What Security does Webline-Services Provide?
Webline-Services provides a number of security measures to protect our servers and prevent your account from being compromised through the server itself. Although our servers are secure, security breaches of your website and your personal account due to vulnerable passwords or known exploits in the software that users choose to have installed on their server cannot be prevented with general server security.
By being familiar with common forms of attacks, you can be sure that your account is secure against preventable compromises that you are in control of, and be better prepared to recover from the compromises that catch you by surprise.
What is the user’s responsibility?
You are responsible for the security of any passwords, settings, or software that you have the access to change or install on your account. By hosting on Webline-Services servers, you have agreed to be fully responsible for all use of your account and for any actions that take place through your account. It is your responsibility to maintain the secrecy of your password and other information related to the security of your account.
It is your responsibility to ensure that scripts/programs installed under your account are secure and permissions of directories are set properly, regardless of the installation method. When at all possible, set permissions on most directories to be as restrictive as possible. Users are ultimately responsible for all actions taken under their account. This includes the compromise of credentials such as user name and password. You are required to use a secure password.
Being aware of these responsibilities is important, as an account that is found to be compromised may be disabled and/or terminated per our Terms of Service. Failure to clean your account after being notified by Webline-Services of an ongoing issue may result in having your account suspended. Upon your request, Webline-Services may clean-up your account for an additional fee.
Update Scripts and CMS Installations
The vast majority of account compromises are caused by malicious users who have found exploits in scripts installed on an account. Therefore, the best advice we can offer is to make sure that all CMS ( ie: WordPress, Joomla, etc. ) installations, as well as any related themes, plugins and other add-ons, are kept up-to-date. Most CMS software has an option to update from within the administration panel.
Update Passwords
Another common form of compromise is due to exploited passwords. These compromises can occur in one of two ways: a brute force compromise or through virus/malware on a local computer.
Brute Force Compromise
In a brute force compromise, the attacker will repeatedly guess the password until the correct combination is guessed. Our servers do have brute force protection enabled and will block any ip making multiple failed login attempts. This can not block everything though, so we suggest creating a complex password made up of at least three of the four major character types.
- Uppercase Letters (A-Z)
- Lowercase Letters (a-z)
- Numbers (0-9)
- Special characters (-_.,!@#${fbec33fc5f2aafdeb19ecb4383fd764f31e3f76a940086f681b29f1cdf128405}^&*)
When updating passwords, we also suggest that you do not use previously used passwords. This is due to the fact that once a password has been compromised, it has become a liability indefinitely. So, if a password is used again, the account will most likely be compromised again.
Viruses and Malware
Another form of password compromise occurs when account passwords are stolen using viruses/malware located on local computers from which accounts are accessed. This malware sniffs out passwords used and stored by FTP and other programs. In order to protect against this form of attack, full virus and malware scans should be run on all computers which access the account to ensure that they are clean.
Make Regular Backups
Be sure to make regular backups of your account in case there is a compromise. We at Webline-Services make weekly backups for Shared, Reseller, and VPS accounts, we will restore a backup for free when you provide your own backup.
