How do you protect your site from malware, zero-day exploits, etc?

A systems administrator here. I’ve been using web application firewalls to protect websites, but I see a lot of webmasters still preferring to rely on plugins, etc. to keep their sites secure.

I feel wide spread attacks such as the recent GuruIncSite infection attacks are best blocked through a firewall.

What’s your opinion? Which tools do you use?

Best protection is to keep all software and scripts updated. After that fail, then tools like mod_security and firewall can help you.

jraitamaa,

Yes, keeping sites patched is the best, but what about zero-day vulnerabilities? Or a vulnerability in an underlying frame work (like Zend, CodeIgniter, etc.) where you need time to upgrade?

I think the best option is to keep all software’s and scripts updated. Some tools like mod_security and firewall can also help you in these cases.

1056,

IMHO, it’s best NOT to rely on “canned apps” to find their own flaws and update in a timely manner (and assume that you find the updates immediately and update/patch even faster). Add to that the simple fact that “canned apps” plugins are hardly vetted at all, that seems like a prescription for being hacked.

Build your own website using secure coding practices, to me, is the only way to go. If you still get hacked (even with VERY strong passwords), then you know who to blame for slack coding.

Regards,

DK

dklynn,

Yes, most widespread hacks are targeted on canned apps. So, writing an app yourself is the safer way, but what’s the defense against new vulnerabilities in the framework itself? For eg., several vulnerabilities get dicovered in frameworks such as CodeIgniter, Zend, etc. In such cases it is often difficult to upgrade a custom coded website. What is the defense in the time period between the discovery of a framework vulnerability, and a website upgrade?

My feeling is that a Web App Firewall is a necessity. What do you think?

1056,

Writing an app yourself is only safer IF you area good coder, i.e., you know how to make code invulnerable to the standard (and more) attack vectors (cross site scripting, SQL injection, etc) AND use VERY strong passwords for access via FTP or your cPanel. In other words, if you are an amateur (you do not appear to be one), then there is little hope for you to make your website invulnerable.

I’m afraid that I do not know the average/minimum time between release of an update (of any canned app) and when its vulnerabillites are discovered) BUT I’m sure that script kiddies are far faster at reading the black site hacks on canned apps than the canned app coding team (not to mention the time it takes them to generate and post a patch AND the time for the patch to be discovered and implemented). I’m sure, though, that the hacking community can post hacks for script kiddies to use to attack canned app websites than the developers can post patches.

Web App Firewall? Wuzzat? That sounds like a plugin for a canned app which allows yet another attack vector.

As for me, I prefer tight coding with checks on ALL input (and VERY strong passwords) to ANY canned app. There is a bit more coding effort involved but the script kiddies are eliminated by the checks employed.

“There is no rest for the wary” but it still beats rebuilding a website from scratch for the lack of timely patches.

Regards,

DK

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.