Return of the Script Kiddies
For the last few months, the JP Software web site (https://jpsoft.com) has been coming under increasing daily attack from a variety of inept hacker wannabes. Primarily originating in China, they’re perpetually attempting to gain root access to the server, or admin access to the mail server.
Just why they’re trying to do the former is a mystery (unless it’s just for the sake of random vandalism), since we don’t keep any customer records or credit card info on the server, and we’re not promoting any political agenda. Even getting access to the mail server seems pointless, since it’s easy enough to find ISP’s willing to let you spam everybody in creation. Fortunately, thus far their stupidity in selecting targets has been matched by their ineptitude in executing the attacks. Other than a couple of brief DOS slowdowns, they haven’t succeeded in causing any harm or gaining access. But they are persistent, so I decided it was time to harden the target a bit.
The first thing was to install a firewall on the server. We have a VPS through KnownHost, and although I was a bit surprised to find that we didn’t have a firewall installed by default, it was a simple process to add csf/lfd to the server. That action alone has eliminated almost all of the mail server attacks by blocking (permanently) anyone with multiple rejected login attempts.
The next step was to add a proxy in front of jpsoft.com to try to filter out at least some of the web-based attacks. After experimenting with several alternatives, we settled on CloudFlare. CloudFlare originated from Project Honey Pot, and it can identify and block a variety of threats including comment spam, email harvesting, SQL injection, cross-site scripting, and (non-cataclysmic) DOS attacks. All of the HTTP traffic passes through CloudFlare first, and if the request is deemed valid and the data isn’t already cached in the CloudFlare datacenter, it’s passed on to the JP Software server for processing. A happy side-effect of CloudFlare is that it also acts like a CDN, which results in the JP Software web site loading about 40% faster than before! There is a free version of CloudFlare which offers some security and most of the speedup, but we went for the Pro version ($20/month) which adds more security (and a bit more speed).
End result? Thanks to some stubborn (but silly) Chinese teenagers, JP Software has a more secure server that is running our web site about twice as fast as before.
If anybody has suggestions for further steps we could take, or if you have questions about our CloudFlare experiences, let me know.