Basic Security Tips For The Shared Hosting Server

Web hosting comes in different shapes, sizes, and flavors. The three most common are shared, dedicated, and VPS hosting. Depending on the requirement, the user chooses to host their services. Many startups or individuals prefer to go with shared hosting. As it is low in cost and offers different benefits. Shared hosting is one of the cheapest cloud hosting solutions and popular hosting solutions for hosting websites. It is also referred to as virtual shared hosting.

What is shared hosting?

Shared hosting is a type of web hosting solution where single server hosts multiple websites. The number of websites on a shared server depends upon the resources that are granted on each website. Here are some basic security tips for shared hosting servers: –

Public Key Authentication – Remove encrypted access, avoid the use of telnet, FTP, or HTTP to manage hosting servers anymore. For better security use SSH keys. Each user has a public key and a private key. The private key is preserved by the user. The public key is kept on the server. When the user tries to log in, SSH makes sure that the public key matches the private key. Using of private key ensures better security and also avoids the risk of any kind of cyberattack.

Strong Passwords – A security-hardened server is a big challenge for cybercriminals, and it is no more surprising that many server administrators leave the door open for cybercriminals. Last year, brute force attacks against servers resulted in data breaches. Always use long passwords and random characters, long passphrases, special characters, and numbers.

Update – It is important to ensure that your local machine is safe. Always prefer to use updated and reliable antivirus solutions. Keep your applications and drivers up-to-date. Use appropriate software for your computer. Update all your applications on regular basis. This includes add-ons, modules, and components that you have integrated.

Set Permission – Never set directory permission above 755. In case, you want to use a directory above 755, put that directory outside of webroot (public_html) or you can place a .htaccess file in them that contains “deny from all” to creating an restriction to public access.

Default Configurations – Change the local PHP settings for better security. For doing this, disable unnecessary functions and options. Below are some sample recommendations.
Type allow_url_fopen=off

Disable_functions = set_time_limit, proc_open , popen, exec, disk_free_space, leak, system, shell_exec, passthru, tmpfile

Note – Above mentioned directives can hamper your code’s functionality. You have to add these directives in the php.ini file of every directory.

Deny bots and pearl from accessing your website. This can be implemented by applying the following rules in the .htaccess file: –

SetEnvlfNoCase User-Agent libwww-perl bad_bots
Order deny, allow
Deny from env=bad_bots

You can also add a bogus handler for these files. Create a.htaccess file in the home directory with the below content: –

##Deny access to all Python, Perl, CGL, and other text files
<Files Match “.(cgi|pI|py|txt)”>
Deny from all
</FilesMatch>

##if you are using robots txt file, remove # sign from the following 3 lines to allow access only to the robots.txt file
<File Match robots.txt?
Allow From all
</Filematch>

Tips mentioned above will prevent Pearl scripts from being implemented. There are many exploits and backdoors that are designed in Pearl but the above implementation of code, it will prevent malicious code to run.

Backups – Backups are the last option against threats. If your website goes down due to any reason, you can quickly restore it using the latest backup. But this is effective only if you are taking backups regularly. Also, remember to store the backup in a separate location.

Robust Security Features – One of the most and important things to do for your web hosting account is to put the security measures in place for your website. While your hosting provider will have a server firewall with extra security features to keep your website safe. In addition, you can use anti-malware solutions for your website.

Monitor Logs – Logs are a vitally important tool. A server collects enormous amounts of information that what has happened and who connects to it. Patterns in that data often reveal behaviors or security compromises. There are many tools that can be used in analyzing, summarizing, and generating reports. Logwatch and logsentry tools are popularly used for keeping logs.

Turn Off Unnecessary Services – Any internet-facing software that is not required should be strictly disabled. The fewer points of contact between the server’s internal environment and the outside world create a better workflow. Unnecessary services can exploit your website data. Turning off unnecessary service of the webserver engine. Remove language modules that you don’t want to use. Disable web server status and debug webpages. The less information you provide about your website infrastructure, the smaller footprints becomes to attack you with.

Install and Configure CSF Firewall – The config server firewall is another feature-rich, free firewall that protects the server against a wide variety of cyberattacks. Its features stateful packet inspection, rate-limiting, authentication failure, directory watching, flood protection, and use of external blocklists. CSF is the best tool and is used in managing IP tables.

Install and Configure Fail2Ban – Every server on the web is scanned by bots looking for weaknesses. Fail2Ban trawls through server’s logs in search of patterns that indicate the malicious connections. Such as – failed authentication attempts or too many connections from the same IP address. Fail2Ban can block suspicious IP addresses and notify an administrator.

Conclusion: –

Remember, once your web hosting account is compromised, there might be a possibility that the intruder will leave a backdoor for gaining easy access at a later point in time. Therefore, it is advisable to follow the above security tips to secure your shared hosting server. Detecting of backdoor can be time-consuming and expensive as well. In many cases, you may have to contact a professional developer. To avoid any such kind of malicious incidents, follow the above security tips or you can contact the Go4hositng team for many other hosting plans like – dedicated hosting, VPS hosting, and colocation hosting.