Website and Server Administration Forum

**TRANZIT JIM** · 02-11-2010, 07:56 PM

There have been two sources of attacks upon webhostings in Australia of recent times.

#1, Those protesting against the Australian Government 'Clean feed' have been targeting Australian Government websites. Can not think of the name, but they overwhelm a server with way too many hits all at once. This crashes the server.

#2, A bunch of people from India, are protesting against the fact that Students from India who are in Australia for studies, are getting attacked as they walk the streets.

In attack #2, they hack into the server, Encrpt the data, then delete it. Costing the company over $100,000 AU to fix the damage.

What can webmasters do to protect against #2?

I understand that the Australian government has been getting smarter with #1, as they block an IP address if it is detected to hit too many times in an x amount of time.

However with #2, the only thing a webmaster can do is to choose a better server, one which will only let in HTTP Get, Head and Post messages. OR, to have all the HTML files stored on a seperate storage device. As I have all my website data stored on a pen drive.

But then you have the issue of all the customer provided data of which you can not keep updating all the time. So that bit will always be 'at risk'.

**chrishirst** · 02-12-2010, 09:50 AM

Quote:

Can not think of the name, but they overwhelm a server with way too many hits all at once. This crashes the server.

DDoS - Distributed Denial of Service or DoS - Denial of Service

Quote:

What can webmasters do to protect against #2?

Use complex passwords for accounts.
Keep up to date with patches and security updates.
Use jailed shell for any accounts that need SSH better still don't allow shell at all.

**dimensio** · 02-13-2010, 07:19 AM

Best way to protect against number 2, is to use a tool that restricts the IP range of accounts that login and only allow IP addresses from a certain geographic region.

All of australia may be too much, but its still a start.
Most government buildings will have a very limited IP range, so there you go.

if they did accidentally block the wrong IP, they can just ask the datacentre to type in a shell command to turn the protection off.

in WHM, you can do all of this through the security center . Also CPHULK will stop number1. I use settings 3,3,5

**FortressDewey** · 02-18-2010, 03:53 PM

And tell me you had a backup or there is a backup going on. Sorry to hear the issues you are having.

**TRANZIT JIM** · 02-19-2010, 12:08 AM

Lucky my Australian websites have not been hit.

But did hear radio reports where someone has had damage of $100,000 AU (close enough to that in USD) from these attacks.