Website Hosting Reliability and Security

At Adeline Web Solutions, we understand that reliability and security are essential for your website’s success. That’s why we adhere to ISO 9001 and ISO 27001 standards, ensuring robust quality management and top-tier information security practices.

We prioritize regular, redundant backups, effective disaster recovery procedures, and compliance with industry-leading security measures. Our proactive approach guarantees your website remains secure, operational, and resilient, providing peace of mind for your business.

Hosting Reliability and Disaster Recovery

Our hosting leverages the reliability and security of Amazon Web Services (AWS) data centers located in Sydney. These state-of-the-art facilities are designed with disaster recovery in mind, featuring isolation across different flood zones, geographical areas, and power grids to ensure maximum resilience. For detailed information on how AWS ensures the security of their data centres, please visit their official page.

We perform daily backups of all hosted websites and databases, retaining them for 30 days. These backups are stored redundantly both onsite and offsite, distributed across three independent data centers in Sydney. This approach guarantees that your data remains secure and recoverable, even in the event of a catastrophic failure.

Our hosting is monitored 24/7, enabling immediate alerts and rapid recovery in case of server issues or data center disruptions. Depending on the situation, we can restore your websites and databases to unaffected data centers, ensuring minimal downtime.

Additionally, our web servers utilize mirrored drives, maintaining real-time copies of your site and uploaded files to safeguard against common single-drive failures.

Hosting Security

We prioritize the security of your data with advanced encryption for all data at rest on disk drives, web servers, database servers, and backups — ensuring protection against unauthorised access to underlying storage.

To further safeguard your data, we implement multiple layers of security:

Firewalls restrict access to expected protocols and ports.
IP whitelists control and limit administrative connections to web servers and databases, accessible only by authorised personnel.
SSL enforcement ensures all database communications are encrypted.
Unique credentials for each website provide secure database access, even if other credentials are compromised.
Least privilege principles restrict database credentials from performing unauthorised actions, such as deleting tables.
File access isolation ensures each website process can only access its own files and folders.

Our servers are consistently updated with the latest security patches and support modern Transport Layer Security (TLS) protocols, while removing outdated SSL protocols with known vulnerabilities. This guarantees secure communication with user browsers and third-party APIs or service providers.

Website Application Security

We uphold the highest security best practices for every website we create, ensuring robust protection against potential threats:

Password Security: All passwords are securely one-way hashed before storage, eliminating the risk of plain-text password exposure.
Brute Force and Session Protection: Processes are in place to prevent brute force password attacks and session hijacking.
SQL Injection Prevention: Database interactions are conducted via stored procedures and parameterised queries to safeguard against SQL injection attacks.
Input Validation: User inputs are rigorously validated to ensure they are clean and high-quality, such as verifying email formats or purchase prices. Invalid inputs trigger friendly error messages for users.
Server-Side Validation: Input validations are enforced server-side to prevent attackers from bypassing client-side checks, protecting against input injection attacks.
Custom Error Pages: We use custom error pages to prevent leaking sensitive information about the website or infrastructure to malicious users.
Cross-Site Scripting (XSS) Protection: User inputs displayed back on-screen are escaped to guard against XSS attacks.

We also highly recommend installing an SSL certificate to encrypt communications between users and our web servers via HTTPS. This prevents eavesdropping attacks and avoids browser warnings like the "Not Secure" message in Google Chrome.

As part of our HTTPS setup, we implement redirects from HTTP to HTTPS and add HTTP Strict Transport Security (HSTS) headers, ensuring browsers only interact with the site through secure connections and mitigating "Man In The Middle" (MITM) attacks.