By jason on 01/04/2016
Some days, you're hit with an unexpected task; this was the case today, when one of our servers was under attack.
We provide web hosting and a variety of websites on a leased, dedicated server. Specifically with those websites, we have various user accounts that have access to these sites.
Each time a user account is created and access is provided, it opens the door to an attacker. Good security practices are critical. Here are some things to consider:
- Limit access to only those who need it
- Enforce good password practices
- Train people on keeping information secure and private
- Only run the services that you need on your server
- Utilize a firewall, and only open the minimum ports for what you need
- Regularly patch the operating system and other software
- Encrypt sensitive information, and securely maintain the private keys
Even while following the best practices an issue may still occur, and when it does, having a good plan and taking quick action is critical.
We confronted the issue head-on today, where our server was attacked and software was installed to scan-for and attempt to compromise other servers. As a result of seeing these files put on our server, we realized that simply removing them and changing passwords wasn't enough. We've decided to transition all of the sites we host to a new server.
In addition to transitioning servers, we're reviewing all user accounts on the system, our policies in working with customers and vendors, as well as in communicating best security practices.
Bad things happen, and the response to them is what we control. We look forward to reporting back on our web hosting status and security.