Part of our security depends on our security robot, which periodically parses logs and talks to running processes.
By parsing logs we can spot machines which are slowly attacking and probing, in addition to spotting attackers deluge the server with connections.
- +DNS Flood Attacks (too many connections to DNS in a given timeframe by a specific IP)
- +DDoS Attacks
- +SYN Flood Attacks (too many SYN requests in a given timeframe by a specific IP)
- +Port Flood Attacks (too many connections to a given port in a given timeframe by a specific IP)
- +Connection Flood Attacks (too many simultaneous connections by a specific IP)
- +BruteForce Attacks on:- (failed attempts to a specific target email or FTP account, or to too many random accounts by a specific IP)
- +PortScans (these are not a danger in and of themselves, but why allow an unknown server to scan your services?)
- +SSH Shell Access
- +Protected Web Directories
- +Control Panel Access
- +Common CMS (Content Management System) Sites
The security robot blocks suspicious activity only temporarily, to significantly slow down any intrusion attempts.
The security robot sends signals to the Dynamic Firewall who then blocks the intruders IP or Network or an amount of time, disrupting their attempt to get into the server.
Users & Passwords
For this reason, if you forgot any password, for the system, or your CMS, you must NOT attempt to guess it, as making too many failed attempts to guess your own password will infact block you from your own services.
(You can provide us with a Static IP or Dynamic DNS name, and we can exempt those IPs from the security robot checks).
Our realtime anti-malware scanner feeds the URLs of the discovered malware to the security robot. The robot then scans through the logs of the system and blocks access to any IP POSTing or GETing those URLs, which further protects the server from attacks.