hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Protect server from index page defacement
Reply

Forum Jump

Protect server from index page defacement

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 05-24-2012, 07:58 AM
Tomcatf14 Tomcatf14 is offline
Web Hosting Master
 
Join Date: Jul 2005
Posts: 598

Protect server from index page defacement


Recently, a lot of my client's site has been defaced on the index page level. What do you guys do to reduce or prevent this?

Does deploying a security appliance IPS/IDS helps?

__________________
My Web Hosting and Gadgets Blog http://tekkiebao.blogspot.com/



Sponsored Links
  #2  
Old 05-24-2012, 08:45 AM
gigatux gigatux is offline
Corporate Member
 
Join Date: Dec 2006
Location: London
Posts: 658
Typical 'scriptkiddie' defacing often doesn't actually involve an intrusion of such. It's usually worth putting some on though.

The simplest form of defense is to keep any software you're running up to date (e.g. Wordpress, with ALL plugins and themes, and hosting software), keep the kernel up to date, keep PHP up to date etc. Of course, passwords need to be nice and secure too.

If you have lots of clients on your server, you might also want to review how you're actually doing the hosting, e.g. using SuEXEC or some kind of method whereby PHP scripts run as individual usernames rather than 'nobody'.

__________________
GigaTux, Value Linux Hosting
UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.


  #3  
Old 05-24-2012, 12:10 PM
JoshuaD JoshuaD is offline
Junior Guru Wannabe
 
Join Date: Apr 2011
Posts: 32
Tomcatf14, I am sorry to hear that your clients have fallen victim to such attacks. With the given circumstances, have you looked into Web Application Protection?

To help further, you stated many clients, are they all running the same or simliar software?

Sponsored Links
  #4  
Old 05-24-2012, 02:01 PM
Tomcatf14 Tomcatf14 is offline
Web Hosting Master
 
Join Date: Jul 2005
Posts: 598
Quote:
Originally Posted by gigatux View Post
Typical 'scriptkiddie' defacing often doesn't actually involve an intrusion of such. It's usually worth putting some on though.

The simplest form of defense is to keep any software you're running up to date (e.g. Wordpress, with ALL plugins and themes, and hosting software), keep the kernel up to date, keep PHP up to date etc. Of course, passwords need to be nice and secure too.

If you have lots of clients on your server, you might also want to review how you're actually doing the hosting, e.g. using SuEXEC or some kind of method whereby PHP scripts run as individual usernames rather than 'nobody'.
I have done everything that I could within my resources to protect the clients (mod_security, firewall, bruteforce, suexec, suphp) but I could not control it if the client does not want to patch their web application. It is actually costing me time and resources to restore the site for them if their page is being defaced.

The most common attack is across the same web application type within the same server. Eg. All wordpress websites in the same server will be defaced at the same time.

Do you think deploying a security appliance with IPS/IDS functionality will help? WAF is too a bit too expensive comparing with IPS/IDS

__________________
My Web Hosting and Gadgets Blog http://tekkiebao.blogspot.com/

  #5  
Old 05-24-2012, 02:02 PM
Tomcatf14 Tomcatf14 is offline
Web Hosting Master
 
Join Date: Jul 2005
Posts: 598
Quote:
Originally Posted by HostDefend View Post
Tomcatf14, I am sorry to hear that your clients have fallen victim to such attacks. With the given circumstances, have you looked into Web Application Protection?

To help further, you stated many clients, are they all running the same or simliar software?
Most of the affected clients run a generic web application, Wordpress is the most common.

What idea do you have for WAP?

__________________
My Web Hosting and Gadgets Blog http://tekkiebao.blogspot.com/

  #6  
Old 05-24-2012, 04:01 PM
gigatux gigatux is offline
Corporate Member
 
Join Date: Dec 2006
Location: London
Posts: 658
Quote:
Originally Posted by Tomcatf14 View Post
I have done everything that I could within my resources to protect the clients (mod_security, firewall, bruteforce, suexec, suphp) but I could not control it if the client does not want to patch their web application. It is actually costing me time and resources to restore the site for them if their page is being defaced.
You could always charge a nominal fee to the client to perform a restore. Not entirely ideal, but you can never always protect from your clients being hacked.

__________________
GigaTux, Value Linux Hosting
UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.


  #7  
Old 05-24-2012, 08:07 PM
zobe zobe is offline
Web Hosting Guru
 
Join Date: Feb 2008
Location: European Union
Posts: 274
Quote:
Originally Posted by gigatux View Post
You could always charge a nominal fee to the client to perform a restore. Not entirely ideal, but you can never always protect from your clients being hacked.
I just paid my webhost for that, they charged me $15.

__________________
Catalonia will vote: http://www.cataloniavotes.eu/

  #8  
Old 05-25-2012, 02:22 AM
gigatux gigatux is offline
Corporate Member
 
Join Date: Dec 2006
Location: London
Posts: 658
Quote:
Originally Posted by malcarada View Post
I just paid my webhost for that, they charged me $15.
I personally don't think that's too unreasonable. Restoring a backup and checking that it works is a pretty manual process.

With the OP's situation, if he has asked hostees to upgrade any software they have been running but they have not done so, and their account gets hacked, then I think it's especially reasonable to charge this nominal fee.

__________________
GigaTux, Value Linux Hosting
UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.


  #9  
Old 05-25-2012, 03:51 AM
Tomcatf14 Tomcatf14 is offline
Web Hosting Master
 
Join Date: Jul 2005
Posts: 598
Quote:
Originally Posted by gigatux View Post
I personally don't think that's too unreasonable. Restoring a backup and checking that it works is a pretty manual process.

With the OP's situation, if he has asked hostees to upgrade any software they have been running but they have not done so, and their account gets hacked, then I think it's especially reasonable to charge this nominal fee.
Charging them would not be a problem but customer perception for this issue is always the problem on the hosting provider's side.

It will require effort to convince the customer that this is not a server problem. I would say, 10/10 clients would blame the server first before anything else.

__________________
My Web Hosting and Gadgets Blog http://tekkiebao.blogspot.com/

  #10  
Old 05-25-2012, 04:00 AM
gigatux gigatux is offline
Corporate Member
 
Join Date: Dec 2006
Location: London
Posts: 658
Quote:
Originally Posted by Tomcatf14 View Post
Charging them would not be a problem but customer perception for this issue is always the problem on the hosting provider's side.

It will require effort to convince the customer that this is not a server problem. I would say, 10/10 clients would blame the server first before anything else.
I agree with you. All depends on how much you charge really. If you provide a real budget solution (say, $1/month for a website) then simply economics says that you can't possibly keep your business afloat if you have to continually do restores.

A potential solution is to direct the client to a fully managed hosting solution where you charge more, but offer then the piece of mind that you will keep their software up to date and take on the risks that full management takes.

__________________
GigaTux, Value Linux Hosting
UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.


  #11  
Old 05-25-2012, 04:12 AM
Tomcatf14 Tomcatf14 is offline
Web Hosting Master
 
Join Date: Jul 2005
Posts: 598
Quote:
Originally Posted by gigatux View Post
I agree with you. All depends on how much you charge really. If you provide a real budget solution (say, $1/month for a website) then simply economics says that you can't possibly keep your business afloat if you have to continually do restores.

A potential solution is to direct the client to a fully managed hosting solution where you charge more, but offer then the piece of mind that you will keep their software up to date and take on the risks that full management takes.
The hosting fees by my company is one of the highest in the industry. If possible, I do not want dirty our hand to manage the web application. We are very good in servers but not web.

__________________
My Web Hosting and Gadgets Blog http://tekkiebao.blogspot.com/

  #12  
Old 05-25-2012, 04:17 AM
gigatux gigatux is offline
Corporate Member
 
Join Date: Dec 2006
Location: London
Posts: 658
Quote:
Originally Posted by Tomcatf14 View Post
The hosting fees by my company is one of the highest in the industry. If possible, I do not want dirty our hand to manage the web application. We are very good in servers but not web.
Fair enough, and it's good to know your strengths and weaknesses.

I guess it's just a decision for you to make then whether it's worth doing some management and keeping happy customers, or letting them know it's their responsibility (possibly even recommending a third party management company).

__________________
GigaTux, Value Linux Hosting
UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.


  #13  
Old 05-25-2012, 04:22 AM
Tomcatf14 Tomcatf14 is offline
Web Hosting Master
 
Join Date: Jul 2005
Posts: 598
Quote:
Originally Posted by gigatux View Post
Fair enough, and it's good to know your strengths and weaknesses.

I guess it's just a decision for you to make then whether it's worth doing some management and keeping happy customers, or letting them know it's their responsibility (possibly even recommending a third party management company).
I am checking if there is anything that we can on the server's side to protect the customer from these attacks.

__________________
My Web Hosting and Gadgets Blog http://tekkiebao.blogspot.com/

  #14  
Old 05-25-2012, 07:38 AM
Srv24x7 Srv24x7 is offline
Web Hosting Master
 
Join Date: Oct 2007
Posts: 583
If this is happening frequently for the sites and even though if you had all the things like mod_sec , firewall in place there is definately some kind of cmd shell script located inside the server. You need to scan the entire server using some tools like maldet , check the logs like message log how those index files were uploaded or replaced.

__________________
www.24x7servermanagement.com
Server Management, Server Security, Server Monitoring.
Offering Xen/KVM VPS Hosting !! Follow us on FaceBook


Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to protect the index page from hackers? Rashad Hosting Security and Technology 4 08-04-2008 10:10 AM
Setting index.html as default page instead of index.php? Joel Theodore Hosting Security and Technology 1 06-23-2008 11:53 AM
My site got several index defacement hacks moh2004 Hosting Security and Technology 6 09-09-2006 09:15 PM
Br0keN-Pr0xy hack - FIX (the popular index defacement hack) layer0 Hosting Security and Technology Tutorials 5 09-09-2006 01:23 PM
Defacement of Page jitudhumal Hosting Security and Technology 8 08-17-2004 01:13 AM

Related posts from TheWhir.com
Title Type Date Posted
Insecure Passwords at Hosting Provider Behind OpenSSL Website Defacement Web Hosting News 2014-01-03 15:29:53
Page.ly Grows Managed WordPress Hosting Platform with BlogDroid Acquisition Web Hosting News 2013-06-27 15:43:37
StopTheHacker Launches Version 3.7 of Website Security Tool Web Hosting News 2013-02-04 18:40:30
Dutch Web Host Protagonist Offers SpamExperts Spam Email Filtering Service Web Hosting News 2012-11-28 17:18:15
Netcraft May Web Server Survey Sees First Drop in Responses in 22 Months Web Hosting News 2012-05-02 13:59:57


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?