HOSTING ACCOUNT SECURITY

You are here: Legal Notices > Hosting Account Security


		 

The following shall apply where the Services include or consist of "shared web hosting", "reseller web hosting" and "unlimited domain hosting" services:

responsibilities

The Customer is fully responsible for the content on their website and insuring that the content is accurate and up-to-date in their sole discretion. Plutus™ Internet Services Pty (Ltd.) claims no ownership or any involvement in the content hosted on your website and is not responsible for creating or insuring the content on your website.

The Customer is responsible for the scripts that they install or use on their hosting account. Keeping scripts up-to-date is arguably the best account management activity one can do to insure the safety and security of your website. Any script, program, or application that you the customer have installed or use on your website should remain up-to-date. Developers release new versions of these scripts, programs, and applications in order to fix known security vulnerabilities. If you the customer do not upgrade to these latest versions then you do not get to reap the benefits of these security fixes. Failing to keep scripts, programs, and applications up-to-date can result in the compromise of your account, compromise of confidential or private data on your account, and/or the defacement of your website. It is recommended that you as the customer subscribe to announcement lists, RSS Feeds, Twitter accounts, etc. regarding the development of any script, component, extension, or add on that you might use on your website so that you can be aware of any updates. Because outdated scripts may be vulnerable and can threaten the performance and stability of the server, Plutus™ Internet Services Pty (Ltd.) reserves the right to disable or remove any outdated script, extension, component, or add on that is found on your account.

Customers who develop their own scripts, programs, or applications to use on their website should be mindful of the architecture and programming language that is used during this development. Those customers should follow accepted practice in developing these scripts, programs, or applications in a secure manner. Those customers should also stay up-to-date with the development of the architecture and programming language used in these scripts, programs, or application development and respond accordingly when security or changes are made or announced. Because the insecurities and stability of these scripts can threaten the performance and stability of the server, Plutus™ Internet Services Pty (Ltd.) reserves the right to disable or remove any such script, program, or application that is found on your account.

Any and all abuse caused by outdated, mis-configured, insecure, or otherwise faulty scripts, if intentional or not, is the sole responsibility of the customer. Failure to keep your site secure by upgrading scripts in a reasonable time frame after updates are available is a breach of our acceptable usage and terms of service, and abuse of these un-patched scripts will cause clean up fees (charged at R375 per 30 minutes) and/or is grounds for termination of your account without prior notice.

Customers are prohibited from installing any script that allows execution of "shell" commands on our servers because we do not provide direct ssh/telnet access into accounts. No installation of proxy scripts (scripts that allow users to view other sites on the internet through our servers in an indirect manner) or IRC related scripts are allowed on any accounts and will also be considered as grounds for instant account termination with no refund.

The Customer is responsible for insuring safe and secure permissions of the files on their account. Files that contain confidential information such as database logins and/or ftp logins or other data that should remain private, should use a permission level of 400 or 600 or the least possible permission level. Whenever possible these files should be placed outside of the public_html on the account for an added security layer. Normal files should have a permission level of 644 and normal directories should have a permission level of 755. Under no circumstances should directories have open permissions of 777 or should files have open permissions of 666 or 777. In an attempt to ensure the safety and security of your information, we may monitor and adjust the permissions settings of your files as a courtesy not as an obligation. If we find that you as the customer continuously change your folder or file permissions to 666 or 777 Plutus™ Internet Services Pty (Ltd.) reserves the right to disable or remove any such script, program, or application that is found on your account.

You as the customer are responsible for insuring the strength, security, and confidentiality of your passwords. Customers should use strong passwords that contain a mixture of upper and lower case letters, numbers, and symbols. Password strength indicators are provided in your hosting control panel (cPanel). The security and confidentiality of your password refers to keeping your password stored in a safe location where other individuals cannot see your password and insuring that you do not distribute your password, unless someone, at your discretion, requires your password.

Customers should also be mindful of computer viruses, trojans, keyloggers, spyware, adware, malware, and any other malicious software that may be installed or running on your computer or a computer that you use to access the administrative side of your account. This is a new threat to the stability of your account. Malicious software has been found to lurk around your computer searching for your passwords and using that information for malicious intentions. It is recommended that you not store your passwords on your computer, but if you must that you store them in an encrypted manner that is not easily susceptible to these malicious information gatherers. Failing to do so can hinder the security of your password.

Customers are encouraged to change their password often. Especially after giving the password out to a third-party individual and they have completed their activities or services, after requesting a password reset, and after the initial account set up. Plutus™ Internet Services Pty (Ltd.) cannot be held responsible for the compromise of your account password due to the lack of customer's vigilance regarding this policy.

Customers are responsible for the actions and activities that are done on their account regardless if these actions or activities are done by the customer themselves or someone the customer hired or requested to perform a service on their account. If the customer's account is hacked into or if the account's login credentials are compromised, the customer is still ultimately responsible for these actions. Customers have the opportunity and the expectation to act in good judgment regarding password sharing, file permissions, script updates, and general password security which can play a role in the compromise of an account.

All services and actions performed on an account must be used for lawful purposes.