Blog Header Banner

Archive for the ‘ddos’ tag

Network Security – Does It Matter If I’m In The Cloud?   no comments

Posted at Oct 7, 2014 @ 9:09am internet security,turnkey cloud

network-security-in-the-cloudJeremy here again with another post for you this week. Today, we will be covering security. Namely, network security. Now, if I ask you, what exactly is network security, what would your answer be? If you’ve been in the hosting industry or Information Technology field for extended period time, you have no issue answering that question. However, for most readers, they may not be 100% certain on what exactly a network is and how it affects your hosting. For this article, lets first start with what exactly a network is in terms of your website and then we will get into securing that network so without further ado…

 

What is a network?

 

If you’re reading this article, more than likely, you’re on a computer connected to the internet. The computer that you’re reading this article on is more than likely in a local network. Before we get too carried away, lets define what a local network is. Directly from our friends over at Wikipedia:

 

http://en.wikipedia.org/wiki/Local_area_network

 

A local area network is a computer network that connects computers within a limited range such as homes, schools, libraries or office building. To ground the idea further in your mind, lets say that you have purchased a desktop PC, a laptop and have a cellphone from your local electronics store. You also purchased a router as well. Your router is a piece of networking technology that creates a local area network for your home and then allows you to connect to the internet. When your devices connect to the router, it places them into a local area network. This allows the devices to communicate with one another. It also allows them to communicate with the rest of the world via the internet.

 

You have different types of networks such as a WAN or Wide Area Network. This network is a much larger type and usually covers broad areas such as a college campus or metropolitan area. Now you may be asking, what does this have to do with my website? Well, glad you asked. You see, when you purchase hosting from Turnkey Internet, you’re paying to host your site on our network. This is what people generally mean when they purchase hosting. They are paying a provider to be included in their network and give their website a home.

 

As you have already gathered, if something was to go wrong with the network, your site may go off-line. This leads us to our next topic

 

Why do I need to secure my network?

 

If you are hosting in the cloud – you still connect over your network.  While cloud hosting from Turnkey Internet lets your be assured that your site is on a network that has multiple layers of network security, however, this article isn’t about securing our network at Turnkey Internet, but how you can take some preventative steps to secure your own network. Maybe you have a dedicated server and you’re managing the server yourself. Knowing how to secure the network your server is located on goes a LONG way to ensure you’re providing your customers with a top notch website.

 

You may thinking, well what do I need to protect my network from? Many network security threats spread over the internet with most common including:

 

  • Viruses, worms and Trojan horses
  • Spyware and Adware
  • Zero-day attacks
  • Hacker attacks
  • Denial of service attacks
  • Data interception and theft
  • Identity theft

 

While this is no way an all inclusive list, those items listed above are the most common type of network threats you will find on the internet. Now some of those attacks have to be mitigated at network level such as Denial of Service attacks. You can read about denial of service attacks below:

 

http://en.wikipedia.org/wiki/Denial-of-service_attack

 

Some of the other network attacks you can help mitigate at a server level which you can read about below

 

How do I secure my network?

 

In order to truly secure your network, you must understand that there is no one single solution that will protect you from every threat listed above. In fact, a highly secure network has multiple layers of security. If one layer fails, another layer just takes its place. Network security is best accomplished through hardware and software.  The software should be updated in regular intervals to ensure that you’re running the most up to date version. Ideally, a network security system will contain many parts with all parts working together.  This helps to ensure maximum security and minimize maintenance and improve security.

 

Your most common type of network components are listed below:

 

  • Anti-virus software
  • Malware detection
  • Firewall that blocks unauthorized access
  • Intrusion prevention systems that will identify fast spreading threats such as a zero day attack
  • Virtual private networks(VPN) setup to provide secure remote access

 

If you have a few or all of those components working together, you will help ensure your network remains stable. Effective network security targets a variety of threats and stops them from entering or spreading through your network. This will protect the usability, reliability, integrity and safety of your network and data.

 

Here at Turnkey Internet, we have multiple layers of network security. From our DDOS protection system which monitors our entire network and instantly notifies us of a DDOS attack. We also install and configure firewalls on all of our shared servers. We run daily malware detection scans as well as constantly update software to ensure we’re protected from the latest threats. Doing these things helps us to provide a secure and reliable network for all our customers. It may be time you invested in your own network security.

 

Until next time…

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by Jeremy on October 7th, 2014

Tagged with , , ,

Is your wordpress web site under attack? Over 90,000 hacker bots may be knocking on your door!   no comments

Posted at Sep 12, 2014 @ 9:50am Web hosting

wordpress-site-attackHowdie do Turnkey Lovers,

 

I have a quick question for you, have you ever heard of wordpress? My guess is since you’re reading this blog, you’ve heard of wordpress any may even be using on your own website, but for those who are first time readers, I will give a brief overview. Here is a quick overview from WordPress.org:

 

WordPress is web software you can use to create a beautiful website or blog. We like to say that WordPress is both free and priceless at the same time. The core software is built by hundreds of community volunteers, and when you’re ready for more there are thousands of plugins and themes available to transform your site into almost anything you can imagine. Over 60 million people have chosen WordPress to power the place on the web they call “home” — we’d love you to join the family.

 

WordPress is one of the most popular site building pieces of software currently on the internet. Sure, you have Joomla which is almost the same as wordpress, but has slight differences with its configuration. For this article, however, we will be focusing purely on wordpress. As you can see in the overview above, over 60 million people have chosen to use wordpress  which is quite a large pool of users on the internet. Now, what if someone decided to launch an attack on wordpress based sites? They would have a pretty large base of users to attack and could affect hundreds or possibly, thousands of websites. Well, this attack has already happened and still running at this very instance.

 

On an off for the last few months, A botnet of over 90,000 machines, has been attempting to globally brute force and hack into wp-login.php which is the file that WordPress users use to login to WordPress. The attack is sending thousands of requests at one time to attempt to login to your WordPress installation via wp-login.php in an attempt to gain access to make it part of the growing botnet. To shed some light on what a bonet is, directly from Wikipedia:

 

botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks. This can be as mundane as keeping control of an Internet Relay Chat (IRC) channel, or it could be used to send spam email or participate in distributed denial-of-service attacks. The word botnet is a combination of the words robot and network. The term is usually used with a negative or malicious connotation.

 

Well, you may be wondering, if I have a site on a server with Turnkey Internet, how are my sites being protected?  Since day 1 of the wide scale attacks,  we’ve enabled a server wide ACL that blocks all access to wp-login.php unless the IP is whitelisted. This ACL or access control list, keeps the attack at bay. Due to the fact that the botnet is targeting wp-login.php directly, we can deney all access to users we specifically allow. When the attack runs, our servers return a 403 page and the attack moves on. You may be saying, “Sure, that works, but is there anything that I can do as a client on my end to help relieve the attack?’

 

Listed below is the recommended code that you add to your sites .htaccess file in your public_html folder to add an extra layer of security (you’ll need to edit ‘example.com’ to be the domain you are setting it up on):

 

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteCond %{REQUEST_METHOD} POST

RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php*

RewriteCond %{HTTP_REFERER} !.*example.com.* [OR]

RewriteCond %{HTTP_USER_AGENT} ^$

RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]

</ifModule>

 

This in conjunction with our ACL will prevent the attack from affecting your site(s).

 

Additional recommendations:

-Changing your default admin username for wp-admin to a different username as the attack is specifically targeting the admin username.

 

-Placing a browser-based password on wp-login.php

 

The link immediately below will explain how to do this:

http://codex.wordpress.org/Brute_Force_Attacks#Password_Protect_wp-login.php

 

Additional information about the attack can be found here:

http://blog.skunkworks.ca/brute-force-attack-targeting-sites-running-wordpress/

http://www.inmotionhosting.com/support/news/general/wp-login-brute-force-attack

 

Using the tips we’ve provided above, this will help to keep the attack from affecting your site. It will also increase the security of your wordpress based site as well. We hope this will help all clients and not just those at Turnkey Internet, but any client globally who may be having issues with the wordpress attack on their sites.

 

Until next time

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by Jeremy on September 12th, 2014

Tagged with , , , , ,

The Adventures of The TurnKing – The Shield of Norton   no comments

Posted at Oct 21, 2013 @ 10:25am TurnKey Kronicles

The Adventures of The TurnKing!

TurnKing_Vol4-01After being abducted by the deadly Ban-dits, Vint and Leif safely continue their journey. This time around they need to get a special shield in order to kill off the DDoS Dragon!

Past Volumes

TurnKing_Vol3-01

Volume 3

In honor of Leif Erikson Day yesterday, we would like to introduce Volume 3 of our TurnKey Kronicles! In this volume, Vint and his sidekick Lief are off on their journey to stop the DDoS Dragon from destroying their city, Cloudtopia. They run into a minor technical difficulty, where they are greeted by some unfriendly travelers.

TurnKing_Vol2-01 (1)

Volume 2

Young Vint and his friend Leif go to the city’s merchant to see if they can get some weapons to fight off the evil DDoS Dragon and it’s bots. The merchant gives them a magical firewall and explains to them that this is not all they need! Check back next week for chapter 3 of this epic tale!

TurnKing_Vol1-01

Volume 1

Young Vint dreams of saving his town from a DDoS attack by the DDoS Dragon and his bots! Check back next week for chapter 2 of this epic tale!

 

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

The Adventures of TurnKing – The Information Superhighway   no comments

Posted at Oct 10, 2013 @ 10:33am TurnKey Kronicles

The Adventures of TurnKing!

TurnKing_Vol3-01

Volume 3

In honor of Leif Erikson Day yesterday, we would like to introduce Volume 3 of our TurnKey Kronicles! In this volume, Vint and his sidekick Lief are off on their journey to stop the DDoS Dragon from destroying their city, Cloudtopia. They run into a minor technical difficulty, where they are greeted by some unfriendly travelers.

Past Volumes:

TurnKing_Vol2-01 (1)

Volume 2

Young Vint and his friend Leif go to the city’s merchant to see if they can get some weapons to fight off the evil DDoS Dragon and it’s bots. The merchant gives them a magical firewall and explains to them that this is not all they need! Check back next week for chapter 3 of this epic tale!

TurnKing_Vol1-01

Volume 1

Young Vint dreams of saving his town from a DDoS attack by the DDoS Dragon and his bots! Check back next week for chapter 2 of this epic tale!

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

CyberBunker vs. Spamhaus becomes CyberBunker vs. Internet   2 comments

Posted at Mar 27, 2013 @ 4:03pm News,tech news

Piracy Attack Key

If you are reading this article, chances are good that you have not been affected by what some are calling the “biggest attack ever” on the Internet… That, or you really like our blog and decided to wait for this page to load. Either way, let me tell you a little bit about what is happening!

According to sources such as The BBC and The New York Times, between March 15th and the 19th, a Dutch online hosting company, CyberBunker, began an all-out cyber-attack. This has affected the speed of the Internet for people globally. The attack began on Geneva-based spam-fighting group, Spamhaus, because of a supposed “black-listing”, and has even reached the United States.

CyberBunker, who is known for hosting anything that is not “child porn or terrorism-related,” was apparently added to Spamhaus’ list of companies who are said to distribute “spam”, in a wide variety of different ways, shapes, and forms. Because of CyberBunker’s lenient terms of services, Spamhaus believes that entities are able to flood the Internet with spam, without much difficulty.

CyberBunker—who, interestingly enough, is based out of an old military warfare bunker—retaliated with a Distributed Denial of Service, or a DDoS,  and has flooded tons of traffic to Spamhaus’s Domain Name System (DNS). A DNS links websites’ domain names with their IP addresses, and while the attack is flooding their system, websites are globally becoming increasingly slow to get to. It has been said that these attacks have reached up to 300 GB per second, while most major attacks have been around 50 GB per second.

Netflix has seemed to be the largest company affected by this attack, but the Internet in general may be a little bit slower, mainly in Europe. While Spamhaus has over 80 servers all around the world, they have been able to fight this attack with the help of a few other companies—One of whom is Google, actually.  While this is certainly not the end of the Internet, it has been the largest DDoS attack ever reported, and an issue that may become more of a concern to many large companies moving forward.

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by Dylan on March 27th, 2013

Tagged with , , , , , ,

Avoiding Denial of Service (DoS) attacks and DDoS Distributed Attacks   no comments

Posted at Aug 14, 2012 @ 9:16am Web hosting

I wanted to talk you about a common concern and questions I constantly receive on our sales chat. DDOS’s or Distributed Denial of Service Attacks. Everyone from resellers, to cpanel basic hosting, to dedicated servers all the way down to virtual private servers or VPS’s.

 

All users are looking for a host that can provide them some protection against these DDOS attacks. Now, before we can provide protection from these attacks, it’s probably best that I educated you on what exactly a DDOS attack actually is. Let’s go to our good friend Wikipedia and see the definition they supply:

 

In  http://en.wikipedia.org/wiki/Computing computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a  host connected to the Internet.

 

Now how perpetrators do this specific attack varies greatly. We will go back to our great friend of Wikipedia to get a few different ways that people attempt to take down your web site or cloud sourced server:

A DoS attack can be perpetrated in a number of ways. The five basic types of attack are listed as :

1.      Consumption of computational resources, such as bandwidth, disk space, or   processor time.

 

2.      Disruption of configuration information, such as routing information.

 

3.      Disruption of state information, such as unsolicited resetting of TCP sessions.

 

4.      Disruption of physical network components.

 

5.      Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

 

I like to think of a DDOS like this:

.         Hacker/Cracker/Perpetrator decides another website needs to go for some reason

.         Hacker/Cracker/Perpetrator selects his favorite method of doing so.

.         Hacker/Cracker/Perpetrator commences attack such as 1 billion ping requests to server

.         web sites are beginning to slow down or appear offline

 

 

From the web hosting side of things – the provider will often see

.         Load spikes on server

.         Bandwidth graphs spike

.         Customers open ticket on how they’re sites are down or going slower than usual

This process can repeat unless the hosting company takes preventative measures. This brings us full circle back to the original issue customers usually ask when signing up for Turnkey Internets services: Do you have protection against DDOS attacks.  This is a common question today – as DDOS is a common issue facing everyone (even if you aren’t the victim of an attack, chances are your web site or corporate server is on a network, or datacenter that had someone being attacked!) needs to be aware of.

The answer to this, an emphatic YES from TurnKey.  But you need to make sure any host company you work with can answer this, and in detail.   You see, many host companies lack the scale, size and control to secure both the web site, server, and network to provide a true DDOS solution.  At TurnKey we have protection built into our web hosting services such as CloudLinux which will throttle an account when it’s using too many resources, – as well as application level (web based evasive protocols to weed out attackers traffic from good traffic), and we also have protection on our network layer, firewalls – and all the way up to our edge network to blackhole attacks from ever reaching your server, or web site.

You see, there are many types of DDOS attacks, such as a bot sending waves of traffic to another host(bandwidth flooding), or connection flooding (opening too many port requests to the web daemon at once to a specific ip address), and many other sophisticated methods.  Most hosting companies can address the application and server level, but rely on a middle man (their datacenter) to then get involved to help block the big attacks at the network level.

This is where our the design  of Turnkey’s network comes into play. The design of the Turnkey network allows us engineers, to block the attack before it enters the core where the attack is designed to go. Since we have different cores, we can block the attack before it enters the core, which essentially blocks the attack on the switch the server is connected to.  This gives you the best possible protection – compared to say your average hosting company who has to call up their datacenter or upstream carrier, ask for help, and wait for them to manually help them.

This is one of the glorious perks of working at Turnkey Internet. We will have a problem and come up with creative solutions to common problems every hosts face.  While DDOS attacks continue to evolve, and grow – the one thing that remains constant that good security minded staff at your hosting company are a must have!

Until next time Turnkey Lovers.

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by Jeremy on August 14th, 2012

Tagged with , , ,