Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

Hosting Discussion > Web Hosting Forums > Web Hosting Discussion > Security Aspects for Hosting Business
forgot password?



Reply


Old
  Post #1 (permalink)   10-28-2014, 05:13 AM
HD Addict
 
Join Date: Feb 2014
Posts: 143

Status: Leasedlayer.com is offline
What are security aspects should be considered by the Hosting Providers while providing the services to the clients?
 
 
 
The Following User Says Thank You to Leasedlayer.com For This Useful Post:
rafalfaro_18 (11-02-2014)


Old
  Post #2 (permalink)   10-28-2014, 09:55 AM
HD Community Advisor
 
ughosting's Avatar
 
Join Date: Jan 2011
Location: London
Posts: 608

Status: ughosting is offline
1) Ensure the customer is who they say they as far as possible.
2) Ensure customers cannot see each others files or usernames (that includes processes) on your systems.
3) Use something like CSF+LFD to keep hackers out.
4) Ensure they cannot upload malware or viruses, through httpd, ftp, ssh etc.
5) Have a "strong" password policy.
__________________
DDoS Protected, LiteSpeed + LiteMage on CloudLinux with SSD Disks, R1Soft, Softaculous, SIteBuilder, BitNinja, LetsEncypt & Patchman
UnixGuru: Accounts with 1-16 CPU Cores, 2-32GB RAM. Why use a VPS?
█ Choose from Shared, Reseller and Elastic-Sites Hosting
 
 
The Following User Says Thank You to ughosting For This Useful Post:
rafalfaro_18 (11-02-2014)


Old
  Post #3 (permalink)   10-31-2014, 08:43 AM
HD Master
 
Join Date: Sep 2014
Location: India
Posts: 271
Send a message via Skype™ to 24x7server

Status: 24x7server is offline
Hi,

There are several things that has to be planned out and applied.
1. Spamming:
2. Log monitoring.
3. Regular full server scanning --> Helps to find malicious scripts or infections.
4. Checking the backup status.
5. Secure your server to make it hard to be hacked --> Hacking the most and foremost security point.
__________________
www.24x7servermanagement.com
Server Management, Server Security, Server Monitoring.
Network Monitoring Team !! Skype: techs24x7
 
 
 
The Following 2 Users Say Thank You to 24x7server For This Useful Post:
rafalfaro_18 (11-02-2014), securewebcloud (11-04-2014)


Old
  Post #4 (permalink)   10-31-2014, 01:05 PM
HD Newbie
 
Join Date: Nov 2012
Posts: 10
Send a message via Skype™ to NetworkPanda

Status: NetworkPanda is offline
First of all, use an anti-fraud system to prevent as many fraudulent orders as possible. MaxMind and FraudRecord are necessary. They will save you from a big number of fraudulent customers, spammers and customers who will attempt to host malware or phishing sites.

Then, run every day a full virus scan on the server. Check the exim log for messages with subject which looks spam. Restrict access to SSH ports only to trusted IP addresses, change the default SSH port and use SSH keys to login.
__________________
Network Panda
Shared hosting: Servers in USA, Canada, UK, France, Germany and Netherlands
cPanel, 5-40 GB SSD disk space, FFMPEG, Softaculous scripts installer
VPS Hosting: 1-4 Xeon CPU cores, 512 MB - 4 GB RAM, optional cPanel/WHM
 
 
 
The Following 2 Users Say Thank You to NetworkPanda For This Useful Post:
rafalfaro_18 (11-02-2014), securewebcloud (11-04-2014)


Old
  Post #5 (permalink)   11-01-2014, 04:06 AM
HD Newbie
 
Join Date: Oct 2014
Posts: 28

Status: r9host is offline
These are a few security tips.

1) Using Fraud Protection
2) Using Firewall such as CSF and configuring it precisely.
3) Using Exploit Detector such CXE
4) Using Anti-Virus such as ClamAV
5) Hardening PHP and disabling functions that can be used by shell scripts
6) Changing SSH Port
7) Hardening Web Server such as disabling SymLinks and using SymLinksIfOwnerMatch instead

Please keep in mind considering very very high security level such configuring firewall very restrictively may cause issues with accessibility and confortability foryour customers. Customer confortability is an important aspect of hosting.
__________________
cPanel & Windows Shared Hosting | 99.9% Uptime Guarantee
cPanel & Windows Reseller Hosting
Virtual Dedicated Servers | Ddicated Servers
www.R9Host.com | +1-347-2363076
 
 
 
The Following User Says Thank You to r9host For This Useful Post:
rafalfaro_18 (11-02-2014)


Old
  Post #6 (permalink)   11-02-2014, 09:52 PM
HD Newbie
 
Join Date: Nov 2013
Posts: 34

Status: hostlatte is offline
A web hosting company should aware of,

1) A working & most secure Firewall protection.
2) Server configuration should be good to stop the known hacking
attempts.
3) Upload file types & should have an eye on all the uploaded files so
that any disaster can be stop.
4) Should have strong password policies and limit to unauthorized login
attempts
5) Should have a close eye on Email Blacklists if they found something
malicious from emails sent out through our servers.
6) Anti DDOS/SYN attack policy must be strong.
__________________
Regards,
Delicious, Affordable & Reliable Web Hosting Providers.
Year on Sale!
 
 
 


Old
  Post #7 (permalink)   11-03-2014, 12:51 PM
HD Amateur
 
Join Date: Sep 2014
Posts: 82

Status: King-Servers is offline
Its major responsibility of web hosting service provider to manage and provide quality services to client. It includes server updates, monitoring, block attacks, recognize spamming, using strong password policies, firewall security etc.
 
 
 


Old
  Post #8 (permalink)   11-22-2014, 12:40 AM
Account Disabled
 
Join Date: Mar 2012
Location: United States
Posts: 165
Send a message via Skype™ to interservermike

Status: interservermike is offline
Major Malware Threats Facing Web Hosting Providers
  • FTP credential compromise
  • Web application vulnerabilities
  • Outdated CMS vulnerabilities
  • Insecure server configurations
  • Third party add-ons
 
 
 


Old
  Post #9 (permalink)   11-22-2014, 02:45 AM
HD Addict
 
HostZealot's Avatar
 
Join Date: May 2010
Posts: 148
Send a message via ICQ to HostZealot Send a message via Skype™ to HostZealot

Status: HostZealot is offline
In reply to all voters for FraudRecord. We implemented this module, but it is REALLY overrated, incomplete and inconvenient. Manual processing of each order and manual check of existing database consumes way too much time and effort. A little automation would make this module much better and greatly more popular.
__________________
HostZealot - your content is online, always :)
Shared hosting | VPS hosting | Dedicated servers | Domain registration | SSL certificates
7 Global locations: Amsterdam, Ashburn, Chicago, Hong-Kong, London, Stockholm, Toronto
 
 
 


Old
  Post #10 (permalink)   11-25-2014, 03:08 PM
HD Addicted
 
IkY0294's Avatar
 
Join Date: Dec 2008
Location: Brooklyn
Posts: 563

Status: IkY0294 is offline
Keeping security tight and most of all secured is a very important thing all around ..


Keeping scripts and software up to date with the latest version out can help prevent yourself from being a target for hacks..

Ensure all clients use strong long passwords that include numbers , letters and symbols lowercase and high case.

Make all clients change their passwords every 3 months or so.

If you have WHMcs go and read their guide on how to secure it by changing directory name for admin cp and even moving some files around what not changing someethings.

Always remove files from your site that you no longer need or have no use for it.



Always do fraud checks on clients you don't want to provide service to a hack where he can be using the service and in the same time finding a back door to bring down your business.

There are a lot and I mean a lot more tips and tricks to perform to ensure that your site is safe. But theres always a way for a hacker to get into your site or do what ever they want you just need to ensure that you are able to make it hard for them so that then they can try and quit or not try at all.
__________________
Who has the coffee pot?
 
 
 


Old
  Post #11 (permalink)   11-26-2014, 09:14 AM
HD Newbie
 
Join Date: Jul 2013
Posts: 28
Send a message via Skype™ to brentpresley

Status: brentpresley is offline
In addition to network security, keep in mind that some of the clients you host can get you into trouble, even if you keep your nose clean.

We found this out when the department of homeland security came knocking with a warrant for a server of a client of ours.

No joke, took over 2 years to get that server (minus hard drives) back.
__________________
Brent Presley - brent@innoscale.net
Innovative Scaling Technologies Inc. - Enterprise Cloud Hosting and Support
24/7 Dedicated Support, Call us @ 1-888-722-8515
www.innoscale.net - Ashburn - Dallas - Seattle - Amsterdam
 
 
 


Old
  Post #12 (permalink)   11-27-2014, 11:28 AM
HD Newbie
 
Join Date: Feb 2013
Location: Lithuania
Posts: 16

Status: Bacloud is offline
In addition you can use fail2ban on all services
 
 
 


Old
  Post #13 (permalink)   11-27-2014, 11:41 AM
HD Newbie
 
Join Date: Apr 2014
Posts: 35

Status: HH-Josh is offline
Quote:
Originally Posted by HostZealot View Post
In reply to all voters for FraudRecord. We implemented this module, but it is REALLY overrated, incomplete and inconvenient. Manual processing of each order and manual check of existing database consumes way too much time and effort. A little automation would make this module much better and greatly more popular.
Completely agree with this. It's a great system if it could only be automated and improved in the right ways. Our sales team have picked up a few fraudulent orders using Fraud Record. We still use other systems this is just something we've implemented for additional security.
 
 
 


Old
  Post #14 (permalink)   11-30-2014, 02:44 AM
HD Newbie
 
Join Date: Oct 2014
Location: Arizona
Posts: 30

Status: AlliedHost is offline
Quote:
Originally Posted by ughosting View Post
1) Ensure the customer is who they say they as far as possible.
2) Ensure customers cannot see each others files or usernames (that includes processes) on your systems.
3) Use something like CSF+LFD to keep hackers out.
4) Ensure they cannot upload malware or viruses, through httpd, ftp, ssh etc.
5) Have a "strong" password policy.
- Not to mention using a very stable set of modsec rules to ensure stupid "hacks" cannot be used. This also helps control the outbreak of hijacking of sites with outdated scripts and poor coding.
__________________
- Joshua D.
Chief Executive Officer
Epic Holdings Inc. - Parent company of:
Allied Host.com
 
 
 


Old
  Post #15 (permalink)   12-07-2014, 12:28 AM
HD Newbie
 
Join Date: May 2014
Posts: 28

Status: EnveraHost is offline
Something that hasn't been added is stopping customers from getting IP's blacklisted. This is very important and also tells you if customers are misusing IP's for email spam, hacking etc.
 
 
 
Reply
Previous Thread Next Thread


Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: