When you contract web hosting from clickonIT (in fact any web hosting provider) you are supplied with a web hosting platform (along with email services) for your domain. While we also supply a range of useful tools and facilities for you to use on the host it is up to you what you do with them.
We also manage the hosting system software to ensure that it is reasonably up to date and providing the fundamental security that current software versions have by default. This means updating the operating system, web server, database servers, scripting engines and mail servers. Updating and upgrading of these systems components is routine and occurs transparently to hosting operations.
The maintenance and security of your particular web hosting account is always your responsibility. In fact our terms of service require you to keep any applications and scripts that you use secure and reasonably up to date. A security breach on your account also has implications for other accounts sharing the same host.
We have a zero tolerance policy for any illegal or malicious behaviour. This policy is beneficial to you as it ensures that your web host is not barred or considered dubious by security precautions used by your customers and associates. We enforce this policy by immediately shutting down any account detected with suspicious content or demonstrating unacceptable behaviour. In virtually every case such behaviour is not intentional on behalf of the account holder or even taking place with his/her knowledge. It is because the site has been infiltrated by unauthorised users who have installed scripts or content to their own benefit in a hosting account and are using it without the account holder’s knowledge. In most cases the unauthorised use is is for criminal and fraudulent purposes.
It is in everyone’s interest that these activities be shut down immediately they are detected and that is our policy. If you find that your site is behaving erratically or you are receiving complaints about hosting a phishing site then you must take action straight away. If you do not know what to do to shut down unauthorised use of your site, contact tech support with the highest priority and get click onIT to do it for you.
Our routine system scans also unearth suspicious and malicious scripts and when they do the sites are shut down automatically.
Clean up and restoration of a clean site that can be reinstated for public access may require a significant amount of work. A full site backup is usually required as hackers are not adverse to deleting all your files and databases while they take over your site. You are responsible for cleanup and restoration and can do it yourself, hire a contractor or engage clickonIT to do it for you. There are service fees involved.
To prevent unauthorised acess to your hosting account we recommend;
- Change your hosting control panel password monthly.
- Use strong passwords.
- Use different passwords for different secured services.
- Store your passwords securely.
- Regularly monitor your site and site stats for unexpected behaviour.
All systems are breakable regardless of security provided therefore you must take this into account and provide a means by which your website can be sanitised and returned to reliable public service quickly and efficiently.
To do this we recommend;
- Maintain a full site backup at a secure off-site location. The backup should be made automatically at such intervals as you deem appropriate and retained for a minimum of two weeks.
- Maintain a complete website manual listing all access details, software and licensing details together with a log of site maintenance operations.
- Become familiar with the steps required to rebuild your website within the existing account, in a new account or on a new server. Or keep teh cotact details of someone who can do this for you at short notice.
If your business depends on your website and email for yoru daily operations, and most do now, then managing your webhost security must be your highest priority.
How clickonIT Can Help
Automated full website backup to secure off-site facility. Automated file/folder restore. Full site restore option.
Instantly update and strengthen your website security and receive a thorough report on your website security health, recommendations for actions to take and estimates of cost to complete the work.
Ongoing webmaster services to update security, content and software over periods of 3 or 6 months.