Major Web Hosting Hazards You Should Take Seriously

Israel is at a crossroads when it comes to cybersecurity. The boom in IT start-ups and e-commerce means that the country is quickly gaining market share in these areas, but the sheer speed at which these sectors have grown is creating its own problems. 

Specifically, whilst both companies and individuals are keen to embrace new technologies, the knowledge of cybersecurity practices and tools remains fairly low. It is for this reason that some have worried that Israel’s cyber-boom is, in fact, a cyber-bubble that could burst in the wake of a major cyberattack.

At the state level, Israel is already taking action in this area. Following a cyberattack on the oil sector earlier this year, America retaliated against Iran with a cyber attack. It’s also been widely reported that the IDF is investing in cybersecurity. Businesses and individuals should follow their lead.

One of the most important aspects of cybersecurity is the mechanisms you have in place to protect your website. Websites are one of the most vulnerable parts of your IT systems, in part because they are the most publicly accessible. Though the best web hosts provide you with tools and systems to protect your website, you also need to pay attention to several other factors when it comes to web security.

In this guide, we’ll look at three of the most important: shared vs. dedicated hosting, updating your site’s PHP software, and preventing DDoS attacks.

1. Shared Hosting

When it comes to choosing a webhost, one of your primary decisions is whether to use shared or dedicated hosting. Shared hosting is a model in which many websites are hosted on the same server, and providers who work like this can be significantly cheaper than ‘dedicated’ providers, in which your website is the only one stored on a given server.

Unfortunately, shared hosting can also represent a security risk. Some shared hosting providers are better than others when it comes to security, but you should avoid those that host dozens (or even hundreds) of sites on one server. If this server is compromised, there is the potential that every single site stored on it is also compromised.

Another approach is to compare VPS hosting plans, which cost more but significantly boost your security above that of shared hosting. It is still a little cheaper than fully dedicated hosts. If you’re engaged in ecommerce or have a site where it would matter if it got hacked, investigate the VPS option and the $20 to $40 monthly price tag.

2. PHP

PHP is a computer language that provides pre-processing for the HTML code that websites are written in, and 80% of websites rely on this language. As a website owner, you don’t really need to worry about the technical details of how PHP works, or how it can be updated for your website. 

You should, however, get an assurance from your web host that they are running an up-to-date version of PHP. At the beginning of 2019, security support for the last version of PHP – 5.6 – was withdrawn. That means that every site running on PHP 5.6 (or earlier) no longer receives any security updates. 

Despite this, webhosts have been extremely slow to update their systems. According to Threat Post, about 62 percent of all server-side programming websites are still using PHP version 5. This means that hackers suddenly have a huge opportunity because 60% of websites are no longer protected.

In short, check that your webhost is using PHP 5.7 before you trust them with your site.

3. DDoS Attacks

A longer-term problem for website owners is the risk of DDoS attacks. Distributed Denial of Service (DDoS) attacks are a form of attack where a hacker directs millions of requests to a particular web server, which is then swamped and unable to respond to legitimate requests.

There is some evidence that DDoS attacks have decreased in the last year, but that doesn’t mean that you won’t be affected by them. Again, the best web hosting providers are able to give you details about the systems they have in place to counter this type of attack, and is able to show you statistics on the number they have defeated.

Protecting yourself against DDoS attacks is particularly important for those using WordPress, which is still most of the internet. That’s because of the sheer popularity of this framework means that it attracts DDoS attacks. That’s why DDoS protection features prominently among the recommended WordPress security practices.

Secondly, as your business grows you may link further marketing and outreach systems to your website. These can include email marketing systems, business texting systems, or simply social media feeds. This can be useful for encouraging engagement with your customers, but also represents another “attack surface” for DDoS attacks. That makes it even more important that your web host can give you protection against them.

Don’t Stop There

Choosing a webhost that fulfills all of the above criteria should be one of your first priorities when it comes to starting an online business. However, you should also recognize that good web security requires constant vigilance in order to be effective.

After you’ve built your website, for instance, you should immediately take some basic steps to protect your site from hackers. Following this, you should monitor all of your systems for the signs of a malware infection, and check for any signs of unauthorized access.

Ultimately, businesses in Israel cannot afford not to take cybersecurity seriously. The cost of a hack – in monetary terms, but also with regard to your reputation – can easily sink a business. Getting your web hosting in order, in the ways we’ve shown you above, is the first step.

About the Author
Sam Bocetta is a technical writer focused on network security and open source applications. He writes for a number of security publications, including CSO Online, Tripwire, EC Council, and others.
Related Topics
Related Posts