Active Server Security

An attempt to compromise a CMS is usually characterised by abnormal behaviour. This could be a large number of failed username and password attempts, highly non-standard URL requests or the probing many different ports on the server.

An active security software packages will continuously monitor the incoming connections and server logs to spot when something is amiss and then reconfigure the server to block access from that IP, either temporarily or permanently. There are several active security packages available for linux that each monitor different aspects of the server's activity but all work to block malicious agents from accessing your server.

Web Application Firewall

ModSecurity is referred to as a web application firewall. It works by placing itself between the incoming web requests and the web server (e.g. Apache) and comparing the requests against a list of rules of what is acceptable and unacceptable. If the incoming request is prohibited it will be blocked and not passed on to the web server.

Frequently, hackers will attempt to manipulate websites by creating highly customised URL's that exploit a coding error. Typically, these URL's are highly unusual and they can be spotted and blocked without interfering with normal users of the site.

The command line installation of ModSecurity is a little complicated and will require some knowledge of using the linux command line. The installation and configuration documentation is available at the Web Application Firewall page.

WHM/cPanel servers provide a tool to install and manage ModSecurity. Please refer to the cPanel documentation at:

https://documentation.cpanel.net/display/ALD/ModSecurity+Tools

For detailed information.

Active Local Firewall

Memset provides an external firewall service. This where the firewall is hosted on a Memset server and is configurable via your Memset account. The documentation on using the Memset firewall can be viewed here:

https://www.memset.com/docs/server-security/firewalling/

A local firewall is one that is run on the same server as the CMS i.e. your server. It can be run in conjunction with the Memset firewall without too much additional administration. The advantage of an active local firewall is that it will react to incoming threats and block malicious IPs that are attacking the server.

The documentation for installing and configuring an active local firewall is located at Local Firewall Installation and Configuration page.

The firewall used in the guide; CSF, is also the recommended local firewall for cPanel/WHM servers.

Memset Security Suite

Memset provides a suite of server security tools. Along with backups and a firewall Memset also provides vulnerability scanning and intrusion detection services. These services can be found on the Memset website here:

http://www.memset.com/port-patrol-server-monitoring/

If you would like to discuss how these services can improve the security of your CMS the sales team will be pleased to discuss them with you. They can be contacted here:

Apache DOS Hardening

One of the simplest ways to take a website offline is to launch a Denial Off Service attack against it. This form of attack is where the web server is overwhelmed with a more web page requests that it can handle. When this happens legitimate users are denied normal service.

The Apache DOS Hardening guide shows how to install an Apache module that will mitigate such an attack and keep your website online (as long as there is sufficient bandwidth).

Last updated 11 May 2017, 08:37 GMT