security Tag

Today we will talk specifically about server virtualization and virtualization on a home computer. To begin to talk about Virtualization, lets look at what is a virtual machine or in the server virtualization so called a hypervisor (virtualization environment).

Modern pace of life and business leaves its mark on all means both receiving and providing information. The only matter is how fast and complete information can be found. On all of this depends success of a business.

The Internet has given the world the rich opportunities for providing information. But the cornerstone of the present moment is the speed and ease of information processing and how quickly and correctly can your business provide up to date information on the Internet. Modern technology of creating and maintaining websites offers developers, managers and site users a huge selection of ready-to-use systems. Most content management systems (CMS) are universal, but many have their main purpose, its pros and cons.

“Selecting Content Management System (CMS). Why Do You Need One?”  provides useful information about CMS and will answer some of the questions that will help your business to make the right choice between CMS.

Why?

Why do you need a content management system? All instruments owe their existence to the human impulse to facilitate work and make it more efficient. No exception applies to the Internet technologies. Site creation and support process is quite time consuming and requires some knowledge of programming, design and marketing. Most modern CMSs allow people to have minimal skills to work with a personal computer and Internet knowledge to share their work through the site: add and update information on the site, take orders, analyze statistics, etc..  All the operations before the existance of the CMS demanded skilled labor. Specialists in design, graphics, programming, and marketing are now available to ordinary users. When using the CMS website within a few minutes you can add news article or edit product and services offering.

General features of content management systems (CMS)

Available Capacity. When using the CMS, a website has no need to install any special software, because the system itself is installed on the web server and all transactions are carried out on the content through any internet browser (Internet Explorer, Mozilla, Opera, Safari, Google Chrome, etc. ).

The Completeness of the Functionality. Most CMS made ​​on the principle of modularity that has some basic base to which you can connect the modules. Modules may already be part of the complex system, and can be installed separately. Many systems allow independent development to develop and include the additional modules to a CMS. Thus the overall functionality of a website depends on the functions of the included modules.

Security. Most modern CMS provides a range of facilities for the safe operation of the site, information security and integrity of the site’s structure.

Overall structure. All CMS consists of a shell (program management ) and Databases. Shell is a set of programs that take the user’s request information from the database and pass it as a separate page to the browser. Most of the dynamic pages are generated “on the fly” in a predetermined pattern.

Criteria for choosing CMS

Site assignment. most important criterion for choosing a content management system (CMS) is a destination site.  If your site is geared primarily to the sale of goods or services (online stores, catalogs, etc) then this could be one type of CMS, with eCommerce functionality. If you have news or information portal then  it’s a different kind of system. If you are planning a large company’s intranet or portal then it will need a corporate system. And so on,  it all depends on the direction and purpose of the website. The only type of sites that use CMS is not so justified is for the sites with it 1-3 pages, business cards (About Us, Contact), or some informational sites.

Funcionality. Once you have decided on the appointment of the site, there will be a list of functions that the system should provide: accommodation of the information materials (news, articles, terms and concepts, questions and answers, and so.), placing product offerings, services list (catalog), order forms and applications, feedback, support, communication and etc.. All these specific tasks provide basic  functionality of the site. Therefore, when choosing a CMS you should pay careful attention to its functionality.

Comfort. Next, you must determine who, where and how often will work with the content of a site. You need to consider publisher’s computer skills. The CMS should provide a comfortable text editors to the site administrators, owners, and authors. And if it is in the scope of the site that a team of authors will be involved in updating and adding the content, then CMS should provide ample opportunity for teamwork.

Technical requirements for hosting. Since the CMS is installed on the server (web hosting platform) then all CMS already has a number of technical requirements for the server, where it will operate. CMS requires different types of databases, programming languages ​​support, available disk space, and other similar features. If you already have a hosting platform, when choosing CMS you should pay attention to the technical ability to use this CMS on your site. Particularly complex, multipurpose CMS or projects with a large attendance (news sites, large online retailers) can place a heavy load on the server.

Security. There are two types of software development: open source system (CMS source code is open for modification) and commercial systems closed-source (source CMS is the property of the developer and can not be modified). For the first type is characterized by the presence of a large number of different modules and more than a simple change in the functional site. These systems are supported by some developer community on a voluntary basis. For commercial (closed) systems are important better security and support. And certainly – for all types of CMS important updates and security fixes.

The Cost. There are paid and free content management systems. And even among commercial (private) CMS, there are free or shareware editions. Typically, these free options have almost all the necessary functionality for a small website (blog, online store, web site directory, etc). Advanced functionality is sometimes available for a purchase.

Support. It is important to determine who and how will deal with installation and maintenance of your CMS. Each CMS may have its own specialist company, or contract with the developer’s studio. The value to adding developer’s support provides the speed, confidence and high level of maintenance to your site. For systems with open source, it is important to have members in the community worthy of support channels, such as the official forums, mailing lists, wiki and knowledge base.

Ease of Deployment. An important factor is the ease of installation and the system’s upgrade. If you install and configure CMS by yourself it may require long work hours. In this case you must consider alternative options for who will be deploying your CMS project (webmaster, developers, or site administrators).

Conclusion

Cumulative comparison of all these factors and will give you an insight into what kind of CMS is most suited to you. In conclusion, you should have an understanding of the project’s cost, ease of use and maintenance. The total costs are generally considered as the cost of the product (or a license to use it), the cost of implementation of the product, the cost of support for minimum of 2 years and the expected costs of upgrading the site by the developers.

Popular CMS:

• 1C Bitrix
• UMI.CMS
• NetCat
• HostCMS
• Amiro CMS
• Datalife Engine
• Drupal
• Joomla
• WordPress
• Typo 3 and others

Joomla vs WordPress CMS

Remember of advantages and disadvantages of WordPress and Joomla:

• if you want members to access your videos on a subscription basis and have members in various levels of permission (depending on their subscription level), Joomla is your best bet.
• If you simply want to show your videos on your site, or you only have 1 type of members and you want things to be simple and clean, WordPress will do nicely.
• If you want to show off different types on videos on your home pages from different sections, more or less like a magazine, again Joomla is better equipped for it.
• If you want to create a video journal, WordPress makes life really easy for you.
• WordPress is very simple and easy platform and tasks are extremely easy to accomplish. You may want to go for WordPress, as it’s the best open source option to manage and update your website daily.
• Joomla is one of the most popular CMS’s on the market due to its power and flexibility. The Joomla package consists of many different parts, which allow modular extensions and integrations to be made easily. Joomla features numerous capabilities and a developed custom database work.
• One of the reasons why I choose Joomla:
  • Costs very little for maintenance and development
  • SEO and SEM optimized
  • Very flexible, intuitive and easy to use
  • Manage text, images, documents and media files
  • Unlimited possibilities of development of web pages
  • Has wide spread and support a strong and very active web community
• WordPress its really good at a blogging tool but Joomla, by comparison is a full blown CMS that can blog if you want it to easily.
• Joomla provides 100% perfect URLs and metadata when managed correctly, and pagecode that is good enough for the job.

Recently, I have had experience that a few of the clients reported that our company’s website had a virus or some kind of malware. I was not aware of it, until I started digging into it and found out that a few files have been injected with some kind of malicious code that would either redirect users to other websites or collect users information. I hurried and took care of this issue by removing the malicious software and establishing the security policy for our website. Results were positive and I continue until today to observe security policies and practices for each website that I am working on.

When we create a website most of the times from my personal experiences most of us don’t think of the most important thing, it is its security. Probably because we don’t have much experience working on creating new websites that’s why we do not think about it, but now it’s time to start thinking about it. The most important thing is always ask yourself the question: “What would happen if …?”. If you always ask this question, then your website will always be protected by almost 100%.

The site security is an urgent task for many website owners today. The emergence of a huge number of resources such as “Hacking for Dummies”, even those Internet users who previously had no business to your site or did not know much about Internet in the past, are eager to try their gained knowledge and brag about it by hacking your site.
What to do to protect your website from hacking? Where to start?

I will try to provide a few steps you need to start taking in order to secure your website from hacking. Security policy should start from the safe use of development tools to build your site. But I will not go into the details of programming, and present a number of actions of Safety when working on site that is built on content management system (CMS). I will continue to emphasize that the most secure sites are the ones that are written by yourself, as a programmer, from scratch.

For a start I will list non-programmatic methods that I use to protect the site from hacking. Surely, you have not even heard about them, but maybe you just did not pay attention.

Here is the Website Security List:

Please consider these main “anti-hacking” actions to secure your site:

• Do not use the services of programmers, amateurs, and use the scripts that are properly written. When testing your scripts on the local machine in debug mode, do not be lazy to fix any bugs in the code that you find.
• Do not offer free downloads or sell scripts written by you as the resource for others: having your source code before the eyes of others can help the hackers to calculate the principle of how you have written all the rest of your scripts.
• Make periodic partial or complete testing of the resource from different browsers (especially Internet Explorer, which has a number of bugs (errors), which is actually an “open door” for hackers). Put yourself in the place of a possible intruder and try to find vulnerabilities from all possible positions.
• Use .htaccess file for your root directory of the site and regularly browse logs. As an example of how your .htaccess file should look like to protect your site from hackers see my sample code below:

# Use PHP5.3 Single php.ini as default
AddHandler application/x-httpd-php53s .php
##### RewriteEngine enabled – BEGIN
RewriteEngine On
##### RewriteEngine enabled – END

##### RewriteBase set – BEGIN
RewriteBase /
##### RewriteBase set – END

##### File execution order — BEGIN
DirectoryIndex index.php index.html
##### File execution order — END

##### No directory listings — BEGIN
IndexIgnore *
# For security reasons, Option followsymlinks cannot be overridden.
#Options +FollowSymLinks All -Indexes
# For security reasons, Option all cannot be overridden.
#Options +SymLinksIfOwnerMatch All -Indexes
Options SymLinksIfOwnerMatch ExecCGI Includes IncludesNOEXEC -Indexes
##### No directory listings — END

##### Rewrite rules to block out some common exploits — BEGIN
RewriteCond %{QUERY_STRING} proc/self/environ [OR] RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] RewriteCond %{QUERY_STRING} base64_(en|de)code\(.*\) [OR] RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F] ##### Rewrite rules to block out some common exploits — END

##### File injection protection — BEGIN
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC] RewriteRule .* – [F] ##### File injection protection — END

## Disallow access to rogue PHP files throughout the site, unless they are explicitly allowed
RewriteCond %{REQUEST_FILENAME} (\.php)$
RewriteCond %{REQUEST_FILENAME} !(/index[23]?\.php)$
RewriteCond %{REQUEST_FILENAME} -f
#RewriteRule (.*\.php)$ – [F] ## Disallow access to htaccess.txt, php.ini and configuration.php-dist
RewriteRule ^(htaccess\.txt|configuration\.php-dist|php\.ini)$ – [F] ##### Advanced server protection — END

• When the website engine is used such as CMS, watch for updates and install them in a timely manner. Do not use the demo version of the components, even if they have the appropriate functionality.
• Use a reliable software:
  • The use of licensed software will ensure that no other person introduced “extra features” that are not needed to your site. Download distributions of web applications and extensions / plugins for CMS, widgets and libraries only from official sites or from trusted sources. Of course, the temptation to use the free, fully functional version of the paid version of the CMS is very large. But you need to understand two things:
  • First, it is often distributed in a network “broken” the engine through the efforts of hackers already have a built-in scripts that simplify hacking.
  • And secondly, even if the download CMS «clean”, it will most often be an older version, which is much easier to break – all of the vulnerability has long been known to hackers. And, of course, the lack of support from unlicensed versions also complicates management.
  • If a distribution is necessary to download a dubious site, be sure to check if it contains malicious code.
  • Carefully study the code of any additional components you want to add to CMS.
  • Update your CMS and server software on regular basis and follow the news about the vulnerabilities used by CMS.
  • Perform regular security audits of servers.
  • After installation, remove the CMS installation and debugging scripts.
• The choice of hosting should be considered before launching your website. To believe that all hosting offers differ only in terms of disk space, supported languages and other general parameters is a big mistake for such an issue as security. And even though by law, the responsibility of the service provider does not include additional activities to ensure burglar measures, a minimum set of security tools from the host must be present and it is summarized as follows:
  • System directory (public_html, cgi, logs, etc.) should have limited access and is within the directory;
  • To make sure we do not put in the free review of restricted files not intended for outside world when adding files to the server any right to view them should automatically be limited;
  • The equipment must operate without host failures, outages and other factors that reduce the efficiency of the resource.
  • Consider using Linux-hosting, which in itself is incomparably more stable than Windows-based hosting.
• Use complex passwords for web server software (FTP, SSH, administrative panel of the hosting and CMS).
  • Choose complex passwords. A complex password contains at least 11 characters and includes mixed-case letters, numbers, and special characters. Experience shows that even the most nimble software for simple brute force password guessing copes with a password of eight characters a little less than a year. The fact is that there are 2?1012 combinations of the password with 8 characters, and there are even more combinations of the password with 8 unidentified attacker characters.
  • Do not use the same password to access different services.
  • Even the most secure passwords should be changed every three months to insure that it is not accidently released to anybody.
  • Do not store important passwords in a web browser, file manager such as FTP-, SSH- client, and on any other unproven resources and anywhere electronically. If you need to store passwords, use the special password managers, if not rely on your memory. Password Manager is a special program that allows you to store and organize your passwords in an encrypted file. To access the password manager, a separate password or also known as a key is used. By the way, to remember one password is much easier than the dozens of different passwords. So, if you need to store your passwords, use the Password Manager.
• Follow the security policies for your PCs used for business purposes. On all computers that are working with the server (the computers of the webmaster, administrator, content manager, sales manager, etc.) must be installed anti-virus software with support for regular updates. Also each computer use need to make time to update their operating system and software applications. There is special anti-virus software designed for installation on the hosting. These programs allow you to quickly identify the entry of unauthorized files on the site, to determine their harmfulness and be promptly removed.
• You must use a reliable antivirus on the office computer, and if you suspect a virus is then it is better not to go to the admin panel of the site and hosting features until you complete the “recovery” of the original files.
• Control data entered by users. Monitor user activity on the hosting or the admin panel. If you are the administrator of the resource, you must be aware of what other people or other moderators should have access to. Therefore, attempts to login to the admin panel and the more other management areas from unknown IP-addresses is often a signal the attempts to hijack the site. Most often, you can activate the monitoring of activity of the CMS by installing additional plug-ins or activating logging modules on your hosting.
  • Filter the HTML-code in user input fields, which can be built into the code pages.
  • When getting data from the user, check on the server, for example if their size, is transferred to a value in the list of permissible length.
  • Never insert from users of the data directly into calls to eval (), SQL-queries or conversion. Always check and clean the information received from the harmful elements before storing data.
  • Do not leave in the working version of the code parameters entered for debugging.
  • Use a WAF (Web Application Firewall).
• Keep a “white list” of the authorized IP addresses from which authorized users can login to use your website’s resources.
• Control user access rights, in particular, provide protection from cross-site request forgery (CSRF). Do not give permission to the admin panel of the site untested people. Otherwise, do not be surprised why the site has been hacked. Also, do not give the right to add HTML-code for everyone, because unscrupulous users can add to the site with malicious code. Restrict access to the administration panel and CMS database (eg, phpMyAdmin), as well as to the following resources:
  • to backup copies of the code;
  • write to a configuration file;
  • metadata version control systems (such as directories. Svn or. Git).
• Protect against bots. To protect against robot-hackers you can use special plugins for CMS or you can find IP-addresses of the users in the blacklist online.
• Here are a few things you can do to check the data that users can enter.
  • Do not give the possibility to insert JavaScript-code inside <script>, in tags or links.
  • Do not put directly on the pages of the site code in the tags <iframe>, <object>, <embed>, or file that is uploaded .jar, .swf and .pdf (with their help, the site can generate such tags automatically.)
  • Maintain a “white list” of allowed HTML-tags so you can without additional processing discard all the rest.
  • Check references or links inserted by users through the Safe Browsing API.
• Be careful with the ads and third-party code you insert into your site (i.e. affiliate programs).
  • Plug into your site only those commercials that have been provided by a proven advertising system or a program.
  • Before connecting the site to the new affiliate system, look for reviews about it and examples of distributed content.
  • Avoid “unique offerings” (suspiciously high fees for counters and blocks, the monetization of mobile data traffic).
  • If possible embed on your pages static content (such as links and images). Avoid loadable <script> and <iframe>. Flash, Java and ActiveX-components are only accepted in the form of source code, which you can check and compile yourself.
  • Do not use affiliate programs with hidden elements.
  • If your site is static, some affiliate systems can request access to FTP, to independently change the banners. Providing such access is dangerous: if the database of an affiliate system is compromised, the attacker will have direct access to the files on your site.
• Closely monitor the access to the service interface. Access to the site should have only those to whom access is necessary and as long as it is needed.
• Revoke access to specialists, performing short-term jobs on your site, previous owners, people who are not responsible for the operation of the site (for example, marketing professionals or managers).
• If you need to some strangers to work on your site, try to get some recommendations about them. After finishing necessary work disconnect their accounts or change passwords.
• Change folder permissions (CHMOD) usually to no more 755 and for files to 644. This prevents unsafe scripts to be injected in your hosting.
• Try to make a backup of your database and the content of your site folders at least 1 time per week.
• Make sure that the site is free of bugs and errors. If any found, remove them as soon as possible so you dont allow hackers with an opportunity to find vulnerabilities on your site.
• To ensure that your domain is not flooded add CAPTCHA on all forms, including the registration, comments, feedback, etc.
• Make sure you find possible modules and components for your site after its creation to ensure the safety of your site and its data.
• Before adding the file to the site materials, check with the Antivirus on your computer.
• Make sure to check the server for the last modification date of folders or files. Typically this can be accomplished by checking files and folders creation date in the Control Panel with the file manager.
• Unfortunately, when it comes to DDoS-attacks, the invulnerable sites do not exist. DDoS-attack is an attack that is produced with a large number of computers trying to connect to your website and the site begins to receive a lot of requests. The Server cannot process a large number of requests and the site can stop working. In addition, if the script is very complex, then to “freeze” the site can be done with a small number of requests.
• If you don’t know or don’t understand the steps you need to take to secure the site then you need to seek the advice and help of an experienced administrator who will advise, install and set up properly secure operating system (eg, Linux or Mac), which is difficult to infect with viruses. Even on Linux or Mac machines I would suggest using licensed antivirus software.
• Mask addresses access to the admin panel of the site. Most of the standard CMS addresses have require user login and password to manage the content. For example, to enter the admin area of WordPress it is almost always done by typing in the browser www.yourdomain.com/wp-admin.php. However, in any CMS almost always you are able to change the default login form access to the site, replacing it with a less obvious URL address.
• Encrypt data on the site. This method is required if the resource contains data that should not be accessible to a wide audience. Hacking threat is always there, and for sites with sensitive information, it is even higher. Encryption complicate the extraction of valuable information from hackers stolen information, and give you time to take the necessary measures to eliminate the consequences of breaking.
• Always check that the user entered into the form. To do this, use regular expressions.
• Always pass incoming data through htmlspecialchars (), which replaces the dangerous characters to entities, except in cases where it is necessary to leave the HTML-tags.
• Check all incoming data for accuracy, using string functions and / or regular expressions.
• If the user entered a database query, this input should always be escaped using addslashes (). This function should be used only if the directive is disabled magic_quotes_gpc. If it is enabled, all incoming data is escaped automatically.
• Ignore incoming data through functions such as stripslashes (), if used in a query to the database. Do not worry, that will fall to the base escapes. No, the data in the database will be the same as when they were sent in the form. Simply request itself will be safe.
• Always check the scripts work on a variety of input data. Do not forget that if a user needs to enter their name, you will not want to enable them to enter any JS-code.
• Always turn off the directive register_globals in your php.ini file (php_flag register_globals off). As practice shows, the vast majority of programmers do not initialize variables. I will write more about the importance of register_globals in the future. As for now, here is a simple example of the usage of register_globals:

<?php
$mysqli =new mysqli(“localhost”,“root”,“”,“mydb”);
$array[“first”]=“1”;
$array[“second”]=“2”;
foreach($array as $key => $value){
$mysqli->query(“DELETE FROM `my_table` WHERE `field`=’$value'”);
}
?>
If you initialized the array so: $ array = array ();, then everything would be in order. However, I am sure that not all of you are doing it. As a result, the attacker goes to the following address: http://www.yourdomain.com/your_script_name.php?array [zero] = 0, and your script safely removes that record, which should not have been removed. And nothing would have happened if it had been that the directive register_globals was disabled.

• Make sure your web host runs suphp. Under normal PHP, scripts run as “nobody,” your script has open access. With suPHP, access is limited to the user or to those explicitly granted permission. Not all hosts use suPHP, so make sure your host does and set up another potential roadblock for hackers.
• Use SSL to send emails especially if, somewhere in any of your millions of untrashed emails, you’ve ever sent sensitive info via email.
• Use SSL to access your control panel or any other site resources (i.e. FTPS for FTP file transfers).
• Here is what you need to do if the site has been hacked:
• identify and remove malicious code. If infected many files then restore the site from backup.
• change passwords and access to super admin FTP.
• If Google or any other provider had marked your website to be malicious, then write a letter to Google webmaster with a message that the site is safe for visitors, after you made sure that it is.
• Enable cloud hosting if possible. With cloud hosting, your files are backed up off site in a safe place. In the event of failure of the equipment, you can simply insert a new hard drive to your server and start downloading your backup files to the new hardware.

Conclusion:
Perhaps you will find safety a troublesome occupation, but do not forget that you and only you are responsible for keeping the passwords to access the site safe. Also, you must understand that even the use of all these tools do not give 100% guarantee of protection against hacking. Also remember that the probability of a hacker attack is directly proportional to the value of the information stored on the server. If you own a personal blog, these steps if followed help to forget about the Internet intruders. And, finally, you don’t have to be the one doing all the work. Hire someone who has experience and knows how to do it.

As a Webmaster I have been asked “What information do you need to design a good website”. I follow a few steps as outlined in “Website Design” article.

This article covers the basics of DoS / DDoS attack protection and how to reduce its risk.

DDoS-attack is short for Distributed Denial Of Service Attack. The main characteristic of this type of computer crime is that the criminals are not intended to enter into a protected computer system to steal or destroy data. The main purpose of this attack is to paralyze the attacked site. DDoS-attack is a derivative of DoS and differ only a large number of requests to the server with a different IP address. This is why criminals collect their chain Trojans infected computers and cause them to turn to the server, making it not withstand such loads. The first reports of DDoS-attacks were known in 1996.

In most cases, global attack leads to financial losses on the part of the attacked. For example, if a commercial site will drop for a few hours, then it would damage the business, and if for a week, then the owner of the resource may well go under.

Denial of service can be made ​​in two ways: using software vulnerabilities of victims and by sending a large number of specifically composed of network packets (flood). The first method consists in that using the buffer overflow vulnerabilities, by sending the code to the server that performs DoS. Since the attack will be “inside”, then after a very short time the object will be “frozen” or is disconnected from the Internet. This method does not require large computational resources hitter, but this attack uses security vulnerabilities, which in itself complicates the task. The second method is by using of brute force, which practically does not require any special skills. The idea is to send as many as possible requests to the server (those requests also could be the huge number of normal packets, such as GET-requests for HTTP-server hosts.) The fact that the server receives a data packet that is processed by the server. If a packet arrives, but the server is busy receiving or processing of another package, then coming back a request is put in place, taking up part of the system’s resources. In carrying out DoS-attack server sends a large number of packets of a certain size. In this case, the server’s response is not expected. As a result, due to the fact that the server is overloaded with information, it is either disconnected from the Internet, or “frozen”. In any case, normal users some time can not use the services of the affected server.

Schematically, DDoS-attack looks like this: on the selected server as a victim collapses a huge amount of false requests from multiple computers from different parts of the world. As a result, the server spends all its resources to service these requests and is virtually inaccessible to ordinary users. Cynicism of the situation lies in the fact that users of computers to which requests are sent are false, may not even be aware that their machine is being used by hackers. Programs installed by hackers on these computers are called “zombies” (examples of such programs could be Trojans). Perhaps this preparatory stage is the most time-consuming for an attacker.

Most often, attackers during the DDoS-attacks are using three-tier architecture, which is called “cluster DDoS”.This hierarchical structure includes:

• management console (there may be several), ie it is the computer from which the attacker sends a signal the start of an attack;
• mainframe computers. These are the machines that receive the signal of an attack with a control console and transmit it to the agents, “zombies.” One management console, depending on the size of the attack, can account for up to several hundred of hosts;
• Agents are directly called “zombie” computers, their requests are attacking a target node.

DDoS software was originally produced in a DDoS “peaceful” purposes and used for experiments on the network bandwidth and their resistance to stresses. Over the years, this software is constantly being modified. For more detailed understanding of DoS-attacks, I will review five most popular types of DDoS-attacks:

• UDP flood – sending to the address of the target multiple packets UDP (User Datagram Protocol). This method was used in earlier attacks and is now considered the least dangerous. Programs that use this type of attack are easily detected, as in the exchange of a master controller and agents are used unencrypted protocols TCP and UDP.
• TCP flood – sending to the address of the target set for TCP-packets, which also leads to the “binding” of network resources.
• TCP SYN flood – sending a large number of requests for initializing TCP-connections with the target node, which, as a result, have to spend all their resources to track these half-open connections.
• Smurf-attack – ping requests ICMP (Internet Control Message Protocol) address directed broadcast packets using the query fake source address as a result turns out to be the target of attack.
• ICMP flood – attack, similar to Smurf, but without the use of mailing lists.

The most dangerous are the programs that use multiple types of attacks described. They are called TFN and TFN2K and require a high level of training. One of the latest software for organizing DDoS-attacks is Stacheldracht (barbed wire), which allows you to organize a variety of types of attacks and avalanches broadcast ping requests with encrypted communications between controllers and agents.

Of course, in this review I’ve covered only the most well-known programs and methods of DDoS. In fact, a much wider range of programs and is constantly updated. For the same reason, it would be naive enough description of universal reliable methods of protection from DDoS-attacks. Generic methods do not exist, but the general guidelines to reduce the risk and minimize damage from attacks include such measures as the competent configuration features anti-spoofing and anti-DoS on routers and firewalls. These features limit the number of half-open channels, preventing overload the system.

Here are several ways you can protect yourself against DoS attacks

• Filtering is method in which blocking outbound traffic from the attacking machines. This can be handled with the help of .htaccess file located in your root folder on the server. Or, it can be achieved by having the correct settings in the control panel (such as Cpanel). If you are unable to use them, you should consult your administrator. If you are the administrator of the site pay attention to the specialized software or option with the acquisition of more reliable servers that can tolerate minor or moderate attacks on the site without serious consequences.
• Eliminating vulnerabilities is often the result of successful DDoS attacks. It may be the damage of your database such as MySQL, or even the loss of data on the server. However, remember to create copies of data for enhances security.
• At the server level, it is desirable to have the output of the console server to another IP-address on the SSH-protocol for remote restart the server.
• Another fairly effective method of combating DDoS-attacks is masking IP-address.
• Creating a mirror site is a very common way to “stay afloat.” Make sure that the site is hosted on multiple servers, the second of which is an exact replica of the first, and is available with a domain as the mirror. A very good solution, but it requires quite deep knowledge of the administration of the site.
• The response to DoS or DDoS attack. Cause and effect is clear.
• The introduction of specialized equipment to repel DoS-attacks: DefensePro ® or Radware, Arbor Peakflow and others.
• A very important part in this regard is prevention is the software that should be capable of “patching” against all kinds of “holes.”