Author Topic: Sercuring website access  (Read 394 times)

0 Members and 1 Guest are viewing this topic.

Offline tmabell

  • Senior Contributor
  • ****
  • Posts: 273
Sercuring website access
« on: June 08, 2019, 09:33:58 AM »
With the recent issues discussed in previous threads regarding bots, etc. I have wondered what else we can do to block unwanted access to our servers.  In perusing my logs I see a lot of unwanted "POST" requests that are obviously made with malicious intent.

I've read the ideas discussed to deal with those here https://perishablepress.com/protect-post-requests/ but wondered how many of the scripts I use will need to be whitelisted.  My contact form is one but what others if any from Ken, Steve, Jerry, etc. would need to be whitelisted?

Perhaps that question is too general.  Does anyone have any ideas, thoughts or suggestions?  I am running an Apache server.

Offline txweather.org

  • Forecaster
  • *****
  • Posts: 1526
    • Texas Weather
Re: Sercuring website access
« Reply #1 on: June 08, 2019, 10:52:58 AM »
I use ZB-Block.
But TBH, I do not worry about it too much as I don't host sensitive data.

----
Davis Vantage Pro2 Plus +FARS|Meteobridge Nano SD|Meteohub|Meteobridge MR-3020|WU KTXSPRIN75/PWS JRARGWX75/CWOP EW2972/WBB TXWDVUE75/Blitzortung ID: 1142|AWEKAS: 12095
Donations are welcome: https://paypal.me/ffuentesb

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 7498
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: Sercuring website access
« Reply #2 on: June 08, 2019, 12:56:23 PM »
It's true that most of the POST type accesses are likely miscreants trying to suborn your site -- they try to leverage WordPress/Drupal/Joomla CMS vulnerabilities on older versions/plugins to achieve an access point.  I don't run those CMS on my site, so the POST attempts just get 404-not found and there's no need to block them.. their attempts don't work.  Since the attempts come from a wide range of IP addresses, it's a whack-a-mole game that I don't want to play.

The majority of my scripts will use GET mode (on URL arguments) -- the contact form is the exception.. it uses POST mode.

I have found that stringent software blocks like ZB-Block or others can lead to slow site response and false-positives to deal with.  If you are running a site that has no software that allows user upload and you have allow_url_include = no; that your site is likely secure enough against what the miscreants throw against it via either GET or POST mode URLs.  If you're on a shared server, you are far more likely to be hacked by sitemates who have sloppier security practices or a non-mainstream hoster with poorly configured inter-user file permissions.
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis VP1+ FARS, Boltek-PCI/NexStorm, microSferics ToA, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge/hub
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline tmabell

  • Senior Contributor
  • ****
  • Posts: 273
Re: Sercuring website access
« Reply #3 on: June 08, 2019, 01:14:48 PM »
Thanks very much for the insight!

Offline txweather.org

  • Forecaster
  • *****
  • Posts: 1526
    • Texas Weather
Re: Sercuring website access
« Reply #4 on: June 08, 2019, 01:42:37 PM »
I have found that stringent software blocks like ZB-Block or others can lead to slow site response and false-positives to deal with. 

This is 100% True as I have issues with my site slowing down in the past. Right now I have it disabled due to an issue with an upgrade.

----
Davis Vantage Pro2 Plus +FARS|Meteobridge Nano SD|Meteohub|Meteobridge MR-3020|WU KTXSPRIN75/PWS JRARGWX75/CWOP EW2972/WBB TXWDVUE75/Blitzortung ID: 1142|AWEKAS: 12095
Donations are welcome: https://paypal.me/ffuentesb

 

anything