Today, we're excited to share some crucial updates that are about to roll out for our hosting services, including the RAD sandboxes. A secure hosting environment is the foundation of any successful online venture. That's why we are implementing a series of security upgrades to make your experience better and safer.
We have upgraded the FTP connection security. All FTP commands will now require encryption, enabled through TLS. Don't worry if you haven’t used TLS before; it's a simple toggle in most FTP clients with the new sFTP port being 522. Also, the root user will no longer have FTP access for added security. The RAD sandbox users need not do anything, as the settings will automatically be adjusted.
Ever heard the saying, "Too many cooks spoil the broth"? The same can be said for root users in SSH. We're limiting root user access, meaning you'll log in as sshuser and use 'sudo su -' to perform tasks that require root permissions. The new SSH port is 522.
Each month, our advanced scanning tools comb through your server's system and applications to identify any security weaknesses that cybercriminals could exploit. These comprehensive scans cover everything from outdated software and insecure configurations to potential firewall weaknesses.
Once a vulnerability is identified, the system categorizes it based on its risk level. High-risk vulnerabilities are flagged for immediate action, and you'll be notified promptly. Our team then takes corrective actions to fix these issues or guide you through the steps needed to strengthen your hosting security.
We have added new ModSecurity rules for real-time web application monitoring and protection. If you find yourself locked out from parts of your website, don't panic! Contact us, and we can adjust the rules for those specific sections.
We have tightened up PHP configurations by disabling appropriate native functions (show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen) that are often exploited to spread malware. Plus, PHP error reporting will be hidden from end-users, making it tougher for attackers to find weaknesses.
Our Mail servers relaying through transaction email services have gone premium with higher
SSL/TLS standards, so you'll need to tweak your transactional email settings to sync with these
new security measures. The new secured SSL/TLS settings are:
IMAP Port: 143, POP3 Port: 110
SMTP Port: 587
As part of our ongoing efforts to offer comprehensive protection, we have integrated the ConfigServer eXploit Scanner and ImunifyAV into our security suite.
Lastly, we added KernelCare Symlink Protection to safeguard against cross-account attacks. In summary, your security and peace of mind are top priorities for us at Batoi. All these updates are engineered to offer you an experience that is as smooth as it is secure. Our support team will assist you if you encounter any issues following these upgrades.