At MyHostControl we take security of our systems seriously. As a result, we do many things behind the scenes to protect our systems and networks. However, since our systems allow you to upload and/or install software of all kinds into your hosting acccount, we need to work in partnership to keep everything secured and running smoothly. Below is an overview of what we at MyHostControl take care of for you, and also what we need you to do and be aware of.
MyHostControl (and LiquidWeb) responsibilites:
- Maintaing physical security for our data center
- Keeping the operating system and related software up to date and fully patched. On our Linux servers, this includes all updates to the Linux operating system, the HTTP server, PHP, Perl, MySQL, and PhpMyAdmin. On our Windows servers, this includes the Windows operating system, .NET, MS SQL Server, and ColdFusion.
- Maintaining appropriate firewall and intrusion detection software.
- Making sure only authorized staff members have access to log into our servers.
- Making sure only authorized account holders can log in to their own account, and can request changes to their account via our ticketing system.
- Quarantining or removing known malware files from our servers.
- Only install or upload software from a trusted source into your account. The best way to do this is to use our provided script installers that are located within your account. These tools can be used for WordPress, Joomla, Drupal and many other popular scripts.
- Once you have installed or uploaded software into your account, be sure to frequently install upgrades and patches for that software.
- If you are using a software package that allows plugins/extensions/modules/themes/templates (such as what Joomla, Drupal, and WordPress allow) make sure you are getting only secure plugins/extensions/modules/themes/templates from a trusted source and be sure to update these frequently.
- If possible, find ways to automate learning about new versions of any software you are using, and also automating the installation of updates and patches.
- Document all software packages and plugins/extensions in your account, so in the event someone else at your organization takes responsibility for your account they will know what they need to take care of.
- Choose secure user names and passwords, not just for your account with us but also for your software user names and passwords. Also change your software passwords on a scheduled basis, such as once a month or once a quarter.
- If you have written your own software, you need to stay current on techniques to protect the software you created from being misused.
- Do not store sensitive information that would be an attractive target for hackers, and may violate various security protocols. This means do NOT store credit card data, social security numbers, protected health care information, or bank account information.
Special Note for Joomla webmasters:
In order to maintain security on your website, you must be running a version of Joomla that is still supported by the Joomla community.
The only 2 versions of Joomla that are supported by the Joomla community are versions 2.5.x and 3.0.x. If you have a version of Joomla that is older than version 2.5.x, you need to upgrade to either 2.5 or 3.0 as soon as you are able. Please note that version 3.0 is stable, but is considered an "early adopter" version. The benefits of upgrading to 3.0 is that you are saving yourself the time of dealing with an upgrade from 2.5 to 3.0 at a later date. If you are not comfortable being an early adopter, then you should use Joomla version 2.5.x