Website Security

We take website security seriously and do everything we can to ensure the safety of every site we build. Just like with email spoofing, attacks on websites are on the rise. I’ll share some ways to ensure the security of your site, or if you don't want to worry about it, give us a call and let us handle it.

SSH

If you are running Linux or a Unix-like operating system (BSD) on your server, then you should be using SSH. Most shared hosting companies still let their users connect via FTP, an insecure protocol for transferring files, which is concerning.

SSH (Secure Shell) is a way for you to connect to your server using encryption between the client and server. SSH inhibits an attacker’s ability to eavesdrop on your connection to the server. You can use SSH to do the following:

• Copy files to the server via rsync, SCP, and SFTP
• Get shell access on a remote server
• Forwarding or tunneling a port
• Tunneling X windows to the local computer

By default, SSH usually uses a login/password combination to grant you access to the server, but there is a more secure way. Using SSH keys can make brute force attempts theoretically impossible. We primarily use a 4096bit RSA SSH key since people are still suspicious of ED25519. Also, all of our SSH keys are encrypted using AES 256 CBC.

Firewalls

There are several different types of firewalls, and each has merit. Most cloud providers offer a firewall that allows you to configure what ports, IP addresses, subnets, etc. are allowed to pass. We use these firewalls to restrict SSH access to our local network's static IP address, which minimizes our attack surface.

A website requires that we allow the public to connect to the server on a couple of ports, such as port 80 and port 443. Connections to port 80 always redirect the user to 443, which is an encrypted connection using TLS. With tools like iptables, fail2ban, and ModSecurity, we can use the server firewall to block attacks on the application layer.

In addition to these firewalls, we also utilize Cloudflare. Cloudflare acts as a Content Delivery Network (CDN), reverse proxy, Web Application Firewall (WAF), and more. Using Cloudflare's reverse proxy can prevent attackers from obtaining our server's IP address. Their WAF may see a new attack on a site, find a way to block it, and then deploy those rules for your site without you ever having to do anything.

Case Study

Recently, one of our clients was getting attacked every day and hacked every other day. We were able to help mitigate the attacks so the client could maintain their web presence. Within the first week, the site had over 23,000 unique visitors, 1.3+ million requests, and we blocked over 6,400 attacks.

After moving their site to a new server, cleaning up the code, and using the techniques above, they now have a secure website. In the last month, they've had over 25,000 unique visitors, 1.3+ million requests, and have only seen 741 threats.

Conclusion

Keeping our network secure, restricting access to our servers from only our IP, and using SSH keys that are encrypted are just some of the ways we help maintain secure websites. We also keep up-to-date on security vulnerabilities in software to ensure our code is secure. So if you care about your website and need some help, give us a call.