GDPR Update: Force Two Factor Authentication

Published on May 23rd, 2018

With GDPR very much a hot topic with the go live date on Friday (25th) of this week we have launched a new feature to improve server security. You can now toggle Force Two Factor, which will only allow STORM users with Two Factor enabled to view and manage a STORM server.

You can only enable this feature if you are an Owner of a server and have Two Factor enabled on your own STORM account. Once this feature is enabled users with Two Factor switched off on their account will not be removed from that server but will not be able to access it until they switch on Two Factor. You can enable Two Factor on any STORM account under Profile.

Two Factor is an extra layer of security when logging into STORM. STORM will require you to enter a 6 digit code along side your password. The 6 digit code changes every 60 seconds based on a HMAC based algorithm. You can use any HMAC based algorithm on STORM although we recommend either 1Password or the Google Authenticator available on iPhone or Android. If you regularly use the same computer you can tick for STORM to remember you so you do not have to enter the code each time.

Improved Security with Pwned Passwords

Published on April 12th, 2018

Back in February Pwned Passwords launched an API service for their database of compromised passwords. At Nimbus Hosting, as security is so important, we decided to integrate this into STORM. Each time a password is set, ie when someone new registers to use STORM or changes their password in their profile we automatically check it against the Pwned Password database. Before checking the password with Pwned Password API it’s hashed so your password is never revealed to anyone. On top of this when we save your password into our database we encrypt it so it’s never saved in plain text.

Pwned Password database has a list of over 500 million compromised passwords that have been gathered from a number of worldwide high profile compromises. On their web site they have a number of additional features. You can find out which website leaked your password, search their database for your email address to see if you’ve been caught up in any other data or sign up to their notification service.

Integrating this feature into STORM has pushed our security onto the next level to keep your web site and server secure.

Google Page Speed

Published on January 29th, 2018

We all know how important Page Speed is for a web site so we’ve integrated the Google Page Speed Insights tool into STORM. For those who don’t know Google has a tool that gives you a score on your page load times and recommendations on how to improve it. This is very useful tool in improving the experience of your users and improving your search engine position.

To access the report for your site just click the Site Speed link in left hand navigation on the web site dashboard.

Over the coming months we’ll be developing this feature with more functionality to make your customer’s web sites faster.

ionCube and Even Faster PHP (7.2)

Published on January 17th, 2018

 ioncube Loaders
This week we’ve launched two new enhancements to STORM. The first is ionCube Loaders are now installed across all STORM servers. ionCube Loaders is a PHP extension that decodes Secured PHP files built by third party developers.

The second is adding in PHP 7.2. PHP 7.2.1 was launched on the 4th of January 2018 and offers a 15% page load time improvement over PHP 7.1. PHP 7.2.1 is available on all STORM servers and will be automatically updated with future updates.

Keeping your Server Secure

Published on January 4th, 2018

A couple of STORM users have contacted us recently about making sure their servers are as secure as possible. Although STORM is secure by design there are a three additional methods for improving your security.

Independent User Access

Make sure you don’t share your STORM login with anyone else. Instead you can invite users to your server with just an email address. Unless they’ve been upgraded by one of the Nimbus team a user cannot invite anyone else to STORM.

Should a user leave, rather than resetting all your passwords, you can remove their access by clicking the X against their email address. All their actions will remain in the log for future viewing but access is completely removed.

Keep an eye on the list of users who have access and remove users who are no longer relevant.

Inviting Users to STORM

Two Factor Authentication

For additional login security you can use two-factor authentication under each user profile. STORM supports any TOTP based app like Google Authenticator, Authy or even 1Password.

Once enabled on each login you’ll be asked for a one-time password alongside your usual password.

Two Factor

PCI Compliance

By enabling the PCI Compliance setting in STORM it makes a number of changes to improve security. Firstly it disables the old and rather insecure TLS 1.0 encryption method for https. Secondly it only allows access to FTP from the IP addresses under the Security Tab.

Enabling PCI Compliance

If you need any help with these options please contact the Nimbus Hosting Support Team.

Browser Cache Expiration Time

Published on December 27th, 2017

As STORM is all about performance and faster loading web sites we’ve had some feedback from some users about setting expiration times on static files. This is actually pretty important to improve your Google Page Speed Score and improve page load times. By setting a Browser Cache Expiration Time it sets the amount of time a static file, like images Javascript and CSS, on your visitor’s computer before requesting a fresh copy. If a visitor is browsing through multiple pages with the same files it can make a significant saving.

We’ve therefore made it really easy to set the Browser Cache Expiration time with just a drop down menu. This feature is available under Configuration of each web site. At the moment this feature is only available if you have NGINX set to serve your static files. However we are looking to expand this functionality shortly to include Apache too. The default cache time is 1 month although can be changed from Never to 12 Months.

Internationalised Domain Names in STORM

Published on November 13th, 2017

Internationalised Domain Names (IDNs) have been available since 2003 although more commonly used in the wider EMEA hosting market rather in the UK. However following feedback from a customer we’ve implemented Internationalised Domain Names (IDN for short) support inside STORM. This means you can use domains that use characters including é or ß. A full list of supported characters is available here.

From a technical perspective any IDN domain names are converted into Punycode before being stored in the database and configuration files. The Punycode makes the code easy to read and less likely to cause script errors.

  1. Pages:
  2. 1
  3. 2

Newsletter Signup

Signup to the STORM News for regular updates