Carding 4 Carders
Professional
Shared hosting access of all types of web hosting is the most common and most vulnerable in terms of security.
Learn how to protect yourself.
Let's face it: when it comes to the topic of web security, most of us prefer to live in denial. "I'm too young to be hacked", "I know I won't be so unlucky", "We'll look into it when I have more time" – there's no limit to what we can come up with to avoid the evasive, tedious work of strengthening your site's security.
Yes, even the thought of creating backups is enough to forget about the problem.
So, what can motivate us to take security more seriously?
Maybe stick information about the world's most destructive break-ins on our walls?
But then my thoughts will be that I'm too small to be hacked.
One idea I think might work is a counter that shows the total number of hours you've spent on your business or your website.
If five years have passed (let's assume that you invest an average of 15 hours a day in the business), this will be 15 x 30 x 12 x 5 = 27,000 hours of effort, which will instantly go down if your site was hacked and all data was destroyed!
Although this post isn't about habits and motivation, I thought a quick discussion was in order.
If this doesn't scare you or motivate you, I do not know what will happen to you next. ?
Anyway, for those who have been scared enough or concerned enough about their security in General, let's move on to what you can do to make your shared hosting account more secure.
Pay attention: this is the shared hosting account we're talking about here, not a virtual or physical server (or even a combination of them).
Independent servers are a completely different ball game, whereas in this post I'm targeting the majority of non-techies whose income depends on digital properties.
Creating (providing) regular backups
It's hard to believe that backups can be security - related, but they are.
Often hacks are so bad that they destroy your data; sometimes malicious code lurks deep at the core and continues to appear (I can't even explain how many times this has happened to me on a WordPress client site!), despite the best professional cleaning.
In such cases, there is nothing better than clicking the restore button: go to the backup that used to work for you, clean the tablet, configure everything again,and import the data back.
What do you have to lose?
Data collected since the backup.
What do you get?
The whole business!
However, there are a few things to keep in mind about backups.
Recovery
Backups don't mean anything if you don't have the conditions for fast and predictable recovery.
Your shared hosting provider probably has a recovery option, but are you sure it works?
And if there is no restore button, do you know how to restore everything?
Over time, you collect huge amounts of data, which can be a problem when recovering.
And then there are other things to consider: database version, software version, PHP version (if you use a PHP site of course), compatibility of these versions, and so on.
Most likely, you don't have the skills or energy to figure it all out.
If you don't, I strongly recommend that you use a management service that will take care of everything for you, even if it may seem expensive to you.
On the other hand, if you are confident that you can handle it, I should ask you to have regular rehearsals (say, every six months) – believe me, no matter how experienced you are, there is always something to stumble over.
If you are looking for reliable shared hosting for creating sites on WordPress, Joomla, Magento that offer daily backups, try analyzing the available options.
Frequency
How often should you make a backup?
There are two things to consider here: the size of the data collected and the criticality of your business.
Let's say you have 40 GB of data needed to run a business.
If you are planning a daily backup, you will use 40 x 30 = 1200 GB or 1.2 TB of data for the first month.
By the end of the first quarter, the data size would have grown to 3.6 TB – no matter where you choose to store this amount of data, a hole in your pocket is guaranteed.
The solution?
Cancel data older than a certain duration.
Now, how long this duration is depends entirely on your business, although in most cases, backups performed twice a week for the last month or two are more than enough.
Even then, the backup bills will be non-trivial, and you'll need to make sure that this is useful data to be backed up, and it's also in a reusable form.
Otherwise, you know the risks?
Enable two-factor authentication
For those who don't know about this idea, two-factor authentication means using a two-step process to verify users before they log in.
What for?
Only because if someone guesses or otherwise steals your password and tries to log in from their computer, they will be asked to verify their identity.
The system can ask the attacker to answer a security question, enter an OTP sent via SMS or email, ask them to select their favorite image, or use some other method to ensure identification.
Honestly, given how poorly some people choose passwords (no, s1mpled00d isn't a strong password) and how easy it is for browser-based hackers to get your passwords, it's best to set up two-factor authentication.
For WordPress sites, there are several plugins that you can choose from, which makes this task very easy and fast.
Avoid untrusted sources
This is another point that should be as obvious as the color of the sky (it's obvious, isn't it?), But as it happens in the human world, emotions start to prevail pretty quickly.
You want to deploy a feature quickly, and you'll come across a source that offers exactly what you need – maybe even for free. The demos are amazing, the UX is stunning – what else do you need?! Guess or otherwise steal your password and try to log in from their computer, they will be asked to confirm their identity.
The system can ask them to answer a security question, enter an OTP sent via SMS or email, ask them to choose their favorite image, or use some other method to ensure identity. Honestly, given how poorly some people choose passwords (no, s1mpled00d isn't a strong password) and how easy it is for browser-based hackers to get your passwords, it's best to put two-factor authentication in place.
For WordPress sites, there are several plugins that you can choose from, which makes the task very simple and fast.
This is another point that should be as obvious as the color of the sky (it's obvious, isn't it?), but as is usually the case in the human world, emotions start to prevail pretty quickly.
You want to deploy a feature quickly, and you'll come across a source that offers exactly what you need – maybe even for free.
The demos are amazing, the UX is stunning – what else do you need?!
Not so fast!
Third-party sources can be the source of several unpleasant problems (and most often they are) – they may contain malicious code that steals your saved passwords or credit card data (in a mobile application, the code is malicious and the app can do terrible things!), or they may be poorly protected, thus becoming a weak link in the security of your website after implementation.
And please don't listen to your developer if they say they went through the code and approved it – the security world is extremely skewed, with incredibly clever attacks being uncovered every day (here's an example of how modest serialize()) and unserialize()functions in PHP can be manipulated to allow remote code execution).
Always, always get plugins, themes, libraries, etc. from reliable sources.
For WordPress users, this means sticking to officially available plugins (because they are brutally, strictly tested for code quality and security), and the same goes for other platforms.
Once again, before you feel the uncontrollable urge to grab this plugin and run away, think about the total number of hours you're putting at risk.
Strong passwords
The problem with the" strong " passwords that we have come up with is that they are not secure at all.
With a little knowledge of your personal life and the help of a dictionary attack, the chances of cracking the shell are very high.
The solution?
I recommend using a free and reliable service like LastPass password generator, which lets you choose how complex and long your password should be.
Please take your time with the tool – make it work as hard as possible.
Forget about a password that you can remember – no, those days are long gone.
Passwords that can be remembered are easy to crack.
Instead, scroll through the password generator several times and stop at the one that will make your brain turn.
Here are some suggestions I received (with the password length set to 20 characters):
Yes, a new user is good, but as they say, the road to hell is paved with good intentions?
Update your software regularly
If your shared hosting account provides you with an administration panel that allows you to update your installed software, I strongly recommend that you do so.
What for?
Not because it seems elite,but because new software has been released that pretty much fixes security loopholes found in previous releases (Aha! Now you know why your Windows is so desperate for you to keep updating it).
Please don't take this seriously (or indeed, any suggestion in this article).
It's impossible to tell how many installations, applications, servers, and devices are time bombs because they use old software.
If you're rolling your eyes at this, I'm with you – there's nothing more painful than having to constantly check, test, update, and discard what doesn't work.
But this is a "tax" that we pay for digital infrastructure – our digital properties are much more sensitive and much more powerful than other familiar elements, and therefore require special attention.
Once again, if you can afford it, look into this issue.
Choose a more secure hosting provider
Not all hosting providers are designed to be the same, and in this world of aggressive advertising and affiliate marketing, it can be hard to tell the good from the bad.
So, how do you decide which hosting provider is "better"?
I would like to have a magic criterion, but I don't have one.
Hosting infrastructure is a complex beast, and no amount of ratings, reviews, website design, or customer friendliness can provide a good metric.
But I will say this: if you have any problems, feel free to try something new.
Anyway, I would advise you to stay away from very old, very large companies selling domains and hosting (you know who I'm referring to, don't you?! ;-)) and instead give a chance to some young, hungry companies.
Switching to a safer, more efficient service provider can save you hours of headaches and sleepless nights.
I have a few friends who run content-centric WordPress sites whose website problems disappeared as soon as they took the bold (and painful) step to switch to another hosting service, and there hasn't been a single problem in recent years.
They say little things like a slow website and downtime aren't worth their time, and I think they're right?
Use DDoS protection
The essence of the Internet is that it is a "worldwide network".
Anyone from anywhere can access your site or attempt to hack it.
Even bots.
Now, if out of several thousand visits to your site every hour, 99% of bots are trying to find a way out, you have a problem – not only are these useless requests eating up system resources, they are also consuming bandwidth from your quota.
I know that shared hosting sites claim "unlimited" bandwidth, but believe me, nothing is unlimited.
Even if we assume for a second that they offer unlimited data transfer every month, let's not forget that the physical networks that connect everything have limited bandwidth.
In other words, the number of users your website can serve is limited at the same time, so even if you can have unlimited monthly usage, your site will be very slow or inaccessible to users.
And who wants to visit such a site, right?
Most often, such an attack is organized by an attacker who controls several computers and forces them to visit the target website (as far as you know, your computer is not intentionally involved in such an attack).
The scenario I just described is what is technically known as a distributed denial of service (DDoS) attack, and it remains one of the most frustrating forms of attacks, as it is virtually indistinguishable from the large number of users accessing your Website.
However, some companies, such as Cloudflare and SUCURI, have built superior security systems around them that can intelligently analyze and block DDoS attacks based on past traffic patterns.
Again, this will be too expensive for many people, but then you will have to decide for yourself whether to risk losing your entire business.
Cloud firewall
For those who don't know, a firewall is simply a piece of software running on your computer and network that blocks or allows traffic based on certain rules.
Now it should be obvious what a "cloud" firewall is, but here's a picture that's definitely worth a thousand words?
If an attacker even tries to check for vulnerabilities, the result will be instant blacklisting, making it very, very difficult to hack or destroy the network.
Again, if you think it's expensive, keep the meter in mind!
There are many other things you can do to make moments "safer", but I think if you take this article seriously, you will get rid of 99.9% of potentially embarrassing attacks and hacks.
This is especially true for WordPress users as it is not a very secure platform.
Even if you have a regular website in HTML format, keep in mind that DDoS attacks can ruin the opinion of your users, your hosting provider, and you at the same time.
In other words, only the paranoid survives (there's a great book with that title, if you're interested)!?
Learn how to protect yourself.
Let's face it: when it comes to the topic of web security, most of us prefer to live in denial. "I'm too young to be hacked", "I know I won't be so unlucky", "We'll look into it when I have more time" – there's no limit to what we can come up with to avoid the evasive, tedious work of strengthening your site's security.
Yes, even the thought of creating backups is enough to forget about the problem.
So, what can motivate us to take security more seriously?
Maybe stick information about the world's most destructive break-ins on our walls?
But then my thoughts will be that I'm too small to be hacked.
One idea I think might work is a counter that shows the total number of hours you've spent on your business or your website.
If five years have passed (let's assume that you invest an average of 15 hours a day in the business), this will be 15 x 30 x 12 x 5 = 27,000 hours of effort, which will instantly go down if your site was hacked and all data was destroyed!
Although this post isn't about habits and motivation, I thought a quick discussion was in order.
If this doesn't scare you or motivate you, I do not know what will happen to you next. ?
Anyway, for those who have been scared enough or concerned enough about their security in General, let's move on to what you can do to make your shared hosting account more secure.
Pay attention: this is the shared hosting account we're talking about here, not a virtual or physical server (or even a combination of them).
Independent servers are a completely different ball game, whereas in this post I'm targeting the majority of non-techies whose income depends on digital properties.
Creating (providing) regular backups
It's hard to believe that backups can be security - related, but they are.
Often hacks are so bad that they destroy your data; sometimes malicious code lurks deep at the core and continues to appear (I can't even explain how many times this has happened to me on a WordPress client site!), despite the best professional cleaning.
In such cases, there is nothing better than clicking the restore button: go to the backup that used to work for you, clean the tablet, configure everything again,and import the data back.
What do you have to lose?
Data collected since the backup.
What do you get?
The whole business!
However, there are a few things to keep in mind about backups.
Recovery
Backups don't mean anything if you don't have the conditions for fast and predictable recovery.
Your shared hosting provider probably has a recovery option, but are you sure it works?
And if there is no restore button, do you know how to restore everything?
Over time, you collect huge amounts of data, which can be a problem when recovering.
And then there are other things to consider: database version, software version, PHP version (if you use a PHP site of course), compatibility of these versions, and so on.
Most likely, you don't have the skills or energy to figure it all out.
If you don't, I strongly recommend that you use a management service that will take care of everything for you, even if it may seem expensive to you.
On the other hand, if you are confident that you can handle it, I should ask you to have regular rehearsals (say, every six months) – believe me, no matter how experienced you are, there is always something to stumble over.
If you are looking for reliable shared hosting for creating sites on WordPress, Joomla, Magento that offer daily backups, try analyzing the available options.
Frequency
How often should you make a backup?
There are two things to consider here: the size of the data collected and the criticality of your business.
Let's say you have 40 GB of data needed to run a business.
If you are planning a daily backup, you will use 40 x 30 = 1200 GB or 1.2 TB of data for the first month.
By the end of the first quarter, the data size would have grown to 3.6 TB – no matter where you choose to store this amount of data, a hole in your pocket is guaranteed.
The solution?
Cancel data older than a certain duration.
Now, how long this duration is depends entirely on your business, although in most cases, backups performed twice a week for the last month or two are more than enough.
Even then, the backup bills will be non-trivial, and you'll need to make sure that this is useful data to be backed up, and it's also in a reusable form.
Otherwise, you know the risks?
Enable two-factor authentication
For those who don't know about this idea, two-factor authentication means using a two-step process to verify users before they log in.
What for?
Only because if someone guesses or otherwise steals your password and tries to log in from their computer, they will be asked to verify their identity.
The system can ask the attacker to answer a security question, enter an OTP sent via SMS or email, ask them to select their favorite image, or use some other method to ensure identification.
Honestly, given how poorly some people choose passwords (no, s1mpled00d isn't a strong password) and how easy it is for browser-based hackers to get your passwords, it's best to set up two-factor authentication.
For WordPress sites, there are several plugins that you can choose from, which makes this task very easy and fast.
Avoid untrusted sources
This is another point that should be as obvious as the color of the sky (it's obvious, isn't it?), But as it happens in the human world, emotions start to prevail pretty quickly.
You want to deploy a feature quickly, and you'll come across a source that offers exactly what you need – maybe even for free. The demos are amazing, the UX is stunning – what else do you need?! Guess or otherwise steal your password and try to log in from their computer, they will be asked to confirm their identity.
The system can ask them to answer a security question, enter an OTP sent via SMS or email, ask them to choose their favorite image, or use some other method to ensure identity. Honestly, given how poorly some people choose passwords (no, s1mpled00d isn't a strong password) and how easy it is for browser-based hackers to get your passwords, it's best to put two-factor authentication in place.
For WordPress sites, there are several plugins that you can choose from, which makes the task very simple and fast.
This is another point that should be as obvious as the color of the sky (it's obvious, isn't it?), but as is usually the case in the human world, emotions start to prevail pretty quickly.
You want to deploy a feature quickly, and you'll come across a source that offers exactly what you need – maybe even for free.
The demos are amazing, the UX is stunning – what else do you need?!
Not so fast!
Third-party sources can be the source of several unpleasant problems (and most often they are) – they may contain malicious code that steals your saved passwords or credit card data (in a mobile application, the code is malicious and the app can do terrible things!), or they may be poorly protected, thus becoming a weak link in the security of your website after implementation.
And please don't listen to your developer if they say they went through the code and approved it – the security world is extremely skewed, with incredibly clever attacks being uncovered every day (here's an example of how modest serialize()) and unserialize()functions in PHP can be manipulated to allow remote code execution).
Always, always get plugins, themes, libraries, etc. from reliable sources.
For WordPress users, this means sticking to officially available plugins (because they are brutally, strictly tested for code quality and security), and the same goes for other platforms.
Once again, before you feel the uncontrollable urge to grab this plugin and run away, think about the total number of hours you're putting at risk.
Strong passwords
The problem with the" strong " passwords that we have come up with is that they are not secure at all.
With a little knowledge of your personal life and the help of a dictionary attack, the chances of cracking the shell are very high.
The solution?
I recommend using a free and reliable service like LastPass password generator, which lets you choose how complex and long your password should be.
Please take your time with the tool – make it work as hard as possible.
Forget about a password that you can remember – no, those days are long gone.
Passwords that can be remembered are easy to crack.
Instead, scroll through the password generator several times and stop at the one that will make your brain turn.
Here are some suggestions I received (with the password length set to 20 characters):
- rfg$t^cvwBg@Z0lj0Oxu
- 1sNYhBXrYJ2IW^J$f@Sq
- Plg6#YicW%bh&UzVpp#Z
- f95^*sMm592OwQcg&QZi
Yes, a new user is good, but as they say, the road to hell is paved with good intentions?
Update your software regularly
If your shared hosting account provides you with an administration panel that allows you to update your installed software, I strongly recommend that you do so.
What for?
Not because it seems elite,but because new software has been released that pretty much fixes security loopholes found in previous releases (Aha! Now you know why your Windows is so desperate for you to keep updating it).
Please don't take this seriously (or indeed, any suggestion in this article).
It's impossible to tell how many installations, applications, servers, and devices are time bombs because they use old software.
If you're rolling your eyes at this, I'm with you – there's nothing more painful than having to constantly check, test, update, and discard what doesn't work.
But this is a "tax" that we pay for digital infrastructure – our digital properties are much more sensitive and much more powerful than other familiar elements, and therefore require special attention.
Once again, if you can afford it, look into this issue.
Choose a more secure hosting provider
Not all hosting providers are designed to be the same, and in this world of aggressive advertising and affiliate marketing, it can be hard to tell the good from the bad.
So, how do you decide which hosting provider is "better"?
I would like to have a magic criterion, but I don't have one.
Hosting infrastructure is a complex beast, and no amount of ratings, reviews, website design, or customer friendliness can provide a good metric.
But I will say this: if you have any problems, feel free to try something new.
Anyway, I would advise you to stay away from very old, very large companies selling domains and hosting (you know who I'm referring to, don't you?! ;-)) and instead give a chance to some young, hungry companies.
Switching to a safer, more efficient service provider can save you hours of headaches and sleepless nights.
I have a few friends who run content-centric WordPress sites whose website problems disappeared as soon as they took the bold (and painful) step to switch to another hosting service, and there hasn't been a single problem in recent years.
They say little things like a slow website and downtime aren't worth their time, and I think they're right?
Use DDoS protection
The essence of the Internet is that it is a "worldwide network".
Anyone from anywhere can access your site or attempt to hack it.
Even bots.
Now, if out of several thousand visits to your site every hour, 99% of bots are trying to find a way out, you have a problem – not only are these useless requests eating up system resources, they are also consuming bandwidth from your quota.
I know that shared hosting sites claim "unlimited" bandwidth, but believe me, nothing is unlimited.
Even if we assume for a second that they offer unlimited data transfer every month, let's not forget that the physical networks that connect everything have limited bandwidth.
In other words, the number of users your website can serve is limited at the same time, so even if you can have unlimited monthly usage, your site will be very slow or inaccessible to users.
And who wants to visit such a site, right?
Most often, such an attack is organized by an attacker who controls several computers and forces them to visit the target website (as far as you know, your computer is not intentionally involved in such an attack).
The scenario I just described is what is technically known as a distributed denial of service (DDoS) attack, and it remains one of the most frustrating forms of attacks, as it is virtually indistinguishable from the large number of users accessing your Website.
However, some companies, such as Cloudflare and SUCURI, have built superior security systems around them that can intelligently analyze and block DDoS attacks based on past traffic patterns.
Again, this will be too expensive for many people, but then you will have to decide for yourself whether to risk losing your entire business.
Cloud firewall
For those who don't know, a firewall is simply a piece of software running on your computer and network that blocks or allows traffic based on certain rules.
Now it should be obvious what a "cloud" firewall is, but here's a picture that's definitely worth a thousand words?
If an attacker even tries to check for vulnerabilities, the result will be instant blacklisting, making it very, very difficult to hack or destroy the network.
Again, if you think it's expensive, keep the meter in mind!
There are many other things you can do to make moments "safer", but I think if you take this article seriously, you will get rid of 99.9% of potentially embarrassing attacks and hacks.
This is especially true for WordPress users as it is not a very secure platform.
Even if you have a regular website in HTML format, keep in mind that DDoS attacks can ruin the opinion of your users, your hosting provider, and you at the same time.
In other words, only the paranoid survives (there's a great book with that title, if you're interested)!?
