Results 1 to 22 of 22
-
11-17-2013, 09:14 PM #1Newbie
- Join Date
- Nov 2013
- Posts
- 14
looking for website and webserver security services
I am looking for a service to monitor and update/patch my cloud-based CentOS server instance.
Test the server and site for known vulnerabilities and patch them
Monitor for intrusion, DOS attacks
Monitor server performance, resource utilization and spikes
Be up to date on latest vulnerabilites and patch them
For the software on server: CentOS, apache etc.
For the web end: wordpress (and plugins) and any other components
Test new updates of
Server-side: Linux, apache, mysql, php etc.
Web-side: Wordpress (and plugins), other components
Control Panel (cpanel, ispconfig etc.)
Make sure any updates do not break functionality and integration.
Maybe have a test-box to test functionatliy before implementing in production.
Who do you guys recommend that can cover some or part of these requirements?
Thank you!
-
11-18-2013, 12:13 AM #2Web Hosting Master
- Join Date
- Mar 2005
- Location
- Ten1/0/2
- Posts
- 2,529
you can either learn Linux and how to do this yourself, employ someone or engage a management company to do it for you.
CPanel Shared and Reseller Hosting, OpenVZ VPS Hosting. West Coast (LA) Servers and Nodes
Running Linux since 1.0.8 Kernel!
Providing Internet Services since 1995 and Hosting Since 2004
-
11-18-2013, 12:27 AM #3The Linux Specialist
- Join Date
- Mar 2003
- Location
- /root
- Posts
- 23,990
The only provider that I've seen that securing the server and each sites in the server is Rackspace but you may need to prepare your budget for this.
Specially 4 U
Reseller Hosting: Boost Your Websites | Fully Managed KVM VPS: 3.20 - 5.00 Ghz, Pure Dedicated Power
JoneSolutions.Com is on the net 24/7 providing stable and reliable web hosting solutions, server management and services since 2001
Debian|Ubuntu|cPanel|DirectAdmin|Enhance|Webuzo|Acronis|Estela|BitNinja|Nginx
-
11-18-2013, 08:36 AM #4Newbie
- Join Date
- Nov 2013
- Posts
- 14
ok thanks. Can maybe a couple of different companies do different things if not one?
-
11-18-2013, 06:56 PM #5Web Hosting Master
- Join Date
- Mar 2005
- Location
- Ten1/0/2
- Posts
- 2,529
For what you want, if you have to pay for it, it is going to cost you at least $x,xxx per server a month! It is non-trivial and will require a considerable effort.
CPanel Shared and Reseller Hosting, OpenVZ VPS Hosting. West Coast (LA) Servers and Nodes
Running Linux since 1.0.8 Kernel!
Providing Internet Services since 1995 and Hosting Since 2004
-
11-18-2013, 08:46 PM #6Newbie
- Join Date
- Nov 2013
- Posts
- 14
So you are saying there is no way to prevent or mitigate attack vectors? What do you guys do?
-
11-18-2013, 09:15 PM #7Digital Marketing Strategist
- Join Date
- Dec 2011
- Location
- Germany
- Posts
- 1,180
Well, mod_security with a good ruleset could already block most WordPress vulnerabilities, so you wouldn't be forced to upgrade WordPress within a few hours after the release of every patch. Any decent syadmin can install this for you can take care of weekly system updates, as well as monitoring. I suggest you talk to Rack911 if you're looking for an US company - I've heard only good things about them. Other options might be a lot more expensive, like @RRWH already mentioned (but also not needed in most cases).
➤ Inbound Marketing & real SEO for web hosting providers
✎ Get in touch with me: co<at>infinitnet.de
-
11-18-2013, 09:17 PM #8Newbie
- Join Date
- Nov 2013
- Posts
- 14
-
11-19-2013, 08:17 PM #9Web Hosting Master
- Join Date
- Aug 2007
- Posts
- 2,157
I second Rack911, I've worked with them off and on for several years now.
If you want full end to end security, that'll be quite costly I think. Just don't expect to get that for $20 a month.
-
11-20-2013, 12:49 AM #10Web Hosting Master
- Join Date
- Nov 2004
- Location
- Australia
- Posts
- 1,737
Rack911 are excellent.
Configserver also harden servers.
I'd also look at the paid WAF ruleset provided by ASL.
-
11-20-2013, 11:01 AM #11Engineer
- Join Date
- Jan 2005
- Location
- Scotland, UK
- Posts
- 2,681
Where/when did you experience this? Rackspace do not and have not ever, to my knowledge, "secured" each site in a server nor do they even scan them. Heck they don't even pro-actively maintain system updates (scan their ranges for outdated webmin installs and you'll be able to root a bunch of servers in no time).
So I wonder where exactly did you experience this to make such a claim? or are you just basing this on some mythical reputation they have around here?
-
11-20-2013, 11:06 AM #12Engineer
- Join Date
- Jan 2005
- Location
- Scotland, UK
- Posts
- 2,681
Your biggest issue is going to be finding a business that will do both the systems and your application (If it's just wordpress only you might have alittle more options as they can scale what is needed to do this).
You simply need your production systems and a staging environment for updates to be tested which is fairly straight forward and most should be able to provide and handle this.
One option is if it's just wordpress maybe using a provider like wpengine (careful of usage limits) or pagely is an option?
-
11-20-2013, 11:59 AM #13Newbie
- Join Date
- Nov 2013
- Posts
- 14
Scott, Thanks for the feedback. I will check out those sites.
I think I just wasn't educated on the options available.
If certain modules and rulesets can be used to tighten up WP/Moodle, and then another set of controls for the LAMP then I should be ok.
Yes I agree on having a staging server as there are many plugins that can break on updates.
-
11-20-2013, 01:54 PM #14WHT Addict
- Join Date
- Apr 2012
- Posts
- 144
In order to prevent the DOS attack you need Sysctl hardening to prevent SYNC/DOS attack.Also you can use Mod_evasive module and configure it to avoid attacks on the server.You can Enable SYN cookies mechanism in the server.You need to check daily updates of wordpress and always make sure that your wordpress is at latest version which decrease the chances of hacking.
-
11-20-2013, 06:02 PM #15The Linux Specialist
- Join Date
- Mar 2003
- Location
- /root
- Posts
- 23,990
Scott, if you read my post again, you will notice that I used the words "I've seen" . I didn't mention experience. I mentioned "seen" . So, in other words, it is based on the experienced of one members here I read in WHT.
If you did use them, then you have better idea and the knowledge based on your claimed. You did use them Right?
Specially 4 U
Reseller Hosting: Boost Your Websites | Fully Managed KVM VPS: 3.20 - 5.00 Ghz, Pure Dedicated Power
JoneSolutions.Com is on the net 24/7 providing stable and reliable web hosting solutions, server management and services since 2001
Debian|Ubuntu|cPanel|DirectAdmin|Enhance|Webuzo|Acronis|Estela|BitNinja|Nginx
-
11-20-2013, 06:06 PM #16Engineer
- Join Date
- Jan 2005
- Location
- Scotland, UK
- Posts
- 2,681
Which is exactly why I highlighted, since they will not do what the OP needs.
I have used them, on many, many occasions with everything from personal systems, to customer systems, to third party contracting systems so I very well know what they do and don't provide.
What you have read here is the mythical reputation they, carried on by yourself here, from those that have not ever even used them.
-
11-20-2013, 06:29 PM #17The Linux Specialist
- Join Date
- Mar 2003
- Location
- /root
- Posts
- 23,990
Well, you know better since you used them or probably you are unlucky? :-) or something else hehe
If I can just grab that old thread, I will.
The post that I read here long time ago is that someone mentioned that someone is happy with rackspace and they even fix/update someone site?
That is what I read but it seems based on your sayings, it is not the case.
-
11-20-2013, 10:11 PM #18Newbie
- Join Date
- Nov 2013
- Posts
- 14
guys, thanks for all your input but I just stumbled upon managed wordpress hosting vendors and I don't want to come across as advertising since I am a new member and all but one of them offers managed hosting that takes care of security. Wouldn't this be ideal in my situation?
-
11-21-2013, 07:09 AM #19Digital Marketing Strategist
- Join Date
- Dec 2011
- Location
- Germany
- Posts
- 1,180
Ask them about details of the security plan. If you want to have as little work and responsibility as possible, then yes, a managed WordPress host would be the way to go. Yet you should make sure that you go with a good one (obviously) and that they use mod_security. If you use a remote DDoS protection with it, port 80 is the only attack vector and therefore the web server/application security is most crucial, which would mainly be harded PHP, secure PHP handler, mod_security with a strong ruleset and regular WordPress updates.
Edit: Oh, and I think you can go ahead and post the URL, so people can say something about the company you found, just to make sure it's a good one.➤ Inbound Marketing & real SEO for web hosting providers
✎ Get in touch with me: co<at>infinitnet.de
-
11-21-2013, 01:11 PM #20Newbie
- Join Date
- Nov 2013
- Posts
- 14
wp engine
synthesis
page.ly
-
11-23-2013, 09:01 AM #21Newbie
- Join Date
- Nov 2013
- Posts
- 28
-
11-23-2013, 10:59 AM #22Newbie
- Join Date
- Nov 2013
- Posts
- 14
In a highly integrated environment with several plugins, it is impossible to know what could break or become dysfunctional after any WP update.
Similar Threads
-
r00t-Services.net | Website Security & DDoS Protection
By Infinitnet in forum Hosting & Network SecurityReplies: 0Last Post: 08-20-2013, 07:00 AM -
PacificHost integrates Stopthehacker's SaaS Website Security Services in CPanel
By nonmal in forum Web Hosting Industry AnnouncementsReplies: 0Last Post: 07-12-2011, 03:01 PM -
Security at our webserver
By magnar in forum Hosting Security and TechnologyReplies: 5Last Post: 11-29-2010, 04:17 PM