Your Hosting Accounts Security at Hawk Host

People often question whether or not shared hosting can actually be secure. The concept of sharing a server with other users, while some of those users may be malicious, is a scary concept to people. Over the years we have continually taken steps to not only alleviate those concerns by talking to clients but we’ve also invested in security and technology upgrades that make our shared hosting as secure as it can be.

What does Hawk Host do to protect customers data and websites?

Every day we’re constantly improving the security of our hosting platforms. Whether it’s learning about new exploits impacting popular software and writing rules to block the exploits, or creating signatures of known exploits/malware to update our databases, our humans and our machines are continually learning and evolving to keep customers safe. Here are just a few of the measures we take to keep your data safe, your sites secure, and to make sure nobody accesses your account when they shouldn’t:

• • Realtime Scanning of Uploaded Files: Every single file that is added to our servers is scanned for known malware or exploits. If we detect something in the file it’s automatically quarantined, thereby protecting your account from remote exploits and code execution. We’ll also email you and let you know what files we quarantined so you can review what happened and take a closer look at the files you’re trying to use.
• • Imunify360: In a nutshell Imunify360 watches your site, its traffic, and blocks anything it determines as malicious. We recently covered Imunify360 in detail in a blog post, so if you wanted to learn more I suggest reading that post: An Overview of Imunify360
• • CageFS: CageFS is a technology which isolates your account from everyone else on the server, making it impossible for another user to view/modify/read your files from the same machine. This used to be an issue when customers would run insecure permissions (777 for example), which made files/directories readable by anyone on the machine. CageFS fixes this problem so you can rest easy knowing your data is accessible by you and you only. If you wanted to learn more about CageFS we have a blog post about that too!: An Overview of CageFS
• • Rebootless Kernel Updates: Security is a paramount concern of ours, but so is uptime! A website is no good if it can’t be reached and we take that responsibility seriously. We use a technology called KernelCare to apply kernel level updates without requiring a reboot so your sites don’t need to experience downtime just so we can apply a patch. In the past we’ve also received fixes for 0day kernel exploits faster than waiting for upstream fixes, keeping the entire machine safe (along with your sites and data!)

• • Offsite Backups: Having backups may not seem like a typical security measure, but that’s your last line of defense in case the worst does happen. We take backups of your entire account (files, databases, emails, etc) and retain them for up to 7 days. We also take full backups of the entire server so in the event we had a system level failure we could restore the entire server from the most recent backup. This is not a pro-active security measure, instead it’s a re-active one, but without backups you’re neglecting a huge part of your security checklist.

    • Cloudflare: Cloudflare is a free service which adds an additional layer of protection to your sites on top of what we offer. They offer services such as DDoS protection, a WAF (web application firewall), rate limiting / browser verification, and so much more! Our shared, reseller, and semi-dedicated clients can enable Cloudflare on all their sites right through cPanel. VPS clients can sign up through Cloudflares website directly to protect all their sites on our network.
• • SpamExperts: Nobody wants spam hitting their inbox, and nobody wants to be responsible for sending spam from a compromised account / email address. This is why we offer SpamExperts filtering for both incoming and outgoing emails, for free, on all hosting plans! The incoming filtering will protect all your email addresses from receiving spam, viruses, exploits, and so much more! The outgoing filtering prevents spam from leaving our network and also blocks outgoing emails with virus attachments or other content that our systems has learned is malicious.

What can I do as a customer to stay safe and secure?

• • Passwords Are King: Using strong passwords is your number one line of defense. Easily guessed insecure passwords are one of the easiest ways to find yourself compromised and in security trouble! What we recommend is using a password manager, such as LastPass, 1Password, or KeePassX. With these services you only remember one password (your master login password) and then it generates a unique / secure password for every other login you need. Gone are the days of re-using passwords or using easy to remember but also easy to guess passwords on important sites!
• • Use Two-Factor Authentication (2FA): In addition to using strong passwords you should also use two-factor authentication (2FA) whenever possible. What 2FA does is create a second layer of authentication, requiring not only your text password but also a random code generated by your phone / device to complete a login. This way if your password is ever compromised your account is still safe because they wouldn’t be able to login without your 2FA code, which only you have! We offer 2FA protection for both our client area and your cPanel account!
• • Update Your Software: Running outdated software is one of the easiest ways to get yourself compromised. Once a vulnerability is disclosed it’s not hard for hackers and the bad people on the internet to use it to take control of your site. Sometimes they’ll only deface your page but often times the exploits are used to install malware, send spam, or setup phishing sites. It can be a real pain to fix this when it happens so staying updated is a big part of staying secure.
• • Install Plugins/Addons from Trusted Sources: Improving your site with addons, plugins, or custom themes is a great way to make it stand out, and that’s a good thing! But be careful about what you install! One mistake could create an easy to access backdoor to your account. Anytime you go to install third party software do some research about the vendor/author, read some feedback from other users, and most importantly make sure the plugin is actively developed. If a plugin hasn’t been updated in years odds are its got some exploits!
• • Always Use SSL: Whenever you connect to your account make sure you’re using SSL. Whether it’s using FTP, connecting to your email, or logging into cPanel/WHM, it’s important to make sure you’re always using SSL/HTTPS. This will encrypt all the data you pass through your browser / network making it impossible for eavesdroppers to steal your data. Did you know we offer free SSL certificates for all sites hosted with us through Let’s Encrypt? You can install a free, trusted, and fully secure SSL certificate on any site hosted with us: Hawk Host Sponsors Let’s Encrypt
• • Be Safe on Public Networks: Anytime you’re using a public / untrusted network, such as free WiFi from your local coffee shop or a friends home work, you should try and connect over a VPN. This will make sure all traffic first goes through your safe and trusted VPN network and isn’t passed over a potentially insecure (and compromised) public network. We recommend Private Internet Access as a VPN provider but there are countless options out there!

This may seem like a lot, but over time it will all become second nature, and you’ll have the peace of mind knowing your sites and data are secure. Stay safe out there folks!