41% of companies suffered a DDoS attack in 2014, their websites or systems either disrupted or taken offline completely. One in five were offline for a whole day. Reaction time is a factor in DDoS, so business owners, webmasters and IT managers should understand the risk that DDoS poses to their own business, and have a contingency plan in place.
Combining hardware and web application firewalls at different levels of your hosting architecture is an effective way to maximize both the level and the cost-effectiveness of your website and business’s security, while keeping complexity to a minimum.
Here’s how organizations with both websites and internal applications or file servers can combine a hardware firewall with a web application firewall in order to make their security both stronger and easier to manage.
The last few weeks have seen reports suggesting that China is currently the origin of around a third of global DDoS attacks, Rupert Murdoch tweeting that his Wall Street Journal is being targeted by Chinese hackers, and an announcement by the New York Times that it has been the subject of months of cyber attacks, also emanating from China.
Read on for a summary of these events and a look at international organizations’ attitudes to the threat of espionage from competitors, employees and governments.
The CVE (Common Vulnerabilities & Exposures) database includes over 59,000 known information security threats. While the techniques used to access your data or alter website code vary greatly, a security breach usually has one of these aims:
- Database access and the theft or corruption of personal or sensitive data
- Altering website code in order to change what users see
- Intercepting personal and sensitive data
- Denial of Service (DoS) attacks that render services unavailable
If you’re thinking about having a security expert or your hosting provider evaluate your website or server vulnerability, here are a few questions to ask yourself in order to help you decide.
After finding a good web hosting provider, one of your immediate next steps should be writing detailed procedures on how to handle server issues, cope with growth in traffic, website software development, or even cases like attacks from hackers.
By all means, the following guide is not meant to be definitive, and should be only used as a template, and as such it must be adapted to your special needs and server configuration.
Follow this step-by-step guide if you find problems while trying to access your servers. As you may discover, in most cases you’ll find solutions within the first steps, and probably won’t have to go up to the last step.
- Find the kind of error returned by the website. If it’s a 404 error page, it means the website is unavailable. If it’s a 500 page, it’s a problem with your program failing to start and serve the page. Software like Wordpress or drupal will show you on the page if the mysql database is misconfigured. You can see a list of possible errors here, with cues on what might be the problem.
- Check if the website is available elsewhere if the website is unavailable (404 error). Try for instance with just-ping or host-tracker. These services will ping and try to access your website from different locations in the world. For instance, just-ping will show the percentage of lost packets. A low % might mean that your web server is experiencing massive traffic from websites like digg, or might be the victim of DDOS attack (I hope not so).
- Try to Disable Dynamic Sections or cache the heavy sections of your website, if the website is still available but is experiencing high load times, frequent time-outs, or uneven performance. If it goes better, it means you have outgrown your server and might need additional servers.
- Check if the DNS is properly configured and if there’s any potential problems. If you have a server with a dedicated IP, try to access the server by using the IP address, by typing it in your browser bar. One frequent cause of problems is outdated domain names, in the case where webmasters forgot to renew it. Solution: keep a calendar with alerts 7 days before the domain expires.
- Find if It’s really a problem with iWeb or with a third-party service you are using. If you’re using an external saas service which manage your emails, the problem might be with your provider and not with iWeb. In this case, you should contact them. If it’s a software problem, go to the user group; you can also enquire for help in the iWeb community forum.
- Check the system status page in the iWeb blog. Any incident will be posted there, as well as scheduled maintenance. If you find a warning relevant to a product you are using, click for details to get the history and also to read comments both by other customers or by the iWeb team.
- Assess if you can solve yourself the problem, before filing a ticket in the customer hub. If you have a dedicated server, a remote reboot is done in a few minutes. Whereas, with a ticket support, you’ll have to wait until customer support picks up the ticket, then wait for them to understand & find a fix, then go back to you, which might take a few hours to finish. In the same manner, if it’s a DNS issue, you can fix a problem yourself in the Panelbox panel quickly instead of filing a ticket.
- File a ticket in the customer hub. Before you do so, gather these: passwords, your account ID, and any other relevant information such as the user and port number accessible for ssh.
- Be descriptive in your ticket. Writing “It’s urgent” or “I am losing business!!” or “It’s not working!” in bold or capital letters doesn’t actually help the customer support team finding a solution to your problem. Tell them about the problem and steps to reproduce the problem. Helpful description include error logs from web servers, list of unavailable services, and instructions on how to access your server.