Archive for the ‘Security’ category


2FA Control Panel Access with Authentication App

Takeshi EtoWe’ve been seeing a rise in the number of hacking incidents with our customer’s control panels. To help secure Control Panel access, Everleap now supports Two-Factor Authentication access to the Control Panel using Authentication Apps, like Google Authenticator and Microsoft Authenticator.

two factor authentication for Control Panel

At the same time we launch Authentication App support for 2FA Control Panel access, we will be restricting the existing Phone Text Message authentication to USA- and Canada-based phone numbers only. We are finding that each country has different and evolving rules and wildly varying costs that is making support for all international phone numbers difficult and resource consuming.

In general, we recommend using Authentication Apps for 2FA access.

Check out our knowledge base article to learn how to enable 2FA and secure your control panel login, today!

Stay Safe!

Visit Everleap to learn more about our Shared Cloud ASP.NET hosting solutions.



Is malicious traffic bypassing CloudFlare on your IIS site? Here’s how to stop it.

Martin OrtegaIn my last blog post, I discussed how you can use CloudFlare to prevent bad bots from getting to your site. But, what happens if the bad traffic still remembers your old IP number for the original web server and the bots still get through.

Recently we had one of our Managed Hosting customers experience this very problem. We helped find a solution to this issue.



Using Cloudflare to Thwart Bots

Martin OrtegaI posted previously about recently discovering that some of our Managed Hosting customers running nopCommerce sites were experiencing high traffic with no increase in sales activity. It seemed suspicious, and for those customers using our Advanced Monitoring service, we detected an increase in CPU resource usage and a noticeable slowing down of their sites. As it turns out, the traffic was from bad bots. We contacted our customers, let them know what we saw, and helped them fix the issue.

There are many options to prevent bad bots from affecting your site, but the best and ultimate option to strive for is to prevent the bot from hitting your site in the first place. Here I discuss my preferred method.



Bad Bots Hitting your Site? What would Azure do?

Martin OrtegaWe recently discovered that a few of our customers running nopCommerce e-commerce sites were experiencing high traffic. You usually would automatically think it’s a great thing, however, the customers were not seeing any increase in sales activity. So something was wrong. Long story short, after investigating, the high traffic was from bad bots.

We discovered this issue when the Advanced Monitoring tool attached to one of our Managed Hosting customer’s site alerted us about an increase in CPU resource usage. On our Managed Hosting system, we don’t generally meter our customer’s bandwidth usage, but we will notice an increase in server resource usage. These bots were so pervasive that it caused the customer’s CPU usage to increase dramatically, causing a noticeable slowdown of their site.

There are many options to prevent bad bots from affecting your site performance and I’ll cover my preferred solution in a future post.

Our customers were thankful when we notified them as to what was happening with the high bot traffic activity. We provided assistance to help our customers deal with the issue.

That got me thinking about what would have happened if the customer was on a giant public cloud, like Azure or Amazon. On those public cloud platforms, you would be paying for all the in/out traffic you use. So, if you got hit with some nasty bots, you’d be on the hook for paying for the bandwidth. Since customers are paying for bandwidth usage, is there incentive for the giant clouds to help identify issues like bots? If you’ve ever dealt with this issue on Azure or Amazon, I’d be curious to hear about your experience.

For Everleap, since we include bandwidth as part of our flat monthly hosting fees, we do what we can to monitor our bandwidth usage as a whole and we try to actively look for these types of suspicious activities. We pride ourselves in being proactive to help our customers and that is the kind of service that our customers should expect from us.

Learn more about Everleap Managed Hosting services.



Introducing Managed Cloud Backup

Takeshi EtoExpanding our service portfolio beyond website cloud hosting, we are excited to announce the launch of our new Managed Cloud Backup Solution. We believe that this solution will help your business stay resilient from ransomware, cyberattacks and other forms of data loss.

Managed Cloud Backup

Your Mission-Critical Data Backup Simplified

Everleap’s Managed Cloud Backup Solution backs up business critical data from your on-prem servers, desktops, laptops and mobile devices.

We offer Free Managed Cloud Backup Consultation



Types of Cyber Attacks – Part II

Takeshi EtoWe learned recently that October has been designated National Cybersecurity Awareness month, so we are posting on the topic of Cybersecurity.

In a previous post, we discussed a partial list of common types of Cyber Attacks and here we continue listing out some more types of threats.



Types of Cyber Attacks – Part I

Takeshi EtoWe learned recently that October has been designated National Cybersecurity Awareness month, so we’ll be doing some blog posts on the topic of Cybersecurity.

First, we’ll look at the most common types of Cyber Attacks that hackers engage in.



IP Restriction for Private MySQL Server

Takeshi EtoWe added IP Restriction to the Private MySQL Server service for additional security.

With this feature, customers that use Private MySQL Servers can restrict the connection to their MySQL server to only be from a specific list of IPs. The customer can update their “allowed” IP list at any time through their Control Panel.

More information about Private MySQL Servers at Everleap



IP Restriction Feature for Private SQL Server

Takeshi EtoFor additional security, we’ve added IP Restriction to the Private MS SQL Server service.

With this feature, customers that use Private SQL Servers can restrict the connection to their SQL server only from specific IPs. Multiple IPs are supported and the customer can update their “allowed” IP list at any time through their Control Panel.

More information about Private SQL Servers at Everleap



PCI Certification Solution Available

Takeshi EtoDo you have an ecommerce website that accepts credit card payments or are currently working on incorporating credit card processing into your website/business? Do you use a credit card processor or do you use PayPal or any other third party payment services? If so, the Payment Card Industry (PCI) requires you to adhere to the PCI Data Security Standards (DSS).

SiteLock PCI Compliance Scan Service
Through our partner, SiteLock, we now offer PCI Compliance Scan services to get you PCI Certified. SiteLock is a official PCI Certification provider. You can order the PCI Compliance Scan service through your Control Panel.



oui décor