To provide an all-around security solution for our customers, we have conditionally separated our security efforts and tools into two major Fleets!
Every website, no matter static or dynamic, utilizes a web server in order to deliver content to its visitors. Therefore, the webserver is considered as a critical hub for the distribution of malware and the main door that allows exploits to come in and out of the whole web hosting environment. For these reasons, we strongly believe that keeping the "door" closed for exploits and open for legitimate users is probably one of the most significant challenges a web hosting company can face.
Thanks to the advancements in the Security field, we are able to provide a vast amount of security improvements, so we can mitigate a large percentage of the attacks that try penetrating our Web Servers.
Whenever a client website is being accessed, the connection passes through our Web Servers. Every connection consists of at least two mandatory components – the IP address of the computer initiating the Request and the Request Body. This allows the Web Server to prepare an answer for the request and to send that answer to the IP address that requests it.
Pretty simple, isn't it? – Yes, but what happens if the requests sent from a single IP address are too many, such as in a DoS attack scenario? - The Web Server gets flooded with millions of requests, and for each, it tries to answer increasing the consumed hardware resources dramatically. To resolve this case, we utilize a security feature called "Connection Limit". It allows for the number of requests per second from a single IP address to be limited to a reasonable amount, thus eliminating the risk of DoS attack to virtually none.
We established that each website visit is associated with an actual connection to our Web Servers, and thanks to the request of that connection, the Web Server can produce web content and return it to the IP address that requested it.
There is, however, an option that allows for not only the number of connections to be abused but also the request's parameters such as the Request URL Length, Request Header Length, and the Request body Length. These can cause a severe overload of the server when they are abusively large. To prevent that scenario, we are limiting these to values that correspond to regular website visits instead of malicious requests.
Furthermore, we also deny access to hidden files and the web listing of parent directories. In fact, all directory listings are disabled by default.
There are millions of ways to exploit a vulnerability in a regular Web Server, however as we mentioned by limiting the number of connections and their length, we ensure that no attacks related to these will be allowed. But what if the request is with fitting length and there is only one request?
For the security of every request, we went even further and implemented a Web Application Firewall Solution (WAF) that inspects every legitimate request for a known vulnerability such as XSS attack or SQL injection. If such an attack is detected, the request is being terminated, and an appropriate message is sent as an answer to the IP address that sent it. If that behavior repeats a few times, the IP address is then banned!
Sometimes the requests sent to our Web Servers are not always for dynamic resources (such as PHP scripts). Instead, the requests are targeting static files (CSS, js, HTML, png, jpg, etc.). However, not always, these static files should be accessible, or at least not always, our customers want these files to be accessible. For that reason, our web server will serve a static file as an answer to a web request only if:
Distributed Denial of Service Attack or DDoS is a type of attack that abuses the allowed amount of concurrent connections per IP address while amplifying the attack by increasing the amount of IP addresses taking part in the attack. In other words, thousands of IP addresses are sending hundreds of requests to a Web Server. That alone is devastating for unprotected servers since this attack completely prevents the webserver from answering the legitimate requests, thus making client websites completely inaccessible. For preventing this, we have implemented Web Server side DDoS protection that consist of:
Every website operates within a particular directory on the web hosting environment where all the files associated with the website are being hosted. In many cases, these files might get infected by an attacker with the purpose of those being abused for either further attacks or for the extraction of personal information by the visitors of the infected website.
To provide an all-around security solution that is comprehensive enough to cover any security risk, we are obligated to defend our web hosting environment along with our web servers. Here is how our Environment Security Fleet protects our clients' web hosting accounts:
Thanks to a unified security dashboard for all our Shared Web hosting Servers, our System Administrators will always monitor the security incidents across all our servers so those can be mitigated immediately!
Our firewall uses herd immunity and AI to identify and protect any network resource part of the HostArmada infrastructure. Our firewalls are capable of defending our customers against any Brute force attack, DoS attack, and of course, port scans. The successful integration of our network firewall with Mod Security allows for the majority of Web Application attacks to be mitigated even before they were initiated.
For lowering the risk of False Positive results, our Firewalls are utilizing reCAPTCHA protection, meaning that for every suspicious visit, our firewall will present a reCAPTCHA challenge, which, if completed successfully, will allow the visitor to access the requested resources.
Thanks to a vast list of commonly known attacks and exploits, our Prevention system will block any request that is considered malicious. Furthermore, our Intrusion Detection System will constantly monitor the server logs for suspicious activity such as login failures, potential exploits, DoS attacks. If such is detected, our system will ban the source.
To provide a comprehensive all-in-one security solution, we believe that first, we should make our environment safe from exploits or code injected malware. To do that, our Security solution performs automated security scans for all websites hosted on our web hosting environment.
Thanks to these scans, we are able to quarantine any files that are infected, thus making our clients' websites more secure for the visitors. Furthermore, each client is provided with the option to initiate a security scan via the control panel whenever the client decides.
Sometimes relying on malware definitions and scans only is not enough. With the increasing amount of security solutions, the amount of exploits grows as well. This makes proactive security solutions more and more a necessity since they no longer match the code of a script against known security threats. The proactive security analyzes the behavior of the script during its execution. If the script execution is evaluated malicious, then the file of the script is being quarantined, preventing its further execution.
In many cases, the OS of the server has to be patched regularly. This requires server reboots, which are causing downtime for all the customers hosted on the same server. Thanks to our OS Patch Management Feature, we are applying security patches to the OS of the server, the PHP versions, and other software products without the need for the server being rebooted. Thus, reducing the downtime of the websites hosted on our server to a minimum and at the same time increasing the security of the environment dramatically.