🔥🚀📣 Solar Raid Promo! | Summer Special Shared Hosting Sale - 85% OFF | Starting from $1.20/mo
Security Background
Security Isometric image

All-in-one Security Solutions for your websites!

The overall security of our Web Hosting Solutions is achieved thanks to the incredible selection of security components, working together to protect every website from the most common threats and attacks!

Benefits of HostArmada Security Solutions

Fast Patching

Fast Patching

We will patch any security vulnerability on a server level as soon as it gets reported!
Daily Backups

Daily Backups

All Shared Hosting Plans come with a complimentary daily backups as standard!
User Account Isolation

User Account Isolation

Account isolation prevents the users of our Shared Hosting Plans interacting with the of each other!

Protection beyond your expectations!

To provide an all-around security solution for our customers, we have conditionally separated our security efforts and tools into two major Fleets!

Web Server Security

Web Server Security Fleet

Our Web Server Security fleet takes care of every security aspect of our web servers. From surveilling the web traffic to every shared web hosting server to identifying and denying incoming attacks, the security components we utilize are there to protect your visitors and your website from malicious activities!
Web Hosting Security
Environment Security

Environment Security Fleet

Our Environment Security Fleet focuses efforts in identifying and mitigating already existing security threats across all our servers. Protecting our clients against common code injected exploits and regularly performing malware scans across all our servers, our Environment security will prevent malware spread across client's accounts!

Web Server Security Fleet

Every website, no matter static or dynamic, utilizes a web server in order to deliver content to its visitors. Therefore, the webserver is considered as a critical hub for the distribution of malware and the main door that allows exploits to come in and out of the whole web hosting environment. For these reasons, we strongly believe that keeping the "door" closed for exploits and open for legitimate users is probably one of the most significant challenges a web hosting company can face.

Web Server Security

Thanks to the advancements in the Security field, we are able to provide a vast amount of security improvements, so we can mitigate a large percentage of the attacks that try penetrating our Web Servers.

Connections Limit
Connections Level Limits
  • Whenever a client website is being accessed, the connection passes through our Web Servers. Every connection consists of at least two mandatory components – the IP address of the computer initiating the Request and the Request Body. This allows the Web Server to prepare an answer for the request and to send that answer to the IP address that requests it.

    Pretty simple, isn't it? – Yes, but what happens if the requests sent from a single IP address are too many, such as in a DoS attack scenario? - The Web Server gets flooded with millions of requests, and for each, it tries to answer increasing the consumed hardware resources dramatically. To resolve this case, we utilize a security feature called "Connection Limit". It allows for the number of requests per second from a single IP address to be limited to a reasonable amount, thus eliminating the risk of DoS attack to virtually none.

Requests Checking
Requests Checking Service
  • We established that each website visit is associated with an actual connection to our Web Servers, and thanks to the request of that connection, the Web Server can produce web content and return it to the IP address that requested it.

    There is, however, an option that allows for not only the number of connections to be abused but also the request's parameters such as the Request URL Length, Request Header Length, and the Request body Length. These can cause a severe overload of the server when they are abusively large. To prevent that scenario, we are limiting these to values that correspond to regular website visits instead of malicious requests.

    Furthermore, we also deny access to hidden files and the web listing of parent directories. In fact, all directory listings are disabled by default.

WAF
Web Application Firewall
  • There are millions of ways to exploit a vulnerability in a regular Web Server, however as we mentioned by limiting the number of connections and their length, we ensure that no attacks related to these will be allowed. But what if the request is with fitting length and there is only one request?

    For the security of every request, we went even further and implemented a Web Application Firewall Solution (WAF) that inspects every legitimate request for a known vulnerability such as XSS attack or SQL injection. If such an attack is detected, the request is being terminated, and an appropriate message is sent as an answer to the IP address that sent it. If that behavior repeats a few times, the IP address is then banned!

Static Files Checking
Static Files Checking
  • Sometimes the requests sent to our Web Servers are not always for dynamic resources (such as PHP scripts). Instead, the requests are targeting static files (CSS, js, HTML, png, jpg, etc.). However, not always, these static files should be accessible, or at least not always, our customers want these files to be accessible. For that reason, our web server will serve a static file as an answer to a web request only if:

    • • The Static file is readable by everyone (it has at least 444 permissions)
    • • The static file is not executable
    • • The file is not or does not contain symbolic links
DDoS Protection Service
DDoS Protection Service
  • Distributed Denial of Service Attack or DDoS is a type of attack that abuses the allowed amount of concurrent connections per IP address while amplifying the attack by increasing the amount of IP addresses taking part in the attack. In other words, thousands of IP addresses are sending hundreds of requests to a Web Server. That alone is devastating for unprotected servers since this attack completely prevents the webserver from answering the legitimate requests, thus making client websites completely inaccessible. For preventing this, we have implemented Web Server side DDoS protection that consist of:

    • • ModSecurity Integration – It is scanning web requests, blocking the malicious ones and banning the IP addresses that repeat the same request.
    • • Per-IP throttling – This service limits the amount of bandwidth a single IP can generate by sending requests to our Web Servers.
    • • SSL Renegotiation Protection Service – It reduces the amount a single IP address can request for an SSL certificate to be renegotiated with the web server. This reduces the amount of data transmitted between the web server and the IP address sent the requests.
    • • HostArmada reCaptcha Guard – reCaptcha is known to separate legitimate users from bots or web robots. By utilizing Google's human verification challenges, reCaptcha allows for subsequent malicious requests to be separated from legitimate user access. This is possible thanks to the fact that a human will be able to complete the reCaptcha challenge while a robot or a bot will be unable to do so. If the challenge is not completed, HostArmada reCaptcha Guard will block the IP address of the request and will return an appropriate message indicating the banning as an answer.

Let your website fly safely thanks to our Web Server security fleet!

Environment Security Fleet

Every website operates within a particular directory on the web hosting environment where all the files associated with the website are being hosted. In many cases, these files might get infected by an attacker with the purpose of those being abused for either further attacks or for the extraction of personal information by the visitors of the infected website.

Web Server Security

To provide an all-around security solution that is comprehensive enough to cover any security risk, we are obligated to defend our web hosting environment along with our web servers. Here is how our Environment Security Fleet protects our clients' web hosting accounts:

Connections Limit
Live Security Events Monitoring
  • Thanks to a unified security dashboard for all our Shared Web hosting Servers, our System Administrators will always monitor the security incidents across all our servers so those can be mitigated immediately!

Requests Checking
Advanced Network Firewall and WAF
  • Our firewall uses herd immunity and AI to identify and protect any network resource part of the HostArmada infrastructure. Our firewalls are capable of defending our customers against any Brute force attack, DoS attack, and of course, port scans. The successful integration of our network firewall with Mod Security allows for the majority of Web Application attacks to be mitigated even before they were initiated.

    For lowering the risk of False Positive results, our Firewalls are utilizing reCAPTCHA protection, meaning that for every suspicious visit, our firewall will present a reCAPTCHA challenge, which, if completed successfully, will allow the visitor to access the requested resources.

WAF
Intrusion Detection and Prevention System
  • Thanks to a vast list of commonly known attacks and exploits, our Prevention system will block any request that is considered malicious. Furthermore, our Intrusion Detection System will constantly monitor the server logs for suspicious activity such as login failures, potential exploits, DoS attacks. If such is detected, our system will ban the source.

Static Files Checking
Malware Scanning
  • To provide a comprehensive all-in-one security solution, we believe that first, we should make our environment safe from exploits or code injected malware. To do that, our Security solution performs automated security scans for all websites hosted on our web hosting environment.

    Thanks to these scans, we are able to quarantine any files that are infected, thus making our clients' websites more secure for the visitors. Furthermore, each client is provided with the option to initiate a security scan via the control panel whenever the client decides.

DDoS Protection Service
Proactive Zero-day attack detection
  • Sometimes relying on malware definitions and scans only is not enough. With the increasing amount of security solutions, the amount of exploits grows as well. This makes proactive security solutions more and more a necessity since they no longer match the code of a script against known security threats. The proactive security analyzes the behavior of the script during its execution. If the script execution is evaluated malicious, then the file of the script is being quarantined, preventing its further execution.

DDoS Protection Service
OS Patch Management Feature
  • In many cases, the OS of the server has to be patched regularly. This requires server reboots, which are causing downtime for all the customers hosted on the same server. Thanks to our OS Patch Management Feature, we are applying security patches to the OS of the server, the PHP versions, and other software products without the need for the server being rebooted. Thus, reducing the downtime of the websites hosted on our server to a minimum and at the same time increasing the security of the environment dramatically.

Your Web Hosting account is safe thanks to our Environment Security Fleet!