Website security question

Discussion in 'Security' started by David81, Mar 8, 2017.

  1. David81

    David81 New Member

    I am here to discuss website security. A lot of website owners and companies are facing lots of troubles due to hackers. A few days back I read something about this in a blog. They have described malware attacks, DDoS attacks and such activities that affect our system. Here is the link to the blog http://www.storagepipe.com/blog/DDoS-Bitcoin-Brute-Force-Malware/. I need to know more about DDoS attacks. This makes our website inactive with malicious traffic. Are there any techniques to prevent this? If you know some tips, please share it.
     
  2. phpAddict

    phpAddict Active Member

    With KH you're already protected. If you're getting your csf emails you likely see emails from time to time like
    "lfd on host.yourdomain.com: 171.161.160.10 (US/United States/spxyric1.bankofamerica.com) blocked with too many connections"
    That's CSF automatically blocking hackers trying to port scan or DDoS your server. However, that's on an individual IP basis, which is great for smaller attacks. KH is always monitoring their connections and when they see a peak in connections they're on the ball and almost immediately null route those connections. If you subscribe to their Network and Hardware status forum you'll see those attacks from time to time and KH jumping in to remedy those situations.
     
  3. KH-JonathanKW

    KH-JonathanKW Technical Support Staff Member

    We have a page on our website that displays what our DDoS Protection filters as well

    https://www.knownhost.com/ddos-protection.html
    Then, we have things that we don't cover, because they're considered Layer 7 attacks that happen at the application level.

    With those; it helps to utilize an external service like Sucuri or CloudFlare to handle those types of attacks; if it's WordPress -- then a security plugin like WordFence can add some additional mitigation.

    One example of Low level HTTP traffic flood attack would be the WordPress PingBack exploit;

    --
    https://sysadminblog.net/2016/05/blocking-wordpress-pingback-verification-ddos/
    --

    I've recently encountered this on a server I worked on, and it's definitely not a fun thing to see.

    However, as phpAddict stated; our servers come with CSF/LFD (Firewall) that is already configured more on the strict side to automatically block attempts against the server, it does a pretty good job for the most part.
     
  4. phpAddict

    phpAddict Active Member

    When used/monitored properly it does a AWESOME job! Using ModSecuirty you can protect all of your WP sites or any site you want to protect from brute force or flooding. Don't ignore those CSF logs. There may come a day where an email from your CSF could alert you to a potential catastrophe. For example, a client of mine had a WP site with a vulnerable plugin that a hacker used to inject a spam email script on their account. CSF alerted me of the excessive resource usage. I immediately knew it was something that shouldn't be there, blocked the hacker, recovered data from the morning before the attack, and no one ever knew it happened for 5 minutes, not even KH. :p
     
  5. buiminh11

    buiminh11 New Member

    I have the same question, i looking for a solution!
     
  6. Yagami

    Yagami Member

    I just recently migrated my DNS to Cloudflare Managed DNS (without using its CDN features) just to take advantage of faster DNS propagation and Anycast. Will the use of CloudFlare DNS alone help attacks as well even without utilizing Cloudflare CDN features?
     
  7. KH-Jonathan

    KH-Jonathan Director of Managed Services Staff Member

    Only DNS attacks which are pretty rare. The common Layer 7 attacks most people use CF to help mitigate won't be filtered if you don't have the cloud icon "on" on the given domain.
     
  8. onliveserver

    onliveserver New Member

    Hello team,

    there are lot of security tool available for server hardening, but it is recommended that basic tool install and setup on server.
    like CSF, proper ssh confgure, mod_security and lot of.
     

Share This Page