An attempt to compromise a CMS is usually characterised by abnormal behaviour. This could be a large number of failed username and password attempts, highly non-standard URL requests or the probing many different ports on the server.
An active security software packages will continuously monitor the incoming connections and server logs to spot when something is amiss and then reconfigure the server to block access from that IP, either temporarily or permanently. There are several active security packages available for linux that each monitor different aspects of the server's activity but all work to block malicious agents from accessing your server.
ModSecurity is referred to as a web application firewall. It works by placing itself between the incoming web requests and the web server (e.g. Apache) and comparing the requests against a list of rules of what is acceptable and unacceptable. If the incoming request is prohibited it will be blocked and not passed on to the web server.
Frequently, hackers will attempt to manipulate websites by creating highly customised URL's that exploit a coding error. Typically, these URL's are highly unusual and they can be spotted and blocked without interfering with normal users of the site.
The command line installation of ModSecurity is a little complicated and will require some knowledge of using the linux command line.
WHM/cPanel servers provide a tool to install and manage ModSecurity. Please refer to the cPanel documentation at:
https://documentation.cpanel.net/display/ALD/ModSecurity+Tools
For detailed information.
Memset provides an external firewall service. This where the firewall is hosted on a Memset server and is configurable via your Memset account. The documentation on using the Memset firewall can be viewed here:
https://www.memset.com/docs/server-security/firewalling/
A local firewall is one that is run on the same server as the CMS i.e. your server. It can be run in conjunction with the Memset firewall without too much additional administration. The advantage of an active local firewall is that it will react to incoming threats and block malicious IPs that are attacking the server.
Memset provides a suite of server security tools. Along with backups and a firewall Memset also provides vulnerability scanning and intrusion detection services. These services can be found on the Memset website here:
http://www.memset.com/port-patrol-server-monitoring/
If you would like to discuss how these services can improve the security of your CMS the sales team will be pleased to discuss them with you. They can be contacted here:
One of the simplest ways to take a website offline is to launch a Denial of Service attack against it. This form of attack is where the web server is overwhelmed with a more web page requests that it can handle. When this happens legitimate users are denied normal service.
Last updated 14 February 2018, 09:18 GMT