Annual Audit Complete. Updates Incoming!
Want to know what’s changed? Read below for more information.
As a result of our annual fleet-wide auditing process we’ve found some key areas that we felt could use some work to improve the reliability and security of our customer’s web hosting services.
These changes largely involved tweaking ModSecurity, altering our existing security policies, and updating both PHP and our Web Server.
Tweaking Mod Security
First up are the changes we’ve made to the rules within ModSecurity. ModSecurity is an open-source web application firewall that provides our customers’ HTTP and HTTPS traffic with an additional layer of security and protection.
These tweaks include changing the strictness of some rules that weren’t catching everything we’d hoped for, implementation of new rules to provide additional protection to our customer’s data, and the removal of redundant rules which were no longer necessary due to recent changes implemented across the shared-hosting fleet.
Using a number of test servers, our senior technicians have been monitoring these changes and white-listing any problematic rules on a case-by-case basis. If you’ve noticed any ongoing issues that you believe may be the result of these changes, please login to your VIPControl account and submit an eTicket so that our team can investigate further.
Changes to Service Security
In addition to the ModSecurity tweaks mentioned above, our annual audit of the shared hosting infrastructure identified a number of opportunities to further improve our customer’s security.
Weak passwords are the worst! Using a weak password risks both the integrity and security of your services.
We’ve increased the minimum password strength to try and prevent our customers services from being hacked and exploited due to the use of weak passwords. These changes will affect most services within cPanel, including email accounts, FTP accounts, and user management.
If you’re currently using email software that does not use SMTP as the primary means of authorization, you will need to update your settings within the email client as we no longer support POP before SMTP authentication settings.
Setting up third-party email software and feel you might need some help?
We’ve written a variety of step-by-step guides to help get you through the tedious task of setting up your new dedicated email hosting service in your preferred email software.
Regular PHP and Web Server Updates
A final reminder that we regularly update our Web Server systems and PHP on the entire shared-hosting fleet to ensure we’re keeping you up-to-date at all times. The next round of updates will be released over the coming weeks (generally outside of business hours!) and should not result in any downtime to our customers.
If you’re suddenly unable to access your services or notice any intermittent issues we highly recommend submitting an eTicket to our Australian-based Technical Support team who are available 24 hours a day, 7 days per week.