This morning we had an email asking about setting up a secure web site.
[note color=”#a5f0fc”]I want to set up my own private “cloud backup” because the one I bought into and set up was a big ripoff and I’m pissed at them. My problem is that my own websites are not secure, get hacked, etc.
I wondered if I bought a SSL certificate, would that make one of my domains hosted with you be totally like Fort Knox or just no difference at all, except more outgo (expense) for that particular domain.
Is there ANY solution to get super safe online storage whatsoever? [/note]
There is no such thing as a totally secure web site. As far as that goes, there is no such thing as a totally secure server either. This applies to everyone everywhere. Always. The only computer which is totally secure is one which is OFF.
Having said that, it is quite possible to have and maintain a web site which can be characterized as “safe”. You only need to do a reasonably good job of security and it is extremely unlikely that you will ever get hacked. The miscreants who do these things don’t need to go to great lengths to find exploitable web sites. If you just make it hard for them, 99% of the time they will simply move on.
Your web sites do seem to get hacked at a greater rate than our other customers. I suspect that this is because you buy and install so many php scripts.
It is the basic nature of PHP that it is insecure. If you simply write code, it will be vulnerable. Having written it you need to go back and with a very sophisticated understanding of how compromises are engineered, bullet proof it. 99.9% of amateur programmers lack a sufficient understanding of security to do this.
Probably more than 50% of professional programmers lack the skills as well. It’s hard. Take Word Press as an example. It is written by the best. Yet every few months new vulnerabilities are found in it.
Since the advent of broadband and computers typically always on, the number of computers connected to the Internet which are (in varying degrees) compromised is presently estimated to be about 35%. In other words, more than a third of those machines is compromised. The people who do these things have gotten very good at it. The basic problem is that the design of Windows operating systems is flawed regarding security. Attempts to make it and keep it secure are band-aids after the fact.
You need to use a very high quality virus scanner and keep it running. Because scanners use signatures to identify viruses and new ones appear constantly, it’s not enough merely to have it running. You can get infected with a new one not yet in the database. This is why you need to periodically run scans, to pick up what may have slipped through.
Did you have in mind to use your account with us as an online backup solution? Is that what you meant by “cloud backup”? This is against our terms of service. TERMS
With 5 copies of everything and the use of very expensive servers to provide fast web site service, it’s ridiculously too expensive to be used that way. We can provide such space if you really want it, but have to charge for it separately.
Consider buying yourself a hard drive with a USB interface for backups. Unplug it and it meets the OFF condition I mentioned above! It’s also faster and easier than an online solution.
Super long and complex passwords only provide slightly better security than one which simply has: upper and lower case; a number; a special character (like ‘#’). Don’t waste time on this. An 8 or 9 character password which meets those conditions is fine.
An SSL certificate merely encrypts traffic to and from a web site. It is a significant improvement in security to log in and administer back-ends using SSL. But this is not the basic problem. If there is a vulnerability in a program or script, it is as easily exploitable over an SSL connection as over one not encrypted.
My guess is that more than 99% of site compromises I see are done using kiddie scripts. A kiddie script is an attack script to exploit a particular vulnerability in a particular set of scripts. They are downloaded and used by people who have no idea how they work.
If you pay basic attention to security and keep your scripts up to date, your chances of ever getting compromised are very low.