Security

Three Things Every Drupal Site Needs to Kick Ass

Why Xplain Hosting provides free Drupal core upgrades: Security is not a deliverable, it's a discipline says Lullabot. Having a secure website is not something we ever complete, but is an ongoing process. The costs of ignoring that process can be severe.

Sometimes a hack is not your fault: epic security hack

Full of scary details, this post describes a pretty serious social engineering hack:

I realized something was wrong at about 5 p.m. on Friday. I was playing with my daughter when my iPhone suddenly powered down. I was expecting a call, so I went to plug it back in.

It then rebooted to the setup screen. This was irritating, but I wasn’t concerned. I assumed it was a software glitch. And, my phone automatically backs up every night. I just assumed it would be a pain in the ass, and nothing more. I entered my iCloud login to restore, and it wasn’t accepted. Again, I was irritated, but not alarmed.

I went to connect the iPhone to my computer and restore from that backup — which I had just happened to do the other day. When I opened my laptop, an iCal message popped up telling me that my Gmail account information was wrong. Then the screen went gray, and asked for a four-digit PIN.

I didn’t have a four-digit PIN.

By now, I knew something was very, very wrong.

Security in the cloud

An interesting article in the NZ Computer World describes the security issues when moving to the cloud:

"The cloud model is more threat-rich than the shared hosting model, mainly because in shared hosting the core OS and apps- php, perl, mysql- are kept updated by the service provider," Kilbin says. "In the cloud, the customer has to keep the core OS updated, along with the application stacks, in addition to their code."

Quite so. That's why at Xplain Hosting we offer both: cloud and a sharing hosting model. We keep the server up-to-date, we do the backups, and we make sure customer websites are in perfect isolation from each other. We require customers to run fully patched Drupal sites.

We're here to make the cloud easy.