How ChemiCloud Web Hosting Secures 150k Websites: Q/A with John McMullin

Roberto Popolizio Roberto Popolizio

SafetyDetectives spoke with John McMullin, Business Development Manager at ChemiCloud and industry veteran with decades of experience in web hosting and server management.

He explained how ChemiCloud uses the latest tech to prevent the cybersecurity challenges faced by the 150.000 websites hosted on their servers, and how live data collection helps them quickly generate a recovery plan tailored to their clients’ situation.

What hosting services are you currently offering?

We’re privileged to offer hosting services on all scales: for individuals, small businesses or larger companies exploring new ideas we offer Shared web hosting and WordPress hosting – each with 3 degrees of resource distribution. Turbo/WordPress Turbo plans have access to exclusive add-ons that can enhance performance and increase storage to give a truly competitive advantage.

Resellers can start and grow their business with us, or migrate existing reseller brands over to us with one of 4 Reseller hosting plans. With scale covering resellers with 30-200 cPanel accounts, there’s a little something for resellers of all sizes. Grow plans and up get free access to a WHMCS branded license. And all reseller plans get free access to our Domain Reseller program and resources, as well as our exclusive reseller add-ons.

For more intensive applications, websites, mass online shopping sites and more we offer Cloud VPS. Powered by our Linode & Akamai partners, we provide the industry with 4 on-site VPS solutions and we’re here to help configure your custom Cloud VPS any time of day or night. With incredible depth of customization, every enterprise can enjoy the specific resources with our 24/7 support and full server management.

What security measures have you implemented to protect your customers’ data?

Business and consumer data on the web are growing as more and more transactions are being completed online. We take data security seriously and have implemented numerous safeguards to protect the data we’re entrusted with on our servers.

  1. Two factor authentication offers an extra step on customer logins. ChemiCloud provides account-level 2FA on our Client Area, and platform-level 2FA on every cPanel. Optional though highly-recommended.
  2. A customized firewall approach marries decades of server management skill with Imunify360’s robust protection. The result gets ahead of attacks such as brute force and more, powered by deep data and assisted by AI.
  3. Clamping down on malware is as important as blocking attacks. Our Proactive Defense technology ensures that our customers’ sites stay squeaky clean. By monitoring PHP behaviors and analyzing trends we are able to prevent disaster before it strikes.
  4. Customers – like their sites – are unique. We can tell people apart in all kinds of ways and we can tell our customers’ sites apart because CageFS helps us keep them separated. Resources, files and activity all contained in each user’s own account ensures their data stays secure – and their performance intact regardless of what else is going on on the server.

What tools and practices do you suggest to individuals and businesses in order to prevent and mitigate cyber attacks?

We can do plenty to reduce the likelihood of cyber attacks, and ideally we can prevent them entirely. Some keys to achieving this include:

  1. Limiting what’s out there. It may seem silly, considering businesses, promoters, bloggers and more WANT to be seen. However, trimming down what contact information is available helps limit what channels require supervision, and allow people and companies to tailor their response to what *does* come through. WHOIS privacy on domain names is one way to accomplish this, and using the same contact information on multiple platforms ensure consistency of brands and available information while giving would-be attackers fewer vectors to work from.
  2. Password Lockers. Gone are the days of notepad-stacks stuffed with login details. It was never a good idea to begin with. Resources such as 1Password, LastPass and others let users keep precious passwords and other sensitive information locked up tight – available when its owner requires, but kept safe from the rest of the world.
  3. 2FA everywhere. Almost every service with logins now offers 2FA. Use it! Having extra security on your access to the tools you use just adds to your peace of mind.
  4. Use forms. Lots of sites offer company emails for contact. Using forms instead for some of these applications reduces the number of email addresses out in the public eye. Once more – fewer vectors, fewer attacks.
  5. Website security. SSL certificates encrypt your website data. Keeping websites updated patches vulnerabilities. Using only trusted plugins, themes and website software ensures there’s no open back doors into your sites and data.

What does your disaster recovery plan look like, and what do you suggest your users do to be ready?

ChemiCloud customers enjoy peace of mind already with our 99.99% uptime guarantee, and the incredibly reliable infrastructure from our friends over at Akamai/Linode. While we’ve never faced a catastrophic event on our network, we identify and respond to threats in real time through our server monitoring and Server Health department. By leveraging live data we stay ahead of the curve. DDoS protection and an extensive firewall help us shrug off denial of service attacks and much more.

Should we face an emergency despite our best efforts, Server Health works with the data center to identify and resolve the matter. Disaster recovery comes in many forms and we’ll always begin with a thorough assessment. That allows us to build a plan and then carry it out. Because the nature of emergencies isn’t scripted, the resolution is entirely dependent on what kind of problem we’re looking at in the moment.

The greatest of threats, such as natural disasters can be mitigated as well thanks to our multiple server locations. By having a variety of locales to serve from, if one became completely unavailable it means we could restore to another location so as to preserve our customers’ sites. Such cases are incredibly rare, but we’re ready for them all the same.

How do you stay updated with the latest security threats and vulnerabilities in the web hosting industry?

It’s more a mix of staying updated regarding threats, but also staying updated on best security practices as well. The core components we deal with daily are often great for updating us to the threats and exploits that arise when they’re identified by their respective communities. cPanel and WordPress for example have amazing community support and news travels quickly when a patch is needed, or an exploit discovered.

On top of this we keep our ears to the ground. Following relevant industry brands on platforms like X(formerly Twitter) and FaceBook helps us see when new threats emerge, or when new technologies are shared to help in managing cybersecurity. Reddit has a rich tech community as well spanning numerous industries.

News sources can also be helpful, though it helps to curate a list so as not to be inundated with too much noise or excess information. The Hacker News, Darknet Diaries and the Akamai blog offer a variety of insights on cybersecurity threats and strategies.

What security challenges and exciting developments do you see in the future of web hosting, and how do you plan to cope?

With an ever-increasing number of internet users, web presences and social media outlets to engage with, businesses and individuals in and around web hosting will have increasing odds of encountering cyber attacks.

Industry brands and service providers will undoubtedly face a continued wave of exploits and bugs – that’s one thing that’s never changed. That said, those same bugs and exploits invite innovation. By rising to the challenges created by cyber attackers, hackers and internet con artists I hope that new solutions will emerge. New authentication practices, security implementations and more will protect individuals and companies and offer comfort and peace of mind.

About the Author

About the Author

Over a decade spent helping affiliate blogs and cybersecurity companies increase revenue through conversion-focused content marketing and Digital PR linkbuilding.