 we moved to PHP 5.4....which dropped the time down to 2.18 seconds.
Last year it was time for PHP 5.5 which resulted in yet another drop to 2.03 seconds.
June 2016 and it's time for PHP 5.6, as PHP 5.5 is end of line. And we're now below the two second mark at 1.92 seconds.
Compare the times from 2006 (over 12 seconds) to 2016 (under 2 seconds)......that's an incredible difference in speed. And also in efficiency, because it uses less server CPU and memory doing it, while being totally up to date on security.
The next PHP upgrade after this will be PHP 7.......and that will be at the start of 2019. Current tests seem to suggest that it will cut the PHP 5.6 time by 50%, and come in at under a second to run that task. Now that is amazing, and it just shows how far we've come!
So why would anybody want to run on old, outdated, and insecure versions of PHP? Every version of PHP below 5.6 is now a serious security risk, and every website running on obsolete software is also a serious security risk. Put the two together and you've got the perfect storm!
If you have a current and viable business, with your website being an integral part of it.......can you seriously afford to take the risk of Living in The Past?
Let's talk FACTS! The reality is that there are many good web designers in Spain who you could choose for your new website, and there's also some who may deliver a less than stellar experience. So how do you know who to choose? Well in my case, I'll actually suggest the ones I know who are totally professional. Like us, they've been around a long time, and have an excellent reputation. We're quite open about this, and despite the fact we're all doing the same thing, we're generally using different platforms and systems to do it.
It may be the case that one of them would be a better fit for you than us.....and if so we'll give you all their details. No designer can be all things to all men, so beware of any that claim that they are. Simply because a project emanating from a knowledge base that is one mile wide and only one inch deep is never going to deliver the experience that a specialist can.
It's in your interest to check any potential designer's work, and always take up references from existing professional clients. Any experienced Pro will have a lot of them, not just one or two from a couple of very low key projects. You can see some of ours HERE!
Now whether you know this or not, it's a fact that you're going to need ongoing help and support after you've taken delivery of your website. If you get a site from a "sell it and forget it" type of operation then I guarantee that it's not going to end well.
I know because of the number of people who get referred to me when a serious situation occurs with their current designer.
It can get very messy indeed involving loss of money, loss of site, loss of domain name etc.....so do your research. If you make a purchasing decision based on the cheapest you can find, and without practicing due diligence, then be aware there could be a trainwreck up ahead. And you're going to be in it!
We've always felt that the level of after sales service and ongoing support that we provide is outstanding. And our clients think so too! After all, we have over 500 of them.....and there has to be a reason for that. Here's some facts for you to consider:
1. A client contacted us with a problem on Xmas Day. They got a two minute response and five minute resolution. FACT!
2. Contact your current web designer at 11PM on a Saturday night and see how long before you get a response. If you're a client of ours it'll be 5 minutes. FACT!
3. Unlike many others who only run reseller accounts from web hosting providers, we run our own Dedicated Servers in London and Chicago. Essentially, we are the host, there's nobody else involved apart from the on-site technicians within the respective datacentres. The only people on our servers are our web design clients with the sites that we built.
We don't provide web hosting to outsiders simply because we don't want anything introduced onto the server that could have a negative effect on our business clients' sites. Yes.....we turn away hosting business on virtually a weekly basis so we can have a clean house. FACT!
4. Every site has a remote monitoring system connected to it. So if a site fails to load we'll have a notification within 5 minutes.....and we react immediately to get it running again. If your site is running on a reseller account with another designer then you'll be the first one to notice it.....and maybe it's been down for days and you didn't know?
At that point you'll need to contact your designer and wait for them to respond to your mail. Unfortunately it doesn't end there, because then they have to wait for their hosting provider to respond to their support ticket. Timescale? Your guess is as good as mine on that......but it certainly won't be the five minute action that we provide. FACT!
5. Site backups? Most people don't think twice about this, and if you're one of those, you'd better start now because your business may depend on it. Our system is that we use the commercial R1Soft Backup platform. This makes 10 incremental backups over the course of a month: At 1AM on every Monday, Wednesday, and Friday, the application copies all your data to a remote server. So think of it like the Windows restore points on your PC......the site can be rolled back to a previous date.
That system takes considerable investment in both time and money to operate, plus we have to pay for the additional 1TB storage space that it needs. But that's what we do, and it's there for your protection! FACT!
6. Every site has an additional database backup every night at midnight. This actually gets stored in a secured folder under our WebSpain domain name account so it's instantly accessible by us at anytime. That's a database restore in minutes! FACT!
7. Every site that we build has security updates applied to it through the lifetime of that particular version. As a rough guide, each version will run for about 3 years before it becomes end of line. During that time we could have updated it up to 25 times to keep it as secure as possible. Cost to the client? Zero! We do it because that's the professional way things should be done. We do not compromise on Security! FACT!
8. We monitor server logs and security alerts throughout the day. If there's any potential malicious activity occurring then we'll know all about it, and take appropriate action. If you are hosted on somebody else's reseller account they'll never even see these notifications because they don't have root access. So our level of vigilance is considerably higher than most! FACT!
9. Sometimes E-mails can't be delivered because there's a problem on the recipient's server! We let you know if this happens, so no more disappearing mails and possible loss of business. We cover all of that as part of our service! FACT!
10. We do not sub-contract any of our work to third parties......never have and never will. In rare circumstances we do bring in a specialist coder if you have bespoke requirements relating to XML property imports, but we'll put him in contact with you direct. You pay him, and unlike many others, we don't add any additional charge to that. Everything we do is completely transparent! FACT!
There's actually many other elements to our service that you'll never know about until you become a client. But you'll see that some of them are mentioned in What The People Say by our clients. The point here is that with us, the response, interest, and level of personal service don't cease to exist after purchase. If anything, it gets better. We've got many clients who've been with us for over 10 years now, and in our industry that's pretty remarkable. What does that tell you?
If you're comparing web designers......then compare on a like for like basis! We've listed above some of the things that we bring to the table.....so go ahead and check how many of those aspects that other web designers actually deliver!
It comes down to this: Back in 1998 my goal was to build a business that would last a lifetime.....rather than some cowboy outfit that wouldn't even last a lunchtime. And in that respect I've succeeded.....because WebSpain will outlive me for sure! Now that's a FACT......and who else can say that?
It's a fact of life that whether we like it or not, time moves on for all of us! Particularly within the IT industry, with so many new innovations occurring on a regular basis!
As a consequence of this ever changing environment, a question that I sometimes get asked is "How long should a website last?"
Unfortunately there's no simple answer to this one, because there are many contributing factors that can influence longevity.....most of which are beyond our control. I'm referring to factors such as discontinued software applications for sites, and vulnerable server software being withdrawn. Then there's new technologies that emerge......a typical example of that being mobile responsive websites.
However, I'm going to give you the main reasons for upgrading your website software, and hopefully give you an approximate timescale for when I'd consider it necessary.
The main reason for upgrading, and by a very wide margin, is security!
Cyber crime is rampant! But it's not just cyber criminals that an online business needs to worry about.....it's vandals! In fact, these are your biggest threat. Just the same as if they broke your shop window or daubed graffiti on your walls, they'd love nothing better than to trash your website. It's a game to them!
Did you know that there are sites out there that actually organise competitions for members whereby they score points by defacing sites? And they always leave a calling card on your site (sometimes not very pleasant) in order to identify themselves so they can rack up points in the game.
Eventually, vulnerabilities that initially could only be accessed by the elite few will be accessible to even the novices. Very often via user-friendly interfaces, and even guided by online tutorials! It's one of the reasons why software keeps moving on in terms of older, vulnerable applications being withdrawn and newer versions being introduced to replace them. While no application can be guaranteed free of security flaws forever, newer systems are all coded with the knowledge of past vulnerabilities in mind, and patched accordingly.
We've always taken security on the servers very seriously, and the trigger for it to activate is very slight. But if a vulnerability exists in an application that allows a third party to infiltrate your site by simply walking in without raising the alarm, then none of these measures are going to take effect. Given a long enough timeframe, intrusion is guaranteed. So security must always be paramount in your planning.
Of course there are other reasons for upgrading your website. These would include embracing new technology. A typical example would be mobile responsive websites, which has been the most significant technical advancement in the past 10 years. This is the one that's changed the game totally.
Or maybe your competitors have recently taken a major initiative in revamping their web presence, and you're now looking like the poor relation? If that's the case, then it could be the time to consider upgrading.
Has your business switched direction? Or have you changed your marketing strategy? If so, then it may be time to change your website to match the new focus!
Perception! As the years pass, your site will look more and more outdated. And so will potential clients' perception of you. Essentially, you will not be giving them the confidence to use your services.
All of these are valid reasons to consider upgrading......but the security aspect is by far the most important!
As for the life of a site.....in principle it could run forever if you can find a webhost that will run obsolete server software indefinitely! Plus you'd need to be totally invisible to potential hackers of course.
In reality, neither of those scenarios are going to be very likely, so I'd say around 3 to 4 years before you'd need to think about replacing your existing site. If not for functionality and appearance, then most definitely for security reasons because you may well be vulnerable by that time.
But whatever your reason for considering an upgrade, you'll still get the benefits of all of the aspects! Plus you'll have the peace of mind of knowing that your site is looking modern and attractive to potential clients, while being as safe and secure as possible.