WhiteSites Blog

How to protect your website from Bots and Hackers

Posted on Jun 14, 2015 by Paul White

With all the recent news coverage on companies and government agencies being hacked, I thought it might be time to write an article about how to protect your website and or server from hackers and bots.  So if your website is getting flooded with unrelated traffic and constantly being attacked here are a few tips.

FireWall

This should be obvious.  Your Firewall should only have ports open that are needed.  Everything else should be closed, or at least limited to a select few IPs.  Ports needed for remote control (Remote Desktop) 3389 should be open for only your home IP and or subnets that you frequently use.

Stop the window watchers

In real crimes of brick and mortar businesses.  Criminals will often conduct survalence of a target and then plan how and when they will make action.  Websites are the same.  Hackers will use compromised computers, and or proxies to sniff out websites for known weaknesses.  Many websites these days are running on template software like Word Press or Joomla.  However since using these frameworks is so easy its often used by new developers who don't have the coding skills to make a website on their own. They just set it up with the default settings without any worries of security.  They assume that Word Press is going to just handle all that for them.  The problem is these frameworks often use the same paths for admin access.  For most Word Press websites you can just goto /wp-admin, or /wp-login to get the login page.  Then use a dictionary to brute force you way into the backend.  If you are like me and you do not use Word Press you can assume that any request for Word Press related pages are bots and hackers sniffing out your site, and block these connections.

List of words to detect for blocking

Here is a list of terms I use for detection of bots and hackers that are up to no good.  If I find these words anywhere in the URL path, I immediately firewall the IP, which provides immediate protection to the 50+ sites running on my server.

wp-admin

Common admin access for Word Press websites

wp-login

Common login access for Word Press websites

/admin/

Common admin access for some template software

.php

file extension used in PHP websites. If you don't run PHP websites there is no reason to allow connections for it.

cpanel

Common server administrative controls for shared hosted websites

scripts

Common scripts directory

phpmyadmin

Common webadmin for mysql databases

mysqladmin

Common webadmin for mysql databases

/fckeditor/

Directory used for the FCKeditor text box control.

/editor/

Director used for textbox editor control

/manage/

Directory for admin controls of some websites

/include/

Directory for include files for some websites

/manager/

Direcotry for website manager

/wordpress/

directory for word press hosted websites

These are just a few of the terms I look for.  Detecting these and firewalling IPs that access them will help to cut down your exposure to hackers and bots.

Prevent websites from being browsed by the IP

Bots will often just incrementally go through IPs to see what IPs respond with what ports.  Then once they have determined which IPs are active they will start their attack.  If your IPs don't directly repond to requests and require host headers, this will greatly cut down your detection by bots and hackers.

Stop SQL injection

Check all Cookies, Form fields, and QueryStrings for terms commonly used in SQL statements.  Filtering them should be obvious, but its also a good idea to just firewall IPs that do this.  The more tries you give a hacker to find weaknesses in your site, the more likely they are to find one and exploit it.

Terms to search for in SQL injection

exec(

;--

=cast(

varchar

information_schema

table_name

1=

These are just a few terms I search for.  Also besure to look for single quotes as well. This is often the starting point when hackers are looking for places to try SQL injection.

Use Friendly Server Errors

Your websites should always provide User Friendly Server Errors that tell the visitor an error has occured.  You DO NOT want to show the visitor what the actual error was with details, as this can often be used by hackers to determine how your SQL queries are setup and how to customize their injection strings to work.

Block Rouque Countries

If your website is only serving users from a single country ( USA ).  It makes sense to block countries that tend to harbor hackers.  A great place to get a list of IPs for specific countires is IP Deny.

Recommended countires to block

  1. China
  2. India
  3. Russia
  4. Ukraine
  5. Iran
  6. Slovakia
  7. Afghanistan
  8. Vietnam
  9. Philippines
  10. Malaysia
  11. Nigeria
  12. Georgia
  13. Niger
  14. Singapore
  15. Thailand
  16. Iraq
  17. Taiwain
  18. Hong Kong
  19. Check Republic

Be careful who you block

Its always good to occassionally review the IPs that you are blocking.  This can help you identify new countries that you want to block completely from the server, but it can also identify false positives.  One thing you never want to happen is for your firewall to start blocking Google's Spiders.  The result is your websites ranking will start to drop.  

Performance Issues of thick firewalls

One thing to watchout for is too many rules in your firewall.  Each rule you add to your firewall is going to slow down requests.  Once you have several hundred rules with a couple hundred IPs in each, this performance hit can really add up.  This is especially true for older servers, with limited RAM and CPU power.  A slower server can also hurt your search engine rankings, as it is one of the factors Google takes into consideration.  If you server starts to slow down after beefing up your firewall it might be time for a new server.

Conclusion

Take your website and server security seriously! I know what I have stated above is just a broad explantion with little detail in how to impliment these solutions.  Those in themselves would be another article in the future.  I hope this helps others secure their websites and servers.


Permalink
2307 Visitors
2307 Views

Categories associated with How to protect your website from Bots and Hackers

Discussion

No Comments have been submitted
name
Email Needed to confirm comment, but not made public.
Website
 
 
When you Post your Comment, you'll be sent a confirmation link. Once you click this link your thoughts will be made public.. Posts that are considered spam will be deleted, Please keep your thoughts and links relavent to this Article