Most small to medium hosting providers don’t have the time or the staff to monitor and review security alerts as they come in, the daily log watch reports, and to check if something reported is an attack that got through. Is that a hacker? What are they trying to do do? How can I stop them from attempting to gain access to my server again?
Some hosting providers don’t realize the importance of security monitoring until they get hacked or are denied PCI compliance because no one is checking to see if the security system is working or improving server security on a regular basis. Even worse, many businesses can be lulled into a false sense of security because they think a firewall in front of their hardware will protect them. As we all know, just one major compromise can be catastrophic in terms of clean up cost, lost clients, and lost reputation.
Daily, we manually review logwatch reports and other security alerts that are sent checking to see if your security and firewall needs to be tweaked, or if a one or more of your customers appear to be targeted we can alert you so you can alert them.
Another important element of our security monitoring is contacting the manager of the IP address(es) involved in the attacks to let them know about the abuse. While we cannot guarantee how the IP manager will respond, the following is typical of the responses we do get:
We have received your message and informed our client: the problem was due to a outdated version of a script on its account. A hacker had copied a webshell script (WSO 2 * Web Shell by oRb) to the server. It has been deleted by a member of our staff. We updated the client’s script and hope that no other attacks will disturb you.
Show your banking partners, your PCI compliance vendor, and your customers you care about security by having us monitoring and review your security daily.
Please call us at 1-717-484-1062 or contact us for more information.
Related news and blog articles: