Password is the only thing that restricts a hacker to enter your web server and damage your data. In simple words, your server root password is your safeguard. Without the root password, you will not be able to log into your own server, and by mistake if your password goes into wrong hands, it may lead to extreme damage you can’t even imagine.

You can take all the possible measures to make sure your server root password is fully secure and safe.

• Always create an easy to remember password, but something that is hard to remember or guess for others. It simply means that you should not use things such as your birthday date or your dog, cat names, the information which anyone can find on your Facebook profile.

• Use more than 8 character to create your password. Some of the authentication systems will ask for entire pass phrases, however, at least 8 characters is normally sufficient.

• Always use numerical digits, alphabets, uppercase, lowercase and even a symbol is fine when creating a root password.

• Never use the dictionary words, because most of the brute force attacks are programmed to guess such passwords. Avoid using any dictionary words.

• Create an unique password for your server access. Keep it unique, and never use it on another places.

• Never share your password. Even, if you want to provide access for your partner, create a new one and limit the access to a particular environment on the server. Remove the user, once the work is done.

• Every user, client or even you should have a strong password. Its your responsibility to ensure that the passwords are strong.

Following the above points will ensure that your dedicated server will be completey secure and can be accessed by others as well.

Related Posts:

• My Forum Got Hacked, What To Do?
• Web Hosting Control Panel : Security Tips
• Setting Up a New Dedicated Server
• NTFS Level Security and Permissions for Windows server 2008

There multiple be instances when managing your affordable web hosting server via. command line may be tedious. Then, a web hosting control panel can make your task of server management much simpler.

A web-based control panel can be greatly useful, and if it is any of cPanel or Plesk then the kind of GUI you would get can be outstanding. These two control panels have gained huge preference across the globe for managing hosting accounts over the server. But, we aren’t here to speak about the advantages of these control panels, have you ever considered the kind of security risks of having such web-based application which offers an administrative access to your server ?

Following are a few pointers that can help you ascertain that your experience with using these web-based interfaces are fruitful :

a. It is important to make use of a secure connection while accessing your server, may it be a Virtual Private Server, dedicated server or even a private cloud. This should not be misunderstood that you are required to buy an SSL certificate, you can still generate your own and make sure that you access the panel via. HTTPS.

b. Furthermore, it is vital to use a secure password which must not only be unique but should be nowhere similar to the root password of your web hosting server.

c. As much as possible you must Lock down. Various control panels would allow you to do almost anything and everything, but if incase there are certain features that are of no use to you, it is better to try and disable them.

d. Unless and until it is a must, try and refrain from allowing access your employees, customers, or anyone else from using the control panel.

e. It is also important that you avoid accessing your server from a location which you are not sure about. Try to avoid logging into your server from a network which is insecure. Places such as coffee-shops, multiplex’s and other public areas that have Wi-Fi activated as they can be the least secure places.

With the introduction of web-based control panels, managing your server or the hosting account has be greatly simplified and with paying careful considerations, it can be an easy and secure alternative to command-line tools.

Related Posts:

• My Forum Got Hacked, What To Do?
• Ensuring Password Security for Your Server
• Setting Up a New Dedicated Server
• NTFS Level Security and Permissions for Windows server 2008
• Plesk Server Hosting

After deciding to opt for a dedicated server, you may think, what should be the next step ? There are lot of things to do, but not all of the tasks are necessary to implement immediately. Following is a list of actions you need to perform in first few hours on your new dedicated server.

1) There are some possibilities that your new server may not have the latest operating system updates.  You may also need to install a preferred operating system by yourself if you have purchased the server, which will require necessary updates. If you have leased a managed dedicated server from a uk web hosting provider, then your provider may have install the updates as well. But, sometimes they may imagine that you need a server with standard install, without any latest updates. So, check for latest OS updates.

2) Before adding any data on your server, make sure you have applied correct security measures such as installing a good firewall, malware software, etc… For more information about securing your server, go through this article: How to prevent and secure your server against attacks ?

3) Determining various networking settings is important as well. The settings includes nameserver settings, default DNS settings, server hostname settings, etc…

4) Though you are the whole sole owner of the server, but you may change your mind in future and allow other users to access your server. Assuming that, you need to set user policies so that the access to server is limited accordingly.

5) Ensure that you server is completely scalable, so that in future even if you plan to host resource intensive applications, you have enough space to host it. Also, you need to plan your hosting resources according to your website future growth. In future, you may wanted to host multiple mission-critical websites, so be ready and planned for it.

6) Make sure you choose a good control panel to manage your server. The control panel should be able to install the most compatible software’s such as Apache and MySQL. Choose a control panel that has a user-friendly interface.

7) One of the most important things you should always do is to backup your data all the time either on daily or weekly basis. Even if you it won’t need it, still backup everything on your server. For better data security, investing in offsite backup plans is worth. The offsite backup hosting plan ensures that your data is always secure on an offsite server.

8 ) Don’t forget to setup system, port and website monitors. Setup email alerts that can be sent to your email or cell phone if something goes wrong in your server.

9) Keep updating yourself with latest server technology and tips, which will help you to optimize your server for better performance.

Related Posts:

• Dedicated Servers Backup Hosting Solution
• Business Continuity and Data Backup
• 5 Advantages to go for Dedicated server hosting
• Why web businesses needs dedicated hosting
• What is IP address, subnet mask and gateway

PHP stands for Hypertext Preprocessor is a powerful and popular server-side scripting language which is used for serving dynamic web pages. It is very simple to code and debug and supports several databases like MySQL, MS SQL and Oracle.

But, have you ever pondered that some of the PHP functions can be very dangerous for your server and data stored on it ?

When the PHP code is used in an improper way or any insecure php code, potentially it can messed up with a web hosting server and can simply be hacked by hackers. Insecure PHP code can literally harm your server data at the level you cannot even imagine it.

Using the insecure PHP code, as a security hole hackers could enable some very dangerous and powerful PHP functions and can take control over your web hosting server. There are many such php function which should be disabled in the PHP configuration file. Let’s check out the functions that should be disabled in the php configuration file right away on your web server.

Following is a list of dangerous php functions:

apache_child_terminate
apache_setenv
define_syslog_variables
escapeshellarg
escapeshellcmd
eval
exec
fp
fput
ftp_connect
ftp_exec
ftp_get
ftp_login
ftp_nb_fput
ftp_put
ftp_raw
ftp_rawlist
highlight_file
ini_alter
ini_get_all
ini_restore
inject_code
mysql_pconnect
openlog
passthru
php_uname
phpAds_remoteInfo
phpAds_XmlRpc
phpAds_xmlrpcDecode
phpAds_xmlrpcEncode
popen
posix_getpwuid
posix_kill
posix_mkfifo
posix_setpgid
posix_setsid
posix_setuid
posix_setuid
posix_uname
proc_close
proc_get_status
proc_nice
proc_open
proc_terminate
shell_exec
syslog
system
xmlrpc_entity_decode

On the cPanel servers where PHP handler is configured to use DSO, PHP runs under nobody ownership. This may become a security hole and create major issue if you have given 777 permission. The 777 permission enables the “nobody” user to read, write and execute the file. So, its better to be careful with the permissions.

It is always recommended to set the permission to 755, so that no one can edit or change the files. The PHPsuexec function disallows the php scripts to run as 777 permissions and the files cannot be read as well. This function should always be enable for ensuring the maximum security.

PHP functions such as “exec” and “system” are always used to execute the external programs. Even a shell command can also be executed. If these two functions are enabled then a user can enter any command as input and execute into your server. The user can also delete all of your data simply by giving “rm -rf *” command. Even the user can enter any command simply by using (;) in the argument area. Thus, it is better to disable the “exec” and “system” functions in your php.ini configuration file.

Enter the following command in ssh to find your php.ini file:

root@server [~]# php -i | grep php.ini

Mostly, you will get it in the /etc/php.ini directory or you may also get in /usr/local/lib/php.ini

Enter the following command to edit the file using your favorite editor. I have used VI editor here:

root@server [~]# vi /etc/php.ini

Search for the following text “disable_functions” in the php.ini file.

disable_functions: is a directive used to disable the insecure php functions.

Once you find the “disable_functions” directive in the configuration file, modify the disable_functions=”” as shown below:

disable_functions = “apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode”

The above mentioned changes can be applied on both Linux as well as Windows servers.

Once you modify the php.ini configuration file, you will need to restart the Apache web server on Linux server and IIS web server on Windows server for changes to take effect.

After disabling the above dangerous php functions, you may encounter a problem with your web applications. For example: when you disable the “shell_exec” and visit Fantastico in the cPanel, you may see the below error:

Warning: shell_exec() has been disabled for security reasons in /tmp/cpanel_phpengine.*.* on line *

In this case, you should run the following from SSH:

/scripts/makecpphp

The above command will install a copy of PHP to use with the cPanel/WHM backend and its addons like Fantastico.

Related Posts:

• How to choose a best hosting solution?
• Importance Of Having Highest Quality Web Hosting UpTime
• Consider Some Of The Advantages Of Using Dedicated Web Hosting Solution | Part 2
• Consider Some Of The Advantages Of Using Dedicated Web Hosting Solution | Part 1
• Dedicated Web Hosting Services | Part 3

How to Encrypt Passwords in your Database/s ?

With the ever increasing rate of hacks and attacks, more and more individuals across the web have started realizing the need for keeping their website(s) secure. One of the ways is to implement an password encryption for your database. Having said that, when building a website that is password protected, it is also important to determine a way to keep the users login details secure from getting in the hands of the attackers.

We hear people saying that they wish to secure their website and the data it includes. But what does the term “Secure” mean ? One should be aware that the data within the websites database isn’t secure. If the database password falls in the wrong hands, all the measures that you’ve taken for securing your site would all go in-vain. We come across many users that use some sort of non-standard ciphering software that uses an algorithm that is of no good. Instead, users can opt for a standardized algorithm for example MD-5 or Message Digest Algorithm 5.

This algorithm is popular and is considered even by the experts in the industry. Message Digest Algorithm 5 is a encryption technique that uses a one-way hash algo. The most beneficial benefits of using MD5 encryption is it capability of not allowing anyone to revert an encrypted output to the initial, plain-text input. Whatever the input be, MD5 would always maps it to the same encrypted value. Hence, assuring the webmasters that the stored passwords would never be disclosed nor accessible to anybody. With this encryption technique, despite if the hacker is able to breach into your database, he would only have the “Read” permissions and not “Write” capabilities hence preventing him to make any changes in it.

Though there are certain drawbacks of MD5 encryption as well. One should not consider the technique of MD5 encryption as completely dependable. Incase, the password that you have set isn’t much strong, there are chances that a brute force attack can help the attacker gets to know it. Therefore, it is utmost important for users to have a complex password set for their websites, which too should be changed on a frequent basis.

It’s obvious to have a spontaneous question arising in the minds that, despite knowing these facts, why must we use MD5 encryption ? Then, reasons for it is that, this algorithm is fast, simple and really powerful.

Most website owners do not realise the basic fact that a password encryption would merely be of little use. It would only keep your passwords protects and not your entire website. If your website is poorly coded and loop holes, then an attacker or the hackers can exploit such weaknesses and cause serious damage, which might even be a compromised list of your highly confidential user details. This can only be avoided if you have a well written/coded website with sufficient information encryption. By doing this, hackers have next to no scope of causing damage. Even if they try to crack the encryption of the password, they would barely achieve success due to the very fact that it requires a lot of time and processing strength to achieve the results as per their expectations. And, thinking from a hackers perspective, no one can spend so long to try to decrypt a strongly encrypted password. Furthermore, it is important to maintain website and database backups on a regular basis. To understand the procedure to take backup of your database please refer :

It wouldn’t matter if your website is hosted on a Dedicated Hosting server or any other Affordable Web Hosting package, MD5 encryption is supported on all the types of packages.

Related Posts:

• No Related Posts