How do you ensure the security and organization of multisite hosting?
It's been quite an eventful week in the PrestaShop world, as a new wave of hacks has affected thousands of websites. In most cases, this is due to a lack of monitoring and configuration of online stores.
I recently dealt with a case of piracy that I feel is important to highlight to show what you should never do.
The client I assisted had three online stores and a blog developed with WordPress. So far, so good.
However, the biggest mistake, in my opinion, was that all this was installed in subdirectories of the server's public directory, you know, the one called either www/
, or public_html/
on your shared server.
So we had a hierarchical structure like this:
/home/identifier/www/
/home/identifier/www/WordPress
/home/identifier/www/Shop 1
/home/identifier/www/Shop 2
/home/identifier/www/Shop 3
Why does this structure pose a problem?
First of all, it's important to understand how access to your website's data and server works.
The visible root of a server is defined in the directory www/
or public_html/
(usually, one is an alias of the other).
This means that when you type in the server's main domain, you'll see what's contained in that directory.
In this way, everything in this directory is accessible to everyone.
On the other hand, everything below this directory, in /home/identifier/
for my example, will never be accessible from the outside, and only certain scripts will be able to discover it..
Thus, choosing to put all store directories in this public directory opens a huge door for hackers to wander from one directory to another without any real constraints. All they have to do is say in their script that they are going up one level, ../
, to easily return to the root of the public directory and visit everything..
The right structure
All hosting providers offer solutions for isolating websites from each other. Some offer more complex solutions that are particularly effective at isolating individual sites.
By default, on your hosting, in the management panel, you can add a certain number of domains or sub-domains. For each of these, it's essential to create a directory to which the domain or sub-domain will point, and of course outside the directory initially proposed www/
or public_html/
.
The result is a hierarchical structure like this:
/home/identifier/www/
/home/identifier/WordPress
/home/identifier/Shop 1
/home/identifier/Shop 2
/home/identifier/Shop 3
The ultimate solution
For even more secure solutions, it's obvious to separate each site on a single hosting. This may seem a costly solution, but some hosting providers offer shared hosting solutions that make it quite easy.
Here are two examples from two different points of view.
PlanetHoster
With its World offer, PlanetHoster can distribute the technical elements of hosting over several sites, which translates into the allocation of resources.
This allows you to truly separate each installation from the others, but also to allocate server resources according to the needs of each installation. Not every CMS consumes resources in the same way - some may need more processors, while others may need more memory or disk write performance.
If required, you can order resource units at any time and in any volume, enabling you to fine-tune your requirements.
All this is managed in your PlanetHoster-provided management space, and each hosting space is based on the N0C (N zero C) solution, developed in-house by our Canadian hosting teams.
Please note, however, that World Pro (formerly VIP) offers require a minimum per site, which means you'll need to order more if you want to separate them - which is not the case with the World Normal offer.
O2switch
Here, the perspective is different.
Your hosting space interface for O2switch's unique offer is managed using the famous cPanel control panel.
Here you'll find what we call My Web Universe (formerly Moons).
This space will allow you to create what they call Moons, which are completely isolated and independent hosting spaces with dedicated access to each Moon's cPanel.
Each Lune created will share the global resources of your hosting server, i.e. 12 CPU and 48GB of memory proposed in their Single Offer.
By default, 5 moons can coexist, including the main moon and 4 secondary moons, but you can order additional moons as needed, always within the limits of your server's resources.
Each Moon can exceptionally benefit from full resources in the form of a resource boost for 1 hour, up to 6 times a day. But if you find yourself in this situation, it may be time to order a new one-off offer for the most resource-hungry Moons, or switch to the Scale'UP offer, which provides more resources.
Safety first
In the fight against piracy, you need to combine several solutions to protect yourself from all these constant attacks. You may not realize it, but all your websites are attacked hundreds or thousands of times a day. These attacks rarely succeed, because hackers automate many things that can be identified by your hosting provider's security measures. However, if they do succeed, you still have a chance if you don't use CMS or technologies targeted by hackers. But it only takes one successful attack, so don't make your data easily accessible when it happens. Follow the basic principle of always isolating your installations from each other.
Get your store back online quickly after an attack
Dealing with an attack requires a great deal of time and experience to identify the vulnerabilities that enabled the hack.
Save time by delegating this task to a professional who will find solutions and guide you through the process of getting your online store back up and running quickly, so that it doesn't happen again. Bear in mind that a store that has been hacked once is more likely to be targeted again, and that hackers will continue to try to attack it all the time.
Don't hesitate and order my PrestaShop store cleanup service.
Comments