Your website is under attack right now.
How do we know? Because all public facing websites are constantly being probed by hackers looking for vulnerabilities, night and day. Take our site as an example – here’s a log that shows the times a robot (bot) was blocked from accessing our WordPress login page during a randomly-chosen one hour period.
And that’s just our own website: it’s the same story for every website on the web, all the time. WordPress sites, Drupal sites, small sites, big sites: hackers target everything. This may all sound scary, but rest assured, at Port 80, we have ways of fighting back.
An Ounce of Prevention…
First, we use firewalls at various levels to control access to the server. The first level firewall ensures we only accept requests that come through certain entry points, called ports.
At higher levels, we use firewalls to examine the requests made to the sites on our server, and block those that appear malicious. This can be tricky since we also need to allow legitimate access to the site, so these firewalls are more sophisticated than the one at the first level.
Another way we protect our server and its sites is by keeping all software up to date. All software, no matter how well tested, will still have bugs and security holes when new versions are released. The trick is to find and patch these holes before the hackers discover and exploit them. We leave that part to the security experts and software developers. On our end, we update everything on a daily basis.
When we say software, this includes everything from the operating system (e.g. Windows or Linux), the server applications that run the website (e.g. web server and database), as well as the software running the sites (e.g. WordPress, Drupal or other CMS).
Knowledge is Power
How do we know that we’re under attack? A clever hacker can compromise a site without ever leaving any clue. Well, we use software that constantly monitors our server and send us notifications. These alerts can come from server, if for example, there has been a a large and sudden increase in traffic. They can also come from the firewalls running on our sites to warn us of an increased number of login attempts.
We also use uptime monitoring services to notify us if any of our sites become unavailable, which can indicate an attack. Another way we monitor security is via logs, which keep detailed records of what’s happened on our sites and server. We have services running in the background that watch these logs and alert us based on rules that we set-up.
Finally, we receive periodic reports summarising the server activity, allowing us to deal with new lines of attack and update our rules accordingly.
Hope for the Best, Plan for the Worst
Despite best efforts, even the most secure and up-to-date server can still be exploited. This could be by hackers who discover a vulnerability before a software update is released, or who correctly guess a username / password combination.
Once a site has been hacked, it’s game over. We have no way of knowing exactly what the hacker did, and therefore, can’t be sure of undoing all the damage. All is not lost however, since we take nightly back-ups of our server, sites and databases. We store the back-ups at an off-site location just in case something goes wrong with the server or our hosting company.
So if a site gets hacked, we can roll back to its last known clean version. This means losing any changes made since the time of the back-up, but that’s a small price to pay for getting your website back, hack-free.
Is There Anything I Can Do?
There are a few things all webiste owners should do to protect their sites. The first is use hard-to-guess usernames and passwords. When trying to break into a site, bots first try obvious usernames like admin. So even your first initial / last name is a good place to start.
The same goes for even more so for passwords. Ideally, they should much harder to guess and comprise random characters including upper and lower case letters, digits and punctuation.
The other thing you can do is choose the right web hosting company! Large commercial hosts may have a basic firewall and keep their server software up to date, but that’s about it. They won’t keep your site updated, won’t monitor your site for hack attempts and most don’t offer back-ups.
If you’re a Port 80 Premium Hosting customer, we take care of all of this for you. And if you are not, and are worried your site isn’t getting the protection it needs, contact us – we’d be happy to have you aboard!