Archive

How to prevent your website against hackers?

We do not many cases but there is always a website was hacked and asked the same questions, how was my website hacked? And how to protect them?

malwareThere are a few reasons for your website was hacked. Occasionally, we can only share the possibilities until further investigation like checking the log files.

It is difficult to eliminate totally but we suggest you protect them. This will make hacking difficult or not possible.

Hackers are looking for backdoors to penetrate your website, only if you can shut it,  Here are some inexpensive ways to protect your website.

  • updated script and plugins – if you are using WordPress, Joomla or similar, always have up-to-date CMS, plugins and the PHP.
  • Limited your SQL connection or to local connection only.
  • Restrict your administration login page.
  • Use malware scanner to scan your website daily during off-peak.
  • Use WAF like Sucuri Firewall, you update less often which is useful to some.
  • Computers access to the website backend and control panel must install and scan by a good anti-virus/malware and up-to-date definition.
  • Use Strong Password for all users.
  • A penetration test. You can find a free solution online.
  • Use mod_security cPHulk brute-Force or Fail2ban – these can be found in popular cPanel or Plesk Onyx.
  • Use Firewall like CSF or APF. However, I don’t really recommend a software firewall. They can paralyse the website if you are under attacks while it takes resources from your server.

Lastly, you always have a backup copy can restore an up-to-date website.

Sucuri Firewall Pro is better?

Sucuri Firewall Pro is better? Yes, in a way. It depends on the users, and on how he or she is managing the website. However, I personally feel Sucuri is better and can be better.

In the market, Sucuri is not the only one markets website protection. There is big name like Cloudflare, Stachpath and others. But my discussion is on Sucuri today, and the Pro plan. They don’t have a free plan like Cloudflare. For their plans: You can find it here

I set up and use most, Actually, they do the job. However, I like Sucuri. The set up gives me a feeling that it is more secure for those choose to use their own DNS. The website webroot point to Sucuri proxy, not to your source. In this way, it is difficult to find your source IP and attack it.

sucuri firewallEven your source IP is exposed, you can protect your web server only allowing sucuri proxies to access it. It is strongly recommended that you do that. When you are using a firewall proxy, your log will show the proxy IP instead. Sucuri has a tutorial on this, how The X-forward can be found here for the most web server.

Sucuri Package from us comes with monitoring too. You can check your website is status and infected by malware or not as little as 6 hours interval.

Most website proxies include CDN. With the feature, it speeds up your website. A bigger brand has more POP than Sucuri. However, never get the impression that the site responds faster. For example, my website vastspace.net scores 86 in Pingdom speed test with Sucuri and 72 only with the other firewall. Test location for both set up was the same. To confirm, I used GTmetrix, Yslow is 81 and 89 with Sucuri.

I feel too the website has loaded faster even the load time at GTmetrix has proven.  I’m not sure you have to pay more to improve loading speed (image loading speed for example) if this is the case, Sucuri is cheaper.

Sucuri is easy to understand and straight forward to most as compared to many web firewall. I found what I need, I have tried some web protection GUI. I’m either overwhelmed by the clickable icons or they have limited features. Actually, the worst feelings are having to pay for a particular feature. In my opinion, do not put them there but sell them as the addons.

Like I have mentioned, this is my opinion. Sucuri is value for money. It costs lesser than most, you will get website protection and speed. It is worth considering.

 

 

 

Modsecurity in cPanel

Another great feature in WHM/ cPanel easily neglected is the modsecurity. It is useful you have not got any web protection like Sucuri Firewall Pro. Users did not enable this feature to protect their open sourced website like WordPress, Joomla etc. This module is enabled by default but there is no rule to process. So it is as good as it is disabled.

Go to modsecurity to install vendors, I use OWSAP commonly. And remember to enable to process the rules in configuration. The rules will stop common attacks and viabilities of your website. This is important feature to those do not have ant web protection.

CSF and WHM/ cPanel

This is commonly found in a WHM / cPanel VPS or dedicated server. Actually, CSF is effective and it is free. A lot of server admin will install them as soon as they have received it. But seriously speaking, how many users know how to tweak and optimise the performance. Honestly, very few and I always see people left them in auto-pilot mode and full stop. So what is CSF? Yes, it is a firewall and it is software based. It is installed onto the server.

There is nothing wrong to install a piece of free and useful software. Wait for a second, did I just say it was useful? In certain extent, it is a Yes. But I have seen many cases, CSF is added burden to the user.

I have seen many as I have said, they simply install and turned on the firewall. If you are doing this, you might accidentally block good users or in the worst situation, you are blocked. When such a thing has happened, may have treated the service is not available and it can be frustrating especially it has happened often. There is the case, like packet loss when you are pinging the server IP or domain name. This is because of CSF. Simply turn it off and everything is back to normal.

Don’t get me wrong, CSF is useful but you need to know how to use it. Without, it can be a hassle for you. So I never buy an idea like installing a software firewall on the server. Actually, if the attacks come, the firewall will eat up the resources on the server and eventually the server performance is affected. But a web firewall like Sucuri Firewall Pro does not install onto the server, it has offloaded the server and because of many distributed points, it helps to speed up a website if you are staying further from the source of the website.

What are the differences on Sucuri, Patchman & Imunify360?

Today, we share to look at the difference of these web protection you can find in the market. They are popular and if you are comparing to some enterprise solutions, they are affordable especially good for SME.

Web protection is necessary for today cybersecurity for websites are built using outsourced frameworks. But what is good for me? There is nothing that does 100% protection. Ultimately, you might have to use a few tools to help you achieve a more complete solution.

The idea of this article is to help you understand their characteristics. A better understanding of how you can protect your websites. Let’s get started. There are pros and cons of each type of this kind of services and some can do more, but you have to pay more. Sucuri Firewall pro you do not need to install any software apart that update your DNS zone records for the website. Unless you want to scan your website files in the least 6 hours internet. You just need to upload a PHP file. Sucuri will handshake with your website in TLS protocol, to scan files for that particular website. Sucuri Firewall Pro subscription is per website basis regardless it is a sub-domain website.

server scabimunify360Patchman and Imunify360 install software onto the server, an agent for Patchman in fact. These 2 services are limited to Linux OS. You cannot install them onto a Windows OS. Patchman focuses on the websites use an opensource application like WordPress, Joomla etc on the server, Imunity360 focus more on a web server security. Patchman is very detailed on the vulnerability detected and the remedial action can be taken but I’m not sure it is limited to the known application only, it doesn’t give additional info on pure HTML website. However, it still does a Full server scan. Patchman has 3 versions. The 1st 2 are categorised as a commerce 0r non-commerce website and the most expensive is for all the opensource application. For detail, please visit their website https://www.patchman.co/.

I think these solutions are depending on what you will need. If you have a lot of opensource application built websites, Patchman will be best and you get most out of it. However, if you don’t, and you have plenty of resource Imunify260 might work for you. I personally like Sucuri, but it will be expensive if you have many websites to protect. The reasons that I’m liking Sucuri are because it offloads your server. Any attacks are not on the server but on the proxies. This has greatly improved the server’s performance. Moreover, any successful malicious files uploaded the mitigation is done at the proxy on the actual server.

You can use Sucuri with any web server on any operating system, and not limited to Linux only. Basically, if you have the budget the combination of either Imunify360 or Patchman with Sucuri Firewall Pro will further strengthen your web protection.

What does SSL certificate mean to you?

I’m not sure but I have spoken to many, they have a faint idea on what is HTTP and HTTPS. What is SSL certificate and why some buy an SSL certificate? Here’s your chance. You should have a better understanding of an SSL certificate after reading.

The major difference between HTTP and HTTPS is secure for the later. When you are visiting HTTPS website your communication to the server is encrypted by an SSL certificate has installed on the web server. Without a proper CA signed an SSL certificate your browser will alert you as an error, will stop you to proceed unless you add the website to your exception list.

OK. Some not so technical literate customers will claim this as an error from the server. This is because you do not have an SSL certificate installed, thus the error from the browser, not the server. Why you did not install an SSL certificate? An industry practice, web hosting providers will not install and never install an SSL certificate. I will tell you why if you read on. However, some control panel like cPanel provide an SSL certificate on the server hostname and having said that the hostname must be qualified resolvable hostname in order to work.

Nowadays,  an SSL certificate can be paid or free. Most well-known control panels like Plesk and cPanel come with free SSL certificate. These certificates only valid for 3 months and renewed, provide the domain still resolved to the server IP same for new issuing. Here we will explain to you why as it is a form of validation. Yes, before the CA issue you with an SSL certificate, verification is required to check you really own the domain and business.

There are 3 types of validation depends on the type of SSL certificate. DV, OV and EV. Actually, it is more complicated if you are paying more for the certificate. Thos green bar you are with a LOCK, these are extended validated, more steps on verification before an SSL certificate is issued. DV is the cheapest and only require domain verification. DV only requires the applicant to create designated email account to approve the application or you can update the DNS zone records for verification. OV stands for organization validation, you verify the existence of the organization like DUNS, telephone numbers on the Yellow page. The EV extended validation normally requires you to fill up forms telephone verification and further verification is required to check on identity. Because of the validation, hosting provides do not pre-install the SSL certificates.

SSL certificate serves more than secure communication. Basically, it labels your organization. Especially, if you are doing business online, you want your online visitors and customers to trust you, SSL certificate will serve the purpose.  I will refrain myself t key in personal details if there is no proper  CA-signed certificate website. Information can be hijacked during the transmission, and you never notice.

However, there is a common perception that your website will not be hacked if you use HTTPS with a valid SSL certificate, It is incorrect. Your website is still hackable if you have loopholes or vulnerabilities. Some SEO experts claimed that there is an impact if the website is HTTP. Google lists HTTP as an insecure site on their search engine from July 2018. HTTPS will list faster. HTTPS websites will load faster in Chrome browser. I cannot really tell but SSL certificate is free now at Let’s Encrypt so what is the harm.

 

Protect your WordPress, Joomla, Drupal, Magento… admin Logins

I have seen many websites are built using open source CMS like WordPress, Joomla etc. The most common mistake they have made was leaving their admin unrestricted. The worst is default username and simple password is used. Until the website was uploaded with unwanted software to send spam, unknown redirection, undesired content etc. I have updated my website and plugins regularly, why my website is hacked?

This is a common mistake made by a lot of users. Yes, the path to the admin login URL. Please remember you are using an opensource CMS, anyone can download and install. Basically, the login URL is made known to everyone as well as the default username, and sometimes even the password. Since the admin login URL is the same, I just need an application to guess the username and password. Leaving the username as default like admin or administrator will make the guess easier.

This type of attack is very common, and we called it ‘brute-force’ attacks. If you are one of them mentioned above. It is about time to consider to restrict your admin login. Apert of the admin login, the open source plugins and components may be turned vulnerable too. This open source plugins and components require updates from the authors to reduce the risks of being hacked. There is numerous way to restrict login but to protect your website at the same time, it would be Sucuri Firewall Pro.

Sucuri Firewall Pro protects your login page with several methods. You can allow access to certain IP, a captcha allows only human key in the username and password, another layer of password or a two-factor authentication. Not in time to update? Sucuri Firewall Pro virtually patch your website to keep the attacks away.

Not only these, but it also scans your website in 6 hours interval, makes sure your website does not contain suspicious files and malware. Not forgetting the CDN that speed up your website, keep your website closer to the audiences. Use Sucuri Firewall Pro today.

Is your mail server IP address blacklisted?

questionThe common tool used by many to check their mail server IP address is blacklisted from MXTOOL. Often, we are hearing from someone his or her mail server is blacklisted. But by who? And how? What will happen if my mail server is blacklisted? How can I resolve? This article will provide you with the information to have a better understanding of the matter.

Firstly, we must understand DNSBL. What is DNSBL? It is referred to as Domain Name System Blacklists, also called DNSBL’s or DNS Blacklists, they are spam blocking lists that allow a mail server administrator to block messages from particular mail servers which have a brief history of sending spam. The lists derive from the Internet’s Domain Name Program, which converts difficult, numerical Ip such as for example 123.123.123.123 into names of a domain like example.net, building the lists much simpler to read, use, and search. If the maintainer of a DNS Blacklist offers previously received spam of any sort from a specific domain name, that server will be “blacklisted” and all communications sent from it might be either flagged or rejected from all sites that make use of that specific list. DNS Blacklists have got a fairly long history in internet terms, with the initial one getting created in 1997. Known as the RBL, its purpose was to block spam email and also to educate Internet providers and various other websites about spam and its own related problems. Although contemporary DNS Blacklists are hardly ever used as educational equipment, their function as a contact blocker and filtration system still serves as their main purpose even today. In fact, the vast majority of today’s email servers support at least one DNSBL in order to reduce the quantity of junk mail customers using their support receive. The three fundamental components that define a DNS Blacklist – a domain name to web host it under, a server to host that domain, and a listing of addresses to create to the list – also haven’t changed from enough time when the RBL was initially created to today. Since then, a large number of different DNSBL’s have sprung up and so are available for use, plus they all have their own lists that are populated predicated on what does or doesn’t meet up with their own requirements and criteria for what a spammer is. Due to this, DNS Blacklists may differ greatly from one to the other. Some are stricter than others, some just list sites for an arranged period of time from the day the last little bit of spam was received by the maintainer versus others that are manually managed, and still, others not only block IP addresses but also whole ISP’s recognized to harbor spammers. This outcome in a few lists working much better than others because they’re maintained by providers with a greater degree of trustworthiness and credibility than competing lists may have. Users may also use these variations to select which DNS Blacklist is most effective for them based on what their particular security needs are. Much less lenient lists might enable more spam to complete but may not block non-spam text messages that have been misidentified on lists which have stricter recommendations for how are you affected or what’s left of it. To greatly help facilitate this, DNS Blacklists that are designed for use by the general public will generally have a particular, published policy detailing just what a listing means and must abide by the criteria organized in it to be able to not merely attain public confidence within their services but to maintain it as well.

Now, we have understood what is DNSBL. The commonly used list is from spamcop, spamhus, barracuda etc. They are maintaining an almost real-time updated list to most mail server administrators to block spam emails. This is a common and popular method. As soon as your mail server is blacklisted and listed. Emails are originated from the blacklisted mail servers are bounced until they are delisted.

What is a WAF?

Have you ever wondered what WAF means? (extracted from Sucuri Website)

WAF stands for Website Application Firewall. In order to make it simple to understand, imagine your website as a house and the people outside on the streets are the traffic that wants to come to your website.  Of course, you want to open your door to friends and family, but you also want to protect your house from the bad guys. That is exactly what the firewall does. The WAF is the locked house door. A WAF keeps the malicious traffic off your website. In other words, a WAF is a layer of protection that sits between your website and the traffic it receives.

Why do you need a WAF?

The same way that there are criminals on the streets, there are hackers online. Threats to websites emerge and evolve every day; keeping up with the hacking trends can be very stressful to any webmaster.

Network and local firewalls alone cannot stop hackers from breaking into your website anymore. Many of these solutions are not effective when it comes to stopping malicious online traffic.

Having an effective Web Application Firewall (WAF) provides companies and website owners peace of mind.

Expecting the hosts to take care of your website security can be misleading, as their main goal is to ensure the accessibility of your website. Some hosts, like GoDaddy, do offer website security. Nevertheless, you need to make sure to implement a security solution, like the Sucuri Platform to protect your website for you.

Another important aspect of having a Website Application Firewall on your website is the time it will save you in the long run. After setting up a WAF properly on your website, you would no longer be spending precious time thinking about ways to protect it. Then, if your website was, in fact, hacked, how many hours would you waste trying to find the issue and fix it? I am not even mentioning the amount of money potentially lost from having an unprotected website.

How does a WAF work?

The WAF works as a vaccine for a website. It is a preventive measure taken so your website does not get infected or goes offline. Nobody really likes to be vaccinated, but the cost of getting sick is always a thousand times higher. Having a WAF activated means having a proactive posture on your website security.

You already know that having a website firewall solution is vital to protecting any website. Next, let’s dive deeper into the characteristics of WAFs.

WAF Features

Application firewalls go beyond the metadata of the packets transferred at the network level. They focus on the data in transfer. Application firewalls were created to understand the type of data allowed for each protocol, like SMTP and HTTP. There are specific application firewalls for websites and they are called Website Application Firewalls (WAF).

Application Firewalls

In general, all WAF solutions function the same way. They are basically a wall between your website application and the visitor browsing your website. A WAFs main goal is to impede malicious requests from damaging your website.

The difference among the many website firewall solutions in the market is mainly how they are deployed and their database. The Sucuri WAF is the most advanced in terms of virtual patching. We take research very seriously. Our firewall analysts work hard day and night so we can provide you the most complete and robust solution in the market. Our WAF filters block up to 100% of the attacks your website can suffer from.

Now that you know what a WAF is, let’s talk about the Sucuri WAF.

Sucuri Firewall

Sucuri is a website security company that was born to offer website owners a comprehensive security solution. The Sucuri Firewall is a cloud-based software as a service (SaaS) Website Application Firewall (WAF) and Intrusion Prevention System (IPS) developed exclusively for websites.

What is great about the Sucuri Firewall is that it functions as a reverse proxy. The Sucuri WAF intercepts and inspects all incoming Hypertext Transfer Protocol/Secure (HTTP/HTTPS) requests to a website. Then the WAF strips the malicious requests at the Sucuri network edge before it arrives at your server.

 

Another feature that the Sucuri Firewall offers is that its WAF includes Virtual Patching and Virtual Hardening engines. The Sucuri Firewall mitigates threats as they happen.

The Sucuri WAF keeps the threats far from your website without impacting your website negatively. Quite the opposite, the Sucuri website firewall makes a website up to 70% faster, as it is built on a Content Distribution Network (CDN).

How the Sucuri Firewall Works

Performance optimization is part of the Sucuri WAF features. The CDN caches dynamic and static content across all nodes in the network to ensure optimal performance around the world. The Sucuri WAF configuration makes adequate preparation for global reach, load balancing, failover, and comprehensive performance improvement.

Website up to 70% faster with Sucuri Firewall

The Sucuri WAF runs on a proprietary Globally Distributed Anycast Network (GDAN). Anycast allows a network to broadcast an IP to multiple locations from a single node, permitting the nearest node to respond to a request. Imagine your website has a global audience: the website is hosted on a server in Houston, but your main visitors are in Asia and Western Europe. If you have the Sucuri Firewall activated on your website, the content would be broadcasted from a Tokyo and London Point of Presence (PoP) via our Anycast network. The result would be an improved user experience as visitors in Asia would get a response from the Tokyo PoP, and the ones in Europe from the London PoP. To sum it up, since Sucuri WAF runs on a Global AnyCast Network, the nearest node responds to the requests, bringing improved availability, resiliency, and failover capability to any website.

Anycast Network

This unique configuration allows for high availability and redundancy if anything fails in the network. Moreover, the Sucuri Firewall offers full Domain Name Server (DNS) services.

Another great advantage of using the Sucuri WAF solution is that it can help you increase your SEO rankings. The inclusion of an SSL certificate and improved speed from the Anycast CDN can improve SEO. You might see SEO improvement after the Sucuri WAF is activated because having HTTPS enabled and using a CDN are confirmed ranking signals from Google.

To sum it up, the Sucuri WAF:

  • Mitigates Distributed Denial of Service (DDoS) Attacks
  • Prevents Vulnerability Exploit Attempts, such as SQL injections, cross-site scripting (XSS), remote file inclusion (RFI) and local file inclusion (LFI)
  • Protects Against the OWASP Top 10 (and more)
  • Protects Against Zero-Day Exploits
  • Protects Against Access Control Attacks, such as Brute Force attempts
  • Offers Performance Optimization with its CDN

How can I add the Sucuri WAF to my Website?

In order to add the Sucuri Firewall to your website, all you need to do is add a DNS A record or switch to Sucuri nameservers. The time to go live is dictated by the DNS Time to Live (TTL). In most cases, it takes from 30 to 60 minutes. If you have any issues with the setup, or if you are not technical and need assistance, our support team can guide you through it.

Conclusion

As you have seen, using the Sucuri Website Application Firewall can be very valuable for your website and business. Not only do we offer protection, but also a performance boost and better SEO, which are like gold for any website owner. If you are wondering why you have not added our Firewall to your website yet — don’t worry. Chat with us and we will help you have your website protected today