We take server security very seriously. Whilst the majority of hosts will run your web site expecting the client being responsible for the security, we run several layers of security on all our cpanel servers.
Our security runs "server side", so attacks are prevented BEFORE they reach your web application. Most hosting companies will recommend you use a plugin or filter within your web application which is "fine but it can be a performance inhibitor for your hosting.
In short, we have 6 security layers in place to protect our servers and your data.
LAYER 1 : DDOS PREVENTION
Our datacentre in Germany provides a physical hardware firewall in front of our servers to prevent DDOS attacks.
LAYER 2 : ADMIN ROOT ACCESS
Root access to our servers is with SSH keys only, through authorised IP's and via custom SSH port. Root password is disabled by default. Default SSH port is disabled by default. This ensures that the malicious actors do not have access to SSH ports for root vulnerability scanning and prevents casual and determined hackers from penetration testing.
LAYER 3 : IMUNIFY360 FIREWALL
This is the best in class software firewall system complete with Web Application Firewall (WAF) which detects SQL Injection, XSS, failed login attempts to common web applications like wordpress, drupla, joomla etc, upload scanning, active monitoring + more. You can read more about imunify360 at www.imunify360.com
LAYER 4 : MALWARE MONITORING
We run a secondary third party malware scan which scans the clients files daily for malware and alerts our security team to any suspicious looking files that could possibly be malware. We then alert the client as to the malware found and what action to take.
LAYER 5 : JAILED ACCESS FOR CLIENT ACCOUNTS
We run our systems with Cloud Linux which offers a unique jailing process, so that if one hosting account is compromised, that account does not affect any other hosting account on the system. The jailing process also prevents other clients accessing other clients hosting accounts.
LAYER 6 : SECURE ACCESS FOR CLIENTS ACCOUNTS
We allow our clients to access their hosting accounts with SSH and FTP with TLS/SSL. We disable plain text FTP which is insecure. Whilst client are permitted to access their own hosting accounts with SSH username and password, we also provide and recommend that access is made with SSH keys. For added security, SSH connections are made on a custom port. In addition, Mysql can be accessed remotely only via authorised IP's set by the client in their Cpanel. Cpanel access is forced with SSL so at all times your login data is encrypted at all times.
DISCLAIMER: We do take every reasonable effort and then some to ensure that your data is secure as possible whilst giving you the freedom to manage your data online. We can never guarantee 100% that your data is completely secure, however the layers as listed above put alot of obstacles in place to prevent malicious actors accessing your data in an unauthorised manner.