Results 1 to 14 of 14
  1. #1
    Join Date
    Jul 2005
    Posts
    598

    Protect server from index page defacement

    Recently, a lot of my client's site has been defaced on the index page level. What do you guys do to reduce or prevent this?

    Does deploying a security appliance IPS/IDS helps?
    My Web Hosting and Gadgets Blog http://tekkiebao.blogspot.com/

  2. #2
    Join Date
    Dec 2006
    Location
    London
    Posts
    661
    Typical 'scriptkiddie' defacing often doesn't actually involve an intrusion of such. It's usually worth putting some on though.

    The simplest form of defense is to keep any software you're running up to date (e.g. Wordpress, with ALL plugins and themes, and hosting software), keep the kernel up to date, keep PHP up to date etc. Of course, passwords need to be nice and secure too.

    If you have lots of clients on your server, you might also want to review how you're actually doing the hosting, e.g. using SuEXEC or some kind of method whereby PHP scripts run as individual usernames rather than 'nobody'.
    GigaTux, Value Linux Hosting
    UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.

  3. #3
    Tomcatf14, I am sorry to hear that your clients have fallen victim to such attacks. With the given circumstances, have you looked into Web Application Protection?

    To help further, you stated many clients, are they all running the same or simliar software?

  4. #4
    Join Date
    Jul 2005
    Posts
    598
    Quote Originally Posted by gigatux View Post
    Typical 'scriptkiddie' defacing often doesn't actually involve an intrusion of such. It's usually worth putting some on though.

    The simplest form of defense is to keep any software you're running up to date (e.g. Wordpress, with ALL plugins and themes, and hosting software), keep the kernel up to date, keep PHP up to date etc. Of course, passwords need to be nice and secure too.

    If you have lots of clients on your server, you might also want to review how you're actually doing the hosting, e.g. using SuEXEC or some kind of method whereby PHP scripts run as individual usernames rather than 'nobody'.
    I have done everything that I could within my resources to protect the clients (mod_security, firewall, bruteforce, suexec, suphp) but I could not control it if the client does not want to patch their web application. It is actually costing me time and resources to restore the site for them if their page is being defaced.

    The most common attack is across the same web application type within the same server. Eg. All wordpress websites in the same server will be defaced at the same time.

    Do you think deploying a security appliance with IPS/IDS functionality will help? WAF is too a bit too expensive comparing with IPS/IDS
    My Web Hosting and Gadgets Blog http://tekkiebao.blogspot.com/

  5. #5
    Join Date
    Jul 2005
    Posts
    598
    Quote Originally Posted by HostDefend View Post
    Tomcatf14, I am sorry to hear that your clients have fallen victim to such attacks. With the given circumstances, have you looked into Web Application Protection?

    To help further, you stated many clients, are they all running the same or simliar software?
    Most of the affected clients run a generic web application, Wordpress is the most common.

    What idea do you have for WAP?
    My Web Hosting and Gadgets Blog http://tekkiebao.blogspot.com/

  6. #6
    Join Date
    Dec 2006
    Location
    London
    Posts
    661
    Quote Originally Posted by Tomcatf14 View Post
    I have done everything that I could within my resources to protect the clients (mod_security, firewall, bruteforce, suexec, suphp) but I could not control it if the client does not want to patch their web application. It is actually costing me time and resources to restore the site for them if their page is being defaced.
    You could always charge a nominal fee to the client to perform a restore. Not entirely ideal, but you can never always protect from your clients being hacked.
    GigaTux, Value Linux Hosting
    UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.

  7. #7
    Join Date
    Feb 2008
    Posts
    343
    Quote Originally Posted by gigatux View Post
    You could always charge a nominal fee to the client to perform a restore. Not entirely ideal, but you can never always protect from your clients being hacked.
    I just paid my webhost for that, they charged me $15.

  8. #8
    Join Date
    Dec 2006
    Location
    London
    Posts
    661
    Quote Originally Posted by malcarada View Post
    I just paid my webhost for that, they charged me $15.
    I personally don't think that's too unreasonable. Restoring a backup and checking that it works is a pretty manual process.

    With the OP's situation, if he has asked hostees to upgrade any software they have been running but they have not done so, and their account gets hacked, then I think it's especially reasonable to charge this nominal fee.
    GigaTux, Value Linux Hosting
    UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.

  9. #9
    Join Date
    Jul 2005
    Posts
    598
    Quote Originally Posted by gigatux View Post
    I personally don't think that's too unreasonable. Restoring a backup and checking that it works is a pretty manual process.

    With the OP's situation, if he has asked hostees to upgrade any software they have been running but they have not done so, and their account gets hacked, then I think it's especially reasonable to charge this nominal fee.
    Charging them would not be a problem but customer perception for this issue is always the problem on the hosting provider's side.

    It will require effort to convince the customer that this is not a server problem. I would say, 10/10 clients would blame the server first before anything else.
    My Web Hosting and Gadgets Blog http://tekkiebao.blogspot.com/

  10. #10
    Join Date
    Dec 2006
    Location
    London
    Posts
    661
    Quote Originally Posted by Tomcatf14 View Post
    Charging them would not be a problem but customer perception for this issue is always the problem on the hosting provider's side.

    It will require effort to convince the customer that this is not a server problem. I would say, 10/10 clients would blame the server first before anything else.
    I agree with you. All depends on how much you charge really. If you provide a real budget solution (say, $1/month for a website) then simply economics says that you can't possibly keep your business afloat if you have to continually do restores.

    A potential solution is to direct the client to a fully managed hosting solution where you charge more, but offer then the piece of mind that you will keep their software up to date and take on the risks that full management takes.
    GigaTux, Value Linux Hosting
    UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.

  11. #11
    Join Date
    Jul 2005
    Posts
    598
    Quote Originally Posted by gigatux View Post
    I agree with you. All depends on how much you charge really. If you provide a real budget solution (say, $1/month for a website) then simply economics says that you can't possibly keep your business afloat if you have to continually do restores.

    A potential solution is to direct the client to a fully managed hosting solution where you charge more, but offer then the piece of mind that you will keep their software up to date and take on the risks that full management takes.
    The hosting fees by my company is one of the highest in the industry. If possible, I do not want dirty our hand to manage the web application. We are very good in servers but not web.
    My Web Hosting and Gadgets Blog http://tekkiebao.blogspot.com/

  12. #12
    Join Date
    Dec 2006
    Location
    London
    Posts
    661
    Quote Originally Posted by Tomcatf14 View Post
    The hosting fees by my company is one of the highest in the industry. If possible, I do not want dirty our hand to manage the web application. We are very good in servers but not web.
    Fair enough, and it's good to know your strengths and weaknesses.

    I guess it's just a decision for you to make then whether it's worth doing some management and keeping happy customers, or letting them know it's their responsibility (possibly even recommending a third party management company).
    GigaTux, Value Linux Hosting
    UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.

  13. #13
    Join Date
    Jul 2005
    Posts
    598
    Quote Originally Posted by gigatux View Post
    Fair enough, and it's good to know your strengths and weaknesses.

    I guess it's just a decision for you to make then whether it's worth doing some management and keeping happy customers, or letting them know it's their responsibility (possibly even recommending a third party management company).
    I am checking if there is anything that we can on the server's side to protect the customer from these attacks.
    My Web Hosting and Gadgets Blog http://tekkiebao.blogspot.com/

  14. #14
    If this is happening frequently for the sites and even though if you had all the things like mod_sec , firewall in place there is definately some kind of cmd shell script located inside the server. You need to scan the entire server using some tools like maldet , check the logs like message log how those index files were uploaded or replaced.
    www.24x7servermanagement.com
    Server Management, Server Security, Server Monitoring.
    India's Leading Managed Service Provider !! Skype: techs24x7

Similar Threads

  1. How to protect the index page from hackers?
    By Rashad in forum Hosting Security and Technology
    Replies: 4
    Last Post: 08-04-2008, 10:10 AM
  2. Setting index.html as default page instead of index.php?
    By Joel Theodore in forum Hosting Security and Technology
    Replies: 1
    Last Post: 06-23-2008, 11:53 AM
  3. My site got several index defacement hacks
    By moh2004 in forum Hosting Security and Technology
    Replies: 6
    Last Post: 09-09-2006, 09:15 PM
  4. Br0keN-Pr0xy hack - FIX (the popular index defacement hack)
    By layer0 in forum Hosting Security and Technology Tutorials
    Replies: 5
    Last Post: 09-09-2006, 01:23 PM
  5. Defacement of Page
    By jitudhumal in forum Hosting Security and Technology
    Replies: 8
    Last Post: 08-17-2004, 01:13 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •