Security Background
Security Isometric image

All-in-one Security Solutions for your websites!

The overall security of our Web Hosting Solutions is achieved thanks to the incredible selection of security components, working together to protect every website from the most common threats and attacks!

Benefits of iohost Security Solutions

Fast Patching

Fast Patching

We will patch any security vulnerability on a server level as soon as it gets reported!
Daily Backups

Daily Backups

Hosting Plans come with a complimentary daily backups as standard!
User Account Isolation

User Account Isolation

Account isolation prevents the users of our Shared Hosting Plans interacting with the of each other!

Protection beyond your expectations!

To provide an all-around security solution for our customers, we have conditionally separated our security efforts and tools into two major Fleets!

Web Server Security

Web Server Security Fleet

Our Web Server Security fleet takes care of every security aspect of our web servers. From surveilling the web traffic to every shared web hosting server to identifying and denying incoming attacks, the security components we utilize are there to protect your visitors and your website from malicious activities!
Web Hosting Security
Environment Security

Environment Security Fleet

Our Environment Security Fleet focuses efforts in identifying and mitigating already existing security threats across all our servers. Protecting our clients against common code injected exploits and regularly performing malware scans across all our servers, our Environment security will prevent malware spread across client's accounts!

Web Server Security Fleet

Every website, no matter static or dynamic, utilizes a web server in order to deliver content to its visitors. Therefore, the webserver is considered as a critical hub for the distribution of malware and the main door that allows exploits to come in and out of the whole web hosting environment. For these reasons, we strongly believe that keeping the "door" closed for exploits and open for legitimate users is probably one of the most significant challenges a web hosting company can face.

Web Server Security

Thanks to the advancements in the Security field, we are able to provide a vast amount of security improvements, so we can mitigate a large percentage of the attacks that try penetrating our Web Servers.

Connections Limit
Connections Level Limits
  • Whenever a client website is being accessed, the connection passes through our Web Servers. Every connection consists of at least two mandatory components – the IP address of the computer initiating the Request and the Request Body. This allows the Web Server to prepare an answer for the request and to send that answer to the IP address that requests it.

    Pretty simple, isn't it? – Yes, but what happens if the requests sent from a single IP address are too many, such as in a DoS attack scenario? - The Web Server gets flooded with millions of requests, and for each, it tries to answer increasing the consumed hardware resources dramatically. To resolve this case, we utilize a security feature called "Connection Limit". It allows for the number of requests per second from a single IP address to be limited to a reasonable amount, thus eliminating the risk of DoS attack to virtually none.

Requests Checking
Requests Checking Service
  • We established that each website visit is associated with an actual connection to our Web Servers, and thanks to the request of that connection, the Web Server can produce web content and return it to the IP address that requested it.

    There is, however, an option that allows for not only the number of connections to be abused but also the request's parameters such as the Request URL Length, Request Header Length, and the Request body Length. These can cause a severe overload of the server when they are abusively large. To prevent that scenario, we are limiting these to values that correspond to regular website visits instead of malicious requests.

    Furthermore, we also deny access to hidden files and the web listing of parent directories. In fact, all directory listings are disabled by default.

WAF
Web Application Firewall
  • There are millions of ways to exploit a vulnerability in a regular Web Server, however as we mentioned by limiting the number of connections and their length, we ensure that no attacks related to these will be allowed. But what if the request is with fitting length and there is only one request?

    For the security of every request, we went even further and implemented a Web Application Firewall Solution (WAF) that inspects every legitimate request for a known vulnerability such as XSS attack or SQL injection. If such an attack is detected, the request is being terminated, and an appropriate message is sent as an answer to the IP address that sent it. If that behavior repeats a few times, the IP address is then banned!

Static Files Checking
Static Files Checking
  • Sometimes the requests sent to our Web Servers are not always for dynamic resources (such as PHP scripts). Instead, the requests are targeting static files (CSS, js, HTML, png, jpg, etc.). However, not always, these static files should be accessible, or at least not always, our customers want these files to be accessible. For that reason, our web server will serve a static file as an answer to a web request only if:

    • β€’ The Static file is readable by everyone (it has at least 444 permissions)
    • β€’ The static file is not executable
    • β€’ The file is not or does not contain symbolic links
DDoS Protection Service
DDoS Protection Service
  • Distributed Denial of Service Attack or DDoS is a type of attack that abuses the allowed amount of concurrent connections per IP address while amplifying the attack by increasing the amount of IP addresses taking part in the attack. In other words, thousands of IP addresses are sending hundreds of requests to a Web Server. That alone is devastating for unprotected servers since this attack completely prevents the webserver from answering the legitimate requests, thus making client websites completely inaccessible. For preventing this, we have implemented Web Server side DDoS protection that consist of:

    • β€’ ModSecurity Integration – It is scanning web requests, blocking the malicious ones and banning the IP addresses that repeat the same request.
    • β€’ Per-IP throttling – This service limits the amount of bandwidth a single IP can generate by sending requests to our Web Servers.
    • β€’ SSL Renegotiation Protection Service – It reduces the amount a single IP address can request for an SSL certificate to be renegotiated with the web server. This reduces the amount of data transmitted between the web server and the IP address sent the requests.
    • β€’ iohost reCaptcha Guard – reCaptcha is known to separate legitimate users from bots or web robots. By utilizing Google's human verification challenges, reCaptcha allows for subsequent malicious requests to be separated from legitimate user access. This is possible thanks to the fact that a human will be able to complete the reCaptcha challenge while a robot or a bot will be unable to do so. If the challenge is not completed, iohost reCaptcha Guard will block the IP address of the request and will return an appropriate message indicating the banning as an answer.

Let your website fly safely thanks to our Web Server security fleet!