Security Issues with Dedicated Servers
Many people make the switch to a dedicated server to avoid security issues that are inherent in shared hosting situations. Whenever you are sharing the same server with other people, there are risks that your site’s data could be hacked. However, there are still some security issues that you need to be aware of when running a dedicated server.
If you are using any PHP based application on your website, or especially if your control panel for your dedicated server is written in PHP, you will need to make sure that your register_globals are set to OFF. If this setting is moved to on, you are literally left wide-open for a security breach.
Other types of control panel issues exist as well. No program is 100% safe from hackers and they will frequently target a control panel to gain access to your entire server. Once the root account has been hacked, any other sub-accounts are immediately vulnerable.
If your host does not provide a secure log-in area and a secure environment for your control panel, you are also vulnerable. Any time you enter in a password in an insecure form, you are risking your valuable information.
Allowing anonymous FTP to your server is also a large area of concern. This means that basically anyone can upload to your server, and they may have the ability to get into your file structure.
What can you do to make sure that your site and your root account are secure? First, most control panels offer the option to scan for possible security breaches. This will allow you to either disable an application that is a security problem, or download patches that will fix the error.
If your control panel does not offer this feature, there are still ways to make sure that your server stays safe. First, never allow anyone you do not know FTP access to your server. This can include community portal sites that allow users to upload files to a community area. Anytime you grant someone access to adding anything to your site, you are at risk for a possible Trojan virus or worm that can infiltrate your server.
You can also check through any PHP applications to make sure that all of them have the registers_globals field turned off. This is very important as there is really no working fix for security holes if the field is turned on. Not all PHP applications are at risk, but the vast majority do have problems. While this can be a hassle, especially if an application requires that your register_globals are set to ON, it is absolutely essential for a secure site.
Make sure that you have a secure log-in area. If your web hosting company does not provide this, you may need to find a company that will allow you this important peace of mind. Frequently check your site and your applications to make sure that they are all up-to-date and do not contain holes that can be utilized by hackers.Related Posts:
Posted on 12/15/05 8:15 PM
Be the first to comment!