When it comes to cybersecurity, WordPress is a victim of its own success. Used on 35% of the world’s websites, its popularity makes it highly attractive to cybercriminals. While no less secure than other platforms, the sheer volume of WordPress websites means, statistically, there’s more chance of an attack. To help you to protect your …
It seems like more and more prominent web servers are getting hacked and attacked these days. If even the giants of online industry are susceptible to hacks and attacks, what are humble web hosts supposed to do? Cyber attacks can be devastating to a server, and even more devastating when they reach other servers from that original hosting server. What can you do? Understanding the threat of DDoS attacks and how you can avoid them should help you as a web host better protect your clients, who can in turn better protect their clients from the results of such an attack.
What Are DDoS Attacks?
DDoS stands for Distributed Denial-of-Service. Have you ever tried to visit a web page only to have it error out or show up as unavailable? Most servers have a maximum capacity or bandwidth. DDoS attackers flood a server to try to reach that capacity. Once the server is full, it cannot accept any more visitors. Since the DDoS attack is flooding the server with fake visitors, this prevents real visitors from reaching and using the web pages on that server.
One of the biggest problems with DDoS attacks is that the server cannot tell the difference between fake traffic and real traffic. Hackers are getting more creative and creating layered attacks that more closely resemble real traffic. Since these types of attacks can essentially cut off your server from everyone else, it is important to take them seriously.
The Ripple Effect
If the attack is only focused on your server, it’s not harming your customers, right? Wrong. If you are a web host and your server is getting flooded with fake requests, it also affects the web pages of the clients you are hosting. If those clients happen to also be hosting clients of their own, those pages can go down, too. This is known as a ripple effect. The attack happens at a central location, and the results spread out in all directions from there. In this case, when the server hosting the web pages goes down, all the web pages tied to that server also go down.
The Real Damages
At first glance, it might seem harmless to have a web page go down. If the page is strictly for informational purposes, there is likely to be minimal financial repercussions. Some web pages are much more than informational, however. What about your clients who have their businesses set up through your hosting service? When their pages go down, their customers are not able to look at their inventory or make purchases. In these cases, the financial repercussions can be disastrous—even if the page is only down for a few hours. If your customers cannot keep their business pages open on your server, they are likely to go somewhere else. Essentially, if a DDoS attack manages to bring down your server, it has the potential to completely destroy your web hosting business.
Your Role as Web Host
As the provider of hosting services to your clients, it is your responsibility to do everything within your power to protect the web pages linked to your server. Part of this is providing the proper bandwidth. You might need multiple servers to adequately keep your clients’ pages up and running. You should also take it upon yourself to investigate security services and software that may be better able to identify complex DDoS attacks.
Use Multiple Methods of Protection
To better protect your clients, consider using multiple methods of protection. You will want to be able to recognize a DDoS attack as early as possible. Having more bandwidth than you need can help with such attacks. Although the attacker might try to flood your server, if you have plenty of bandwidth, legitimate visitors might be able to get through for a little while. However, even if you have an extra 500% of bandwidth available, a DDoS attack will eventually flood it all. At the very least, the extra bandwidth can provide you with more time to identify and take care of the attack.
Running Your Own Server
There are things you can do when running your own server to also buy you more time. You can rate limit your router, cause half-open connections to time out, or even set lower thresholds for ICMP, SYN, and UDP flood drops. If you are able to identify a DDoS attack and have the means, you can also divert traffic to scrubbing software designed to remove malicious packets. These scrubbers are often used by large hosting providers. If you are a small web host, you will want to contact your ISP as soon as possible to help cut off the attack.
Consider Using Mitigation Services
Mitigation services can assist in monitoring the traffic on your web server to identify and fend off DDoS attacks. There are several different types of providers of mitigation services. If you have many clients that depend on your hosting services, then investing in such security is probably wise. These services assist in identifying malicious packages, rerouting them, and deleting them before they can flood your server and spread to your clients. DDoS attacks are constantly changing, and mitigation services are usually on top of the latest defense methods against the evolving attacks.
Protect Yourself to Protect Your Customers
DDoS attacks are very serious. Although they might seem harmless at first glance, these types of attacks basically strangle your hosting business. By flooding your server, they can potentially flood the pages and servers of clients tied to your service. When this happens, web pages are cut off from potential customers and visitors. In order to protect your customers from the devastating effects of such an attack, you need to protect yourself. You can take pre-emptive action with larger bandwidth and software to help you identify malicious and fake packages. Even with these actions, however, you need the means to scrub those fake packages off of your server. Contacting your ISP is a good idea for smaller web hosts. You might also want to look into mitigation services that can monitor and protect you from potential attacks on a regular basis. If you are unfamiliar with DDoS attacks or your protection methods need updating, start researching such services right away.
Top image ©GL Stock Images
Nineteen thousand French websites have been attacked since the Charlie Hebdo terrorist attacks last week, according to French military head of cyberdefense Adm. Arnaud Coustilliere.
The post Thousands of French Websites Face DDoS Attacks Since Charlie Hebdo Massacre appeared first on Web Hosting Talk.
While the world was in an uproar about the alleged North Korea hack on Sony Pictures, many other organizations were compromised as a result of loopholes and deficiencies in their web security. Many of these attacks did not receive as much publicity as the North Korea and Sony Pictures fiasco did. Here is a brief look at some of the other cyber attacks that were going on around the same time.
Who Were the Biggest Hacks of 2014?
Rackspace was the victim of a several hour DDoS (Distributed Denial of Service) attack that left its DNS servers at their London, North Virginia, and Chicago data centers overwhelmed. Company engineers noticed that its DNS requests weren’t resolving at around 12:54 AM EST on December 22, 2014, as a result of the DNS attack. To fix the issue, Rackspace engineers began reducing the amount of services that were running on the affected servers which may have caused some of their legitimate traffic to be blocked.
Approximately 12 hours later, Rackspace had restored much of its DNS service, but not without complications. A small percentage of DNS services that were routing legitimate and DDoS traffic had been blacklisted, and the resolution required further investigation and tweaking by engineers. The complete breach was resolved later on that day.
To prevent further complications from this attack, Rackspace began implementing a Root Cause Analysis to gain better insight and information on what lead to the DDoS attack so they can take the necessary precautions to prevent this type of incident from happening again in the future.
An unknown hacker used email spoofing to compromise ICANN (Internet Corporation for Assigned Names and Numbers) in November 2014. The hacker gained access to the company’s internal systems using the credentials of an employee. During the attack, emails were created to look as if they came from ICANN’s domain and sent out to other employees in the organization. The emails may have contained links to bogus websites, which encouraged employees to type in their security credentials, thus providing the hacker with access to their usernames, passwords and other types of confidential information.
Employee names, email addresses and other personal data are stored in ICANN’s Centralized Zone Data System (CZDS) and were compromised as a result of the breach. In addition to the CZDS being breached, ICANN’s blog, GAC Wiki, and WHOIS were all compromised as well.
To resolve the breach, ICANN disabled and reset all passwords and advised its employees to take extra precautions with other online accounts that they have used the same username and password for.
JP Morgan Chase
In what may be forever known as the attack that should have never happened, JP Morgan had to deal with the aftermath of a cyber-attack that reportedly affected at least 83 million of its customers and small business clients. Had JP Morgan implemented a security update to add a two-step authentication process to its servers, the security breach could have been prevented.
The bank states that this situation was very limited in its scope and the only information compromised was email passwords, addresses, and phone numbers. To determine the extent of the breach, JP Morgan is currently in the process of running an internal review to discover any other remaining and potential loopholes that could create security problems in the future. As of this moment, the origin of the attack is not known.
PlayStation Network and Xbox Live
On December 7th, 2014, PSN servers were down. Hacker group Lizard Squad informed the world on Twitter that it was responsible for the attack on PlayStation Network. While Lizard Squad is known for using DDoS attacks on their targets, officials at Sony are not sure if the attack is DDoS in nature. The PlayStation Network was previously taken offline back in August 2014 by the same group. Lizard Squad is also claiming responsibility for the attack that left Xbox Live servers down for several hours on December 1, December 5, and again on December 25, 2014.
PSN’s attack comes right on the heels of a previous attack on Sony in which a large amount of private company information was exposed to the public, via the internet. At the current time, not much information is available on how the attacks were resolved, but both PlayStation Network and Xbox Live Networks are up and running.
Challenges These Companies Face
Security breaches and cyber attacks are on the rise. While no company is completely safe, large companies are far more likely to be compromised because they have access to more sensitive data that hackers want. Large companies are experiencing an increasing number of security breaches and are often left scrambling in embarrassment to clean up the mess that these breaches create.
Some of the most world’s popular companies such as JP Morgan Chase, ICANN and Xbox are not quite prepared for the methods that hackers use to infiltrate their systems. While careful consideration must be given to each organization’s infrastructure, it is apparent that drastic and revolutionary security measures need to be taken sooner than later. As companies resort to adding more software and technology into their infrastructures, more effort needs to be given to identifying the vulnerabilities that software and technology create.
Evolution of Cyber-Attacks
The face of cyber-attacks has evolved. Now hackers use many different tactics including spear-phishing, DDoS, USB devices and other fraudulent methods to compromise some of the world largest and most well-known organizations. These attacks don’t happen all at once; instead they happen persistently. Once hackers gain access to a system, they lurk and systematically steal information for extended periods of time. In many cases, an organization can be compromised using an employee’s credentials while the employee and the company remain unaware of the breach.
There is a problem with the way that organizations are dealing with these attacks. Companies are scrambling and playing catch up when hackers are steadily evolving their tactics to remain ahead of the game. A deeper look needs to be given to software and security protocol to determine where the risks exist so that solutions can be created to get rid of the loopholes. Organizations should invest more of their resources to implement a host of security strategies and measures to protect its vulnerabilities and its customers.
Top image ©GL Stock Images
Cybercriminals are using DNS TXT records in order to amplify DDoS attacks, according to a security bulletin (PDF) published on Tuesday by Akamai’s Prolexic Security Engineering and Research Team (PLXsert).
The post Hackers Use DNS TXT Records to Amplify DDoS Attacks: Akamai Report appeared first on Web Hosting Talk.
Automattic, the parent company of WordPress.com, announced on Tuesday that it has acquired BruteProtect, a plugin and service designed to protect WordPress users from malicious logins. The terms of the deal have not been disclosed.
The post Automattic Acquires BruteProtect to Block WordPress Brute Force Attacks appeared first on Web Hosting Talk.