Skip to main content

Hosting Security Information

Measures to prevent DDoS attacks

In the course of anti-DDoS measures at all our data centre operators, we removed corresponding DDoS application code on OSI Layer 5 and Layer 7 in favour of application performance several years ago. The anti-DDoS measures of our data centre operators have proven to be very effective so far. So effective, in fact, that we have almost never had to inform our customers about corresponding measures that have been taken. The data centres of the image servers are certified according to SOC1 Type II, among others.

Ensuring that those measures are implemented

All your servers are managed by us. Measures to change accesses, create and delete users and activate accesses cannot and should not be taken by you. The issued accesses themselves, however, are in your care. The extent to which this is done is naturally not part of our mandate. However, we limit possibilities for negative exploitation of technical possibilities through this "filter". Irrespective of this, we maintain all software components at very short intervals. This also includes a constant evaluation of the components used.

Excessive Requests

We have both IP-based monitoring and monitoring at the HTTP request level. Mass requests can be of very different types and are often triggered by search engine bots. Typical here are checks to see whether certain resources are available or have changed. To detect unusual bulk requests, a threshold-based change trigger is active at the IP level. This compares the current data traffic with a comparison period (one week in retrospect) and then decides whether there is a message. If necessary, we then look at the accumulated traffic. This happens regularly, especially with campaigns such as newsletters, Cyperdays, TV advertising, etc.

Data Center Certificates

The data centres of the image servers are certified according to

  • ISO 27001:2013 (including IT security procedures)
  • SOC1 Type II (including data security, protection against cyber attacks)
  • various PCI DSS certificates (regulations for payment)
  • and partly NEN 7510 (like ISO 27001)

Also important: All data centres obtain their electricity in whole or in part from regenerative or renewable sources.