The datacentre which houses the server is located at: Node4, Millennium Way, Derby, DE24 8HZ, UK.
The datacentre is ISO27001:2013 certified.
The physical security features include:
- 24-7 security on site, Photo ID and swipe card entry.
- CCTV inside and out.
- Gated access and secure perimeter fencing.
- Redundant and uninterruptible power supplies.
The online security features include:
- Automatic malware scanning on a daily basis for common malware.
- SSL-TLS certificates are an integral part of our secure & encrypted web browsing and data transfer operation.
- PCI compliant: To accept, store and process debit/credit card information, the hosting provider must be compliant with Payment Card Industry Data Security Standards (PCI-DSS). These standards were introduced to reduce credit card fraud. The PCI Security Standards Council are responsible for ordering regular tests on hosting providers. They test for vulnerabilities where hackers could potentially steal cardholder information. Our platform consistently passes these independent audits.
- All emails and forwarders sent and received are subject to advanced antivirus and anti-spam protection. We use 3 layers of inbound spam and virus scanning, which are:
- Network-level: Commercial anti-spam blacklists from Spamhaus, Invaluement and Barracuda Networks are used to reject mail from known spam networks.
- Virus Scanning: Any known malware signatures are rejected.
- Content-based: messages are scanned for spam-like characteristics and filtered into the ‘junk mail’ folder.
- Web Application Firewall (WAF) helps protect our data and software by blocking suspicious activity. A common way to attack a website is to use web forms to insert malicious code. The WAF inspects every HTTPS request for SQL injection, trojans, cross-site scripting, path traversal and many other types of attack. It performs each inspection in less than a millisecond. The Datacenter security team regularly update the set of rules that filter-out malicious requests. This ruleset is made from commercially-available resources and custom rules written by the datacenter security team.
- Brute force login protection – Brute Force are applications that cycle through common passwords and use trial and error – random letters and numbers – to try to crack your login credentials. Our platform includes Stack Protect, which monitors log-in attempts to your admin areas.