Use Case: Actively inspect your website traffic and block hackers

The strength of ochSimpleFirewall is that it blocks abusers before they can abuse your website: when an abuser is caught on another website somewhere in the world, this abuser is placed on a list. ochSimpleFirewall reads and uses these lists to block these abusers from even entering your website!

But what if an abuser is not (yet) on a blocklist, or your website is the first he will try to hack?

This ad is inserted via ochCall2Action and displayed via ochAddAds
Looks like Google ran out of ads to serve... or do you have an ad blocker activated?

Challenge: How do I block abuse and hack attempts when not blocked by a maintained IP block list?

How do you handle visitors that are not 'marked' as abuser? They can visit your site like any visitor because they are like any visitor. What makes them a hacker or abuser is that they try to find and use weaknesses on your website. There are several ways that this can be done: by adding parameters to the url, by adding scripts to the request header, by modifying the user agent information that is sent with every request.

So it is best to block these users altogether so that they cannot try anything, but when that is not possible, they should be 'caught-in-the-act' and blocked based on their (first) abuse attempts.

Solution: ochSimpleFirewall Active Scanner

In the new version of ochSimpleFirewall I have implemented an 'Active Scanner'.

What this does is actively inspect every request to your server and test for the following weaknesses and exploit techniques:

  • Directory Traversal
  • HTTP Response Splitting
  • (XSS) Cross-Site Scripting
  • Cache Poisoning
  • Dual-Header Exploits
  • SQL/PHP/Code Injection
  • File Injection/Inclusion
  • Null Byte Injection
  • WordPress exploits such as revslider, timthumb, fckeditor, et al
  • Exploits such as c99shell, phpshell, remoteview, site copier, et al
  • PHP information leakage

The inspection rules come from: 7G Firewall > 7G is the seventh generation of a firewall/blacklist that comprises over a decade of research, testing, and development.

I have converted the 7G Firewall rules into PHP so that they can now be used by ochSimpleFirewall

All rules (more then a hundred) can be turned off when for example they lead to false positives.

The addition of the 7G Firewall rules into ochSimpleFirewalls 'Active Scanner' functionality makes this the most robust and feature complete Firewall solution for Joomla!

When an Active Scanner rule is triggered, the visitors IP address is automatically added to a (on-site) block list: this blocks the user for any further attempts or visits, not even allowed to override by the user!

Result: your site and your visitors will be safer!

This ad is inserted via ochCall2Action and displayed via ochAddAds
Looks like Google ran out of ads to serve... or do you have an ad blocker activated?


Interesting blog? Like it on Facebook, Tweet it or share this article on other bookmarking websites.

Written by
Pro-Blogger Top Blogger Thought Leader

With a solid background in ICT (operational, tactical and strategic) and years of experience in the community life, I see in communities and community thinking the future for companies.

This future requires another way of thinking and doing; both for executives and employees. It's not about me; it's about you. Your well-being and your (personal) growth.

'What comes around - goes around'

In the world of communities, the old 'management laws' no longer work and are even counterproductive.

I coach leaders and organizations in their quest for how new and servant leadership can contribute to communities and community thinking, and as a result to the growth of the organization.

I do this from the following initiatives:

 


Discuss this article

INFO: You are posting the message as a 'Guest'

Log In or Sign Up

Forgot your password? / Forgot your username?