Server Security

Managed hosting is included on all of our VPS and Dedicated Server orders that utilize an installed and supported control panel (cPanel/Plesk). Managed web hosting is ideal for companies that choose not to incorporate an internal IT staff as a part of their business infrastructure or simply want to free up their IT staff to focus on other proprietary tasks.

At first, many companies are skeptical about turning over their server management and/or web hosting to an external provider. With our highly trained professional staff and years of web hosting experience, you can rest assured that you're in good hands. Those who do choose to utilize HostDime's managed services find that IT outsourcing with us can actually save them time & money while allowing their team to laser focus on the core elements and business initiatives that are most important to their workflow.

Here at HostDime, we feature managed service options on our complete product line of Linux OS Based servers (which are deployed with cPanel pre-installed as the control panel) and on our Microsoft Windows Server OS based servers (which are deployed with the Plesk control panel). But, we don't stop there. Although we specialize in Linux/cPanel Microsoft & Windows/Plesk servers, it is important to stress that we also offer a plethora of other managed services. (Feel free to reach out to our sales team at anytime to inquire about fulfilling your specific needs)

We are always following (and often innovating) the latest developments in our industry. This helps us carefully monitor the road ahead, closely looking out for any potential bumps that may impact our clients. Through our extensive research, testing and development of best practice support, you can always look forward to rock solid reliability in our services now, and into the future.

Security is of paramount importance on today's internet. We pay special attention to each server's security to provide peace of mind for our clients. All HostDime servers undergo a ten point security inspection when they are deployed.

Point 1: Check kernel version.The Linux kernel is the core system program of every Linux system.. We always check your kernel version to make sure there are no known exploitable vulnerabilities. If any kernel vulnerabilities are discovered, we will update it immediately and contact you to schedule a reboot.

Point 2: Check PHP settings. There are several PHP settings that we recommend be disabled on servers that do not require them.

• "allow_url_fopen" This setting allows PHP to treat any URL as if it were a file. This poses a security risk for certain PHP applications that do not correctly sanitize include and fopen statements. Most applications do not require "allow_url_fopen" and we strongly recommend that this be disabled (especially for servers running PHP4).
• "allow_url_include" This setting was introduced in PHP5.2. Having "allow_url_include" disabled can allow PHP5.2 users to safely enable "allow_url_fopen" if it is needed by an application. Almost no PHP applications require that "allow_url_include" be enabled. For this reason we recommend that "allow_url_include" always be disabled.
• "register_globals" This setting allows global PHP variables to be set at runtime through a URL. Having it enabled could allow attackers to modify arbitrary PHP variables. This can lead to SQL injections, arbitrary code execution, and other exploits for vulnerable PHP applications. We generally recommend that "register_globals" be disabled.
• In addition to these three PHP settings, we also recommend that certain vulnerable PHP functions be disabled. In doing so, the effectiveness of PHP shells and other PHP based malware is reduced. The list of functions that we generally recommend that users disable is as follows: dl, exec, shell_exec, system, passthru, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid.

Point 3: Check apache mod_security ruleset. Apache mod_security is a software firewall which scans incoming HTTP requests for known exploits. We maintain an internal ruleset for many known exploits. We always check to ensure that the latest ruleset is installed on a server prior to its deployment. Optionally, we can configure your server to daily update its ruleset to ensure that your server is always using our latest ruleset.

Point 4: Check CSF/LFD configuration. CSF/LFD is a software firewall suite which supports automated brute force detection and prevention, process tracking, SYN flood protection, and a wide range of other automated security features. We install and configure CSF/LFD on all our standard Linux servers by default.

Point 5: Check system binaries. We audit your server's system binary package versions (such as BIND, apache, udev, etc.) to ensure that they are up to date and not vulnerable to any known exploits.

Point 6: Configuration partition mounting options. We change configuration on partitions to lessen risk of filesystem-based attacks, as well as reduce I/O overhead.

Point 7: Disable typically un-needed services. We disable services that are not commonly used to ensure to help ensure the security of the server.

Point 8: Deploy an initial security-focused configurations. We deploy initial security-focused configurations for MySQL, Exim, Cpanel, FTP, SSH, PHP.

Point 9: RKHunter. RKhunter is a program designed to scan your server for known rootkits and detected modified system binaries. We install RKHunter and initialize its state database.

Point 10: BusyBox. We install BusyBox and take steps to ensure its availability even if someone would chmod/chown recursively on /, whether accidentally or not.