Tag Archives: firewall

Loading
loading..
security image

End Point vs. Cloud Firewall

August 4, 2017
Web Admin
, ,
No Comments

Why Choose a Endpoint Server based Firewall

As users of the WordPress platform for running your web server, you are fully aware that your choice’s are numerous, with some better than others.  This is also the case when trying to decide what type of firewall to protect our assets with.  For the most part, your choices fall into two categories; 1.  Server Based (endpoint) (Wordfence, All In One WP Security&Firewall) 2. Cloud based (Cloud Fare)

Both have some attractive features, but the Covered Data recommendation is that you seriously consider the use of a server based endpoint firewall such as Wordfence.  This version runs directly on your server and is directly protecting your website.  So, whether or not the Bad Guy is attacking the IP address or the domain name, you have protection.  With a cloud based system your attacker doesn’t have to attack the name (http://www.mywebsite.com), but can just attack the actual IP address that this name is assigned to or your server address on the internet.  This is an inherent flaw in the cloud based systems.

There are many other features of the wordfence firewall, such as deep integration with user level permissions, integration with .htaccess files, etc.  The interface is easy, and in its default install does a wonderful job of providing protection of your websites.  The more advanced features can get confusing, but in some cases are a huge benefit.  Using the advanced features is something that you can contact Covered Data about.  We can setup, monitor, and manage that part of the firewall for you at incredibly low monthly rates (no contract).

We have been involved in installing wordpress sites, wordpress firewalls, and recovering websites, for many years and would love to work for you.  Give us a call.

 

attacking bear

Websites Under Attack – Got you covered

April 12, 2017
Web Admin
, , , ,
No Comments

I wanted to take a quick minute and tell you about our night on the web last night.  As web security experts with a long history of protecting, building, and creating wordpress websites, we have seen a quite a bit, but last night was special.  A couple of the sites that we managed and protect came under a sustained attack for a couple of hours.  These attacks had our phones blowing up with alert notifications every couple of minutes for hours.  We are used to it, and really don’t mind that much.  That is because we have over the years, become quite good at protecting our sites, and trust in our partnerships and the system that we have in place.

The graph below show you the number of attacks from last night.

attack capture

24 Hour Attack

We would love to tell you that it was the Russians, and indeed that has been the case in the past.  This time however, the attacker was from an IP adddress in the United States.   The main site causing all the noise last night was from a US based IP address of :

162.211.152.3United StatesUnited States2,157

Our security systems allow us to block most of the traffic geographically.  So, if you don’t have customer in the United states why expose your site to the rest of the world.  That is one theory anyhow, and you have to make a decision for your company, your security policy, affects on search engines finding you, etc.  In this clients situation the only country that is open is the United States.  However, country blocking wasn’t enough in this past attack.

You have to realize that in today’s world, the IP address in the U.S., might be compromised and actually be a device controlled by rogue hackers from another country.   It is critical that you have a rock solid firewall implementation that is dynamically based on live intrusion attempts across the world.  That you also protect yourself and ensure that your website is up to date constantly, and have some ability to recover if you find your site compromised and are monitoring alerts as things are happening.  Remember, the internet doesn’t sleep.

Our system can help you sleep at night and ensure your sites are always available.  Contact us for a free consultation.  Heck, we will even update your site for  you free of charge.

CD

 

cd alert picture

Username Harvesting WP 4.7

December 12, 2016
Web Admin
, , ,
No Comments

We received a security alert this morning from our Web Application Firewall provider that addresses a vulnerability in WordPress that if exploited about will reveal the username and admin usernames on the system.

SUMMARY:

With the release of WordPress 4.7 a vulnerability now exists that all users should take immediate action to remediate.  While the update to 4.7 is a good thing and fixes several existing security issue, it also adds the REST API functionality to WordPress.  Again, this is a good thing, but does create a hackers ability to do the following:

http://example.com/wp-json/wp/v2/users

This will list all users that have published a post. It includes that user’s userid, username, gravatar hash and website URL.  This functionality either needs to be turned off completely or it is our recommendation, configure the firewall to prevent anonymous access and maintain the desired functionality of a the REST API.  Obviously this isn’t information that you want a hacker to have access to as it is half the battle with gaining unauthorized access.

REMEDIAL ACTIONS:

Our security team is recommending that all users upgraded to 4.7 and have our premium version of our WAF installed and configured immediately.  This will prevent hackers from using this functionality and gaining unauthorized access to your systems.

TO BE CLEAR:  All WordPress websites that are updated to the current version are vulnerable to this attack unless steps are taken.  Please contact us for a solution that will protect your site and increase your overall security profile.

Scott Barbour – Covered Data Founder/CEO

Layout mode
Predefined Skins
Patterns Background
Images Background