Website security used to be simple – configure a few settings and call it a day.
That’s not enough to secure your company’s online presence today. First, reducing website security to a single technology oversimplifies the security threats you face. Second, you also need to give thought to the full range of security risks you face.
Read the rest of this post »
Book 2 in the LuxSci Internet Security Series.
Created by Erik Kangas, PhD
This LuxSci eBook is your well-researched guide to both a critical understanding of the specific issues and concepts of HIPAA as it applies to web sites, so that you stay compliant with these government standards. This document will provide a framework for your health care organization to keep the privacy of patient information front and center while still having an engaging web presence. Providers will have the necessary tools to meet all requirements established by HIPAA for access to, storage of, and transmission of protected health information (PHI) through web sites.
This eBook includes sections on:
You buy a HIPAA compliant web hosting infrastructure. You configure your web site to send out email messages in the simplest way, e.g. through PHP mail, or some other generic and standard mechanism. You think you are all set — but you are not.
HIPAA compliant web hosting services provide a server infrastructure that allows you to be compliant; however, it doesn’t make you compliant. Your web designers must make choices and program your site so that it properly respects ePHI. If they do not do all the appropriate things, you will be out of compliance. E.g. see: 7 steps to make your web site HIPAA-secure.
In particular, email messages sent in the “normal way” from a web site will go out insecurely in a way that will violate the HIPAA Security Rule if they contain ePHI of any kind. E.g. they will not be encrypted and will not be archived.
Read the rest of this post »
WordPress is an extremely popular content management system for both blogging and creating web sites. It’s popular because it is quick to set up, easy to administer, has a very large supported base of add-ons, and looks good. As a result, many LuxSci customers use WordPress in one fashion or another for their web sites hosted at LuxSci.
As we cater to a large segment of customers who have specific compliance needs, e.g. HIPAA compliance, we frequently are asked about using WordPress with ePHI … e.g. using WordPress to provide access to protected health information for members of the WordPress site.
Can this be compliant? Is it a good idea?
Read the rest of this post »
Many LuxSci web hosting customers use WordPress. The following video, first in our new series of tutorial videos, walks you though how to install and configure WordPress for standard use on LuxSci. In the future we will also have additional WordPress videos for advanced topics such as site migrations and SSL-only blogs.
Through a special deal with our premium server provider, RackSpace, LuxSci is now able to offer all new web hosting accounts 200 GB/month of high quality bandwidth for web and FTP usage, instead of the 10 GB/month previously included, at no additional cost!
How to take advantage of this? Simply order any account that includes web hosting and you will receive 200GB/month of bandwidth.
What about existing customers? Existing web hosting customers interested in taking advantage of this new bandwidth offer can contact LuxSci Sales. LuxSci will review your account and update it to take advantage of any new pricing or offers for which you may be eligible. Monthly accounts are eligible for contract changes starting at the beginning of the next month; yearly accounts at the beginning of their next year’s term.
It is explicitly against LuxSci’s Acceptable Use Policy (AUP) to send Spam, unsolicited commercial email, or bulk email or any kind from LuxSci’s web servers. In order to proactively limit such unauthorized usage of our web servers, LuxSci will be imposing limits on the number of email messages that can be sent each day from the web servers by users and web sites.Web sites will be limited to sending no more than 500 email messages per day. The web site owner, his account administrator, and technical support will be warned once the web site has sent more than 250 messages in one day and if the web site exceeds its limit.
Users with shell or CRON access will be limited to sending no more than 200 email messages per day. Both the user, his account admin, and technical support will be warned once the user has sent more than 100 messages in one day and if the user exceeds his/her limit.
Once a user or web site exceeds its limit, it will be blocked from sending additional email messages for 24 hours.
The sending limits on web sites can be raised without any additional fees if necessary. If you think that your web site may need to send more than 500 email messages in one day, you should make a support ticket explaining why and requesting a higher limit.
These user and web site sending limits and warnings will NOT go into effect for several weeks. In the mean time, we will be watching user and web site email usage and contacting those users or sites that would have reached these limits so that we can adjust the limits for web sites that legitimately need to send more messages before the limits go into effect for real.
Please feel free to review your user and web site email sending histories as they accrue via the auditing reports and to make a support ticket if you have any questions about these limits.
Technical Note: Our web servers now utilize the special environment variable “SMTPAUTH” to authorize and track your web sites’ outbound email usage. Tampering with or removing this environment variable will result in either greatly reduced sending limits or the complete failure of all outbound email to be sent (once the limits are imposed). This is not an issue for PHP scripts, but can be an issue in Perl and other CGI scripts if you modify the environment passed to sendmail. You can tell if you have a problem with this by looking at your web site’s email sending reports; scripts with this problem will not have their sent messages recorded there.
