The system is hosted on a virtual private server (VPS) on DigitalOcean company;
The physical servers hosting the VPS are located in a datacenter in Netherlands;
The VPS runs a Linux system, Ubuntu 16.04 LTS distribution;
The operative system is periodically updated and maintained;
The server is behind a DigitalOcean firewall and accessible from internet only through secure protocols: SSH and HTTPS.
All other ports/services are closed (HTTP is forwarded to HTTPS);
SSH login is only allowed with Public and Private keys. Password login is disabled.
Technologies hosted in the same server: PHP 7, Mysql 5.7, Mongo DB 4 and Laravel Framework 5.8;
The system is only accessible through the secure protocol HTTPS.
User accounts are protected by the following security mechanisms:
Periodically password update is required
2nd authenticator factor
List of last logged in devices identified by browser and country
New device login notifications
Root login not allowed.
File integrity monitoring.
Chroot Jail SFTP access.
New Relic to monitor Application and Server status.
Server security maintenance:
Daily unattended security packages.
Monthly attended packages.
Distribution on end of life support for LTS distribution.
Application Security: malware monitoring in the app (https://sucuri.net/).