If you want your business to succeed online, you have to be quite a juggler. Managing everything from security to social media can become quite a challenge.
While a reliable VPN can ensure your privacy and security online, website owners should already have measures in place that make their website safe for everyone to use. For example, a fully managed WordPress hosting solution can help tremendously – with it, all technical aspects of your site will be automatically managed, letting you focus on your business.
To gain more knowledge on what to expect and avoid while surfing the Internet, what details are often overlooked when developing a website, and how managed WordPress hosting solutions can be beneficial for the business, we reached out to Natan Ray, CEO of Stromonic.
What has your journey been like? How did the idea of Stromonic come about?
Hello, first thank you for inviting me here today. It’s my pleasure to share my journey with your audience. Our team started Stromonic.com in 2017, to help small and medium business owners to scale their website performance without worrying about infrastructure complexity.
During our idea validation, we found the web hosting industry is crowded with tons of unorganized companies who are selling ultra-low-cost hosting for easy money. But these low-cost hosting solutions are unsustainable to handle growing websites that are getting millions of traffic per month. Where in another hand, managing server solutions (VPS/Dedicated Server) require system engineer-level expertise. Both of these hosting solutions are extremely non-auto-scalable and come with lots of resource-based restrictions.
So for nerds, there is nothing in between. Also, non-IT businesses, that don’t have in-house system engineers to handle day-to-day server tasks always remain in trouble with their growing website traffic. So, we have created Stromonic to cater to this problem. Since our inception, we have innovated numerous technologies to empower our platform by removing all third-party dependency.
We have designed and developed our own Cloud which is 3-5x faster than other public clouds and we have built our own Content Delivery Network with 93 global PoPs which allowed us to accelerate our platform performance by up to 20-70% than our competitors out there.
Can you tell us a little bit about what you do? What are the main challenges you help navigate?
Sure, we are a fully managed WordPress hosting solution provider, so from website installation to optimization, updates, security, and performance everything is managed by our team, so our clients can focus on growing their business.
Since many of our clients don’t want to waste their valuable time on server management, optimization, updates, and such related technical domains, they prefer to utilize their time on something which could generate more value for their business.
Also, if someone is managing his own server, there are lots of things required to make a website safe and secure, it includes but not limited to installing a web server, configuring cache technology, connecting the website to the database, securing the server to prevent hacking, cleaning malware and in a worst-case scenario if the server crash due to any reason he will be liable to fix that. This may negatively affect the growth of his business and pull back his online success.
That’s why our managed WordPress hosting solutions are there. We make sure your website will run in full swing all the time without the need to worry about anything.
What threats affecting websites do you find the most concerning nowadays?
We are handling billions of HTTP traffic requests every month on our platform, so there is a mix of threads we have found are very common nowadays. Some of these attacks are mentioned below:
DDoS Attacks: This is something we receive every day, thousands of false botnet traffic are generated to turn a server down by hogging its load handling capacity. Powerful servers with data center-level DDoS protection are required to mitigate such attacks. Over the years we had built a strong security solution on our platform at the top of our hardware level (data center-based) protection, which automatically blacklists all botnet traffics before reaching our clients’ websites.
Brute Force Attack: In this scenario, attackers most often use Python scripts with massive leaked password lists, and try to crack website login details by trial and error method. Thousands of websites including government websites are getting compromised each year. But this is not the case with us, we have implemented WAF technology on our platform to stop such attacks.
Malware Attacks: Hackers usually hide malware and try to pass the malicious code by offering free cracked/nulled scripts (themes/plugins/files) in the hope someone will upload them to any server. We have a strict NO cracked files policy on our platform, as we have found that 90% of cracked files are comes with malicious codes which include backdoor uploads, trojans, virus and port scanning codes, shell hacking codes, etc.
Do you think the recent global events altered the way people approach cybersecurity?
Definitely Yes! Recent data breaches of some big organizations including Microsoft, Crypto.com, Facebook, and ransomware attacks in IT firms Cognizant, and Equinix are prominent examples of cyber threats.
These incidents are very concerning and force us to re-evaluate our cybersecurity solutions. Nowadays cybersecurity is not an EXTRA nice to have solution, it’s a necessity for all websites all over the Internet.
Despite all the solutions and providers available today, some companies and individuals still refuse to update their cybersecurity. Why do you think that is the case?
I think it’s because of complexity and extra manual human effort which is required to upgrade the security solutions. Many companies are still using outdated security solutions which can’t even protect their system from the latest threats.
Another factor could be budget issues, for many companies, this is the most common reason for not upgrading security solutions. Most companies allocate a tiny amount of budget for their server and system security, which results in poor outdated security solutions.
In your opinion, what security details are often overlooked when developing a Website?
I would say there are multiple security measurements that are commonly overlooked. First, is the Secure Sockets Layer (SSL) connection which is crucial to encrypt sensitive data of website users/visitors while communicating between the origin server and user computer system. Without this, a middleman/hacker could see the sensitive data or even modify the data without anyone's permission. Many companies and government websites are found to use expired SSL certificates which could easily beach personal details of website users to hackers.
The next one is web application firewall (WAF) and Bruteforce protection. Most of these CMS core codes are available online at open-source anyone can download them. If the server security solution is outdated, no security measurements are taken since installation, or the webmaster is still running an old version, it became an easier task for hackers to compromise a website. By gaining login access they can change website codes, database tables, admin credentials, etc.
Distributed Denial-of-Service (DDoS) attack protection is also vital nowadays, where hackers are compromising thousands of online devices each day and using these zombie devices as botnets to send false HTTP connections on Apache, NGINX web servers to crash the origin server by utilizing its all max_children/workers capacity. Where LiteSpeed web server is much capable to handle Layer-7 DDoS attacks.
The last one is frequent auto offsite backups. All security measures could go wrong, but your offsite backup in a different geographic location/data center will always pay off 1000X times in such a situation. Also, to avoid malware or ransomware infection on your storage server, I would suggest keeping them in different locations by day or months partitions. And place a security suite also on the storage server for best security.
What security features do you think are essential for websites nowadays?
In 2022, there are lots of security features that are mandatorily required for server security, they are mentioned below:
- Web Application Firewall
- Automated Malware Clean-up
- Brute-Force Prevention (for FTP, SSH, SMTP, Hosting Panel accounts, WordPress)
- Web-Attack Protection
- Port-Scanning Protection
- Layer 7 DoS Protection
- Outdated/Vulnerable Software Patching
- Frequent Backup Solution Integration
Talking about average Internet users, what details do you think everyone should be especially vigilant about when browsing? Are there any security tools that you would like to recommend?
I would suggest only visiting a website when it has an active SSL connection in order to avoid data breaches, next will not fall for phishing websites that look exactly like the original brand website. In recent days, you will probably receive at least one phishing email every day from hackers by the name of Facebook, Instagram, Twitter, LinkedIn, or any of your known brand names and it will be asked to perform some kind of tasks like login, payment, download, etc.
These emails are most often loaded with malware files, links, and phishing URLs. So, before performing any action be sure to check the sender domain name carefully, the sender should be using a secure SSL connection. Refrain from directly clicking on any links and downloadable files on unknown emails.
Avast or QuickHeal security software could be used on your computer or laptop, they will automatically block high-risk websites, and IP addresses, and will scan even emails from all possible viruses and malware.
9. What does the future hold for Stromonic?
Our vision is the same since we started Stromonic and will remain the same forever. Something you can be proud of when you tell your grandchildren the story of your life. We are innovating the way to host your website on the fastest and most secure managed cloud hosting platform by removing all hosting web hosting complexities so that you can focus on your core business.
Since our inception in 2017, we have invented and implemented multiple security features and technologies in our lab, to provide unrivaled security and outstanding performance for your mission-critical websites.
We have data centers in the USA, Finland, and India and we have plans to expand our data center presence in different geographic locations including Japan, Australia, Germany, Singapore, and Africa.
India is rapidly changing, and with the adoption of Internet connections, more people are coming online than ever before, so in the future, the managed cloud hosting requirements will be on a hike. In the next 5 years, we have plans to capture the Indian market, and then expand globally to the United States, Europe, and other Asian countries.