Security Policy

While we do everything we can to ensure your security both using Limecube and your site on Limecube, we live in a world where hacking and Malware is prevalent. And while we are proud to have never been hacked or had any security compromise in our history, we are constantly aware of the need to maintain as tight a security as we can, and to have the right process in place should the unfortunate occur.

Below is an overview of our policy, internally it is far more detailed and all relevant staff constantly trained so we can react where required.

Process

This process covers what should you do if you think your Limecube website has been hacked.

Fill in the form here, and provide as detailed a description as possible. Detail is important as it could help us solve the issue in a much shorter period of time.

Detail should include:

1. Your user account email address (not password)
2. Your domain name
3. What exact error you are seeing, or
4. what information you think has been leaked
5. Any screenshots
6. Anything else you feel may be relevant.

With any hack you should also look to changing your password to a secure one. If you feel the hack has been through misuse of your password, it is best to change your password on a computer that you do not normally access Limecube through in case the hacker has gained your password through Malware or Spyware.

Shutting Down Individual Sites

As we offer a free 30 day trial removing any entry barrier, unfortunately some hackers/phishers misuse Limecube using this free trial. Certain types of sites typically meet this criteria, and where we see sites that look like they are being used for this reason we shut them down immediately and take further relevant action.

Types of Hacks you should look out for

1. DDoS attack on hosting server
2. Form Spam, where your website’s form is sending upwards of 30 spammy looking emails at one time
3. Cloaking, (hacker alternates the core files so only a Search Engine will see a site with different/spammed content)
4. Redirect, hacker injects redirect codes into the core files and redirect users to pages with spammy content, malware or external website.
5. Content Alternation, hacker injects scripts into the core files and change website content or links to spammy text.
6. User Data Leak, hacker steals user data after getting access to the website database.

Details Kept

Limecube only stores our subscribers information. Any information on individual sites submitted through forms are not stored in Limecube. We do this to mitigate risk to our clients, as we all hear the horror stories these days of large platforms being hacked and associated data leakage.

Passwords are encrypted using SHA256.

Backups

Backups are performed daily of everything required to run a Limecube website. This makes it easy should we need to restore anything back to the last backup. While there is a chance there may be some slight changes lost between the backup period and the time where restoration is required, this significantly reduces any significant data/information loss.

Backups are kept for the last 7 days at any given time.

Please note we only use these backups to restore from a security incident and not from any accidental page deletion by a user.

Account Access

Access to login and update a website on Limecube should only be by the account holder, or an authorised representative.

Where a request for support is made, this must come from the account holders' email address. Under no circumstances will Limecube provide support otherwise. In some instances where the request may cause concern around security or sensitive information, Limecube^TM may require a 2nd level of verification to confirm the request has come from the account holder.

A website may only be deleted by the account holder, and cannot be done by Limecube employees or contractors. The exception being where our terms and conditions are relevant.