These pages discuss basic principles and good practices for the security of web services. In particular, the websites contain security trends and issues relevant to the security of the services that are relevant to the sites in our services.
There are currently two types of email scams in widespread circulation.
cPanel or Webmail scam, which asks you to verify your email address or account via a link or button in the message. The message is well crafted and persuasive. It also often comes from a trustworthy-looking address such as cpanel@omaosoite.fi. This message is a scam and the links it contains should not be clicked! The purpose of the scam is to fish for cPanel user IDs or email addresses. Our system will never send a message asking you to verify your account via a link.
S-Bank scam, which attempts to trick the user into clicking on a link/button in a message, claiming that the account is secure. The message is well formatted, written in good Finnish and does not contain any typos as is usually the case with this type of message. This message is a scam and the links it contains should not be clicked! The purpose of the message is to try to fish for bank codes. Banks will never send this type of message by email to customers.
Always keep web apps on your site up to date
From different web applications (e.g. WordPress, Joomla!, Drupal, etc.) can be found in various security vulnerabilities on a regular basis. Various security vulnerabilities are widely and often machine-exploited, so small sites can also be attacked. Updates to Web applications should be monitored at least every month and installed as soon as possible. If the site is not maintained for a long time for one reason or another, the entire site should be shut down or blocked from being used to prevent the site's web application from being attacked as it expires. Take Joomla, for example! 1.5 or WordPress 3.5 are already badly outdated.
Use secure sign-in methods
Use double authentication for important logins. Our dashboards support double authentication and we recommend activating it from the dashboard. File management is safe to do with SSH/SFTP connections using a password-protected SSH key. You can add the SSH key from the dashboard. Emails should only be logged in via an encrypted connection (SSL).
Update all service passwords as often as possible
Malicious users can gain access to the credentials used by the service, for example through malware. However, the compromised credentials are often not immediately exploited but are made public among the attackers some time after they have been compromised. Often a password that is changed every month will prevent large-scale use of the captured password. In addition, it is always advisable to change all passwords for a service when there is reason to suspect that malware has been present on the computer where the service credentials have been used. You can easily and securely create new passwords at https://suncomet.fi/passwords/.
Check file and directory permissions
You must have as few permissions as possible for files and directories. Commonly performing permissions are 755 (rwxr-xr-x) for directories and files. Files and directories can safely access up to 777 (rwxrwxrwx) permissions because each account is closed to their own file system, but we still recommend more restrictive permissions above. You can change permissions by using file management, FTP, or SSH (chmod) in the dashboard.
Remove unnecessary or unused IDs and web applications from the service
Useless, outdated, and unused IDs and web applications are particularly vulnerable to attack. For example, passwords for useless test IDs are often easy to guess or do not remember to change regularly. Also, test-installed webs applications are often not remembered to be updated, and even if they are not enabled, potential attackers can find them quite easily.
Keep all computers that use service IDs up-to-date
The security of computers that use service IDs must not be underestimated. Very often, malware obtained from an email or through a website manages to pry into service IDs and send them to harmers. Therefore, it is important to keep your computer's operating system up-to-date and to purchase a reliable and comprehensive security application to help protect your computer from malware.
Regularly back up and store them in multiple locations
However, even if the provider takes backups of the accounts, it is always worth taking separate backups themselves and keeping them in different places. This is how you deal with unexpected and exceptional situations. We also offer a separate Additional Security add-on service where a backup of the account is stored in several locations.
Internet-based accounts and sites are consistently vulnerable to largely automated attacks. The security of accounts and sites should be taken care of continuously and carefully. Although servers prevent most attacks, an attack with account credentials or unsneed features of the site is not always preventable because they mimic the normal functioning of the account or site.
There is no access to the account or site other than through the account or site. Sites and accounts are isolated from each other at the server level and do not have access to each other, regardless of permissions, such as files or directories. Passwords are stored on the server with one-way encryption and cannot be determined through the server. Even the administrator cannot resolve the account password from the server.
The account or site is hacked in one of the following ways :
1. Account IDs are cleared from the user's devices.
Passwords are often stored in programs on devices in plain language or in an easy-to-determine format. The user's devices should be scanned for viruses and malware.
2. Account IDs have been settled through an external service or by guessing.
Passwords should be complex enough and not easily predictable. The same passwords should not be used in different services. If an unsafe service stores passwords in plain language, then a potential hacker can get the password.
3. The account has been accessed through an outdated/security-free installation in the account.
Web applications (e.g. WordPress, Joomla!, Drupal, etc.) can be found in various security vulnerabilities on a regular basis. Installations should always be kept up to date or removed unused. Add-ons can also contain malware that accesses a site or account. It is also possible that a script is basically unenserated and even updating it doesn't make it safe. It is recommended to use only well-known and popular scripts, add-ons and layouts.
More than 99% of account and site hacks take place in the ways above. As a rule, hacks are carried out automated by malware. The most common purpose of hacking is to be able to add malware to the account that can still be exploited in new hacks. Another common purpose is to use an account or site for spam.
Malware can remain in your account for long periods of time without trying to access them. It is possible that malicious codes may not be detected by the system until they are attempted to be used. Security systems are constantly updated and new malicious codes are found regularly after updates, even if they have not been detected earlier.
This page answers the most common questions about services, ordering, and management policies. Our customer service will be happy to answer all questions related to our services. General questions about ordering, invoicing and termination keywords:
Suncomet Oy - since 2001 Suncomet Oy was fully established in 2001 finnish a company that offers its customers top-notch, but high-quality web hotels, domains, and servers. Anno Domini
Before contacting us about problems, please carefully review the following instructions, as there may already be an answer. This way we avoid unnecessary backlogs in our customer service and can serve
These pages answer the most common technical problems and questions. If the answer is not found on these pages or if any point is unclear, our customer service will be happy to answer all questions
On these pages you will find the up-to-date addresses and service gates of our servers, as well as the addresses of the name servers. Hosting accounts are located on multiple servers and each server has its own unique information. NAME SERVERS
