Results 1 to 14 of 14
-
05-24-2012, 07:58 AM #1Web Hosting Master
- Join Date
- Jul 2005
- Posts
- 598
Protect server from index page defacement
Recently, a lot of my client's site has been defaced on the index page level. What do you guys do to reduce or prevent this?
Does deploying a security appliance IPS/IDS helps?My Web Hosting and Gadgets Blog http://tekkiebao.blogspot.com/
-
05-24-2012, 08:45 AM #2Web Hosting Master
- Join Date
- Dec 2006
- Location
- London
- Posts
- 661
Typical 'scriptkiddie' defacing often doesn't actually involve an intrusion of such. It's usually worth putting some on though.
The simplest form of defense is to keep any software you're running up to date (e.g. Wordpress, with ALL plugins and themes, and hosting software), keep the kernel up to date, keep PHP up to date etc. Of course, passwords need to be nice and secure too.
If you have lots of clients on your server, you might also want to review how you're actually doing the hosting, e.g. using SuEXEC or some kind of method whereby PHP scripts run as individual usernames rather than 'nobody'.█ GigaTux, Value Linux Hosting
█ UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.
-
05-24-2012, 12:10 PM #3Disabled
- Join Date
- Apr 2011
- Posts
- 38
Tomcatf14, I am sorry to hear that your clients have fallen victim to such attacks. With the given circumstances, have you looked into Web Application Protection?
To help further, you stated many clients, are they all running the same or simliar software?
-
05-24-2012, 02:01 PM #4Web Hosting Master
- Join Date
- Jul 2005
- Posts
- 598
I have done everything that I could within my resources to protect the clients (mod_security, firewall, bruteforce, suexec, suphp) but I could not control it if the client does not want to patch their web application. It is actually costing me time and resources to restore the site for them if their page is being defaced.
The most common attack is across the same web application type within the same server. Eg. All wordpress websites in the same server will be defaced at the same time.
Do you think deploying a security appliance with IPS/IDS functionality will help? WAF is too a bit too expensive comparing with IPS/IDSMy Web Hosting and Gadgets Blog http://tekkiebao.blogspot.com/
-
05-24-2012, 02:02 PM #5Web Hosting Master
- Join Date
- Jul 2005
- Posts
- 598
My Web Hosting and Gadgets Blog http://tekkiebao.blogspot.com/
-
05-24-2012, 04:01 PM #6Web Hosting Master
- Join Date
- Dec 2006
- Location
- London
- Posts
- 661
█ GigaTux, Value Linux Hosting
█ UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.
-
05-24-2012, 08:07 PM #7Web Hosting Guru
- Join Date
- Feb 2008
- Posts
- 343
-
05-25-2012, 02:22 AM #8Web Hosting Master
- Join Date
- Dec 2006
- Location
- London
- Posts
- 661
I personally don't think that's too unreasonable. Restoring a backup and checking that it works is a pretty manual process.
With the OP's situation, if he has asked hostees to upgrade any software they have been running but they have not done so, and their account gets hacked, then I think it's especially reasonable to charge this nominal fee.█ GigaTux, Value Linux Hosting
█ UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.
-
05-25-2012, 03:51 AM #9Web Hosting Master
- Join Date
- Jul 2005
- Posts
- 598
Charging them would not be a problem but customer perception for this issue is always the problem on the hosting provider's side.
It will require effort to convince the customer that this is not a server problem. I would say, 10/10 clients would blame the server first before anything else.My Web Hosting and Gadgets Blog http://tekkiebao.blogspot.com/
-
05-25-2012, 04:00 AM #10Web Hosting Master
- Join Date
- Dec 2006
- Location
- London
- Posts
- 661
I agree with you. All depends on how much you charge really. If you provide a real budget solution (say, $1/month for a website) then simply economics says that you can't possibly keep your business afloat if you have to continually do restores.
A potential solution is to direct the client to a fully managed hosting solution where you charge more, but offer then the piece of mind that you will keep their software up to date and take on the risks that full management takes.█ GigaTux, Value Linux Hosting
█ UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.
-
05-25-2012, 04:12 AM #11Web Hosting Master
- Join Date
- Jul 2005
- Posts
- 598
My Web Hosting and Gadgets Blog http://tekkiebao.blogspot.com/
-
05-25-2012, 04:17 AM #12Web Hosting Master
- Join Date
- Dec 2006
- Location
- London
- Posts
- 661
Fair enough, and it's good to know your strengths and weaknesses.
I guess it's just a decision for you to make then whether it's worth doing some management and keeping happy customers, or letting them know it's their responsibility (possibly even recommending a third party management company).█ GigaTux, Value Linux Hosting
█ UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.
-
05-25-2012, 04:22 AM #13Web Hosting Master
- Join Date
- Jul 2005
- Posts
- 598
My Web Hosting and Gadgets Blog http://tekkiebao.blogspot.com/
-
05-25-2012, 07:38 AM #14Web Hosting Master
- Join Date
- Oct 2007
- Posts
- 2,349
If this is happening frequently for the sites and even though if you had all the things like mod_sec , firewall in place there is definately some kind of cmd shell script located inside the server. You need to scan the entire server using some tools like maldet , check the logs like message log how those index files were uploaded or replaced.
www.24x7servermanagement.com
Server Management, Server Security, Server Monitoring.
India's Leading Managed Service Provider !! Skype: techs24x7
Similar Threads
-
How to protect the index page from hackers?
By Rashad in forum Hosting Security and TechnologyReplies: 4Last Post: 08-04-2008, 10:10 AM -
Setting index.html as default page instead of index.php?
By Joel Theodore in forum Hosting Security and TechnologyReplies: 1Last Post: 06-23-2008, 11:53 AM -
My site got several index defacement hacks
By moh2004 in forum Hosting Security and TechnologyReplies: 6Last Post: 09-09-2006, 09:15 PM -
Br0keN-Pr0xy hack - FIX (the popular index defacement hack)
By layer0 in forum Hosting Security and Technology TutorialsReplies: 5Last Post: 09-09-2006, 01:23 PM -
Defacement of Page
By jitudhumal in forum Hosting Security and TechnologyReplies: 8Last Post: 08-17-2004, 01:13 AM