Unsettled Bills
A website can be suspended due to unsettled bills related to that domain or website. It can be web hosting annual fee, domain registration fee, the website design charges not paid or other critical reasons
Violation of server terms and conditions
The website can also be suspended if it violates server terms and conditions. These terms vary according to the host but common ones are:
- Email spamming
- Server resource over usage eg. Over CPU usage, physical memory over use, Virtual memory over use, too many processes normally over ten (10) processes etc
- It can also can be suspended if it is under attack or hacked. The hacking can originate from admin or backend access, database injection or cross platform scripting.
How is the website attacked?
Backend or Administrator access
The access through the backend are normally caused by using either weak password, common words, and easy to guess usernames.
SQL Injection
SQL injection is a code insertion method, used to attack database-driven web applications, in which evil SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
Cross-site scripting -XSS
Cross–site scripting (XSS) is a kind of computer security hole typically found in web applications. XSS allows assailant to insert client-side scripts into web pages viewed by other users. This is normally used for phishing, stealing users important information like passwords and credit card numbers
Bugs
A scrip bug is an error, flaw, failure or fault in a web application that causes it to allow attacker insert harmful codes/commands to that applications
Poor coded scripts
Poorly coded scripts in many cases originate from students who are still learning or from developers with insufficient coding skills and experiences. The poor coded scripts can also originate from pre release software or beta
Cross-Site Request Forgery (CSRF)
Cross-site request forgery is abbreviated as CSRF is a type of harmful exploit of a website where unlawful commands are sent from a user that the web application trusts.
DDoS Attack
A distributed denial-of-service(DDoS) attack takes place when multiple systems flood the bandwidth or resources of a targeted server, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic.
Server security misconfiguration
Security Misconfiguration arises when Security settings are defined, implemented, and maintained as defaults. Good security requires a secure configuration defined and deployed for the application, web server, database server, and platform.
Email spamming
There are two types of email spamming
- Bulk emails are sent to your email server from unanimous senders
- Bulk email are sent to third parties in bulk via your email server by spoofing means
How to protect your website from Attacks
Backend or administrator access
Always use difficult to guess usernames and strong passwords. Password from 8 and above characters that contains at least 4 character types from Capital, small letters, numbers and special characters can reduce the risk.
Parallel to this deploy to your website login attempt limiters and firewalls. This can reject all dictionary or related bots that guess your username and passwords.
Implement also webmaster reporting mechanism if something changes from your website. You may go far by limit logins from know IP addresses or countries. If you don’t have any deal to specific country, then block your website from appearing from those vulnerable countries. If at all you don’t need public presence then block search engine bots and any other bots from visiting your website
SQL Injection
You may need to use difficult to guess usernames and password for your database. Password from 8 and above characters that contains at least 4 character types from Capital, small letters, numbers and special characters can reduce the risk. Implement webmaster reporting mechanism if something changes from your database. You may go far by limit logins from know IP addresses or countries. If you don’t have any deal to specific country, then block your website from appearing from those vulnerable countries. If at all you don’t need public presence then block search engine bots and any other bots from visiting your website
Cross-site scripting -XSS, Bugs,
Buy scripts from reputable and known providers. Avoid cheap scripts. Also deploy backend security mechanism as described above. For script with bugs that are from known genuine vendors or developers, pl;ease make sure you immediately update all outdated scripts or uninstall if the vendor did not release the update patch on time
Poor coded scripts
Buy scripts from reputable and known providers. Avoid cheap scripts. Also deploy backend security mechanism as described above
Cross-Site Request Forgery (CSRF)
Always deploy security monitors, scanners and blockers for unauthorized outbound and inbound communications
Server security misconfiguration
Check your server configuration regularly and if any misconfiguration detected correct it and or communicate to the server admin/ tech personnel for correct configuration. In many cases let the web server have the optimal security setting
DDoS Attack
- The best way to stop DDoS Attack is tto use the web application Firewall
- Monitor the DDoS Attack continuously in order to device the better option of preventing the attack
Email spamming
There are two types of email spamming
- Bulk emails are sent to your email server from unanimous senders
- Bulk email are sent to third parties in bulk via your email server by spoofing means
Protect bulk emails spamming from unanimous senders
For the first case you can use mails assassin
- In the Mail section of the cPanel home screen, click Spam Assassin™.
- Click Enable Spam Assassin.
- To enable auto-deletion of spam messages, select a score level under Filters, and then click Auto-Delete Spam.
Protect bulk emails spamming via you email server
For the second case you can use SPF or disabling PHP Mail function in cpanel
Using SPF to control email spoofing and phishing
Adding an SPF record to your DNS zone file is the best way to stop spammers from spoofing your domain. In addition, an SPF Record will reduce the number of legitimate e-mail messages that are flagged as spam or bounced back by your recipients’ mail servers.
This is an easy way to control phishing and email spoofing.
Disabling PHP Mail function in cpanel
- While in Cpanel go to Software section
- Select PHP Version
- Switch to PHP Options
- in send mail path select /bin/true
- Then click apply and save the PHP setting
How to avoid website suspension?
Pay bills ontime
Always pay your bills ontime. In order not to miss when you are required to pay your bills do the following:
- Give your web host the emails that you commonly use and are active. If the emails is not in use immediate report to the web host for emails replacement and it is recommended to always provide extra email and phone
- You may need premium notification services like those that uses sms notification if you do not frequently use you email
- Request the web host to notify the next bill at least 60 or 30 days before
- Set your phone, tablet or computers to notify you before the deadline. You can even use email functions like calendar from your emails or third party websites
- If your website is an important asset to you or your business, plan always to pay longer payment plans
Monitor your website security
After you have secured your website, it is not the end, monitor the security of your website within your website or from third party services. The third party services common one is www.CloudFlare.com, www.websitedefender.com, www.wix.com, www.verisign.co.uk, www.uptimerobot.com etc For more websecurity info go to http://seo.co.tz/website-security-management-for-seo/