Secure Cloud Hosting : Tips for Websites

Some readers are complaining that we are only writing on SSL stuffs! Cloud and Photography is becoming faint! Not really, actually we are also busy in the process of front end optimization. Here is a handy checklist to ensure secure cloud hosting on Public Cloud for the websites. Security on cloud means divided responsibilities. Six Steps for Cloud Security is our personal favorite article. When we are talking about a Website on Cloud, more points should be considered. The hosting security is guaranteed if you have the foresight to adopt some strategies to manage the account and the whole Web site. Nowadays, even the Shared Hosting providers use OpenStack based platform. They can be well performer than before, but must carry more risk.

 

Secure Cloud Hosting : Tips for Websites

 

For the most users, relying on a provider for a shared hosting service is synonymous with disregard for a secure hosting, because you are convinced that such an element and configurations appropriate to ensure the safety of the account and are a burden on the provider.

The activates of a shared hosting does not care too much about what might happen to the site and the files stored online if it becomes the victim of a hacker’s attack. If the hypothesis of an attack become real, you are likely to find yourself with a nasty surprise and proceeds to the provider asking for helps that sometimes returns quite odd responses.

If it is true that the most of the incumbency regard to safety is the responsibility of the hosting provider, it is also true that the users can still seriously jeopardize the integrity of the service with some misconfigurations and risky behavior, thus transforming their account to a security breach capable of jeopardizing the whole activity of the other users of the server and hosting to the fullest. Preventing this from happening is the job of the security team of the hosting provider. In short, the security issue is therefore a responsibility which is jointly held by the provider and the user.

In fact, the hosting security is guaranteed if, together with the work of the provider, the user follows some basic rules, easy to apply and simple to understand. Thus, there are some things that you can put in place to avoid becoming a victim of cyber attacks unleashed by hackers of the Net.

 

First Step to Secure Cloud Hosting Tips for Websites is To Diversify Password

 

Many people have the bad habit of associating the same password on different aspects of the management of a hosting, such as FTP access, SSH access, access to control panel, access to the configuration of email, access the management of the database, access to the backend of the CMS and so on. The first rule to be applied is very simple – diversify password. For each type of access associated with your hosting, whatever it is, it is helpful to set up a unique password, which is dedicated to a single service. In this way, if a hacker manages to steal an access key, he/she is prevented from moving freely between different accounts of different services, thus improving the security. Passwords must be longer and complex enough to avoid easy detection and none of the files stored on the hosting must contain these passwords, especially those have administrative panels like cPanel.

 

apt-get update && rm -r not-useful*

 

Always discard everything that is no longer useful. Sometimes, this is the most difficult advice to follow, because by the time we forget the file abandoned which is no longer in use. For this reason, it is important to carry out a periodic inspection on the files unnecessary to operate the site and remove them. The same applies to the unused scripts, which are often the target of hackers to get access to the control account. The maintenance and cleaning of the site must also go through the deactivation of all accounts ( email , FTP, etc.) which are still active, but that are no longer used by anyone, as they may be forced and used by unauthorized persons.

Whatever the applications are integrated into the website (CMS, chat, forums, etc.), you must always be sure that these are installed at the latest version, updated especially with regard to safety aspects. We must avoid waiting for automated update prompts i.e. by checking the availability of new security patches and updates directly from the official sources.

/root can be a dangerous place with executable scripts. Public directories must not have any executables. File ownership of Public directory must be enough tight. No compromise should be done to bargain security with ease – we should not chown ownership to only www-data or chmod to 777 the core files like /etc/nginx/sites-available/default in Nginx, just because W3 Total Cache in WordPress needs it to be writable. Changes must be done manually. With default settings, Nginx and WordPress has enough good ownerships and permissions. Some not useful files of a web software like WordPress, like the HTML file must be deleted. Forms, better to avoid except on special pages. Can you see any form on this webpage except the search field? No. That Google search form can not do a SQL injection. It is possibly a bad idea to have a self hosted form particularly on WordPress with any cache plugin.

Webmin, PHPMyAdmin must not be on the same server.

 

Give Attention To CMS, CDN and Code (C3)

 

Any CMS such as WordPress, Joomla, Drupal, Magento, Prestashop are very popular for the ease, which enable anyone to manage any complex website. This popularity, on the other hand, is also their disadvantage. In fact, these platforms are often a favorite target for the hackers that are facilitated in the attacks, because the majority of installations allows to reach in an easy interface for access to the administrative backend and also because the prefix of the tables used in the database are always the standard ones.

In addition, many CMS expose the themes and plugins used by the user and these, together with the standardization that CMS aim to make life easier for the users, becomes an instrument for facilitating the intrusion of the hacker. Script Kiddies, novice hackers can practice on a Live website. When working with CMS, therefore, must follow some precautions to guarantee the secure hosting.

Scripts, in general and Java applications enable the developers to create custom functions and thus make the Web much more interactive. Thus, it is not advisable to use the script, as it is important to monitor them and keep them under control, always make sure they work in accordance with originally they do. Sometimes you just need to make sure that they are updated and protected from hacker attacks.