Website Hacking Happens. You Can Prevent It.

Posted in: Blog, Security by Christian on August 9, 2010 | 1 Comment

Anytime I hear a customer say, “I went online and read that your hosting servers are hacked” and I think a little misinformation on any subject matter can be very dangerous in the wrong hands, especially when found online. In actuality the percentage of websites, compared to total customer base, is less than 7%. There are several reasons website hacking happens and very rarely is it because a server itself is “hacked” or compromised. This post is about educating yourself and taking simple and easy steps to prevent and protect your website(s) from being compromised.

Benjamin Franklin said it best, “An ounce of prevention is worth a pound of cure.” Read more…

Creating FTP Allow/Deny Rules on Linux

Posted in: Blog, Security by Christian on September 6, 2009 | No Comments

When you login into your FTP account, before you are allowed to log in, the ftp daemon searches in your home directory for a file called “ftp.allow” to see if your IP address is specifically allowed to log in. In order to find out what you IP is go to: http://www.whatismyip.com If the file is found, and your IP address is permitted, no other checks are performed. If your IP address is not found in the list of allowed IPs, or the file is not found, the daemon searches for a file called “ftp.deny”, to see if your IP address is specifically denied. If the IP address you’re trying to connect to matches one of the entries in ftp.deny (which can be ALL: ALL  that denies everything that was not already permitted), the access will be denied with the message “530 User ‘username’ denied by access rules”. If the file is not found, or if your IP address doesn’t match anything, your access will be permitted. In addition to that, webshell access is always permitted (so you could modify the ftp.access and ftp.deny if you denied your own access by mistake). Read more…