Smart Marketings is a HostGator reseller. In addition, we use domain services from third parties like NameCheap and Enom. Consequently, we don’t own any hosting servers - but we do help manage and oversee the HostGator servers and offer our support on their behalf..
Our commitment to your security
Smart Marketings is committed to protecting your security. That is why we have adopted this Security Policy. It is intended to describe how we use and protect your data from abuse. Please note that by using Smart Marketings services, you are accepting the practices described in this Security Policy.
Who is HostGator?
HostGator is a global provider of web hosting and related services. Founded in a dorm room at Florida Atlantic University by Brent Oxley, HostGator has grown into a leading provider of Shared, Reseller, VPS, and Dedicated web hosting. HostGator is headquartered in Houston and Austin, Texas, with several international offices throughout the globe.
What security measures are used to protect my server?
HostGator provides a number of security measures to protect their servers and prevent your account from being compromised via the server itself. While their servers are secure, security breaches of your website and your personal account due to vulnerable passwords or known exploits in the software that users choose to have installed on their server cannot be prevented with general server security.
By being knowledgeable and familiar with common forms of attacks, you can ensure both that your account is secure against preventable compromises that you are in control over, and be better prepared to recover from the compromises that catch you by surprise.
What Security Measures Does HostGatorProvide?
HostGator (and of course Smart Marketings) are protected from DDoS attack (UDP flood).
We have an extensive custom firewall rule and large mod_security rulesets protecting our servers from a variety of forms of attack. If we do experience heavy flooding, we have our datacenter enable network level flood protection. Our datacenters are all highly secure facilities with restricted access.
Our other server security methods and precautions are confidential.
What Security Measures are My Responsibility?
You are responsible for the security of any passwords, settings, or software that you have the access to change or install on your account. By hosting on HostGator shared servers, you have agreed to be fully responsible for all use of your account and for any actions that take place through your account. It is your responsibility to maintain the confidentiality of your password and other information related to the security of your account.
It is your responsibility to ensure that scripts/programs installed under your account are secure and permissions of directories are set properly, regardless of the installation method. When at all possible, set permissions on most directories to 755 or as restrictive as possible. Users are ultimately responsible for all actions taken under their account. This includes the compromise of credentials such as user name and password. You are required to use a secure password. If a weak password is used, your account may be suspended until you agree to use a more secure password. Audits may be done to prevent weak passwords from being used. If an audit is performed, and your password is found to be weak, we will notify you and allow time for you to change or update your password before suspending your account.
Being aware of these responsibilities is important, as an account that is found to be compromised may be disabled and/or terminated per our Terms of Service. Failure to clean your account after being notified by Smart Marketings of an ongoing issue may result in having your account disabled. Upon your request, Smart Marketings may clean-up your account for an additional fee.
What Can I do to be More Secure?
Smart Marketings recommends a number of actions and services which can help you maintain security on your website. The following security tips are offered in order to help our clients maintain site security and protect their accounts:
Update Scripts and CMS Installations
The vast majority of account compromises are caused by malicious users who have found exploits in scripts installed on an account. Therefore, the best advice we can offer is to make sure that all CMS installations, as well as any related themes, plugins and other add-ons, are kept up-to-date. Most CMS software has an option to update from within the administration panel; however, the following resources may be of further assistance:
If your software was installed with QuickInstall, please see the following article for details on how to enable automatic updates:
Another common form of compromise is due to exploited passwords. These compromises can occur in one of two ways: a brute force compromise or through virus/malware on a local computer.
Brute Force Compromise
- Uppercase Letters (A-Z)
- Lowercase Letters (a-z)
- Numbers (0-9)
- Special characters (-_.,!@#$%^&*)
When updating passwords, we also suggest that you do not use previously used passwords. This is due to the fact that once a password has been compromised, it will remain that way indefinitely. So, if a password is reverted back, the account will most likely be compromised again.
Viruses and Malware
Another form of password compromise occurs when account passwords are stolen using viruses/malware located on local computers from which accounts are accessed. This malware sniffs out passwords used and stored by FTP and other programs. In order to protect against this form of attack, full virus and malware scans should be run on all computers which access the account to ensure that they are clean. We recommend following the instructions found here:
Depending on your operating system, there are plenty of options to choose from regarding PC virus scanning. Please see the list below for some options available to you.
Make Regular Backups
Be sure to make regular backups of your account in case there is a compromise. While HostGator does make weekly backups for Shared, Reseller, and VPS accounts as stated in their Backup Policy, we will restore a backup for free when you provide your own backup and fill out the HostGator restore form. For more details on how to create your own backups, please read:
Additional Preventive Steps
Other preventive steps you may take to improve site security include but are not limited to the following:
- Make sure all file permissions are set for 644 and all directories are set for 755. See How to Change Permissions (chmod) of a File for more information.
- Remove scripts and databases which are no longer in use. This will help eliminate the possibility of unused and outdated scripts being compromised.
- Move configuration and other files containing passwords to a secure directory outside of the public_html folder to make them publicly inaccessible.
- Edit your php.ini file with the following lines:
- register_globals = Off
- display_error = Off
- Use secure connections whenever possible to connect to your account. See more information on this through the links and steps below:
If you find that your site has been compromised, please refer to the following articles for detailed instructions on how to properly remove the hack:
- My Account was Hacked! Please contact us immediately so we can resolve this ASAP.
Please be advised there will be an official inquiry by HostGator. HostGator also asks that no-one uses the domain while they are doing their forensics inspection of the compromised server and files.
- How to Handle the Google Attack Page
Last updated: Tuesday, 08/09/2016 9:39 PM
Saturday, August 9, 2014
Powered by WHMCompleteSolution