Welcome to Vastspace, provides Reliable Web Hosting since 2014

Welcome to Vastspace

Archive

Brute-force Protection

Whether you are using Exim, Postfix or others, I personally feel that the brute-force protection is necessary. I have seen unauthorized login attempts on email accounts especially the common ones.

I supposed your service provider has been telling you ‘please use the strong password’. However, Imseeing compromised account use a weak password. So, please remind yourselves always to use strong passwords.

A strong password can be 13 characters and above, a mixture of the symbols, capital letters, small letters and numbers. You don’t and never define such as strong password ‘[email protected]’ Yes. it has more than 13 characters., symbols, capital, small letters and numbers.

This type of password is very guessable, they are likely in the hacker’s dictionary. Never use this kind of password. Combination of name, birthday, handphone and NRIC number should be avoided too. A password is your first defence line, hence it is important to make sure they are not guessable.

Devices have set up with email services should install with a good anti-virus capable of detecting malicious activities like for example ports scanning which is common nowadays. This is also important to an individual, even you have a strong password, there is risk your password is stolen through a backdoor on a virus-infected devive.

If you do have the above both, the brute-force protection is useful but it is not 100% you are protected or you are safe. Hackers will attempt to login to your email account with their hacking program using a guessable password.

The ideal of brute-force protection is a rule to block further failed login after X attempts in X interval and block the source for an X period. This is effective to bar authorized access. Whoever came out the mechanism is a genius. This mechanism has protected many, not only email accesses.

Like SmarterMail has such feature out of the box, actually more like internal spammer etc. However, today topic is mainly on brute-force and yes, SmarterMail has built-in with such feature. The server admin can define the number of attempts and the block interval. SmarterMail will display the IP address and its location, should you blacklist them permanently.

I personally felt this is a great feature to protect our email users. This feature reduces the workload on email server admin too. A good email system must built-in with a good security feature and SmarterMail did it.

[/vc_column_text][/vc_column][/vc_row]

How to prevent your website against hackers?

How to prevent your website against hackers?

We do not many cases but there is always a website was hacked and asked the same questions, how was my website hacked? And how to protect them?

There are a few reasons for your website was hacked. Occasionally, we can only share the possibilities until further investigation like checking the log files.

It is difficult to eliminate totally but we suggest you protect them. This will make hacking difficult or not possible.

Hackers are looking for backdoors to penetrate your website, only if you can shut it,  Here are some inexpensive ways to protect your website.

  • updated script and plugins – if you are using WordPress, Joomla or similar, always have up-to-date CMS, plugins and the PHP.
  • Limited your SQL connection or to local connection only.
  • Restrict your administration login page.
  • Use malware scanner to scan your website daily during off-peak.
  • Use WAF like Sucuri Firewall, you update less often which is useful to some.
  • Computers access to the website backend and control panel must install and scan by a good anti-virus/malware and up-to-date definition.
  • Use Strong Password for all users.
  • A penetration test. You can find a free solution online.
  • Use mod_security cPHulk brute-Force or Fail2ban – these can be found in popular cPanel or Plesk Onyx.
  • Use Firewall like CSF or APF. However, I don’t really recommend a software firewall. They can paralyse the website if you are under attacks while it takes resources from your server.

Lastly, you always have a backup copy can restore an up-to-date website.