Posted By: Brian Farrell
Last Updated: Monday August 24, 2020
Customers often ask what steps we take as a host to keep your websites and files safe. We value security at Hawk Host and it’s important clients know the proactive measures we’ve taken to defend against exploits and attacks, but also provide recommendations on steps you can take to further secure your hosting.
Account security with shared hosting is a two way street. As a host it’s our responsibility to provide a safe and secure hosting environment at the server and network level. As a customer it’s important you follow best practices to make sure your individual sites, software, or applications aren’t vulnerable to remote exploits that may bypass the protections we have in place. Here’s a quick overview of some technologies we’ve implemented at the server level:
CageFS: CageFS is a technology developed by CloudLinux that places each cloud web hosting client account into their own “cage” on the server. By isolating your account from every other user on the server it is not possible for their activity impact the security and safety of your websites and files. This means even if other users on the server are hacked, and they have malicious PHP files/scripts, those malicious files cannot lead to a security issue with the websites and files inside your own cage.
SecureLink: SecureLink is another OS level security feature that prevents against known symbolic link (symlink) attacks, especially in a cPanel/WHM based environment. This feature works in conjunction with CageFS to further isolate your specific account from the rest of the server.
Imunify360: Imunify360 is a multi-purpose security tool that offers proactive malware scanning, cleaning / quarantining of detected malicious files or scripts, and also web traffic inspection to block requests from known bad actors or potentially malicious traffic. You have the ability to view cleaned and quarantined files, modify how Imunify360 manages malware, and other settings right through cPanel (KB guide here). By default if we detect a malicious file added to your account or notice malicious code injected into an existing file we’ll first attempt to remove just the malicious code from the file. If we are unable to remove the malicious code we will quarantine the file. In both cleaning and quarantining these attempt to prevent spread of the infection to the rest of your account which could lead to a total compromise.
ModSecurity: ModSecurity is another tool that looks for known commands or requests that are often used to exploit a websites software. For example if someone on your website is attempting to execute a request that matches a known ModSecurity rule the request will be blocked and any potential exploit attempts using that request would be stopped.
KernelCare: KernelCare is a technology that allows us to apply kernel level patches for known OS exploits on the fly, and often times long before the upstream developers are able to integrate a patch into their releases. This is particularly valuable as it relates to 0-day exploits for the Linux based operating system we run.
DDOS Protection: At the network level we monitor all of our IPs and look for anomalies in traffic, both incoming and outgoing, to identify not only incoming malicious traffic / DDOS attacks but potentially compromised accounts using our network to launch outgoing attacks. While the outgoing attacks may not impact your sites it’s important we operate a safe network and that includes stopping bad actors from using our services. We also offer proactive “scrubbing” of traffic to drop malicious traffic and let the good traffic through so there is no impact to your sites speed or performance serving legitimate requests.
SPAM Protection: All email sent from our cloud web hosting network accounts is first filtered through our dedicated outgoing email systems. As a result we are able to easily block spam/UCE before it leaves our network. This keeps our IP and network reputation as clean as possible so your outgoing emails are not negatively impacted by bad actors using our services in violation of our TOS/AUP. In the event an IP does have its reputation impacted we can switch to a new mailing IP immediately to ensure your legitimate email delivery is not delayed or bounced.
Steps you can take as a client: While we do our absolute best as a host to keep you safe there are still important steps you as a client can take to further secure your accounts and websites:
Always keep your software/themes/plugins updated: Without a doubt the most common reason a clients account or sites are compromised is running outdated software. Most software based remote exploits are specific to your software and bypass our security protections. It is vitally important you always keep your software/themes/plugins updated! Most software these days offers auto-updates and is something you should strongly consider enabling if possible.
Only install trusted software: Never install software, plugins, themes, or really anything on your account if it is not from a trusted source. Installing anything on your account from an untrusted source or download site comes with a very high chance of the software having a remote exploit included which can be used to compromise your account.
Passwords: Strong passwords are an absolute must! A password is your first line of defense in preventing unauthorized logins, and making sure those passwords are as secure as possible will go a long way in keeping you safe. It is important to use long passwords that are alpha-numeric with special characters so they can’t be easily guessed. Passwords should also never be re-used between sites, every login of yours should have a unique password. We recommend using a password manager such as LastPass or 1Password for simple (but extremely secure) password management.
Use Two-Factor Authetication (2FA) whenever possible: In addition to strong passwords using two-factor authentication (2FA) is another step you can take to secure your logins. With 2FA enabled even if your password is compromised it would still require a second form of authentication, in this case a unique one-time code generated by your phone or tablet, to complete the login. We offer 2FA protection for both cPanel and your client area which we recommend enabling.
Always use SSL: All of our cloud web hosting plans include free SSL for all domains hosted from your account along with secure access to email via webmail/IMAP/SMTP through an email client. It is extremely important, especially over any public networks, that any time you’re logging in to cPanel, your websites software admin panels, or emails, you are using https/SSL.
Keep regular offsite backups: While all of our cloud web hosting plans include free daily backups it is best practice to keep your own remote offsite backups as well. Taking regular backups of all your sites/files will make your life much easier if you do happen to be compromised. Trust us when we say the time involved with taking regular backups is significantly less time than you’ll spend fixing your sites if they’re compromised and you don’t have up to date backups to rely on!
We hope this helps you feel better about the steps we take to keep you safe and also provides a valuable guide of steps you can take as a client to stay even more secure on the web!
Shared Web Hosting
Simple, secure, and reliable cloud hosting
Semi-Dedicated Cloud Hosting
Higher power & more resources
Reseller Cloud Web Hosting
White label & fully customizable
Contact Support