The system is hosted on a virtual private server (VPS) on DigitalOcean company;
The physical servers hosting the VPS are located in a datacenter in Netherlands;
The VPS runs a Linux system, Ubuntu distribution;
The operative system is periodically updated and maintained;
SSH login is only allowed with Public and Private keys. Password login is disabled.
Technologies hosted in the same server: PHP 7, Mysql, Mongo DB and Laravel Framework;
The system is only accessible through the secure protocol HTTPS.
User accounts are protected by the following security mechanisms:
Periodically password update is required
2nd authenticator factor
List of last logged in devices identified by browser and country
New device login notifications
SSH security:
Root login not allowed.
Non-standard port.
File integrity monitoring.
Chroot Jail SFTP access.
New Relic to monitor Application and Server status.
Server security maintenance:
Daily unattended security packages.
Monthly attended packages.
Distribution on end of life support for LTS distribution.
Application Security: malware monitoring in the app (https://sucuri.net/).