It seems like hacking is in the news constantly these days. Whether you’re a large corporation or your run a small ecommerce site, you have it in your best interest to prevent hackers from breaking into your site and stealing your customers’ valuable information. Here are the most common types of hacker attacks your website may face, and how to protect yourself from them:
Denial of Service Attacks
One of the simplest (but also most effective) types of attack, the DDoS attack uses sheer force to try to overwhelm your website’s system. Think about it like millions of people trying to visit your site all at the same time, but artificially—the toll it takes on your site’s resources effectively stops the server from being able to serve up your site to legitimate customers.
The interesting thing about this type of attack is that it doesn’t actually try to steal your site’s information. Its only purpose is to make the site inoperable.
One of the easiest ways to stop these types of rudimentary attacks is to use a good firewall. At CanSpace Solutions, we monitor our servers and client accounts 24/7, and when we notice a traffic spike that looks suspicious, we respond accordingly to ensure that the website stays online.
In addition to your main firewalls, we also offer a Web Application Firewall, which protects the particular application you’re running (like WordPress). We base our WAF on OWASP rules, which are the industry standard.
Man in the Middle (MiM) Attacks
This type of attack relies on a hacker intercepting the communication between a server and a trusted user. The hacker’s computer effectively pretends it’s the trusted user by substituting its IP address for the trusted client, and the server is none the wiser, potentially submitting valuable private information to the hacker.
Our use of Domain Name System Security Extensions (DNSSEC) helps to verify the user interacting with the server, which prevents MiM attacks as users first arrive on your site. Once the user is on your site, the SSL certificate (included free of charge with every CanSpace Solutions hosting plan!) takes over and ensures that the rest of the exchange is secure.
Phishing Attacks
An entirely different class of attack, this one depends on user error and is therefore harder for us to protect our customers from.
The classic phishing attack begins with an email sent to a person that appears to come from a legitimate source and asks for some key piece of information (such as entering your email address and password). Once the person has entered their information into the fake website, the hackers effectively have all the person’s privileges and can therefore do whatever they want. This is nearly impossible to stop until the user realizes that there’s a problem. If this scenario happens to you and you think you may have submitted your information, you should let us know as soon as possible and we can update your password to make sure your account is secure.
One extra measure we do have in place is the use of two-factor authentication for the logins of all our hosting customers. This requires that the person trying to log in has either the email address or the phone of the customer, so if the hackers don’t have this information, their attempts would be thwarted.
In general, though, it’s best not to fall for phishing attacks in the first place. Watch out for these classic signs of a phishing message:
- Often, these emails come from domains made to closely approximate a legitimate one (microsoft.com).
- Watch out for unusual English, as many of these emails are crafted overseas.
- Be suspicious of any attachment to an email coming from someone you don’t expect one from.
- Hover over links and look out for suspicious-looking ones.
- In general, be suspicious of any email or link coming from an email asking you to confirm personal information. Because phishing attacks are so common, legitimate services are not really asking their users to do these types of actions anymore. Instead, they prefer to have the people make changes the next time they’re legitimately logged into their account.
In addition to all the security features listed above, here at CanSpace Solutions we try to stay one step ahead of hackers. For us, that means running monthly updates that keep our servers as secure as possible.
