Website security question

David81

New Member
I am here to discuss website security. A lot of website owners and companies are facing lots of troubles due to hackers. A few days back I read something about this in a blog. They have described malware attacks, DDoS attacks and such activities that affect our system. Here is the link to the blog http://www.storagepipe.com/blog/DDoS-Bitcoin-Brute-Force-Malware/. I need to know more about DDoS attacks. This makes our website inactive with malicious traffic. Are there any techniques to prevent this? If you know some tips, please share it.
 
With KH you're already protected. If you're getting your csf emails you likely see emails from time to time like
"lfd on host.yourdomain.com: 171.161.160.10 (US/United States/spxyric1.bankofamerica.com) blocked with too many connections"
That's CSF automatically blocking hackers trying to port scan or DDoS your server. However, that's on an individual IP basis, which is great for smaller attacks. KH is always monitoring their connections and when they see a peak in connections they're on the ball and almost immediately null route those connections. If you subscribe to their Network and Hardware status forum you'll see those attacks from time to time and KH jumping in to remedy those situations.
 
We have a page on our website that displays what our DDoS Protection filters as well

https://www.knownhost.com/ddos-protection.html
See below for examples and types of attacks covered.*

  1. UDP Floods
  2. NTP Amplification
  3. DNS Amplification
  4. Syn Flood
  5. Volume Based Attacks
  6. Fragmented Packet Attacks

Then, we have things that we don't cover, because they're considered Layer 7 attacks that happen at the application level.

Some examples of items not covered under our DDOS protection are below.*

  1. Brute force login attacks
  2. XMLRPC floods
  3. Low level HTTP traffic floods
  4. Email / Spam Floods

With those; it helps to utilize an external service like Sucuri or CloudFlare to handle those types of attacks; if it's WordPress -- then a security plugin like WordFence can add some additional mitigation.

One example of Low level HTTP traffic flood attack would be the WordPress PingBack exploit;

--
https://sysadminblog.net/2016/05/blocking-wordpress-pingback-verification-ddos/
--

I've recently encountered this on a server I worked on, and it's definitely not a fun thing to see.

However, as phpAddict stated; our servers come with CSF/LFD (Firewall) that is already configured more on the strict side to automatically block attempts against the server, it does a pretty good job for the most part.
 
it does a pretty good job for the most part

When used/monitored properly it does a AWESOME job! Using ModSecuirty you can protect all of your WP sites or any site you want to protect from brute force or flooding. Don't ignore those CSF logs. There may come a day where an email from your CSF could alert you to a potential catastrophe. For example, a client of mine had a WP site with a vulnerable plugin that a hacker used to inject a spam email script on their account. CSF alerted me of the excessive resource usage. I immediately knew it was something that shouldn't be there, blocked the hacker, recovered data from the morning before the attack, and no one ever knew it happened for 5 minutes, not even KH. :p
 
We have a page on our website that displays what our DDoS Protection filters as well

https://www.knownhost.com/ddos-protection.html

Then, we have things that we don't cover, because they're considered Layer 7 attacks that happen at the application level.

With those; it helps to utilize an external service like Sucuri or CloudFlare to handle those types of attacks; if it's WordPress -- then a security plugin like WordFence can add some additional mitigation.

I just recently migrated my DNS to Cloudflare Managed DNS (without using its CDN features) just to take advantage of faster DNS propagation and Anycast. Will the use of CloudFlare DNS alone help attacks as well even without utilizing Cloudflare CDN features?
 
I just recently migrated my DNS to Cloudflare Managed DNS (without using its CDN features) just to take advantage of faster DNS propagation and Anycast. Will the use of CloudFlare DNS alone help attacks as well even without utilizing Cloudflare CDN features?

Only DNS attacks which are pretty rare. The common Layer 7 attacks most people use CF to help mitigate won't be filtered if you don't have the cloud icon "on" on the given domain.
 
Hello team,

there are lot of security tool available for server hardening, but it is recommended that basic tool install and setup on server.
like CSF, proper ssh confgure, mod_security and lot of.
 
Top