Are anyone else's websites under attack?

[motion]

I block all IP addresses outside of the U.S.

[tdw28210]

Everyday I get messages about attacks on my site listed below. Usually Russia, sometimes France and occasionally within the US - assuming no IP spoofing.

[RKDinOKC]

Yep, hacker bots trying to spawn spam are as bad or worse than spammers themselves.

Host my own servers on a Cox Business account and they do a very good job of monitoring security and keeping the hackers a bay.

Only had two incidents. A couple of users were using really out of date email clients and their SSL got hacked for their password. Got informed by Cox Business security team within the hour and they blocked the hackers IPs. Changed the accounts passwords and forced users to get new email clients and all is well.

[stealthn]

Your best bet is defense in depth; Cisco ASA's with Firepower are now awesome, put some F5's or Netscalers behind them (DMZ) to front the servers and put AMP for Endpoints along with AV on the servers and you should be good from DOS, Malware, etc.

I am pushing to get it mandated that ISP's & government agencies get involved and block at the source; they are already reading our email and watching to see if we are downloading movies, so why not do something useful instead.

It doesn't help that all governments are part of the problem as well.....

[Scott R]

Don't overthink this, move your site to Amazon and change elastic ip's every few months. Expensive hardware solutions like ASA, and Palo are not conducive to the little guy.

[stealthn]

Amazon and Azure are just as likely to be targets as private systems, that's why they offer virtual protection systems like F5 etc.

[Scott R]

Quote:

Originally Posted by stealthn

Amazon and Azure are just as likely to be targets as private systems, that's why they offer virtual protection systems like F5 etc.

But for pennies you can change IP's then reroute with R53. And they do a damn good job on their side preventing DDOS and a lot of other bad stuff.

[cstreit]

Got compromised one time... Wasn't sql injection it was an exploit of the open source I was running. They were able to get a pic file in a temp directory and used it for mass spamming. 5 years later our url is finally free of most email blacklists.

I know have a daily scan that checks all core files and file counts and alerts me if anything changes.

[stomachmonkey]

Quote:

Originally Posted by cstreit

Got compromised one time... Wasn't sql injection it was an exploit of the open source I was running. They were able to get a pic file in a temp directory and used it for mass spamming. 5 years later our url is finally free of most email blacklists.

I know have a daily scan that checks all core files and file counts and alerts me if anything changes.

Did you request delisting?

I have one client who used to get blacklisted every other month.

Took all of 15 minutes of work to get them delisted from SORBS in 3 days or less.

[Brando]

After reading this thread now I want to move all my hosting to rackspace or bluehost.

[stomachmonkey]

Quote:

Originally Posted by Brando

After reading this thread now I want to move all my hosting to rackspace or bluehost.

Rack space is fine.

Bluehost will work if you like having your IP range regularly blacklisted.