Our Technology
BETTER TECHNOLOGY. BETTER HOSTING.
We employ a range of technologies that help keep our servers exceptionally stable and our customers' web sites super safe. Surprisingly, many hosts don't employ similar technology which can often result in their servers experiencing overloads, downtime, or worse - facing critical security problems such has defacement and hacking. And when the hosts don't provide, customers resort to installing plugins to help with website security, with an unintended consequence of having a slower website.
Don't waste your money on SiteLock, Sucuri, WP Cerber, WordFence Premium, Limit Login Attempts Reloaded, iThemes Security, etc.., these are a thing of the past. We include all security features that these paid services and plugins provide, free in all our web hosting plans. If you host your site elsewhere, then these services/plugins are a must. But hosting with us, there is no need for plugins, security providers, slow websites, websites breaking due due to security plugin updates, or worrying about security issues. This allows for us to have PCI DSS Requirement compliant hosting. The following 8 sections are the main features, but for more details click here.
Don't waste your money on SiteLock, Sucuri, WP Cerber, WordFence Premium, Limit Login Attempts Reloaded, iThemes Security, etc.., these are a thing of the past. We include all security features that these paid services and plugins provide, free in all our web hosting plans. If you host your site elsewhere, then these services/plugins are a must. But hosting with us, there is no need for plugins, security providers, slow websites, websites breaking due due to security plugin updates, or worrying about security issues. This allows for us to have PCI DSS Requirement compliant hosting. The following 8 sections are the main features, but for more details click here.
Bot Defense
Sites are under constant attack from bad bots who blast your site with fake and bad requests. Our dual firewalls (server & network) keeps them at bay, keeping your site fast, clean & safe from comment/form spam, brute forcing, user enumeration, & hacking.
Virtual Vulnerability Patching
We keep your website secure by automatically patching it with critical security fixes, server side, until your site can get updated. This includes the common CMS systems like WordPress and it's popular plugins.
File/Database Malware Cleaning
If some how malware was to get into your site, we have file change scanning and we scan your website automatically once per week. If we find anything in the files or database, we clean it up automatically, free!
Application Firewalls
To protect our clients even further we have a web application firewall (WAF) to give our shared web hosting customers protection of their websites, applications, and data from malicious users seeking to exploit vulnerabilities in web based software. Plus we have dual firewalls with IP Reputation Blocking to block bad IPs network wide from the start.
Account Isolation
We have a virtualized, per-user file system that uniquely encapsulates each customer, preventing users from seeing each other on the server and viewing sensitive information. This prevents a large number of attacks, including most privilege escalation and information disclosure attacks.
PHP Patching
PHP represents more than 79.2% of all server-side scripts. Because of this wide application usage, PHP is constantly exploited by hackers, making sites vulnerable. We keep our customers and servers safe by patching all PHP versions against known vulnerabilities from 4.4 to 8.1 – even those versions unsupported by the PHP.net community.
Email protection
Two different anti-virus programs scanning incoming email for 0-day malware, advanced spam emails, and linux, mac, windows, MS Word, and android viruses, with over 11 million signatures. Out of the box ClamAV that most hosting companies use, do not protect from 0-day/MS word malware and on average only has 5 million signatures. The Official Clamav signatures used by most have a detection rate of less than 10% for 0-day malware.
Secure Control Panel
Our custom built control panel allows us to run our servers without cPanel. This makes the server more secure and run faster with less resource usage. If your website account gets compromised, the attackers will not have access to your Email and SSL files, like they would with cPanel.
Secure Access
Each hosting account can be accessed via FTP SSL, SFTP, SSH and a secure SSL protected web based file manager.
Respect for privacy and data
The company belongs to its founders and its employees. Here, your data is processed by software developed to make sure that it complies with the GDPR and California laws to respect your privacy, and for PCI DSS compliant credit card storage. We have full control over our services and data center from end to end to ensure data security and confidentiality, with all data stored locally in our own data center (for our USA data center) where we have control over it. All credit card data is stored at our credit card processor (token storage), so none of our employees can view full credit card numbers.
Monitoring
We run redundant monitoring servers that monitor each piece of equipment on our network. Our monitoring is so advanced it will notify our support staff if there is any issues with our switches, routers, servers, bandwidth, etc. so we can proactively handle potential problems. The system can even automatically rectify any small service issues such as web or database server crashing. This type of proactive monitoring ensures our clients the most possible uptime available.
When your email is hosted with us we also monitor email subjects from your wordpress website sent to you from free plugins like WordFence and Limit Login Attempts as well as form spam. When our system sees an email with that plugin subject and that they have blocked an IP address for too many failed logins, we parse the email for that IP address and then add it to our network wide IP blocks so that the IP address is blocked from all our servers and cannot attack any of our of the websites we host. When a form is submitted on your site, we run its contents through a spam scanner (same one that checks emails) to see its spam score, and if it scores super high, then we block that IP from our network.
Network & Data Center
We have diverse fiber with redundant route optimized BGP bandwidth (via Noction) peering with providers CrownCastle and Hurricane Electric. In our data center we use redundant high-end Cisco routers and switches to connect us to the Internet. These routers are continually active and will automatically redistribute Internet traffic load using in-house BGP routing optimization software, resulting in minimum to zero downtime, lower latency, less jitter, less packet loss and better performance from first mile through middle mile. Hurricane Electric is peering in Los Angeles and CrownCastle is peering in Orange County, this separate peering and routes allows redundancy if the LA area has an Internet issue.
Our green data center is environmentally friendly in design and powered via onsite solar. We built our green data center, network and servers from the start to use the lowest amount of energy possible using the latest green design techniques, no other hosting company can do what we do without starting from scratch.
- Viridio owned and operated on-site Tier 3+ data center
- Redundant, Multi-Homed Latency/Loss Optimizing Bandwidth via Noction
- Redundant Cisco routers running full BGP routes on IPv4 and Native IPv6
- Redundant Cisco firewalls Network Wide IP Reputation Threat Defense to block bad IPs
- Redundant Cisco switches
- Redundant N+1 Power and Cooling
- Redundant Network connections in all servers
- Redundant Power Supplies in all servers
- Redundant Clustered virtual SAN (storage) for Web and VPS hosting using Samsung Data Center SSDs
- Each power supply (two in each server) is plugged into an ATS (automatic transfer switch) which then plugs into two different UPSs (thus each server has 4 UPSs)
Servers & Virtualization
To save energy we use virtualization that allows us to replace individual physical servers and replace them with "virtual machines," increasing the physical servers efficiency and shrinking our data centers’ server footprint, cooling needs and electricity usage. Viridio servers are running energy efficient processors, which use less power and generate less heat. Using KVM virtualization technology allows us to reduce cooling and electrical requirements with over a 30:1 ratio of virtual servers to physical servers. We also use a virtual SAN with Samsung Data Center SSDs local to the servers using cross server replication, to allow our physical storage and power requirements to be reduced while allowing higher uptime and better redundancy.
Server and Website Security
With the server operating system, each user/account is virtualized to their own file system, preventing any individual user from seeing any other users on the server, this system is called CageFS. CageFS is a virtualized, per-user file system that uniquely encapsulates each user, preventing users from seeing each other and viewing sensitive information. CageFS prevents a large number of attacks, including most privilege escalation and information disclosure attacks.
- Each user only has access to safe files
- Each user cannot see other users and have no way to detect the presence of other users or user names on the server
- Users cannot see server configuration files, like Apache/Web Server config files
- Users have a limited view of their own running processes and cannot see other users’ processes
- Only allow safe binaries to be available to users
- Removes each user’s access to ALL SUID scripts
- Limits each user’s access to the /proc filesystem
- Prevent symbolic link attacks via SecureLinks. This is a kernel-level technology that prevents all known symbolic link (symlink) attacks. It enhances the security level of the servers even further and prevents malicious users from creating symbolic link files (where an attacker tricks Apache Web server to read some other user’s PHP config files).
PHP represents more than 79.2% of all server-side scripts. Because of this wide application usage, PHP is constantly exploited by hackers, making sites vulnerable. Our HardenedPHP keeps our users and servers safe by patching all PHP versions against known vulnerabilities – even those versions unsupported by the PHP.net community. Over 100 vulnerabilities, many of which were critical, have been discovered for the unsupported versions of PHP. All have been patched.
Imunify360 is a completely automated security solution. It includes a distributed Threat Intelligence approach, which processes data reported by all running Imunify360 instances. Upon first cyber-attack or threat detection, Imunify360 provides instant protection. Moreover, we empowered it with heuristics running in the Cloud to make it even stronger. Under its protection, each server gains collective herd immunity because they share threat information in real-time. Our sophisticated detection of known and unknown security threats, including the infamous zero-day and distributed brute-force attacks, delivers robust and comprehensive protection for our servers. Imunify360 analyzes scripts in real-time and recognizes dangerous execution flows. This means you no longer need to watch CVE lists to identify current exploits in your software. Imunify360 stops malicious PHP scripts, both new and old, preventing them from running on our servers. Innovative PHP Immunity technology makes any web application invulnerable even if its vulnerable.
- Each user only has access to safe files
- Each user cannot see other users and have no way to detect the presence of other users or user names on the server
- Users cannot see server configuration files, like Apache/Web Server config files
- Users have a limited view of their own running processes and cannot see other users’ processes
- Only allow safe binaries to be available to users
- Removes each user’s access to ALL SUID scripts
- Limits each user’s access to the /proc filesystem
- Prevent symbolic link attacks via SecureLinks. This is a kernel-level technology that prevents all known symbolic link (symlink) attacks. It enhances the security level of the servers even further and prevents malicious users from creating symbolic link files (where an attacker tricks Apache Web server to read some other user’s PHP config files).
PHP represents more than 79.2% of all server-side scripts. Because of this wide application usage, PHP is constantly exploited by hackers, making sites vulnerable. Our HardenedPHP keeps our users and servers safe by patching all PHP versions against known vulnerabilities – even those versions unsupported by the PHP.net community. Over 100 vulnerabilities, many of which were critical, have been discovered for the unsupported versions of PHP. All have been patched.
Multilayered Website Security
Imunify360 is a completely automated security solution. It includes a distributed Threat Intelligence approach, which processes data reported by all running Imunify360 instances. Upon first cyber-attack or threat detection, Imunify360 provides instant protection. Moreover, we empowered it with heuristics running in the Cloud to make it even stronger. Under its protection, each server gains collective herd immunity because they share threat information in real-time. Our sophisticated detection of known and unknown security threats, including the infamous zero-day and distributed brute-force attacks, delivers robust and comprehensive protection for our servers. Imunify360 analyzes scripts in real-time and recognizes dangerous execution flows. This means you no longer need to watch CVE lists to identify current exploits in your software. Imunify360 stops malicious PHP scripts, both new and old, preventing them from running on our servers. Innovative PHP Immunity technology makes any web application invulnerable even if its vulnerable.
Additionally, Imunify360 shares data with the WAF and antivirus, giving our servers an added layer of protection. A term we use is “herd immunity” – a collective immunity for all the servers based on data related to incidents and attacks accumulated from all server across the globe. Incidents are analyzed in real-time and produce protection rules that are distributed to all servers. Once an attacker is identified, we proactively block malicious activity on all servers. The cloud-based component has a Real-time blacklist server containing blacklisted IP subnets and IPs for specific URL zones used in the WAF RBL module working server-side.
The first layer or Network layer consists of a Web-Application Firewall together (WAF) with WebShield and a Network Firewall. This layer protects against different web attacks sent via HTTP/HTTPS as regular traffic and from a CDN or Proxy. Each component uses cloud-based information, and many attacks are blocked in real-time. Attackers cannot bypass the protection while collecting information. Additionally, the network layer does not wait for attackers to reach a threshold. Imunify360 offers 360 degrees of protection leaving no possibility for the malware to get to the servers. The firewall tightly integrates with the WAF supplied by low false positives rules to enhance its usefulness. In combination with WAF, Imunify360 stops the majority of web application attacks event before they start. An advanced CAPTCHA system and Splash Screen are employed to halt malicious activity and ensure valid customers can reach your website. The WebShield component takes care of CDN and Proxy Traffic by determining the attackers’ real IP-addresses, then differentiates those IP addresses from those of legitimate users. Webshield grey-lists suspicious IPs then provides splash screens and CAPTCHA challenges that prevent malicious requests from harming or even slowing your website or our servers. Lastly, our Network Firewall and Intrusion Detection and Prevention Systems include IP management with a Pluggable Authentication Modules (PAM) extension, Open Source HIDS Security, and Port Firewall that prevents all system service attacks against FTP, SSH, etc. With IDS and IPS in Imunify360, we are protected from inside out and outside in. Imunify360 features an excellent Intrusion Prevention System (IPS) that includes a comprehensive collection of “deny” policy rules that block all attacks. And are effective against those who use custom or well-known exploit tools. By monitoring server logs, the Intrusion Detection System (IDS) provides excellent visibility of server security. It scans log files from several different angles and bans IPs that show signs of malicious activity. This activity includes password failures, potential exploits, brute forcing, etc.
The second layer of protection happens at the Application service level of our servers. Our unique Proactive Defense technology detects and blocks malicious execution flow during PHP runtime. It analyzes the PHP script behavior and prevents it from causing any harm to your website or our servers. It either blocks the entire script execution or just the malicious flow. This is crucially important because malicious code is often hidden: obfuscated, injected in the middle of the legitimate file, fetched from the network dynamically, and placed in the database. Proactive Defense sees right away when it is executed and stops it before it causes any damage to your website or our servers.
The final layer of defense occurs at the File-System level during file input/output operations. The file system is where Imunify Antivirus comes into play. A real-time file scanner that checks when a file is loaded onto the server, it is scanned. If it is malicious, it is cleaned. This mitigates the destructive effects on an unprotected system and is most helpful for already infected software. A background (regular) Antivirus program then performs regular file checks in the background to keep your website and our servers clean. And an On-Demand Antivirus is scheduled once per week to check all folders and files against malware. A WordPress database scanner also runs to check WordPress database records against malicious injection of javascript, iframes, and other malicious content and then automatically cleaned if any is found.
Software
We have built many custom software systems for our business allowing us to build needed features, provide high uptime and have security in mind.
- Our custom built control panel allows us to run our servers without cPanel hogging resources, having security leaks and allows Email & DNS to be redundant and not on the same servers servers hosting websites. And since DNS and Email services run on different servers then the website (unlike cPanel), so if either the DNS, Email or Website services have an issue or needs maintenance downtime for updates, it will not effect the other services.
- Our custom spam filtering control panel allows you to whitelist, blacklist, disable spam filtering, change the filtering level, and more. Plus you can see every email that was accepted or rejected (see why it was rejected) and resend them to your inbox if needed. Its built with two different anti-virus programs scanning incoming email and uses dozens of filters with over 20 different checks. These checks include DNSBLs, keyword scanning, header checking, brute force blocking, URLBLs, SpamAssassin, an advanced heuristic anti-spam scanner, SPF, DKIM, Greylisting, BATV, connection checking, remote SMTP server profiling, and many others.
- Trusted Email Replies ensures you don't miss an important email. It prevents spam filtering and blocking of any incoming email reply to an email you replied to or you sent out.
- Advanced Image and PDF OCR (Optical character recognition/Automated Text Extraction) to look for spam in images and PDFs attached to inbound emails.
- Our custom built Anycast DNS hosting with multiple DNS servers located across continents, allows multiple DNS server failures while keeping DNS lookups for your domain name online and close to your end users. This also allows for many types of DNS records to be available to our customers including ANAME/CNAME flatting.
- Our custom built backup solution stores all backups off of the web servers and is included free for all accounts. It includes multiple daily backups of website files, databases and email with 30 day retention. Plus we don't charge for any amount of restores, and a customer can restore files or databases right from our control panel.
- We use CloudLinux for our web hosting OS which allows us to maintain maximum cyber security and compliance by rapidly patching vulnerabilities (CVE's), and to keep production Linux systems updated with the latest fixes without lots of reboots by using KernelCare. This includes using LibCare to keep shared libraries like OpenSSL and glibc updated with the latest patches.