Have you ever thought that your VPS was acting strangely? I've experienced the same thing with VPS servers over the years. Many clients have asked, "Can a VPS provider detect if my server has been compromised without accessing my files?" The simple answer is yes.
Providers will usually look for:
Because providers can't read files, they have no visibility into the contents of those files. This is their limitation.
This is why the job of security is a partnership. Providers monitor servers from the outside, and you monitor them from the inside. Sounds reasonable?
How Do VPS Providers Identify Issues Without Accessing Your Files?
VPS providers do not access or view your files, emails or databases. Rather, they monitor your server's behavior for unusual patterns. Often times, server activity that deviates from the usual behavior may indicate there is a problem. For instance, if your server has a sudden increase in CPU usage during off-peak hours, that would be suspicious.Providers will usually look for:
- Higher than usual CPU or Memory Usage
- An spike in traffic, very quickly
- Multiple incorrect login attempts
- Reports of Spam or Abuse
Providers Deploy Several Solutions
- Tools that look for abnormal activity
- Traffic and usage limits
- Utilizing past data to compare normal and abnormal activity
What VPS Providers Cannot Detect
Quiet problems are difficult to recognize. VPS Providers can't detect every attack. If some type of harmful software is able to run in the background and still appear normal, then it can be very difficult to detect.Because providers can't read files, they have no visibility into the contents of those files. This is their limitation.
This is why the job of security is a partnership. Providers monitor servers from the outside, and you monitor them from the inside. Sounds reasonable?