Tag: web-security

  • New features added to Malware Web Scanner

    New features added to Malware Web Scanner

    There are some new features in our Malware Web Scanner that we want to tell you about.

    1. Public lists info
      Checks whether your website is mentioned in any of CleanTalk blacklists.

    2.  
    3. Redirects
      Сhecking your website for different types of redirects. For example http→https and redirecting for another server.

    In case you haven’t used it yet – it’s absolutely free and is available by the link below.

  • New Feature for CleanTalk Security Service

    New Feature for CleanTalk Security Service

    Hello!

    CleanTalk continues to develop Security Service and launches new option “BlackIPs Database”.

    Our Cloud Service processes millions of requests every day and we know which IPs have suspicious activity in real time.

    BlackIPs Database — is the database of the most active IP addresses where massive spam and brute force attacks come from. When IP starts attacking a few websites they are immediately added to the blacklist. IPs that stop attacking are being removed over time and that time is relatively short — usually about 2 weeks.

    This option will be a powerful way to improve the Security Service for your websites.

    Blocking a bad IP completely is more effective and safer than just blocking its malicious requests because you don’t allow it to gather information about the target website it is about to attack.

    BlackIPs Database is included in the standard package of Security Service and does not require any additional payment, just enable this option in your CleanTalk Dashboard -> Settings then mark the option “Use CleanTalk database of dangerous IP addresses”.

    If you need to add exceptions for IP addresses or subnets, you can add them to white lists that have higher priority and will not be blocked.

    In 2 weeks we will add new parameters to Security Service Log that will show blocked requests and Page URL which the IP address was trying to get access to.

    CleanTalk Real-Time BlackIPs Database is one of the greatest security features.

    We work every day to continuously improve and evolve our services.

    Let us know if you have any suggestions or comments.

  • New version of the Security Service by CleanTalk

    New version of the Security Service by CleanTalk

    As we informed CleanTalk launched its website security project. The service protects administrator control panel from brute-force attacks and records users’ actions.

    Since the 29th of November Security by CleanTalk has become the Cloud Service and now all main data will be available in The Service Dashboard. The cost of the service is $20 per year for 1 website.

    Switching to Cloud Data Storage allows to show more data and use the information more flexible thanks to different filters in your Dashboard.

    In the previous versions all data were being stored in a website database and big amount of information alongside with its operations would affect website speed, all this could give a result of bad website ranking of search engines. Cloud Data Storage is safer than website database. If an intruder could get access to your website then he could delete all data he might be traced with.

    Cloud Service provides data storage for the last 45 days including users action log, brute-force attacks statistics and successful backend logins and you can always get to know who and what actions were made if it is necessary.

  • DDoS on 600 GB/s as the democratization of censorship

    DDoS on 600 GB/s as the democratization of censorship

    Well-known American journalist Brian Krebs for a long time writes on the topics of information security, revealing the identity of dark speculators mainly from Eastern Europe. Over the years, Brian had to over pass through a lot. Evil Ukrainian hacker has gathered on the forums for two bitcoins to buy heroin and send it to Krebs by post, other hackers have sent a SWAT team into the house on call 911 supposedly his number, took out a loan for $20 thousand to his name, has transferred $1000 to his Paypal account with stolen payment card. The authors of malicious software mention Brian Krebs even in the code of their programs. What can we do, these are the costs of the work of journalists in the field of information security.

    Now Krebs has been targeted with new attacks. This time the attackers organized the most powerful DDoS-attack 600 Gbps on the website KrebsOnSecurity.com. A few days later the company Akamai gave up. To protect other customers, it brought out KrebsOnSecurity.com from under its protection.

    The attack began on the evening of Tuesday September 20. Initially, it had no effect thanks to the operational work of Akamai engineers. Traffic was filtered out, but experts Akamai have admitted that this attack was almost twice as powerful as the biggest DDoS ‘ and what they saw in life. And probably one of the biggest in the history of the Internet in general.

    September 20 at 20:00 the flow of garbage traffic reached 620 GB/s. This is more than enough to drop any website. Up to this maximum DDoS -ttack on Akamai resources was 363 Gbit/s.

    DDoS was not organized by the standard method with amplification of queries through DNS servers. Instead, most of the traffic consisted of packets of data generic routing encapsulation (GRE). Communication protocol GRE is used to establish direct P2-connections between network nodes. Such a large amount of traffic surprised the experts – it is not entirely clear hot the amplification is carried out. If amplification was not, it turns out that the attacker used to attack hundreds of thousands of infected machines. It’s some kind of record botnet. Perhaps it consists of IoT devices such as routers, IP-cameras and digital consoles (DVR).

    Brian Krebs is not offended by Akamai. For four years they are many times together with a subsidiary firm Prolexic protect it from DDoS-attacks. Just the current DDoS was too large. When it became obvious that the attack will affect other customers, the company Akamai in advance on September 21 at 16:00 warned Brian Krebs that he has two hours to go to another network, and at 18:00 they remove the protection.

    The company’s management later explained that otherwise the reflection of such an attack would cause them loss of millions of dollars. Perhaps the head is a bit exaggerated, but in fact protect against attacks of this scale really worth from $100 thousand to $150 thousand per year. They always defended Krebs for free.

    In order not to fail their host, the journalist asked to redirect all traffic to 127.0.0.1, and he tried to use the services of Project Shield — Google’s charity project, designed specifically to protect journalists from DDoS attacks. It turned out that this is ideal, so that on 25 September the site was back online and still works flawlessly.

    These events pushed Brian Krebs to philosophical thoughts about the nature of Internet censorship. He recalls the famous words of businessman and libertarian John Gilmore about the impossibility of censoring the Internet. Gilmore said: “the Network recognizes censorship as damage and avoids it.” Those are some great words that have been repeatedly confirmed by life. Even now in Russia can be clearly seen how ineffective censorship of the Internet. Attempts of Roskomnadzor and other censors to block specific network resources really perceives as damage to the integrity of its structure, as an anomaly in normal operation — and offers options to work around this anomaly.

    But this principle applies only in the case of “political” censorship, which is traditionally implemented by governments of different countries, limiting free access of its citizens to information.

    In the case of a DDoS-attack, we see another example of an attempt to “gag” an opponent, to silence him. Here the state is not involved. Censorship is implemented by the coordinated efforts of many people or bots. In this sense, we can say that a DDoS-attack is a “democratic” version of censorship when the majority imposes its will on the minority and silences the opponent (of course, to a true democracy, such actions are irrelevant).

    Brian Krebs believes that currently the greatest threat of censorship are just not the toothless attempts by state officials to ban something on the Internet (officials still understand absolutely nothing about technology and are not capable of inflicting significant damage), and namely acts of experienced professionals. Underground hacker community in recent years quietly turned into a powerful transnational organization, in whose hands is concentrated the enormous computer resources. These resources under certain conditions can turn into cyber weapon.

    It is difficult to imagine that the government of any country could organize a DDoS-attack with a capacity of 600 GB/s, it’s incredible. But transnational hacker community — can. In this sense, Brian Krebs speaks of “the democratization of censorship”.

     

    This text is a translation of the article “DDoS на 600 Гбит/с как демократизация цензуры”  published by @alizar on habrahabr.ru.

    About the CleanTalk service

    CleanTalk is a cloud service to protect websites from spam bots. CleanTalk uses protection methods that are invisible to the visitors of the website. This allows you to abandon the methods of protection that require the user to prove that he is a human (captcha, question-answer etc.).

  • CleanTalk launches a project to ensure the safety of websites

    CleanTalk launches a major project to create a cloud service for the safety of websites. The project will include several functions: protect the site against brute force attacks, vulnerability scanner and virus removal.

    Each function will have a number of features which help you easily keep the website safe from hackers.

    (more…)

  • Best practices to protect e-commerce sites

    Best practices to protect e-commerce sites

    Online shopping has always attracted intruders: it is a source of credit card data (now almost irrelevant); user data; data about orders and market trends (consumer demand); a traffic source; manipulation with the discount coupons, etc. An e-commerce site may be attacked as intruders in “free hunting” (non-targeted attack) and by the request of unfair competition. Recently are popular different kinds of DoS/DDoS attacks, as to disable a competitor and as a tool for blackmail.

    In this topic, I will describe best practices for the protection of e-commerce sites.

    (more…)