Dealing with an attack - hackers & bots vs. business & web infrastructure
Some days, you're hit with an expected task. This was the case today, when one of our servers was under attack.
We provide web hosting, and a variety of websites on a leased, dedicated server. With those websites, we have various user accounts that have access to those sites.
Each time a user account is created, and access is provided - it opens the door to an attacker. Good security practices are critical.
- Limit access to only those who need it
- Enforce good password practices
- Train people on keeping information secure, and private
- Only run the services that you need, on your server
- Utilize a firewall, and only open the minimum ports for what you need
- Regularly patch the operating system, and other software
- Encrypt sensitive information, and securely maintain the private keys
Even following best practices, an issue may still occur. When it does, having a good plan and taking quick action is critical.
We confronted the issue today, where our server was attacked and software was installed to scan-for and attempt to compromise other servers. Seeing that the files were able to be put on our server, simply removing them and changing passwords wasn't enough. We've decided to transition all of the sites we host to a new server.
In addition to transitioning servers, we're reviewing all user accounts on the system, our policies in working with customers and vendors, as well as in communicating best security practices.
Bad things happen, and the response to them is what we control. We look forward to reporting back on our web hosting status and security.