Search


Tagged with Server x Korisnički nalog x �������������� x ������������������������������������������ ������������������������������������������ x

List of server errors

When your website is not working or certain pages are unavailable, you may encounter various types of error messages. Error codes display a certain number and their type can be determined based on the first digit: 1xx: Informational, 2xx: Success, 3xx: Redirection, 4xx: Client Error, 5xx: Server Error.

Client (400-499) and server errors (500-599) are quite common and when dealing with them, be sure to refresh the page in your browser after making changes on the server  and check server logs for more details if the issue persists.

DigitalOcean has provided a list of common client and server type errors, what causes them and detailed explanations how each one can be resolved.

Error Server Digital evidence Site

Change your password

In case your website is down or has other unusual performance issues, the first thing you should try is changing your account password  for the website in the content management system (CMS) interface, such as for example WordPress

When heavy cyber incidents occur, it is also advised to change the server password. This can be achieved in different ways depending on the type of the server ,such as Windows Server or Linux

Use SHA key authentication

For additional security, it is highly recommended to use SHA key authentication, i.e. setting up SSH (Secure Shell) [SHH] on your server. SSH is a popular software package which enables secure system administration and file transfers over insecure networks, meaning that it uses encryption to secure the connection between a client and a server. All user authentication, [AUTENTIFICATION] commands, output and file transfers are therefore protected from attacks in the network.

All details about implementation and configuration can be found on the SSH official website.   

Error Server Site Password

Use SHA key authentication

For additional security, it is highly recommended to use SHA key authentication, i.e. setting up SSH (Secure Shell) on your server. SSH is a popular software package which enables secure system administration and file transfers over insecure networks, meaning that it uses encryption to secure the connection between a client and a server. All user authentication, commands, output and file transfers are therefore protected from attacks in the network.


All details about implementation and configuration can be found on the SSH official website.  

Server Site Authentication Encryption

Contact your hosting provider

In case you are unable to fix issues yourself or through your system administrator, e.g. by troubleshooting server errors, your next course of action would be to contact your hosting provider.  However, depending on whether your server is located in your country or abroad, your experience with the hosting provider may differ. 

Even though foreign hosting providers may provide a better service than those in your country, you should also be aware that their support might not be up to the standards in resolving the issue with your website quickly. 

Hosting providers with 24/7 support are the best option nonetheless, as well as those who provide additional support channels (live chat, call) in addition to opening a support ticket or sending an email.

Activate DDoS protection

Distributed Denial of Service (DDoS) attacks , which aim to “flood” the server with a large number of automated access requests, usually coming from thousands of IP addresses  , in order to make the site unavailable. To prevent your site from being disabled due to a DDoS attack, you should activate DDoS protection

The most common DDoS protection service provider is Cloudflare, which offers free plans but with limited options, but there are others such as Deflect, whose services are used by many media, environmental and human rights organisations. Google also offers free DDoS protection through Project Shield, which is intended for news, human rights and election monitoring sites. 

Error Server Site Hosting

Activate DDoS protection

Distributed Denial of Service (DDoS) attacks, which aims to “flood” the server with a large number of automated access requests, usually coming from thousands of IP addresses, in order to make the site unavailable. To prevent your site from being disabled due to a DDoS attack, you should activate DDoS protection

The most common DDoS protection service provider is Cloudflare, which offers free plans but with limited options, but there are others such as Deflect, whose services are used by many media, environmental and human rights organisations. Google also offers free DDoS protection through Project Shield, which is intended for news, human rights and election monitoring sites. 

Error Server DDos IP Address

Data center and cloud

Decentralisation of the system, as a measure of physical protection, is set as a key condition for its security. It is recommended that the data is not stored on the same machine from which it is sent to the network or on which it is processed. There are several ways to store large amounts of data. The simplest way is to store data on an external hard drive. External hard drives with relatively good performance are affordable, but this type of computer hardware does not have a built-in duplication mechanism. This means that in the event of a failure, most of the data on that disk would be lost forever. On the other hand, external drives do not have direct access to the internet and are active only when connected to a computer, so they can be said to be relatively secure. Storing data on an external hard drive means that the data remains in the organisation's physical headquarters.

From a data loss risk perspective, renting storage space on a cloud server is a much better way to store important data. Cloud computing is an internet technology based on the remote use of resources (data flow, storage space, working memory, etc) and their exchange between multiple applications and users. The cloud can be private, public or hybrid. Cloud services use RAID technology (Redundant Array of Independent Disks) based on the model of comparative use of multiple disks for data storage, where each data is located in at least two locations, which significantly reduces the risk in case of failure. Some cloud storage solutions are Google Drive, Dropbox, OneDrive, SpiderOak, Tresorit, etc. However, if it is sensitive data, storage on other people's devices is not recommended, despite the fact that all cloud services include encryption .

The third way of storing data is to form your own mini data center  in which all data of importance to the organisation will be stored. Equipment for this purpose depends on the needs. There are a number of ready-made solutions that are cheaper and can permanently solve this issue. Thus, the data will remain within the physical space of the organisation, and the application of RAID technology will reduce the risk of data loss and theft. One of the ready-made data center solutions is Drobo.

Server Apps Cloud

Internal network

In one system (company, newsroom) all computers, printers, storage devices (storage servers or mini data centers ), mail servers, routers [ROUTERS] and other components are connected to the internal, local network, physically (by cable) or wirelessly (wi-fi). These networks are usually based on the so-called client-server architecture. A client or user is a computer or other hardware component in everyday use, while a server is a special computer that allows clients to use the resources stored on it. These can be applications, web pages, files, emails, databases, etc. There are different types of servers: web server, file server, mail server, database server, etc. Due to the high concentration of sensitive data in this network, special protection measures are applied to it.

A wireless network may have different physical bands depending on the strength of the transmitted signal. Indoors, this range averages about twenty meters around the router, which often means that this network is available outside the room. Routers that emit a wireless signal have several layers of protection, the configuration of which is the task of the administrator, including setting up adequate protection measurers. 

Below are the most common protection measures for wireless networks:

  • Wireless security mode: It is recommended to use WPA2 (Wifi Protected Access 2) protection which has two possible applications. PSK (Pre-Shared-Key) is set easily, by setting a password [PASWWORD] , while Enterprise requires a slightly more complicated setup and an additional RADIUS (Remote Authentication Dial In User Server) server. In most cases, the PSK method is good enough as a protection mechanism for small and medium organisations, if the password meets the standards. Many routers [ROUTERS] also support WPS (Wi-Fi Protected Setup), a system that allows you to log in to a wireless network using a button on the router, without entering a password. This system has serious security flaws, so it is recommended that it be turned off on the router;
  • MAC filtering: MAC address is the physical address of the device that connects to the network. The router can be configured to allow access only to addresses that are on its list. This method will not stop advanced attackers, who can detect the list of MAC addresses from the router and download some of the associated addresses for their device;
  • Hiding SSID (service set identifier): SSID is the name of a network that is usually public. Similar to the MAC filter, hiding the SSID will not stop advanced hackers, but it will prevent some less capable attackers from playing with someone else's network;
  • Using multiple wireless networks is recommended when there are at least two categories of people for whom the network is intended, for example employees and guests. Given the characteristics of wireless networks, the only way to physically separate the network used by employees from the network to which other visitors are connected is to maintain separate routers, where everyone will have their own cable that connects directly to the internet.
Server Password Apps

Ask for server logs

To determine the potential source of issues with your website, taking a look at server logs  can be of great importance. Server logs are text documents which provide you with various information about all activities on the server. For example, you can see the IP addresses [IP-ADDRESS] and identity of the devices making a request to the server , time and date of the request, etc, which can all be crucial when mitigating a cyber incident.

You can request server logs for a certain time frame from your system administrator or through technical support.  

File a criminal complaint

Once you have the log files from your server from which it could be seen that your website was targeted with a cyber incident, e.g. unauthorised access, you can file a criminal complaint to the police or competent prosecutor. 

When preparing a complaint, make sure you mapped and described the events during the incident as they happened (what behaviour with the site did you notice, at what time, were there any changes you weren’t aware of), prepared the server logs and other useful information, such as screenshots  of suspicious activities. 

Error Server Digital evidence Site IP Address Hosting

File a criminal complaint

Once you have the log files from your server from which it could be seen that your website was targeted with a cyber incident, e.g. unauthorised access, you can file a criminal complaint to the police or competent prosecutor. 

When preparing a complaint, make sure you mapped and described the events during the incident as they happened (what behaviour with the site did you notice, at what time, were there any changes you weren’t aware of), prepared the server logs and other useful information, such as screenshots of suspicious activities.

Server Digital evidence Site Cybercrime Criminal charges

Mail server

Emails are considered sensitive data in any organisation. For security reasons, each organisation should have a dedicated email server . In this way, it protects itself from attacks and other malicious activities. 

In addition to the content of email, the importance of data from everyday communication is the so-called metadata - information that is generated and exchanged by software and devices used for sending and receiving emails. For attackers, metadata is often more important than the content of the letter itself, because it carries accurate information about the digital context of communication. Metadata is stored on the mail server, so its protection is specific. The basic step in this direction is to block all protocols (for example, FTP or HTTP) that the server does not need to perform its primary function, i.e. receiving and sending emails. A dedicated server can be rented as part of a hosting  package or other services, or an organisation can purchase a server with special software. An example of such software is iRedMail.

Alternatively, non-profit organisations can opt to use G Suite, i.e. Google’s productivity package which includes several popular tools and products (Gmail, Google Drive, Google Calendar, etc.). However, it should be noted that Google’s business model is based on user profiling and analysis of personal data collected from its users.  

Server Data leaks Cloud

General infrastructure protection

Here are some general recommendations on infrastructure protection:

  • Routers  can be configured to refuse automated collection of information about the system via the so-called footprinting method. This method involves creating a sketch of the network based on the fingerprints generated by sending digital signals. It should also be noted that the routing of data takes place according to different protocols, because they can be the main source of information for attackers. Mapping of routes through which data is transmitted (tracerouting), detection of active devices on the network  (ping) and similar methods can reveal to the attacker the entire infrastructure, i.e. the number and type of routers, computers and the way they are connected. Good practice dictates that ICMP requests be enabled for the web server, while the configuration for other servers and the internal network is set so that these requests are rejected;
  • Unnecessary server protocols should also be disabled. For example, everything can be blocked on the mail server except the protocols used for email (IMAP, POP, etc.) while web servers can be structurally configured so that access is provided only to public resources. Access to other folders and files, as well as the administrator part of the portal, should be disabled to avoid unauthorized access and data leakage;
  • Close unnecessary ports that no application on the server uses, with the appropriate configuration of network barriers (firewall).
  • By using intrusion detection systems, suspicious traffic is identified and rejected and footprinting attempts are registered;
  • Using anonymous registration services, information about the domain registrant can be hidden. However, it should be borne in mind that the reputation of a credible organisation is built through transparency, and this technique is not recommended in every situation.
Server Data leaks Hosting Cloud

Domain and hosting

Very important aspects of organisational infrastructure management are domain name and hosting , i.e. on which server are the organisational websites hosted and which registrar they registered the domain name with.

There are numerous choices when registering a domain name (e.g. organisation.org) and it can be done relatively cheaply and easily online, depending on the needs of the organisation. Domain names are usually registered on a yearly basis and registration must be regularly renewed. 

Organisations can opt for different types of top level domains, i.e. the ending part of the URL, and most common are: 

  • Country code (ccTLD), which are associated with a specific country, region or territory: .de, .br, .ca;
  • Generic (gTLD), related to general notions: .com, .net, .org;
  • Sponsored (sTLD), reserved for specific types of registrants, such as government bodies or international organisations: .gov, .int, .aero.

When registering a domain, there is also the option of Whois domain protection, so that the registrant’s information (name, address, contacts...) wouldn’t be visible in Whois lookup searches. However, for organisations such as media, domain transparency is recommended.  

Websites can be hosted domestically, i.e. in the country where the organisation operates, or internationally. Both options are equally viable, but have some specifics to them:

  • Domestic hosting
    • You can directly inspect the quality and security of the providers’ server halls;
    • Better availability of technical support that does not depend only on reporting and online communication;
    • Liquidity and reputation of hosting providers can be checked in the local community;
    • There is no application of legal provisions pertaining to international personal data transfers;
    • If a site targeting domestic audiences is under DDoS [DDoS] attack from abroad (which is usually the case) it can remain stable and accessible to domestic users by temporarily blocking foreign IP addresses  .
  • Foreign hosting
    • The server where the site is hosted is outside the jurisdiction of state authorities in the organisation’s country;
    • Domestic legislation does not apply to hosting, so legal and administrative procedures related to the hosted content can be complicated and uncertain.

In terms of technical aspects of hosting, there are four types:

  • Shared hosting is hosting based on the principle of sharing resources. Different sites on a shared server share the processor, bandwidth, disk space, and so on. This means that if one of the sites on shared hosting has an increased number of access requests, the performance of other sites on the same server will be affected;
  • Virtual Private Server (VPS) is hosting where everyone has their own resources. Technically, multiple virtual servers are set up on one physical server and each of them has certain resources that it does not share with others. Also, if one of the virtual servers is attacked, the integrity of others is not compromised;
  • Dedicated server is a type of hosting where the user is assigned the exclusive right to access the machine and use it for any purpose. On the dedicated server, virtual machines can be set up and used for different purposes, such as web hosting, email, data storage;
  • Cloud hosting is hosting on multiple servers connected to function as one, which contributes to the decentralisation of the system, and thus has better integrity. In case of a failure on one of the servers, the others take over its role, so the problem will not affect the operation of the site.

Shared hosting is not recommended in cases when the site consists of active content that changes relatively often and when the number of visitors varies. Dedicated hosting and cloud hosting are better solutions, but their price is a bit higher. Finally, the choice of option depends on the needs of the organisation. 

Technical support is one of the most important segments of the hosting service, because in case something goes wrong, this service is a contact point that must be fully cooperative to solve the problem as soon as possible. It is advisable to choose a company whose technical support service is operational 24/7. 

Although all the content and traffic on the internet is practically virtual, good old machines are still the basis of it all. That is why it is important to check what kind of hardware the hosting company is using. 

Finally, the technical specifications of the hosting package are the most important feature and it is desirable that they are scalable, i.e. that they can be adapted and upgraded in accordance with the changing needs of the organisation. 

Good hosting also implies decentralisation. It is not recommended that the same server is used to host the site and as a mail server or data center. The web server must be accessible from the public internet, while access to the data center from the public internet would be a serious security issue. If there is a need to access the data stored in the data center  remotely, it is best to use VPN  services.

Server Site Hosting Cloud

Most common cyber incidents

According to the most general classification, technical attacks can be carried out either without direct access to the server or with the need of access to the server. In the first group are mostly incidents whose most important goal is to prevent access to the content of the site. 

There are several ways to crash a server, and the most commonly used is a DDoS (Distributed Denial of Service) attack. This means that a huge number of devices simultaneously send access requests to the attacked server, which cannot answer all the queries and simply stops working. After the attack stops, in most cases the server and the site work normally. 

Ransomware is a form of malware which encrypts files on anything from a single computer all the way up to an entire network, including servers, so that the files cannot be accessed without a decryption key. The attackers then ask for payments in cryptocurrency to provide targets with the decryption key, usually within a short time frame to put more pressure on the targets. 

Phishing is focused on exploiting the lack of knowledge or gullibility of the target and is mostly done by email. It is usually used for various scams, such as the famed “Nigerian Prince”, infecting devices with malware or gaining access to sensitive information, such as financial data or login credentials. Potential targets are sent a fraudulent message which is made to look authentic and as if it was coming from someone from the position of authority, such as a bank or police. The recipient is then asked in the email to open the attached file or click on a link in order to do something very important, e.g. to update bank account information or review a received payment. 

Interception of communication (voice, video, text chats, internet traffic) is also a risk, as there are actors such as intelligence agencies and criminals with advanced capabilities and resources to conduct surveillance of unencrypted communications channels. Issues such as government hacking are becoming increasingly dangerous for citizens’ communications privacy due to the growing surveillance industry, which keeps developing and selling one advanced product after the next.

Code injection is a more sophisticated type of attack, when malicious code is inserted through some open form of the site or through a URL. The goal of the attack is to instigate the database or other part of the site to perform operations that have no visible result, but occupy the server's resources until they flood it with activities, thus shutting it down. In some cases, after these attacks, the site becomes unusable, so the content is restored with the last saved copy . Regular backup of the site is rightly considered an elementary security procedure. 

Trojans that enter the system through social engineering are first on the list when it comes to the number of some types of attacks. Users usually pick up the infection on obscure websites where they recklessly accept the warning that they are “infected” and activate a fake antivirus. In this way, millions of hacking attacks are carried out each year, which puts the trojans in an unsurpassed advantage over other hacker attacks. The best protection against this type of attack is education and information about modern forms of threats. In organisations, this problem is somehow solved by filtering sites that can be accessed from a computer in the local network. 

Computer worms are malicious programs that multiply themselves, using computer networks to transmit to other computers, usually without human intervention. They can arrive as an email attachment and their operation is enabled by security vulnerabilities in the operating system. The best protection against worm attacks are antivirus software and quality passwords [PASSWORS]. Other good methods are firewalls, not opening suspicious emails and regular software updates.

Online harassment includes many forms of abuse, such as impersonation (i.e. someone making a fake social media or email account with your personal data), smear campaigns, hate speech, threats, cyberstalking, etc. When such incidents occur, it is best to report and block the accounts in question and gather any digital evidence to be used for potentially filing a criminal complaint: relevant links or URL addresses, screenshots  of profiles and messages, phone/app  call logs and similar. 

Attacks that require access to a server are mostly complex and more serious. They are aimed at stealing data, altering content, placing fake content and disabling access to content. These attacks are complex because the attacker must break through all the security measures set on the server in order to reach certain passwords, access codes and the like. They also require greater expertise of the attacker.

Server DDos Digital hygiene Malware Harassment Cybercrime

Request backup restore

When a cyber incident is resolved, a check needs to be performed in order to see if there is anything missing. Malicious actors might be able to delete some of the content from your website, therefore it is important to have regular server and website backups [BACKUP]. 

In case you notice some content is missing after the incident has been handled, it is possible to restore it by requesting the backup from your hosting provider or technical support.

Server Site Data backup Hosting