Tag Archives: E-mail filtering

Protecting your website from hackers

There are a lot of bots out there on the Net, all desperate to hack into and hijack your precious little standalone blog, or e-commerce site, or whatever. Or steal your work. Or maybe they just hoover up all your bandwidth, something you certainly don’t want if you pay for it or if your hosting company severely throttles the number of simultaneous connections.

Don’t imagine that, just because yout site is tiny and has few visitors, it won’t be attacked. They’re not interested in your public; they want your diskspace. I offer this as an example:

Attacks blocked in July 2017

So, the first thing to do when setting up a site is to protect yourself against all this shit. To start with, install a spam filter. Akismet is by far the most popular and it is easy to use with Jetpack, if you have that installed.

Now you need a firewall. If you’re running a WordPress-powered blog, I advise using WordFence, generally agreed to be the best security plugin out there.  Whichever plugin you do use, don’t activate more than one, or you’ll get conflicts that can render your site unusable. So, apart from Akismet, disable all the security options in Jetpack.

If you enable your hosting service’s firewall, be careful: this may disable automatic software updates and make it impossible for visitors to access certain files, such as PDF documents. Test it carefully before using it. It’s also important to remember that you’ll still need to take other precautions to prevent unauthorised logins. Brute force attempts to log in to my site constitute the vast majority of the attacks I see.

One possibility that may make your life easier is to use a CDN service, the most popular (and cheapest – the basic plan is free) being Cloudflare. It won’t solve everything, as some hackers use IP addresses rather than domain names to bypass the Cloudflare servers, but it does take quite a bit of pressure off. The great thing about Cloudflare is that you can use it to filter (using Captcha to let humans in but keep bots out) IP ranges, entire countries, or traffic coming from a specific ISP/hosting service.

Install your firewall with care, following the instructions. You should have at least the possibility to block IP ranges and user agents. My advice is to do the following before going any further:

1. Block Datashack/Nocix (AS33387)
It’s owned by crooks as far as I can tell and their sole desire is to install malware on your site.

2. Block obsolete browsers:
They are almost always used for hacking (*=wildcard):

  • *Firefox/1* to *Firefox/4* (current version 54). I have seen *Firefox/5.* used for hacking, so block that as well
  • *Chrome/1* to *Chrome/4* (current version is 59), bearing in mind that Google use a modified Chrome/41 to check AMP pages. Way to go, Google
  • *MSIE/1* to *MSIE/10* (current version = 11)
  • *Go-http-client/1.1*
  • *curl* – This is used to upload files, nuff said
  • *ahrefs* & *XoviBot*- content-scraping, for-profit SEO sites that devour bandwidth. There are others.
  • *WinHttp.WinHttpRequest* and *commoncrawl.org* are used to download entire websites. You probably don’t want this

The list is by no means exhaustive but it’s a start. Don’t forget to block anything coming from Datashack. They can find your site and install a backdoor before WordFence has finished with “learning mode” for extended protection.

That’s it? Done all that, maybe tweaked the lockout rules for brute force log-in attempts? Excellent, well done, have a cup of tea and a biscuit. Now the good bit. You need to check on your site every single day to ensure that everything is working as planned. Do it over your morning coffee, or lunch break or home-at-last beer. It doesn’t take very long, now you’ve got the main filters up; it’s just a matter of tweaking them, maybe adding an extra filter now and then. You’ll probably see other SEO bots you want to block, more suspicious user-agent strings, and so on. Look for 404 errors, these may show you bots hunting for exploits: either weaknesses in your own software or malware that someone else has installed.

Useful links:

  • Abuse IPDB – report hacking attempts and check if anyone else has reported problems from that IP address
  • Project Honeypot – catching spammers and other scum. If you control your site, you can install their honeypot script to catch badly-behaved bots. You can also comment on IPs giving you grief
  • Gravityscan – scan your website for malware. It works well with…
  • WordFence (WordPress only)
  • Akismet – spam filtering for WordPress
  • Cloudflare can filter email traffic as well as Web

 

Fighting spam with Spamcop

Most ISPs and antivirus firms offer spam filtering these days, though very few (if any) enable you to report the spammer to their ISP. Which is a shame, as not only is spam contrary to ISP terms of use, but often the content is fraudulent or otherwise illegal.

Child porn and other nasties, fake medicines, attempts to steal passwords or other personal information, avance fee frauds (known as 419 scams, allegedly after the relevant article in the Nigerian criminal code)… You name it, some creep has tried to pull it on you.

Most spam filters merely send what they think is spam to the trashcan or add a tag to the subject line, while more honourable ones such as Thunderbird have a filter that can be “taught” to differentiate between spam and genuine emails, and filter to a separate folder. However, this does not address the problem of spam itself and you’re still spending far too much time ensuring no false positives have been junked by accident.

This is where the excellent service Spamcop comes in. You get:

  • Free service! You can tip them a few dollars if you like, it’ll remove a “nag” page for a while
  • the ability to report spam directly to the ISPs concerned via a simple click
  • Report spam from all of your accounts
  • Less spam, in the long run

There’s probably more, but I don’t remember offhand. I’ve used the site for several years and I swear by it to deal with the dozens of spams I received daily at one point. OK, you still have to sift through your inboxes to check nothing’s been sin-binned by mistake (remember to educate friends who think it’s smart to send old jokes to a long list of contacts), but then you can send the spam to limbo and its perpetrators to Gehenna with a simple click, a smile on the lips and music in the air. It’s a most satisfying revenge, and although spam will be profitable as long as there are greedy idiots who really do believe you can get something for nothing, the service has contributed to getting some major spammers shut down (or away) for good.

Enhanced by Zemanta
Updated March 2015 after changes to the service