Results 1 to 22 of 22
  1. #1

    looking for website and webserver security services

    I am looking for a service to monitor and update/patch my cloud-based CentOS server instance.

    Test the server and site for known vulnerabilities and patch them
    Monitor for intrusion, DOS attacks
    Monitor server performance, resource utilization and spikes
    Be up to date on latest vulnerabilites and patch them
    For the software on server: CentOS, apache etc.
    For the web end: wordpress (and plugins) and any other components

    Test new updates of
    Server-side: Linux, apache, mysql, php etc.
    Web-side: Wordpress (and plugins), other components
    Control Panel (cpanel, ispconfig etc.)

    Make sure any updates do not break functionality and integration.

    Maybe have a test-box to test functionatliy before implementing in production.


    Who do you guys recommend that can cover some or part of these requirements?

    Thank you!

  2. #2
    Join Date
    Mar 2005
    Location
    Ten1/0/2
    Posts
    2,529
    you can either learn Linux and how to do this yourself, employ someone or engage a management company to do it for you.
    CPanel Shared and Reseller Hosting, OpenVZ VPS Hosting. West Coast (LA) Servers and Nodes
    Running Linux since 1.0.8 Kernel!
    Providing Internet Services since 1995 and Hosting Since 2004

  3. #3
    Join Date
    Mar 2003
    Location
    /root
    Posts
    23,990
    The only provider that I've seen that securing the server and each sites in the server is Rackspace but you may need to prepare your budget for this.

    Specially 4 U
    Reseller Hosting: Boost Your Websites | Fully Managed KVM VPS: 3.20 - 5.00 Ghz, Pure Dedicated Power
    JoneSolutions.Com is on the net 24/7 providing stable and reliable web hosting solutions, server management and services since 2001
    Debian|Ubuntu|cPanel|DirectAdmin|Enhance|Webuzo|Acronis|Estela|BitNinja|Nginx

  4. #4
    ok thanks. Can maybe a couple of different companies do different things if not one?

  5. #5
    Join Date
    Mar 2005
    Location
    Ten1/0/2
    Posts
    2,529
    For what you want, if you have to pay for it, it is going to cost you at least $x,xxx per server a month! It is non-trivial and will require a considerable effort.
    CPanel Shared and Reseller Hosting, OpenVZ VPS Hosting. West Coast (LA) Servers and Nodes
    Running Linux since 1.0.8 Kernel!
    Providing Internet Services since 1995 and Hosting Since 2004

  6. #6
    So you are saying there is no way to prevent or mitigate attack vectors? What do you guys do?

  7. #7
    Join Date
    Dec 2011
    Location
    Germany
    Posts
    1,180
    Well, mod_security with a good ruleset could already block most WordPress vulnerabilities, so you wouldn't be forced to upgrade WordPress within a few hours after the release of every patch. Any decent syadmin can install this for you can take care of weekly system updates, as well as monitoring. I suggest you talk to Rack911 if you're looking for an US company - I've heard only good things about them. Other options might be a lot more expensive, like @RRWH already mentioned (but also not needed in most cases).
    Inbound Marketing & real SEO for web hosting providers
    ✎ Get in touch with me: co<at>infinitnet.de

  8. #8
    Quote Originally Posted by infinitnet View Post
    Well, mod_security with a good ruleset could already block most WordPress vulnerabilities, so you wouldn't be forced to upgrade WordPress within a few hours after the release of every patch. Any decent syadmin can install this for you can take care of weekly system updates, as well as monitoring. I suggest you talk to Rack911 if you're looking for an US company - I've heard only good things about them. Other options might be a lot more expensive, like @RRWH already mentioned (but also not needed in most cases).


    Thank you very much!
    I will check them out.

  9. #9
    I second Rack911, I've worked with them off and on for several years now.

    If you want full end to end security, that'll be quite costly I think. Just don't expect to get that for $20 a month.

  10. #10
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,737
    Rack911 are excellent.

    Configserver also harden servers.

    I'd also look at the paid WAF ruleset provided by ASL.

  11. #11
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    2,681
    Quote Originally Posted by net View Post
    The only provider that I've seen that securing the server and each sites in the server is Rackspace but you may need to prepare your budget for this.
    Where/when did you experience this? Rackspace do not and have not ever, to my knowledge, "secured" each site in a server nor do they even scan them. Heck they don't even pro-actively maintain system updates (scan their ranges for outdated webmin installs and you'll be able to root a bunch of servers in no time).

    So I wonder where exactly did you experience this to make such a claim? or are you just basing this on some mythical reputation they have around here?

  12. #12
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    2,681
    Quote Originally Posted by encompass View Post
    I am looking for a service to monitor and update/patch my cloud-based CentOS server instance.

    Test the server and site for known vulnerabilities and patch them
    Monitor for intrusion, DOS attacks
    Monitor server performance, resource utilization and spikes
    Be up to date on latest vulnerabilites and patch them
    For the software on server: CentOS, apache etc.
    For the web end: wordpress (and plugins) and any other components

    Test new updates of
    Server-side: Linux, apache, mysql, php etc.
    Web-side: Wordpress (and plugins), other components
    Control Panel (cpanel, ispconfig etc.)

    Make sure any updates do not break functionality and integration.

    Maybe have a test-box to test functionatliy before implementing in production.


    Who do you guys recommend that can cover some or part of these requirements?

    Thank you!
    Your biggest issue is going to be finding a business that will do both the systems and your application (If it's just wordpress only you might have alittle more options as they can scale what is needed to do this).

    You simply need your production systems and a staging environment for updates to be tested which is fairly straight forward and most should be able to provide and handle this.

    One option is if it's just wordpress maybe using a provider like wpengine (careful of usage limits) or pagely is an option?

  13. #13
    Scott, Thanks for the feedback. I will check out those sites.

    I think I just wasn't educated on the options available.
    If certain modules and rulesets can be used to tighten up WP/Moodle, and then another set of controls for the LAMP then I should be ok.

    Yes I agree on having a staging server as there are many plugins that can break on updates.

  14. #14
    In order to prevent the DOS attack you need Sysctl hardening to prevent SYNC/DOS attack.Also you can use Mod_evasive module and configure it to avoid attacks on the server.You can Enable SYN cookies mechanism in the server.You need to check daily updates of wordpress and always make sure that your wordpress is at latest version which decrease the chances of hacking.

  15. #15
    Join Date
    Mar 2003
    Location
    /root
    Posts
    23,990
    Quote Originally Posted by Scott.Mc View Post
    Where/when did you experience this? Rackspace do not and have not ever, to my knowledge, "secured" each site in a server nor do they even scan them. Heck they don't even pro-actively maintain system updates (scan their ranges for outdated webmin installs and you'll be able to root a bunch of servers in no time).

    So I wonder where exactly did you experience this to make such a claim? or are you just basing this on some mythical reputation they have around here?

    Scott, if you read my post again, you will notice that I used the words "I've seen" . I didn't mention experience. I mentioned "seen" . So, in other words, it is based on the experienced of one members here I read in WHT.

    If you did use them, then you have better idea and the knowledge based on your claimed. You did use them Right?

    Specially 4 U
    Reseller Hosting: Boost Your Websites | Fully Managed KVM VPS: 3.20 - 5.00 Ghz, Pure Dedicated Power
    JoneSolutions.Com is on the net 24/7 providing stable and reliable web hosting solutions, server management and services since 2001
    Debian|Ubuntu|cPanel|DirectAdmin|Enhance|Webuzo|Acronis|Estela|BitNinja|Nginx

  16. #16
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    2,681
    Quote Originally Posted by net View Post
    Scott, if you read my post again, you will notice that I used the words "I've seen" . I didn't mention experience. I mentioned "seen" . So, in other words, it is based on the experienced of one members here I read in WHT.

    If you did use them, then you have better idea and the knowledge based on your claimed. You did use them Right?
    Which is exactly why I highlighted, since they will not do what the OP needs.

    I have used them, on many, many occasions with everything from personal systems, to customer systems, to third party contracting systems so I very well know what they do and don't provide.

    What you have read here is the mythical reputation they, carried on by yourself here, from those that have not ever even used them.

  17. #17
    Join Date
    Mar 2003
    Location
    /root
    Posts
    23,990
    Quote Originally Posted by Scott.Mc View Post
    Which is exactly why I highlighted, since they will not do what the OP needs.
    Well, you know better since you used them or probably you are unlucky? :-) or something else hehe

    If I can just grab that old thread, I will.

    The post that I read here long time ago is that someone mentioned that someone is happy with rackspace and they even fix/update someone site?

    That is what I read but it seems based on your sayings, it is not the case.

  18. #18
    guys, thanks for all your input but I just stumbled upon managed wordpress hosting vendors and I don't want to come across as advertising since I am a new member and all but one of them offers managed hosting that takes care of security. Wouldn't this be ideal in my situation?

  19. #19
    Join Date
    Dec 2011
    Location
    Germany
    Posts
    1,180
    Ask them about details of the security plan. If you want to have as little work and responsibility as possible, then yes, a managed WordPress host would be the way to go. Yet you should make sure that you go with a good one (obviously) and that they use mod_security. If you use a remote DDoS protection with it, port 80 is the only attack vector and therefore the web server/application security is most crucial, which would mainly be harded PHP, secure PHP handler, mod_security with a strong ruleset and regular WordPress updates.

    Edit: Oh, and I think you can go ahead and post the URL, so people can say something about the company you found, just to make sure it's a good one.
    Inbound Marketing & real SEO for web hosting providers
    ✎ Get in touch with me: co<at>infinitnet.de

  20. #20
    wp engine
    synthesis
    page.ly

  21. #21
    Hello!

    Quote Originally Posted by infinitnet View Post
    Well, mod_security with a good ruleset could already block most WordPress vulnerabilities, so you wouldn't be forced to upgrade WordPress within a few hours after the release of every patch.
    Iirc Wordpress comes with an auto-updater for security patches nowadays. (although, depending on your point of view, this might be another security leak)

    Cheers

  22. #22
    In a highly integrated environment with several plugins, it is impossible to know what could break or become dysfunctional after any WP update.

Similar Threads

  1. r00t-Services.net | Website Security & DDoS Protection
    By Infinitnet in forum Hosting & Network Security
    Replies: 0
    Last Post: 08-20-2013, 07:00 AM
  2. PacificHost integrates Stopthehacker's SaaS Website Security Services in CPanel
    By nonmal in forum Web Hosting Industry Announcements
    Replies: 0
    Last Post: 07-12-2011, 03:01 PM
  3. Security at our webserver
    By magnar in forum Hosting Security and Technology
    Replies: 5
    Last Post: 11-29-2010, 04:17 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •