Author Archives: Matt Lundstrom

Matt Lundstrom

About Matt Lundstrom

Matt Lundstrom is the Founder and CEO of GlowHost.com, Inc

Website Software Updates for Dummies

Welcome to The Internet, a platform that allows the exchange of information and ideas. Most of the world connects to The Internet, so clearly it’s trusted. But is it safe? Well, the short answer is – it depends. You see, there are countless millions of websites, and many billions of web pages that need constant monitoring to protect them from spam, malware, and the bad guys who look to do harm to these pages. That’s where you come in, the ever vigilant webmaster constantly on the lookout for devilish hackers and armies of bots who just want to tell you about the latest pill. It’s up to webmasters like you to keep your websites safe for anyone who comes across your pages using tools and methods available to you such as software updates.

Take this write up as a utilitarian asset to help you better understand securing your websites by keeping them up to date. You may think you know a lot about this stuff, but stick around. You might learn something new.

Web Hosting Basics

Web hosting is a service which allows individuals and companies to establish a presence on The Internet. Simply put, you’re renting online space on a computer, more commonly known as a server. This online space allows visitors to view your websites in their web browser. With the introduction of control panel software such as cPanel and Plesk, the days of setting up your own server with complex configurations are over. Anyone can have a website up in a matter of minutes.

Web Hosting Terminology

You may want to familiarize yourself with some of the terms commonly mentioned in web hosting. These are important since the way you secure your website would depend on how it’s hosted.

Shared Hosting: The most common form of hosting since it’s the most cost-effective, you’ll usually share a single server with hundreds of other neighboring websites.

Virtual Private Server: Similar to a dedicated server, everyone on this type of service would be running their own operating system and software. Virtual servers offer higher levels of isolation compared to Shared Hosting, but most VPS all share a single dedicated server and generally share a central kernel.

Virtual Dedicated Server: Different hosts use this term interchangeably, but since GlowHost was one of the first hosts if not the first to use this term, I’m going to give you our definition. A VDS is similar to a dedicated server, where everyone on this type of service would be running their own operating system and software and each has it’s own unique kernel for maximum customization. A VDS, sometimes referred to a Virtual Machine (VM) or Virtual Environment (VE), offers the highest levels of isolation compared to Shared Hosting or VPS. Virtual Dedicated Servers from GlowHost are unique in that they live on a cluster of dedicated servers compared to a VPS which lives on just one dedicated server. A VDS will remain online if a single server goes down, in fact, our VDS can sustain multiple down servers without being detected. A simple VPS will be offline if there is a single dedicated server failure or overload.

Dedicated Server: True hardware isolation exists only for dedicated servers. Nobody but yourself will have access to the physical resources of dedicated hosting services.

Collocation: The hardware that you use to host your sites, such as physical servers and firewalls would be supplied by you, then shipped to and racked at a datacenter. You pay for electricity and bandwidth, as well as “remote hands” to make physical changes to your hardware or network that are required to be done on-site.

Now that we’ve covered the basics in hosting terminology, let’s switch gears and jump right into websites and how to keep them safe.

The Problem With Websites

While It may come as no surprise to some webmasters, the ugly truth is websites do get hacked. Regardless of the platform, software, or security tools you use, all web pages accessible to the general public which are powered by PHP or other scripting languages will eventually need updates to keep them secure. This puts webmasters in a difficult position to constantly monitor and maintain their code. Everyone is a target here.

How Websites Get Hacked

Much like an elaborate machine with many moving parts working together, something only works as well as its weakest component. A weak password, outdated PHP file long forgotten, or a public facing page that allows an individual to upload PHP files would all qualify as a weakness in security. These are all targets sought after by would-be hackers. In many cases, detection of these weaknesses are performed by automated scripts or applications (called robots). The robots scour The Internet, and subsequently attempt to exploit a site until they find a way in.

Why Websites Get Hacked

The goal of hackers is to gain unauthorized access to your website or server, and to valuate all data and resources after access is achieved. There are many incentives and reasons why websites get hacked. Each reason would depend on who’s hacking your website, what their intents are, and the type of data they discover. Below are only some examples:

  • Farm user data in order to sell or use for social engineering attempts
  • Gain access to privileged information not available anywhere else
  • Build a powerful botnet that may be leveraged for further attacks
  • Use server resources for cryptocurrency mining
  • Setup phishing pages such as bank account, email, and social network website logins
  • Deface your website, send spam, or build links to other websites
  • Gain bragging rights among their circle of hacker friends

The Solution To Website Hacks

The cause of websites getting hacked are often attributed to negligence or leaving unprotected code accessible to abusive scripts. There is no such thing as a fully secure website, however you can certainly mitigate your risks substantially by having good practices. The guidelines below will help you achieve a moderately high level of security in most circumstances.

Stay Updated: When your website is running open source PHP scripts such as WordPress and Drupal, you will have to update your website regularly as new modules and plugins are released. Many (like the ones mentioned) will automatically update, or give you a simple interface to perform essential security updates within a few clicks. If a webmaster simply misses an update, they would be prone to threats such as zero-day exploits or other attacks due to old code.

Protect Passwords: An obvious rule here, but one that cannot be stressed enough. Storing passwords in plain text files, unencrypted in the database, or even on a piece of paper and dropping it in some public space would open you to threats far worse than what some automated bots could do.

Encrypt Traffic: Ask your host about SSL since many web hosts already provide this essential service. Not only will SSL secure data sent to and from the server your website is housed on, but it will also build trust among your visitors. Not to mention, Google will bump you up in search results since Google now considers website security as part of their ranking algorithms.

Install Security Plugins: Specifically, we mean plugins/modules from open source scripts such as anti-spam tools, brute force login protection, and managed blacklists. If your web host supports the script you’re running, it’s likely the plugins you find and install will work without any issues. Be conservative here as many plugins could be developed that do the same thing. Conflicts are easy to encounter in this area, and many plugins are poorly coded which can make your web site slow to a crawl.

Webmaster Responsibilities

Regardless of how you secure your website, you should always bear in mind that your web hosting provider is not responsible for maintaining your website’s code. They already take care of the complex items behind the scenes such as patching the server’s kernel, isolating customer accounts on shared services, managing mod_security rules, maintaining an elaborate firewall, and the list goes on. You are responsible for keeping up to date with your website updates.

Even with the responsibility falling on your shoulders to maintain your website’s security, you’re not in this fight alone. Your web host will still provide you with the best tools in the industry to deal with these challenges. Such tools may include applications like Softaculous which may help keep your website up to date automatically (some scripts), regular backups (a definite must have), and a support team which should always be standing by to help you with any questions you may have.

Questions To Ask

Up to this point, you might feel like you’re alone and would otherwise have to contract third-party help to secure your website. That’s not always the case, and your web host may offer other services beyond hosting. Here are some questions you should ask your web host if you’re ever in a position where you need help:

  • I’ve been hacked, do you have backups available?
  • Do you offer a website maintenance plan to keep my website up to date?
  • Could you help me repair a hacked website?
  • I need help securing my website.
  • Do you offer deals on third-party security services such as Sucuri?
  • Can you explain how I can set up CloudFlare?
  • What security measures are in place for the server I’m on?

There are many questions you could ask, but this should serve as a good quick-starter.

Test Your Website’s Security

As a measure of good practice, once you’re all secured and ready to take on The Internet, run some security audits. There are an infinite amount of ways to hack a website. Fortunately, that leaves another infinite number of ways to test a website’s security. The simplest approach here is to leverage a third-party scanning service such as Sucuri.

For A Safer Internet

By following good practices explained in this article, you will be helping to create a safer Internet for everyone. Your web host will already have taken the security measures at the server levels, so be sure to take charge of your website updates at the script level.

Talk to a professional

We have a team of security professionals available to help with any questions or concerns you might have regarding your website/business’ security.  Call us today for a free consultation at 1-888-293-HOST (4678).

How Much Should a Domain Name Cost?

Close your eyes and imagine this scenario.  Okay, don’t close your eyes, because you  need to read this!  Imagine: you have an incredible idea for a website. You are excited and ready to put it out there for everyone to see, so you begin the process. The first step is to find the perfect domain name. You check to see if it’s available – it is!  Now you can buy the domain name and plan the perfect website. But what will a domain name cost?

Domain names in the past

There are a few factors that play into domain name cost.  Several years ago, we saw the emergence of domain name speculators.  You might be thinking to yourself, “What in the world is a domain name speculator?” When the internet became more prominent in the homes of everyday people, speculators tried to buy up domain names. They thought these names would be popular. This hope of selling the names to companies in the future meant profit.

For example, you might purchased a domain name, or dot com, for something simple like love. Down the road, a dating service that wants that domain name, will pay good money to get it.  Sometimes, speculators sit on a domain name for years before they make any money. However, sometimes the domain names are a bust.  It was a gamble many people are willing to take and had potential for high pay out with little risk.

Domain names now

Since the Internet Corporation for Assigned Names and Numbers (ICANN) added top-level domains for every country (.au, .us, .uk, instead of just .com), you started to see a decline in domain speculators. ICANN now even allows companies to create their own top-level domains – that’s why domain names don’t always end in .com or country codes anymore.  If you sell vintage postcards, your domain name could be vintage.postcards. If you are loaded and have about $200k laying around, you can do something like what Barclays did, which is register their own TLD – Check out Barclays site at http://home.barclays

Many others are in the works such as .app, .bank .mom and even .family domains. With so many options, you probably won’t be hunting down the owner of a domain name and negotiating a high-priced deal to buy the domain name you want. The exception to the rule is that many people, including myself believe that .com is king, and those domains seem to rank better in search engines currently, and for those two reasons, they might be worth paying a premium for, especially if is a a very good, short and easy to remember name, like pizza.com for example. I wonder how many offers that guy refused hoping to squeeze every penny out of that domain? Surely every pizza chain in the country has proposed to him by now.

Where does that leave domain name cost?

How much

Typically, you can expect to spend $10-15 dollars a year for domain name cost.  Why a recurring fee?  You pay a registrar to register your domain name for you, and the recurring fee is simply like any registration fee.  Sometimes, you can purchase up to 10 years of registration for your domain name up front.  If you know you’ll have your website for a long time, this is a good idea, because it locks in your monthly fee for 10 years.  This protects you in case prices rise, and keeps you from having to worry about renewing every year. When it’s time to renew your domain name registration, your registrar will typically send you a notice, but if you don’t renew, someone else might scoop up your domain name. Make a calendar reminder so that you do not miss the renewal dates, just in case!

As you can see, domain name fees aren’t something to fret over anymore.  You can expect to register your domain name at a reasonable price, plus, you can customize it how you would like.  You might spend a few sleepless nights coming up with the perfect domain name that aligns with your brand, but you shouldn’t waste time dwelling on the price! If you have questions about domain name registration prices, contact your favorite web host.  Often, your web host can register your domain name for you, saving you a step with the added benefit of one-stop shopping and a single bill, and single service provider to manage your hosting and domains from. Once you have your domain name registered, you can focus on getting the site built and making those millions, yeah buddy!