Threats to web hosting security have become more commonplace in recent years. During last year, a web hosting provider Pro-Service located in Georgia suffered the largest cyber-attack in the country’s history. While the specifics about how the attack was carried out remain unknown, the consequences led to the defacement of over 15,000 websites. This is just an example of many breaches over the recent years.
According to Internet Live Stats, over 56 million websites have been hacked this year alone. However, the data doesn’t show if the breaches have been made possible by the site’s owners or hosting companies. Still, the responsibility lies on both parties.
There are some threats that web hosting services probably face this season, but there are also ways to mitigate the risks.
Compromised login credentials
Research shows that brute force or the use of compromised passwords account for over 80% of hacking-related breaches. Furthermore, according to the UK’s The National Cyber Security Centre (NCSC), “123456” is an exact match for more than 23 million passwords. Therefore, malicious hackers use scripts that run the compromised login details or commonly used passwords in an attempt to access accounts on the internet.
Web hosting companies aren’t an exception for these types of cybercrimes. Earlier this year, GoDaddy announced that an unauthorized individual might have obtained Secure Shell (SSH) login credentials following a discovered breach in late 2019. However, there’s no indication from the company how the attacker accessed the data or if there was any damage to the users’ sites.
To mitigate the risk of your account becoming compromised by these attacks, you can set up a strong password of at least 12 characters. Next, change your password regularly so that your account won’t be vulnerable for too long, even if there has been a hidden data breach. Also set up a multi-factor login or choose a web hosting service that already strongly promotes it.
Windows operating system (OS) server vulnerabilities
Web hosting companies offer Windows and Linux OS-based servers. While there are pros and cons for both, experts tend to agree that Linux has fewer vulnerabilities that attackers can exploit.
Furthermore, Windows servers recently suffered from a Zerologon exploit that Microsoft patched. However, this vulnerability remains an active threat if the server’s software hasn’t received the update. Ensure that your server administrator or the web hosting provider has installed the security update on your Windows Server to safeguard your site against this vulnerability.
DDoS attack on web hosting service’s servers
Distributed denial-of-service (DDoS) attacks have become more frequent because of the sophisticated botnets cyber-criminals can build. In fact, there were 542% more DDoS attacks in the first quarter of this year compared with the same period from last year.
Research also shows that DDoS attacks are getting larger and extended each year. Attackers typically target specific websites with these types of attacks. However, malicious hackers also target web hosts, and a successful attack can result in downtime for all the websites under the hosting service.
You can mitigate the risk of an overwhelming DDoS attack on your website by ensuring your server or the web host’s servers have protective software, such as Cloudflare. It’s also effective if the hosting company can scale resources on-demand to absorb the attack data.
Insufficient security measures make web hosts a target
Malicious attackers are always looking for weaknesses in security that they can exploit. While targeting lone servers is easier, targeting a group of servers is more lucrative.
Web hosting companies can protect their data centers with dedicated security measures, such as KernelCare, Auto-Heal Hosting Protection, and Server Hardening. Taking extra steps in bolstering security lowers the chance of becoming a target to malicious hackers.
Website owners can also contribute to mitigating the risk of being targeted by being security-conscious. Alternatively, using a managed hosting service, many of the additional preventative measures are taken care of by the hosting provider, such as automatic updates, secure SSH access, SSL certificates, firewall, and server monitoring, to mention a few.
Cybercriminals using free hosting solutions to distribute malware
According to Engadget: “Free hosting accounts are used to seduce users into downloading damaging software.” Since free hosting solutions are generally less secure, they tend to be an easy target for malicious hackers. Companies offering paid hosting can invest more into providing state-of-the-art security measures and take their registration process more seriously (generally).
Steer clear of any unsecured free hosting offers that don’t require a strict and verifiable registration process. The Cybersecurity & Infrastructure Security Agency (CISA) also suggest that website owners consult with their hosting providers to be clear about security responsibilities for both sides.
In conclusion, threats to web hosting services are genuine and can cause widespread destruction if malicious attempts are successful. However, with a healthy approach to security measures from both users and hosting companies, the likelihood of an attack can be mitigated.
Gert is a professional copywriter mainly working with cybersecurity and digital marketing companies in the US and EU.