Server Hardening Time

   URGENT!

Hackers anymore need not sit in a dark room late at night with their hoodies on. They can go to bed and just turn their automated bots loose to find, inspect, and chew your server up and spit it out...

And when you think you've got it all cleaned up, they will march back in there like they own the place. If you have as much as an old contact form or an outdated Wordpress theme or plug-in - you are done.

Just to confirm, please:  Does UNA require POST and HEAD requests for it's full operation and updates? I may need to adjust my htaccess file, you see.

   Thank you.

  • 852
  • More
Replies (6)
    • Good question. I often wondered about the security of the system. Hopefully it is ground up secure.

      • Just to inform everybody, one of my friend who is a web security expert did a favour to me and tested our Una system continuously for  3 days with mostly automated programs. 

        Results were excellent for Una,  he even was surprised :)

        There were a few not critical problems with the third party plugins I guess it was the froala html editor.

        • Hello banister !

          UNA has setup security tokens in every "default" form. Also you may see here https://github.com/unaio/una/wiki/Code-Quality that evals and SQL injections are impossible there too.

          • Again I inquire... Do any UNA operations require the POST request? Such as logging in? Posting in a Forum? I have blocked every other kind of request.

            I finally found the back door where hackers were entering. Actually it was a ... front door. Hackers were posting malicious php files directly into my UNA storage folder and even into other documents. Uploading files such as .ico images containing malicious base 64 code.

            Hackers did not need ftp access. Or UNA passwords. Somehow they attacked a Wordpress instance and gained their original entry, I think. Wordpress and it's extensions and plug-ins are so full of holes - it could be compared to a piece of Swiss cheese. It's beyond pitiful.

            Can I possibly block all POST requests and still run UNA? Any ideas for a fix? Perhaps in the Access file for UNA or in the storage folder? They also posted directly into my modules folder, btw.

            Oh, if you are going to host UNA on your own server or say a virtual private one, get ready to be hammered away at every few seconds by automated probing hacking bots. About 85 to 90 percent of my site traffic appears to be malicious. Fake ip's and fake referrers. 

               Help!

            • Can someone explain the screen shot in my previous message above. How can php files be placed in UNA storage via a POST request? PHP files which contain base64 code?

              I have now temporarily blocked all POST requests as I am sorting through this. But it made no difference. They posted files right into my UNA platform and altered others. By 'they', I mean their bots.

              So. By just entering things into the address bar of a browser window, your whole site can be taken over for their purposes. Look at the time signature on the FTP window below. In the same minute, dozens of files in different directories were added and altered. My UNA installation was not spared. Of course they do not want to intentionally crash it. Because it is their free hosting service.  :)

              I hope this does not happen to you. But statistically, the odds are that it eventually will... if you do not know how / or take the steps to prevent it. 

              Good luck... the professional hackers are quite clever where they will hide their malicious code snippets... 

              PHP is powerful for good or evil.

              • I hope that others will contribute to this thread as time goes on. The first thing you can do to harden your server is make sure that you are using the highest version of PHP. The higher the version - the better. 

                UNA is a content management system and competes with others. The more popular it becomes, the more malicious and frequent will become the attacks. Thankfully, UNA is well written with regard to security.

                My site has been working fine now and hopefully all the altered files and back doors have been removed. I'm still watching it every day, knowing that one line of code, even added to certain image files - can mean a re-entry.

                Special thanks to Leonid S who helped me unravel my problem.

                Login or Join to comment.