After telling you about the creation of our Security system and the objectives we’ve placed ahead, today I will reveal its main protection mechanisms and what we do to constantly improve it.
The system has several components, which, working together, provide a very high security level. A level, that is, in our view, better than many of the currently available solutions and that saves our customers money on investments amounting to hundreds and sometimes thousands of dollars a month.
The Security system’s main components protect customers’ websites from the following attacks, as listed by their intensity:
- Protection against brute-force on WordPress and Joomla! administration panels. This also includes intelligent processing that allows us to protect the websites against complex distributed attacks, initiated by tens of thousands of IP addresses (those are usually infected computers or servers);
- Protection against brute-force attacks, using the XML-RPC mechanism of WordPress;
- Protection against different email-related attacks, including brute-force, mail relay attempts, etc.
- Protection against various WordPress exploits, e.g. „Arbitrary File Upload in Gravity Forms“, “WordPress Revslider Exploit” and many others. The protection is mainly related to different WordPress plugins;
- Protection against various Joomla! exploits – the most exploited one, for example in recent months, is „Remote Command Execution Vulnerability in Joomla!“, or as we at the office like to call it „DatabaseDriverMysqli“. This exploit damaged hundreds of thousands of Joomla! websites all over the world towards the end of 2015 and the beginning of 2016. Apart from that we also protect Joomla! websites from many types of attacks aimed at various system components.
- Protection against brute-force on FTP and cPanel services.
- Protection against more common web-based attacks, increasing the overall security level;
- Protection against exploits of popular eCommerce systems such as Magento, OpenCart, PrestaShop. For example Magento’s “ShopLift” bug or the uploadimage.php component of PrestaShop.
That list may not seem long. It is a fact, however, that many hours of research, development and optimization went into it. It is also a fact that one of the main requirements towards security systems is confidentiality, i.e. as much as I’d like to, I cannot reveal all technical details, because that would compromise the security level.
There is another security class, whose goal is to protect a certain customer, even if their WordPress or Joomla! passwords have been compromised. This type of protection is developed so that it scans data that is uploaded to customers’ websites and compares it against a huge set of specially created signatures. That way, any requests to upload infected or malicious data is blocked way before reaching the customer’s website.
Imagine you have a WordPress (or any other CMS) website. Somehow a malicious party has obtained the admin password (for example you have a virus on your computer or you’ve used unprotected Wi-Fi network). The hacker logs into the WordPress admin panel and tries to upload a malicious code (for example a shell) which will later on grant the hacker unlimited access to your hosting account. In most cases, however, our security system will not allow the hacker to do so, because it will establish that the information uploaded by the hacker is malicious, although the hacker may have logged in as a regular user.
Apart from the protections listed above, our system closely monitors for suspicious activities that are sometimes difficult to identify as malicious. The large number of websites we protect allows us to analyze the multitude of suspicious activities which, if combined, may become dangerous and must be blocked. In such cases we also protect our customers.
Taken in isolation, if you mistakenly type in an incorrect password for the admin panel in WordPress that does not count as a malicious activity. However, if a single IP address types in an incorrect password on several different websites and in the meantime tries to upload malicious software, then such IP address may be classified as malicious.
To be continued…