Radar has landed - discover the latest DDoS attack trends. Get ahead, stay protected.Get the report
Under attack?

Products

Solutions

Resources

Partners

Why Gcore

  1. Home
  2. Developers
  3. Error 404 Not Found | How to Fix It

Error 404 Not Found | How to Fix It

  • By Gcore
  • September 27, 2023
  • 8 min read
Error 404 Not Found | How to Fix It

Error 404 is an HTTP status code that signifies a server’s inability to retrieve requested web content due to various reasons, such as inaccurate URLs, broken links, or DNS issues. This article is a guide to understanding 404 errors: what they are, why they matter, and how to resolve and prevent them. You’ll learn about the architecture of 404 errors and the impact they have on websites, businesses, users, and customers. Most importantly, you’ll come away with proactive strategies for resolving 404 errors, both as an administrator and as a user.

What Is Error 404?

Error 404 occurs when users try to access a web page that doesn’t exist. The web page could be a nonexistent URL, deleted page, or broken link, among other causes. Users experience frustration when the expected web page doesn’t load and instead this error is shown, so website owners must proactively address this issue through continuous monitoring to avoid Error 404 occurrences, and by offering user-friendly solutions in the event of 404 errors.

The wording of the error message may differ slightly based on the browser in use and the nature of the missing resource. Common variations of the Error 404 include:

  • 404 not found
  • HTTP Error 404
  • HTTP 404
  • 404 Error
  • 404
  • Page not found
  • Error 404. The page you’re looking for can’t be found.
  • 404 File or Directory Not Found

Sometimes, web browsers display an HTML page that describes the error. This message informs the user about the encountered problem and may suggest potential solutions or alternative routes to access the intended web page.

Detailed Error 404 with instructions on how users and support staff can resolve the issue 

What Causes a 404 Error?

Error 404 may occur for a variety of reasons, including:

  • Nonexistent page: Attempting to access a page that doesn’t exist, perhaps because it has been deleted or relocated to a new URL
  • Inaccurate inbound links: Relatedly, outdated or incorrect inbound links can direct users to pages that don’t exist, whether because the page has been deleted, relocated, or simply due to a typo in the link
  • Incorrect URL: Inputting an incorrect URL, for example with a typo
  • Missing assets: The absence of critical web assets, such as files, CSS stylesheets, JavaScript files, or other fundamental components necessary for proper website functioning
  • Server malfunction: A malfunctioning server may be unable to process the request for a web page correctly
  • DNS settings: Incorrect DNS (Domain Name System) settings can lead to the inability to resolve the requested domain or URL
  • Domain propagation: When a domain is still in the process of propagating across the internet, it may result in temporary accessibility issues
  • Misconfiguration: Misconfiguration of server settings or website parameters
  • File permissions: Incorrect file permissions on the server can restrict access to certain files
  • Site operations: During website migration, routine maintenance, or when a server experiences technical problems, Error 404 may surface as a temporary inconvenience
  • Browser cache: In situations where a browser has cached a previous version of a page that resulted in an Error 404, subsequent attempts to access the page may yield the same error until the cache is cleared

What Is The Impact of Error 404? 

The impact of Error 404 on a website can be significant, affecting both user experience and the website’s overall performance:

User Frustration and Loss of Trust

Error 404 messages can frustrate website visitors and cause them to lose trust in the website and its content. Frustration is a natural response when the expected web page doesn’t appear. Users may perceive it as a sign of poor website maintenance or an unreliable organization, which can lead to a negative impression of the business or brand associated with the site. For example, users may not trust information from a site with 404 errors. Ultimately, visitors may abandon the website due to frustration or lack of trust, leading to potential losses in conversions and engagement.

SEO Impact

While typing an incorrect URL typically triggers an Error 404, it does not inherently affect SEO rankings. However, when these errors occur due to broken links or missing pages within a website, it can have a detrimental impact on SEO. Search engines prioritize websites with well-structured, accessible content. Unreachable or dead-end pages hinder effective website crawling, preventing search engines like Google or Bing from discovering and indexing all the website’s pages. This, in turn, can negatively affect the website’s SEO performance.

Reputational Damage

Accumulating a high number of Error 404 on a website can harm its reputation in the eyes of both users and search engines. It suggests a lack of attention to website maintenance and can diminish the site’s credibility with users and algorithms alike.

Bounce Rate

Search engines, such as Google, track user interactions with websites, including the time spent on a page. When users encounter an Error 404 and promptly leave the website or click the back button, it results in a high bounce rate. A high bounce rate can signal to search engines that the website does not provide the content or resources users are seeking. Consequently, search engines may lower the website’s ranking in Search Engine Results Pages (SERP,) making it less visible to potential users.

How to Identify Pages and Links With 404 Errors

Identifying and addressing 404 errors is essential for ensuring a positive online experience for users and optimizing your SERP ranking for SEO. Depending on the size of your website, you can employ different methods and tools to efficiently detect these errors.

Manual Checks for Small Websites

For smaller websites, website owners or administrators can manually check for 404 errors by navigating through all pages and links on the site. This involves clicking on each link and verifying that they are live and lead to the intended content. While this method is feasible for small websites, it becomes impractical for larger sites with hundreds or thousands of pages since a page may be missed out and it would require excessive human time and effort.

Automated Tools for Large Websites

Since manual checks are not feasible for extensive websites with numerous pages and files, administrators can instead utilize various automated tools to identify broken links and unreachable pages. Some popular options include:

  • Google Search Console: This free tool offers an in-built crawler that can detect broken links. After submitting your website to Google Search Console, it will periodically crawl your site and compile a list of pages with issues, including 404 errors. This valuable data helps you pinpoint and address these problems efficiently and effectively.
  • Bing Webmaster Tools: If your website is registered with Bing Webmaster Tools, you can use it to identify pages with 404 errors. Simply log in to your Bing account, navigate to the SEO section, and access the SEO reports. Any pages with 404 errors will be listed under the HTTP 400–499 errors category.
  • Dead link checker: This tool is specifically designed to identify broken links on your website and helps you to fix them efficiently.
  • W3C link checker: W3C’s tool tests and identifies broken pages within your website and also verifies outgoing links to other external websites, ensuring a comprehensive assessment of your site’s links.
  • Premium audit tools: Consider using comprehensive audit tools such as Ahrefs or Sitechecker. These tools offer advanced features for monitoring your website consistently, and can alert you immediately when 404 errors or other issues are detected.
Google Search Console results with the number and details of pages returning 404 not found errors

How To Fix 404 Errors

How you fix a 404 Page Not Found error depends on whether you are a website visitor or the website owner/administrator. Let’s look at both situations.

How Can Website Visitors Fix 404 Errors?

There are various steps website visitors can take to fix an Error 404 Not Found:

  • Reload the page: Sometimes, an Error 404 may occur due to a temporary issue with the page or a momentary connection problem. Simply try reloading the page by clicking the refresh button on your browser. This action can often resolve the issue if it’s transient.
  • Clear browser cache: Your browser may have cached a page that has since been deleted, moved, or updated. Clear your browser’s cache to ensure you are viewing the most current version of the webpage.
  • Check the URL: Ensure that you have entered the correct URL. Mistyped URLs are a common cause of 404 errors.
  • Use a search engine: If you suspect that the URL you have is incorrect or outdated, you can use a search engine to find the page. Enter the website’s name along with relevant keywords to search for the specific page you’re looking for.
Using Google to search for the correct URL for Gcore financial services. Hovering over a page shows its URL at the bottom 

For example, if you encounter a 404 error while trying to access the Cloud For Financial Services page on the Gcore website, you can search on Google using a query like gcore: cloud financial services to locate the correct URL. To search for pages on a specific website, use the site:websiteURL query format, such as site:gcore.com cloud financial services. 

  • Contact website administrator: If you are unable to resolve the issue through the above steps, consider reaching out to the website administrator. They can provide information on whether the page or file still exists, has been moved to a different location, or if there are any issues with accessing it. The website administrator can help you find the desired content.

These steps empower website visitors to troubleshoot and potentially resolve 404 errors, providing a smoother browsing experience.

How to Fix Error 404 as an Admin or Website Owner?

Fixing Error 404 as an admin or website owner involves taking a number of steps and implementing strategies to ensure a smooth user experience and maintain the integrity of your website. Here’s a comprehensive guide on how to address Error 404:

  1. Identify and document 404 errors. Use tools like Google Search Console, Broken Link Checker, or similar utilities mentioned above to identify all pages or assets on your website that are generating 404 errors. Keep a record of these errors for reference.
  2. Prioritize fixes. Focus on addressing errors that have the most significant impact on user experience, such as critical pages or frequently visited content. Some minor 404 errors may not require immediate attention.
  3. Confirm DNS configuration. Use online tools like DNSMap, DNS Checker, or whatsmydns.net to verify that your domain is correctly pointing to the appropriate hosting server. Ensure that DNS settings are correctly configured, especially after server migrations or DNS changes.
  4. Check file and folder permissions. Verify and, if needed, rectify file and folder permissions on your web server. Incorrect permissions can render files or folders inaccessible. Use your hosting control panel (e.g., cPanel) to adjust permissions, typically setting folders to 755 and files to 644 for public resources.
Changing file and folder permissions in cPanel – shows a highlighted folder with a value of 755
  1. Implement redirects for moved pages. If you have moved or renamed pages with new URLs, set up 301 redirects from the old URLs to the new ones. This ensures that users are redirected to the correct page instead of encountering a 404 error.
  2. Restore broken links or corrupt files. If you know which pages have broken links, fix them by updating to the correct URLs or setting up appropriate redirects. For missing or corrupt files, restore them from a backup.
  3. Address permalink issues. In content management systems like WordPress, errors can occur due to permalink or redirect issues. Update permalink settings in your CMS dashboard to resolve site-wide issues.
  4. Create a custom 404 page. Create a user-friendly custom 404 error page that provides valuable information to visitors encountering the error. This page should include:
  • A clear statement explaining the unavailability of the requested resource.
  • Guidance for users to check and correct possible errors in the URL.
  • Suggestions for verifying the URL’s correctness.
  • Top and bottom menus or links to other useful pages on your website.
  • A search bar to facilitate in-site searches.
Gcore 404 Page not found error page with a link to the home page and the top and bottom menus

For example, if you request an invalid page from the Gcore website by typing an incorrect URL, you are presented with a custom page informing you that the page cannot be found and presenting options to return to the homepage or explore other sections of the website. 

By following the steps and best practices outlined here, you can effectively address Error 404 issues, enhance the user experience, and maintain the functionality of your website. Regular monitoring and proactive error resolution are key to ensuring a seamless browsing experience for your visitors.

Conclusion

Every website or online application has the potential to return Error 404 when a requested page, file, or resource is unavailable. To provide a seamless user experience, monitor and fix issues that could result in Error 404. By customizing your website’s Error 404 page to make it more user-friendly, you can help visitors find the resource or relevant information even if Error 404 occurs.

Related articles

How AI helps prevent API attacks

APIs have become an integral part of modern digital infrastructure, and it can be easy to take their security for granted. But, unfortunately, APIs are a popular target for attackers. Hackers can use APIs to access crucial data and services, and breaching APIs allows attackers to bypass traditional security controls.Most companies focus on speed of development and deployment ahead of security when crafting APIs, making them vulnerable to issues like insecure authentication, poor validation, or misconfigured endpoints, which attackers can abuse. Additionally, the interconnected nature of APIs creates multiple endpoints, widening the attack surface and creating additional points of entry that attackers can exploit.As threats evolve and the attack surface grows to include more API endpoints, integrating AI threat detection and mitigation is an absolute must for businesses to take serious, deliberate action against API cyberattacks. Let’s find out why.Staying ahead of zero-day API attacksOf all the cyber attacks that commonly threaten APIs, zero-day attacks, leveraging unknown vulnerabilities, are probably the toughest to defeat. Traditional solutions rely more on the existence of preconfigured rules or signatures along with human interference to detect and block such attacks. This approach often fails against novel threats and can block legitimate traffic, leaving applications vulnerable and making APIs inaccessible to users.APIs must balance between allowing legitimate users access and maintaining security. AI and ML technologies excel at identifying zero-day attacks based on pattern and behavior analysis rather than known signatures. For instance, heuristic algorithms can detect anomalies, such as sudden spikes in unusual traffic or behaviors indicative of malicious intent.Consider the following example: A certain IP address makes an abnormally large number of requests to a rarely accessed endpoint. Even without prior knowledge of the IP or attack vector, an AI/ML-enhanced solution can flag the activity as suspicious and block it proactively. Using minimal indicators, such as frequency patterns or traffic anomalies, AI can stop attackers before they fully exploit vulnerabilities. Additionally, this means that only suspicious IPs are blocked, and legitimate users can continue to access APIs unimpeded.The risks of shadow APIsOne of the biggest risks is shadow APIs, which are endpoints that exist but aren't documented or monitored. These can arise from configuration mistakes, forgotten updates, or even rogue development practices. These unknown APIs are the ideal target for Layer 7 attacks, as they are often left undefended, making them easy targets.AI-powered API discovery tools map both known and unknown API endpoints, enabling the grouping and management of these endpoints so sensitive APIs can be properly secured. This level of visibility is critical to securing systems against API-targeting attacks; without it, businesses are left in the dark.API discovery as a critical security practiceWAAP with AI/ML capabilities excels in API security because it accurately checks and analyzes API traffic. The Gcore API discovery engine offers 97 to 99 percent accuracy, mapping APIs in users’ domains and using data to recommend policies to help secure APIs.How heuristics enhance WAAP AI capabilities to protect APIsWhile AI and ML form the backbone of modern WAAPs, heuristic methods complement them in enhancing detection accuracy. Heuristics allow the system to inspect granular behaviors, such as mouse clicks or scrolling patterns, which distinguish legitimate users from bots.For example, most scraping attacks involve automated scripts that interact with APIs in predictable and repetitive manners. In those cases, WAAP can use request patterns or user action monitoring to identify the script with high accuracy. Heuristics may define bots by checking how users interact with page elements, such as buttons or forms, and flagging those that behave unnaturally.This layered approach ensures that the most sophisticated automated attack attempts are caught in the net and mitigated without affecting legitimate traffic.Protect your APIs with the click of a button using Gcore WAAPAI offers proactive, intelligent solutions that can address the modern complexities of cybersecurity. These technologies empower organizations to secure APIs against even the most sophisticated threats, including zero-day vulnerabilities and undiscovered APIs.Interested in protecting your APIs with WAAP? Download our ebook to discover cybersecurity best practices, the most prevalent threats, and how WAAP can protect your business’s digital infrastructure, including APIs. Or, reach out to our team to learn more about Gcore WAAP.Discover why WAAP is a must-have for API protection

Bare metal vs. virtual machines: performance, cost, and use case comparison

Choosing the right type of server infrastructure is critical to how your application performs, scales, and fits your budget. For most workloads, the decision comes down to two core options: bare metal servers and virtual machines (VMs). Both can be deployed in the cloud, but they differ significantly in terms of performance, control, scalability, and cost.In this article, we break down the core differences between bare metal and virtual servers, highlight when to choose each, and explain how Gcore can help you deploy the right infrastructure for your needs. If you want to learn about either BM or VMs in detail, we’ve got articles for those: here’s the one for bare metal, and here’s a deep dive into virtual machines.Bare metal vs. virtual machines at a glanceWhen evaluating whether bare metal or virtual machines are right for your company, consider your specific workload requirements, performance priorities, and business objectives. Here’s a quick breakdown to help you decide what works best for you.FactorBare metal serversVirtual machinesPerformanceDedicated resources; ideal for high-performance workloadsShared resources; suitable for moderate or variable workloadsScalabilityOften requires manual scaling; less flexibleHighly elastic; easy to scale up or downCustomizationFull control over hardware, OS, and configurationLimited by hypervisor and provider’s environmentSecurityIsolated by default; no hypervisor layerShared environment with strong isolation protocolsCostHigher upfront cost; dedicated hardwarePay-as-you-go pricing; cost-effective for flexible workloadsBest forHPC, AI/ML, compliance-heavy workloadsStartups, dev/test, fast-scaling applicationsAll about bare metal serversA bare metal server is a single-tenant physical server rented from a cloud provider. Unlike virtual servers, the hardware is not shared with other users, giving you full access to all resources and deeper control over configurations. You get exclusive access and control over the hardware via the cloud provider, which offers the stability and security needed for high-demand applications.The benefits of bare metal serversHere are some of the business advantages of opting for a bare metal server:Maximized performance: Because they are dedicated resources, bare metal servers provide top-tier performance without sharing processing power, memory, or storage with other users. This makes them ideal for resource-intensive applications like high-performance computing (HPC), big data processing, and game hosting.Greater control: Since you have direct access to the hardware, you can customize the server to meet your specific requirements. This is especially important for businesses with complex, specialized needs that require fine-tuned configurations.High security: Bare metal servers offer a higher level of security than their alternatives due to the absence of virtualization. With no shared resources or hypervisor layer, there’s less risk of vulnerabilities that come with multi-tenant environments.Dedicated resources: Because you aren’t sharing the server with other users, all server resources are dedicated to your application so that you consistently get the performance you need.Who should use bare metal servers?Here are examples of instances where bare metal servers are the best option for a business:High-performance computing (HPC)Big data processing and analyticsResource-intensive applications, such as AI/ML workloadsGame and video streaming serversBusinesses requiring enhanced security and complianceAll about virtual machinesA virtual server (or virtual machine) runs on top of a physical server that’s been partitioned by a cloud provider using a hypervisor. This allows multiple VMs to share the same hardware while remaining isolated from each other.Unlike bare metal servers, virtual machines share the underlying hardware with other cloud provider customers. That means you’re using (and paying for) part of one server, providing cost efficiency and flexibility.The benefits of virtual machinesHere are some advantages of using a shared virtual machine:Scalability: Virtual machines are ideal for businesses that need to scale quickly and are starting at a small scale. With cloud-based virtualization, you can adjust your server resources (CPU, memory, storage) on demand to match changing workloads.Cost efficiency: You pay only for the resources you use with VMs, making them cost-effective for companies with fluctuating resource needs, as there is no need to pay for unused capacity.Faster deployment: VMs can be provisioned quickly and easily, which makes them ideal for anyone who wants to deploy new services or applications fast.Who should use virtual machines?VMs are a great fit for the following:Web hosting and application hostingDevelopment and testing environmentsRunning multiple apps with varying demandsStartups and growing businesses requiring scalabilityBusinesses seeking cost-effective, flexible solutionsWhich should you choose?There’s no one-size-fits-all answer. Your choice should depend on the needs of your workload:Choose bare metal if you need dedicated performance, low-latency access to hardware, or tighter control over security and compliance.Choose virtual servers if your priority is flexible scaling, faster deployment, and optimized cost.If your application uses GPU-based inference or AI training, check out our dedicated guide to VM vs. BM for AI workloads.Get started with Gcore BM or VMs todayAt Gcore, we provide both bare metal and virtual machine solutions, offering flexibility, performance, and reliability to meet your business needs. Gcore Bare Metal has the power and reliability needed for demanding workloads, while Gcore Virtual Machines offers customizable configurations, free egress traffic, and flexibility.Compare Gcore BM and VM pricing now

Optimize your workload: a guide to selecting the best virtual machine configuration

Virtual machines (VMs) offer the flexibility, scalability, and cost-efficiency that businesses need to optimize workloads. However, choosing the wrong setup can lead to poor performance, wasted resources, and unnecessary costs.In this guide, we’ll walk you through the essential factors to consider when selecting the best virtual machine configuration for your specific workload needs.﹟1 Understand your workload requirementsThe first step in choosing the right virtual machine configuration is understanding the nature of your workload. Workloads can range from light, everyday tasks to resource-intensive applications. When making your decision, consider the following:Compute-intensive workloads: Applications like video rendering, scientific simulations, and data analysis require a higher number of CPU cores. Opt for VMs with multiple processors or CPUs for smoother performance.Memory-intensive workloads: Databases, big data analytics, and high-performance computing (HPC) jobs often need more RAM. Choose a VM configuration that provides sufficient memory to avoid memory bottlenecks.Storage-intensive workloads: If your workload relies heavily on storage, such as file servers or applications requiring frequent read/write operations, prioritize VM configurations that offer high-speed storage options, such as SSDs or NVMe.I/O-intensive workloads: Applications that require frequent network or disk I/O, such as cloud services and distributed applications, benefit from VMs with high-bandwidth and low-latency network interfaces.﹟2 Consider VM size and scalabilityOnce you understand your workload’s requirements, the next step is to choose the right VM size. VM sizes are typically categorized by the amount of CPU, memory, and storage they offer.Start with a baseline: Select a VM configuration that offers a balanced ratio of CPU, RAM, and storage based on your workload type.Scalability: Choose a VM size that allows you to easily scale up or down as your needs change. Many cloud providers offer auto-scaling capabilities that adjust your VM’s resources based on real-time demand, providing flexibility and cost savings.Overprovisioning vs. underprovisioning: Avoid overprovisioning (allocating excessive resources) unless your workload demands peak capacity at all times, as this can lead to unnecessary costs. Similarly, underprovisioning can affect performance, so finding the right balance is essential.﹟3 Evaluate CPU and memory considerationsThe central processing unit (CPU) and memory (RAM) are the heart of a virtual machine. The configuration of both plays a significant role in performance. Workloads that need high processing power, such as video encoding, machine learning, or simulations, will benefit from VMs with multiple CPU cores. However, be mindful of CPU architecture—look for VMs that offer the latest processors (e.g., Intel Xeon, AMD EPYC) for better performance per core.It’s also important that the VM has enough memory to avoid paging, which occurs when the system uses disk space as virtual memory, significantly slowing down performance. Consider a configuration with more RAM and support for faster memory types like DDR4 for memory-heavy applications.﹟4 Assess storage performance and capacityStorage performance and capacity can significantly impact the performance of your virtual machine, especially for applications requiring large data volumes. Key considerations include:Disk type: For faster read/write operations, opt for solid-state drives (SSDs) over traditional hard disk drives (HDDs). Some cloud providers also offer NVMe storage, which can provide even greater speed for highly demanding workloads.Disk size: Choose the right size based on the amount of data you need to store and process. Over-allocating storage space might seem like a safe bet, but it can also increase costs unnecessarily. You can always resize disks later, so avoid over-allocating them upfront.IOPS and throughput: Some workloads require high input/output operations per second (IOPS). If this is a priority for your workload (e.g., databases), make sure that your VM configuration includes high IOPS storage options.﹟5 Weigh up your network requirementsWhen working with cloud-based VMs, network performance is a critical consideration. High-speed and low-latency networking can make a difference for applications such as online gaming, video conferencing, and real-time analytics.Bandwidth: Check whether the VM configuration offers the necessary bandwidth for your workload. For applications that handle large data transfers, such as cloud backup or file servers, make sure that the network interface provides high throughput.Network latency: Low latency is crucial for applications where real-time performance is key (e.g., trading systems, gaming). Choose VMs with low-latency networking options to minimize delays and improve the user experience.Network isolation and security: Check if your VM configuration provides the necessary network isolation and security features, especially when handling sensitive data or operating in multi-tenant environments.﹟6 Factor in cost considerationsWhile it’s essential that your VM has the right configuration, cost is always an important factor to consider. Cloud providers typically charge based on the resources allocated, so optimizing for cost efficiency can significantly impact your budget.Consider whether a pay-as-you-go or reserved model (which offers discounted rates in exchange for a long-term commitment) fits your usage pattern. The reserved option can provide significant savings if your workload runs continuously. You can also use monitoring tools to track your VM’s performance and resource usage over time. This data will help you make informed decisions about scaling up or down so you’re not paying for unused resources.﹟7 Evaluate security featuresSecurity is a primary concern when selecting a VM configuration, especially for workloads handling sensitive data. Consider the following:Built-in security: Look for VMs that offer integrated security features such as DDoS protection, web application firewall (WAF), and encryption.Compliance: Check that the VM configuration meets industry standards and regulations, such as GDPR, ISO 27001, and PCI DSS.Network security: Evaluate the VM's network isolation capabilities and the availability of cloud firewalls to manage incoming and outgoing traffic.﹟8 Consider geographic locationThe geographic location of your VM can impact latency and compliance. Therefore, it’s a good idea to choose VM locations that are geographically close to your end users to minimize latency and improve performance. In addition, it’s essential to select VM locations that comply with local data sovereignty laws and regulations.﹟9 Assess backup and recovery optionsBackup and recovery are critical for maintaining data integrity and availability. Look for VMs that offer automated backup solutions so that data is regularly saved. You should also evaluate disaster recovery capabilities, including the ability to quickly restore data and applications in case of failure.﹟10 Test and iterateFinally, once you've chosen a VM configuration, testing its performance under real-world conditions is essential. Most cloud providers offer performance monitoring tools that allow you to assess how well your VM is meeting your workload requirements.If you notice any performance bottlenecks, be prepared to adjust the configuration. This could involve increasing CPU cores, adding more memory, or upgrading storage. Regular testing and fine-tuning means that your VM is always optimized.Choosing a virtual machine that suits your requirementsSelecting the best virtual machine configuration is a key step toward optimizing your workloads efficiently, cost-effectively, and without unnecessary performance bottlenecks. By understanding your workload’s needs, considering factors like CPU, memory, storage, and network performance, and continuously monitoring resource usage, you can make informed decisions that lead to better outcomes and savings.Whether you're running a small application or large-scale enterprise software, the right VM configuration can significantly improve performance and cost. Gcore offers a wide range of virtual machine options that can meet your unique requirements. Our virtual machines are designed to meet diverse workload requirements, providing dedicated vCPUs, high-speed storage, and low-latency networking across 30+ global regions. You can scale compute resources on demand, benefit from free egress traffic, and enjoy flexible pricing models by paying only for the resources in use, maximizing the value of your cloud investments.Contact us to discuss your VM needs

11 simple tips for securing your APIs

A vast 84% of organizations have experienced API security incidents in the past year. APIs (application programming interfaces) are the backbone of modern technology, allowing seamless interaction between diverse software platforms. However, this increased connectivity comes with a downside: a higher risk of security breaches, which can include injection attacks, credential stuffing, and L7 DDoS attacks, as well as the ever-growing threat of AI-based attacks.Fortunately, developers and IT teams can implement DIY API protection. Mitigating vulnerabilities involves using secure coding techniques, conducting thorough testing, and applying strong security protocols and frameworks. Alternatively, you can simply use a WAAP (web application and API protection) solution for specialized, one-click, robust API protection.This article explains 11 practical tips that can help protect your APIs from security threats and hacking attempts, with examples of commands and sample outputs to provide API security.#1 Implement authentication and authorizationUse robust authentication mechanisms to verify user identity and authorization strategies like OAuth 2.0 to manage access to resources. Using OAuth 2.0, you can set up a token-based authentication system where clients request access tokens using credentials. # Requesting an access token curl -X POST https://yourapi.com/oauth/token \ -d "grant_type=client_credentials" \ -d "client_id=your_client_id" \ -d "client_secret=your_client_secret" Sample output: { "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...", "token_type": "bearer", "expires_in": 3600 } #2 Secure communication with HTTPSEncrypting data in transit using HTTPS can help prevent eavesdropping and man-in-the-middle attacks. Enabling HTTPS may involve configuring your web server with SSL/TLS certificates, such as Let’s Encrypt with nginx. sudo certbot --nginx -d yourapi.com #3 Validate and sanitize inputValidating and sanitizing all user inputs protects against injection and other attacks. For a Node.js API, use express-validator middleware to validate incoming data. app.post('/api/user', [ body('email').isEmail(), body('password').isLength({ min: 5 }) ], (req, res) => { const errors = validationResult(req); if (!errors.isEmpty()) { return res.status(400).json({ errors: errors.array() }); } // Proceed with user registration }); #4 Use rate limitingLimit the number of requests a client can make within a specified time frame to prevent abuse. The express-rate-limit library implements rate limiting in Express.js. const rateLimit = require('express-rate-limit'); const apiLimiter = rateLimit({ windowMs: 15 * 60 * 1000, // 15 minutes max: 100 }); app.use('/api/', apiLimiter); #5 Undertake regular security auditsRegularly audit your API and its dependencies for vulnerabilities. Runnpm auditin your Node.js project to detect known vulnerabilities in your dependencies.  npm audit Sample output: found 0 vulnerabilities in 1050 scanned packages #6 Implement access controlsImplement configurations so that users can only access resources they are authorized to view or edit, typically through roles or permissions. The two more common systems are Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) for a more granular approach.You might also consider applying zero-trust security measures such as the principle of least privilege (PoLP), which gives users the minimal permissions necessary to perform their tasks. Multi-factor authentication (MFA) adds an extra layer of security beyond usernames and passwords.#7 Monitor and log activityMaintain comprehensive logs of API activity with a focus on both performance and security. By treating logging as a critical security measure—not just an operational tool—organizations can gain deeper visibility into potential threats, detect anomalies more effectively, and accelerate incident response.#8 Keep dependencies up-to-dateRegularly update all libraries, frameworks, and other dependencies to mitigate known vulnerabilities. For a Node.js project, updating all dependencies to their latest versions is vital. npm update #9 Secure API keysIf your API uses keys for access, we recommend that you make sure that they are securely stored and managed. Modern systems often utilize dynamic key generation techniques, leveraging algorithms to automatically produce unique and unpredictable keys. This approach enhances security by reducing the risk of brute-force attacks and improving efficiency.#10 Conduct penetration testingRegularly test your API with penetration testing to identify and fix security vulnerabilities. By simulating real-world attack scenarios, your organizations can systematically identify vulnerabilities within various API components. This proactive approach enables the timely mitigation of security risks, reducing the likelihood of discovering such issues through post-incident reports and enhancing overall cybersecurity resilience.#11 Simply implement WAAPIn addition to taking the above steps to secure your APIs, a WAAP (web application and API protection) solution can defend your system against known and unknown threats by consistently monitoring, detecting, and mitigating risks. With advanced algorithms and machine learning, WAAP safeguards your system from attacks like SQL injection, DDoS, and bot traffic, which can compromise the integrity of your APIs.Take your API protection to the next levelThese steps will help protect your APIs against common threats—but security is never one-and-done. Regular reviews and updates are essential to stay ahead of evolving vulnerabilities. To keep on top of the latest trends, we encourage you to read more of our top cybersecurity tips or download our ultimate guide to WAAP.Implementing specialized cybersecurity solutions such as WAAP, which combines web application firewall (WAF), bot management, Layer 7 DDoS protection, and API security, is the best way to protect your assets. Designed to tackle the complex challenges of API threats in the age of AI, Gcore WAAP is an advanced solution that keeps you ahead of security threats.Discover why WAAP is a non-negotiable with our free ebook

What are zero-day attacks? Risks, prevention tips, and new trends

Zero-day attack is a term for any attack that targets a vulnerability in software or hardware that has yet to be discovered by the vendor or developer. The term “zero-day” stems from the idea that the developer has had zero days to address or patch the vulnerability before it is exploited.In a zero-day attack, an attacker finds a vulnerability before a developer discovers and patches itThe danger of zero-day attacks lies in their unknownness. Because the vulnerabilities they target are undiscovered, traditional defense mechanisms or firewalls may not detect them as no specific patch exists, making attack success rates higher than for known attack types. This makes proactive and innovative security measures, like AI-enabled WAAP, crucial for organizations to stay secure.Why are zero-day attacks a threat to businesses?Zero-day attacks pose a unique challenge for businesses due to their unpredictable nature. Since these exploits take advantage of previously unknown vulnerabilities, organizations have no warning or time to deploy a patch before they are targeted. This makes zero-day attacks exceptionally difficult to detect and mitigate, leaving businesses vulnerable to potentially severe consequences. As a result, zero-day attacks can have devastating consequences for organizations of all sizes. They pose financial, reputational, and regulatory risks that can be difficult to recover from, including the following:Financial and operational damage: Ransomware attacks leveraging zero-day vulnerabilities can cripple operations and lead to significant financial losses due to data breach fines. According to recent studies, the average cost of a data breach in 2025 has surpassed $5 million, with zero-day exploits contributing significantly to these figures.Reputation and trust erosion: Beyond monetary losses, zero-day attacks erode customer trust. A single breach can damage an organization’s reputation, leading to customer churn and lost opportunities.Regulatory implications: With strict regulations like GDPR in the EU and similar frameworks emerging globally, organizations face hefty fines for data breaches. Zero-day vulnerabilities, though difficult to predict, do not exempt businesses from compliance obligations.The threat is made clear by recent successful examples of zero-day attacks. The Log4j vulnerability (Log4Shell), discovered in 2021, affected millions of applications worldwide and was widely exploited. In 2023, the MOVEit Transfer exploit was used to compromise data from numerous government and corporate systems. These incidents demonstrate how zero-day attacks can have far-reaching consequences across different industries.New trends in zero-day attacksAs cybercriminals become more sophisticated, zero-day attacks continue to evolve. New methods and technologies are making it easier for attackers to exploit vulnerabilities before they are discovered. The latest trends in zero-day attacks include AI-powered attacks, expanding attack surfaces, and sophisticated multi-vendor attacks.AI-powered attacksAttackers are increasingly leveraging artificial intelligence to identify and exploit vulnerabilities faster than ever before. AI tools can analyze vast amounts of code and detect potential weaknesses in a fraction of the time it would take a human. Moreover, AI can automate the creation of malware, making attacks more frequent and harder to counter.For example, AI-driven malware can adapt in real time to avoid detection, making it particularly effective in targeting enterprise networks and cloud-based applications. Hypothetically, an attacker could use an AI algorithm to scan for weaknesses in widely used SaaS applications, launching an exploit before a patch is even possible.Expanding attack surfacesThe digital transformation continues to expand the attack surface for zero-day exploits. APIs, IoT devices, and cloud-based services are increasingly targeted, as they often rely on interconnected systems with complex dependencies. A single unpatched vulnerability in an API could provide attackers with access to critical data or applications.Sophisticated multi-vector attacksCybercriminals are combining zero-day exploits with other tactics, such as phishing or social engineering, to create multi-vector attacks. This approach increases the likelihood of success and makes defense efforts more challenging.Prevent zero-day attacks with AI-powered WAAPWAAP solutions are becoming a cornerstone of modern cybersecurity, particularly in addressing zero-day vulnerabilities. Here’s how they help:Behavioral analytics: WAAP solutions use behavioral models to detect unusual traffic patterns, blocking potential exploits before they can cause damage.Automated patching: By shielding applications with virtual patches, WAAP can provide immediate protection against vulnerabilities while a permanent fix is developed.API security: With APIs increasingly targeted, WAAP’s ability to secure API endpoints is critical. It ensures that only authorized requests are processed, reducing the risk of exploitation.How WAAP stops AI-driven zero-day attacksAI is not just a tool for attackers—it is also a powerful ally for defenders. Machine learning algorithms can analyze user behavior and network activity to identify anomalies in real time. These systems can detect and block suspicious activities that might indicate an attempted zero-day exploit.Threat intelligence platforms powered by AI can also predict emerging vulnerabilities by analyzing trends and known exploits. This enables organizations to prepare for potential attacks before they occur.At Gcore, our WAAP solution combines these features to provide comprehensive protection. By leveraging cutting-edge AI and machine learning, Gcore WAAP detects and mitigates threats in real time, keeping web applications and APIs secure even from zero-day attacks.More prevention techniquesBeyond WAAP, layering protection techniques can further enhance your business’ ability to ward off zero-day attacks. Consider the following measures:Implement a robust patch management system so that known vulnerabilities are addressed promptly.Conduct regular security assessments and penetration testing to help identify potential weaknesses before attackers can exploit them.Educate employees about phishing and other social engineering tactics to decease the likelihood of successful attacks.Protect your business against zero-day attacks with GcoreZero-day attacks pose a significant threat to businesses, with financial, reputational, and regulatory consequences. The rise of AI-powered cyberattacks and expanding digital attack surfaces make these threats even more pressing. Organizations must adopt proactive security measures, including AI-driven defense mechanisms like WAAP, to protect their critical applications and data. By leveraging behavioral analytics, automated patching, and advanced threat intelligence, businesses can minimize their risk and stay ahead of attackers.Gcore’s AI-powered WAAP provides the robust protection your business needs to defend against zero-day attacks. With real-time threat detection, virtual patching, and API security, Gcore WAAP ensures that your web applications remain protected against even the most advanced cyber threats, including zero-day threats. Don’t wait until it’s too late—secure your business today with Gcore’s cutting-edge security solutions.Discover how WAAP can help stop zero-day attacks

What are virtual machines?

A virtual machine (VM), also called a virtual instance, is a software-based version of a physical computer. Instead of running directly on hardware, a VM operates inside a program that emulates a complete computer system, including a processor, memory, storage, and network connections. This allows multiple VMs to run on a single physical machine, each with its own operating system and applications, as if they were independent computers.VMS are useful because they provide flexibility, isolation, and scalability. Since each VM is self-contained, it can run different operating systems (like Windows, Linux, or macOS) on the same hardware without affecting other VMs or the host machine. This makes them ideal for testing software, running legacy applications, or efficiently using server resources in data centers. Because VMs exist as software, they can be easily copied, moved, or backed up, making them a powerful tool for both individuals and businesses.Read on to learn about types of VMs, their benefits, common use cases, and how to choose the right VM provider for your needs.How do VMs work?A virtual machine (VM) runs inside a program called a hypervisor, which acts as an intermediary between the VM and the actual computer hardware. Every time a VM needs to perform an action—such as running software, accessing storage, or using the processor—the hypervisor intercepts these requests and decides how to allocate resources like CPU power, memory, and disk space. You can think of a hypervisor as an operating system for VMs, managing multiple virtual machines on a single physical computer. Popular hypervisors like VirtualBox and VMware enable users to run multiple operating systems simultaneously while providing strong isolation.Modern hypervisors optimize performance by giving VMs direct access to certain hardware components when possible, reducing the need for constant intervention. However, some level of overhead remains because the hypervisor still needs to manage and coordinate resources efficiently. This means that while VMs can leverage most of the system’s hardware, they can’t use 100% of it, as some processing power is always reserved for managing virtualization itself. This small trade-off is often worth it, as hypervisors keep each VM isolated and secure, preventing one VM from interfering with another.VM layersFigure 1 illustrates the layers of a system virtual machine setup. The layer model can vary depending on the hypervisor. Some hypervisors include a built-in host operating system, while modern hardware offers native virtualization support. Many hypervisors can also manage multiple physical machines and VMs efficiently.VM snapshots are an essential feature in cloud computing, allowing users to quickly restore a virtual machine to a previous state.Figure 1: Layers of system virtual machinesHypervisors that emulate hardware architectures different from what the guest OS expects have a bigger overhead, as they can’t relay commands directly to the hardware without first translating them.VM snapshotsVM snapshots are an essential feature in cloud computing, allowing users to quickly restore a virtual machine to a previous state. The hypervisor can save the complete state of the VM and restore it at a later time to skip the boot process of the guest OS. The hypervisor can also move these snapshots between different physical machines, making the software running in the VM completely independent from the underlying hardware.What are the benefits of using VMs?Virtual machines offer benefits including resource efficiency, isolation, simplified operations, easy migration, faster deployment, cost savings, and security. Let’s look at these one by one.Multiple VMs can run on a single physical machine, making sharing resources between various guest operating systems easier. This is especially important when each guest OS needs to be isolated from the others, such as when they belong to different customers of a cloud service provider. Sharing resources through VMs makes running a server cheaper because you don’t have to buy or rent a whole physical machine, but only parts of it.Since VMs abstract the underlying hardware, they also improve resilience. If the physical machine fails, the hypervisor can perform a quick recovery by moving the snapshots to another machine without changing the guest OS installations to minimize downtime. This abstraction also allows operations teams to focus their deployment efforts on a standardized VM instead of considering different physical implementations.Migrations become easier with snapshots as you can simply move them to a faster machine without modifying the software running inside the VM.Faster deployments are possible because starting a VM is just a software execution instead of setting up a physical server in a data center. While you had to buy a server or rent it for months, with fast deployments, you can now rent a machine for hours, minutes, or even seconds, which allows for quite some savings.Modern CPUs have built-in virtualization features that enable easy resource sharing and enforce the isolation at the hardware layer. This prevents the services of one VM from accessing the resources of the others, improving security compared to running multiple apps inside one OS.Common use cases for VMsVMs have a range of use cases. Let’s look at the most popular ones.Cloud computingThe most popular use case is cloud computing, where VMs allow the secure sharing of the cloud provider’s resources, enabling their customers to rent only the resources they need for the period their workload will run.Software development and testingSoftware development often requires specific tools and libraries that aren’t available on a production machine, so having a development VM with all these tools preinstalled can be helpful. An example is cloud IDEs, which look and feel like regular IDEs but run on a cloud VM. A developer can have one for each project with the required dev tools installed.VMs also allow a developer to set up a machine for software testing that looks exactly like the production environment. Here, the opposite of the development VM is required; it should not have any development tools installed because they would also be missing from production.Cross-platform developmentA special case of the software development use case is cross-platform development. When you implement an app for Android or iOS, for example, you usually don’t do this on a mobile device but on your computer. With VMs, developers can simulate different hardware environments, enabling cross-platform testing without requiring physical devices.Legacy system supportIf the hardware your application requires is no longer in production, a VM might be the only way to keep running your software without reimplementing it. This is similar to the cross-platform development use case, as the VM emulates different hardware, but the difference is that the hardware no longer exists.How to choose the right VM providerTo find the right provider for your workload, the most important factor to assess is your own workload requirements. Ask the following questions and compare the answers to what providers offer.Is your workload compute or I/O-bound?Many workloads, like web servers, are I/O-bound. They don’t make complex calculations but rather simply load data and send it over the network. If you need a VM for an I/O-bound workload, you care more about disk and memory size, as well as network speed.However, compute-heavy workloads, such as AI inference or Kubernetes clusters, require careful resource allocation. If you’re evaluating whether to run Kubernetes on bare metal or VMs, check out our white paper on Bare Metal vs. VM-based Kubernetes Clusters for an in-depth comparison.If your workload is compute-bound instead, you need a high-performance CPU or a GPU and loads of memory. An AI inference engine, for example, only sends a bit of text to a client, but it does many calculations to generate this text.How long will your workload run?Web servers usually run indefinitely, but some workloads only run a few hours or minutes. If you’re doing AI training, you don’t want to pay for your huge VM cluster 24/7 if it only runs a few hours or days a week. In such cases, looking for a provider that allows renting your desired VM type hourly on a pay-as-you-go model might be worthwhile.Certain cloud providers offer cost-effective spot instances, which provide lower prices for non-critical workloads that can tolerate interruptions. These cheap VMs can get shut down at any time with minimal notice, but if your calculations aren’t time-critical, you might save quite a bit of money here.How does your workload scale?Scaling in the cloud is usually done horizontally. That is, by adding more VMs and distributing the work between them. Workloads can have different requirements for when and how fast they must be added and removed.In the AI training example, you might know in advance that one training takes more resources than the other, so you can provision enough VMs when starting. However, a web server workload might change its requirements constantly. Hence, you need a load balancer that automatically scales the instances up and down depending on the number of clients that want to access your service.Do you handle sensitive data?You might have to comply with specific laws and regulations depending on your jurisdiction(s) and industry. This means you must check whether the cloud provider also complies. How secure are their data centers? Where are they located? Do they support encryption in transit, at rest, and in process?What are your reliability requirements?Reliability is a question of costs and, again, of compliance. You might get into financial or regulatory troubles if your workload can’t run. Cloud providers often boast about their guaranteed uptimes, but remember that 99% uptime a year still means over three days of potential downtime. Check your needs and then seek a provider that can meet them reliably.Do you need customer support?If your organization doesn’t have the know-how for operating VMs in the cloud, you might need technical support from the provider. Most cloud providers are self-service, offering you a GUI and an API to manage resources. If your business lacks the resources to operate VMs, seek out a provider that can manage VMs on your behalf.SummaryVMs are a core technology for cloud computing and software development alike. They enable efficient resource sharing, improve security with hardware-enforced guest isolation, and simplify migration and disaster recovery. Choosing the right VM provider starts with understanding your workload requirements, from resource allocation to security and scalability.Maximize cloud efficiency with Gcore Virtual Machines—engineered for high performance, seamless scalability, and enterprise-grade security at competitive pricing. Whether you need to run workloads at scale or deploy applications in seconds, our VMs provide enterprise-grade security, built-in resilience, and optimized resource allocation, all powered by cutting-edge infrastructure. With global reach, fast provisioning, egress traffic included, and pay-as-you-go pricing, you get the scalability and reliability your business needs without overspending. Start your journey with Gcore VMs today and experience cloud computing that’s built for speed, security, and savings.Discover Gcore VMs

Subscribe to our newsletter

Get the latest industry trends, exclusive insights, and Gcore updates delivered straight to your inbox.