Web Hosting Hacking Events
Hackers are very active at the moment. Many popular services have or being attacked which caused huge loss to both service providers and clients. In any case, the online security protection should be treated seriously for every operators.
Hacking issue in web hosting
All recent hacking events are related to the UGNazi group. The team cracked the popular web hosting billing software WHMCS and hacked into the system database. they gave WHMCS' web hosting provider admin credentials, and was able to gain access to its hosting account, change the email and then request a mailing of the access details. Some sensitive materials like credit card information are in high risk. It's said there might be up to 500,000 client records have been leaked.
Another hacking from UGNazi is to the popular CDN service cloudflare. Facebook seems also included in the hacking list. The FBI has got into the urgent research and arrested one of their members, but the hacking never stopped! The events simply showed us how insecure the internet is. In order to protect our privacy, it's always recommended to set good surfing policy to ourselves.
How to protect account privacy?
No matter if it's for web hosting account or other login account, since it includes our sensitive information, we should always secure it as possible as we can. Generally speaking we can deploy the following to protect it.
- Set a strong password and change it often.
- Keep the password at a safe place where you have access to only.
- Restrict the login to your account, we can apply IP restriction and number of login attempts to avoid potential hacking.
- Do not login from a public computer and always scan your computer virus.
if we can follow above strictly, our accounts would be pretty safe. Of course there're many more methods to secure our online accounts, just do everything you can to protect it.
How to secure your website?
Website hacking would be the most well known issue on the web. How to protect the sensitive info on our website? We can apply all above rules for account protection, plus we can add the following for website purpose.
- Contact web developer and optimize the coding and fix potential security leak.
- Secure the site using SSL if you're operating an Ecommerce site.
- Password the directory where contains your private data
For nowadays web development, we always use some popular CMS software like joomla, wordpress and drupal etc. For this concern, it's always recommended to sign up their official website newsletter so we can get the security update in time. For wordpress, we have prepared following especially.
- Replace the default secret keys in wp-config.php file. We can get a set of random unique keys by visiting this URL directly.
- Change the default admin user to something else other than "admin". The methods and related tips can be found on this wordpress sql queries article.
- Configure wordpress firewall. There's a plugin called "wordpress firewall 2" developed by Matthew Pavkov. When someone trying to hack into your wordpress site, it will send your email notification so we can take actions!
- Add the limit login attempts plugin. The purpose of this plugin is to lock out the person from login trying if they have typed wrong id/password for several times.
- Keep the wordpress core and plugins up to date.
Is that enough? Absolutely no. Because no matter how we secure the site, it's acually being served on hosting server. That means the hosting server security is the most important. We should always keep in touch with the hosting support for any security leak. At the meanwhile, get a quality and secure web hosting is pretty essential to block any potential attacking or hacking.