Skip to Content
Call Toll-Free 717-290-6760

SSL Encryption

Managing A Vulnerable Website

website security

In the recent years we are noticing more and more just how aggressive hackers can be. With the many large institutions getting compromised every day this creates fear but it lacks understanding for website owners who are not sure what to do and whether or not they are vulnerable to these same attacks. This article explores both those questions and a few more when it comes to the vulnerability of your website.

First, let’s answer the simple question of whether your website is vulnerable. The simple, scary truth is yes, it is. No matter how big or small or you are, or how secure your server and site are, there is still a chance your site can be hacked. Hackers don’t just use one method to attack sites, they try several different routes and one just might fail and let them in. They do not always single out sites for attack either, more often attacks occur across several sites at once as a blanket attack. In some cases the hackers simply find a way in and plant a seed, such as an account or virus, to use later to exploit the site. This is not meant to scare you, but just to face the simple reality that any site can be vulnerable at any time so it’s better to be safe than sorry.

Second, the question becomes what to do to prevent an attack. The best steps include the following:

Secure your site with SSL encryption

This should be standard for all eCommerce sites and those that collect sensitive data, but even basic sites can benefit with some sort of encryption.

Implement Spam Protection

Besides run of the mill spam acting as unwanted advertising and backlinks, spam can be used maliciously to plant viruses and backdoors into a site. Protection against spam can block most if not all of this unnecessary and malicious email.

Update Your Site Software

Unless your site is built with raw HTML files, chances are your content is managed by a CMS package like Wordpress, Joomla, or Drupal. If so, this software should be updated as often as possible and every single time a security alert pops up. The developers and communities responsible for these site software packages implement new security fixes every day in response to potential threats. Speak with your web developer about the last time your site software is updated and whether an update is in order.

Acquire Protection Services

This is often provided as a service from your web host or web developer service by means of a protection plan. Some cost may be involved, but having a team ready and able to fix any problem that may occur with a compromised site can be invaluable.
The bottom line is the only person responsible for your site after an attack is you, the site owner. Hosting companies and web developers can only help, but fixing the problem falls on your shoulders. When you realize that you are liable for the information, sometimes sensitive, on your site becoming compromised you will know it is time to be preemptive before it’s too late.

For questions or concerns about the security of your website, contact Anttix today at (877) 426-8849 or click here to contact us.


Poodlebleed SSL Vulnerability Announcement

Security Alert

Many website owners and technology enthusiasts already know about the recent Heartbleed vulnerability with the security of a website, also known as SSL. This vulnerability has since been corrected but now we are facing a new emerging threat called Poodlebleed. Poodle stands for Padding Oracle On Downgraded Legacy Encryption but what it basically means is the secure data passed between a secure server and a web browser can be compromised and changed into plain text. That means passwords, credit card numbers, and other sensitive data can be read and taken while in transit. This is very serious and should be addressed immediately by your hosting provider.

If you are an Anttix client you should not worry. We have already taken the necessary steps to correct it. The issue lies with version 3 of cryptographic protocol known as SSL (Secure Socket Layers). The vulnerability only occurs when the end-user is browsing a secure page through an out-dated browser. So in order to be vulnerable to Poodlebleed not only must the server contain SSL version 3, but the user must be using an out-dated browser. By removing SSL version 3 users with out-dated browsers will no longer be able to use the encrypted portions of your site. This, however, is not a bad thing. It is better to have a secure site with no vulnerability than a site that services old browsers, while leaving your users vulnerable to identity theft. Encourage your users to update their browsers, especially for their own sakes. Outdated browsers can have a multitude of other vulnerability issues, leaving the user subject to multiple forms of attacks.

As a security reminder we encourage all of our readers to update your important passwords on a regular basis, and keep all of your internet and virus protection software up to date. Security is very important to us and we will do everything we can to stay secure on our end. We hope none of you are affected by Poodlebleed, and if you an Anttix hosting client rest assured that you are protected. If your website is not hosted with Anttix, please contact your provider right away and make sure the proper steps have been taken to secure your site.

If you would like information on how Anttix can make your website more secure, contact an Anttix representative today at (877) 426-8849 or click here to email us.