Today’s top trend on server management is security. Every day there are millions of attacks on webservers across the world. I dare to use the term “hacking” because typically they aren’t. Let’s take a quick look at the definition of “Hacking”. It’s defined as gaining access to (a computer file or network) illegally or without authorization. For instance, “The Sony E-mail Hack” was true hacking, because the hackers gained access to Sony’s network and stole private e-mails from top executives.
What happens more often to webservers isn’t (to me) defined as true hacking. What commonly happens are DDOS attacks, e-mail spoofing and code injection. This isn’t “hacking” as defined as above, it’s more childs play than anything. Basically, the “attacker” exploits server weaknesses to inject malware or spyware on a system, which then infects complete random computers. This is the lowest form of “hacking” and shouldn’t be given any credit because any person with a computer and very little know how can do these sort of deeds. However, this is the trend right now and it has been the trend for some time now.
Here’s an example of what most server administrators see on a daily basis. Basically an automated “bot” (short for robot) sends out a predefined series of commands to random IP addresses until it can successfully connect and upload it’s files to their system. The picture to the right was blocked and logged just today. As you can see, D2-Designs had a couple of options it could take once we were notified of the situation at hand. Keep in mind that the Origin Country plays absolutely no hand in these attacks because they come from all over the world, even here in the U.S. The example also shows us that they attempted to connect(unsuccessfully) to our FTP protocol to upload their files to one of our clients. What their “bot” can’t decipher is, we make our clients use complex passwords to log into their accounts, as well as complete random usernames. Sure, this information may give a potential attacker a hands up but trust us when we say “We’re watching our server.” Most attacks are stopped by our automated systems, but lets say for instance that an attacker was successful – they gained access and uploaded their files. This is why antivirus software was made! Every server administrator should use software, as well as every end user (you reading this are the end user in this case). Even antivirus software isn’t fool proof, eventually some sneaky code does get through. In this case you should always have a backup of your files. I always preach, backup your backups and then back them up. We’ve used backups before, though not due to an attacker “yet” but systems fail on their own from time to time. More than that(you server administrators), should have a system in place to restore your backups, because without that a backup is just a series of files taking up space. Most hosting companies (hopefully all hosting companies) offer some sort of backup for their users. Most companies make it the responsibility of their clients to back up their files, which is fine, except how many times have you heard that there are no backups?… Exactly …
Attacks like the one illustrated here are nothing more than words on a screen. They’re information and knowledge to the administrator. They tell you that “Hey, someone’s knocking .. They didn’t get in, but just so you know there was an attempt.” Use it to your advantage, take everything you can out of your logs and apply it into protecting your server. It’s not just a space on a hard drive for your clients, it’s their on-line home. It’s a place for the world to come and see them personally. You should take pride in trying to protect them from the intruders, don’t just expect them to have the skill set that you have and let them fend for themselves. I’m not saying every client is the ideal client, but guess what, they ARE YOUR clients, and they deserve the protection on your servers. I like to have the mindset that if this were my house and you’re not invited, don’t just come and try to barge into my place like you own it. The more clients you have, the more protection you and your staff should give them. Larger companies may have automated systems to check over their clients, which is fine I suppose but I like having MY eyes on my logs and files and clients.