Missing URL Attacks and Counter Measures 1
Yesterday, I took a look at the missing URL statistics for my blog and saw lots of attacks to phpMyAdmin. That’s sorta funny since I don’t use that tool and if I did, it wouldn’t be available publicly. When I say lots of phpMyAdmin attacks, I mean hundreds with every possible way of spelling it and every possible version listed. Certainly, these are scripts, but still they are many hundreds of attempts. My little blog isn’t THAT popular and it is non-commercial. You don’t need an ad-blocker here and most of the website works just fine without javascript enabled.
Anyway, I’ve added a reverse proxy filter to my web cluster that will prevent undesired requests. I’ve always had a reverse proxy, but never bothered to filter anything except PUSH size to this point. If something seems to be broken, please let me know, since I could have missed a few needed allow rules.
Between the blog spammers and random attacks, it sorta makes me wonder how many counter measures the average blogger installs and uses to pro-actively protect their work. Do you review your logs?
I did see that someone had a sense of humor in their attacks …
/oh.hey.there.how.you.doinHere’s what I do to protect my websites
- DB – Limit any DB access to local, no network access and especially no internet access to DBs
- Firewall – Limit the ports which can get inside to the reverse web proxy, not to the actual ports where the applications are running.
- Remote – remote access from outside the network is only via key-based ssh or over VPN
- Use non-standard software that doesn’t have millions of users – low value target
- Limit plugins to simple ones so I can review the code
- Stay patched – weekly patching happens on all systems involved
- Stay up to date with released software that is not patched
- Review the server logs daily using summary tools like log watch
- Generally keep up with security issues for the platform and software installed
- Backups – incremental, daily, automatic, full. I can recover any file or the entire server as needed for any day from today to 30 days ago.
- Virtualization used for server platforms. If I do have a hardware failure, the VM can be brought back up on almost any other hardware, provided the VM host/Dom0 runs.
- Run 1 main service per VM. The blog servers don’t do email or vpn or monitoring or …. – they are each single purpose machines. The VM hosts are not available to the outside world.
- Avoid Microsoft solutions for servers – yes, this is a security feature to me
- Block full search engine access
- Perform local analytics – no outside service is used – this is for your privacy too
Anyway, I hope I wasn’t too restrictive on the verbs allowed to pass into this site. Again, if you see issues, please let me know. The script kiddies will need to find another site to bother and someone else’s bandwidth to waste.
What do you do to protect your websites from hackers? Tell me in the comments.
Trackbacks
Use the following link to trackback from your own site:
https://blog.jdpfu.com/trackbacks?article_id=773
So I’ve been having an issue with my blog software for about a year where more than 8 comments are not displayed on the blog. There are a few stories here with 20+ comments that would be helpful for other folks to see.
I’ve been looking for a new publishing platform for the last few years, but I’m worried about using something that is highly targeted like … Joomla or Drupal or Wordpress. OTOH, following the crowd does have advantages, just like using MS-Windows on a desktop has advantages.
A friend has setup a Joomla site, but I’m more inclined towards Drupal. There are Drupal integrations with Alfresco, which we use at work. Both seem like very capable platforms.
Yesterday I loaded Jaws CMS. It took just a few minutes to get something up and working, but since I didn’t really search out the layout best practices, my trial website was less than usable. Ok, it really sucked. Further, it felt slow, but that could have been due to all sorts of reasons. Also, adding “Jaws” to a resume doesn’t have the same impact that “Drupal” would. If I migrate from Typo to Drupal, I’ll need to find a way to migrate all the posts and comments too. I’d like to retain the same URLs so search engines don’t get lost. I will probably fix the port 82 back to port 80 to make life easier on visitors, however.
So much to do. So many priority projects.