Reclaim Hosting. We will ensure that your hardware and software is regularly updated and patched to guarantee consistent performance.
Upstream software providers (cPanel, WordPress, etc) have their own schedules with a rolling update pattern that does not follow a set schedule. On client request we can disable automatic updates and instead set a customer-defined window for patching. Except in rare occurrences, security patches and updates to the server do not require any downtime and it is not advised to disable these updates unless you plan to regularly manage this internally.
Reclaim Hosting follows Installatron’s timeline for application-level updates. Application-level updates are managed by the end-user. Configuration settings allow for updates to be pushed out automatically or manually after personal testing has been completed.
Reclaim Hosting has protection like active web firewalls and monitoring in place for our environments. Additionally, we can do penetration testing upon request and depending on the nature of the setup this could involve an additional fee. You are also certainly welcome to work with a third party to have this done if you wish.
While not specifically designed to stop brute force attacks, we are running an infrastructure-wide firewall (Bitninja) and a server-level firewall (CSF) on the server. Both firewalls have settings to block malicious traffic, including repeated requests from IP addresses that are characteristic of a Brute Force attack. Similarly, there is the option to install the mod_evasive module for the Apache web server. While this module is built to mitigate DDoS attacks in particular, both DDoS attacks and Brute Force include repeated requests from IP addresses to the server, and installing it may still be useful. On an account-level, cPanel auto-generates random passwords for all accounts. On an application level, in particular WordPress, we recommend using the Limit Login Attempts Reloaded plugin. This is not included by default, but we can get this added as a default plugin, and install it en masse on existing WordPress sites.
Due to performance reasons we do not enable disk encryption at the server or backup level. cPanel does not support web hosting through an encrypted disk so it is not an option. For backups we do have the option and the customer can choose whether to enable it at the risk that with encrypted backups if there if the master key is lost we will not have access to the backups (for example in a disaster recovery scenario). You can read more about this at here.
Staging/testing environments are priced based on the scale of the project, and are added quote upon request.
We use a dedicated Ansible server with private/public keypairs for server configuration management in combination with a custom scripts for provisioning. SSH key rotation is part of our information security policy.
Malware, intrusion detection, and prevention are all features of Bitninja, the firewall software we use. You can read more about these features at https://bitninja.io/features
The cPanel server is running rsyslogd, which can be configured to forward the logs. If the logs need to be forwarded another way, we will need more information.