While we do everything we can to ensure your security both using Limecube and your site on Limecube, we live in a world where hacking and Malware is prevalent. And while we are proud to have never been hacked or had any security compromise in our history, we are constantly aware of the need to maintain as tight a security as we can, and to have the right process in place should the unfortunate occur.
Below is an overview of our policy, internally it is far more detailed and all relevant staff constantly trained so we can react where required.
Incident Response Process
Limecube maintains a structured protocol for addressing security incidents, including thorough threat analysis and implementation of necessary measures.
The below process covers what should you do if you think your Limecube website has been hacked.
Fill in the form here, and provide as detailed a description as possible. Detail is important as it could help us solve the issue in a much shorter period of time.
Detail should include:
- Your user account email address (do not include your password)
- Your domain name
- What exact error you are seeing, or
- what information you think has been leaked
- Any screenshots
- Anything else you feel may be relevant.
With any hack, you should also look to changing your password to a secure one. If you feel the hack has been through misuse of your password, it is best to change your password on a computer that you do not normally access Limecube through in case the hacker has gained your password through Malware or Spyware. Also, make sure your anti-virus is up-to-date and scan your computer.
Shutting Down Individual Sites
As we offer a free 14-day trial removing any entry barrier, unfortunately some hackers/phishers misuse Limecube using this free trial. Certain types of sites typically meet this criteria, and where we see sites that look like they are being used for this reason we shut them down immediately and take further relevant action.
Types of Hacks you should look out for
- DDoS attack on hosting server
- Form Spam, where your website’s form is sending upwards of 30 spammy looking emails at one time
- Cloaking, (hacker alternates the core files so only a Search Engine will see a site with different/spammed content)
- Redirect, hacker injects redirect codes into the core files and redirect users to pages with spammy content, malware or external website.
- Content Alternation, hacker injects scripts into the core files and change website content or links to spammy text.
- User Data Leak, hacker steals user data after getting access to the website database.
Limecube only stores our subscribers information. Any information on individual sites submitted through forms are not stored in Limecube. We do this to mitigate risk to our clients, as we all hear the horror stories these days of large platforms being hacked and associated data leakage.
Data Center and Cloud Providers
Limecube collaborates with top-tier data center and cloud service providers for its infrastructure needs, using advanced security tools and methods for access control. Furthermore, Limecube implements defensive strategies against DDoS attacks and routinely evaluates its strategies for business continuity and disaster recovery.
Backups are performed daily of everything required to run a Limecube website. This makes it easy should we need to restore anything back to the last backup. While there is a chance there may be some slight changes lost between the backup period and the time where restoration is required, this significantly reduces any significant data/information loss.
Backups are kept for the last 7 days at any given time.
Please note we only use these backups to restore from a security incident and not from any accidental page deletion by a user.
Limecube employs SSL certificates to secure data during transit between the websites of end-users and their domains.
Application Level Security
- Limecube encrypts user account passwords.
- Limecube offers an IP restriction feature for administrative logins from designated IP addresses.
- Limecube deploys Web Application Firewall (WAF) technology.
- Limecube conducts regular penetration testing on its platform, with its security and development teams reviewing and addressing the findings.
Access to login and update a website on Limecube should only be by the account holder or an authorised representative.
Where a request for support is made, this must include the account support code, and depending on the details in the request, come from the account holders' email address. Under no circumstances will Limecube provide support otherwise. In some instances where the request may cause concern around security or sensitive information, Limecube may require a 2nd level of verification to confirm the request has come from the account holder.
A website may only be deleted by the account holder, and cannot be done by Limecube employees or contractors. The exception is where our terms and conditions are relevant.
Systems Access Control
Limecube controls access to its systems, following the principle of least privilege. Its access control policy encompasses procedures for account setup and removal, authentication processes, management of privileged accounts, user identification, and meticulous access tracking and monitoring.