| These services and related policy have been in effect since October 10, 2005, but I thought it prudent to highlight it given the recent rash of malware infected content management systems due to neglect by the web site owners. Of special note for those cases is the last item in the list.
We're allowing the first incident at no charge as a courtesy, but repeat incidents due to bad passwords or insecure customer supplied code will be at the rate specified.
Note that we keep our shared hosting servers secure automatically. This is aimed at those who don't keep their VPS, passwords, or user uploaded code secure, all things we have little to no control over.
Server and Data Security Services:
- Vulnerability Analysis. We identify all security vulnerabilities on your hosting account and present you with a list of those vulnerabilities and suggested corrective action for each. We recommend that you do this at least once a year on your own or by use of this service. $75 per use.
- Vulnerability Removal and Mitigation. We correct any security vulnerability identified through the Vulnerability Analysis service or other vulnerabilities currently known to you at your discretion. $25 per vulnerability closed. Certain vulnerabilities requiring a large amount of work will be billed at $75/hour in one hour increments. We will notify you and get your approval on any work that we anticipate will be billed hourly.
- Security Hardening. We perform a Vulnerability Analysis, Vulnerability Removal and Mitigation, password security analysis and correction, open port scan, firewall rule setup specific to your needs, software security updates, root-kit sweep, running process screening, installation of open source security watchdog software to track and log suspicious user activity, and provide you with guidelines for maintaining your own security once the hardening is complete. If you accept credit cards from your web site and store customer information on your hosting account, this service is a necessity. A single liability lawsuit from a customer could cost tens of thousand of dollars in legal fees and judgments. We're offering this service at $300 per use.
- Security Incident Clean-up. We recognize that not all security incidents are preventable and that some people refuse to take appropriate preventative actions for various reasons. Usually, a security incident involves someone breaking into your account by compromising a password or poorly programmed application. They then upload various files and programs into your account in various locations. Sometimes these are hidden locations and sometime they are obvious. Often they will build a back door into your account so that even if the original security hole is closed, they can still get back into your account. Sometimes they will also replace system programs and configuration files causing various things to cease functioning. The Security Incident Clean-up service involves reversing all of those actions, getting your account functional again, and closing the security hole that allowed your account to be compromised. We're offering this service at $50 per hour in one hour increments.