The system is hosted on a virtual private server (VPS) on DigitalOcean company;
The physical servers hosting the VPS are located in a datacenter in Netherlands;
The VPS runs a Linux system, Ubuntu distribution;
The operative system is periodically updated and maintained;
SSH login is only allowed with Public and Private keys. Password login is disabled.
Technologies hosted in the same server: PHP 7, Mysql, Mongo DB and Laravel Framework;
The system is only accessible through the secure protocol HTTPS.
User accounts are protected by the following security mechanisms:
Periodically password update is required
2nd authenticator factor
List of last logged in devices identified by browser and country
New device login notifications
Root login not allowed.
File integrity monitoring.
Chroot Jail SFTP access.
New Relic to monitor Application and Server status.
Server security maintenance:
Daily unattended security packages.
Monthly attended packages.
Distribution on end of life support for LTS distribution.
Application Security: malware monitoring in the app (https://sucuri.net/).