What and Why to Secure a Web Server

“What we loose with a less secure website?” I am asked this question by many people, today, in this article I will try to cover those core reasons, which make it essential for everyone to secure his/her web server. We will try to measure necessary security threats for all scale of websites, ranging from personal blogs to community websites, small sized company website to corporations’ websites.

Blog Sites

Let’s start with bloggers, and why securing web server is important to them. Normally blogger are of the view that why the hell should I spend money or energy to this so-called security; while I have no sensitive data on my blog, neither I am in serious conflict with anyone? And even if some looser gets into my blog, I will simply change my server and will restore with the backup that I take on daily basis. So not a bid deal at all.

Well, I am afraid, but it is not exactly the same! Let’s peek into those incentives that a blogger offers to a website hacker. First thing that comes in is the show off, and probably it is the most enjoyable target for hackers. Normally, it is observed that blogs are not that secure when compared to corporate websites, hence they are easy to get in.

So hackers, especially the beginners start their careers with hacking blog sites.

It is matter of fact that hackers don’t attack blogs for fun only, there can be financial aspect with hacking a blog as well, such as many hackers attack blogs to gain its data for instance, names, emails, IPs and latter on they re-sell it (for hefty value).

Another very dangerous thing can be, what if a hacker comes in and change your google ad sense code and changes it to his/her code, even in that case, a blogger can be in deep trouble.

Small Sized Companies

Now let’s consider a small sized company, and possible damages a hacker can do by hacking its website. For example, if this small sized company is selling some online products, meaning that there are very good chances that its clients’ information is stored on web server. This information may contain sensitive data such as credit card and other similar details.

Email boxes of such small companies are not normally not secure as well, which can reveal secret information, such as tender information, ongoing projects, upcoming products and similar to attackers, which can be your rival as well.

Large Corporation Websites

Now let’s talk about big corporations’ webistes, which can be the worst hit of any such attack. Obviously, more finances involved means more damage.

I opt not to disclose all possible treats for corporate websites (as they can be used for ill means), but its matter of fact that large companies MUST spend some time and resources in securing their web servers. For example, telecom companies, financial institutes, real estate firms and others have plenty of information saved on the back-end (in databases, or in hidden pages) to be secured.

The thing which bothers me most is that people don’t think of these security matters at all, and they are living their lives with open threats and eyes shut.

My Server is not Secure, Okay what to do then?

What can be done here is to get people hired to do security audit of you web servers. There are companies and individuals, and they don’t cost must, they make your web servers very secure up to a point where you and your customers can feel safe.

In Pakistan we have some companies that provide such web server security auditing services, but let me tell you that security is a very huge area and there are very few firms or individuals which cover every aspect of it. Additionally, I want to confess that in Pakistan, yes we lack security professionals.

We have three main domains in security auditing which are,

  1. Network level: Network level means internal audit of your system and its service. This is very big area like here we have to cover whole network and need to audit every node, client, every port means everything.
  2. Web level: Web level means web application level auditing and testing and this includes web server, web application and technology like wordpress, joomla, or any other inhouse application.
  3. Wireless Testing: This is new level of testing, which includes wireless connection, wireless devices like cameras, VIOP phones, computers, networking devices and bluetooth devices as well.

So, look around and check out if your web servers are secure enough or not. Large corporations may consider big companies; however, bloggers and small sized companies with low budgets can go for freelance security auditors as well.

Drop your comments below, or contact me using contact us form on this website for any additional information you require!

PEACE


  • i had asked this question before and asking it again, how can i check k my site is hosted on some secure server?
    you have disable right click more over i can even select text, i have just typed, in comments textbox
    you seem to be more securohlic :D

    • @ڈفر, hi Duffer, nice to see you back.

      Well about securing a webserver, we are preparng tutorials for this, and as you may imagine all this requires some time.

      About right click thing, it was carried away to avoid those copy/paste bloggers which are atleast 30 in number.

      I will restore the copy/right click in a week or so.

  • As you Dont know exectly i am not the owner of this blog i write for propakistani and i havnt done this right click thing and i am the person who says this all the time that there is nothing such thing as 100% secure thing !

  • Kamal Panhwar

    Very nice article for webmasters. I also want to draw attention on timely backup of site.

    We must have plan to do regular auto and manual backups of sites. Auto backup could be done by using auto software which will download all data from ftp account, but for mysql you need a autmated sysetm which can backup database and put in ftp server, which you can download.

    I have faced a lot of problem due to non proper backup. So now I use to do a daily backup in folder with day name. So it is also weekly and daily both backup.

    I just put saturday backup in saturday folder and similary all 7 days. And I also do one backup on Monthly basis.

    Where is your tutorial for website security? is it complete now?

  • webston.net

    100% agree. With out getting regular backup of your Data base can be a fatal disaster for your whole web in a minute. I prefer getting manual backup is batter rather than auto as i have already lost some of my web data because of third part auto backup software.

  • M Zeeshan

    For the betterment of pakistani websites security, Kindly recommend tools for website security audit at your earliest. How to secure wordpress, joomla, getsimple etc and what are the threats related to these control pannels. Urgent response is appreciated as now 270 indian websites are just being hacked and now they will try to hack ours.

  • Web Hosting

    Security of your hosting is very essential and so I go for HostGator as the hosting provider, though its priced high but they offer good reliability and security.