Knowledgebase : Security and Hack

If you ever feel that someone may be trying to break into your server or know an IP address that you want to block from accessing your server there is a built in firewall on all of our 2008 DDS servers. You can use this firewall to block either a range of IP addresses or a single address.

  1. Log into your server via RDP.
  2. Click on start > administrative tools > windows firewall with advanced security.
  3. On the left side of the firewall window click on the inbound rules option.
  4. On the right side of the screen click on New Rule.
  5. Click on the custom radio button and then click next.
  6. Make sure the All programs radio is selected then click next.
  7. On the protocol and ports options leave everything at its defaults and click next.
  8. On the scope screen you will see two boxes the top one is for local IP addresses and the bottom is for remote IP addresses. In this scenario we are trying to block an outside (remote) IP from accessing anything on the server so we will need to add the IP address to this section only as it will not be a local IP address.
  9. Click on the radio that says "these IP addresses".
  10. Click on the Add button.
  11. In the next window we will be adding a single IP address to the rule, you can also add an entire range at this point if you wish.
  12. Click ok, click next.
  13. Make sure you select the Block the connection radio on the next screen and then click next.
  14. Leave all of the options on the next screen checked this will be sure to block the IP no matter the connection they are trying to use. Click next.
  15. Name the rule on the next screen something you can remember in case you wish to remove or edit it in the future. Click finish and thats it.

Scripts in languages such as PHP, Perl, Python, ASP and ASP.NET can present security problems. However, you can take a number of relatively simple steps to improve the security of the scripts you run.

The examples below are geared towards PHP. However, the principles apply to all web scripting.

 

You are responsible for what happens using your web space. We may suspend your account if an insecure script allows third-parties to misuse our servers.

 

Form to mail scripts

Form to mail scripts allow people to fill out a contact, or similar, form on your website. Whatever they enter is then emailed to you.

They are regularly used by spammers, who hijack your script to send unsolicited email. Through a few simple checks, you can ensure that your form to mail script is only used by your website and sends to the email address you choose.

Suggestion: You can prevent most illegitimate use of your form to mail scripts by checking the referrer string of the page calling your script, before processing it.

 
SQL injections

For example:

If you dynamically create SQL statements, using parameters passed from a web form or parameters in a URL, you might use something similar to the following pseudo-code:

SQL = "SELECT * FROM users WHERE name = '" + userName + "';"

 

You might expect the userName variable to be just that, a username.However, if the username comes from a script input, such as a form field, a malicious user could type the following:

a'; DROP TABLE users;

When the script is executed, the SQL statement would become:

SELECT * FROM users WHERE name = 'a'; DROP TABLE users;

 

When the SQL statement is run, it would drop the user table from the database. A mailicious user could do almost anything that your database user's permissions allow.

You should:

  • use your scripting language's escaping functionality

  • use SQL variables, rather than concatenating scripting variables to create the SQL statement

  • limit the database user's permissions to those needed by your application. 

Overview

Creating and using strong passwords is an important part of your server/website security.

With Plesk 11, a strong password is required with your initial setup. These passwords are at least 8 characters long. Along with upper and lower-case characters, they require multiple occurrences of digits and special symbols. Such passwords provide strong protection from brute-force attacks.

Things to include

  1. At least eight characters.
  2. One or more of each of the following:
    • lower-case letter
    • upper-case letter
    • number
    • punctuation mark
  3. Lookalike characters to protect against password glimpses. Examples:
    • O as in Oscar and the number 0.
    • Lower-case l and upper-case I.
    • The letter S and the $ sign.

Things to avoid

  1. Words you can find in the dictionary.
  2. Passwords shown as "example strong passwords."
  3. Personal information, such as names and birth dates.
  4. Keyboard patterns, like qwerty or 12345. Particularly avoid sequences of numbers in order.
  5. Common acronyms.
  6. All one type of character - such as all numbers, all upper-case letters, all lower-case letters, etc.
  7. Repeating characters, such as mmmm3333.
  8. The same password you use for another application.

Memorable password tips

While passwords that are easy for you to remember are also less secure than a completely random password, following these tips can help you find the right balance between convenience for you and difficulty for hackers.

  1. Create a unique acronym for a sentence or phrase you like.
  2. Include phonetic replacements, such as 'Luv 2 Laf' for 'Love to Laugh.'
  3. Jumble together some pronounceable syllables, such as 'iv,mockRek9.'

Keep your password secret

  1. Never tell your password to anyone (this includes significant others, roommates, coworkers, etc.). If you need to grant someone access to your server, set up a separate username and password for that person.
  2. Never write your password down, especially not anywhere near your computer.
  3. Do not store your password in a plain text file on your computer.
  4. Never send your password over an unecrypted connection - including unencrypted email.
  5. Periodically test your current password.
  6. Update your password every six months.

When you visit a website on the Internet, the computer you use will find the address of the site using a system called DNS. If you are using your home computer to browse the internet, it will request each website address from your Internet Service Provider (ISP).

Dedicated and Virtual Servers are set up to search for this DNS information themselves. This is perfectly normal and is a commonly used feature for office or cloud networks.

There are two types of DNS queries that can be made to your server, which are as follows:

  • Recursive requests: With these requests your server will attempt to find the website in question in its local cache. If it cannot find an answer it will query other DNS servers on your behalf until it finds the address. It will then respond to the original request with the results from each server's query.
  • Iterative requests: With these requests the DNS server will attempt to find the website in question in its local cache. If it cannot find an answer it will not ask other DNS servers but will reply back to the original request with a single “I don’t know, but you could try asking this server” message.

Why are recursive DNS requests not recommended?

Servers that support this type of request are vulnerable to fake requests from a spoofed IP address (the victim of the attack), the spoofed IP address can get overwhelmed by the number of DNS results it receives and be unable to serve regular internet traffic. This is called an Amplifier attack because this method takes advantage of DNS servers to reflect the attack onto a target while also amplifying the volume of packets sent to the victim.

A consequence of this activity is that third party Network administrators who detect these requests may block your IP addresses.  Your server could even be placed upon DNS blacklists.

What happens if I turn off Recursive DNS lookups on my server?

If your server does not enable recursive DNS lookups, it will simply treat any such requests as an iterative DNS inquiry. It will remain as a DNS server, but will no longer be useful to attackers in part of an amplified attack on a victim.

How do I turn off Recursive DNS lookups?

Within the Plesk control panel:

Step 1: Log into your Plesk Control panel and click on Settings in the left hand menu.

Step 2: Click the button marked DNS Recursion Settings.

Step 3: Select Allow for Local requests only and click Set.

This will stop third parties from receiving recursive DNS requests from your server.

For Windows not using the Plesk control panel:

Open the command line and enter the following command:
dnscmd <Server name> /Config /NoRecursion 1

Replacing <Server name> with the name of your server.