If you host with us, you have forgotten about security
WoneCloud does not use fail2ban, ModSecurity CRS, Snort signatures, or Cloudflare. We built our own security engine from the kernel up.
XDP Packet Filtering
eBPF/XDP programs run at the network driver level. Packets are inspected and dropped before the Linux network stack allocates a socket buffer. 10x faster than iptables. Zero overhead when idle.
Threat Intelligence Mesh
Six real-time feeds aggregated into a single blocklist: AbuseIPDB, AlienVault OTX, Project Honeypot, Emerging Threats, our own honeypots, and the global WoneCloud fleet. Updated every 60 seconds.
Behavioral Anomaly Detection
Not signature-based. Pattern-based. Request timing regularity, TLS fingerprint (JA3), header entropy, User-Agent rotation, and payload autoencoding all contribute to a behavioral score.
Proactive Honeypot Layer
Fake endpoints deployed on every site: /OLD/wp-login.php, /backup.zip, /.git/config, /phpmyadmin, /.env.local. Attacker touches honeypot → score +50 → all requests scrutinized → silently dropped at XDP.
RASP — Runtime Self-Protection
Inline security hooks injected into each runtime. PHP auto_prepend_file loads WoneGuard. Node.js --require woneguard.js. Python PYTHONPATH injection. SQL injection caught INSIDE query execution.
Per-Site Isolation
One Linux user per site. One cgroup per site (CPU/RAM/PID limits). One PHP-FPM pool per site. One MariaDB DB + user per site. One nginx vhost per site. Warden eBPF filtering per site.