Secure Control Panel

ServerPilot is designed to keep your servers secure and your data safe.

Our team has a heavy security background. Security research published by our team members includes identifying vulnerabilities in Linux package managers, designing secure software update systems, and securing browsers against CSRF exploits.

If you have security questions or would like to report a security issue, please contact us at security@serverpilot.io

Software Updates

All servers managed by ServerPilot are configured to be automatically updated with security updates from the Ubuntu security repositories as well as the ServerPilot repositories. These updates are signed with the Ubuntu and ServerPilot GPG keys, respectively.

When the ServerPilot agent downloads software from our servers that is packaged in formats other than deb archives, the code is signed with our GPG key and the agent checks these signatures before running the code.

Communications

All communication with ServerPilot performed by your browser and the ServerPilot agent is done over HTTPS/TLS.

The ServerPilot apt repositories are also served over HTTPS.

Many developers mistakenly assume that programmatic communication over HTTPS is always secure. These developers don't realize that their communication libraries default to not checking certificate trust chains, hostnames, or validity dates. We take care to perform these checks. In the very few cases that the programming language makes performing these checks unreliable, we avoid transmitting sensitive information (even over HTTPS) because we know the communication channel can't be completely trusted.

Firewalls

ServerPilot configures an IP tables-based firewall on all servers it manages. This firewall allows TCP ports 22 (ssh), 80 (HTTP), and 443 (HTTPS) as well as UDP port 68 (DHCP).

On our own servers, we further restrict SSH and other ports except to our own developers.

SSH

Our developers use SSH to access our own servers and use public key authentication when accessing them.

On your servers managed by ServerPilot, we open the firewall to allow port 22 (SSH) so that you can use SSH and SFTP to access your servers. We do not enable insecure FTP on your servers.

Mail

ServerPilot configures a postfix mail server on servers it manages. This mail server is used only for your web applications to send outbound mail. It is not configured to accept mail from outside of the server and the firewall is not opened to allow outside communication with the mail server.

Passwords

We do not store passwords in plain text.

Your ServerPilot account password is hashed using the industry standard PBKDF2.

When you set system user passwords or mysql passwords using ServerPilot, we hash those passwords in the appropriate format and transmit them in hashed format to your server (over HTTPS, of course).

Credit Cards

We hand off credit card processing to Stripe. They power online transactions for thousands of business and SaaS platforms and comply with PCI standards in the storage and handling of credit card information.