When you choose Clear Mind Graphics to host your website, you never have to worry about calling tech support to help with your website URL registration! CMG offers your website remote servers where your website, website applications, and data backups are stored. This protects your website in the occurrence of power outages or other anomalies so your website enjoys optimal performance with limited downtime. Be assured that CMG can quickly resolve any technical glitches on your website so you don’t miss potential customers visiting your website. CMG also has you covered if your website requires a bigger, customized server solution and backup system!
Our servers include the following technical specifications to meet all your website needs.
- Server Security/Tweaks
- SSH access is only accessible by a generated private key and specific IP’s.
- After 5 failed login attempts to a client’s account will ban the IP and report back to us with an email notification of the report.
- Generated passwords for each client’s account along with dual login to the admin panel of the website (If requested by client). The dual login is setup with using an .htaccess file along with an .htpasswd file setup under Apache. This technique is very useful in case a wild exploit appears for a specific CMS (Content Management System) that we use. This Dual login will prevent any attacker that has a wild exploit for a CMS that we use to gain access to the Admin Web panel like WordPress.
- Anti-Virus / Firewall in place that will prevent an attacker to upload a virus or malicious file to allow them to gain root access to the server. Firewall will prevent DDOS attacks and brute force attempts to clients’ accounts.
- Compilers are disabled for unprivileged users. Only root will be able to compile files like something written in C. Many Kernel Exploits are written in C to allow an attacker to quickly gain full root access to the server.
- Passwords that are stored inside a database are encrypted with a HASH Algorithm. So the password is not plain-text (Visible) if obtained. An attacker would have to crack the hash in order to get the password. The more complicated the password the more difficult it is to crack. We generate all our passwords with lowercase/uppercase letters also using numbers and symbols.
- Each site is installed with a security plugin that helps prevent any unauthorized users into the site. It locks down certain aspects in the backend of the website where it could be used maliciously if gained access. We disable those features so only our developers have access to modify crucial web code around the website to ensure no tampering around with files.
Tightening PHP Security
- We have disabled some PHP functions that can give a hacker or an unauthorized user to run these PHP functions that can allow them to gain sensitive information that should not be allowed to be obtained. (Usernames, Emails, Passwords, Billing Information) Some of these functions can allow a hacker to gain access over the whole server. With disabling these functions has made it very more difficult to gain access to the server.
- Symlink has been disabled for users and only allowed from the root user of the server. Symlink can allow an attacker to view files from another user/client. For example if a hacker hacked one of our client’s websites he/she could use a Symlink function to view other client’s website files on the server. Because of Symlink being set for only root user this will not be possible anymore if an attacker was able to get in and to try this function.
- SUphp support is enabled on the server. Each client has its own user where he/she can only access files under that user. This means they can only view their files and no one else’s. So again if an attacker was to get in he/she could not view other client’s files and sensitive information.
- PHP’s open_basedir protection prevents users from opening files outside of their home directory with php.
- All Websites DNS are placed on a CDN(Content Delivery Network) called CloudFlare. This allows us to improve a few things for the website. Here are some of the things CloudFlare can help with:
- Web Application Firewall that helps increase security and stop hackers in their path when attempting to run exploits on the website.
- They provide content delivery network services that can help optimize speed throughout the site.
- DDoS mitigation for websites that undergo any DDoS attacks on the site.
- The server is setup to check for updates every day at 2AM EST. If it is a minor/small update the update will automatically be applied. If it is an update that is quite big and requires a system administrator to update manually; he/she will be notified by email to do so.
- Server backups are created every Sunday at 2AM. Backups hold up a retention of 3 backups at a time in total. (3 Sunday’s worth of backups)