Servers Are Being Probed and Under Attack 24/7
Hackers use programs (i.e. ‘bots’) to probe and attack servers around the clock. Even a brand new server will often be probed and attacked within minutes of coming online. Bots are often installed on servers that are not adequately secured, and are typically controlled remotely.
Imagine that you are home in the middle of the night and someone is trying to open all your doors and windows. That is what bots are doing 24/7. One approach to server security is to recognize activity that is not legitimate and then block the offending IP addresses from your server with a firewall, while allowing desirable bots (e.g. Google, Bing, and Yahoo) access to your server.
Linux offers software firewalls (e.g. iptables), and many Internet Service Providers offer hardware firewalls. One of the advantages of a dedicated server is that you can control access to the entire server and block IP addresses that are attempting malicious operations. Malicious activity includes:
- Login attempts to server functions (e.g. SSH, FTP, and control panels)
- Login attempts to web applications (e.g. WordPress, Drupal, and Joomla)
- Login attempts to databases (e.g. MySQL and PostgreSQL)
- Login attempts to mail functions such as SMTP, IMAP, and POP
- SQL injection (e.g. attempts to trick a database with terms such as ‘SELECT’ and ‘JOIN’)
- Modification and loading of web server files
- Denial of Service attacks (i.e. high volume of server activity designed to make a server fail)
- Probing for install programs (e.g. ‘setup.php’), which often results in ‘404 – file not found’ errors
Automated Detection of Malicious Activity
The server access rate for any particular IP address can be limited to a few accesses per second by a firewall, and the server logs can be constantly evaluated by automatic cron jobs for threats. This method minimizes performance degradation and limits the number of malicious attempts by a specific IP address. When an IP address has met a defined threshold of malicious activity within a set time period, the IP address can be automatically blocked permanently or for some other length of time (e.g. weeks or months).
All suspicious activity is logged into a database and is available for statistical analysis. Many servers have dynamic blacklists that range from 15,000 to 20,000 specific IP addresses, and in some cases, even entire countries are blocked if the malicious access rate is high (e.g. > 90%).
This Site is Secured by SSL and May Only Be Accessed by HTTPS
This site is secured by SSL and automatically re-submits HTTP requests to HTTPS. This prevents usernames, passwords, financial data, and other private information from being intercepted by Internet ‘sniffers’, which are often employed by hackers (see http://arstechnica.com/uncategorized/2008/05/hackers-used-packet-sniffers-to-filch-credit-card-data/).
Linux Server Security Consulting
Software technology, both good and bad, is changing rapidly and threats need to be continuously evaluated. OTTStreamingVideo.net can install our proprietary security software on your Linux server and provide ongoing evaluation of security threats. Please contact us for more information.