Bountysite was started in March 2015. Our goal is to ensure that websites dont get blacklisted. It was built to be the defacto SECaaS(Security as a Service) platform for Website Hosting environment. The idea was to build a backup system for websites and run offline security scans on the backup data.
We chose Bounty Security model, where a site owner pays us 1$, for every threat/malware detection(maximum 5$ cap per year), that can lead to blacklisting of the site. A threat is a vulnerability in the site, with CVSS score of 4.0 or more. We believe that noone can offer 100% guarantee of security. So, we thought, why charge site owner a fixed monthly recurring and create a false illusion of security.
We believe that Security is a practice, not a product.
In our journey to accomplish this goal, we began building a scalable platform to securely backup websites. We made a modular platform splitting customer frontend and storage. The storage, stores the site owner backup credentials and site data, in industry standard AES 256bit encryption. The frontend communicates to storage over SSL REST API. The storage can be configured to keep backup copy in different Geo locations, for data reliability. This allows storage to adhere to different compliance standards, without having to overhaul architectural changes. This also allows high level of customization on storage, allowing Hosting Providers to design their storage and offer along with the Hosting services, making Bountysite a good value proposition, and a means to increase revenue with existing customer base. Optionally site owners can keep a copy of compressed password protected backup to any S3 compliant storage or BackBlaze.
The storage was designed to be fast and at the same time have no impact on Hosting server. We wanted storage, to backup all sites in a hosting server. So we added a concurrency limit, which is applicable across all storage, to ensure that maximum backup requests to Hosting server does not cross the limit set. The limits are configurable by Hosting Provider/Reseller for every UTC hour for every FTP server IP. The default limit is 5, if unspecified.
We also allow Hosting providers to use their existing billing system, and provision Bountysite services through Provisioning REST API. We also have a plugin to integrate with WHMCS billing system.
We provide free CPanel plugin for site owners to track site changes, and optionally enable Continuous File Monitoring. Continuous File Monitoring allows site changes to be backed up quickly. The plugin uses inotify to detect file changes, and piggybacks file changes to Backup REST API, to schedule a backup. The plugin code is open and allows custom modifications.
We offer free Wordpress plugin to keep track of changes in wordpress site. The plugin is lightweight, and communicates to Backup REST API.
We also provide Disaster Recovery service for websites, in case of unexpected downtimes. The service is for linux hosting only, and it restores site using backup data. By simply changing DNS, the site can be brought online.
We are currently offering free Bounty and free security patches, for all Bountysite customers.
Danny has over 14 years experience in IT industry, particularly in Hosting. He has been instrumental in providing Open Source alternatives for fast growing organizations. He is a certified professional Ethical Hacker with the following certifications:-
He has experience in handling large scale cluster deployments with high availability, using Open Source. He has built offices from ground zero. He is passionate about designing and architecting systems.