Security Tips From Servint Experts

Mike Witty is director of Network Compliance at Servint, a VPS host that powers this site and many others.

Mike is responsible for handling abuse complaints, overseeing security and making sure that the company complies with all relevant laws – most prominently the Digital Millennium Copyright Act (DMCA).

So what advice does Mike have to help you keep your hosting account safe?

Staying Safe Online

When it comes to keeping your account safe, Mike has a very simple mantra that holds true, “A server is only as secure as the stuff you put on it.”

  • He pointed out that if one simply creates a VPS account and does nothing with it, it would not be hacked. With no services open, there’s virtually no avenue for attack.
  • VPS hosting tends to be more secure, according to Mike, as there are multiple layers between the public-facing elements and the physical machine. “I’ve never seen a virtual server be hacked at a server level,” he added.
  • Dedicated servers are at greater risk, according to Mike.
  • Another big risk comes from insecure 3rd party software, like blogging applications.
  • He says that the more ways you allow a user to interact with your site, the more ways in which a potential attacker can gain access.

Mike advises that website owners keep software up to date, including any plugins, keeping the permissions settings on folders as restrictive as possible.

Sealing the Breach

According to Mike, Servint monitors for hacks, but most are not detectable. Instead, hosts learn about security issues from spam, phishing and virus groups.

  • After receiving a report from one of these groups, Mike and his team open up a trouble ticket and begin investigating the breach. Once they confirm that the content is present, they disable access to the server while they attempt to clean up. “The first thing we attempt to do is determine if the account was hacked or if, maybe, the customer wanted the content there. However, 9 times out of 10 or more it is because the account was breached,” Mike said.
  • Once they determine the reason the content is on the server, if it is a hack, they then begin cleaning up and investigating how the attack took place.
  • Once they finish removing the unwanted content and fixing any security holes, they then begin the final step in the process – education. “We want our clients to know what happened, why it happened and what they can do to prevent it from happening again,” Mike said.

His end goal, he hopes, is that clients walk away from the experience wiser and more aware of the importance of security.

Hands-On Support

Mike’s advice proves that there’s always more to learn about security.

Thanks to Servint for taking the time to speak to us.Keep up with posts like this by subscribing to our RSS feed, or following @WhoIsHosting on Twitter.

Security Tips From Servint Experts by
Get Exclusive “Subscribers Only” Content

Join our newsletter & be first to hear when we publish new posts.

Get Exclusive “Subscribers Only” Content

Join our newsletter & be first to hear when we publish new posts.

Twitter Facebook

Discussion