Cyber security authorities, the Comodo Organisation have created history by surpassing Symantec to become the number 1 digital certificate authority in the world! “In the history of the Internet, this is the first time there has ever been a new number one in certificate authority market share, and we are extremely proud of this accomplishment,” said Melih Abdulhayoglu, CEO of Comodo. “It’s important to state that we’ve achieved this number one ranking through organic growth, not acquired growth, resulting from the strong customer and partner relationships globally. Consumers and businesses worldwide have spoken loudly and clearly that they choose and trust Comodo as their number one security provider.”

According to data by w3Techs.com, an independent IT market research firm, Comodo has taken 33.6% of the certificate authority market to claim the number 1 position. The report focuses on global web technology usage & certificate authorities of the top 10 million websites to calculate this share percentage. At ResellerBytes, we’ve recently shifted to COMODO, a more affordable entry point to SSL. Making it more accessible to everyone makes the Internet a more secure space. As part of our MegaSalePromo at ResellerBytes, we’re offering SSL certificates starting at $10.99 per year.

SSL certificates, the digital certificates that authenticate the identity of a website are managed & issued by Comodo.

Of the .COM websites using digital certificates, 34.7% of all .com websites use Comodo as compared to 29.9% who use Symantec.

Comodo Certificates are the quickest & most cost effective way or online transactions to take place.

At ResellerBytes, we’ve recently switched to Comodo in keeping with our promise to always offer the top of the line products. Throughout the month of June, we’re offering a 95% off on SSL certificates! Don’t miss out on the opportunity to get the industry’s best product at a great price for your customers!

 

If the security and privacy of your customers is important to you, then using SSL certificates should be on top of your priority list. Safeguarding your website helps you create trust in your business by offering an identity proof to your customers online. This kind of security gives your customers the confidence that no private information will be tapped online and that all the online transactions they make are secure with trustworthy Secure Server Certificates.

Why Comodo SSL Certificate?

Comodo SSL Certificate is one of the most trusted Secure Server Certificates that provides more security to your customers as compared to any leading Certificate Authority. This is because Comodo delivers top-notch desktop security to around 2 million new users every month, without any charges. Comodo is a distinguished SSL Certificate Authority offering a wide range of low-cost SSL certificates such as Enterprise SSL, Premium SSL, Instant SSL, Lite SSL, Pro SSL, Intranet SSL, Wild Card SSL and Free SSL.

Without the right tools, your Website isn’t trusted

Thousands of new viruses and Trojans keep popping up on the Web every single day. These viruses have the ability to harm millions of Websites and breach internet security and trust. If you’re in an internet business, it is critical for you to restore this trust. All thanks to Comodo, it offers you the right tools you need to regain your customer’s trust. The SSL Certificates authenticate individual identity, companies, websites as well as content.

Cyber-terrorists are usually impersonators. They survive on deception. Authentication is the heart of Internet Security and Trust. Authentication confirms that a certain individual, business, or website is genuine. Businesses can help build trust when visitors, software publishers, businesses, or websites are authenticated. This process makes sure that no critical information has been tampered with.

Trust can be rebuilt when Hackers or the viruses and Trojans they bring into existence are scorched. It can help boost the success of any online businesses and facilitate secure online interactions. And, Comodo makes this possible with ease.

Comodo SSL Certificate create trust online

Comodo has been providing authentication for thousands of websites across the globe. Most customers are aware that websites that are concerned about protecting online identity and transactions make use of recognized Secure Server Certificates. The award-winning desktop security, Comodo, is one of the most trusted services that can provide better security to your customers than any other source.

Comodo is one of the leaders in the SSL Certificate industry being the conceiver of the Certificate Authority / Browser Forum (CA/B Forum) – a group of Certificate Authorities and browser providers that established guidelines and implementation processes for the Extended Validation (EV). Comodo High Assurance Certificates make use of patented technology including Corner of Trust logo which provides customers with web identity assurance. When you analyze SSL Certificate issued by Comodo and compare it with others certificates, you will realize that Comodo offers the most cost-efficient secure server certificate with 99.9% browser recognition, thereby meeting all the basic requirements of Internet security.

Share your security tips & tricks with us in the comments below.

At ResellerBytes, our primary objective has always been to provide you with powerful, secure and robust hosting solutions. While for the product such as Shared Hosting, we take utmost care to ensure maximum server level security and redundancy, products such as Dedicated Servers and VPS, we can ensure network level security while the OS level control lies in your hands.

Let’s start by first understanding the basic concepts of a web server. A web server, simply put is a computer host configured and connected to the internet, for serving web pages on user requests. Since web servers are open to public access and often contain critical information, it is important to shield them from hackers.

Although Linux-based Operating Systems are relatively more secure and include inbuilt security mechanisms like SELINUX when compared to the others, a small vulnerability or bug can give a hacker easy access to your system. Keeping this in mind, we’ve put together a comprehensive set of steps that you can take to mitigate the risk of getting hacked.

1) Always stay up to date

A great way to ensure maximum server security at all times is to keep your system up to date with the latest bug fixes or the latest version of your Operating System. A good way to keep track of update announcements is to sign up for email alerts. CentOS and Ubuntu have a security mailing list where all security and vulnerability fixes are discussed and released.

2) Verify Permissions

It is essential to review permission settings to ensure that a server remains secure. There are certain files such as the “/etc/passwd”, “/etc/shadow”, “/etc/group” and “/etc/gshadow“files that contain critical user, password and group information. These files have a greater chance of being subjected to malicious attacks.

Several utilities also require read access to the passwd file to function properly, however read access to the shadow file will allow malicious attacks against system passwords, and should never be enabled and should never be enabled.

Below are the default permissions and owners that should be set for these files.

# cd /etc
# chown root:root passwd shadow group gshadow
# chmod 644 passwd group
# chmod 400 shadow gshadow

3) Find unauthorized World Writable files

The following command discovers and prints any world-writable files in local partitions. Run it once for each local partition

# find /tmpxdev -type f -perm -0002 -print

If this command produces any output, fix each reported file file using the command:

# chmod o-w file

Data in world writable files can be modified by any user on the system. In almost all circumstances, files can be configured using a combination of user and group permissions to support whatever legitimate access is needed without the risk caused by world-writable files.

It is generally a good idea to remove global (other) write access to a file when it is discovered. However, it is always advisable to check relevant documentation for applications before making changes. Also, monitor for recurring world-writable files, as these may be symptoms of a misconfigured application or user account.

4) Set the sticky bit on World Writable directories

Setting the sticky bit prevents users from removing each other’s files. When a sticky-bit is set on a directory, only the owner of a given file is given the right to remove it from the directory. Without the sticky bit, any user with write access to a directory can remove any file from it.

Use the following command to discover and print any world writable files that do not have their sticky bits set.

# find /tmp -xdev –type d \( -perm -0002 -a ! -perm -1000 \) -print

If this command produces any output, fix each reported directory /dir using the command:

# chmod +t /dir

In cases where there is no reason for a directory to be world writable, a better solution is to remove that permission rather than to set the sticky bit.

5) Enable ExecShield

ExecShield helps in reducing the risk of worm or other automated remote attacks. It comprises a number of kernel features to provide protection against buffer overflows. These features include random placement of the stack and other memory regions and special handling of text buffers.

To ensure ExecShield (including random placement of virtual memory regions) is activated at boot, add or correct the following settings in /etc/sysctl.conf:

#kernel.exec-shield = 1

#kernel.randomize_va_space = 1

6) Configure Sudo to improve auditing of Root accessC

The sudo command allows fine-grained control through which users can execute commands using other accounts. The primary benefit associated with the configuration of sudo is that it provides an audit trail of every command run by a privileged user. It is possible for a malicious administrator to circumvent this restriction, but, if there is an established procedure that all root commands are run using sudo, then it is easy for an auditor to detect unusual behavior when this procedure is not followed.

7) Set Strict password requirements

Setting more stringent password requirements can be an additional measure taken to step up server security.

User passwords should be strengthened with the PAM module which can be configured to require at least one uppercase character, lowercase character, digit, and other(special) character,

You can modify your password by following the steps listed below:

  • Locate the following line in /etc/pam.d/system-auth:
  • #password requisite pam_cracklib.so try_first_pass retry=3
  • and then alter it to read (placing the text on one line):
  • #password required pam_cracklib.so try_first_pass retry=3 minlen=14 \dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1

You may also modify the arguments to ensure compliance with your organization’s security policy. Note that the password quality requirements are not enforced for the root account.

8) Install LFD and Config Server Firewall

ConfigServer.com has created a script which by default blocks all ports and provides you the opportunity to allow usage of only those ports on which you have applications running.

Download and install these scripts from configserver.com

Open the config server conf file /etc/csf/csf.conf and modify the below lines to your requirements

# Allow incoming TCP ports
TCP_IN = “22,80”

# Allow outgoing TCP ports
TCP_OUT = “22,25,80”

In the example I have allowed port 22 for ssh, port 80 for http and only outgoing for port 25 since I do not want any other server or client using my server for sending emails.

Also modify the below line to your email address.

#LF_ALERT_TO = your email address

Along with the firewall, LFD will also be installed. LFD is a daemon which scans log files and blocks IP addresses trying to brute force your server.

You can whitelist your IP address in /etc/csf/csf.ignore. Please use caution while executing the above commands and if possible test changes on a demo server.

In addition to the above mentioned security measures, we have introduced SiteLock – a powerful, cloud-based, website protection service that works as an early detection alarm for common online threats like malware injections, bot attacks etc. Stay tuned to our blog for more details.

We hope you found this article useful. Feel free to start a conversation about your take on this post in the comments below. We would love to know your take on this topic!

One of our previous posts covered the advantages of buying a Digital Certificate – through confidentiality, message integrity, non-repudiation, and authentication techniques (to name a few), Digital Certificates play a vital role in adding credibility and trust to your Brand. All this, of course, depends largely on the brand of Digital Certificate that is being used as well! We have that’s why tied up with the very best in the industry- Thawte. It is a Verisign Product and by far the most recognized Digital Certificate Brand out there. What’s more, the prices at which these are being offered to you are not only competitive but possibly the lowest out there. Many of your Customers though might not have made optimum use of these premium Digital Certificates (Thawte) that you offer them with – wonder why?

Buying the right Digital Certificate is not enough. The effectiveness of a Digital Certificate largely depends on the page that you install it on. So the next time you have a Customer who is not too satisfied with his Digital Certificate’s performance, it is probably because it’s not installed on the right page. Here are a few handy tips that you could give him:

Login Page:
It is a must to encrypt sensitive login credentials that are entered on the Login Page. A website that does not have a Digital Certificate installed on the Login Page is at risk of the client’s data being illegally accessed. Furthermore, with browsers getting smarter, for any page that asks for information and doesn’t have a Digital Certificate, the browser throws up a security message.

Payment Page:
Even with the internet gaining so much popularity, there will always be a little hesitation when entering Credit Card information online. And during the purchase process, if the browser pops up a security warning, most users will stop right there and not end up buying the product! Statistics indicate that over 60 percent of shoppers do not complete the shopping process that they begin. Yes, there are various factors that contribute to this, however, a Digital Certificate on the payment page is the easiest and the most critical solution for reducing Shopping Cart Abandonment.

Any page that asks for email addresses:
Spam or unsolicited emails are doing around of the internet like never before. Customers are vary of giving their email addresses simply because they don’t want their email address being accessed by spammers. And not having a Digital Certificate on a page that asks for email addresses puts your Customer at a risk of their email address being accessed.

Another important point that your Customer can do is place the Digital Certificate seal throughout the Website, or at least on important pages like the Homepage. This assures the visitors that the site is authentic and business intentions are genuine.

They may seem quite simple but more often than usual, these important tips are ignored. And yes they do make a vast difference when implemented accurately.

SSL branding is synchronous with Trust. It’s been repeated time and again that customers will definitely not doubt your ‘sincerity to do business’ once they see you have certified and secured your website with a SSL certificate. Which directly translates to – using a trusted Certification Authority is essential for an effective Online Business.

As we have a recently posted about How to Secure Website Application & Server Level and more secure with EV SSL Certificates. Purchasing from proven, established vendors, specially in case of security products such as Digital Certificates, brings up the inevitable – How do I choose a SSL Certification Authority (CA) that my customers will Trust?

There are several things that buyers should look for when purchasing a certificate:

Reputation and Credibility of the CA
How long have they been in business?
Consumer Awareness?

Ubiquity of the Root
Is it embedded in all of the popular browsers?

Root is owned by the CA
And not chained like Third Party SSL certificates.

Lifecycle Management Tools
How easy is it to install, renew, reinstall and revoke if compromised.

Ease of Acquiring the certificate

For instance, Thawte provides their esteemed list of clients, that include Google, 3M Company, Honda Canada, Hershey, American Airlines, Credit Suisse Group, among others, with Root Certificates.

Removing all elements of doubt, Thawte has obtained the Trust Factor by successfully implementing the highest encryption and authentication standards recognized today.

As a brand with an online presence, security is of top priority. Hackers are always looking for loopholes and ways to compromise the security of your site. So, how can you secure your website? So, there are two levels that you can lock-down your website on and those are application and server.

Let’s discuss how you can secure your website on each level.

1. Security on Application level

Update script regularly: One of the first steps to secure your website is to update the script you’ve installed. Additionally, your focus should be on ensuring that any released update is installed to ensure you’ve plugged vulnerabilities. Since many of these tools are created on open software programs, they’re readily available to hackers however, this is not really a problem. Open source also has a huge advantage in that, hundreds and thousands of well-intentioned programmers have the opportunity to test for bugs and vulnerabilities and therefore could point out security issues that you make have overlooked. Ensuring you have the latest script updates minimizes the risk of intruders getting in. If you have third-party softwares on your website like a CMS or a forum, ensure you keep track of security patches through a mailing list or RSS feed detailing security issues. Tools like Composer, npm help manage software dependencies and vulnerabilities. It’s important to have your dependencies up to date. Try tools like Gemnasium to get notifications about vulnerabilities.

Use strong passwords and change passwords often: Yes, this seems basic but it’s important. If your password is easily guessable, you’re in trouble. According to the Telegraph, “123456” was the most commonly used password of 2016 followed by

  • Password
  • 12345678
  • Qwerty
  • 12345

Ensure your passwords are a combination of letters, both uppercase and lowercase, special characters and numerics. A truly secure password can prevent a security breach.

Delete installation folder: Once you’re done with the installation, ensure you delete the installation folder on your system to prevent hackers from any access or opportunity to get their hands on the folder and run the installer again. This is important because once in, the hacker can erase your database and take control of your website. In the case that you do not want to delete the folder, consider changing the name to avoid easy recognition. We’ve highlighted this in our earlier blog on Fault in the Default: 6 Simple Default Settings Tweaks to Secure Your WordPress site.

Use security plugins and website security tools: Plugins can boost the functionality of your script. There are tons of plugins that give your website and extra layer of security. Some website security tools that are useful are:

  • Netsparker – for testing SQL injection and XSS
  • OpenVAS – for testing known vulnerabilities
  • SecurityHeaders.io – to quickly report security headers a domain has enabled
  • Xenotix XSS – to confirm if your site’s inputs are vulnerable in web browsers

Change database table prefix: A blog or a website has a default database table prefix that every hacker is aware of. For example, WordPress has ‘wp’ as the table prefix which is very well known and therefore an easy entry point for intruders. A bunch of default settings like these on WordPress sites unknowingly expose your website to threats. Our earlier blog post calls each one out.

Limit error message information: The information you share on the error message can often be misused. Ensure you provider minimal information without mentions of the problem, server information like API keys, database passwords as access to this information can make hacking quite easy.

Whitelist cross-site scripting: Cross-site scripting attacks are fairly common. They can occur when intruders have opportunities to slip malicious JavaScript codes onto your pages and infect pages of visitors to your website exposed to the code. Whitelisting cross-site scripting tightens the security around your website.

2. Security on Server level

Anti-Malware: Malware compromises passwords by stealing them when accounts are attacks. Malware can erase passwords used and stored by FTP and other programs. To protect your server against such attacks, ensure you install anti-malware and run scans on all computers which access the account. There are a number of scanners available depending on your operating system. SiteLock is a super simple and a fantastic security solution for scanning and malware removal. At ResellerBytes, we’re offering SiteLock starting at just $1.31

Server Hardening: Server hardening is the process of enhancing server security through a number of ways to make the server environment secure. Hardening servers make them more resistant to server issues. Some ways to harden servers include data encryption, disabling unwanted SUID and SGID binaries, using security extensions, minimizing unnecessary software, hardening sysctl.conf, installing Root Kit Hunter and Chrootkit hunter etc.

Port Blocking: Knowing which ports to block is important for security. Here’s a list of ports used by well-known Trojans highlighted by the SANS Intrusion Detection FAQ and some guidelines for shutting down these known vulnerabilities.

Firewall: A firewall prevents all network access to your server. The Plesk firewall is easy and to set it up, requires you to follow these steps: Navigate to server > Firewall > Modules > Firewall. If you have a static IP address, you can create rules so that the server will only allow access from your IP address at your home and/or office.

PHP Upgrades: Most shared hosting providers offer various versions of the open source programming language, PHP butan old version could expose your site to attacks. According to  w3techs, PHP version 5.3 is used by 31.1% and 5.4 is used by 29%. Both versions have reached the end of its life and could pose a big security threat. The latest version of PHP currently is 5.6 which released in August 2014 and is valid till 31st December, 2018. Here’s more on how you can upgrade your website php version.

MySQL Upgrades: While there are many implementations of the SQL database language available on Linux and Unix-like systems, one of the most popular is MySQL. However, if configured incorrectly, this tool can be a security liability. Here’s more on how to secure MySQL.

SSH access: SSH keys are cryptographic keys used to authenticate to an SSH server as an alternative password-based login. This kind of authentication is completely encrypted. They’re a lot more secure than passwords and include significantly more combinations for a hacker to run through. Many SSH key combinations are considered almost impossible to crack mostly by computing hardware because it would require too much time to run through possible matches.

Use Encryption / SSL (HTTPS in links): Since January 2017, Google has begun flagging websites without digital certificates and HTTPS links as ‘Not Secure’. This mandate has been implemented to tighten security across networks. HTTPS guarantees users than the information passed from one network to another is completely encrypted and can be read by no one. This is especially necessary for sites that require credit card and personal information.

Apart from being important for your visitors, it’s critical to secure your site too. A login form will often set a cookie which is sent with every other request to your site that a logged in user makes and is used to authenticate those requests. An intruder would be able to imitate a user and take over your user’s login session and make you vulnerable to attacks. To safeguard against such attacks consider using HTTPS throughout your site.

Server side validation / form validation: It is best to do validation on both the browser and server side. The browser can catch failures like mandatory fields that are empty and numerics in text fields. While these can be bypassed, deeper validation on the server side and failure to do so could lead to malicious code being inserted in your database. To prevent this and secure your server, a validation is necessary.

A confirmation field is a good practice to allow the user to input additional confirmation for things like passwords. This ensures that the customer puts in the right information.

Conclusion

The key to securing your website is to regularly audit your site – both on the application as well as server end. A well managed website is a secure website. By putting it into practice to do regular checks, you can be certain you’re doing your very best to lockdown your site. CodeGuard is a great solution for automatic backups in the cloud with full website resortation and to monitor daily changes so you never have to lose data in case of a security compromise. We at ResellerBytes offer CodeGuard starting at just $1.17. Check it out!

Got more tips on how to tighten website security? We’d love to read about it in the comments section below.

Start building your website today!

Free Domain with Unlimited Hosting including Website Builder and Branded SSL

Only at $2.5/mo