Web hosting servers carry a lot of precious data. Business owners and hobbyists alike rely upon their web hosting provider to keep their digital assets safe and secure.
On the other side of the coin, exploiting websites is an extensive, relentless and unfortunately sometimes lucrative world for those that participate in it. It’s a constant battle keeping would-be hackers and users with malicious intent at bay. Below, we’ve outlined some of the main security tools and tactics that web hosts use to keep their servers safe from harm.
CXS
CXS stands for Configserver eXploit Scanner. It’s responsible for scanning all files on the server for anything that’s malicious, or could be used for anything malicious. CXS scans files as they enter the server, while also routinely going back and scanning all existing files on the server in case they have changed. When it finds a vulnerable file, it stores it in a quarantined directory, so that it can’t be executed by any malicious actors.
ModSecurity
ModSecurity (aka ModSec) is an open-source web application firewall, commonly referred to as a WAF. It is responsible for monitoring HTTP traffic and detecting and blocking requests that match certain malicious patterns. This may include SQL or Javascript injections, cross-site scripting (XSS) and various other attack types. Sometimes, while editing a website or application, you may be blocked by hitting a ModSecurity rule as a false positive. This results in a 403 (forbidden) error, as you’re being blocked from executing something that the ModSecurity rules deem to be potentially malicious. You can usually contact your web host to request that your false-positive action be whitelisted, to prevent it being blocked in future.
SSL Certificates
SSL (Secure Sockets Layer) certificates encrypt data sent between the client and the server, which can help prevent man-in-the-middle (MITM) attacks, and user data from becoming compromised. Typically, an SSL certificate is most important for eCommerce sites, or any sites that handle credit card transactions. However, with recent developments to how different browsers (such as Chrome, Sarari, etc) treat websites without an SSL certificate, we’re at a point in time where it’s an essential requirement for all websites to have an SSL certificate, regardless of whether they handle transactions or not.
A couple of consequences of not having an SSL certificate include browser warnings telling your website’s visitors that your website is insecure, which greatly discourages trust and engagement. Search engines can also give preference in rankings to websites that are secured by an SSL certificate.
Fortunately, it’s never been easier to obtain an SSL certificate for your website, thanks to free SSL certificates that certificate authorities like Let’s Encrypt and Sectigo/Comodo provide. cPanel even has an ‘AutoSSL’ feature, to automatically issue free SSL certificates for your site.
Hardware Firewall
A hardware firewall provides an additional external layer of security that figuratively sits in front of your server. Its primary function is to scan any traffic that’s heading to your server and identify anything that’s potentially malicious before it ever reaches your website. You can also block IP addresses, or IP ranges, on your hardware firewall.Â
An external hardware firewall is especially beneficial because it means that your server’s own internal software firewall (like CSF/iptables) doesn’t need to do as much work. When your server is under less load, it means that it can focus resources on its primary function; serving websites. Having said that, it’s very important to have layered security, which means having both a well-configured software firewall in addition to the hardware firewall.
DDoS (Distributed Denial-Of-Service) Protection
DDoS attacks are when a group of (usually compromised) systems are used in unison to target another server and flood it with traffic, in an attempt to overload the targeted server and disrupt normal operation. This can especially be an issue for website hosting providers. Someone may not like a particular site using one of their web hosting servers and will try to bring it down with a DDoS attack. Being a web hosting server catering to many customers, this can cause problems for all other accounts that reside on that same server.
DDoS protection is capable of detecting when an attack is happening and will filter out targeted DDoS attacks at a network level before they reach the destination server. If it’s working well, end-users should never even know an attack is occurring.
CloudLinux
CloudLinux has a whole range of incredibly useful features, but where it really shines is for shared web hosting. Security-wise, it contains software called CageFS. CageFS is responsible for “jailing” or “boxing” each hosting account into their own virtual environment, which prevents them from being able to see or interact with other users and their accounts and data. This helps with a lot of the security issues of conventional shared hosting – such as one malicious script on one account infecting the entire server.
CloudLinux is also responsible for ensuring no user can use any more server resources than what they’re allocated. For example, CloudLinux can enforce an account to only use 100% CPU and 2GB Memory. This means that if that particular hosting account experiences very high traffic or malicious activity, it won’t hold up all of the server’s resources and impact the other hosting accounts sharing the same server.
As always, if you have any questions about this post or our shared hosting, VPS, reseller or dedicated server plans, simply call us on 1300 MY HOST (694 678) during business hours, or submit a ticket through our Support Portal and one of the crew will be in touch!