Server Security

[darb]

As many here probably also do, I have malicious traffic from a few hundred domains all focused on one point.

I am running an addon to wordpress with all of my for sales parked on my main site. I am far from an expert, pretty much a noob actually but feel that I have WP pretty hardened but am still concerned.

Tucking in under cloudflare with my main won't do much because that will only be one of hundreds of the traffic sources. And since CF dropped blocking countries it isn't that great for general anymore.

On another unrelated site I am using geo enable nameservers and dropping all traffic outside of north america, but again need a workable solution that includes a few hundred domains.

Anyone got any tricks?

 

[Peter]

Without knowing how it is hosted it is pretty hard to give any advice.

The obvious (especially considering it is a Wordpress site is:

1. Remove any unnecessary plugins
2. Ensure wordpress is kept upto date
3. Ensure plugins are kept upto date
4. Disable any features that are not required. For example comments, just because you hidden them on a site does not mean they cannot be used (and to that end abused). Most exploits are scripted so they dont even look to see if comments display
5. Identify the better security plugins, cant remember the name of them but I do remember there was 1 that will sanitize parameters and identify potentially malicious requests.
6. Make sure accounts are minimised (i.e. dont have excess accounts)
7. Disable signups if they are not required
8. Minimise what users can do if users are required
9. Ensure the admin password is long and uses the normal password complexity rules
10. Reduce/remove single sign on type logins for privaleged users
11. Use HTTPs if possible

If it is hosted on a VPS or a dedicated server

1. Make sure server software is updated (kernel, apache, mysql etc etc)
2. If using IPTables or another firewall ensure only relevant ports are open (80, 443, 25 is you use email etc). For example there is no need to have 3306 open, your database is likely on the same machine and you really shouldnt allow things to connect directly to it over the internet, if you do use software to manage it on your local machine configure an SSH tunnel therefore MySQL can still only be contacted locally.
3. Remoe unnecessary services, for example does cups really need to b running?
4. If you are adept with managing a server dispence with cPanel or other such software, they are a security nightmare.

These are far from exhaustive but are pointers

 

[poweredbyme]

As many here probably also do, I have malicious traffic from a few hundred domains all focused on one point.

I am running an addon to wordpress with all of my for sales parked on my main site. I am far from an expert, pretty much a noob actually but feel that I have WP pretty hardened but am still concerned.

Tucking in under cloudflare with my main won't do much because that will only be one of hundreds of the traffic sources. And since CF dropped blocking countries it isn't that great for general anymore.

On another unrelated site I am using geo enable nameservers and dropping all traffic outside of north america, but again need a workable solution that includes a few hundred domains.

Anyone got any tricks?

CF has never dropped blocking countries. Geo enabling nameservers will not stop attacks to the server IP(s). Firewall rules can block those attacks and some software can block brute force attacks. Server security is a huge concept to explain in a few sentences or paragraphs.

 

[tonyk2000]

@darb Are you on a shared hosting or Dedicated Server / VPS? An answer depends on the environment you are using...