[rws_note size="17" background="#fae588" color="#333333" radius="6"]Disclosure: Some of the links in this website may be affiliate links, meaning, at no additional cost to you, Raven Web Services will earn commission if you click through and make a purchase.[/rws_note]
What exactly is a Denial Of Service (DoS) attack and what can you do if your website is under attack? Read on to learn more about what these online attacks are and perhaps more importantly, how to handle being attacked.
A Distributed Denial of Service (DDoS) is an attack on a network which is developed to bring it to a halt. This is done by sending useless traffic to a particular service/port on a server. The amount of traffic sent would overwhelm the service, so that genuine traffic would be dropped or overlooked.
DDoS attacks have evolved from the basic DoS attacks that were in the wild in 1997. These attacks stem from one source and can emerge from 100's of areas around the world. The most noticeable attacks were those in February 2000, where high traffic sites (eBay/Amazon/Yahoo/CNN/Buy.Com/Datek/ZDNet)
The following are different kinds of attacks.
Smurfing: The perpetrator sends out a large amount of ICMP echo traffic at IP Broadcast addresses, all of it having actually a spoofed source address of a victim. This increases the traffic by the variety of hosts.
Fraggle: This is the cousin of the smurf attack. This attack uses UDP echo packets in the very same was as the ICMP echo traffic.
Ping Flood: The offender attempts to disrupt service by sending ping request straight to the victim.
Syn Flood: Exploiting the defect in the TCP three-way handshake, the perpetrator will create connection requests targeted at the victim. These requests are made with packets of unreachable source addresses. The server/device is not able to complete the connection and as a result the server winds up using most of its network resources aiming to acknowledge each SYN.
Land: The perpetrator sends out a created package with the same source and destination IP address. The victims system will be confused and crash or reboot.
Teardrop: The perpetrator sends out 2 fragments that can not be reassembled properly by controling the balanced out worth of the package and trigger a reboot or stop of the victim's system.
Bonk: This attack usually affects Windows OS machines. The offender sends corrupted UDP Packets to DNS port 53. The system gets puzzled and crashes.
Boink: This resembles the Bonk attack; accept that it targets several ports instead of just 53.
Worming: The worm sends a big quantity of data to remote servers. It then confirms that a connection is active by trying to get in touch with a website outside the network. If effective, an attack is initiated. This would be in conjunction with a mass-mailing of some sort.
With the current TCP/IP implementation, there is little that companies can do to prevent their network from being DDoSed. Some companies can be proactive and ensure all their systems are patched and are only running services they need. Carrying out, Egress/Ingress filtering and make it possible for logging on all routers will disable some DDoS attacks.
If the packet's source IP address comes from inside the subnet that the router serves, then the package is forwarded. If the packet has an unlawful source address, then the package is merely dropped.
For those that prefer watching a video over good old fashioned reading, then check out the great video below that explains DDoS Attacks in a easy to digest visual format.
By now you will have come to learn that DDoS attacks are very difficult to stop and trace. Numerous dedicated server companies will merely disconnect the server that is being attacked until the attack has actually stopped but this however is not a real solution. Once an attack is spotted hosts must engage their upstream service providers right away. For those looking to halt an on-going DDoS attack or better yet, to proactively mitigate potential denial or service attacks themselves then we recommend using a third-party service such as CloudFlare or Sucuri. Both options provide world-class web security solutions similar to WebARX (which we spoke about last article) but with the added service of DDoS protection. Here at Raven Web Services we actively use Sucuri to mitigate DDoS attacks and have had great success using their security suite.
[rws_note size="17" background="#fae588" color="#333333" radius="6"]Disclosure: Some of the links in this website may be affiliate links, meaning, at no additional cost to you, Raven Web Services will earn commission if you click through and make a purchase.[/rws_note]
Almost anything we do here at Raven Web Services starts with security as our first thought and for good reason. In our last article we spoke about why you needed website security and now we continue past the introductions and get into the good stuff. This article will cover WebARX, a powerful set of website security tools that we use for the large majority of our clients because it has the most bang for the buck (in our opinion).
This article gives a step-by-step tutorial on how to secure a WordPress site with WebARX. If you care about your business you need protection from hackers and for this, you need to have a complete overview of your site, the first line of defence, and an intelligence system that will let you know when there’s a risk and how to eliminate it.
In under three minutes (and with no technical knowledge), you can connect the WebARX plugin to your WordPress site and have your site protected.
Here's a complete list of WebARX Features:
And below is the step-by-step tutorial about how to secure a WordPress site with WebARX .
The first step is to make an account in WebARX Portal. You can start the sign-up process by clicking here.
If you have an account in GitHub, LinkedIn or Google, you can easily sign-up via these options but you can also sign-up using your email.
If you have already made an account you can log in by clicking the option on the very bottom or you can click here.
The very first thing after signing up to WebARX Portal will be adding your first WordPress site. To secure your WordPress site you should click the blue button “+Add new website“.
You can add more than one site by adding one website URL per row. Make sure your websites are written correctly. When you have added your site(s) then click “Add new websites“.
After you have added your site it will take roughly 10 minutes before data starts showing up on the dashboard and on the individual site view page. In order to see data of a specific site, scroll down on the dashboard and click on your site in the sites overview table.
Now to the next step – downloading the plugin to your WordPress site.
For downloading and enabling *WebARX Firewall click on the white slider under ‘FIREWALL’. And you should see a page like that:
Now click the gray icon, to download your plugin. Make sure you check where do you download the .ZIP file so you could easily find it later when you add it on your WordPress site.
Here you’ll have two options:
The next step is to log in to your WordPress site. At the menu on the left click on Plugins, press Add New and then click on Upload Plugin.
Installing the plugin is really simple. Click on “Choose file” and select the .ZIP file you downloaded from the Portal earlier. Then click “Install Now”.
As the final step, you only need to click “Activate Plugin” which will connect your website with WebARX. It will configure everything automatically and enable a dashboard widget so you can see logs and statistics on your WordPress dashboard.
If you followed every step – your website is now connected and protected with a Web Application Firewall.
The Web Application Firewall is updated in real time and it will be updated against the latest threat signatures automatically. It will block malicious traffic, hacking attempts and even spam. It can sometimes be surprising how many attacks are actually made and how many different IP addresses try to find weaknesses on the website.
You can see from the single site view – Firewall logs, Activity logs, and Software. This is where you can see if someone has tried to attack your site or who has logged in. Software tab will show you what software is installed and if any of them are vulnerable or known to be exploited.
Our next article will cover our favourite website security heavyweight, which also happens to be our go-to solution for high-traffic websites that get a lot of bad attention. I am talking about DDoS protection and for there are only really only two names to mention when it comes to that, so check back next time to find out what company Raven Web Services uses for DDoS protection and why.
[rws_note size="17" background="#fae588" color="#333333" radius="6"]Disclosure: Some of the links in this website may be affiliate links, meaning, at no additional cost to you, Raven Web Services will earn commission if you click through and make a purchase.[/rws_note]
First and foremost, it’s imperative website owners concern themselves with the security of their website. Responsibility falls on the website owner to protect their projects and business. However, it has been identified that webmasters can be the weakest link in the website security chain. If someone has a website and does not consider security, this person often does not implement the security layers to protect their website from a compromise or security breach. Having a website security platform in place will significantly reduce both the risk of a website hack and the burden of responsibility the website owner has on their shoulders.
Website developers tend to share the responsibility of website security with the website owners. Many owners believe that the developers should not only create a website, but also maintain and secure it. We can extend this category to anybody who manages or works with a website at any moment – whether they are the initial website developer, a contributor, or someone who just performs occasional maintenance – they need to consider security, early and often.
If you offer any website services, you need to think about website security in terms of either protecting your own website and business, or having a viable solution to offer your customers.
Website service providers include:
Even though the main responsibility of website security protection falls on the website owner, the expectation of having a worry-free project falls on the web service provider. As a web service provider, you are the trusted party and first point of contact with the ability to impact your client’s online security posture the most. It’s incumbent upon you to ensure the advocacy of website security and not just the delivery of core services. As a web service provider, you are not in a position to ignore security because it has such a big effect on what you do and for the overall ecosystem you work on. Having a proactive approach to website security can give you peace of mind. Accounting for security at the beginning of a project benefits everything related to your websites.
When talking about the impacts of a website compromise, you would be wise to be especially concerned about your brand reputation. Regardless of your business, you have a brand. Whether you realize it or not, and regardless of the size of your audience, trust is an important piece of the puzzle. It can take years to build a brand and literally minutes to lose it. A hacked website is notorious for destroying trust, which ultimately jeopardizes your brand reputation.
Another vital implication of a website hack is economic impact. If business is lost due to a website compromise, there is always some sort of financial loss. Even a brochure site can drive business to a physical location, and if that website is not available for the customer, then the client is going to lose money.
The cost of a website compromise goes far beyond monetary. Some factors of a compromise can never truly be appreciated until they are experienced. These include the emotional toll of not knowing what just happened; the hours spent arguing with hosting providers, developers, and security professionals; the fear of missing something during remediation; the fear of being online at all, or of using technology as a whole. All this is exasperated by one simple thought: “Why didn’t I take precautions?”. As surreal as these may sound, they are all very real costs of a hack. The money can be the easiest part to account for. It is the non-monetary impact that catches everyone off guard. The message we want to convey is: Are you emotionally and mentally prepared for a hack? Is your business prepared to be taken offline, or worse?
In the context of websites, blacklisting refers to the process of search engines removing a website from their index. Webmasters pay close attention to this because when blacklisted, a site loses nearly 95% of its organic traffic, which can quickly impact sales and revenue. Most often, the website owner is not even aware that they have been hacked. However, it is in the search engine’s best interest not to show infected results, as they do not want to lose users if these results can harm their computers, or even steal their personal information. For the same reason, many antivirus programs also blacklist dangerous websites. Blacklisting is a big problem because it can take days for authorities to review and remove security warnings from a blacklisted site. This only emphasizes the importance of preventive measures, such as having a Website Application Firewall (WAF) active that protects a website.
If you do not have a solid security plan in place, the cost to you can be huge:
That is why we highly advise you to add website security as part of all your business plans, so that each website can be protected.
Stay tuned for our next scheduled post to learn more detailed information on how to get premium online security services for yourself.
