online security

Home

Client Resources

Security Updates

Request an Account

Contact

 

 

Important Security Updates To Your Web Hosting Account

Online security is an important issue - and when it comes to your website we're working to keep your site up and running with minimal disruption.

Recently, our datacenter has implemeted new security measures to the BBI Hosting System that will further protect your data and your uptime.

1) Secure Access. The next time you log into your hosting account, you will be accessing your control panel via secure server (you'll see the "https" in the address bar). If you had your computer set to automatically fill-in your login information, you may now need to enter it again (or manually, depending on your computer security settings).

You can still access your control panel by adding "/cpanel" to the end of your domain name. For example, http://www.your-site.com/cpanel


2) The New ClamAV Virus Scanner. This system allows you to manually scan your site mail, and web site files for viruses, worms and other issues. You will now see an icon on your control panel labeled"virus scan". This feature is very easy to use and because it runs on the server and not on your computer, it takes only a few seconds to review all of your files. There's more info on ClamAV here: http://www.clamav.net/


3) Check your site's e-mail settings - Many of you are probably aware of an e-mail feature called "catch-all". What this does is create an mail box that will "catch all" email sent to any undefined e-mail address with "@yourdomain.com". In other words, if you had catch-all activated, I could add anything to the beginning of @yourdomain.com and it would be sent to your account.

In the past, this was a great feature to have activated. However, these days the disadvantages far outweigh any benefits. Spammers will fill your mailbox with tens of thousands of e-mails in no time and if you're not maintaining your mailbox daily, it will quickly reach your mail quota.

To eliminate this issue, we recommended using the very handy "black hole" feature.  All accounts that you have specifically set up to receive email will still receive mail, but all the spam email that arrives at your domain will simply be deleted automatically.

To set your default address settings to Black Hole, log into your account control panel. Go to the Mail icon - Choose "Default Address" - Select"Set Default Address"  and enter :blackhole:  (with a colon in front and in back of "blackhole") - and press the "change" button.


4) Clean Up Your Mail -- If you have had a catch-all address in place for a while, you will likely need to go into your web-mail account and clean out a lot of e-mail. This e-mail counts towards your account's storage limit, so you'll want to make sure you keep it in check.

To review your web-mail accounts, use the "webmail" icon from the main page of your control panel, select one of the webmail options (we like to use the Horde system) and from there you can access the mail from your account.




Stay Alert

The security threat from hackers - and the annoyance factor brought on by spammers has grown tremendously in recent years. That's why it's critical that everyone be aware of the types of threats that are most common and implement your own monitoring plan.

If you're running any third-party scripts on your site, such as blogs, forums, etc., it is critical that these programs be kept up-to-date, secure and monitored regularly to ensure that everything is in place and running properly.

Outdated scripts offer large security holes that hackers can use to take your site hostage for use as a platform for propoganda, or worse, to run full-scale spoofing sites that mimic financial institutions, big online companies like eBay, PayPal, etc. You would not even know that this was going on behind the scenes of your website.

Althought there are many benefits to having your content on your site (as opposed to off-site), if you're not able to maintain third-party software safely on your web hosting account, it's best not to install them in the first place. There are alternative fre'e and subscription services (blogs, forums, e-stores, etc.) that are maintained and updated for you.

Blogger is one example - http://www.blogger.com - but there are many others. If you'd like some suggestions, let us know.


The Final Word

While online security threats are serious problems today, having a monitoring plan in place will help tremendously toward keeping your site data safe and your website up online working for you.

Here are a few tips for easy security monitoring:

1) Set your website as your Internet Start Page. This way each time you open a new browser window, your site will load allowing you the chance to look it over quickly to make sure its up and running.

2) Check your web site stats regularly. You should be checking your site stats weekly (at the minimum). Not only will you know how your site is performing, you will also be able to monitor who's accessing your website, which pages or directories are being accessed and which countries your visitors are coming in from. If you notice anything odd - such as an abnormally high proportion of visits from certain non-English speaking countries, or lots of visits to pages that are not publicly accessible, let us know and we'll have the data-security team take a look.

3) Run the new ClamAV Virus Scanning System once a month. This easy tool will scan your web mail and entire website for worms and viruses that may have been loaded on your account. If you run a blog or discussion forum on your site, this is extra critical - however all sites should make use of this scanning system.

4) Keep your computer's anti-virus software subscription and firewall up-to-date - and if your software doesn't already include it - run a separate adware / spyware scanner regularly. Without all this, your computer will eventually be infected by some kind of nasty virus or worm. Some of which can even log keystrokes - allowing someone with bad intent to capture your usernames and passwords to access your personal information and online accounts, including your hosting account, financial accounts, etc.

5) Keep all your account access information safe and secure. In other words, don't keep your usernames and passwords tacked up on your bulletin board, taped to your computer monitor, or sitting on your desk. You never know who may grab that info and use it.

Finally..., remember, the Internet goes EVERYWHERE. So even though you may think of your site as being a local marketing tool, it is really accessible by anyone in any part of the world - whether they have good intentions or not. All sites, no matter what their size, are vulnerable to hackers, viruses or worms. Don't assume that just because your site is not an "eBay" or "Google" that your site cannot become a target.

Stay safe and protect your online assets!


Steve Rinaldi
spr@bbiworld.com
http://www.bbiworld.com

Google

© 2006 - 2010 BBI / BBI PowerHost - All Rights Reserved