I have shared hosting from GoDaddy and run about 25 websites both personally and for clients. All the sites are for small local businesses. I don’t have a strong background in computer science or security and I’m always thinking to myself “What if someone hacks my hosting and screws up a bunch of websites. What a hassle that would be!”
I don’t know of anyone that would do anything malicious but I’m trying to be cautious and take preventative measures. How easy is it for someone to get into my client parent directory? I always read about how annonymous takes down sites with relative ease it seems. Is being careful with passwords enough security? If not, do I need to purchase security addons? Do I need to go off the grid with my own server?
Is there an article or tutorial out there that would help me protect my hosting? Thanks in advance!
1. ditch godaddy, probably the most hacked host going.
2. backup regularly, so a host that can do periodic backups at specific times
... like you I am pretty clueless in these matters, but hopefully someone with more experience can help you.
Well there is no clear answer for such a question.
I am a bit expirienced with server management so i guess i can give you some advices.
First of all you should stay on a shared hosting. Do not try to manage a own server. This is the worst thing that you can do. Your server will be in a DDos botnet within minutes and will be abused to send spam emails. And this are the “best of the bad” things.
Is being careful with passwords enough security?No, but this is something that you have to do as a minimum. Only use passwords which do not make any sense. There is no “safe” or “unsafe” hoster if it is a serious company. If one hoster gets more attention than another one, the chances that a higher that something could happen. It is the same as it is with cracks. If no one cars about you/the hoster then most likely nothing will happen.
How easy is it for someone to get into my client parent directory?If the server is configured properly then this is “impossible”.
The biggest security risk is not the server. It is the software which is running on, for example PHP scripts. Never use the same database for multiple projects. If you have a PHP script on your server which allows someone to take over your database then you are in trouble.
Make sure to keep your software up to date and do not install everything that you find on the web.
Use the software called mySQL dumper to backup your database at least once a day.
If you have to get rid of a shared hosting for some matters (e.g. huge amount of visitors) get a managed server. That is a dedicated server which is completely for you alone, but is managed by someone who knows what he is doing.
I always read about how annonymous takes down sites with relative ease it seems.
“annonymous” is a group of “script kiddies” (anyone can join them) and only some real hackers. Most of the time this script kiddies just take down a website by using a DDOs attack (Distributed Denial of Service) which (in short words) just overloads your server so that he can’t respond in time. That requires no skill which (unfortunately) allows many persons to do such a thing.
This are some of the most important things. There is no “safe” server. It is depens on how much attention you get. Not even the government can do something about this.
I wish you all the best
Wow Gewora, thank you so much for the reply! If Envato had a premium membership I could gift you (like reddit gold), I wouldn’t hesitate to do that because I couldn’t have asked for better information/advice. This really sums up beginner security in a nutshell and I really really appreciate it!