Security System – past and present
In a previous article I told you more about the meaning of "security" in the context of SuperHosting.BG and the most common attempts to compromise customer websites and emails. Today, I will talk about how our protection measures against malicious actions changed through the years.
We at SuperHosting.BG have always paid great attention to the security of our customers. We have always tried to keep our infrastructure protected to the greatest extent, therefore we use various technologies that allow our equipment operating systems to be always up-to-date. However, there was still room for improvement in order to take the customer website protection to the next level. A while ago we conducted our explanatory "Security Campaign“, which aim was to improve the knowledge of our customers regarding their website security. Our first article from the campaign, How to improve your website security in 10 steps, is still very relevant.
In the beginning of 2013, the number of the so-called Brute Force attacks against WordPress websites increased significantly. The Global Brute Force attack against WordPress websites article describes such an attack that affected all our customers. The aim of those attacks is to "gather" a maximum of websites to which the malicious persons have access and to use them for other "bad" activities later on.
However, this was not acceptable to us. We quickly gathered a team which found a sustainable solution against such activities. This resulted in the first release of our Security system. Foundations have been laid!
After the initial release that helped us handle the WordPress and Joomla Brute-Force attacks, we defined the main goals we would like to achieve with our Security system:
- Decreasing or even completely eliminating the cases of "hacked" customer websites;
- Neutralization of distributed Brute Force attacks;
- Improved operation of our entire infrastructure;
- Reduction of the used resources (CPU time in particular), caused by malicious traffic;
- Prevention of SPAM being sent from our infrastructure;
- Prevention of customer account use to start attacks towards third parties.
Some of our long-term goals also include:
- Cleaning of all customer websites which may be compromised or in other words – malicious code removal;
- Regular maintenance and scanning of customer websites for uploaded malicious code;
- Transformation of SuperHosting.BG into a hosting company offering a maximum level of security.
In summary, we wanted to proactively protect our customer websites and emails from hacker attacks in the broadest range possible. We wanted our customers to feel secure with us and not to be concerned about the information and business they have entrusted to us. This is something that our customers expect from us and we had to meet their expectations.
Last but not least, when active the Security should not interfere with customer websites, cause slowdowns or generate the so-called false positives.
Stay tuned for the next blog article, which will go further in detail about the types of protection and their content.