Over the past year, Sucuri has provided a wide range of publications on how sites get infected, the types of attacks we have discovered, how to detect them, and how to prevent future infections with certain methods and tools. In this article, we’ll discuss our top 10 articles on website security and what site owners can learn from them. Hope these articles give you more information on how you can identify the risks and how to avoid them in the future.
Covering the basics of determining if you’ve been affected by a Distributed Denial of Service (DDoS) attack and how to mitigate it are important concepts to understand. By inspecting traffic with analysis tools, you can determine whether a traffic spike is organic or not. Spoiler alert, most spikes supported are not.
When you carefully monitor network activity, you may need to increase resources with the host or implement a Content Delivery Network (CDN) to mitigate slow load times or downtime. Adding a firewall is also useful in ensuring that bogus requests are fully blocked in the event of DDoS attacks.
In this article, we discuss how to use the WPScan tool for your site and how to implement the scanner via the command line. This tool is capable of providing detailed information about things like headers, files, WordPress versions, themes, plugins, and configuration backups.
We review the benefits of using the WPScan Vulnerability Database API for themes and plugins, which will provide specific details regarding the vulnerabilities they contain. With the enumeration analysis feature, WPScan will be able to determine if any user names are publicly detectable. Usually these can be found if you use the same public nicknames identical to user IDs. This tool will also allow you to simulate a brute force attack on your site with the discovered usernames.
Overall, this scanner tool provides an array of features and information that the average scanner may not provide. If you are managing a corporate site or a collaborative blog, enumeration scanning can be very useful. If you are looking to incorporate more tools to minimize security threats, this tool is a great addition to your security arsenal.
Another useful tool that can be an addition to your security arsenal is an RBL, or a real-time black hole list. RBLs compile lists of IP addresses, which are converted from domains, and determine if they send spam or include abusive content. This is also known as “DNS Blocklist” or DNSBL for short. While Sucuri primarily handles cleanups and firewall protection, RBLs are more related to email. It is only on rare occasions that our remediation team may request that a client’s hosting server IP address be removed from one of them.
That being said, it is possible that an RBL has shady practices such as demanding payment in exchange for an “express write-off.” They claimed that our public WAF IP was involved in abusive activity, which is not possible since our IPs are never seen making requests, only accepting requests. They were unable to provide us with further details about this abusive activity, but we have found that they are providing a “service” to remove the IP address from their list more “quickly” for around $ 100. Although they do offer this option, there is no guarantee that you will avoid being re-enrolled later.
We later found out that if you threatened legal action against them, they would doxie you and forward your email address to spammers, email collectors, as well as list the IP address from which you contacted them. The owner of this company also had a number of related sites without SSL enabled and clear text connections that require a username and password for “executive members”. These run from 20 year old operating systems, with a 17 year old version of PHP.
These security practices and this holistic approach to processing delisting requests are clearly unethical, and we felt there was a need to raise awareness of this issue.
In this article, our founder, Tony Perez, reviews mixed content warnings and explains why they happen. This basically happens when various content resources load over HTTP instead of HTTPS. The browser alerts the visitor and in some cases blocks the content. This can have an impact on the functioning of a site. Because HTTP connections are not secure, this is a security vulnerability. Attackers can potentially replace content, spy on users, or take control of the entire website.
Explaining how website infections get to site owners is crucial in our work. As the World Wide Web grows, so does the volume of attacks and the way they are carried out. We have discovered that these hacks occur through access control, software vulnerabilities, or third-party integrations. In this article, we discuss the details of how an injection occurs.
Later, we discuss what preventative measures you can take to minimize these threats and how to protect your site in the future.
Ready for more? Read our last 5 website safety lessons for the year in Part 2 of this post. Coming soon!