05-24-2012, 07:58 AM
|
|
Web Hosting Master
|
|
Join Date: Jul 2005
Posts: 597
|
|
Protect server from index page defacement
Recently, a lot of my client's site has been defaced on the index page level. What do you guys do to reduce or prevent this?
Does deploying a security appliance IPS/IDS helps?
|
05-24-2012, 08:45 AM
|
|
Corporate Member
|
|
Join Date: Dec 2006
Location: London
Posts: 658
|
|
Typical 'scriptkiddie' defacing often doesn't actually involve an intrusion of such. It's usually worth putting some on though.
The simplest form of defense is to keep any software you're running up to date (e.g. Wordpress, with ALL plugins and themes, and hosting software), keep the kernel up to date, keep PHP up to date etc. Of course, passwords need to be nice and secure too.
If you have lots of clients on your server, you might also want to review how you're actually doing the hosting, e.g. using SuEXEC or some kind of method whereby PHP scripts run as individual usernames rather than 'nobody'.
__________________
█ GigaTux, Value Linux Hosting
█ UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.
|
05-24-2012, 12:10 PM
|
|
Junior Guru Wannabe
|
|
Join Date: Apr 2011
Posts: 32
|
|
Tomcatf14, I am sorry to hear that your clients have fallen victim to such attacks. With the given circumstances, have you looked into Web Application Protection?
To help further, you stated many clients, are they all running the same or simliar software?
|
05-24-2012, 02:01 PM
|
|
Web Hosting Master
|
|
Join Date: Jul 2005
Posts: 597
|
|
Quote:
Originally Posted by gigatux
Typical 'scriptkiddie' defacing often doesn't actually involve an intrusion of such. It's usually worth putting some on though.
The simplest form of defense is to keep any software you're running up to date (e.g. Wordpress, with ALL plugins and themes, and hosting software), keep the kernel up to date, keep PHP up to date etc. Of course, passwords need to be nice and secure too.
If you have lots of clients on your server, you might also want to review how you're actually doing the hosting, e.g. using SuEXEC or some kind of method whereby PHP scripts run as individual usernames rather than 'nobody'.
|
I have done everything that I could within my resources to protect the clients (mod_security, firewall, bruteforce, suexec, suphp) but I could not control it if the client does not want to patch their web application. It is actually costing me time and resources to restore the site for them if their page is being defaced.
The most common attack is across the same web application type within the same server. Eg. All wordpress websites in the same server will be defaced at the same time.
Do you think deploying a security appliance with IPS/IDS functionality will help? WAF is too a bit too expensive comparing with IPS/IDS
|
05-24-2012, 02:02 PM
|
|
Web Hosting Master
|
|
Join Date: Jul 2005
Posts: 597
|
|
Quote:
Originally Posted by HostDefend
Tomcatf14, I am sorry to hear that your clients have fallen victim to such attacks. With the given circumstances, have you looked into Web Application Protection?
To help further, you stated many clients, are they all running the same or simliar software?
|
Most of the affected clients run a generic web application, Wordpress is the most common.
What idea do you have for WAP?
|
05-24-2012, 04:01 PM
|
|
Corporate Member
|
|
Join Date: Dec 2006
Location: London
Posts: 658
|
|
Quote:
Originally Posted by Tomcatf14
I have done everything that I could within my resources to protect the clients (mod_security, firewall, bruteforce, suexec, suphp) but I could not control it if the client does not want to patch their web application. It is actually costing me time and resources to restore the site for them if their page is being defaced.
|
You could always charge a nominal fee to the client to perform a restore. Not entirely ideal, but you can never always protect from your clients being hacked.
__________________
█ GigaTux, Value Linux Hosting
█ UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.
|
05-24-2012, 08:07 PM
|
|
Junior Guru
|
|
Join Date: Feb 2008
Location: European Union
Posts: 194
|
|
Quote:
Originally Posted by gigatux
You could always charge a nominal fee to the client to perform a restore. Not entirely ideal, but you can never always protect from your clients being hacked.
|
I just paid my webhost for that, they charged me $15.
|
05-25-2012, 02:22 AM
|
|
Corporate Member
|
|
Join Date: Dec 2006
Location: London
Posts: 658
|
|
Quote:
Originally Posted by malcarada
I just paid my webhost for that, they charged me $15.
|
I personally don't think that's too unreasonable. Restoring a backup and checking that it works is a pretty manual process.
With the OP's situation, if he has asked hostees to upgrade any software they have been running but they have not done so, and their account gets hacked, then I think it's especially reasonable to charge this nominal fee.
__________________
█ GigaTux, Value Linux Hosting
█ UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.
|
05-25-2012, 03:51 AM
|
|
Web Hosting Master
|
|
Join Date: Jul 2005
Posts: 597
|
|
Quote:
Originally Posted by gigatux
I personally don't think that's too unreasonable. Restoring a backup and checking that it works is a pretty manual process.
With the OP's situation, if he has asked hostees to upgrade any software they have been running but they have not done so, and their account gets hacked, then I think it's especially reasonable to charge this nominal fee.
|
Charging them would not be a problem but customer perception for this issue is always the problem on the hosting provider's side.
It will require effort to convince the customer that this is not a server problem. I would say, 10/10 clients would blame the server first before anything else.
|
05-25-2012, 04:00 AM
|
|
Corporate Member
|
|
Join Date: Dec 2006
Location: London
Posts: 658
|
|
Quote:
Originally Posted by Tomcatf14
Charging them would not be a problem but customer perception for this issue is always the problem on the hosting provider's side.
It will require effort to convince the customer that this is not a server problem. I would say, 10/10 clients would blame the server first before anything else.
|
I agree with you. All depends on how much you charge really. If you provide a real budget solution (say, $1/month for a website) then simply economics says that you can't possibly keep your business afloat if you have to continually do restores.
A potential solution is to direct the client to a fully managed hosting solution where you charge more, but offer then the piece of mind that you will keep their software up to date and take on the risks that full management takes.
__________________
█ GigaTux, Value Linux Hosting
█ UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.
|
05-25-2012, 04:12 AM
|
|
Web Hosting Master
|
|
Join Date: Jul 2005
Posts: 597
|
|
Quote:
Originally Posted by gigatux
I agree with you. All depends on how much you charge really. If you provide a real budget solution (say, $1/month for a website) then simply economics says that you can't possibly keep your business afloat if you have to continually do restores.
A potential solution is to direct the client to a fully managed hosting solution where you charge more, but offer then the piece of mind that you will keep their software up to date and take on the risks that full management takes.
|
The hosting fees by my company is one of the highest in the industry. If possible, I do not want dirty our hand to manage the web application. We are very good in servers but not web.
|
05-25-2012, 04:17 AM
|
|
Corporate Member
|
|
Join Date: Dec 2006
Location: London
Posts: 658
|
|
Quote:
Originally Posted by Tomcatf14
The hosting fees by my company is one of the highest in the industry. If possible, I do not want dirty our hand to manage the web application. We are very good in servers but not web.
|
Fair enough, and it's good to know your strengths and weaknesses.
I guess it's just a decision for you to make then whether it's worth doing some management and keeping happy customers, or letting them know it's their responsibility (possibly even recommending a third party management company).
__________________
█ GigaTux, Value Linux Hosting
█ UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.
|
05-25-2012, 04:22 AM
|
|
Web Hosting Master
|
|
Join Date: Jul 2005
Posts: 597
|
|
Quote:
Originally Posted by gigatux
Fair enough, and it's good to know your strengths and weaknesses.
I guess it's just a decision for you to make then whether it's worth doing some management and keeping happy customers, or letting them know it's their responsibility (possibly even recommending a third party management company).
|
I am checking if there is anything that we can on the server's side to protect the customer from these attacks.
|
05-25-2012, 07:38 AM
|
|
Web Hosting Evangelist
|
|
Join Date: Oct 2007
Posts: 537
|
|
If this is happening frequently for the sites and even though if you had all the things like mod_sec , firewall in place there is definately some kind of cmd shell script located inside the server. You need to scan the entire server using some tools like maldet , check the logs like message log how those index files were uploaded or replaced.
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
