Website security


2

Last Saturday my site received an unusually high volume of brute force attacks. Yep, those darn teens from Western Europe or smart scripts from academic towns in Siberia, trying tirelessly to break into my site authentication.

Now, I'm thrilled with this development. That means I'm finally getting out of obscurity. Yey!

I spend an entire day restarting my server and applying solutions that would deflect those attacks. It seems to be under control. I am not going to disclose here my defense strategy but I would like to probe and see what others have done to defend their properties.

Recommendations Website Security

asked Oct 13 '10 at 00:32
Blank
Usabilitest
1,698 points
Top digital marketing agency for SEO, content marketing, and PR: Demand Roll

3 Answers


2

The single most important thing you should do is make sure the OS, all servers and all web applications are always up to date.

Everything else is specific to the attack (I've recently added a completely trivial to bypass "security" check on one of my comments forms, it's stupid but it stops the specific spam bot that is hitting that page)

answered Oct 13 '10 at 00:51
Blank
Nir
1,569 points

2

Here are four simple things you can do:

  1. Keep everything updated, as Nir mentioned.
  2. Use strong passwords.
  3. Disable all services not in use. For example, if you don't need FTP, disable it. Every service you have running is another attack point.
  4. Run your services with as little priviledges as needed.

Also, keep regular backups just incase you need to reload your data on a fresh server.

answered Oct 13 '10 at 11:45
Blank
Zuly Gonzalez
9,194 points
  • Good advice. IP-based blocking at your load-balancer should be your first step solution for anything that isn't a distributed attack. – Winfield 14 years ago
  • I don't use load-balancers, yet. – Usabilitest 14 years ago

1

I've read an article about an open source security package for web servers on http://www.untwistedvortex.com/ You'll have to look for the article yourself, was about a month ago.

Haven't tried it myself yet, but I will after the next attack on my site :-)

answered Oct 19 '10 at 16:21
Blank
User2387
111 points
  • Yep, isn't it funny how we all get security conscience right after security attacks. ;) – Usabilitest 14 years ago

Your Answer

  • Bold
  • Italic
  • • Bullets
  • 1. Numbers
  • Quote
Not the answer you're looking for? Ask your own question or browse other questions in these topics:

Recommendations Website Security