Security precausions taken on the VUB hosting

• access is allowed only over SSH, and with a valid VPN logon
  • Thus, no passwords can pass over the internet unencrypted
• For SSH, we do not even allow password based logons: users are required to log on with a key pair (see: File Management.
• By default, the web server is unable to write to directories where the web sites are hosted. This serves to avoid allowing a cracker to modify p.e. PHP or Javascript files by abusing a security problem in a CMS. The user can decide about necessary exceptions: see File Management.
• The database is not reachable directly over the internet (not even with a VPN connection open), only from the web server. Apart from those people who have access to a hosting account, no one can connect to the database.
• off course, we also take care of operating system security and installation of the latest vendor supplied patches.

How to upgrade?

How to apply security updates

• CMS_Drupal
• CMS_Wordpress