From: | Mark Virtue - HarmonySite <mark@harmonysite.com> |
Sent: | Friday, 21 August 2020 9:33:55pm |
To: | announcements@harmonysite.net |
Subject: | Increased security for your HarmonySite |
Dear HarmonySite administrator,
You wouldn't be aware of this, but our server, and your website, are under constant attack by hackers, all of whom are looking to crack our defences and take control of your website, to use it for their own nefarious purposes. They never succeed, but on average, each of your sites experiences an average of around 30 separate incidents per day of hackers trying to break in. We know this because we keep logs of their attempts. The HarmonySite software identifies their attempts, logs their attack vector, and simply ignores them. Reading the log files makes interesting reading, looking to see what avenues they're trying.
A typical hacking session may involve anywhere from 5 to 500 different attempts to break in, all of them thwarted, of course.
Anyway, today we took our defences one step further. We wrote and installed some software that does the following: Whenever it determines that someone is trying to hack in, it forwards their IP address to the server's firewall, which then blocks their IP address completely, locking that hacker out of the server altogether. This means that the maximum number of attempts to break in by any hacker will always be exactly ONE - after which they can no longer connect to the server in any way (from that computer).
Not only does this make our server more secure, but it makes the server FASTER for regular users, as the server is not wasting resources dealing with the nuisance hackers.
We installed this change about 9 hours ago. Since then, the logs show that 516 separate IP addresses (each one a different computer/hacker) have been blocked from accessing our server. Checking the logs just now, I can also see that about 5 hours ago, one of our websites was targeted for a DDoS (distributed denial of service) attack by 378 different computers over a 20 minute period! I sampled 3 of the IP addresses and checked what countries they were from: Poland, Bangladesh and Indonesia. Pretty typical.
Glad to see it's working so well already!
Finally, it's possible (although unlikely) that the intrusion-detection system will occasionally block a legitimate user of the system. If that happens, that person will be unable to connect to their regular HarmonySite. The specific behaviour they will see will be their web-browser waiting, waiting, waiting for about 20 seconds, and then giving up saying that connection to the website could not be established. If that happens, please contact us and we will unblock you. We will need to know your public IP address. If you don't know how to determine your public IP address, simply do a Google search for "What is my IP?". Forward the resulting IP address to support@harmonysite.com, and we'll remove that blockage for you. Any OTHER type of issue connecting to your website is NOT the result of this new security.
Now I'm off to bed. I'll sleep better tonight knowing this extra layer of protection is keeping our data safe!
In harmony,
Mark Virtue
HarmonySite
Australia
+61 2 8005 4277
Skype name: mvirtue