Posted at April 3, 2018 at 1:05 pm by Ylber Popaj
With massive data breaches hitting the world’s largest brands, website owners may often wonder how well they’d fare against online threats: “If global corporations are having trouble keeping up with web security, how could I stand a chance?”
Fortunately, online security isn’t restricted to the wealthiest, most high-traffic sites. Web hosting companies protect themselves and customers by locking down every possible aspect of their infrastructure and clients’ environments. Here are some of the most common tools reputable hosts will offer customers:
Fortunately, InterServer includes all the above with its standard shared hosting plan. All but the SSL certificates and backups are part of the company’s five-prong InterShield security platform, which was introduced less than a year ago. Here’s more information on the features used to protect site owners, their sensitive data, and their online properties.
Slightly different from firewalls that filter traffic to and from networks, web application firewalls (WAFs) introduce specific requirements for visitors to communicate with a host’s servers. WAFs are tailored to protect particular vulnerabilities common in the programs used to operate and manage web hosting environments.
Experts behind many InterServer reviews praise the company for the all-hands-on-deck approach the company takes with security. Co-Founders Mike Lavrik and John Quaglieri still oversee the InterServer datacenters, including network security. The company enables the open-source ModSecurity web application firewall to add another layer of protection for its customers.
InterServer’s web application firewall is particularly focused on preventing cross-site scripting and SQL injections, two common vectors where attackers will inject code, execute scripts, or compromise databases within a hosting customer’s website environment.
In addition to inspecting and filtering the traffic coming to and from the company’s servers, Interserver’s standard shared hosting plan includes the file uploading and script scanners that prevent malicious code or programs from entering a customer’s web environment.
Website owners can unknowingly upload files that contain malware, a broad term that covers the range of unwanted or dangerous code. To avoid that, InterShield will scan every uploaded file for certain detectable characteristics of malware. InterServer regularly updates the scanners to account for the rapidly changing threat landscape.
Similarly, InterServer will inspect the various scripts running on its servers for signs of malicious attacks. Scripts are essentially behind-the-scenes programs that automate various tasks that make websites more visually appealing or quicker to load. The company constantly scans servers, looking for any malicious scripts that could compromise website performance or security.
Given how quickly attackers can adjust their methods of infiltrating a web hosting server or unsecured website, hosting providers need to remain constantly vigilant to the trends and behaviors of those criminals.
InterServer maintains a constantly evolving database of more than 155,000 examples of malware scripts, documenting each specific malicious signature and making them easier to detect and turn back. What’s more, the company transparently reports real-time information on the malware InterShield finds.
Shared hosting customers are particularly vulnerable to malware, given the audience’s general lack of technical expertise and not being aware of the best security practices. What’s more, with so many customers sharing a server, multiple users can fall prey once an attacker gains access to one compromised website. InterServer recommends that shared hosting customers remain vigilant and active when it comes to updating the software components they install — this includes WordPress, eCommerce shopping carts, plugins, and other services.
Although most people think of phishing and Nigerian princes when it comes to threats to email security, secure and protected communications can have a major impact on shared hosting web performance. Accounts discovered to be sending spam or bulk emails may get a server listed on a blacklist, which blocks the delivery of all emails sent from that server or IP address.
With many hosting customers sharing server space, email security is incredibly important — if one account gets blacklisted, hundreds of innocent users can no longer trust that their communications are reaching recipients. Those effects can be devastating for any site owner, but they are especially harmful to businesses relying on email marketing to build and reach their audience.
InterServer guarantees email delivery by checking the content of outgoing email messages against a database of known spam signatures. The characteristics of spam content listed in the database are updated in real time to stay ahead of malicious senders. Unusual or dangerous activity from an account will likely trigger rate limits or sending quotas, or perhaps that user will be blocked from sending outgoing messages.
Included free of charge with every InterServer shared hosting plan, automated weekly backups protect your data in case of an attack. The company keeps at least three copies of site owners’ archived files for at least 60 days, giving customers peace of mind that their data will remain protected in the event their server or environment is compromised.
Additionally, the company’s storage (driven by much faster solid-state drive caching) is assembled in a RAID-10 configuration for added redundancy. RAID-10 arrangements require at least four storage disks and combine disk mirroring and striping to protect data; as long as one disk in each mirrored pair is functional, site owners’ data can be recovered.
Separate from the InterShield protections, shared hosting customers can enjoy free access to SSL certificates. The perk actually relies on the more secure TLS protocol that uses HTTPS to privately and securely transfer data between a web server and a visitor’s browser. The difference between SSL vs. TLS protocols isn’t terribly important for most shared hosting customers, but the important feature signals to potential customers that your site is trustworthy and secure.
SSL certificates are becoming increasingly critical for all site owners and small businesses, as Google and other search engines give special SEO and user-interface treatment to websites using the secure connections.
Last on our list but among the newest InterServer security measures is limiting the actions website code and scripts can take when running on a server. Built with WordPress in mind, the company’s new PHPmmdrop feature prevents code from changing or uploading files and running processes.
Extra protections associated with WordPress websites can be especially beneficial to shared hosting customers who are less likely to understand website security and maintenance. Although the frequently updated WordPress Core is inherently secure, many attackers are able to gain access through poorly coded or outdated themes and plugins. Once the vulnerability is discovered, attackers can add code that compromises the website with malware. PHPmmdrop takes away that threat by restricting file uploads to only the approved administrative users when they’re logged in.
As you can tell, top-notch security is not limited to high-priced hosting or to those who know the ins and outs of technical configurations and web servers. At InterServer, customers can rest easy with the above features handling all the legwork of protecting your data.