Knowledgebase: Pre-Sales
Are your servers secure and reliable?
Posted by - NA - on 2006-10-16 12:59:48 PM

We understand how important web sites and email services are to our customers and we aim to do our best to ensure that the services are available all the time. To try and ensure we achieve this we have the following multi-layered systems in place:

  • On-server: chkservd - cPanel's own internal process/resource monitoring system checks and restarts services if a problem is detected
  • On-server: Resource and process tracking (on a user level and systems level). Allows us to see if a service is likely to fail
  • On-server: Usage restrictions. We have limits on things such as the number of times a POP3 email account can be checked per hour (60: i.e. once per minute), the number of emails which can be sent out per hour from each account (normally 1,200 per hour) and timeouts on the length of time a PHP or Perl script can run. This helps prevent processes from spiraling out of control and consuming all resources along with helping prevent customers sites being abused without their knowledge.
  • On-server: Daily rootkit scanning. This checks the server has not been compromised
  • On-server: Mod_security filtering: To try and prevent customers web sites being exploited via insecure scripts
  • On-server: Firewall. To filter out unwanted requests
  • On-server: Brute force detection logging. If multiple invalid login attempts are made to the server, the source of the attack will be automatically blocked
  • On-server: Regular software updates on every aspect on the server (from "kernel" level to auto-install scripts level)
  • Data center: Monitoring of ping responses to the server and out to the internet
  • Data center: Network wide firewall to filter out unwanted requests
  • Data center: Denial Of Service Filtering to try and block out attacks
  • Data center: Tipping Point network intrusion detection/prevention systems (most data centers)
  • Remote: A geographically/independent monitoring system which checks major services on each server on a regular basis (for example, web pages are checked at least once a minute)
  • Remote: Senior technicians are alerted within 1.5 minutes via SMS text message and on-screen prompts if a MySQL driven PHP page is unable (or takes longer than 30 seconds) to be fetched from a server
  • Remote: Regular reviews of log files, activity and usage by senior technical team and management

Along with this, all hosting orders are automatically screened by our own in-house anti-fraud system which checks various aspects of a customer's order - this is on top of security verifications conducted by our payment processor Worldpay (part of the Royal Bank of Scotland). If an order fails the screening process, we then request additional verification from the customer (proof of credit/debit possession) and conduct several manual verification checks. This helps reduce the chance of a "spammer/cracker" style user becoming active on our servers in the first place.

(20 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).