ZOOM Web Hosting Servers, Hacking Proof!

After months of working long hours, ZOOM Hosting servers are now protected by several levels of security protection that makes it impossible for an attacker to break into our system.

Recent attacks on several big websites locally and internationally caught our attention and have prompted us to review our security protocols with the objective of increasing our server security.

We know how it feels. We’ve been there! Prior to the launching of our own web hosting brand, ICONCEPT web development team hosted our clients’ websites on reseller hosting servers.

The fact is that most hosting companies in the Philippines are resellers of traditional hosting packages from other companies abroad. For more than five years, we have been using this service. This strategy served our customers’ needs in the early years since most websites we sell back then were plain static websites that don’t use database. But as the project requirements get more complicated, so did the way hackers break in to computers’ security system.

Once a website gets hacked, html files get deleted or its appearance defaced.  Such can be easily restored from backup, but the time consumed in the restoration could have been used in more relevant activities to improve the site’s standing.  The same is true for both static and database driven, dynamic websites.  Dynamic websites (beneficial to e-commerce websites, content management with regular updating, forums, and subscriptions), which is the way most websites are done today, can be considered a haven to hackers. That is why we treat security as a major concern.

We began experiencing customer accounts being subjected to SQL injection, malware insertion, page defacement, POP3 spam relays and a lot of other attacks. We spent long hours restoring accounts and removing malwares as the attack continued only to find that more accounts were hacked the following day.

Unfortunately, we were so helpless. We used to host our accounts in a shared reseller platform from a US-based company like many other hosting firms in the Philippines do.

The truth behind reseller packages is that they are unsecured. Most hosting companies don’t care much about how website developers create their scripts and upload their files; they don’t inspect malicious scripts, SQL injection, or file permission. They leave it up to their customers or web developers to secure their websites.

The problem is that resellers do not have the access permission to modify the server parameters, install security software and firewall. Worst, the mother hosting firms set their servers with the lowest level of security so as to make them compatible with most scripts, remote access and connection types so that packages can be sold to the most number of customers while getting the least possible support requests, thus minimizing support manpower overhead.

ZOOM’s conception

As early as first half of 2011, we were already on the drawing board planning to launch our own web hosting platform with one thing in mind: to build the most advanced, hacking proof and high availability cloud hosting platform in the Philippines.

It took us several months to find the best combination of cloud platform, software, datacenter location, and front-end customer interface solution.

On December 2011, ZOOM cloud hosting platform core functionalities were already in place. It took another six months for the rest of the polishing works to be implemented including setting up of a remote intercontinental backup server, automated server configuration mirroring and account isolation.

And on May 27, 2012, ZOOM Hosting unveiled its customer interface through its website ZOOM.PH equipped with the most advanced OS, firewall, and security scripts.  Though we have a lot of products ready for the taking, we only made the basic hosting packages visible for customers to buy. We needed to prioritize security and we can now proudly say that ZOOM.PH is hacker proof!

ZOOM server security is now protected from SQL injection, brute force attacks, distributed denial of service attacks (DDoS), port scanning, spam email relay and other common hacking methods. We are also monitoring our servers for legitimate but suspicious access that can be caused by your account login information being stolen through a virus on your desktop or other social engineering tactics that are beyond one’s control.

Our servers have scripts to notify our administrators of suspicious activities, i.e. excessive logins from unexpected locations, excessive POP3 login or outgoing emails from an account. Our server will automatically block an IP address on a temporary or permanent basis when a certain threshold is hit. Our administrators also review these transactions to make sure that customer account has not been compromised.

In the next few weeks, several more tweaks and patches will be implemented to achieve a PENTAGON level security protection! We will update you on new developments.

Have peace of mind! At ZOOM, we treat every website as if it is our own!

Sunday, July 1, 2012

« Back