ScalaHosting – Security Made Better

ScalaHosting - Security Made Better

The number of attacks on the internet are increasing daily. As a result, more and more web sites are getting hacked and used for various abuse related actions. Those include uploading phishing web sites, sending SPAM, flooding networks, cracking passwords and others. The problem is most of the clients are not tech savvy and they don’t know how to secure their accounts and keep them secure all the time. In that way the attacks happening all the time on the internet will not be able to affect them. A compromised account on the server can cause many problems.

First of all, it can SPAM, upload phishing web sites to steal credit cards but it may also be used to compromise other accounts on the server which are not secure. The most recent way used by hackers is creating symlinks to the configuration files of other clients which contain their login information for MySQL. Those details include the database name and the mysql username and password. They can be used to compromise that account. We have an article in our knowledge base about security of web sites which can be accessed at https://www.scalahosting.com/kb/my-account-has-been-compromised-how-do-i-fix-it/ however that article didn’t make our clients to secure all the web sites they host. That is why we decided to do something from our end which would make our clients’ web sites more secure. We implemented a system on all our servers which would find the configuration files of the web sites and change their permissions to 600. That will make those web sites secure and they will not be compromised in case of a local symlink attack which happens very often these days and is widely used. We monitored how the system works and it secured many thousands of web sites across all our servers. We were amazed to see how many insecure web sites are hosted on our servers and we are glad we are able to make them more secure.

We are also adding custom patches for PHP which would give hackers hard time to compromise accounts on our servers. We are updating our mod_security rules as well which will block most of the web attacks.

Clients must still continue to update their scripts and modules to latest version. If they are using an outdated script or module they can still get hacked. Make sure to use hard to guess passwords too.

Was this helpful?

Do you want to make your WordPress/WooCommerce site lightning fast?

We guarantee to make your WordPress site load in less than 2 seconds on a managed VPS with ScalaHosting or give your money back. Just fill in the form below and we will get in touch with you.

Please enter a valid name
Please enter a valid website
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Do you want to learn how to grow your website in 2023?

An all-star team of SEO and web influencers are sharing their secret knowledge for the first time in years. You will learn about:

  • What is the future of SEO and how you can be ahead of the curve
  • Web Design best practices and why they matter
  • Secrets to getting the foundation for your website to thrive

An Exclusive Insiders Look Behind The SEO and Web Development Curtain