Is your Website and Passwords Secure? Security is Becoming an Ever Increasing Importance

Is your Website and Passwords Secure? Security is Becoming an Ever Increasing Importance

Malicious users and organisations are targeting online websites more. With many large organisations having suffered security breaches, it’s a wake up call to other organisations to ensure the stringency of their security provisions and a wake up call to individuals to ensure their passwords are as secure as possible.

Using the same password for multiple services is a bad idea.

Do not use the same password for multiple services. If one service you use has a security breach, it means your accounts on any other service using the same password is also at risk.

You can use an application called KeePass, which is available on Windows, Linux, Mac, Windows Phone, BlackBerry, iPhone and Android platforms which allows you to generate and store really random passwords for use on multiple services.

Do not use the same password for important services. Use KeePass.

Do not use obvious passwords.

You may think “no one will find out/know” but you’d be surprised at how dangerous it is to have an insecure password. Don’t use simple passwords like your family member and a few numbers at the end – it’s guessable and too simple of a password.

Using KeePass allows you to generate very random passwords that are not even rememberable, using different strength ratios by deciding what kind of characters you want to have in your password and the length of it. However, regardless of whether you’re using KeePass or not, if you need to have a memorable password, you can use KeePass to do this with the right ratio.

But if you’re not using KeePass, think of two things that you’d remember that others would not easily guess (including your family or friends), and replace different characters with more obscure ones, such as:

  • WebhostingUK
  • W$bH07T!NGuK

Don’t use the passwords above ;).

Why is it so important to have a secure password?

As one of the largest UK Web Hosting providers in the UK, it is a regular occurance to find automated bots and scripts trying to attempt unauthorised entry into a web hosting account, server or by port-scanning.

While the server firewalls will blacklist any IPs that attempt multiple times in a short timeframe, it is as important to ensure your password is secure, non-guessable and not too easily memorable. Having a short and simple password defeats the purpose of having a password and it’s no better than not having a password at all.

Always have a secure password.

Having a firewall installed on your server.

If you have a UK Dedicated Server with us, it’s important to ensure you have a firewall installed – regardless of whether it’s a Linux Dedicated Server or a Windows Dedicated Server – and this also applies to our virtualised server hosting products, including whUK VPS Hosting, whUK Cloud VMware Server Hosting and whUK Semi-Dedicated Servers.

On Linux-based servers, we’d thoroughly recommend ConfigServer Security & Firewall (CSF). If you have your Dedicated Server with us, you can request our senior technicians to install CSF for you. Once you have CSF installed, it will be visible in WHM; if you have cPanel installed on your server.

With CSF, you can set what server network ports are open and what IPs can access certain services on your server, such as SSH. You can request our senior technicians to configure your server’s security if you wish; perhaps if you do not know how to do this yourself.

Ensuring Email Authentication is enabled.

SPF records are a way in which to authenticate incoming e-mail to a server. Any server which checks for SPF records will check whether the server IP that is sending e-mail to the server that is receiving e-mail (incoming e-mail) has an SPF record; and if so, the server that is receiving e-mail will check the IP address(es) that are listed in the domain’s SPF record to ensure the server IP that is sending the e-mail is permitted to do so as per the SPF record.

How does this work?

It’s very simple. Most web hosting providers will likely have SPF records set up for your domain at the time of creating your account. However, to make sure it is enabled, go to the E-mail Authentication section of cPanel and check whether SPF is enabled.

If it is, your domain has SPF records set which means any server IP not listed in the SPF record on that page that tries to send e-mail to a server checks SPF records of incoming e-mail will likely either entirely reject an e-mail from the unauthorised server sending the e-mail or will flag it as spam, as it may well be spam or a malicious user committing social-engineering attacks by pretending to be the person who actually owns the e-mail address listed in the To field.

Read Here: What are SPF Records? How do I Set an SPF Record?

What is an “SPF record”?

An SPF record is a kind of DNS record that works as a kind of email validation system (SPF meaning Sender Policy Framework), which validates the authenticity of the e-mail by checking whether the server IP is permitted to send e-mail for the domain the e-mail is being purported to be sent from.

You can add multiple server IPs to your domain’s SPF record if you wish; perhaps if in this case you have multiple servers that send e-mail from the same domain name.

Do all servers check for SPF records?

No. Not all servers do. The ones that do, however, may either reject e-mails that are received from an unverified server IP or flag them as spam in case it is a spoof e-mail.

Again, to set (or check) an SPF record, simply go to the Email Authentication section of cPanel.

Also Check: How to Enable Two-Factor Authentication (2FA) in cPanel


Pin It on Pinterest

Share This