The overall security of our Web Hosting Solutions is achieved thanks to the incredible selection of
security components, working together to protect every website from the most common threats and
We will patch any security vulnerability on a server level as soon as it gets reported!
Hosting Plans come with a complimentary daily backups as standard!
User Account Isolation
Account isolation prevents the users of our Shared Hosting Plans interacting with the of each other!
Protection beyond your expectations!
To provide an all-around security solution for our customers, we have conditionally separated our security efforts and tools into two major Fleets!
Web Server Security Fleet
Our Web Server Security fleet takes care of every security aspect of our web servers. From surveilling the web traffic to every shared web hosting server to identifying and denying incoming attacks, the security components we utilize are there to protect your visitors and your website from malicious activities!
Our Environment Security Fleet focuses efforts in identifying and mitigating already existing security threats across all our servers. Protecting our clients against common code injected exploits and regularly performing malware scans across all our servers, our Environment security will prevent malware spread across client's accounts!
Every website, no matter static or dynamic, utilizes a web server in order to deliver content to its visitors. Therefore, the webserver is considered as a critical hub for the distribution of malware and the main door
that allows exploits to come in and out of the whole web hosting environment. For these reasons, we strongly believe that keeping the "door" closed for exploits and open for legitimate users is probably one of the most
significant challenges a web hosting company can face.
Thanks to the advancements in the Security field, we are able to provide a vast amount of security improvements, so we can mitigate a large percentage of the attacks that try penetrating our Web Servers.
Connections Level Limits
Whenever a client website is being accessed, the connection passes through our Web Servers. Every connection consists of at least two mandatory components – the IP address of the computer
initiating the Request and the Request Body. This allows the Web Server to prepare an answer for the request and to send that answer to the IP address that requests it.
Pretty simple, isn't it? – Yes, but what happens if the requests sent from a single IP address are too many, such as in a DoS attack scenario? - The Web Server gets flooded with millions of
requests, and for each, it tries to answer increasing the consumed hardware resources dramatically. To resolve this case, we utilize a security feature called "Connection Limit". It allows for
the number of requests per second from a single IP address to be limited to a reasonable amount, thus eliminating the risk of DoS attack to virtually none.
Requests Checking Service
We established that each website visit is associated with an actual connection to our Web Servers, and thanks to the request of that connection, the Web Server can produce web content and
return it to the IP address that requested it.
There is, however, an option that allows for not only the number of connections to be abused but also the request's parameters such as the Request URL Length, Request Header Length, and the
Request body Length. These can cause a severe overload of the server when they are abusively large. To prevent that scenario, we are limiting these to values that correspond to regular website
visits instead of malicious requests.
Furthermore, we also deny access to hidden files and the web listing of parent directories. In fact, all directory listings are disabled by default.
Web Application Firewall
There are millions of ways to exploit a vulnerability in a regular Web Server, however as we mentioned by limiting the number of connections and their length, we ensure that no attacks related to these will be allowed. But what if the request is with fitting length and there is only one request?
For the security of every request, we went even further and implemented a Web Application Firewall Solution (WAF) that inspects every legitimate request for a known vulnerability such as XSS attack or SQL injection. If such an attack is detected, the request is being terminated, and an appropriate message is sent as an answer to the IP address that sent it. If that behavior repeats a few times, the IP address is then banned!
Static Files Checking
Sometimes the requests sent to our Web Servers are not always for dynamic resources (such as PHP scripts). Instead, the requests are targeting static files (CSS, js, HTML, png, jpg, etc.). However, not always, these static files should be accessible, or at least not always, our customers want these files to be accessible. For that reason, our web server will serve a static file as an answer to a web request only if:
• The Static file is readable by everyone (it has at least 444
• The static file is not executable
• The file is not or does not contain symbolic links
DDoS Protection Service
Distributed Denial of Service Attack or DDoS is a type of attack that abuses the allowed amount of concurrent connections per IP address while amplifying the attack by increasing the amount of IP addresses taking part in the attack. In other words, thousands of IP addresses are sending hundreds of requests to a Web Server. That alone is devastating for unprotected servers since this attack completely prevents the webserver from answering the legitimate requests, thus making client websites completely inaccessible. For preventing this, we have implemented Web Server side DDoS protection that consist of:
• ModSecurity Integration – It is scanning web requests,
malicious ones and banning the IP addresses that repeat the same
• Per-IP throttling – This service limits the amount of
single IP can generate by sending requests to our Web Servers.
• SSL Renegotiation Protection Service – It reduces the
amount a single
IP address can request for an SSL certificate to be renegotiated
the web server. This reduces the amount of data transmitted between
web server and the IP address sent the requests.
• iohost reCaptcha Guard – reCaptcha is known to separate legitimate users from bots or web robots. By utilizing Google's human verification challenges, reCaptcha allows for subsequent malicious requests to be separated from legitimate user access. This is possible thanks to the fact that a human will be able to complete the reCaptcha challenge while a robot or a bot will be unable to do so. If the challenge is not completed, iohost reCaptcha Guard will block the IP address of the request and will return an appropriate message indicating the banning as an answer.
Let your website fly safely thanks to our Web Server security fleet!