Data protection in shared web hosting plans
I am sure that every person using shared web hosting services is concerned about the protection of their data especially when there are other people on the same server who can try to compromise it and steal data. Scala Hosting works on improving security of our shared hosting servers and there is always a lot to do in that regard. I will share some of the things we do and they happen behind the scenes hidden from the customers` eyes. We have developed custom security software which scans all files within the public_html directories of the clients and looks for configuration files and other files which contain sensitive information such as mysql login details and fixes their permissions in case they are wrong. When a web site is compromised on a server in many cases the attacker looks for files with insecure permissions which he has access to in order to steal login details which can later be used to compromise more web sites. That’s why it is important to keep the permissions of such files set to 600 or even 400. In that way noone else will be able to read them except you.
Another good feature of our security system is that it scans the logs regularly to catch malware and notify us to take actions. We also use mod_security with rules being updated on weekly basis to block most of the attacks that come to customers’ web sites. ClamAV is installed on all servers to scan for viruses and not allow malicious files to be uploaded to the server via ftp, the file manager or the web server. Additionally, our security system tracks all running processes on all servers 24/7 for malicious activity and we get notified if such activity is detected to take the necessary measures. Those measures are applied to all cheap web hosting and reseller hosting plans. That doesn’t mean customers should keep their web sites insecure and think that their data is safe. Keeping all scripts, plugins, themes/skins up to date, using hard to guess passwords, setting secure permissions, disabling public access to your backend admin area is a must if you don’t want to have issues with hackers.
Even if you manage to handle all of the above it is still not enough. A backup is required as well and if you want to do it 100% professionally it’s best for the backup to be saved to a remote server which has nothing to do with the server your web site is hosted on. That will dramatically increase the chance of the server getting broken and losing all data including the backups. Scala Hosting provides 7 backup recovery points to their clients of web and reseller hosting on a remote server but still it is highly recommended to keep your own backups just to be on the safe side. The worst can always happen. Be prepared for the worst and your data will be safe.