Round Tale

(The Hosting News) – HostingArmor.com, a Florida based Internet security company, announced the launch of its website security scanner. Supported by the Nessus scanning engine, HostingArmor provides site owners with a simple and cost effective way to understand their server’s security vulnerabilities.

“I’ve seen, time and time again, situations when website owners will assume that their hosting company or their webmaster keeps their server patched and up to date and secure against web application vulnerabilities. All too often this is not the case. The problem is, most site owners know and understand how to run their business, but know very little about maintaining secure servers”, says Sean Faircloth, Co-Director of Technical Operations.

HostingArmor is designed to be easy enough for even novice website owners to use, while providing the technical data necessary to ferret out any security holes in a web server. Traditional server scanning has, in the past, involved very technical installations and required that business owners either become security experts or fork over thousands of dollars to maintain their own security. HostingArmor was designed from the ground up to bring the same level of technical detail to a broader audience by making server security scanning easy to use and affordable. Unlike traditional scanners, HostingArmor’s service requires no installation. Site owners simply add their “scan targets”, or sites they wish to scan, to their account and can begin scanning for upwards of 30,000 different web server vulnerabilities.

Faircloth continues, “hackers aren’t always interested in compromising a web server for the information in it or to simply destroy the server. Many servers are compromised and used by the hacker for other nefarious purposes like DDoS (distributed denial of service) attacks or even just for the use of the web server. Often, site owners don’t know until it is too late and many end up responsible for the ‘hangover’ from such incidents – high bandwidth bills, abuse complaints, and so forth”.

HostingArmor is offering a 30 day free trial to the vulnerability scanner, to help site owners assess their own security risks. The trial offer allows users to scan their own domains up to 35 times during the first month and provides full access to every feature available. More information about the company and the HostingArmor scanner is available at the Company’s website.

About HostingArmor

Source: HostingArmor.com Keeps Site Owners One Step Ahead in Website Security

(The Hosting News) – HostingArmor.com, a Florida based Internet security company, announced the launch of its website security scanner. Supported by the Nessus scanning engine, HostingArmor provides site owners with a simple and cost effective way to understand their server’s security vulnerabilities.

“I’ve seen, time and time again, situations when website owners will assume that their hosting company or their webmaster keeps their server patched and up to date and secure against web application vulnerabilities. All too often this is not the case. The problem is, most site owners know and understand how to run their business, but know very little about maintaining secure servers”, says Sean Faircloth, Co-Director of Technical Operations.

HostingArmor is designed to be easy enough for even novice website owners to use, while providing the technical data necessary to ferret out any security holes in a web server. Traditional server scanning has, in the past, involved very technical installations and required that business owners either become security experts or fork over thousands of dollars to maintain their own security. HostingArmor was designed from the ground up to bring the same level of technical detail to a broader audience by making server security scanning easy to use and affordable. Unlike traditional scanners, HostingArmor’s service requires no installation. Site owners simply add their “scan targets”, or sites they wish to scan, to their account and can begin scanning for upwards of 30,000 different web server vulnerabilities.

Faircloth continues, “hackers aren’t always interested in compromising a web server for the information in it or to simply destroy the server. Many servers are compromised and used by the hacker for other nefarious purposes like DDoS (distributed denial of service) attacks or even just for the use of the web server. Often, site owners don’t know until it is too late and many end up responsible for the ‘hangover’ from such incidents – high bandwidth bills, abuse complaints, and so forth”.

HostingArmor is offering a 30 day free trial to the vulnerability scanner, to help site owners assess their own security risks. The trial offer allows users to scan their own domains up to 35 times during the first month and provides full access to every feature available. More information about the company and the HostingArmor scanner is available at the Company’s website.

About HostingArmor

HostingArmor.com Keeps Site Owners One Step Ahead in Website Security

Perhaps the most important aspect of operating an online business is keeping your investments secure at all times. The internet is a very dangerous place, especially for business that conduct hundreds or thousands of dollars in eCommerce each and every day. Having a secure website not only prevents the loss of profits, but it also boosts sales as your customers will be more confident when shopping with you if they know that your site is safe.

Considering that most hackers spend hours every day trying to find new exploits, hacking into sites and looking for opportunities to steal cash form hard working business owners, you need to put forth the same effort to protect your website. Since most do not have the time to work around the clock in keeping their website secure, you need a web hosting company that offers state-of-the-art server security. There are however some things that you can do to protect your website from  hacking attacks.

Firewalls

Many people overlook the importance of securing their operating system when dealing with their website’s security. Having a strong firewall is very important to the security of your operating system, and your website. When you upload information from your hard drive to your website, it can be intercepted if you do not have a solid firewall protecting you from the outside world. There are many firewalls available, and your web host will often have one setup on your server by default. However, it is best to have a high quality firewall set up on your server and your operating system for maximum security.

Securing Your Login Credentials

When security experts talk about keeping your website protected, they are actually referring to securing the control interface of your website, as this is the area that can be used to hijack or destroy your website if accessed. When a hacker gains access to your administrative interface they are capable of executing any task that you as an administrator could do. This means they can upload content, delete content, and even steal your entire domain by transferring it another host! Thus, the first line of defense is having a strong password. Make sure your password is at least 8 characters long, with two special symbols and two upper case letters. The best way to create a secure password is to use a password generating software. You can find these online for free, and they generate highly secure passwords at the click of a button.

Strong Antivirus Software

Having a solid password and firewall will do you no good if your system is vulnerable to viruses. Viruses like keyloggers can infiltrate your system and collect personal information, such as your passwords Even if your password is 20 characters long, it can still be hacked if your computer is infected with spyware and keyloggers. Keyloggers actually log everything that you type into your computer, which means that every time you enter your passwords, the info is sent to the hacker. To prevent something like this from happening, you’ll need a strong antivirus working to protect your computer at all times. Some antivirus suites come with a firewall and a password generator, so it is possible to handle all of the above precautions with a single powerful antivirus suite.

(The Hosting News) – Are you a major player in the colocation or cloud computing industry? Do you need to know the latest in data center construction methods? Or do you have something to share? Are you wondering how the internet can contribute to the fight against climate change? Does your firm have clients that demand the most secure hosting facilities? If you fit any of these profiles or are on the periphery of this area, you’ll want to consider attending any of four conferences slated to take place between now and June 15.

Green: Net 2010, April 29, 2010

This is cutting it a little close, but Green: Net 2010 is right around the corner. It’s a day for professionals, academics, NGOs and other interested parties to come together and examine how the internet and related technologies can help in the fight against climate change. The Climate Group has predicted that information and communications technologies could enable emissions reductions of 15 to 20% below current amounts by 2020. Whether you’re an entrepreneur with ideas to help this process succeed or a forward-thinking corporation looking to do your part, you’ll find a wealth of information and resources at this popular conference. This is the second annual such conference, and the first sold out. However, tickets still appear to be available this year.

Some topics to be discussed include:

• The Smart Grid and Its Impact
• The Networked Car
• Software and the Carbon Policy
• Home Energy Management
• The Web and Dematerialization
• Dot-Com Investors Migrating to Cleantech
• Energy-Efficient Data Centers

More information is available at: http://events.earth2tech.com/greennet/10/

Philadelphia SecureWorld Expo, May 12-13, 2010

This event brings security experts of all stripes together to discuss the latest trends, best practices and future developments in the ever-changing world of security. Sessions range from tracking extremist activity to analyzing security threats and trends in 2010. They vary in technical level from overviews to much more focused sessions such as: Fingerprinting Post Compromise Behavior Using a Low Interaction SSH Honeypot.

Other sessions include:

• Social Networking and the Consumer Cloud – Are You Ready?
• The Current State of Cybersecurity
• Resolving the Conflict over Workplace Privacy and Employee Monitoring
• Learning from the Mistakes of Others – Analysis of Data Breaches in the US
• Molecular Security
• Implementing a Security and Compliance Risk Management Framework for Health Care
• Securing the Present and Future of Cloud Computing

And much more.

If your job involves electronic or data security in some form, the SecureWorld events are not to be missed.

Learn more at: http://www.secureworldexpo.com/events/index.php?id=282

Datacenter Transformation Summit: East, June 2, 2010

The Datacenter Transformation Summit brings together datacenter architects, industry visionaries, senior IT architects, financial professionals and datacenter operators to discuss the present and future of datacenters and collaborate on strategies for success. According to the site, it’s “long on actionable advice and short on unsupportable predictions.” As the supply of datacenters twindles and demand increases, the summit provides a place for industry players to analyze current trends and plot a way forward.

The event takes place at the Hyatt Regency in Reston, Virginia.

The agenda includes:

• State of the Datacenter Industry: The Rebound
• Datacenter Operations
• The Capital Crunch and its Impact on Datacenters
• The Cloud and its Implications for the Datacenter
• Datacenter Design and Architectures

And more.

The summit is held by Tier1 Research, a company focused on wholesale and colocation datacenters. Learn more at: http://dtsummit.com/na/east/2010

Hosting and Cloud Transformation Summit Europe 2010, June 15

This event, also put on by Tier1 Research, has changed its name and its scope for 2010, with added emphasis on cloud computing in addition to the standard hosting and colocation segments. This summit packs a lot into one day, including segments on hosting and datacenter infrastructure, enabling technology, customer expectations, partnering, and mergers and acquisitions. It is broadly attended by industry professionals and is generally regarded as an authoritative source for current and future hosting and datacenter trends. With cloud computing added to the mix this year, it will be more valuable than ever.

Attendees run the gamut from infrastructure and service providers to practitioners and financiers. The event provides a forum for leaders on both sides of the Atlantic to come together with their peers to map out the future of this increasingly vital industry and, of course, utilize the variety of unmatched networking opportunities.

The agenda includes:

• Enterprise Cloud Adoption
• Colocation Market Trends: NA and Europe
• Financial Strategies
• Building and Managing Clouds
• Which Way Forward: IaaS, PaaS, Public or Private?

Along with other sessions focused on cloud computing impact on the industry and the way forward.

For more information, visit: http://www.hostingtransformation.com/eu/2010

Four Upcoming Seminars Web Hosts Will Want to Know About

(The Hosting News) – Are you a major player in the colocation or cloud computing industry? Do you need to know the latest in data center construction methods? Or do you have something to share? Are you wondering how the internet can contribute to the fight against climate change? Does your firm have clients that demand the most secure hosting facilities? If you fit any of these profiles or are on the periphery of this area, you’ll want to consider attending any of four conferences slated to take place between now and June 15.

Green: Net 2010, April 29, 2010

This is cutting it a little close, but Green: Net 2010 is right around the corner. It’s a day for professionals, academics, NGOs and other interested parties to come together and examine how the internet and related technologies can help in the fight against climate change. The Climate Group has predicted that information and communications technologies could enable emissions reductions of 15 to 20% below current amounts by 2020. Whether you’re an entrepreneur with ideas to help this process succeed or a forward-thinking corporation looking to do your part, you’ll find a wealth of information and resources at this popular conference. This is the second annual such conference, and the first sold out. However, tickets still appear to be available this year.

Some topics to be discussed include:

• The Smart Grid and Its Impact
• The Networked Car
• Software and the Carbon Policy
• Home Energy Management
• The Web and Dematerialization
• Dot-Com Investors Migrating to Cleantech
• Energy-Efficient Data Centers

More information is available at: http://events.earth2tech.com/greennet/10/

Philadelphia SecureWorld Expo, May 12-13, 2010

This event brings security experts of all stripes together to discuss the latest trends, best practices and future developments in the ever-changing world of security. Sessions range from tracking extremist activity to analyzing security threats and trends in 2010. They vary in technical level from overviews to much more focused sessions such as: Fingerprinting Post Compromise Behavior Using a Low Interaction SSH Honeypot.

Other sessions include:

• Social Networking and the Consumer Cloud – Are You Ready?
• The Current State of Cybersecurity
• Resolving the Conflict over Workplace Privacy and Employee Monitoring
• Learning from the Mistakes of Others – Analysis of Data Breaches in the US
• Molecular Security
• Implementing a Security and Compliance Risk Management Framework for Health Care
• Securing the Present and Future of Cloud Computing

And much more.

If your job involves electronic or data security in some form, the SecureWorld events are not to be missed.

Learn more at: http://www.secureworldexpo.com/events/index.php?id=282

Datacenter Transformation Summit: East, June 2, 2010

The Datacenter Transformation Summit brings together datacenter architects, industry visionaries, senior IT architects, financial professionals and datacenter operators to discuss the present and future of datacenters and collaborate on strategies for success. According to the site, it’s “long on actionable advice and short on unsupportable predictions.” As the supply of datacenters twindles and demand increases, the summit provides a place for industry players to analyze current trends and plot a way forward.

The event takes place at the Hyatt Regency in Reston, Virginia.

The agenda includes:

• State of the Datacenter Industry: The Rebound
• Datacenter Operations
• The Capital Crunch and its Impact on Datacenters
• The Cloud and its Implications for the Datacenter
• Datacenter Design and Architectures

And more.

The summit is held by Tier1 Research, a company focused on wholesale and colocation datacenters. Learn more at: http://dtsummit.com/na/east/2010

Hosting and Cloud Transformation Summit Europe 2010, June 15

This event, also put on by Tier1 Research, has changed its name and its scope for 2010, with added emphasis on cloud computing in addition to the standard hosting and colocation segments. This summit packs a lot into one day, including segments on hosting and datacenter infrastructure, enabling technology, customer expectations, partnering, and mergers and acquisitions. It is broadly attended by industry professionals and is generally regarded as an authoritative source for current and future hosting and datacenter trends. With cloud computing added to the mix this year, it will be more valuable than ever.

Attendees run the gamut from infrastructure and service providers to practitioners and financiers. The event provides a forum for leaders on both sides of the Atlantic to come together with their peers to map out the future of this increasingly vital industry and, of course, utilize the variety of unmatched networking opportunities.

The agenda includes:

• Enterprise Cloud Adoption
• Colocation Market Trends: NA and Europe
• Financial Strategies
• Building and Managing Clouds
• Which Way Forward: IaaS, PaaS, Public or Private?

Along with other sessions focused on cloud computing impact on the industry and the way forward.

For more information, visit: http://www.hostingtransformation.com/eu/2010

Four Upcoming Seminars Web Hosts Will Want to Know About

(The Hosting News) – Are you a major player in the colocation or cloud computing industry? Do you need to know the latest in data center construction methods? Or do you have something to share? Are you wondering how the internet can contribute to the fight against climate change? Does your firm have clients that demand the most secure hosting facilities? If you fit any of these profiles or are on the periphery of this area, you’ll want to consider attending any of four conferences slated to take place between now and June 15.

Green: Net 2010, April 29, 2010

This is cutting it a little close, but Green: Net 2010 is right around the corner. It’s a day for professionals, academics, NGOs and other interested parties to come together and examine how the internet and related technologies can help in the fight against climate change. The Climate Group has predicted that information and communications technologies could enable emissions reductions of 15 to 20% below current amounts by 2020. Whether you’re an entrepreneur with ideas to help this process succeed or a forward-thinking corporation looking to do your part, you’ll find a wealth of information and resources at this popular conference. This is the second annual such conference, and the first sold out. However, tickets still appear to be available this year.

Some topics to be discussed include:

• The Smart Grid and Its Impact
• The Networked Car
• Software and the Carbon Policy
• Home Energy Management
• The Web and Dematerialization
• Dot-Com Investors Migrating to Cleantech
• Energy-Efficient Data Centers

More information is available at: http://events.earth2tech.com/greennet/10/

Philadelphia SecureWorld Expo, May 12-13, 2010

This event brings security experts of all stripes together to discuss the latest trends, best practices and future developments in the ever-changing world of security. Sessions range from tracking extremist activity to analyzing security threats and trends in 2010. They vary in technical level from overviews to much more focused sessions such as: Fingerprinting Post Compromise Behavior Using a Low Interaction SSH Honeypot.

Other sessions include:

• Social Networking and the Consumer Cloud – Are You Ready?
• The Current State of Cybersecurity
• Resolving the Conflict over Workplace Privacy and Employee Monitoring
• Learning from the Mistakes of Others – Analysis of Data Breaches in the US
• Molecular Security
• Implementing a Security and Compliance Risk Management Framework for Health Care
• Securing the Present and Future of Cloud Computing

And much more.

If your job involves electronic or data security in some form, the SecureWorld events are not to be missed.

Learn more at: http://www.secureworldexpo.com/events/index.php?id=282

Datacenter Transformation Summit: East, June 2, 2010

The Datacenter Transformation Summit brings together datacenter architects, industry visionaries, senior IT architects, financial professionals and datacenter operators to discuss the present and future of datacenters and collaborate on strategies for success. According to the site, it’s “long on actionable advice and short on unsupportable predictions.” As the supply of datacenters twindles and demand increases, the summit provides a place for industry players to analyze current trends and plot a way forward.

The event takes place at the Hyatt Regency in Reston, Virginia.

The agenda includes:

• State of the Datacenter Industry: The Rebound
• Datacenter Operations
• The Capital Crunch and its Impact on Datacenters
• The Cloud and its Implications for the Datacenter
• Datacenter Design and Architectures

And more.

The summit is held by Tier1 Research, a company focused on wholesale and colocation datacenters. Learn more at: http://dtsummit.com/na/east/2010

Hosting and Cloud Transformation Summit Europe 2010, June 15

This event, also put on by Tier1 Research, has changed its name and its scope for 2010, with added emphasis on cloud computing in addition to the standard hosting and colocation segments. This summit packs a lot into one day, including segments on hosting and datacenter infrastructure, enabling technology, customer expectations, partnering, and mergers and acquisitions. It is broadly attended by industry professionals and is generally regarded as an authoritative source for current and future hosting and datacenter trends. With cloud computing added to the mix this year, it will be more valuable than ever.

Attendees run the gamut from infrastructure and service providers to practitioners and financiers. The event provides a forum for leaders on both sides of the Atlantic to come together with their peers to map out the future of this increasingly vital industry and, of course, utilize the variety of unmatched networking opportunities.

The agenda includes:

• Enterprise Cloud Adoption
• Colocation Market Trends: NA and Europe
• Financial Strategies
• Building and Managing Clouds
• Which Way Forward: IaaS, PaaS, Public or Private?

Along with other sessions focused on cloud computing impact on the industry and the way forward.

For more information, visit: http://www.hostingtransformation.com/eu/2010

Four Upcoming Seminars Web Hosts Will Want to Know About

These days, it is more important than ever to keep your website current with the latest security measures.  Why so much emphasis on security?  Because hackers are always looking for ways to penetrate servers and websites to thieve sensitive information.  There are is a lot you can do to ensure better website security and the tips in this article should taken very seriously.

1.) Update Your Applications and Scripts

Running outdated web applications and code on your site is liking giving hackers an open invite.  So if you have older versions of WordPress or Joomla installed, it is advisable that you immediately check for and perform the necessary updates.  This goes for any application or programming languages used for your site.  For a knowledgeable hacker, compromising Joomla 1.0 is as easy as uploading a shell script to an insecure form.  If successful, they could end up with complete control of your account.

2.) Create Strong Passwords

A password can be a simple but effective security mechanism.  However, this is only the case when following a strict set of rules.  When securing login sessions and other areas of your site, never apply a password that can be easily guessed by others or is used for other accounts.  If someone knows just one of your passwords, they can keep trying it for each of your accounts until they are successful.  This could not only lead them to the control panel login of your hosting account, but also the financial institution you do your online banking with.

3.) Mask Your Folders

It is always wise to cloak your website files and folders that are stored on the server.  Many security experts suggest keeping a blank index.html file in each of the folders stored in your public directory.  Doing this will ensure that the contents cannot easily be viewed by internet users.  This process is made simple with the cPanel control panel and its Index Manager function.  You can take this one step further by password protecting the administrator folder that contains the scripts you are running.  This is highly recommended as it provides an added layer of security that will make an intruder have to work that much harder.

What If I Still Get Hacked?

As we eluded to earlier, there is a possibility that even after adhering to all of these tips and more, your website can still be compromised by a hacker.  Should your site be successfully exploited, there are a couple of things you should do right away to minimize the damage.  The first step that needs to be taken involves changing all of the passwords associated with your website.  This goes from your control panel and administrative areas to everything else in between.  Next, go through your hosting account to find and update all old applications and plugins as they could easily be the culprits that led to exposure.  Any website can be compromised and if it happens to you, your sensitive information can be used for criminal gain in one way or another.  Prevention is the key so employ all the measures you can to ensure you are protected against the existing and emerging threats.

Convenience aside, allowing anonymous visitors to upload files to your site is pretty much like opening the gates and telling malicious users it is okay to compromise your server.  This puts you, the website owner, in a very tough position when considering that such permissions have become a commonality on today’s internet and has proven to increase business efficiency.

Having the ability to upload files is a regular occurrence on social networking sites such as FaceBook, MySpace and Twitter as well blogs, forums and online banking sites.  This feature is also prevalent in corporate portals as it allows end-users to share files with business employees.  In these environments, users are permitted to upload documents, pictures, music, videos and several other types of files.  The more functionality an end-user is provided with, the greater the probability of creating a vulnerable web application.  It is a known fact that many internet users abuse their privileges to gain access to a specific site or compromise a web server.

During recent tests, security experts have discovered that an alarming number of widely used web applications are not making use of secure upload forms.   According to their findings, many of these vulnerabilities were easily detected and exploited, allowing experts to gain full access to the file system on the web server hosting those applications.   Most of these vulnerabilities were the direct result of improper security configurations, essentially permitting intruders to roll right in.

Viable Solutions

Below is a list of practices you or your system administrator should enforce when file uploads are allowed to your website or web applications:

- Create an .htaccess file that only permits access to files with allowed extensions

- Do not the put the .htaccess file in the same directory where the files uploaded by users will be stored.  This file should be stored in the parent directory that your visitors do not have access to.

- The average .htaccess file that only allows files such as jpg, jpeg, gif and png files should include the following lines:

“deny from all

<Files ~ “^\w+\.(gif|jpe?g|png)$”>

order deny,allow

allow from all

</Files>”

These lines can be adjusted to suit your own personal needs.  Editing the .htaccess file in this manner will not only assure that only these file types are allowed, but also protect you from double extension attacks.

- If at all possible, make sure the files uploaded by users are placed in a directory outside of the server root.

- Do not allow existing files to be overwritten.  This will prevent exploits such as the .hataccess overwrite attack.

- Do not rely solely on client-side validation.  This is simply not enough to ensure an adequate level of security.  It is advisable to implement both client-side and server-side validation.

Conclusion

There are several ways a malicious user can bypass the security configurations applied to a file upload form.  When incorporating such a feature into your web applications, you should make it a priority to follow the best security practices and put them to the test on a regular basis.  While this requires a considerable amount of security expertise, it is worth every bit of time to make sure your website is protected.