CloudProxy + SPDY = A Faster Website

Our CloudProxy Firewall already protects and speeds load times for 1,000′s of websites. Now, it’ll be even faster. We’re happy to announce that we just added support for SPDY (pronounced speedy) across all of our plans and servers. Any website being protected by our CloudProxy firewall can enable SPDY support with just one click:

SPDY

If you haven’t heard of SPDY (SPeeDY), it is a new protocol developed primarily by Google for transporting web traffic. It reduces page load latency through compression, multiplexing, and prioritization. In non-technical terms, it makes your HTTPS site a lot faster and it is supported by all major browsers, including Chrome, Firefox and Opera.

Internet users using these browsers can take advantage of this protocol on sites that have SPDY enabled (like Google.com, Twitter.com, etc…).

We’re excited about this because while we continue to protect our clients’ websites with our WAF, we will also be helping to make their sites faster and more reliable.

If your site is already being protected by CloudProxy, just login and enable SPDY. If you haven’t yet protected your website, head to our CloudProxy homepage to see why 1,000′s of clients are using our firewall to shield their site from attacks.

Sucuri CloudProxy – Website Firewall Enhancements

When LA’s DA says that, “73% of our local businesses appear to have been hacked,” it begins to illustrate the importance website protection will play in the future of business, which is why we’ve placed so much emphasis on website protection on this blog over the last few months.

Protection is no longer a, “nice to have,” and has crossed into the realm of necessity. Website owners know about website hacks and DDoS attacks and malware injections, but they often don’t know how to stop them from happening and until a hack hurts their own business, it’s very easy to believe that these hacks will happen to other people and other businesses. That’s why we’ve written so much about our Website Firewall – CloudProxy lately. Truly, we want to help keep your website safe.

In that spirit, we challenged ourselves to make our firewall more intuitive to use so that any website owner will be able to take control of their own security protocols. We’re proud to announce that our team has made some great strides, in terms of user experience, lately and, in this post, we’ll highlight a few of the enhancements we’ve put in place.

CloudProxy – Website Firewall Redefined

The Website Firewall was designed to give website owners peace of mind with a simple objective in mind; to keep your website safe by stopping the attacks from happening.

The logic behind the firewall is simple. It filters through all incoming website traffic and intelligently identifies good and bad traffic. All good traffic is allowed to hit your website and all bad traffic is blocked, which protects your website. In the end, the process looks a lot like this.

How the Sucuri Firewall Protects Websites

Latest Enhancements

The last major update to CloudProxy occurred in February, and back then, our update focused on a few key structural points:

  1. CDN Support (i.e., MaxCDN, CloudFlare, etc..)
  2. Reporting (i.e., Visualization)
  3. Point of Presence Expansion (i.e., More servers world wide)
  4. Back-end Rewrite (i.e., Code Refactoring)

In this update, we’ve focused more on the user experience, while still making some functional updates. Over the rest of the post, we’ll go over:

  1. Real-Time Monitoring
  2. An Improved Onboarding Process
  3. Country Blocks
  4. Enhanced Denial of Service (DOS) Protection


Read More

Sucuri CloudProxy Website Firewall Improvements

If you are are a regular reader of our blog you probably know about our CloudProxy Website Firewall, it launched publicly a year ago. Since then, our team has been extremely focused on improving it, making it more effective and efficient for everyday website owners.

If you are not familiar with CloudProxy, I highly recommend reading some of the documentation and benefits of it:

In fact, if you have a website, why not try it out?

Read More

Layer 7 DDOS – Blocking HTTP Flood Attacks

There are many types of Distributed Denial of Service (DDOS) attacks that can affect and bring down a website, and they vary in complexity and size. The most well known attacks are the good old syn-flood, followed by the Layer 3/4 UDP and DNS amplification attacks.

Layer 7 DDOS

Today though, we’re going to spend a little time looking at Layer 7, or what we call an HTTP Flood Attack.

Read More

Google Bots Doing SQL Injection Attacks

One of the things we have to be very sensitive about when writing rules for our CloudProxy Website Firewall is to never block any major search engine bot (ie., Google, Bing, Yahoo, etc..).

To date, we’ve been pretty good about this, but every now and then you come across unique scenarios like the one in this post, that make you scratch your head and think, what if a legitimate search engine bot was being used to attack the site? Should we still allow the attack to go through?

This is exactly what happened a few days ago on a client site; we began blocking certain Google’s IP addresses requests because they were in fact SQL injection attacks. Yes, Google bots were actually attacking a website.

Read More

Sucuri CloudProxy WAF Plugin for WordPress

If you are using our CloudProxy WAF to protect your WordPress websites, we highly recommend that you also install our new CloudProxy plugin for WordPress. It has been public for a few weeks, and now we feel it is ready for production use, hence the announcement. :)

sucuri-cloudproxy-wordpress-waf-plugin

You can download the plugin from WordPress Plugin Directory, or directly in your WordPress wp-admin panel by searching for CloudProxy from the “Add New Plugin” page.

The Sucuri CloudProxy WAF plugin is free from the WordPress repository, and allows direct access to your CloudProxy dashboard from within your WordPress wp-admin panel. It allows you to see your audit logs and security events, clear caching, and overall easier management of your CloudProxy account without the need to login to Sucuri.net.


Note:The CloudProxy plugin doesn’t add any additional security measures beyond what’s offered in the CloudProxy service. The plugin is not required for CloudProxy use.

*ps: if you are not using CloudProxy, you should. Go check out CloudProxy today!

CloudProxy WAF – September Report

*By Tony Perez and Daniel Cid

As many of you are aware we released a website protection tool, CloudProxy WAF/IDS, at the beginning of the year and over the past few months we have been working with the data we’ve been accumulating. We’re finally at a place where we think we can provide better insight into the world of website attacks.

What we’re hoping to do is provide a monthly summary, similar to what you’ll read here that helps you understand the various website attacks we see via our CloudProxy WAF/IDS. It will also, hopefully, shed insight into the growing online threats that website owners face daily.

September 2013

We have some very small and some big sites with us. And the first thing we noticed is that even the smaller sites get attacked quite often. All sites do.

Every web site gets attacked. And that happens daily. Many times per day.


Read More

Sucuri CloudProxy Web Application Firewall (WAF) – Out of Beta

We are happy to announce that after more than a year in testing, Sucuri’s CloudProxy is out of beta.

CloudProxy

CloudProxy is currently available to Sucuri customers, so if you have an account with us, you can subscribe to CloudProxy from your dashboard.

Here is a quick testimonial:

I inherited a couple of websites that were hand coded and getting hacked on a daily bases. Hooked them up to CloudProxy last week and so far the sites have been protected and are not being hacked anymore. At this point, I’d highly recommend this service if you are running an out of date CMS or code and are getting hacked often! Great service!

Linda Kimble Long


Read More

Sucuri CloudProxy WAF – Fake Bots Explained

One of the most common questions we have been getting since launching our CloudProxy WAF is regarding bot activity and why it appears that we are blocking Google and / or Bing bots. Inside the CloudProxy dashboard we provide a full audit log of any request that gets denied access and when a client see’s something like the following in their logs they tend to get concerned:

13/May/2013:09:20:29 +0000] 80.72.37.156 “IP Address not authorized” “POST /wp-login.php HTTP/1.1″ 403 “” “Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)”

In this specific instance they are concerned that we are blocking Bing because of this reference: bingbot/2.0; +http://www.bing.com/bingbot.htm. They are especially concerned when it says Googlebot, like this one:

13/May/2013:18:27:14 -0400] 198.50.161.234 “Spam comment blocked” “POST /blog/wp-comments-post.php HTTP/1.0″ 403 “Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)”

Nobody wants to block Google out of their sites.

Read More

Protecting Against WordPress Brute-Force Attacks

It was not long ago that I was sitting on a call with other members of the WordPress community in which we were talking abou brute-force. When asked why WordPress core didn’t offer more out of the box features to address the issue, the response was it’s just not a relavent issue.

As interesting a response as that was, the latest trends seem to contradict that statement head on. It goes to show us that with the technological improvements things like latency and other network considerations are becoming less of a barrier to entry for attackers.

Web Based Brute Force Attacks Are Here

As if we really needed any tangible evidence of such a prominent issue, the first large-scale issue of such attacks first presented itself in October of 2012 when WordPress.com disclosed that some 50,000 sites were compromised using a similar attack:

Per their incident handling process they identified a brute force like attack which made use of a list of compromised email / password combinations derived from a third-party application[s].


Read More