Hosting company has so much importance due to a speed of a website, depending on hosting server rather than domain Registration Company. Therefore, a user needs to choose best web hosting company and should not buy any slow server provider. When website traffic is high then anyone should get a private server for it as a shared package is not enough at that particular time.
In the shared package, the same server will be used by many websites or domain name. By this reason, a website can be slow and not able to enjoy all website features. Accessing the same server by a lot of websites becomes easy for hackers to hack all documents into hosting account. So, keeping a backup of every file is necessary. Many companies are offering this service but sometimes a user may need to do this by using favorite FTP client application. E-commerce web hosting should be secured and not be same as a shared package.
How all files of hosting account keep safe from hackers? Firstly, user needs to make sure that domain name registration and password of hosting site is not same. Hosting account of user can be hacked but domain name will not be as user keep different password. So, same password will not be used. Once user has ready passwords, secure socket layer service can be obtained. Users get help by this and also webmasters to enter his website securely. While using https in front of one's domain name, he will only enter login information. Also, redirection of users will be automatically done to https while entering important data like credit card information or login information. SSL services are offered free for one year by some e-commerce web hosting companies
Therefore, for the user of the different website have different passwords and also have SSL service for one year. Website's information such as media and codes files may be hacked by hackers. Hacking will be done by the hacking security of web hosting company site which he is using.
To keep a backup of all data is too important because all data may be lost and the user cannot get data back to him. So, a backup should be stored on PC. Sometimes, a mistake can be made by people to keep backup in a same hosted account. Everybody should keep in mind that control over is lost by him then those backup files cannot be used. Therefore, security of e-commerce web hosting should be kept by processing all latest techniques.
FBI Security Alert Warning to Protect SonarQube Servers
November 07, 2020, FBI: The Federal Bureau of Investigation has sent out a security alert warning to prevent leaks this week on its website to protect their SonarQube servers.
The agency says that since April 2020, threat actors are abusing misconfigured SonarQube web-based apps installed on web servers and connected to source code hosting systems like BitBucket, GitHub, or GitLab accounts, or Azure DevOps systems. The agency says that some companies have left systems unprotected, running on their default configuration (on port 9000) with default admin credentials (admin/admin). The threat actors have abused these misconfigurations to access SonarQube instances, pivot to the connected source code repositories, and then access and steal proprietary or private/sensitive applications.
The agency asks companies to alter the app's default configuration and credentials and then to use firewalls to prevent unauthorized access to the app from unauthorized users.
SonarQube has slipped through the cracks: The cyber-security industry has often warned about the dangers of leaving MongoDB or Elasticsearch databases exposed online without passwords.
However, some security researchers have been warning about the dangers of leaving SonarQube applications exposed online with default credentials since as far back as May 2018.
The hackers access and steal source code repositories from US government agencies and private businesses.
The companies integrate into their software build chains to test source code and discover security flaws before rolling outcode and applications into production environments.
FBI is investigating more than 1,000 cases of Chinese theft of US technology. The US officials talk about all the methods the Chinese government and its agents have been using to target US companies and universities to steal intellectual property.
The FBI officials provided two examples of past incidents:
- In August 2020, unknown threat actors leaked internal data from two organizations through a public lifecycle repository tool. The stolen data sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations' networks.
- An identified cyber actor exfiltrated proprietary source code from enterprises through poorly secured SonarQube instances. Then published the exfiltrated source code on a self-hosted public repository.