We make every effort to secure our servers at the operating system and networking level.
Here are some of the activities we run everyday:
SSL (Secure Sockets Layer) enables you to send data securely between your web site and your visitors. SSL certificates can also prove your identity to visitors.
Server security is important, and the Perpetual Security initiative contains several features that help protect your instance from malicious actors.
These are some actions we take every dat to secure our servers:
KernelCare is a software extension that allows us to update our kernel’s security on a daily basis without needing rebooting our servers. KernelCare is a key feature of our Perpetual Security initiative.
The main advantages of KernelCare:
– Fast updates.
– No downtime because no reboot is needed.
– Ensures kernel has latest security updates.
– Automatic security updates.
– Maintaining an up-to-date server with the latest patches and fixes is crucial for us to maintain a more secure server. We ensure the operating system is up to date with the latest security patches, and we proactively monitor network connections and performance. In addition, we have a partnership with Patchman to provide additional security. Patchman automatically fixes software vulnerabilities in web applications.
– Set up of Firewalls. A firewall enables to control incoming and outgoing network packets. We use the Advanced Policy Firewall (APF) to explicitly grant and deny access to selected IP addresses, as well as to selected services running on the server.
– Software vulnerabilities. We continuously update our software applications (PHP, Apache, MySQL, etc) to avoid security vulnerabilities that malicious actors can exploit using automated scripts.
– Using of CloudFlare. Cloudflare is a content delivery network (CDN) service that blocks threats and limits abusive bots before they reach the web server. This increases security and reduces wasted bandwidth.
Hardening servers with fail2ban
The fail2ban program helps secure our servers against unauthorized access attempts by monitoring log files for suspicious activity. After a predefined number of failed access attempts from an IP address, fail2ban automatically blocks it.
The fail2ban application monitors server log files for intrusion attempts and other suspicious activity. After a predefined number of failures from a host, fail2ban blocks its IP address automatically for a specific duration. It is particularly effective in reducing the risk from scripted attacks and botnets.
Our e-mail is powered by Apache SpamAssassin, it uses scores to rate the likelihood that a message is spam.
* If your Outgoing email is marked as Spam please follow these directions.
MailChannels was designed to relieve the time, cost, and frustration of safeguarding against blacklisting and harmful spam. Spammers work with cybercriminals to exploit weaknesses in email accounts and use them to send waves of email messages which could be anything from simple marketing to criminal phishing scams and even hidden malware. Such emails coming from your company could have devastating consequences. Being able to filter every outgoing email is a huge step in stopping cybercriminals from taking advantage of an email account.
Dolibarr implements several security features. Among them :
Pages and files access
* These solutions are part of protection used to solve vulnerabilities classified by the OWASP Top Ten at range number X.
Our servers supports TLS v1.2 and 1.3. Our servers at UnboxERP takes cybersecurity seriously, and as a result, we’ve updated our encryption and security technologies. All sites utilizing SSL certificates (also known as HTTPS) support TLS 1.2 and 1.3.
Going forward, our sites with SSL certificates will no longer support TLS 1.0 or 1.1 due to security vulnerabilities associated with them. Most users will not feel any effects of this change. However, the restriction of TLS 1.0 and 1.1 will prevent users of legacy devices from reaching websites using SSL.
Rest assured that we have DDoS alerts, detection and defense in place. Referred to as null routing, DDos Defense temporarily brings down your Dolibarr, changes your IP and re-enables your application for a period of time until the attack stops.
What Is A Distributed Denial Of Service (DDoS) Attack Anyway?
A DDoS attack is when multiple computers, most likely compromised, attempt to maliciously take websites and online services offline by flooding them with unwanted traffic. The goal of this traffic is to overwhelm the service so they become unavailable for the site’s legitimate users. For someone who isn’t technical, the only sign of an attack is severe performance issues on your server. The server might even crash.