Security

Please open a new ticket if you wish to report a security issue or have any security questions.

Vondelphia is a secure, white-labeled WEB Hosting provider. Being an internet-based service provider means Vondelphia doesn't actually need to know much about you to provide great WEB Hosting — it's true. This gives our organization a unique benefit that helps keep your data safe.

1. Services offered are as secure as possible, to the best of Vondelphias' ability.
2. All WEB Hosting is white-labeled, as much as possible... everywhere.
3. About 50% of Vondelphia security management is handled by the Operating System.
• Von uses CloudLinux O/S, learn more about CloudLinux Security.
• All server software is always updated within a timely manner.
4. You may issue unlimited (and free) SSL certificates on all your domains.
5. Only the absolute minimum information about you is saved (or logged).
6. Everything transmitted between your PC and Vondelphia is done over HTTPS/TLS.
7. IP table-based firewalls on all servers are properly configured by Vondelphia.
8. Many claim to offer secure hosting, but, do not provide it because security is a hard job.
9. No passwords are stored in plain text.
10. Your charge card data is processed by Stripe or PayPal.

Software Updates

All servers managed by Vondelphia are configured to be automatically updated with security updates from the Ubuntu security repositories as well as the Vondelphia repositories. These updates are signed with the Ubuntu and Vondelphia GPG keys, respectively.

When the Vondelphia agent downloads software from our servers that is packaged in formats other than deb archives, the code is signed with our GPG key and the agent checks these signatures before running the code.

Communications

All communication with Vondelphia performed by your browser and the Vondelphia agent is done over HTTPS/TLS.

The Vondelphia apt repositories are also served over HTTPS.

Many developers mistakenly assume that programmatic communication over HTTPS is always secure. These developers don't realize that their communication libraries default to not checking certificate trust chains, hostnames, or validity dates. We take care to perform these checks. In the very few cases that the programming language makes performing these checks unreliable, we avoid transmitting sensitive information (even over HTTPS) because we know the communication channel can't be completely trusted.

Firewalls

Vondelphia configures an IP tables-based firewall on all servers it manages. This firewall allows TCP ports 22 (ssh), 80 (HTTP), and 443 (HTTPS) as well as UDP port 68 (DHCP).

On our own servers, we further restrict SSH and other ports except to our own developers.

SSH

Our developers use SSH to access our own servers and use public key authentication when accessing them.

All servers managed by Vondelphia have an open firewall to allow SSH ports for SFTP & SSH access.

Mail

Vondelphia configures a postfix mail server on servers it manages. This mail server is used only for your web applications to send outbound mail. It is not configured to accept mail from outside of the server and the firewall is not opened to allow outside communication with the mail server.

Passwords

We do not store passwords in plain text.

Your Vondelphia account password is hashed using the industry standard Argon2id.

When you set system user passwords or mysql passwords using Vondelphia, we hash those passwords in the appropriate format and transmit them in hashed format to your server (over HTTPS, of course).

Credit Cards

We hand off credit card processing to Stripe. They power online transactions for thousands of business and SaaS platforms and comply with PCI standards in the storage and handling of credit card information.